From sle-container-updates at lists.suse.com Wed May 1 07:03:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 May 2024 09:03:49 +0200 (CEST) Subject: SUSE-CU-2024:1793-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20240501070349.1C02BFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1793-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.8.21 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.8.21 Severity : moderate Type : recommended References : 1223094 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1471-1 Released: Tue Apr 30 05:56:22 2024 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1223094 This update for libzypp fixes the following issues: - Don't try to refresh volatile media as long as raw metadata are present (bsc#1223094) The following package changes have been done: - libzypp-17.32.5-150400.3.64.1 updated From sle-container-updates at lists.suse.com Wed May 1 07:05:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 May 2024 09:05:34 +0200 (CEST) Subject: SUSE-CU-2024:1795-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20240501070534.3FB5AFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1795-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.15.21 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.15.21 Severity : moderate Type : recommended References : 1223094 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1471-1 Released: Tue Apr 30 05:56:22 2024 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1223094 This update for libzypp fixes the following issues: - Don't try to refresh volatile media as long as raw metadata are present (bsc#1223094) The following package changes have been done: - libzypp-17.32.5-150400.3.64.1 updated From sle-container-updates at lists.suse.com Wed May 1 07:06:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 May 2024 09:06:20 +0200 (CEST) Subject: SUSE-CU-2024:1796-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20240501070620.50A0BFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1796-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.28 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.28 Container Release : 3.28 Severity : moderate Type : recommended References : 1223094 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1471-1 Released: Tue Apr 30 05:56:22 2024 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1223094 This update for libzypp fixes the following issues: - Don't try to refresh volatile media as long as raw metadata are present (bsc#1223094) The following package changes have been done: - libzypp-17.32.5-150400.3.64.1 updated From sle-container-updates at lists.suse.com Wed May 1 07:21:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 May 2024 09:21:05 +0200 (CEST) Subject: SUSE-CU-2024:1834-1: Recommended update of suse/sle15 Message-ID: <20240501072105.CB238FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1834-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.11.28 , suse/sle15:15.5 , suse/sle15:15.5.36.11.28 Container Release : 36.11.28 Severity : moderate Type : recommended References : 1223094 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1471-1 Released: Tue Apr 30 05:56:22 2024 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1223094 This update for libzypp fixes the following issues: - Don't try to refresh volatile media as long as raw metadata are present (bsc#1223094) The following package changes have been done: - libzypp-17.32.5-150400.3.64.1 updated From sle-container-updates at lists.suse.com Thu May 2 07:01:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 2 May 2024 09:01:40 +0200 (CEST) Subject: SUSE-CU-2024:1835-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20240502070140.27040FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1835-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.219 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.219 Severity : moderate Type : recommended References : 1223094 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1471-1 Released: Tue Apr 30 05:56:22 2024 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1223094 This update for libzypp fixes the following issues: - Don't try to refresh volatile media as long as raw metadata are present (bsc#1223094) The following package changes have been done: - libzypp-17.32.5-150400.3.64.1 updated - container:sles15-image-15.0.0-36.11.28 updated From sle-container-updates at lists.suse.com Thu May 2 07:02:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 2 May 2024 09:02:29 +0200 (CEST) Subject: SUSE-CU-2024:1841-1: Recommended update of bci/python Message-ID: <20240502070229.67664FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1841-1 Container Tags : bci/python:3 , bci/python:3-6.31 , bci/python:3.12 , bci/python:3.12-6.31 Container Release : 6.31 Severity : moderate Type : recommended References : 1222046 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1449-1 Released: Fri Apr 26 11:55:45 2024 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1222046 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - added go1.19 eol dates (bsc#1222046) - added rust1.73, 74 and 75 EOL dates (rust1.n+2 release + 1 week) (bsc#1222046) - also added for cargo1.7x The following package changes have been done: - libldap-data-2.4.46-150600.23.17 updated - glibc-2.38-150600.10.1 updated - libopenssl3-3.1.4-150600.2.22 updated - libopenssl-3-fips-provider-3.1.4-150600.2.22 updated - libldap-2_4-2-2.4.46-150600.23.17 updated - openssl-3-3.1.4-150600.2.22 updated - lifecycle-data-sle-module-development-tools-1-150200.3.27.1 updated - libpython3_12-1_0-3.12.3-150600.1.2 updated - python312-base-3.12.3-150600.1.2 updated - python312-pip-23.2.1-150600.1.3 updated - python312-3.12.3-150600.1.1 updated - less-643-150600.1.34 updated - python312-devel-3.12.3-150600.1.2 updated - container:sles15-image-15.0.0-46.2.15 updated From sle-container-updates at lists.suse.com Wed May 1 07:20:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 1 May 2024 09:20:41 +0200 (CEST) Subject: SUSE-CU-2024:1833-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240501072041.6C141FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1833-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.9.7 , bci/bci-sle15-kernel-module-devel:latest Container Release : 9.7 Severity : important Type : security References : 1194869 1200465 1205316 1207948 1209635 1209657 1212514 1213456 1214852 1215221 1215322 1217339 1217829 1217959 1217987 1217988 1217989 1218321 1218336 1218479 1218562 1218643 1218777 1219169 1219170 1219264 1219443 1219834 1220114 1220176 1220237 1220251 1220320 1220325 1220328 1220337 1220340 1220365 1220366 1220393 1220398 1220411 1220413 1220433 1220439 1220443 1220445 1220466 1220469 1220478 1220482 1220484 1220486 1220487 1220492 1220703 1220735 1220736 1220775 1220790 1220797 1220831 1220833 1220836 1220839 1220840 1220843 1220845 1220848 1220870 1220871 1220872 1220878 1220879 1220883 1220885 1220887 1220898 1220917 1220918 1220920 1220921 1220926 1220927 1220929 1220930 1220931 1220932 1220933 1220937 1220938 1220940 1220954 1220955 1220959 1220960 1220961 1220965 1220969 1220978 1220979 1220981 1220982 1220983 1220985 1220986 1220987 1220989 1220990 1221009 1221012 1221015 1221022 1221039 1221040 1221044 1221045 1221046 1221048 1221055 1221056 1221058 1221060 1221061 1221062 1221066 1221067 1221068 1221069 1221070 1221071 1221077 1221082 1221090 1221097 1221156 1221252 1221273 1221274 1221276 1221277 1221291 1221293 1221298 1221337 1221338 1221375 1221379 1221551 1221553 1221613 1221614 1221616 1221618 1221631 1221633 1221713 1221725 1221777 1221814 1221816 1221830 1221951 1222033 1222056 1222060 1222070 1222073 1222117 1222274 1222291 1222300 1222304 1222317 1222331 1222355 1222356 1222360 1222366 1222373 1222619 1222952 CVE-2021-46925 CVE-2021-46926 CVE-2021-46927 CVE-2021-46929 CVE-2021-46930 CVE-2021-46931 CVE-2021-46933 CVE-2021-46934 CVE-2021-46936 CVE-2021-47082 CVE-2021-47083 CVE-2021-47087 CVE-2021-47091 CVE-2021-47093 CVE-2021-47094 CVE-2021-47095 CVE-2021-47096 CVE-2021-47097 CVE-2021-47098 CVE-2021-47099 CVE-2021-47100 CVE-2021-47101 CVE-2021-47102 CVE-2021-47104 CVE-2021-47105 CVE-2021-47107 CVE-2021-47108 CVE-2022-4744 CVE-2022-48626 CVE-2022-48627 CVE-2022-48628 CVE-2022-48629 CVE-2022-48630 CVE-2023-0160 CVE-2023-28746 CVE-2023-35827 CVE-2023-4881 CVE-2023-52447 CVE-2023-52450 CVE-2023-52453 CVE-2023-52454 CVE-2023-52462 CVE-2023-52463 CVE-2023-52467 CVE-2023-52469 CVE-2023-52470 CVE-2023-52474 CVE-2023-52476 CVE-2023-52477 CVE-2023-52481 CVE-2023-52482 CVE-2023-52484 CVE-2023-52486 CVE-2023-52492 CVE-2023-52493 CVE-2023-52494 CVE-2023-52497 CVE-2023-52500 CVE-2023-52501 CVE-2023-52502 CVE-2023-52504 CVE-2023-52507 CVE-2023-52508 CVE-2023-52509 CVE-2023-52510 CVE-2023-52511 CVE-2023-52513 CVE-2023-52515 CVE-2023-52517 CVE-2023-52518 CVE-2023-52519 CVE-2023-52520 CVE-2023-52523 CVE-2023-52524 CVE-2023-52525 CVE-2023-52528 CVE-2023-52529 CVE-2023-52530 CVE-2023-52531 CVE-2023-52532 CVE-2023-52559 CVE-2023-52563 CVE-2023-52564 CVE-2023-52566 CVE-2023-52567 CVE-2023-52569 CVE-2023-52574 CVE-2023-52575 CVE-2023-52576 CVE-2023-52582 CVE-2023-52583 CVE-2023-52587 CVE-2023-52591 CVE-2023-52594 CVE-2023-52595 CVE-2023-52597 CVE-2023-52598 CVE-2023-52599 CVE-2023-52600 CVE-2023-52601 CVE-2023-52602 CVE-2023-52603 CVE-2023-52604 CVE-2023-52605 CVE-2023-52606 CVE-2023-52607 CVE-2023-52608 CVE-2023-52612 CVE-2023-52615 CVE-2023-52617 CVE-2023-52619 CVE-2023-52621 CVE-2023-52623 CVE-2023-52628 CVE-2023-52632 CVE-2023-52637 CVE-2023-52639 CVE-2023-6270 CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2023-7042 CVE-2023-7192 CVE-2024-0841 CVE-2024-2201 CVE-2024-22099 CVE-2024-23307 CVE-2024-25739 CVE-2024-25742 CVE-2024-25743 CVE-2024-26599 CVE-2024-26600 CVE-2024-26602 CVE-2024-26607 CVE-2024-26612 CVE-2024-26614 CVE-2024-26620 CVE-2024-26627 CVE-2024-26629 CVE-2024-26642 CVE-2024-26645 CVE-2024-26646 CVE-2024-26651 CVE-2024-26654 CVE-2024-26659 CVE-2024-26664 CVE-2024-26667 CVE-2024-26670 CVE-2024-26695 CVE-2024-26717 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1480-1 Released: Tue Apr 30 16:01:59 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194869,1200465,1205316,1207948,1209635,1209657,1212514,1213456,1214852,1215221,1215322,1217339,1217829,1217959,1217987,1217988,1217989,1218321,1218336,1218479,1218562,1218643,1218777,1219169,1219170,1219264,1219443,1219834,1220114,1220176,1220237,1220251,1220320,1220325,1220328,1220337,1220340,1220365,1220366,1220393,1220398,1220411,1220413,1220433,1220439,1220443,1220445,1220466,1220469,1220478,1220482,1220484,1220486,1220487,1220492,1220703,1220735,1220736,1220775,1220790,1220797,1220831,1220833,1220836,1220839,1220840,1220843,1220845,1220848,1220870,1220871,1220872,1220878,1220879,1220883,1220885,1220887,1220898,1220917,1220918,1220920,1220921,1220926,1220927,1220929,1220930,1220931,1220932,1220933,1220937,1220938,1220940,1220954,1220955,1220959,1220960,1220961,1220965,1220969,1220978,1220979,1220981,1220982,1220983,1220985,1220986,1220987,1220989,1220990,1221009,1221012,1221015,1221022,1221039,1221040,1221044,1221045,1221046,1221048,1221055,1221056,1221058,1221060,1 221061,1221062,1221066,1221067,1221068,1221069,1221070,1221071,1221077,1221082,1221090,1221097,1221156,1221252,1221273,1221274,1221276,1221277,1221291,1221293,1221298,1221337,1221338,1221375,1221379,1221551,1221553,1221613,1221614,1221616,1221618,1221631,1221633,1221713,1221725,1221777,1221814,1221816,1221830,1221951,1222033,1222056,1222060,1222070,1222073,1222117,1222274,1222291,1222300,1222304,1222317,1222331,1222355,1222356,1222360,1222366,1222373,1222619,1222952,CVE-2021-46925,CVE-2021-46926,CVE-2021-46927,CVE-2021-46929,CVE-2021-46930,CVE-2021-46931,CVE-2021-46933,CVE-2021-46934,CVE-2021-46936,CVE-2021-47082,CVE-2021-47083,CVE-2021-47087,CVE-2021-47091,CVE-2021-47093,CVE-2021-47094,CVE-2021-47095,CVE-2021-47096,CVE-2021-47097,CVE-2021-47098,CVE-2021-47099,CVE-2021-47100,CVE-2021-47101,CVE-2021-47102,CVE-2021-47104,CVE-2021-47105,CVE-2021-47107,CVE-2021-47108,CVE-2022-4744,CVE-2022-48626,CVE-2022-48627,CVE-2022-48628,CVE-2022-48629,CVE-2022-48630,CVE-2023-0160,CVE-2023-28746,CVE -2023-35827,CVE-2023-4881,CVE-2023-52447,CVE-2023-52450,CVE-2023-52453,CVE-2023-52454,CVE-2023-52462,CVE-2023-52463,CVE-2023-52467,CVE-2023-52469,CVE-2023-52470,CVE-2023-52474,CVE-2023-52476,CVE-2023-52477,CVE-2023-52481,CVE-2023-52482,CVE-2023-52484,CVE-2023-52486,CVE-2023-52492,CVE-2023-52493,CVE-2023-52494,CVE-2023-52497,CVE-2023-52500,CVE-2023-52501,CVE-2023-52502,CVE-2023-52504,CVE-2023-52507,CVE-2023-52508,CVE-2023-52509,CVE-2023-52510,CVE-2023-52511,CVE-2023-52513,CVE-2023-52515,CVE-2023-52517,CVE-2023-52518,CVE-2023-52519,CVE-2023-52520,CVE-2023-52523,CVE-2023-52524,CVE-2023-52525,CVE-2023-52528,CVE-2023-52529,CVE-2023-52530,CVE-2023-52531,CVE-2023-52532,CVE-2023-52559,CVE-2023-52563,CVE-2023-52564,CVE-2023-52566,CVE-2023-52567,CVE-2023-52569,CVE-2023-52574,CVE-2023-52575,CVE-2023-52576,CVE-2023-52582,CVE-2023-52583,CVE-2023-52587,CVE-2023-52591,CVE-2023-52594,CVE-2023-52595,CVE-2023-52597,CVE-2023-52598,CVE-2023-52599,CVE-2023-52600,CVE-2023-52601,CVE-2023-52602,CVE-2023-52 603,CVE-2023-52604,CVE-2023-52605,CVE-2023-52606,CVE-2023-52607,CVE-2023-52608,CVE-2023-52612,CVE-2023-52615,CVE-2023-52617,CVE-2023-52619,CVE-2023-52621,CVE-2023-52623,CVE-2023-52628,CVE-2023-52632,CVE-2023-52637,CVE-2023-52639,CVE-2023-6270,CVE-2023-6356,CVE-2023-6535,CVE-2023-6536,CVE-2023-7042,CVE-2023-7192,CVE-2024-0841,CVE-2024-2201,CVE-2024-22099,CVE-2024-23307,CVE-2024-25739,CVE-2024-25742,CVE-2024-25743,CVE-2024-26599,CVE-2024-26600,CVE-2024-26602,CVE-2024-26607,CVE-2024-26612,CVE-2024-26614,CVE-2024-26620,CVE-2024-26627,CVE-2024-26629,CVE-2024-26642,CVE-2024-26645,CVE-2024-26646,CVE-2024-26651,CVE-2024-26654,CVE-2024-26659,CVE-2024-26664,CVE-2024-26667,CVE-2024-26670,CVE-2024-26695,CVE-2024-26717 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466). - CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478). - CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443). - CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482). - CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484). - CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486). - CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487). - CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469). - CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439). - CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969). - CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917). - CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954). - CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959). - CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978). - CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551). - CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979). - CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981). - CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982). - CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983). - CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955). - CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985). - CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987). - CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009). - CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960). - CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961). - CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965). - CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366). - CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845). - CVE-2022-48628: Fixed possible lock in ceph (bsc#1220848). - CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989). - CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990). - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657). - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251). - CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237). - CVE-2023-52453: Fixed data corruption in hisi_acc_vfio_pci (bsc#1220337). - CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320). - CVE-2023-52462: Fixed check for attempt to corrupt spilled pointer (bsc#1220325). - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). - CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433). - CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411). - CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413). - CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445). - CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703). - CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790). - CVE-2023-52481: Fixed speculative unprivileged load in Cortex-A520 (bsc#1220887). - CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735). - CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797). - CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277). - CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276). - CVE-2023-52493: Fixed possible soft lockup in bus/mhi/host (bsc#1221274). - CVE-2023-52494: Fixed missing alignment check for event ring read pointer in bus/mhi/host (bsc#1221273). - CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879). - CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883). - CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885). - CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831). - CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553). - CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833). - CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015). - CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836). - CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898). - CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012). - CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022). - CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048). - CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055). - CVE-2023-52518: Fixed information leak in bluetooth/hci_codec (bsc#1221056). - CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920). - CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921). - CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926). - CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927). - CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840). - CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843). - CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929). - CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930). - CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931). - CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932). - CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933). - CVE-2023-52563: Fixed memory leak on ->hpd_notify callback() in drm/meson (bsc#1220937). - CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938). - CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940). - CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839). - CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918). - CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870). - CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871). - CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872). - CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878). - CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058). - CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082). - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044). - CVE-2023-52594: Fixed potential array-index-out-of-bounds read in ath9k_htc_txstatus() (bsc#1221045). - CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046). - CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040). - CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace (bsc#1221060). - CVE-2023-52599: Fixed array-index-out-of-bounds in diNewExt() in jfs (bsc#1221062). - CVE-2023-52600: Fixed uaf in jfs_evict_inode() (bsc#1221071). - CVE-2023-52601: Fixed array-index-out-of-bounds in dbAdjTree() in jfs (bsc#1221068). - CVE-2023-52602: Fixed slab-out-of-bounds Read in dtSearch() in jfs (bsc#1221070). - CVE-2023-52603: Fixed array-index-out-of-bounds in dtSplitRoot() (bsc#1221066). - CVE-2023-52604: Fixed array-index-out-of-bounds in dbAdjTree() (bsc#1221067). - CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039) - CVE-2023-52606: Fixed possible kernel stack corruption in powerpc/lib (bsc#1221069). - CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061). - CVE-2023-52608: Fixed possible race condition in firmware/arm_scmi (bsc#1221375). - CVE-2023-52612: Fixed req->dst buffer overflow in crypto/scomp (bsc#1221616). - CVE-2023-52615: Fixed page fault dead lock on mmap-ed hwrng (bsc#1221614). - CVE-2023-52617: Fixed stdev_release() crash after surprise hot remove (bsc#1221613). - CVE-2023-52619: Fixed possible crash when setting number of cpus to an odd number in pstore/ram (bsc#1221618). - CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073). - CVE-2023-52623: Fixed suspicious RCU usage in SUNRPC (bsc#1222060). - CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117). - CVE-2023-52632: Fixed lock dependency warning with srcu in drm/amdkfd (bsc#1222274). - CVE-2023-52637: Fixed UAF in j1939_sk_match_filter() in can/k1939 (bsc#1222291). - CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie Fixed (bsc#1222300). - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336). - CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479). - CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264). - CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339). - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169). - CVE-2024-25739: Fixed possible crash in create_empty_lvol() in drivers/mtd/ubi/vtbl.c (bsc#1219834). - CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725). - CVE-2024-25743: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725). - CVE-2024-26599: Fixed out-of-bounds access in of_pwm_single_xlate() (bsc#1220365). - CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340). - CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). - CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736). - CVE-2024-26612: Fixed Oops in fscache_put_cache() This function dereferences (bsc#1221291). - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293). - CVE-2024-26620: Fixed possible device model violation in s390/vfio-ap (bsc#1221298). - CVE-2024-26627: Fixed possible hard lockup in scsi (bsc#1221090). - CVE-2024-26629: Fixed possible protocol violation via RELEASE_LOCKOWNER in nfsd (bsc#1221379). - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830). - CVE-2024-26645: Fixed missing visibility when inserting an element into tracing_map (bsc#1222056). - CVE-2024-26646: Fixed potential memory corruption when resuming from suspend or hibernation in thermal/intel/hfi (bsc#1222070). - CVE-2024-26651: Fixed possible oops via malicious devices in sr9800 (bsc#1221337). - CVE-2024-26654: Fixed use after free in ALSA/sh/aica (bsc#1222304). - CVE-2024-26659: Fixed wrong handling of isoc Babble and Buffer Overrun events in xhci (bsc#1222317). - CVE-2024-26664: Fixed out-of-bounds memory access in create_core_data() in hwmon coretemp (bsc#1222355). - CVE-2024-26667: Fixed null pointer reference in dpu_encoder_helper_phys_cleanup in drm/msm/dpu (bsc#1222331). - CVE-2024-26670: Fixed ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround in kernel arm64 (bsc#1222356). - CVE-2024-26695: Fixed null pointer dereference in __sev_platform_shutdown_locked in crypto ccp (bsc#1222373). - CVE-2024-26717: Fixed null pointer dereference on failed power up in HID i2c-hid-of (bsc#1222360). The following non-security bugs were fixed: - acpi: CPPC: enable AMD CPPC V2 support for family 17h processors (git-fixes). - acpi: processor_idle: Fix memory leak in acpi_processor_power_exit() (git-fixes). - acpi: resource: Add Infinity laptops to irq1_edge_low_force_override (stable-fixes). - acpi: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override (git-fixes). - acpi: resource: Do IRQ override on Lunnen Ground laptops (stable-fixes). - acpi: scan: Fix device check notification handling (git-fixes). - acpica: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() (git-fixes). - alsa: aaci: Delete unused variable in aaci_do_suspend (git-fixes). - alsa: aoa: avoid false-positive format truncation warning (git-fixes). - alsa: aw2: avoid casting function pointers (git-fixes). - alsa: ctxfi: avoid casting function pointers (git-fixes). - alsa: hda/realtek - ALC285 reduce pop noise from Headphone port (stable-fixes). - alsa: hda/realtek - Add Headset Mic supported Acer NB platform (stable-fixes). - alsa: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform (git-fixes). - alsa: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) (git-fixes). - alsa: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone (git-fixes). - alsa: hda/realtek: fix ALC285 issues on HP Envy x360 laptops (stable-fixes). - alsa: hda/realtek: fix mute/micmute LED For HP mt440 (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs for HP EliteBook (stable-fixes). - alsa: seq: fix function cast warnings (git-fixes). - alsa: sh: aica: reorder cleanup operations to avoid UAF bugs (git-fixes). - alsa: usb-audio: Stop parsing channels bits when all channels are found (git-fixes). - arm64: dts: allwinner: h6: add rx dma channel for spdif (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (git-fixes) - arm64: dts: imx8mm-kontron: add support for ultra high speed modes on (git-fixes) - arm64: dts: imx8mm-venice-gw71xx: fix usb otg vbus (git-fixes) - arm64: dts: marvell: reorder crypto interrupts on armada socs (git-fixes) - arm64: dts: rockchip: add es8316 codec for rock pi 4 (git-fixes) - arm64: dts: rockchip: add spdif node for rock pi 4 (git-fixes) - arm64: dts: rockchip: fix regulator name on rk3399-rock-4 (git-fixes) - arm64: dts: rockchip: set num-cs property for spi on px30 (git-fixes) - arm64: mm: fix va-range sanity check (git-fixes) - arm64: set __exception_irq_entry with __irq_entry as a default (git-fixes) - asoc: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet (stable-fixes). - asoc: amd: acp: Add missing error handling in sof-mach (git-fixes). - asoc: amd: acp: fix for acp_init function error handling (git-fixes). - asoc: madera: Fix typo in madera_set_fll_clks shift value (git-fixes). - asoc: meson: Use dev_err_probe() helper (stable-fixes). - asoc: meson: aiu: fix function pointer type mismatch (git-fixes). - asoc: meson: axg-tdm-interface: add frame rate constraint (git-fixes). - asoc: meson: axg-tdm-interface: fix mclk setup without mclk-fs (git-fixes). - asoc: meson: t9015: fix function pointer type mismatch (git-fixes). - asoc: ops: Fix wraparound for mask in snd_soc_get_volsw (git-fixes). - asoc: rcar: adg: correct TIMSEL setting for SSI9 (git-fixes). - asoc: rt5645: Make LattePanda board DMI match more precise (stable-fixes). - asoc: rt5682-sdw: fix locking sequence (git-fixes). - asoc: rt711-sdca: fix locking sequence (git-fixes). - asoc: rt711-sdw: fix locking sequence (git-fixes). - asoc: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode (stable-fixes). - asoc: wm8962: Enable oscillator if selecting WM8962_FLL_OSC (stable-fixes). - asoc: wm8962: Fix up incorrect error message in wm8962_set_fll (stable-fixes). - ata: sata_mv: fix pci device id table declaration compilation warning (git-fixes). - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit (git-fixes). - backlight: da9052: fully initialize backlight_properties during probe (git-fixes). - backlight: lm3630a: do not set bl->props.brightness in get_brightness (git-fixes). - backlight: lm3630a: initialize backlight_properties on init (git-fixes). - backlight: lm3639: fully initialize backlight_properties during probe (git-fixes). - backlight: lp8788: fully initialize backlight_properties during probe (git-fixes). - blocklayoutdriver: fix reference leak of pnfs_device_node (git-fixes). - bluetooth: Remove HCI_POWER_OFF_TIMEOUT (git-fixes). - bluetooth: Remove superfluous call to hci_conn_check_pending() (git-fixes). - bluetooth: hci_core: Fix possible buffer overflow (git-fixes). - bluetooth: mgmt: Remove leftover queuing of power_off work (git-fixes). - bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (stable-fixes). - bpf, scripts: correct gpl license name (git-fixes). - bpf, sockmap: fix preempt_rt splat when using raw_spin_lock_t (git-fixes). - can: softing: remove redundant null check (git-fixes). - clk: zynq: prevent null pointer dereference caused by kmalloc failure (git-fixes). - comedi: comedi_test: prevent timers rescheduling during deletion (git-fixes). - coresight: etm4x: do not access trcidr1 for identification (bsc#1220775) - coresight: etm4x: fix accesses to trcseqrstevr and trcseqstr (bsc#1220775) - coresight: etm: override trcidr3.ccitmin on errata affected cpus (bsc#1220775) - cpufreq: amd-pstate: fix min_perf assignment in amd_pstate_adjust_perf() (git-fixes). - cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value (git-fixes). - crypto: arm/sha - fix function cast warnings (git-fixes). - crypto: qat - avoid division by zero (git-fixes). - crypto: qat - fix deadlock in backlog processing (git-fixes). - crypto: qat - fix double free during reset (git-fixes). - crypto: qat - fix state machines cleanup paths (bsc#1218321). - crypto: qat - fix unregistration of compression algorithms (git-fixes). - crypto: qat - fix unregistration of crypto algorithms (git-fixes). - crypto: qat - ignore subsequent state up commands (git-fixes). - crypto: qat - increase size of buffers (git-fixes). - crypto: qat - resolve race condition during aer recovery (git-fixes). - crypto: xilinx - call finalize with bh disabled (git-fixes). - doc-guide: kernel-doc: tell about object-like macros (git-fixes). - doc/readme.suse: update information about module support status (jsc#ped-5759) - drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (git-fixes). - drm/amd/display: add fams validation before trying to use it (git-fixes). - drm/amd/display: add fb_damage_clips support (git-fixes). - drm/amd/display: add function for validate and update new stream (git-fixes). - drm/amd/display: add odm case when looking for first split pipe (git-fixes). - drm/amd/display: always switch off odm before committing more streams (git-fixes). - drm/amd/display: avoid abm when odm combine is enabled for edp (git-fixes). - drm/amd/display: blocking invalid 420 modes on hdmi tmds for dcn31 (git-fixes). - drm/amd/display: check if link state is valid (git-fixes). - drm/amd/display: clean code-style issues in dcn30_set_mpc_shaper_3dlut (git-fixes). - drm/amd/display: copy dc context in the commit streams (git-fixes). - drm/amd/display: dc.h: eliminate kernel-doc warnings (git-fixes). - drm/amd/display: disable psr-su on parade 0803 tcon again (git-fixes). - drm/amd/display: enable fast plane updates on dcn3.2 and above (git-fixes). - drm/amd/display: enable new commit sequence only for dcn32x (git-fixes). - drm/amd/display: ensure async flips are only accepted for fast updates (git-fixes). - drm/amd/display: exit idle optimizations before attempt to access phy (git-fixes). - drm/amd/display: expand kernel doc for dc (git-fixes). - drm/amd/display: fix a bug when searching for insert_above_mpcc (git-fixes). - drm/amd/display: fix a null pointer dereference in amdgpu_dm_i2c_xfer() (git-fixes). - drm/amd/display: fix a potential buffer overflow in 'dp_dsc_clock_en_read()' (git-fixes). - drm/amd/display: fix abm disablement (git-fixes). - drm/amd/display: fix dc/core/dc.c kernel-doc (git-fixes). - drm/amd/display: fix hw rotated modes when psr-su is enabled (git-fixes). - drm/amd/display: fix kernel-doc issues in dc.h (git-fixes). - drm/amd/display: fix possible underflow for displays with large vblank (git-fixes). - drm/amd/display: fix the delta clamping for shaper lut (git-fixes). - drm/amd/display: fix unbounded requesting for high pixel rate modes on dcn315 (git-fixes). - drm/amd/display: fix underflow issue on 175hz timing (git-fixes). - drm/amd/display: for prefetch mode > 0, extend prefetch if possible (git-fixes). - drm/amd/display: guard against invalid rptr/wptr being set (git-fixes). - drm/amd/display: guard dcn31 phyd32clk logic against chip family (git-fixes). - drm/amd/display: handle range offsets in vrr ranges (stable-fixes). - drm/amd/display: handle seamless boot stream (git-fixes). - drm/amd/display: handle virtual hardware detect (git-fixes). - drm/amd/display: include surface of unaffected streams (git-fixes). - drm/amd/display: include udelay when waiting for inbox0 ack (git-fixes). - drm/amd/display: increase frame warning limit with kasan or kcsan in dml (git-fixes). - drm/amd/display: keep phy active for dp config (git-fixes). - drm/amd/display: perform a bounds check before filling dirty rectangles (git-fixes). - drm/amd/display: prevent vtotal from being set to 0 (git-fixes). - drm/amd/display: remove min_dst_y_next_start check for z8 (git-fixes). - drm/amd/display: restore rptr/wptr for dmcub as workaround (git-fixes). - drm/amd/display: return the correct hdcp error code (stable-fixes). - drm/amd/display: revert vblank change that causes null pointer crash (git-fixes). - drm/amd/display: rework comments on dc file (git-fixes). - drm/amd/display: rework context change check (git-fixes). - drm/amd/display: set minimum requirement for using psr-su on phoenix (git-fixes). - drm/amd/display: set minimum requirement for using psr-su on rembrandt (git-fixes). - drm/amd/display: set per pipe dppclk to 0 when dpp is off (git-fixes). - drm/amd/display: update correct dcn314 register header (git-fixes). - drm/amd/display: update extended blank for dcn314 onwards (git-fixes). - drm/amd/display: update min z8 residency time to 2100 for dcn314 (git-fixes). - drm/amd/display: update otg instance in the commit stream (git-fixes). - drm/amd/display: use dram speed from validation for dummy p-state (git-fixes). - drm/amd/display: use dtbclk as refclk instead of dprefclk (git-fixes). - drm/amd/display: use low clocks for no plane configs (git-fixes). - drm/amd/display: use min transition for all subvp plane add/remove (git-fixes). - drm/amd/display: write to correct dirty_rect (git-fixes). - drm/amd/display: wrong colorimetry workaround (git-fixes). - drm/amd/pm: fix a memleak in aldebaran_tables_init (git-fixes). - drm/amd/pm: fix error of maco flag setting code (git-fixes). - drm/amd/smu: use averagegfxclkfrequency* to replace previous gfx curr clock (git-fixes). - drm/amd: enable pcie pme from d3 (git-fixes). - drm/amdgpu/pm: fix the error of pwm1_enable setting (stable-fixes). - drm/amdgpu/pm: make gfxclock consistent for sienna cichlid (git-fixes). - drm/amdgpu/pm: make mclk consistent for smu 13.0.7 (git-fixes). - drm/amdgpu/smu13: drop compute workload workaround (git-fixes). - drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (stable-fixes). - drm/amdgpu: enable gpu reset for s3 abort cases on raven series (stable-fixes). - drm/amdgpu: fix missing break in atom_arg_imm case of atom_get_src_int() (git-fixes). - drm/amdgpu: force order between a read and write to the same address (git-fixes). - drm/amdgpu: lower cs errors to debug severity (git-fixes). - drm/amdgpu: match against exact bootloader status (git-fixes). - drm/amdgpu: unset context priority is now invalid (git-fixes). - drm/amdgpu: update min() to min_t() in 'amdgpu_info_ioctl' (git-fixes). - drm/amdkfd: fix tlb flush after unmap for gfx9.4.2 (stable-fixes). - drm/bridge: tc358762: instruct dsi host to generate hse packets (git-fixes). - drm/display: fix typo (git-fixes). - drm/edid: add quirk for osvr hdk 2.0 (git-fixes). - drm/etnaviv: restore some id values (git-fixes). - drm/exynos: do not return negative values from .get_modes() (stable-fixes). - drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() (git-fixes). - drm/i915/bios: tolerate devdata==null in intel_bios_encoder_supports_dp_dual_mode() (stable-fixes). - drm/i915/gt: do not generate the command streamer for all the ccs (git-fixes). - drm/i915/gt: reset queue_priority_hint on parking (git-fixes). - drm/i915/gt: use i915_vm_put on ppgtt_create error paths (git-fixes). - drm/i915/selftests: fix dependency of some timeouts on hz (git-fixes). - drm/i915: add missing ccs documentation (git-fixes). - drm/i915: call intel_pre_plane_updates() also for pipes getting enabled (git-fixes). - drm/i915: check before removing mm notifier (git-fixes). - drm/lima: fix a memleak in lima_heap_alloc (git-fixes). - drm/mediatek: dsi: fix dsi rgb666 formats and definitions (git-fixes). - drm/mediatek: fix a null pointer crash in mtk_drm_crtc_finish_page_flip (git-fixes). - drm/msm/dpu: add division of drm_display_mode's hskew parameter (git-fixes). - drm/msm/dpu: fix the programming of intf_cfg2_data_hctl_en (git-fixes). - drm/msm/dpu: improve dsc allocation (git-fixes). - drm/msm/dpu: only enable dsc_mode_multiplex if dsc_merge is enabled (git-fixes). - drm/panel-edp: use put_sync in unprepare (git-fixes). - drm/panel: auo,b101uan08.3: fine tune the panel power sequence (git-fixes). - drm/panel: boe-tv101wum-nl6: fine tune the panel power sequence (git-fixes). - drm/panel: do not return negative error codes from drm_panel_get_modes() (stable-fixes). - drm/panel: move aux b116xw03 out of panel-edp back to panel-simple (git-fixes). - drm/panfrost: fix power transition timeout warnings (git-fixes). - drm/probe-helper: warn about negative .get_modes() (stable-fixes). - drm/qxl: remove unused `count` variable from `qxl_surface_id_alloc()` (git-fixes). - drm/qxl: remove unused variable from `qxl_process_single_command()` (git-fixes). - drm/radeon/ni: fix wrong firmware size logging in ni_init_microcode() (git-fixes). - drm/radeon/ni_dpm: remove redundant null check (git-fixes). - drm/radeon: remove dead code in ni_mc_load_microcode() (git-fixes). - drm/rockchip: dsi: clean up 'usage_mode' when failing to attach (git-fixes). - drm/rockchip: inno_hdmi: fix video timing (git-fixes). - drm/rockchip: lvds: do not overwrite error code (git-fixes). - drm/rockchip: lvds: do not print scary message when probing defer (git-fixes). - drm/tegra: dpaux: fix pm disable depth imbalance in tegra_dpaux_probe (git-fixes). - drm/tegra: dsi: add missing check for of_find_device_by_node (git-fixes). - drm/tegra: dsi: fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() (git-fixes). - drm/tegra: dsi: fix some error handling paths in tegra_dsi_probe() (git-fixes). - drm/tegra: dsi: make use of the helper function dev_err_probe() (stable-fixes). - drm/tegra: hdmi: convert to devm_platform_ioremap_resource() (stable-fixes). - drm/tegra: hdmi: fix some error handling paths in tegra_hdmi_probe() (git-fixes). - drm/tegra: output: fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() (git-fixes). - drm/tegra: put drm_gem_object ref on error in tegra_fb_create (git-fixes). - drm/tegra: rgb: fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() (git-fixes). - drm/tegra: rgb: fix some error handling paths in tegra_dc_rgb_probe() (git-fixes). - drm/tidss: fix initial plane zpos values (git-fixes). - drm/tidss: fix sync-lost issue with two displays (git-fixes). - drm/ttm: do not leak a resource on eviction error (git-fixes). - drm/ttm: do not print error message if eviction was interrupted (git-fixes). - drm/vc4: add module dependency on hdmi-codec (git-fixes). - drm/vmwgfx: create debugfs ttm_resource_manager entry only if needed (git-fixes). - drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (git-fixes). - drm/vmwgfx: fix possible null pointer derefence with invalid contexts (git-fixes). - drm: do not treat 0 as -1 in drm_fixp2int_ceil (git-fixes). - drm: fix drm_fixp2int_round() making it add 0.5 (git-fixes). - drm: panel-orientation-quirks: add quirk for acer switch v 10 (sw5-017) (git-fixes). - firewire: core: use long bus reset on gap count error (stable-fixes). - fix 'coresight: etm4x: Change etm4_platform_driver driver for MMIO devices' (bsc#1220775) - hid: amd_sfh: Update HPD sensor structure elements (git-fixes). - hid: lenovo: Add middleclick_workaround sysfs knob for cptkbd (git-fixes). - hid: multitouch: Add required quirk for Synaptics 0xcddc device (stable-fixes). - hv_netvsc: calculate correct ring size when page_size is not 4 kbytes (git-fixes). - hv_netvsc: fix race condition between netvsc_probe and netvsc_remove (git-fixes). - hv_netvsc: register vf in netvsc_probe if net_device_register missed (git-fixes). - i2c: aspeed: fix the dummy irq expected print (git-fixes). - i2c: i801: avoid potential double call to gpiod_remove_lookup_table (git-fixes). - i2c: wmt: fix an error handling path in wmt_i2c_probe() (git-fixes). - ib/ipoib: Fix mcast list locking (git-fixes) - iio: dummy_evgen: remove excess kernel-doc comments (git-fixes). - iio: pressure: dlhl60d: initialize empty dlh bytes (git-fixes). - input: gpio_keys_polled - suppress deferred probe error for gpio (stable-fixes). - input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table (git-fixes). - input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table (git-fixes). - input: i8042 - add quirk for Fujitsu Lifebook A574/H (git-fixes). - input: i8042 - fix strange behavior of touchpad on Clevo NS70PU (git-fixes). - input: pm8941-powerkey - fix debounce on gen2+ PMICs (git-fixes). - input: pm8941-pwrkey - add software key press debouncing support (git-fixes). - input: pm8941-pwrkey - add support for PON GEN3 base addresses (git-fixes). - input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal (git-fixes). - input: xpad - add Lenovo Legion Go controllers (git-fixes). - iommu/amd: mark interrupt as managed (git-fixes). - iommu/dma: trace bounce buffer usage when mapping buffers (git-fixes). - iommu/mediatek-v1: fix an error handling path in mtk_iommu_v1_probe() (git-fixes). - iommu/mediatek: fix forever loop in error handling (git-fixes). - iommu/vt-d: allow to use flush-queue when first level is default (git-fixes). - iommu/vt-d: do not issue ats invalidation request when device is disconnected (git-fixes). - iommu/vt-d: fix pasid directory pointer coherency (git-fixes). - iommu/vt-d: set no execute enable bit in pasid table entry (git-fixes). - kabi: pci: add locking to rmw pci express capability register accessors (kabi). - kconfig: fix infinite loop when expanding a macro at the end of file (git-fixes). - kvm: s390: only deliver the set service event bits (git-fixes bsc#1221631). - lan78xx: enable auto speed configuration for lan7850 if no eeprom is detected (git-commit). - leds: aw2013: unlock mutex before destroying it (git-fixes). - lib/cmdline: fix an invalid format specifier in an assertion msg (git-fixes). - make nvidiA Grace-Hopper TPM related drivers build-ins (bsc#1221156) - md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes). - md/raid5: release batch_last before waiting for another stripe_head (git-fixes). - md/raid6: use valid sector values to determine if an i/o should wait on the reshape (git-fixes). - md: do not ignore suspended array in md_check_recovery() (git-fixes). - md: do not leave 'md_recovery_frozen' in error path of md_set_readonly() (git-fixes). - md: fix data corruption for raid456 when reshape restart while grow up (git-fixes). - md: introduce md_ro_state (git-fixes). - md: make sure md_do_sync() will set md_recovery_done (git-fixes). - md: whenassemble the array, consult the superblock of the freshest device (git-fixes). - media: dvb-frontends: avoid stack overflow warnings with clang (git-fixes). - media: edia: dvbdev: fix a use-after-free (git-fixes). - media: em28xx: annotate unchecked call to media_device_register() (git-fixes). - media: go7007: add check of return value of go7007_read_addr() (git-fixes). - media: go7007: fix a memleak in go7007_load_encoder (git-fixes). - media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak (git-fixes). - media: pvrusb2: fix pvr2_stream_callback casts (git-fixes). - media: pvrusb2: fix uaf in pvr2_context_set_notify (git-fixes). - media: pvrusb2: remove redundant null check (git-fixes). - media: staging: ipu3-imgu: set fields before media_entity_pads_init() (git-fixes). - media: sun8i-di: fix chroma difference threshold (git-fixes). - media: sun8i-di: fix coefficient writes (git-fixes). - media: sun8i-di: fix power on/off sequences (git-fixes). - media: tc358743: register v4l2 async device only after successful setup (git-fixes). - media: ttpci: fix two memleaks in budget_av_attach (git-fixes). - media: usbtv: remove useless locks in usbtv_video_free() (git-fixes). - media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity (git-fixes). - media: v4l2-tpg: fix some memleaks in tpg_alloc (git-fixes). - media: xc4000: fix atomicity violation in xc4000_get_frequency (git-fixes). - mfd: altera-sysmgr: call of_node_put() only when of_parse_phandle() takes a ref (git-fixes). - mfd: syscon: call of_node_put() only when of_parse_phandle() takes a ref (git-fixes). - mm,page_owner: Defer enablement of static branch (bsc#1222366). - mm,page_owner: check for null stack_record before bumping its refcount (bsc#1222366). - mm,page_owner: drop unnecessary check (bsc#1222366). - mm,page_owner: fix accounting of pages when migrating (bsc#1222366). - mm,page_owner: fix printing of stack records (bsc#1222366). - mm,page_owner: fix recursion (bsc#1222366). - mm,page_owner: fix refcount imbalance (bsc#1222366). - mm,page_owner: update metadata for tail pages (bsc#1222366). - mm/vmalloc: huge vmalloc backing pages should be split rather than compound (bsc#1217829). - mmc: core: avoid negative index with array access (git-fixes). - mmc: core: fix switch on gp3 partition (git-fixes). - mmc: core: initialize mmc_blk_ioc_data (git-fixes). - mmc: mmci: stm32: fix dma api overlapping mappings warning (git-fixes). - mmc: mmci: stm32: use a buffer for unaligned dma requests (git-fixes). - mmc: tmio: avoid concurrent runs of mmc_request_done() (git-fixes). - mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function (git-fixes). - mtd: maps: physmap-core: fix flash size larger than 32-bit (git-fixes). - mtd: rawnand: lpc32xx_mlc: fix irq handler prototype (git-fixes). - mtd: rawnand: meson: fix scrambling mode value in command macro (git-fixes). - net/bnx2x: prevent access to a freed page in page_pool (bsc#1215322). - net/x25: fix incorrect parameter validation in the x25_getsockopt() function (git-fixes). - net: fix features skip in for_each_netdev_feature() (git-fixes). - net: lan78xx: fix runtime pm count underflow on link stop (git-fixes). - net: ll_temac: platform_get_resource replaced by wrong function (git-fixes). - net: mana: fix rx dma datasize and skb_over_panic (git-fixes). - net: phy: fix phy_get_internal_delay accessing an empty array (git-fixes). - net: sunrpc: fix an off by one in rpc_sockaddr2uaddr() (git-fixes). - net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes). - nfc: nci: fix uninit-value in nci_dev_up and nci_ntf_packet (git-fixes). - nfs: fix an off by one in root_nfs_cat() (git-fixes). - nfs: rename nfs_client_kset to nfs_kset (git-fixes). - nfsd: change LISTXATTRS cookie encoding to big-endian (git-fixes). - nfsd: convert the callback workqueue to use delayed_work (git-fixes). - nfsd: do not take fi_lock in nfsd_break_deleg_cb() (git-fixes). - nfsd: fix LISTXATTRS returning a short list with eof=TRUE (git-fixes). - nfsd: fix LISTXATTRS returning more bytes than maxcount (git-fixes). - nfsd: fix file memleak on client_opens_release (git-fixes). - nfsd: fix nfsd4_listxattr_validate_cookie (git-fixes). - nfsd: lock_rename() needs both directories to live on the same fs (git-fixes). - nfsd: reschedule CB operations when backchannel rpc_clnt is shut down (git-fixes). - nfsd: reset cb_seq_status after NFS4ERR_DELAY (git-fixes). - nfsd: retransmit callbacks after client reconnects (git-fixes). - nfsd: use vfs setgid helper (git-fixes). - nfsv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT (git-fixes). - nfsv4.1: fix SP4_MACH_CRED protection for pnfs IO (git-fixes). - nfsv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes). - nfsv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes). - nfsv4.2: fix listxattr maximum XDR buffer size (git-fixes). - nfsv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (git-fixes). - nfsv4.2: fix wrong shrinker_id (git-fixes). - nfsv4: fix a nfs4_state_manager() race (git-fixes). - nfsv4: fix a state manager thread deadlock regression (git-fixes). - nilfs2: fix failure to detect dat corruption in btree and direct mappings (git-fixes). - nilfs2: prevent kernel bug at submit_bh_wbc() (git-fixes). - nouveau/dmem: handle kcalloc() allocation failure (git-fixes). - nouveau: reset the bo resource bus info after an eviction (git-fixes). - ntfs: fix use-after-free in ntfs_ucsncmp() (bsc#1221713). - nvme-fc: do not wait in vain when unloading module (git-fixes). - nvme: fix reconnection fail due to reserved tag allocation (git-fixes). - nvmet-fc: abort command when there is no binding (git-fixes). - nvmet-fc: avoid deadlock on delete association path (git-fixes). - nvmet-fc: defer cleanup using rcu properly (git-fixes). - nvmet-fc: hold reference on hostport match (git-fixes). - nvmet-fc: release reference on target port (git-fixes). - nvmet-fc: take ref count on tgtport before delete assoc (git-fixes). - nvmet-fcloop: swap the list_add_tail arguments (git-fixes). - nvmet-tcp: fix nvme tcp ida memory leak (git-fixes). - pci/aer: fix rootport attribute paths in ABI docs (git-fixes). - pci/aspm: Use RMW accessors for changing LNKCTL (git-fixes). - pci/dpc: print all TLP Prefixes, not just the first (git-fixes). - pci/msi: prevent MSI hardware interrupt number truncation (bsc#1218777) - pci/p2pdma: Fix a sleeping issue in a RCU read section (git-fixes). - pci: add locking to RMW PCI Express Capability Register accessors (git-fixes). - pci: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() (git-fixes). - pci: dwc: endpoint: Fix advertised resizable BAR size (git-fixes). - pci: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support (git-fixes). - pci: fu740: Set the number of MSI vectors (git-fixes). - pci: lengthen reset delay for VideoPropulsion Torrent QN16e card (git-fixes). - pci: make link retraining use RMW accessors for changing LNKCTL (git-fixes). - pci: mark 3ware-9650SE Root Port Extended Tags as broken (git-fixes). - pci: mediatek-gen3: Fix translation window size calculation (git-fixes). - pci: mediatek: Clear interrupt status before dispatching handler (git-fixes). - pci: qcom: Enable BDF to SID translation properly (git-fixes). - pci: qcom: Use DWC helpers for modifying the read-only DBI registers (git-fixes). - pci: rockchip: Do not advertise MSI-X in PCIe capabilities (git-fixes). - pci: rockchip: Fix window mapping and address translation for endpoint (git-fixes). - pci: rockchip: Use 64-bit mask on MSI 64-bit PCI address (git-fixes). - pci: switchtec: Fix an error handling path in switchtec_pci_probe() (git-fixes). - pinctrl: mediatek: drop bogus slew rate register range for mt8192 (git-fixes). - platform/mellanox: mlxreg-hotplug: Remove redundant NULL-check (git-fixes). - pm: suspend: Set mem_sleep_current during kernel command line setup (git-fixes). - pnfs/flexfiles: check the layout validity in ff_layout_mirror_prepare_stats (git-fixes). - pnfs: fix a hang in nfs4_evict_inode() (git-fixes). - pnfs: fix the pnfs block driver's calculation of layoutget size (git-fixes). - powerpc/64s: POWER10 CPU Kconfig build option (bsc#1194869). - powerpc/boot: Disable power10 features after BOOTAFLAGS assignment (bsc#1194869). - powerpc/boot: Fix boot wrapper code generation with CONFIG_POWER10_CPU (bsc#1194869). - powerpc/lib/sstep: Do not use __{get/put}_user() on kernel addresses (bsc#1194869). - powerpc/lib/sstep: Remove unneeded #ifdef __powerpc64__ (bsc#1194869). - powerpc/lib/sstep: Use l1_dcache_bytes() instead of opencoding (bsc#1194869). - powerpc/lib/sstep: use truncate_if_32bit() (bsc#1194869). - powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270). - powerpc/pseries: Fix potential memleak in papr_get_attr() (bsc#1200465 ltc#197256 jsc#SLE-18130 git-fixes). - powerpc/sstep: Use bitwise instead of arithmetic operator for flags (bsc#1194869). - powerpc: add compile-time support for lbarx, lharx (bsc#1194869). - pwm: mediatek: Update kernel doc for struct pwm_mediatek_of_data (git-fixes). - qedf: Do not process stag work during unload (bsc#1214852). - qedf: Wait for stag work during unload (bsc#1214852). - raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1221097). - ras/amd/fmpm: Add debugfs interface to print record entries (jsc#PED-7619). - ras/amd/fmpm: Avoid NULL ptr deref in get_saved_records() (jsc#PED-7619). - ras/amd/fmpm: Fix build when debugfs is not enabled (jsc#PED-7619). - ras/amd/fmpm: Fix off by one when unwinding on error (jsc#PED-7619). - ras/amd/fmpm: Safely handle saved records of various sizes (jsc#PED-7619). - ras/amd/fmpm: Save SPA values (jsc#PED-7619). - ras: Avoid build errors when CONFIG_DEBUG_FS=n (git-fixes). - ras: export helper to get ras_debugfs_dir (jsc#PED-7619). - rdma/device: fix a race between mad_client and cm_client init (git-fixes) - rdma/hns: fix mis-modifying default congestion control algorithm (git-fixes) - rdma/ipoib: fix error code return in ipoib_mcast_join (git-fixes) - rdma/irdma: remove duplicate assignment (git-fixes) - rdma/mana_ib: fix bug in creation of dma regions (git-fixes). - rdma/mlx5: fix fortify source warning while accessing eth segment (git-fixes) - rdma/mlx5: relax devx access upon modify commands (git-fixes) - rdma/rtrs-clt: check strnlen return len in sysfs mpath_policy_store() (git-fixes) - rdma/srpt: do not register event handler until srpt device is fully setup (git-fixes) - revert 'drm/amd: disable psr-su on parade 0803 tcon' (git-fixes). - revert 'drm/amd: disable s/g for apus when 64gb or more host memory' (git-fixes). - revert 'drm/amdgpu/display: change pipe policy for dcn 2.0' (git-fixes). - revert 'drm/amdgpu/display: change pipe policy for dcn 2.1' (git-fixes). - revert 'drm/vc4: hdmi: enforce the minimum rate at runtime_resume' (git-fixes). - revert 'fbdev: flush deferred io before closing (git-fixes).' (bsc#1221814) - revert 'pci: tegra194: enable support for 256 byte payload' (git-fixes). - revert 'revert 'drm/amdgpu/display: change pipe policy for dcn 2.0'' (git-fixes). - revert 'sunrpc dont update timeout value on connection reset' (git-fixes). - ring-buffer: Clean ring_buffer_poll_wait() error return (git-fixes). - rtc: mt6397: select IRQ_DOMAIN instead of depending on it (git-fixes). - s390/pai: fix attr_event_free upper limit for pai device drivers (git-fixes bsc#1221633). - s390/vfio-ap: realize the VFIO_DEVICE_GET_IRQ_INFO ioctl (bsc#1205316). - s390/vfio-ap: realize the VFIO_DEVICE_SET_IRQS ioctl (bsc#1205316). - s390/vfio-ap: wire in the vfio_device_ops request callback (bsc#1205316). - s390/vtime: fix average steal time calculation (git-fixes bsc#1221951). - sched/rt: Disallow writing invalid values to sched_rt_period_us (bsc#1220176). - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset (bsc#1220176). - scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() (bsc#1221777). - scsi: lpfc: Correct size for wqe for memset() (bsc#1221777). - scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr (bsc#1221777). - scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr (bsc#1221777). - scsi: lpfc: Define types in a union for generic void *context3 ptr (bsc#1221777). - scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (bsc#1221777). - scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1221777). - scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1221777 bsc#1217959). - scsi: lpfc: Remove unnecessary log message in queuecommand path (bsc#1221777). - scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() (bsc#1221777). - scsi: lpfc: Update lpfc version to 14.4.0.1 (bsc#1221777). - scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic (bsc#1221777). - scsi: lpfc: Use a dedicated lock for ras_fwlog state (bsc#1221777). - scsi: qedf: Remove set but unused variable 'page' (bsc#1214852). - scsi: qedf: Remove unused 'num_handled' variable (bsc#1214852). - scsi: qedf: Remove unused declaration (bsc#1214852). - scsi: qla2xxx: Change debug message during driver unload (bsc1221816). - scsi: qla2xxx: Delay I/O Abort on PCI error (bsc1221816). - scsi: qla2xxx: Fix N2N stuck connection (bsc1221816). - scsi: qla2xxx: Fix command flush on cable pull (bsc1221816). - scsi: qla2xxx: Fix double free of fcport (bsc1221816). - scsi: qla2xxx: Fix double free of the ha->vp_map pointer (bsc1221816). - scsi: qla2xxx: NVME|FCP prefer flag not being honored (bsc1221816). - scsi: qla2xxx: Prevent command send on chip reset (bsc1221816). - scsi: qla2xxx: Split FCE|EFT trace control (bsc1221816). - scsi: qla2xxx: Update manufacturer detail (bsc1221816). - scsi: qla2xxx: Update version to 10.02.09.200-k (bsc1221816). - scsi: storvsc: Fix ring buffer size calculation (git-fixes). - scsi: target: core: Silence the message about unknown VPD pages (bsc#1221252). - selftests/bpf: add generic BPF program tester-loader (bsc#1222033). - serial: 8250_exar: Do not remove GPIO device on suspend (git-fixes). - serial: max310x: fix syntax error in IRQ error message (git-fixes). - slimbus: core: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - soc: fsl: qbman: Always disable interrupts when taking cgr_lock (git-fixes). - spi: lm70llp: fix links in doc and comments (git-fixes). - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (git-fixes). - sr9800: Add check for usbnet_get_endpoints (git-fixes). - stackdepot: rename pool_index to pool_index_plus_1 (git-fixes). - staging: vc04_services: fix information leak in create_component() (git-fixes). - sunrpc: add an is_err() check back to where it was (git-fixes). - sunrpc: econnreset might require a rebind (git-fixes). - sunrpc: fix a memleak in gss_import_v2_context (git-fixes). - sunrpc: fix a suspicious rcu usage warning (git-fixes). - sunrpc: fix rpc client cleaned up the freed pipefs dentries (git-fixes). - sunrpc: fix some memleaks in gssx_dec_option_array (git-fixes). - svcrdma: Drop connection after an RDMA Read error (git-fixes). - topology/sysfs: Hide PPIN on systems that do not support it (jsc#PED-7618). - topology: Fix up build warning in topology_is_visible() (jsc#PED-7618). - tracing/probes: Fix to show a parse error for bad type for $comm (git-fixes). - tracing: Fix wasted memory in saved_cmdlines logic (git-fixes). - tracing: Inform kmemleak of saved_cmdlines allocation (git-fixes). - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619). - tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled (git-fixes). - tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (git-fixes). - tty: vt: fix 20 vs 0x20 typo in EScsiignore (git-fixes). - ubifs: Queue up space reservation tasks if retrying many times (git-fixes). - ubifs: Remove unreachable code in dbg_check_ltab_lnum (git-fixes). - ubifs: Set page uptodate in the correct place (git-fixes). - ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed (git-fixes). - ubifs: fix sort function prototype (git-fixes). - usb: audio-v2: Correct comments for struct uac_clock_selector_descriptor (git-fixes). - usb: cdc-wdm: close race between read and workqueue (git-fixes). - usb: core: fix deadlock in usb_deauthorize_interface() (git-fixes). - usb: dwc2: gadget: Fix exiting from clock gating (git-fixes). - usb: dwc2: gadget: LPM flow fix (git-fixes). - usb: dwc2: host: Fix ISOC flow in DDMA mode (git-fixes). - usb: dwc2: host: Fix hibernation flow (git-fixes). - usb: dwc2: host: Fix remote wakeup from hibernation (git-fixes). - usb: dwc3: Properly set system wakeup (git-fixes). - usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes). - usb: gadget: ncm: Fix handling of zero block length packets (git-fixes). - usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (git-fixes). - usb: hub: Replace hardcoded quirk value with BIT() macro (git-fixes). - usb: port: Do not try to peer unused USB ports based on location (git-fixes). - usb: typec: Return size of buffer if pd_set operation succeeds (git-fixes). - usb: typec: ucsi: Check for notifications after init (git-fixes). - usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (git-fixes). - usb: typec: ucsi: Clear EVENT_PENDING under PPM lock (git-fixes). - usb: usb-storage: prevent divide-by-0 error in isd200_ata_command (git-fixes). - usb: xhci: Add error handling in xhci_map_urb_for_dma (git-fixes). - vboxsf: Avoid an spurious warning if load_nls_xxx() fails (git-fixes). - vt: fix unicode buffer corruption when deleting characters (git-fixes). - watchdog: stm32_iwdg: initialize default timeout (git-fixes). - wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (git-fixes). - wifi: ath11k: decrease MHI channel buffer length to 8KB (bsc#1207948). - wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use (git-fixes). - wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (git-fixes). - wifi: b43: Disable QoS for bcm4331 (git-fixes). - wifi: b43: Stop correct queue in DMA worker when QoS is disabled (git-fixes). - wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled (git-fixes). - wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled (git-fixes). - wifi: brcmfmac: fix copyright year mentioned in platform_data header (git-fixes). - wifi: brcmsmac: avoid function pointer casts (git-fixes). - wifi: iwlwifi: dbg-tlv: ensure NUL termination (git-fixes). - wifi: iwlwifi: fix EWRD table validity check (git-fixes). - wifi: iwlwifi: fw: do not always use FW dump trig (git-fixes). - wifi: iwlwifi: mvm: do not set replay counters to 0xff (git-fixes). - wifi: iwlwifi: mvm: report beacon protection failures (git-fixes). - wifi: iwlwifi: mvm: rfi: fix potential response leaks (git-fixes). - wifi: iwlwifi: mvm: use FW rate for non-data only on new devices (git-fixes). - wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (git-fixes). - wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() (git-fixes). - wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (git-fixes). - wifi: rtw88: 8821c: Fix false alarm count (git-fixes). - wifi: wilc1000: fix RCU usage in connect path (git-fixes). - wifi: wilc1000: fix declarations ordering (stable-fixes). - wifi: wilc1000: fix multi-vif management when deleting a vif (git-fixes). - wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces (git-fixes). - x86/CPU/AMD: Update the Zenbleed microcode revisions (git-fixes). - x86/bugs: Fix the SRSO mitigation on Zen3/4 (git-fixes). - x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (git-fixes). - xhci: handle isoc Babble and Buffer Overrun events properly (git-fixes). - xhci: process isoc TD properly when there was a transaction error mid TD (git-fixes). The following package changes have been done: - kernel-macros-5.14.21-150500.55.59.1 updated - kernel-devel-5.14.21-150500.55.59.1 updated - kernel-default-devel-5.14.21-150500.55.59.1 updated - kernel-syms-5.14.21-150500.55.59.1 updated - container:sles15-image-15.0.0-36.11.28 updated From sle-container-updates at lists.suse.com Fri May 3 07:01:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 3 May 2024 09:01:22 +0200 (CEST) Subject: SUSE-IU-2024:363-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20240503070122.2608DFCEF@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:363-1 Image Tags : suse/sle-micro/5.5:2.0.2 , suse/sle-micro/5.5:2.0.2-4.2.89 , suse/sle-micro/5.5:latest Image Release : 4.2.89 Severity : moderate Type : recommended References : 1211721 1221361 1221407 1222547 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.17.3 updated - container:suse-sle-micro-base-5.5-latest-2.0.2-4.2.63 updated From sle-container-updates at lists.suse.com Fri May 3 07:04:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 3 May 2024 09:04:57 +0200 (CEST) Subject: SUSE-CU-2024:1846-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20240503070457.63EB7FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1846-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.4.47 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.4.47 Container Release : 4.47 Severity : moderate Type : recommended References : 1211721 1221361 1221407 1222547 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.17.3 updated From sle-container-updates at lists.suse.com Fri May 3 07:05:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 3 May 2024 09:05:09 +0200 (CEST) Subject: SUSE-CU-2024:1847-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20240503070509.A8360FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1847-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.30 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.30 Container Release : 3.30 Severity : moderate Type : recommended References : 1211721 1221361 1221407 1222547 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.17.3 updated - libsemanage1-3.1-150400.3.4.2 updated From sle-container-updates at lists.suse.com Fri May 3 07:05:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 3 May 2024 09:05:37 +0200 (CEST) Subject: SUSE-CU-2024:1848-1: Recommended update of suse/389-ds Message-ID: <20240503070537.86D17FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1848-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-21.12 , suse/389-ds:latest Container Release : 21.12 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) The following package changes have been done: - libsemanage1-3.1-150400.3.4.2 updated - container:sles15-image-15.0.0-36.11.30 updated From sle-container-updates at lists.suse.com Fri May 3 07:07:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 3 May 2024 09:07:02 +0200 (CEST) Subject: SUSE-CU-2024:1852-1: Recommended update of suse/registry Message-ID: <20240503070702.9DD41FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1852-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-23.7 , suse/registry:latest Container Release : 23.7 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) The following package changes have been done: - libsemanage1-3.1-150400.3.4.2 updated From sle-container-updates at lists.suse.com Fri May 3 07:11:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 3 May 2024 09:11:20 +0200 (CEST) Subject: SUSE-CU-2024:1863-1: Recommended update of bci/bci-init Message-ID: <20240503071120.71A49FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1863-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.16.13 , bci/bci-init:latest Container Release : 16.13 Severity : moderate Type : recommended References : 1211721 1221361 1221407 1222547 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) The following package changes have been done: - libsemanage1-3.1-150400.3.4.2 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.17.3 updated - container:sles15-image-15.0.0-36.11.30 updated From sle-container-updates at lists.suse.com Fri May 3 07:11:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 3 May 2024 09:11:38 +0200 (CEST) Subject: SUSE-CU-2024:1864-1: Recommended update of suse/nginx Message-ID: <20240503071138.E127BFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1864-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-11.12 , suse/nginx:latest Container Release : 11.12 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) The following package changes have been done: - libsemanage1-3.1-150400.3.4.2 updated - container:sles15-image-15.0.0-36.11.30 updated From sle-container-updates at lists.suse.com Fri May 3 07:12:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 3 May 2024 09:12:01 +0200 (CEST) Subject: SUSE-CU-2024:1865-1: Recommended update of bci/nodejs Message-ID: <20240503071201.11F09FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1865-1 Container Tags : bci/node:18 , bci/node:18-17.13 , bci/nodejs:18 , bci/nodejs:18-17.13 Container Release : 17.13 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) The following package changes have been done: - libsemanage1-3.1-150400.3.4.2 updated - container:sles15-image-15.0.0-36.11.30 updated From sle-container-updates at lists.suse.com Fri May 3 07:12:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 3 May 2024 09:12:13 +0200 (CEST) Subject: SUSE-CU-2024:1866-1: Recommended update of bci/nodejs Message-ID: <20240503071213.E1767FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1866-1 Container Tags : bci/node:20 , bci/node:20-7.13 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-7.13 , bci/nodejs:latest Container Release : 7.13 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) The following package changes have been done: - libsemanage1-3.1-150400.3.4.2 updated - container:sles15-image-15.0.0-36.11.30 updated From sle-container-updates at lists.suse.com Fri May 3 07:12:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 3 May 2024 09:12:45 +0200 (CEST) Subject: SUSE-CU-2024:1867-1: Recommended update of bci/openjdk-devel Message-ID: <20240503071245.2EF04FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1867-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-15.20 Container Release : 15.20 Severity : moderate Type : recommended References : 1211721 1221361 1221407 1222547 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) The following package changes have been done: - libsemanage1-3.1-150400.3.4.2 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.17.3 updated - container:bci-openjdk-11-15.5.11-16.10 updated From sle-container-updates at lists.suse.com Fri May 3 07:13:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 3 May 2024 09:13:35 +0200 (CEST) Subject: SUSE-CU-2024:1869-1: Recommended update of bci/openjdk-devel Message-ID: <20240503071335.E1F5CFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1869-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-17.22 , bci/openjdk-devel:latest Container Release : 17.22 Severity : moderate Type : recommended References : 1211721 1221361 1221407 1222547 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) The following package changes have been done: - libsemanage1-3.1-150400.3.4.2 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.17.3 updated - container:bci-openjdk-17-15.5.17-17.11 updated From sle-container-updates at lists.suse.com Fri May 3 07:14:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 3 May 2024 09:14:32 +0200 (CEST) Subject: SUSE-CU-2024:1871-1: Recommended update of suse/pcp Message-ID: <20240503071432.E8967FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1871-1 Container Tags : suse/pcp:5 , suse/pcp:5-24.1 , suse/pcp:5.2 , suse/pcp:5.2-24.1 , suse/pcp:5.2.5 , suse/pcp:5.2.5-24.1 , suse/pcp:latest Container Release : 24.1 Severity : moderate Type : recommended References : 1211721 1221361 1221407 1222547 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) The following package changes have been done: - libsemanage1-3.1-150400.3.4.2 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.17.3 updated - container:bci-bci-init-15.5-15.5-16.13 updated From sle-container-updates at lists.suse.com Fri May 3 07:14:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 3 May 2024 09:14:55 +0200 (CEST) Subject: SUSE-CU-2024:1872-1: Recommended update of bci/php-apache Message-ID: <20240503071455.E678EFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1872-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-14.7 Container Release : 14.7 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) The following package changes have been done: - libsemanage1-3.1-150400.3.4.2 updated - container:sles15-image-15.0.0-36.11.30 updated From sle-container-updates at lists.suse.com Fri May 3 07:15:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 3 May 2024 09:15:19 +0200 (CEST) Subject: SUSE-CU-2024:1873-1: Recommended update of bci/php-fpm Message-ID: <20240503071519.7E4B4FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1873-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-14.7 Container Release : 14.7 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) The following package changes have been done: - libsemanage1-3.1-150400.3.4.2 updated - container:sles15-image-15.0.0-36.11.30 updated From sle-container-updates at lists.suse.com Fri May 3 07:15:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 3 May 2024 09:15:42 +0200 (CEST) Subject: SUSE-CU-2024:1874-1: Recommended update of bci/php Message-ID: <20240503071542.F22B5FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1874-1 Container Tags : bci/php:8 , bci/php:8-14.7 Container Release : 14.7 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) The following package changes have been done: - libsemanage1-3.1-150400.3.4.2 updated - container:sles15-image-15.0.0-36.11.30 updated From sle-container-updates at lists.suse.com Fri May 3 07:16:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 3 May 2024 09:16:05 +0200 (CEST) Subject: SUSE-CU-2024:1875-1: Recommended update of suse/postgres Message-ID: <20240503071605.40AD4FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1875-1 Container Tags : suse/postgres:15 , suse/postgres:15-18.9 , suse/postgres:15.6 , suse/postgres:15.6-18.9 Container Release : 18.9 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) The following package changes have been done: - libsemanage1-3.1-150400.3.4.2 updated - container:sles15-image-15.0.0-36.11.30 updated From sle-container-updates at lists.suse.com Fri May 3 07:16:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 3 May 2024 09:16:14 +0200 (CEST) Subject: SUSE-CU-2024:1876-1: Recommended update of suse/postgres Message-ID: <20240503071614.BBCC7FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1876-1 Container Tags : suse/postgres:16 , suse/postgres:16-7.10 , suse/postgres:16.2 , suse/postgres:16.2-7.10 , suse/postgres:latest Container Release : 7.10 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) The following package changes have been done: - libsemanage1-3.1-150400.3.4.2 updated - container:sles15-image-15.0.0-36.11.30 updated From sle-container-updates at lists.suse.com Fri May 3 07:17:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 3 May 2024 09:17:04 +0200 (CEST) Subject: SUSE-CU-2024:1879-1: Recommended update of suse/rmt-mariadb-client Message-ID: <20240503071704.24DA6FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1879-1 Container Tags : suse/mariadb-client:10.6 , suse/mariadb-client:10.6-16.10 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.6 , suse/rmt-mariadb-client:10.6-16.10 , suse/rmt-mariadb-client:latest Container Release : 16.10 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) The following package changes have been done: - libsemanage1-3.1-150400.3.4.2 updated - container:sles15-image-15.0.0-36.11.30 updated From sle-container-updates at lists.suse.com Fri May 3 07:17:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 3 May 2024 09:17:12 +0200 (CEST) Subject: SUSE-CU-2024:1880-1: Recommended update of suse/rmt-mariadb Message-ID: <20240503071712.5A473FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1880-1 Container Tags : suse/mariadb:10.6 , suse/mariadb:10.6-21.11 , suse/mariadb:latest , suse/rmt-mariadb:10.6 , suse/rmt-mariadb:10.6-21.11 , suse/rmt-mariadb:latest Container Release : 21.11 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) The following package changes have been done: - libsemanage1-3.1-150400.3.4.2 updated - container:sles15-image-15.0.0-36.11.30 updated From sle-container-updates at lists.suse.com Fri May 3 07:17:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 3 May 2024 09:17:26 +0200 (CEST) Subject: SUSE-CU-2024:1881-1: Recommended update of suse/rmt-server Message-ID: <20240503071726.932A3FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1881-1 Container Tags : suse/rmt-server:2.16 , suse/rmt-server:2.16-16.10 , suse/rmt-server:latest Container Release : 16.10 Severity : moderate Type : recommended References : 1222122 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1484-1 Released: Thu May 2 05:30:17 2024 Summary: Recommended update for rmt-server Type: recommended Severity: moderate References: 1222122 This update for rmt-server fixes the following issues: - Support bzip2 compressed repositories (bsc#1222122) - Remove automatic backup generation for repodata within repository - Add support for Debian repositories using flat or nested structures (jsc#PED-3684) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) The following package changes have been done: - libsemanage1-3.1-150400.3.4.2 updated - rmt-server-config-2.16-150500.3.12.1 updated - rmt-server-2.16-150500.3.12.1 updated - container:sles15-image-15.0.0-36.11.30 updated From sle-container-updates at lists.suse.com Fri May 3 07:17:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 3 May 2024 09:17:48 +0200 (CEST) Subject: SUSE-CU-2024:1882-1: Recommended update of bci/ruby Message-ID: <20240503071748.C9A79FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1882-1 Container Tags : bci/ruby:2 , bci/ruby:2-17.9 , bci/ruby:2.5 , bci/ruby:2.5-17.9 , bci/ruby:latest Container Release : 17.9 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) The following package changes have been done: - libsemanage1-3.1-150400.3.4.2 updated - container:sles15-image-15.0.0-36.11.30 updated From sle-container-updates at lists.suse.com Sat May 4 07:01:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 4 May 2024 09:01:17 +0200 (CEST) Subject: SUSE-IU-2024:364-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20240504070117.11CA6FCEF@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:364-1 Image Tags : suse/sle-micro/base-5.5:2.0.2 , suse/sle-micro/base-5.5:2.0.2-4.2.65 , suse/sle-micro/base-5.5:latest Image Release : 4.2.65 Severity : moderate Type : recommended References : 1211721 1221361 1221407 1222547 1223094 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1471-1 Released: Tue Apr 30 05:56:22 2024 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1223094 This update for libzypp fixes the following issues: - Don't try to refresh volatile media as long as raw metadata are present (bsc#1223094) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) The following package changes have been done: - libzypp-17.32.5-150400.3.64.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.17.3 updated From sle-container-updates at lists.suse.com Sat May 4 07:02:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 4 May 2024 09:02:04 +0200 (CEST) Subject: SUSE-CU-2024:1883-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20240504070205.00759FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1883-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.8.23 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.8.23 Severity : moderate Type : recommended References : 1211721 1221361 1221407 1222547 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.17.3 updated - libsemanage1-3.1-150400.3.4.2 updated From sle-container-updates at lists.suse.com Sat May 4 07:02:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 4 May 2024 09:02:41 +0200 (CEST) Subject: SUSE-CU-2024:1884-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20240504070241.7BF64FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1884-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.15.22 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.15.22 Severity : moderate Type : recommended References : 1211721 1221361 1221407 1222547 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.17.3 updated From sle-container-updates at lists.suse.com Sat May 4 07:03:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 4 May 2024 09:03:09 +0200 (CEST) Subject: SUSE-CU-2024:1885-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20240504070309.45358FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1885-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.221 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.221 Severity : moderate Type : recommended References : 1211721 1221361 1221407 1222547 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.17.3 updated - container:sles15-image-15.0.0-36.11.30 updated From sle-container-updates at lists.suse.com Sat May 4 07:04:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 4 May 2024 09:04:10 +0200 (CEST) Subject: SUSE-CU-2024:1882-1: Recommended update of bci/ruby Message-ID: <20240504070410.505C1FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1882-1 Container Tags : bci/ruby:2 , bci/ruby:2-17.9 , bci/ruby:2.5 , bci/ruby:2.5-17.9 , bci/ruby:latest Container Release : 17.9 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) The following package changes have been done: - libsemanage1-3.1-150400.3.4.2 updated - container:sles15-image-15.0.0-36.11.30 updated From sle-container-updates at lists.suse.com Sat May 4 07:05:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 4 May 2024 09:05:15 +0200 (CEST) Subject: SUSE-CU-2024:1888-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20240504070515.A1417FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1888-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.9.9 , bci/bci-sle15-kernel-module-devel:latest Container Release : 9.9 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) The following package changes have been done: - libsemanage1-3.1-150400.3.4.2 updated - container:sles15-image-15.0.0-36.11.30 updated From sle-container-updates at lists.suse.com Sat May 4 07:05:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 4 May 2024 09:05:36 +0200 (CEST) Subject: SUSE-CU-2024:1889-1: Recommended update of suse/sle15 Message-ID: <20240504070536.A020BFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1889-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.11.30 , suse/sle15:15.5 , suse/sle15:15.5.36.11.30 Container Release : 36.11.30 Severity : moderate Type : recommended References : 1211721 1221361 1221407 1222547 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.17.3 updated - libsemanage1-3.1-150400.3.4.2 updated From sle-container-updates at lists.suse.com Sat May 4 07:07:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 4 May 2024 09:07:43 +0200 (CEST) Subject: SUSE-CU-2024:1902-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20240504070743.86355FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1902-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.8.23 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.8.23 Severity : moderate Type : recommended References : 1211721 1221361 1221407 1222547 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.17.3 updated From sle-container-updates at lists.suse.com Sat May 4 07:09:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 4 May 2024 09:09:41 +0200 (CEST) Subject: SUSE-CU-2024:1905-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20240504070941.27010FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1905-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.8.23 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.8.23 Severity : moderate Type : recommended References : 1211721 1221361 1221407 1222547 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.17.3 updated From sle-container-updates at lists.suse.com Tue May 7 07:01:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 7 May 2024 09:01:50 +0200 (CEST) Subject: SUSE-CU-2024:1914-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20240507070150.C7FDCFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1914-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.8.25 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.8.25 Severity : important Type : recommended References : 1222188 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1503-1 Released: Mon May 6 11:26:44 2024 Summary: Recommended update for gdb Type: recommended Severity: important References: 1222188 This update for gdb fixes the following issues: - Fix crashing by handling varstring==nullptr (bsc#1222188) The following package changes have been done: - gdb-13.2-150400.15.17.1 updated From sle-container-updates at lists.suse.com Tue May 7 07:02:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 7 May 2024 09:02:24 +0200 (CEST) Subject: SUSE-CU-2024:1915-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20240507070224.BF4E9FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1915-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.15.24 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.15.24 Severity : important Type : recommended References : 1222188 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1503-1 Released: Mon May 6 11:26:44 2024 Summary: Recommended update for gdb Type: recommended Severity: important References: 1222188 This update for gdb fixes the following issues: - Fix crashing by handling varstring==nullptr (bsc#1222188) The following package changes have been done: - gdb-13.2-150400.15.17.1 updated From sle-container-updates at lists.suse.com Tue May 7 07:02:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 7 May 2024 09:02:48 +0200 (CEST) Subject: SUSE-CU-2024:1916-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20240507070248.547CEFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1916-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.223 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.223 Severity : important Type : recommended References : 1222188 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1503-1 Released: Mon May 6 11:26:44 2024 Summary: Recommended update for gdb Type: recommended Severity: important References: 1222188 This update for gdb fixes the following issues: - Fix crashing by handling varstring==nullptr (bsc#1222188) The following package changes have been done: - gdb-13.2-150400.15.17.1 updated From sle-container-updates at lists.suse.com Tue May 7 07:03:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 7 May 2024 09:03:47 +0200 (CEST) Subject: SUSE-CU-2024:1917-1: Security update of bci/openjdk-devel Message-ID: <20240507070347.98F9CFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1917-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-15.22 Container Release : 15.22 Severity : low Type : security References : 1213470 1222979 1222983 1222984 1222986 1222987 CVE-2024-21011 CVE-2024-21012 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1498-1 Released: Mon May 6 09:42:11 2024 Summary: Security update for java-11-openjdk Type: security Severity: low References: 1213470,1222979,1222983,1222984,1222986,1222987,CVE-2024-21011,CVE-2024-21012,CVE-2024-21068,CVE-2024-21085,CVE-2024-21094 This update for java-11-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979) - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987) - CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983) - CVE-2024-21085: Fixed denial of service due to Pack200 excessive memory allocation (JDK-8322114,bsc#1222984) - CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with 'Exceeded _node_regs array' (JDK-8317507,JDK-8325348,bsc#1222986) Other fixes: - Upgrade to upstream tag jdk-11.0.23+9 (April 2024 CPU) * Security fixes + JDK-8318340: Improve RSA key implementations * Other changes + JDK-6928542: Chinese characters in RTF are not decoded + JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/ /bug4517214.java fails on MacOS + JDK-7148092: [macosx] When Alt+down arrow key is pressed, the combobox popup does not appear. + JDK-8054022: HttpURLConnection timeouts with Expect: 100-Continue and no chunking + JDK-8054572: [macosx] JComboBox paints the border incorrectly + JDK-8058176: [mlvm] tests should not allow code cache exhaustion + JDK-8067651: LevelTransitionTest.java, fix trivial methods levels logic + JDK-8068225: nsk/jdi/EventQueue/remove_l/remove_l005 intermittently times out + JDK-8156889: ListKeychainStore.sh fails in some virtualized environments + JDK-8166275: vm/mlvm/meth/stress/compiler/deoptimize keeps timeouting + JDK-8166554: Avoid compilation blocking in OverloadCompileQueueTest.java + JDK-8169475: WheelModifier.java fails by timeout + JDK-8180266: Convert sun/security/provider/KeyStore/DKSTest.sh to Java Jtreg Test + JDK-8186610: move ModuleUtils to top-level testlibrary + JDK-8192864: defmeth tests can hide failures + JDK-8193543: Regression automated test '/open/test/jdk/java/ /awt/TrayIcon/SystemTrayInstance/SystemTrayInstanceTest.java' fails + JDK-8198668: MemoryPoolMBean/isUsageThresholdExceeded/ /isexceeded001/TestDescription.java still failing + JDK-8202282: [TESTBUG] appcds TestCommon .makeCommandLineForAppCDS() can be removed + JDK-8202790: DnD test DisposeFrameOnDragTest.java does not clean up + JDK-8202931: [macos] java/awt/Choice/ChoicePopupLocation/ /ChoicePopupLocation.java fails + JDK-8207211: [TESTBUG] Remove excessive output from CDS/AppCDS tests + JDK-8207214: Broken links in JDK API serialized-form page + JDK-8207855: Make applications/jcstress invoke tests in batches + JDK-8208243: vmTestbase/gc/lock/jni/jnilock002/ /TestDescription.java fails in jdk/hs nightly + JDK-8208278: [mlvm] [TESTBUG] vm.mlvm.mixed.stress.java .findDeadlock.INDIFY_Test Deadlocked threads are not always detected + JDK-8208623: [TESTBUG] runtime/LoadClass/LongBCP.java fails in AUFS file system + JDK-8208699: remove unneeded imports from runtime tests + JDK-8208704: runtime/appcds/MultiReleaseJars.java timed out often in hs-tier7 testing + JDK-8208705: [TESTBUG] The -Xlog:cds,cds+hashtables vm option is not always required for appcds tests + JDK-8209549: remove VMPropsExt from TEST.ROOT + JDK-8209595: MonitorVmStartTerminate.java timed out + JDK-8209946: [TESTBUG] CDS tests should use '@run driver' + JDK-8211438: [Testbug] runtime/XCheckJniJsig/XCheckJSig.java looks for libjsig in wrong location + JDK-8211978: Move testlibrary/jdk/testlibrary/ /SimpleSSLContext.java and testkeys to network testlibrary + JDK-8213622: Windows VS2013 build failure - ''snprintf': identifier not found' + JDK-8213926: WB_EnqueueInitializerForCompilation requests compilation for NULL + JDK-8213927: G1 ignores AlwaysPreTouch when UseTransparentHugePages is enabled + JDK-8214908: add ctw tests for jdk.jfr and jdk.management.jfr modules + JDK-8214915: CtwRunner misses export for jdk.internal.access + JDK-8216408: XMLStreamWriter setDefaultNamespace(null) throws NullPointerException + JDK-8217475: Unexpected StackOverflowError in 'process reaper' thread + JDK-8218754: JDK-8068225 regression in JDIBreakpointTest + JDK-8219475: javap man page needs to be updated + JDK-8219585: [TESTBUG] sun/management/jmxremote/bootstrap/ /JMXInterfaceBindingTest.java passes trivially when it shouldn't + JDK-8219612: [TESTBUG] compiler.codecache.stress.Helper .TestCaseImpl can't be defined in different runtime package as its nest host + JDK-8225471: Test utility jdk.test.lib.util.FileUtils .areAllMountPointsAccessible needs to tolerate duplicates + JDK-8226706: (se) Reduce the number of outer loop iterations on Windows in java/nio/channels/Selector/RacyDeregister.java + JDK-8226905: unproblem list applications/ctw/modules/* tests on windows + JDK-8226910: make it possible to use jtreg's -match via run-test framework + JDK-8227438: [TESTLIB] Determine if file exists by Files.exists in function FileUtils.deleteFileIfExistsWithRetry + JDK-8231585: java/lang/management/ThreadMXBean/ /MaxDepthForThreadInfoTest.java fails with java.lang.NullPointerException + JDK-8232839: JDI AfterThreadDeathTest.java failed due to 'FAILED: Did not get expected IllegalThreadStateException on a StepRequest.enable()' + JDK-8233453: MLVM deoptimize stress test timed out + JDK-8234309: LFGarbageCollectedTest.java fails with parse Exception + JDK-8237222: [macos] java/awt/Focus/UnaccessibleChoice/ /AccessibleChoiceTest.java fails + JDK-8237777: 'Dumping core ...' is shown despite claiming that '# No core dump will be written.' + JDK-8237834: com/sun/jndi/ldap/LdapDnsProviderTest.java failing with LDAP response read timeout + JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel + JDK-8239801: [macos] java/awt/Focus/UnaccessibleChoice/ /AccessibleChoiceTest.java fails + JDK-8244679: JVM/TI GetCurrentContendedMonitor/contmon001 failed due to '(IsSameObject#3) unexpected monitor object: 0x000000562336DBA8' + JDK-8246222: Rename javac test T6395981.java to be more informative + JDK-8247818: GCC 10 warning stringop-overflow with symbol code + JDK-8249087: Always initialize _body[0..1] in Symbol constructor + JDK-8251349: Add TestCaseImpl to OverloadCompileQueueTest.java's build dependencies + JDK-8251904: vmTestbase/nsk/sysdict/vm/stress/btree/btree010/ /btree010.java fails with ClassNotFoundException: nsk.sysdict.share.BTree0LLRLRLRRLR + JDK-8253543: sanity/client/SwingSet/src/ /ButtonDemoScreenshotTest.java failed with 'AssertionError: All pixels are not black' + JDK-8253739: java/awt/image/MultiResolutionImage/ /MultiResolutionImageObserverTest.java fails + JDK-8253820: Save test images and dumps with timestamps from client sanity suite + JDK-8255277: randomDelay in DrainDeadlockT and LoggingDeadlock do not randomly delay + JDK-8255546: Missing coverage for javax.smartcardio.CardPermission and ResponseAPDU + JDK-8255743: Relax SIGFPE match in in runtime/ErrorHandling/SecondaryErrorTest.java + JDK-8257505: nsk/share/test/StressOptions stressTime is scaled in getter but not when printed + JDK-8259801: Enable XML Signature secure validation mode by default + JDK-8264135: UnsafeGetStableArrayElement should account for different JIT implementation details + JDK-8265349: vmTestbase/../stress/compiler/deoptimize/ /Test.java fails with OOME due to CodeCache exhaustion. + JDK-8269025: jsig/Testjsig.java doesn't check exit code + JDK-8269077: TestSystemGC uses 'require vm.gc.G1' for large pages subtest + JDK-8271094: runtime/duplAttributes/DuplAttributesTest.java doesn't check exit code + JDK-8271224: runtime/EnclosingMethodAttr/EnclMethodAttr.java doesn't check exit code + JDK-8271828: mark hotspot runtime/classFileParserBug tests which ignore external VM flags + JDK-8271829: mark hotspot runtime/Throwable tests which ignore external VM flags + JDK-8271890: mark hotspot runtime/Dictionary tests which ignore external VM flags + JDK-8272291: mark hotspot runtime/logging tests which ignore external VM flags + JDK-8272335: runtime/cds/appcds/MoveJDKTest.java doesn't check exit codes + JDK-8272551: mark hotspot runtime/modules tests which ignore external VM flags + JDK-8272552: mark hotspot runtime/cds tests which ignore external VM flags + JDK-8273803: Zero: Handle 'zero' variant in CommandLineOptionTest.java + JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java fails in Windows 11 + JDK-8274621: NullPointerException because listenAddress[0] is null + JDK-8276796: gc/TestSystemGC.java large pages subtest fails with ZGC + JDK-8280007: Enable Neoverse N1 optimizations for Arm Neoverse V1 & N2 + JDK-8281149: (fs) java/nio/file/FileStore/Basic.java fails with java.lang.RuntimeException: values differ by more than 1GB + JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/ /ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from problemlist. + JDK-8281717: Cover logout method for several LoginModule + JDK-8282665: [REDO] ByteBufferTest.java: replace endless recursion with RuntimeException in void ck(double x, double y) + JDK-8284090: com/sun/security/auth/module/AllPlatforms.java fails to compile + JDK-8285756: clean up use of bad arguments for `@clean` in langtools tests + JDK-8285785: CheckCleanerBound test fails with PasswordCallback object is not released + JDK-8285867: Convert applet manual tests SelectionVisible.java to Frame and automate + JDK-8286846: test/jdk/javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java fails on mac aarch64 + JDK-8286969: Add a new test library API to execute kinit in SecurityTools.java + JDK-8287113: JFR: Periodic task thread uses period for method sampling events + JDK-8289511: Improve test coverage for XPath Axes: child + JDK-8289764: gc/lock tests failed with 'OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects' + JDK-8289948: Improve test coverage for XPath functions: Node Set Functions + JDK-8290399: [macos] Aqua LAF does not fire an action event if combo box menu is displayed + JDK-8290909: MemoryPoolMBean/isUsageThresholdExceeded tests failed with 'isUsageThresholdExceeded() returned false, and is still false, while threshold = MMMMMMM and used peak = NNNNNNN' + JDK-8292182: [TESTLIB] Enhance JAXPPolicyManager to setup required permissions for jtreg version 7 jar + JDK-8292946: GC lock/jni/jnilock001 test failed 'assert(gch->gc_cause() == GCCause::_scavenge_alot || !gch->incremental_collection_failed()) failed: Twice in a row' + JDK-8293819: sun/util/logging/PlatformLoggerTest.java failed with 'RuntimeException: Retrieved backing PlatformLogger level null is not the expected CONFIG' + JDK-8294158: HTML formatting for PassFailJFrame instructions + JDK-8294254: [macOS] javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java failure + JDK-8294402: Add diagnostic logging to VMProps.checkDockerSupport + JDK-8294535: Add screen capture functionality to PassFailJFrame + JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails intermittently on a VM + JDK-8296384: [TESTBUG] sun/security/provider/SecureRandom/ /AbstractDrbg/SpecTest.java intermittently timeout + JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java failed: ExceptionInInitializerError: target class not found + JDK-8300269: The selected item in an editable JComboBox with titled border is not visible in Aqua LAF + JDK-8300727: java/awt/List/ListGarbageCollectionTest/ /AwtListGarbageCollectionTest.java failed with 'List wasn't garbage collected' + JDK-8301310: The SendRawSysexMessage test may cause a JVM crash + JDK-8301377: adjust timeout for JLI GetObjectSizeIntrinsicsTest.java subtest again + JDK-8301846: Invalid TargetDataLine after screen lock when using JFileChooser or COM library + JDK-8302017: Allocate BadPaddingException only if it will be thrown + JDK-8302109: Trivial fixes to btree tests + JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/TestAMEnotNPE.java + JDK-8302607: increase timeout for ContinuousCallSiteTargetChange.java + JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM + JDK-8304314: StackWalkTest.java fails after CODETOOLS-7903373 + JDK-8304725: AsyncGetCallTrace can cause SIGBUS on M1 + JDK-8305502: adjust timeouts in three more M&M tests + JDK-8305505: NPE in javazic compiler + JDK-8305972: Update XML Security for Java to 3.0.2 + JDK-8306072: Open source several AWT MouseInfo related tests + JDK-8306076: Open source AWT misc tests + JDK-8306409: Open source AWT KeyBoardFocusManger, LightWeightComponent related tests + JDK-8306640: Open source several AWT TextArea related tests + JDK-8306652: Open source AWT MenuItem related tests + JDK-8306681: Open source more AWT DnD related tests + JDK-8306683: Open source several clipboard and color AWT tests + JDK-8306752: Open source several container and component AWT tests + JDK-8306753: Open source several container AWT tests + JDK-8306755: Open source few Swing JComponent and AbstractButton tests + JDK-8306812: Open source several AWT Miscellaneous tests + JDK-8306871: Open source more AWT Drag & Drop tests + JDK-8306996: Open source Swing MenuItem related tests + JDK-8307123: Fix deprecation warnings in DPrinter + JDK-8307130: Open source few Swing JMenu tests + JDK-8307299: Move more DnD tests to open + JDK-8307311: Timeouts on one macOS 12.6.1 host of two Swing JTableHeader tests + JDK-8307381: Open Source JFrame, JIF related Swing Tests + JDK-8307683: Loop Predication should not hoist range checks with trap on success projection by negating their condition + JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC while allocating + JDK-8308116: jdk.test.lib.compiler.InMemoryJavaCompiler .compile does not close files + JDK-8308223: failure handler missed jcmd.vm.info command + JDK-8308232: nsk/jdb tests don't pass -verbose flag to the debuggee + JDK-8308245: Add -proc:full to describe current default annotation processing policy + JDK-8308336: Test java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java failed: java.net.BindException: Address already in use + JDK-8309104: [JVMCI] compiler/unsafe/ /UnsafeGetStableArrayElement test asserts wrong values with Graal + JDK-8309119: [17u/11u] Redo JDK-8297951: C2: Create skeleton predicates for all If nodes in loop predication + JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/ /agentthr001/TestDescription.java crashing due to empty while loop + JDK-8309778: java/nio/file/Files/CopyAndMove.java fails when using second test directory + JDK-8309870: Using -proc:full should be considered requesting explicit annotation processing + JDK-8310106: sun.security.ssl.SSLHandshake .getHandshakeProducer() incorrectly checks handshakeConsumers + JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/ /bug6889007.java fails + JDK-8310551: vmTestbase/nsk/jdb/interrupt/interrupt001/ /interrupt001.java timed out due to missing prompt + JDK-8310807: java/nio/channels/DatagramChannel/Connect.java timed out + JDK-8311081: KeytoolReaderP12Test.java fail on localized Windows platform + JDK-8311511: Improve description of NativeLibrary JFR event + JDK-8311585: Add JRadioButtonMenuItem to bug8031573.java + JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 + JDK-8313082: Enable CreateCoredumpOnCrash for testing in makefiles + JDK-8313164: src/java.desktop/windows/native/libawt/windows/ /awt_Robot.cpp GetRGBPixels adjust releasing of resources + JDK-8313252: Java_sun_awt_windows_ThemeReader_paintBackground release resources in early returns + JDK-8313643: Update HarfBuzz to 8.2.2 + JDK-8313816: Accessing jmethodID might lead to spurious crashes + JDK-8314144: gc/g1/ihop/TestIHOPStatic.java fails due to extra concurrent mark with -Xcomp + JDK-8314164: java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fails intermittently in timeout + JDK-8314883: Java_java_util_prefs_FileSystemPreferences_lockFile0 write result errno in missing case + JDK-8315034: File.mkdirs() occasionally fails to create folders on Windows shared folder + JDK-8315042: NPE in PKCS7.parseOldSignedData + JDK-8315415: OutputAnalyzer.shouldMatchByLine() fails in some cases + JDK-8315499: build using devkit on Linux ppc64le RHEL puts path to devkit into libsplashscreen + JDK-8315594: Open source few headless Swing misc tests + JDK-8315600: Open source few more headless Swing misc tests + JDK-8315602: Open source swing security manager test + JDK-8315606: Open source few swing text/html tests + JDK-8315611: Open source swing text/html and tree test + JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should run with -Xbatch + JDK-8315731: Open source several Swing Text related tests + JDK-8315761: Open source few swing JList and JMenuBar tests + JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/ /bug4654927.java: component must be showing on the screen to determine its location + JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use createTestJvm + JDK-8316028: Update FreeType to 2.13.2 + JDK-8316030: Update Libpng to 1.6.40 + JDK-8316106: Open source few swing JInternalFrame and JMenuBar tests + JDK-8316461: Fix: make test outputs TEST SUCCESS after unsuccessful exit + JDK-8316947: Write a test to check textArea triggers MouseEntered/MouseExited events properly + JDK-8317307: test/jdk/com/sun/jndi/ldap/ /LdapPoolTimeoutTest.java fails with ConnectException: Connection timed out: no further information + JDK-8317327: Remove JT_JAVA dead code in jib-profiles.js + JDK-8318154: Improve stability of WheelModifier.java test + JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows + JDK-8318468: compiler/tiered/LevelTransitionTest.java fails with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1 + JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java + JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni tests + JDK-8318608: Enable parallelism in vmTestbase/nsk/stress/threads tests + JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with 'transport error 202: bind failed: Address already in use' + JDK-8318889: C2: add bailout after assert Bad graph detected in build_loop_late + JDK-8318951: Additional negative value check in JPEG decoding + JDK-8318955: Add ReleaseIntArrayElements in Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to early return + JDK-8318971: Better Error Handling for Jar Tool When Processing Non-existent Files + JDK-8318983: Fix comment typo in PKCS12Passwd.java + JDK-8319124: Update XML Security for Java to 3.0.3 + JDK-8319456: jdk/jfr/event/gc/collection/ /TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker Initiated GC' not in the valid causes + JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh + JDK-8320001: javac crashes while adding type annotations to the return type of a constructor + JDK-8320208: Update Public Suffix List to b5bf572 + JDK-8320363: ppc64 TypeEntries::type_unknown logic looks wrong, missed optimization opportunity + JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly + JDK-8320798: Console read line with zero out should zero out underlying buffer + JDK-8320884: Bump update version for OpenJDK: jdk-11.0.23 + JDK-8320937: support latest VS2022 MSC_VER in abstract_vm_version.cpp + JDK-8321151: JDK-8294427 breaks Windows L&F on all older Windows versions + JDK-8321215: Incorrect x86 instruction encoding for VSIB addressing mode + JDK-8321408: Add Certainly roots R1 and E1 + JDK-8321480: ISO 4217 Amendment 176 Update + JDK-8322178: Error. can't find jdk.testlibrary .SimpleSSLContext in test directory or libraries + JDK-8322417: Console read line with zero out should zero out when throwing exception + JDK-8322725: (tz) Update Timezone Data to 2023d + JDK-8322750: Test 'api/java_awt/interactive/ /SystemTrayTests.html' failed because A blue ball icon is added outside of the system tray + JDK-8322752: [11u] GetStackTraceAndRetransformTest.java is failing assert + JDK-8322772: Clean up code after JDK-8322417 + JDK-8323008: filter out harmful -std* flags added by autoconf from CXX + JDK-8323243: JNI invocation of an abstract instance method corrupts the stack + JDK-8323515: Create test alias 'all' for all test roots + JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/ /platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed + JDK-8324184: Windows VS2010 build failed with 'error C2275: 'int64_t'' + JDK-8324307: [11u] hotspot fails to build with GCC 12 and newer (non-static data member initializers) + JDK-8324347: Enable 'maybe-uninitialized' warning for FreeType 2.13.1 + JDK-8324659: GHA: Generic jtreg errors are not reported + JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing + JDK-8325150: (tz) Update Timezone Data to 2024a + JDK-8326109: GCC 13 reports maybe-uninitialized warnings for jni.cpp with dtrace enabled + JDK-8326503: [11u] java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fail because of package org.junit.jupiter.api does not exist + JDK-8327391: Add SipHash attribution file + JDK-8329837: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.23 - Removed the possibility to use the system timezone-java (bsc#1213470) The following package changes have been done: - java-11-openjdk-headless-11.0.23.0-150000.3.113.1 updated - java-11-openjdk-11.0.23.0-150000.3.113.1 updated - java-11-openjdk-devel-11.0.23.0-150000.3.113.1 updated - container:bci-openjdk-11-15.5.11-16.11 updated From sle-container-updates at lists.suse.com Tue May 7 07:04:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 7 May 2024 09:04:08 +0200 (CEST) Subject: SUSE-CU-2024:1918-1: Security update of bci/openjdk Message-ID: <20240507070408.BAE09FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1918-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-16.11 Container Release : 16.11 Severity : low Type : security References : 1213470 1222979 1222983 1222984 1222986 1222987 CVE-2024-21011 CVE-2024-21012 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1498-1 Released: Mon May 6 09:42:11 2024 Summary: Security update for java-11-openjdk Type: security Severity: low References: 1213470,1222979,1222983,1222984,1222986,1222987,CVE-2024-21011,CVE-2024-21012,CVE-2024-21068,CVE-2024-21085,CVE-2024-21094 This update for java-11-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979) - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987) - CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983) - CVE-2024-21085: Fixed denial of service due to Pack200 excessive memory allocation (JDK-8322114,bsc#1222984) - CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with 'Exceeded _node_regs array' (JDK-8317507,JDK-8325348,bsc#1222986) Other fixes: - Upgrade to upstream tag jdk-11.0.23+9 (April 2024 CPU) * Security fixes + JDK-8318340: Improve RSA key implementations * Other changes + JDK-6928542: Chinese characters in RTF are not decoded + JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/ /bug4517214.java fails on MacOS + JDK-7148092: [macosx] When Alt+down arrow key is pressed, the combobox popup does not appear. + JDK-8054022: HttpURLConnection timeouts with Expect: 100-Continue and no chunking + JDK-8054572: [macosx] JComboBox paints the border incorrectly + JDK-8058176: [mlvm] tests should not allow code cache exhaustion + JDK-8067651: LevelTransitionTest.java, fix trivial methods levels logic + JDK-8068225: nsk/jdi/EventQueue/remove_l/remove_l005 intermittently times out + JDK-8156889: ListKeychainStore.sh fails in some virtualized environments + JDK-8166275: vm/mlvm/meth/stress/compiler/deoptimize keeps timeouting + JDK-8166554: Avoid compilation blocking in OverloadCompileQueueTest.java + JDK-8169475: WheelModifier.java fails by timeout + JDK-8180266: Convert sun/security/provider/KeyStore/DKSTest.sh to Java Jtreg Test + JDK-8186610: move ModuleUtils to top-level testlibrary + JDK-8192864: defmeth tests can hide failures + JDK-8193543: Regression automated test '/open/test/jdk/java/ /awt/TrayIcon/SystemTrayInstance/SystemTrayInstanceTest.java' fails + JDK-8198668: MemoryPoolMBean/isUsageThresholdExceeded/ /isexceeded001/TestDescription.java still failing + JDK-8202282: [TESTBUG] appcds TestCommon .makeCommandLineForAppCDS() can be removed + JDK-8202790: DnD test DisposeFrameOnDragTest.java does not clean up + JDK-8202931: [macos] java/awt/Choice/ChoicePopupLocation/ /ChoicePopupLocation.java fails + JDK-8207211: [TESTBUG] Remove excessive output from CDS/AppCDS tests + JDK-8207214: Broken links in JDK API serialized-form page + JDK-8207855: Make applications/jcstress invoke tests in batches + JDK-8208243: vmTestbase/gc/lock/jni/jnilock002/ /TestDescription.java fails in jdk/hs nightly + JDK-8208278: [mlvm] [TESTBUG] vm.mlvm.mixed.stress.java .findDeadlock.INDIFY_Test Deadlocked threads are not always detected + JDK-8208623: [TESTBUG] runtime/LoadClass/LongBCP.java fails in AUFS file system + JDK-8208699: remove unneeded imports from runtime tests + JDK-8208704: runtime/appcds/MultiReleaseJars.java timed out often in hs-tier7 testing + JDK-8208705: [TESTBUG] The -Xlog:cds,cds+hashtables vm option is not always required for appcds tests + JDK-8209549: remove VMPropsExt from TEST.ROOT + JDK-8209595: MonitorVmStartTerminate.java timed out + JDK-8209946: [TESTBUG] CDS tests should use '@run driver' + JDK-8211438: [Testbug] runtime/XCheckJniJsig/XCheckJSig.java looks for libjsig in wrong location + JDK-8211978: Move testlibrary/jdk/testlibrary/ /SimpleSSLContext.java and testkeys to network testlibrary + JDK-8213622: Windows VS2013 build failure - ''snprintf': identifier not found' + JDK-8213926: WB_EnqueueInitializerForCompilation requests compilation for NULL + JDK-8213927: G1 ignores AlwaysPreTouch when UseTransparentHugePages is enabled + JDK-8214908: add ctw tests for jdk.jfr and jdk.management.jfr modules + JDK-8214915: CtwRunner misses export for jdk.internal.access + JDK-8216408: XMLStreamWriter setDefaultNamespace(null) throws NullPointerException + JDK-8217475: Unexpected StackOverflowError in 'process reaper' thread + JDK-8218754: JDK-8068225 regression in JDIBreakpointTest + JDK-8219475: javap man page needs to be updated + JDK-8219585: [TESTBUG] sun/management/jmxremote/bootstrap/ /JMXInterfaceBindingTest.java passes trivially when it shouldn't + JDK-8219612: [TESTBUG] compiler.codecache.stress.Helper .TestCaseImpl can't be defined in different runtime package as its nest host + JDK-8225471: Test utility jdk.test.lib.util.FileUtils .areAllMountPointsAccessible needs to tolerate duplicates + JDK-8226706: (se) Reduce the number of outer loop iterations on Windows in java/nio/channels/Selector/RacyDeregister.java + JDK-8226905: unproblem list applications/ctw/modules/* tests on windows + JDK-8226910: make it possible to use jtreg's -match via run-test framework + JDK-8227438: [TESTLIB] Determine if file exists by Files.exists in function FileUtils.deleteFileIfExistsWithRetry + JDK-8231585: java/lang/management/ThreadMXBean/ /MaxDepthForThreadInfoTest.java fails with java.lang.NullPointerException + JDK-8232839: JDI AfterThreadDeathTest.java failed due to 'FAILED: Did not get expected IllegalThreadStateException on a StepRequest.enable()' + JDK-8233453: MLVM deoptimize stress test timed out + JDK-8234309: LFGarbageCollectedTest.java fails with parse Exception + JDK-8237222: [macos] java/awt/Focus/UnaccessibleChoice/ /AccessibleChoiceTest.java fails + JDK-8237777: 'Dumping core ...' is shown despite claiming that '# No core dump will be written.' + JDK-8237834: com/sun/jndi/ldap/LdapDnsProviderTest.java failing with LDAP response read timeout + JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel + JDK-8239801: [macos] java/awt/Focus/UnaccessibleChoice/ /AccessibleChoiceTest.java fails + JDK-8244679: JVM/TI GetCurrentContendedMonitor/contmon001 failed due to '(IsSameObject#3) unexpected monitor object: 0x000000562336DBA8' + JDK-8246222: Rename javac test T6395981.java to be more informative + JDK-8247818: GCC 10 warning stringop-overflow with symbol code + JDK-8249087: Always initialize _body[0..1] in Symbol constructor + JDK-8251349: Add TestCaseImpl to OverloadCompileQueueTest.java's build dependencies + JDK-8251904: vmTestbase/nsk/sysdict/vm/stress/btree/btree010/ /btree010.java fails with ClassNotFoundException: nsk.sysdict.share.BTree0LLRLRLRRLR + JDK-8253543: sanity/client/SwingSet/src/ /ButtonDemoScreenshotTest.java failed with 'AssertionError: All pixels are not black' + JDK-8253739: java/awt/image/MultiResolutionImage/ /MultiResolutionImageObserverTest.java fails + JDK-8253820: Save test images and dumps with timestamps from client sanity suite + JDK-8255277: randomDelay in DrainDeadlockT and LoggingDeadlock do not randomly delay + JDK-8255546: Missing coverage for javax.smartcardio.CardPermission and ResponseAPDU + JDK-8255743: Relax SIGFPE match in in runtime/ErrorHandling/SecondaryErrorTest.java + JDK-8257505: nsk/share/test/StressOptions stressTime is scaled in getter but not when printed + JDK-8259801: Enable XML Signature secure validation mode by default + JDK-8264135: UnsafeGetStableArrayElement should account for different JIT implementation details + JDK-8265349: vmTestbase/../stress/compiler/deoptimize/ /Test.java fails with OOME due to CodeCache exhaustion. + JDK-8269025: jsig/Testjsig.java doesn't check exit code + JDK-8269077: TestSystemGC uses 'require vm.gc.G1' for large pages subtest + JDK-8271094: runtime/duplAttributes/DuplAttributesTest.java doesn't check exit code + JDK-8271224: runtime/EnclosingMethodAttr/EnclMethodAttr.java doesn't check exit code + JDK-8271828: mark hotspot runtime/classFileParserBug tests which ignore external VM flags + JDK-8271829: mark hotspot runtime/Throwable tests which ignore external VM flags + JDK-8271890: mark hotspot runtime/Dictionary tests which ignore external VM flags + JDK-8272291: mark hotspot runtime/logging tests which ignore external VM flags + JDK-8272335: runtime/cds/appcds/MoveJDKTest.java doesn't check exit codes + JDK-8272551: mark hotspot runtime/modules tests which ignore external VM flags + JDK-8272552: mark hotspot runtime/cds tests which ignore external VM flags + JDK-8273803: Zero: Handle 'zero' variant in CommandLineOptionTest.java + JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java fails in Windows 11 + JDK-8274621: NullPointerException because listenAddress[0] is null + JDK-8276796: gc/TestSystemGC.java large pages subtest fails with ZGC + JDK-8280007: Enable Neoverse N1 optimizations for Arm Neoverse V1 & N2 + JDK-8281149: (fs) java/nio/file/FileStore/Basic.java fails with java.lang.RuntimeException: values differ by more than 1GB + JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/ /ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from problemlist. + JDK-8281717: Cover logout method for several LoginModule + JDK-8282665: [REDO] ByteBufferTest.java: replace endless recursion with RuntimeException in void ck(double x, double y) + JDK-8284090: com/sun/security/auth/module/AllPlatforms.java fails to compile + JDK-8285756: clean up use of bad arguments for `@clean` in langtools tests + JDK-8285785: CheckCleanerBound test fails with PasswordCallback object is not released + JDK-8285867: Convert applet manual tests SelectionVisible.java to Frame and automate + JDK-8286846: test/jdk/javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java fails on mac aarch64 + JDK-8286969: Add a new test library API to execute kinit in SecurityTools.java + JDK-8287113: JFR: Periodic task thread uses period for method sampling events + JDK-8289511: Improve test coverage for XPath Axes: child + JDK-8289764: gc/lock tests failed with 'OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects' + JDK-8289948: Improve test coverage for XPath functions: Node Set Functions + JDK-8290399: [macos] Aqua LAF does not fire an action event if combo box menu is displayed + JDK-8290909: MemoryPoolMBean/isUsageThresholdExceeded tests failed with 'isUsageThresholdExceeded() returned false, and is still false, while threshold = MMMMMMM and used peak = NNNNNNN' + JDK-8292182: [TESTLIB] Enhance JAXPPolicyManager to setup required permissions for jtreg version 7 jar + JDK-8292946: GC lock/jni/jnilock001 test failed 'assert(gch->gc_cause() == GCCause::_scavenge_alot || !gch->incremental_collection_failed()) failed: Twice in a row' + JDK-8293819: sun/util/logging/PlatformLoggerTest.java failed with 'RuntimeException: Retrieved backing PlatformLogger level null is not the expected CONFIG' + JDK-8294158: HTML formatting for PassFailJFrame instructions + JDK-8294254: [macOS] javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java failure + JDK-8294402: Add diagnostic logging to VMProps.checkDockerSupport + JDK-8294535: Add screen capture functionality to PassFailJFrame + JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails intermittently on a VM + JDK-8296384: [TESTBUG] sun/security/provider/SecureRandom/ /AbstractDrbg/SpecTest.java intermittently timeout + JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java failed: ExceptionInInitializerError: target class not found + JDK-8300269: The selected item in an editable JComboBox with titled border is not visible in Aqua LAF + JDK-8300727: java/awt/List/ListGarbageCollectionTest/ /AwtListGarbageCollectionTest.java failed with 'List wasn't garbage collected' + JDK-8301310: The SendRawSysexMessage test may cause a JVM crash + JDK-8301377: adjust timeout for JLI GetObjectSizeIntrinsicsTest.java subtest again + JDK-8301846: Invalid TargetDataLine after screen lock when using JFileChooser or COM library + JDK-8302017: Allocate BadPaddingException only if it will be thrown + JDK-8302109: Trivial fixes to btree tests + JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/TestAMEnotNPE.java + JDK-8302607: increase timeout for ContinuousCallSiteTargetChange.java + JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM + JDK-8304314: StackWalkTest.java fails after CODETOOLS-7903373 + JDK-8304725: AsyncGetCallTrace can cause SIGBUS on M1 + JDK-8305502: adjust timeouts in three more M&M tests + JDK-8305505: NPE in javazic compiler + JDK-8305972: Update XML Security for Java to 3.0.2 + JDK-8306072: Open source several AWT MouseInfo related tests + JDK-8306076: Open source AWT misc tests + JDK-8306409: Open source AWT KeyBoardFocusManger, LightWeightComponent related tests + JDK-8306640: Open source several AWT TextArea related tests + JDK-8306652: Open source AWT MenuItem related tests + JDK-8306681: Open source more AWT DnD related tests + JDK-8306683: Open source several clipboard and color AWT tests + JDK-8306752: Open source several container and component AWT tests + JDK-8306753: Open source several container AWT tests + JDK-8306755: Open source few Swing JComponent and AbstractButton tests + JDK-8306812: Open source several AWT Miscellaneous tests + JDK-8306871: Open source more AWT Drag & Drop tests + JDK-8306996: Open source Swing MenuItem related tests + JDK-8307123: Fix deprecation warnings in DPrinter + JDK-8307130: Open source few Swing JMenu tests + JDK-8307299: Move more DnD tests to open + JDK-8307311: Timeouts on one macOS 12.6.1 host of two Swing JTableHeader tests + JDK-8307381: Open Source JFrame, JIF related Swing Tests + JDK-8307683: Loop Predication should not hoist range checks with trap on success projection by negating their condition + JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC while allocating + JDK-8308116: jdk.test.lib.compiler.InMemoryJavaCompiler .compile does not close files + JDK-8308223: failure handler missed jcmd.vm.info command + JDK-8308232: nsk/jdb tests don't pass -verbose flag to the debuggee + JDK-8308245: Add -proc:full to describe current default annotation processing policy + JDK-8308336: Test java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java failed: java.net.BindException: Address already in use + JDK-8309104: [JVMCI] compiler/unsafe/ /UnsafeGetStableArrayElement test asserts wrong values with Graal + JDK-8309119: [17u/11u] Redo JDK-8297951: C2: Create skeleton predicates for all If nodes in loop predication + JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/ /agentthr001/TestDescription.java crashing due to empty while loop + JDK-8309778: java/nio/file/Files/CopyAndMove.java fails when using second test directory + JDK-8309870: Using -proc:full should be considered requesting explicit annotation processing + JDK-8310106: sun.security.ssl.SSLHandshake .getHandshakeProducer() incorrectly checks handshakeConsumers + JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/ /bug6889007.java fails + JDK-8310551: vmTestbase/nsk/jdb/interrupt/interrupt001/ /interrupt001.java timed out due to missing prompt + JDK-8310807: java/nio/channels/DatagramChannel/Connect.java timed out + JDK-8311081: KeytoolReaderP12Test.java fail on localized Windows platform + JDK-8311511: Improve description of NativeLibrary JFR event + JDK-8311585: Add JRadioButtonMenuItem to bug8031573.java + JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 + JDK-8313082: Enable CreateCoredumpOnCrash for testing in makefiles + JDK-8313164: src/java.desktop/windows/native/libawt/windows/ /awt_Robot.cpp GetRGBPixels adjust releasing of resources + JDK-8313252: Java_sun_awt_windows_ThemeReader_paintBackground release resources in early returns + JDK-8313643: Update HarfBuzz to 8.2.2 + JDK-8313816: Accessing jmethodID might lead to spurious crashes + JDK-8314144: gc/g1/ihop/TestIHOPStatic.java fails due to extra concurrent mark with -Xcomp + JDK-8314164: java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fails intermittently in timeout + JDK-8314883: Java_java_util_prefs_FileSystemPreferences_lockFile0 write result errno in missing case + JDK-8315034: File.mkdirs() occasionally fails to create folders on Windows shared folder + JDK-8315042: NPE in PKCS7.parseOldSignedData + JDK-8315415: OutputAnalyzer.shouldMatchByLine() fails in some cases + JDK-8315499: build using devkit on Linux ppc64le RHEL puts path to devkit into libsplashscreen + JDK-8315594: Open source few headless Swing misc tests + JDK-8315600: Open source few more headless Swing misc tests + JDK-8315602: Open source swing security manager test + JDK-8315606: Open source few swing text/html tests + JDK-8315611: Open source swing text/html and tree test + JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should run with -Xbatch + JDK-8315731: Open source several Swing Text related tests + JDK-8315761: Open source few swing JList and JMenuBar tests + JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/ /bug4654927.java: component must be showing on the screen to determine its location + JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use createTestJvm + JDK-8316028: Update FreeType to 2.13.2 + JDK-8316030: Update Libpng to 1.6.40 + JDK-8316106: Open source few swing JInternalFrame and JMenuBar tests + JDK-8316461: Fix: make test outputs TEST SUCCESS after unsuccessful exit + JDK-8316947: Write a test to check textArea triggers MouseEntered/MouseExited events properly + JDK-8317307: test/jdk/com/sun/jndi/ldap/ /LdapPoolTimeoutTest.java fails with ConnectException: Connection timed out: no further information + JDK-8317327: Remove JT_JAVA dead code in jib-profiles.js + JDK-8318154: Improve stability of WheelModifier.java test + JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows + JDK-8318468: compiler/tiered/LevelTransitionTest.java fails with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1 + JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java + JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni tests + JDK-8318608: Enable parallelism in vmTestbase/nsk/stress/threads tests + JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with 'transport error 202: bind failed: Address already in use' + JDK-8318889: C2: add bailout after assert Bad graph detected in build_loop_late + JDK-8318951: Additional negative value check in JPEG decoding + JDK-8318955: Add ReleaseIntArrayElements in Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to early return + JDK-8318971: Better Error Handling for Jar Tool When Processing Non-existent Files + JDK-8318983: Fix comment typo in PKCS12Passwd.java + JDK-8319124: Update XML Security for Java to 3.0.3 + JDK-8319456: jdk/jfr/event/gc/collection/ /TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker Initiated GC' not in the valid causes + JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh + JDK-8320001: javac crashes while adding type annotations to the return type of a constructor + JDK-8320208: Update Public Suffix List to b5bf572 + JDK-8320363: ppc64 TypeEntries::type_unknown logic looks wrong, missed optimization opportunity + JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly + JDK-8320798: Console read line with zero out should zero out underlying buffer + JDK-8320884: Bump update version for OpenJDK: jdk-11.0.23 + JDK-8320937: support latest VS2022 MSC_VER in abstract_vm_version.cpp + JDK-8321151: JDK-8294427 breaks Windows L&F on all older Windows versions + JDK-8321215: Incorrect x86 instruction encoding for VSIB addressing mode + JDK-8321408: Add Certainly roots R1 and E1 + JDK-8321480: ISO 4217 Amendment 176 Update + JDK-8322178: Error. can't find jdk.testlibrary .SimpleSSLContext in test directory or libraries + JDK-8322417: Console read line with zero out should zero out when throwing exception + JDK-8322725: (tz) Update Timezone Data to 2023d + JDK-8322750: Test 'api/java_awt/interactive/ /SystemTrayTests.html' failed because A blue ball icon is added outside of the system tray + JDK-8322752: [11u] GetStackTraceAndRetransformTest.java is failing assert + JDK-8322772: Clean up code after JDK-8322417 + JDK-8323008: filter out harmful -std* flags added by autoconf from CXX + JDK-8323243: JNI invocation of an abstract instance method corrupts the stack + JDK-8323515: Create test alias 'all' for all test roots + JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/ /platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed + JDK-8324184: Windows VS2010 build failed with 'error C2275: 'int64_t'' + JDK-8324307: [11u] hotspot fails to build with GCC 12 and newer (non-static data member initializers) + JDK-8324347: Enable 'maybe-uninitialized' warning for FreeType 2.13.1 + JDK-8324659: GHA: Generic jtreg errors are not reported + JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing + JDK-8325150: (tz) Update Timezone Data to 2024a + JDK-8326109: GCC 13 reports maybe-uninitialized warnings for jni.cpp with dtrace enabled + JDK-8326503: [11u] java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fail because of package org.junit.jupiter.api does not exist + JDK-8327391: Add SipHash attribution file + JDK-8329837: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.23 - Removed the possibility to use the system timezone-java (bsc#1213470) The following package changes have been done: - java-11-openjdk-headless-11.0.23.0-150000.3.113.1 updated - java-11-openjdk-11.0.23.0-150000.3.113.1 updated From sle-container-updates at lists.suse.com Tue May 7 07:04:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 7 May 2024 09:04:35 +0200 (CEST) Subject: SUSE-CU-2024:1919-1: Security update of bci/openjdk-devel Message-ID: <20240507070435.31CEEFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1919-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-17.24 , bci/openjdk-devel:latest Container Release : 17.24 Severity : low Type : security References : 1213470 1222979 1222983 1222986 1222987 CVE-2024-21011 CVE-2024-21012 CVE-2024-21068 CVE-2024-21094 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1499-1 Released: Mon May 6 09:44:56 2024 Summary: Security update for java-17-openjdk Type: security Severity: low References: 1213470,1222979,1222983,1222986,1222987,CVE-2024-21011,CVE-2024-21012,CVE-2024-21068,CVE-2024-21094 This update for java-17-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979) - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987) - CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983) - CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with 'Exceeded _node_regs array' (JDK-8317507,JDK-8325348,bsc#1222986) Other fixes: - Update to upstream tag jdk-17.0.11+9 (April 2024 CPU) * Security fixes + JDK-8318340: Improve RSA key implementations * Other changes + JDK-6928542: Chinese characters in RTF are not decoded + JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/ /bug4517214.java fails on MacOS + JDK-7148092: [macosx] When Alt+down arrow key is pressed, the combobox popup does not appear. + JDK-7167356: (javac) investigate failing tests in JavacParserTest + JDK-8054022: HttpURLConnection timeouts with Expect: 100-Continue and no chunking + JDK-8054572: [macosx] JComboBox paints the border incorrectly + JDK-8169475: WheelModifier.java fails by timeout + JDK-8205076: [17u] Inet6AddressImpl.c: `lookupIfLocalHost` accesses `int InetAddress.preferIPv6Address` as a boolean + JDK-8209595: MonitorVmStartTerminate.java timed out + JDK-8210410: Refactor java.util.Currency:i18n shell tests to plain java tests + JDK-8261404: Class.getReflectionFactory() is not thread-safe + JDK-8261837: SIGSEGV in ciVirtualCallTypeData::translate_from + JDK-8263256: Test java/net/Inet6Address/serialize/ /Inet6AddressSerializationTest.java fails due to dynamic reconfigurations of network interface during test + JDK-8269258: java/net/httpclient/ManyRequestsLegacy.java failed with connection timeout + JDK-8271118: C2: StressGCM should have higher priority than frequency-based policy + JDK-8271616: oddPart in MutableBigInteger::mutableModInverse contains info on final result + JDK-8272811: Document the effects of building with _GNU_SOURCE in os_posix.hpp + JDK-8272853: improve `JavadocTester.runTests` + JDK-8273454: C2: Transform (-a)*(-b) into a*b + JDK-8274060: C2: Incorrect computation after JDK-8273454 + JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java fails in Windows 11 + JDK-8274621: NullPointerException because listenAddress[0] is null + JDK-8274632: Possible pointer overflow in PretouchTask chunk claiming + JDK-8274634: Use String.equals instead of String.compareTo in java.desktop + JDK-8276125: RunThese24H.java SIGSEGV in JfrThreadGroup::thread_group_id + JDK-8278028: [test-library] Warnings cleanup of the test library + JDK-8278312: Update SimpleSSLContext keystore to use SANs for localhost IP addresses + JDK-8278363: Create extented container test groups + JDK-8280241: (aio) AsynchronousSocketChannel init fails in IPv6 only Windows env + JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/ /ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from problemlist. + JDK-8281543: Remove unused code/headerfile dtraceAttacher.hpp + JDK-8281585: Remove unused imports under test/lib and jtreg/gc + JDK-8283400: [macos] a11y : Screen magnifier does not reflect JRadioButton value change + JDK-8283626: AArch64: Set relocInfo::offset_unit to 4 + JDK-8283994: Make Xerces DatatypeException stackless + JDK-8286312: Stop mixing signed and unsigned types in bit operations + JDK-8286846: test/jdk/javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java fails on mac aarch64 + JDK-8287832: jdk/jfr/event/runtime/TestActiveSettingEvent.java failed with 'Expected two batches of Active Setting events' + JDK-8288663: JFR: Disabling the JfrThreadSampler commits only a partially disabled state + JDK-8288846: misc tests fail 'assert(ms < 1000) failed: Un-interruptable sleep, short time use only' + JDK-8289764: gc/lock tests failed with 'OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects' + JDK-8290041: ModuleDescriptor.hashCode is inconsistent + JDK-8290203: ProblemList vmTestbase/nsk/jvmti/scenarios/ /capability/CM03/cm03t001/TestDescription.java on linux-all + JDK-8290399: [macos] Aqua LAF does not fire an action event if combo box menu is displayed + JDK-8292458: Atomic operations on scoped enums don't build with clang + JDK-8292946: GC lock/jni/jnilock001 test failed 'assert(gch->gc_cause() == GCCause::_scavenge_alot || !gch->incremental_collection_failed()) failed: Twice in a row' + JDK-8293117: Add atomic bitset functions + JDK-8293547: Add relaxed add_and_fetch for macos aarch64 atomics + JDK-8294158: HTML formatting for PassFailJFrame instructions + JDK-8294254: [macOS] javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java failure + JDK-8294535: Add screen capture functionality to PassFailJFrame + JDK-8295068: SSLEngine throws NPE parsing CertificateRequests + JDK-8295124: Atomic::add to pointer type may return wrong value + JDK-8295274: HelidonAppTest.java fails 'assert(event->should_commit()) failed: invariant' from compiled frame' + JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts + JDK-8297968: Crash in PrintOptoAssembly + JDK-8298087: XML Schema Validation reports an required attribute twice via ErrorHandler + JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java failed: ExceptionInInitializerError: target class not found + JDK-8300269: The selected item in an editable JComboBox with titled border is not visible in Aqua LAF + JDK-8301306: java/net/httpclient/* fail with -Xcomp + JDK-8301310: The SendRawSysexMessage test may cause a JVM crash + JDK-8301787: java/net/httpclient/SpecialHeadersTest failing after JDK-8301306 + JDK-8301846: Invalid TargetDataLine after screen lock when using JFileChooser or COM library + JDK-8302017: Allocate BadPaddingException only if it will be thrown + JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/ /TestAMEnotNPE.java + JDK-8303605: Memory leaks in Metaspace gtests + JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM + JDK-8304696: Duplicate class names in dynamicArchive tests can lead to test failure + JDK-8305356: Fix ignored bad CompileCommands in tests + JDK-8305900: Use loopback IP addresses in security policy files of httpclient tests + JDK-8305906: HttpClient may use incorrect key when finding pooled HTTP/2 connection for IPv6 address + JDK-8305962: update jcstress to 0.16 + JDK-8305972: Update XML Security for Java to 3.0.2 + JDK-8306014: Update javax.net.ssl TLS tests to use SSLContextTemplate or SSLEngineTemplate + JDK-8306408: Fix the format of several tables in building.md + JDK-8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock + JDK-8307926: Support byte-sized atomic bitset operations + JDK-8307955: Prefer to PTRACE_GETREGSET instead of PTRACE_GETREGS in method 'ps_proc.c::process_get_lwp_regs' + JDK-8307990: jspawnhelper must close its writing side of a pipe before reading from it + JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC while allocating + JDK-8308245: Add -proc:full to describe current default annotation processing policy + JDK-8308336: Test java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java failed: java.net.BindException: Address already in use + JDK-8309302: java/net/Socket/Timeouts.java fails with AssertionError on test temporal post condition + JDK-8309305: sun/security/ssl/SSLSocketImpl/ /BlockedAsyncClose.java fails with jtreg test timeout + JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/ /agentthr001/TestDescription.java crashing due to empty while loop + JDK-8309733: [macOS, Accessibility] VoiceOver: Incorrect announcements of JRadioButton + JDK-8309870: Using -proc:full should be considered requesting explicit annotation processing + JDK-8310106: sun.security.ssl.SSLHandshake .getHandshakeProducer() incorrectly checks handshakeConsumers + JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/ /bug6889007.java fails + JDK-8310380: Handle problems in core-related tests on macOS when codesign tool does not work + JDK-8310631: test/jdk/sun/nio/cs/TestCharsetMapping.java is spuriously passing + JDK-8310807: java/nio/channels/DatagramChannel/Connect.java timed out + JDK-8310838: Correct range notations in MethodTypeDesc specification + JDK-8310844: [AArch64] C1 compilation fails because monitor offset in OSR buffer is too large for immediate + JDK-8310923: Refactor Currency tests to use JUnit + JDK-8311081: KeytoolReaderP12Test.java fail on localized Windows platform + JDK-8311160: [macOS, Accessibility] VoiceOver: No announcements on JRadioButtonMenuItem and JCheckBoxMenuItem + JDK-8311581: Remove obsolete code and comments in TestLVT.java + JDK-8311645: Memory leak in jspawnhelper spawnChild after JDK-8307990 + JDK-8311986: Disable runtime/os/TestTracePageSizes.java for ShenandoahGC + JDK-8312428: PKCS11 tests fail with NSS 3.91 + JDK-8312434: SPECjvm2008/xml.transform with CDS fails with 'can't seal package nu.xom' + JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 + JDK-8313082: Enable CreateCoredumpOnCrash for testing in makefiles + JDK-8313206: PKCS11 tests silently skip execution + JDK-8313575: Refactor PKCS11Test tests + JDK-8313621: test/jdk/jdk/internal/math/FloatingDecimal/ /TestFloatingDecimal should use RandomFactory + JDK-8313643: Update HarfBuzz to 8.2.2 + JDK-8313816: Accessing jmethodID might lead to spurious crashes + JDK-8314164: java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fails intermittently in timeout + JDK-8314220: Configurable InlineCacheBuffer size + JDK-8314830: runtime/ErrorHandling/ tests ignore external VM flags + JDK-8315034: File.mkdirs() occasionally fails to create folders on Windows shared folder + JDK-8315042: NPE in PKCS7.parseOldSignedData + JDK-8315594: Open source few headless Swing misc tests + JDK-8315600: Open source few more headless Swing misc tests + JDK-8315602: Open source swing security manager test + JDK-8315611: Open source swing text/html and tree test + JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should run with -Xbatch + JDK-8315731: Open source several Swing Text related tests + JDK-8315761: Open source few swing JList and JMenuBar tests + JDK-8315920: C2: 'control input must dominate current control' assert failure + JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/ /bug4654927.java: component must be showing on the screen to determine its location + JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use createTestJvm + JDK-8316028: Update FreeType to 2.13.2 + JDK-8316030: Update Libpng to 1.6.40 + JDK-8316106: Open source few swing JInternalFrame and JMenuBar tests + JDK-8316304: (fs) Add support for BasicFileAttributes .creationTime() for Linux + JDK-8316392: compiler/interpreter/ /TestVerifyStackAfterDeopt.java failed with SIGBUS in PcDescContainer::find_pc_desc_internal + JDK-8316414: C2: large byte array clone triggers 'failed: malformed control flow' assertion failure on linux-x86 + JDK-8316415: Parallelize sun/security/rsa/SignedObjectChain.java subtests + JDK-8316418: containers/docker/TestMemoryWithCgroupV1.java get OOM killed with Parallel GC + JDK-8316445: Mark com/sun/management/HotSpotDiagnosticMXBean/ /CheckOrigin.java as vm.flagless + JDK-8316679: C2 SuperWord: wrong result, load should not be moved before store if not comparable + JDK-8316693: Simplify at-requires checkDockerSupport() + JDK-8316929: Shenandoah: Shenandoah degenerated GC and full GC need to cleanup old OopMapCache entries + JDK-8316947: Write a test to check textArea triggers MouseEntered/MouseExited events properly + JDK-8317039: Enable specifying the JDK used to run jtreg + JDK-8317144: Exclude sun/security/pkcs11/sslecc/ /ClientJSSEServerJSSE.java on Linux ppc64le + JDK-8317307: test/jdk/com/sun/jndi/ldap/ /LdapPoolTimeoutTest.java fails with ConnectException: Connection timed out: no further information + JDK-8317603: Improve exception messages thrown by sun.nio.ch.Net native methods (win) + JDK-8317771: [macos14] Expand/collapse a JTree using keyboard freezes the application in macOS 14 Sonoma + JDK-8317807: JAVA_FLAGS removed from jtreg running in JDK-8317039 + JDK-8317960: [17u] Excessive CPU usage on AbstractQueuedSynchronized.isEnqueued + JDK-8318154: Improve stability of WheelModifier.java test + JDK-8318183: C2: VM may crash after hitting node limit + JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows + JDK-8318468: compiler/tiered/LevelTransitionTest.java fails with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1 + JDK-8318490: Increase timeout for JDK tests that are close to the limit when run with libgraal + JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java + JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni tests + JDK-8318608: Enable parallelism in vmTestbase/nsk/stress/threads tests + JDK-8318689: jtreg is confused when folder name is the same as the test name + JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with 'transport error 202: bind failed: Address already in use' + JDK-8318951: Additional negative value check in JPEG decoding + JDK-8318955: Add ReleaseIntArrayElements in Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to early return + JDK-8318957: Enhance agentlib:jdwp help output by info about allow option + JDK-8318961: increase javacserver connection timeout values and max retry attempts + JDK-8318971: Better Error Handling for Jar Tool When Processing Non-existent Files + JDK-8318983: Fix comment typo in PKCS12Passwd.java + JDK-8319124: Update XML Security for Java to 3.0.3 + JDK-8319213: Compatibility.java reads both stdout and stderr of JdkUtils + JDK-8319436: Proxy.newProxyInstance throws NPE if loader is null and interface not visible from class loader + JDK-8319456: jdk/jfr/event/gc/collection/ /TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker Initiated GC' not in the valid causes + JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh + JDK-8319922: libCreationTimeHelper.so fails to link in JDK 21 + JDK-8319961: JvmtiEnvBase doesn't zero _ext_event_callbacks + JDK-8320001: javac crashes while adding type annotations to the return type of a constructor + JDK-8320168: handle setsocktopt return values + JDK-8320208: Update Public Suffix List to b5bf572 + JDK-8320300: Adjust hs_err output in malloc/mmap error cases + JDK-8320363: ppc64 TypeEntries::type_unknown logic looks wrong, missed optimization opportunity + JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly + JDK-8320798: Console read line with zero out should zero out underlying buffer + JDK-8320885: Bump update version for OpenJDK: jdk-17.0.11 + JDK-8320921: GHA: Parallelize hotspot_compiler test jobs + JDK-8320937: support latest VS2022 MSC_VER in abstract_vm_version.cpp + JDK-8321151: JDK-8294427 breaks Windows L&F on all older Windows versions + JDK-8321215: Incorrect x86 instruction encoding for VSIB addressing mode + JDK-8321408: Add Certainly roots R1 and E1 + JDK-8321480: ISO 4217 Amendment 176 Update + JDK-8321599: Data loss in AVX3 Base64 decoding + JDK-8321815: Shenandoah: gc state should be synchronized to java threads only once per safepoint + JDK-8321972: test runtime/Unsafe/InternalErrorTest.java timeout on linux-riscv64 platform + JDK-8322098: os::Linux::print_system_memory_info enhance the THP output with /sys/kernel/mm/transparent_hugepage/hpage_pmd_size + JDK-8322321: Add man page doc for -XX:+VerifySharedSpaces + JDK-8322417: Console read line with zero out should zero out when throwing exception + JDK-8322583: RISC-V: Enable fast class initialization checks + JDK-8322725: (tz) Update Timezone Data to 2023d + JDK-8322750: Test 'api/java_awt/interactive/ /SystemTrayTests.html' failed because A blue ball icon is added outside of the system tray + JDK-8322772: Clean up code after JDK-8322417 + JDK-8322783: prioritize /etc/os-release over /etc/SuSE-release in hs_err/info output + JDK-8322968: [17u] Amend Atomics gtest with 1-byte tests + JDK-8323008: filter out harmful -std* flags added by autoconf from CXX + JDK-8323021: Shenandoah: Encountered reference count always attributed to first worker thread + JDK-8323086: Shenandoah: Heap could be corrupted by oom during evacuation + JDK-8323243: JNI invocation of an abstract instance method corrupts the stack + JDK-8323331: fix typo hpage_pdm_size + JDK-8323428: Shenandoah: Unused memory in regions compacted during a full GC should be mangled + JDK-8323515: Create test alias 'all' for all test roots + JDK-8323637: Capture hotspot replay files in GHA + JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed + JDK-8323806: [17u] VS2017 build fails with warning after 8293117. + JDK-8324184: Windows VS2010 build failed with 'error C2275: 'int64_t'' + JDK-8324280: RISC-V: Incorrect implementation in VM_Version::parse_satp_mode + JDK-8324347: Enable 'maybe-uninitialized' warning for FreeType 2.13.1 + JDK-8324514: ClassLoaderData::print_on should print address of class loader + JDK-8324647: Invalid test group of lib-test after JDK-8323515 + JDK-8324659: GHA: Generic jtreg errors are not reported + JDK-8324937: GHA: Avoid multiple test suites per job + JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing + JDK-8325150: (tz) Update Timezone Data to 2024a + JDK-8325585: Remove no longer necessary calls to set/unset-in-asgct flag in JDK 17 + JDK-8326000: Remove obsolete comments for class sun.security.ssl.SunJSSE + JDK-8327036: [macosx-aarch64] SIGBUS in MarkActivationClosure::do_code_blob reached from Unsafe_CopySwapMemory0 + JDK-8327391: Add SipHash attribution file + JDK-8329836: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.11 - Removed the possibility to use the system timezone-java (bsc#1213470). The following package changes have been done: - java-17-openjdk-headless-17.0.11.0-150400.3.42.1 updated - java-17-openjdk-17.0.11.0-150400.3.42.1 updated - java-17-openjdk-devel-17.0.11.0-150400.3.42.1 updated - container:bci-openjdk-17-15.5.17-17.12 updated From sle-container-updates at lists.suse.com Tue May 7 07:04:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 7 May 2024 09:04:57 +0200 (CEST) Subject: SUSE-CU-2024:1920-1: Security update of bci/openjdk Message-ID: <20240507070457.C82AAFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1920-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-17.12 , bci/openjdk:latest Container Release : 17.12 Severity : low Type : security References : 1213470 1222979 1222983 1222986 1222987 CVE-2024-21011 CVE-2024-21012 CVE-2024-21068 CVE-2024-21094 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1499-1 Released: Mon May 6 09:44:56 2024 Summary: Security update for java-17-openjdk Type: security Severity: low References: 1213470,1222979,1222983,1222986,1222987,CVE-2024-21011,CVE-2024-21012,CVE-2024-21068,CVE-2024-21094 This update for java-17-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979) - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987) - CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983) - CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with 'Exceeded _node_regs array' (JDK-8317507,JDK-8325348,bsc#1222986) Other fixes: - Update to upstream tag jdk-17.0.11+9 (April 2024 CPU) * Security fixes + JDK-8318340: Improve RSA key implementations * Other changes + JDK-6928542: Chinese characters in RTF are not decoded + JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/ /bug4517214.java fails on MacOS + JDK-7148092: [macosx] When Alt+down arrow key is pressed, the combobox popup does not appear. + JDK-7167356: (javac) investigate failing tests in JavacParserTest + JDK-8054022: HttpURLConnection timeouts with Expect: 100-Continue and no chunking + JDK-8054572: [macosx] JComboBox paints the border incorrectly + JDK-8169475: WheelModifier.java fails by timeout + JDK-8205076: [17u] Inet6AddressImpl.c: `lookupIfLocalHost` accesses `int InetAddress.preferIPv6Address` as a boolean + JDK-8209595: MonitorVmStartTerminate.java timed out + JDK-8210410: Refactor java.util.Currency:i18n shell tests to plain java tests + JDK-8261404: Class.getReflectionFactory() is not thread-safe + JDK-8261837: SIGSEGV in ciVirtualCallTypeData::translate_from + JDK-8263256: Test java/net/Inet6Address/serialize/ /Inet6AddressSerializationTest.java fails due to dynamic reconfigurations of network interface during test + JDK-8269258: java/net/httpclient/ManyRequestsLegacy.java failed with connection timeout + JDK-8271118: C2: StressGCM should have higher priority than frequency-based policy + JDK-8271616: oddPart in MutableBigInteger::mutableModInverse contains info on final result + JDK-8272811: Document the effects of building with _GNU_SOURCE in os_posix.hpp + JDK-8272853: improve `JavadocTester.runTests` + JDK-8273454: C2: Transform (-a)*(-b) into a*b + JDK-8274060: C2: Incorrect computation after JDK-8273454 + JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java fails in Windows 11 + JDK-8274621: NullPointerException because listenAddress[0] is null + JDK-8274632: Possible pointer overflow in PretouchTask chunk claiming + JDK-8274634: Use String.equals instead of String.compareTo in java.desktop + JDK-8276125: RunThese24H.java SIGSEGV in JfrThreadGroup::thread_group_id + JDK-8278028: [test-library] Warnings cleanup of the test library + JDK-8278312: Update SimpleSSLContext keystore to use SANs for localhost IP addresses + JDK-8278363: Create extented container test groups + JDK-8280241: (aio) AsynchronousSocketChannel init fails in IPv6 only Windows env + JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/ /ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from problemlist. + JDK-8281543: Remove unused code/headerfile dtraceAttacher.hpp + JDK-8281585: Remove unused imports under test/lib and jtreg/gc + JDK-8283400: [macos] a11y : Screen magnifier does not reflect JRadioButton value change + JDK-8283626: AArch64: Set relocInfo::offset_unit to 4 + JDK-8283994: Make Xerces DatatypeException stackless + JDK-8286312: Stop mixing signed and unsigned types in bit operations + JDK-8286846: test/jdk/javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java fails on mac aarch64 + JDK-8287832: jdk/jfr/event/runtime/TestActiveSettingEvent.java failed with 'Expected two batches of Active Setting events' + JDK-8288663: JFR: Disabling the JfrThreadSampler commits only a partially disabled state + JDK-8288846: misc tests fail 'assert(ms < 1000) failed: Un-interruptable sleep, short time use only' + JDK-8289764: gc/lock tests failed with 'OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects' + JDK-8290041: ModuleDescriptor.hashCode is inconsistent + JDK-8290203: ProblemList vmTestbase/nsk/jvmti/scenarios/ /capability/CM03/cm03t001/TestDescription.java on linux-all + JDK-8290399: [macos] Aqua LAF does not fire an action event if combo box menu is displayed + JDK-8292458: Atomic operations on scoped enums don't build with clang + JDK-8292946: GC lock/jni/jnilock001 test failed 'assert(gch->gc_cause() == GCCause::_scavenge_alot || !gch->incremental_collection_failed()) failed: Twice in a row' + JDK-8293117: Add atomic bitset functions + JDK-8293547: Add relaxed add_and_fetch for macos aarch64 atomics + JDK-8294158: HTML formatting for PassFailJFrame instructions + JDK-8294254: [macOS] javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java failure + JDK-8294535: Add screen capture functionality to PassFailJFrame + JDK-8295068: SSLEngine throws NPE parsing CertificateRequests + JDK-8295124: Atomic::add to pointer type may return wrong value + JDK-8295274: HelidonAppTest.java fails 'assert(event->should_commit()) failed: invariant' from compiled frame' + JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts + JDK-8297968: Crash in PrintOptoAssembly + JDK-8298087: XML Schema Validation reports an required attribute twice via ErrorHandler + JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java failed: ExceptionInInitializerError: target class not found + JDK-8300269: The selected item in an editable JComboBox with titled border is not visible in Aqua LAF + JDK-8301306: java/net/httpclient/* fail with -Xcomp + JDK-8301310: The SendRawSysexMessage test may cause a JVM crash + JDK-8301787: java/net/httpclient/SpecialHeadersTest failing after JDK-8301306 + JDK-8301846: Invalid TargetDataLine after screen lock when using JFileChooser or COM library + JDK-8302017: Allocate BadPaddingException only if it will be thrown + JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/ /TestAMEnotNPE.java + JDK-8303605: Memory leaks in Metaspace gtests + JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM + JDK-8304696: Duplicate class names in dynamicArchive tests can lead to test failure + JDK-8305356: Fix ignored bad CompileCommands in tests + JDK-8305900: Use loopback IP addresses in security policy files of httpclient tests + JDK-8305906: HttpClient may use incorrect key when finding pooled HTTP/2 connection for IPv6 address + JDK-8305962: update jcstress to 0.16 + JDK-8305972: Update XML Security for Java to 3.0.2 + JDK-8306014: Update javax.net.ssl TLS tests to use SSLContextTemplate or SSLEngineTemplate + JDK-8306408: Fix the format of several tables in building.md + JDK-8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock + JDK-8307926: Support byte-sized atomic bitset operations + JDK-8307955: Prefer to PTRACE_GETREGSET instead of PTRACE_GETREGS in method 'ps_proc.c::process_get_lwp_regs' + JDK-8307990: jspawnhelper must close its writing side of a pipe before reading from it + JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC while allocating + JDK-8308245: Add -proc:full to describe current default annotation processing policy + JDK-8308336: Test java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java failed: java.net.BindException: Address already in use + JDK-8309302: java/net/Socket/Timeouts.java fails with AssertionError on test temporal post condition + JDK-8309305: sun/security/ssl/SSLSocketImpl/ /BlockedAsyncClose.java fails with jtreg test timeout + JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/ /agentthr001/TestDescription.java crashing due to empty while loop + JDK-8309733: [macOS, Accessibility] VoiceOver: Incorrect announcements of JRadioButton + JDK-8309870: Using -proc:full should be considered requesting explicit annotation processing + JDK-8310106: sun.security.ssl.SSLHandshake .getHandshakeProducer() incorrectly checks handshakeConsumers + JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/ /bug6889007.java fails + JDK-8310380: Handle problems in core-related tests on macOS when codesign tool does not work + JDK-8310631: test/jdk/sun/nio/cs/TestCharsetMapping.java is spuriously passing + JDK-8310807: java/nio/channels/DatagramChannel/Connect.java timed out + JDK-8310838: Correct range notations in MethodTypeDesc specification + JDK-8310844: [AArch64] C1 compilation fails because monitor offset in OSR buffer is too large for immediate + JDK-8310923: Refactor Currency tests to use JUnit + JDK-8311081: KeytoolReaderP12Test.java fail on localized Windows platform + JDK-8311160: [macOS, Accessibility] VoiceOver: No announcements on JRadioButtonMenuItem and JCheckBoxMenuItem + JDK-8311581: Remove obsolete code and comments in TestLVT.java + JDK-8311645: Memory leak in jspawnhelper spawnChild after JDK-8307990 + JDK-8311986: Disable runtime/os/TestTracePageSizes.java for ShenandoahGC + JDK-8312428: PKCS11 tests fail with NSS 3.91 + JDK-8312434: SPECjvm2008/xml.transform with CDS fails with 'can't seal package nu.xom' + JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 + JDK-8313082: Enable CreateCoredumpOnCrash for testing in makefiles + JDK-8313206: PKCS11 tests silently skip execution + JDK-8313575: Refactor PKCS11Test tests + JDK-8313621: test/jdk/jdk/internal/math/FloatingDecimal/ /TestFloatingDecimal should use RandomFactory + JDK-8313643: Update HarfBuzz to 8.2.2 + JDK-8313816: Accessing jmethodID might lead to spurious crashes + JDK-8314164: java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fails intermittently in timeout + JDK-8314220: Configurable InlineCacheBuffer size + JDK-8314830: runtime/ErrorHandling/ tests ignore external VM flags + JDK-8315034: File.mkdirs() occasionally fails to create folders on Windows shared folder + JDK-8315042: NPE in PKCS7.parseOldSignedData + JDK-8315594: Open source few headless Swing misc tests + JDK-8315600: Open source few more headless Swing misc tests + JDK-8315602: Open source swing security manager test + JDK-8315611: Open source swing text/html and tree test + JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should run with -Xbatch + JDK-8315731: Open source several Swing Text related tests + JDK-8315761: Open source few swing JList and JMenuBar tests + JDK-8315920: C2: 'control input must dominate current control' assert failure + JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/ /bug4654927.java: component must be showing on the screen to determine its location + JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use createTestJvm + JDK-8316028: Update FreeType to 2.13.2 + JDK-8316030: Update Libpng to 1.6.40 + JDK-8316106: Open source few swing JInternalFrame and JMenuBar tests + JDK-8316304: (fs) Add support for BasicFileAttributes .creationTime() for Linux + JDK-8316392: compiler/interpreter/ /TestVerifyStackAfterDeopt.java failed with SIGBUS in PcDescContainer::find_pc_desc_internal + JDK-8316414: C2: large byte array clone triggers 'failed: malformed control flow' assertion failure on linux-x86 + JDK-8316415: Parallelize sun/security/rsa/SignedObjectChain.java subtests + JDK-8316418: containers/docker/TestMemoryWithCgroupV1.java get OOM killed with Parallel GC + JDK-8316445: Mark com/sun/management/HotSpotDiagnosticMXBean/ /CheckOrigin.java as vm.flagless + JDK-8316679: C2 SuperWord: wrong result, load should not be moved before store if not comparable + JDK-8316693: Simplify at-requires checkDockerSupport() + JDK-8316929: Shenandoah: Shenandoah degenerated GC and full GC need to cleanup old OopMapCache entries + JDK-8316947: Write a test to check textArea triggers MouseEntered/MouseExited events properly + JDK-8317039: Enable specifying the JDK used to run jtreg + JDK-8317144: Exclude sun/security/pkcs11/sslecc/ /ClientJSSEServerJSSE.java on Linux ppc64le + JDK-8317307: test/jdk/com/sun/jndi/ldap/ /LdapPoolTimeoutTest.java fails with ConnectException: Connection timed out: no further information + JDK-8317603: Improve exception messages thrown by sun.nio.ch.Net native methods (win) + JDK-8317771: [macos14] Expand/collapse a JTree using keyboard freezes the application in macOS 14 Sonoma + JDK-8317807: JAVA_FLAGS removed from jtreg running in JDK-8317039 + JDK-8317960: [17u] Excessive CPU usage on AbstractQueuedSynchronized.isEnqueued + JDK-8318154: Improve stability of WheelModifier.java test + JDK-8318183: C2: VM may crash after hitting node limit + JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows + JDK-8318468: compiler/tiered/LevelTransitionTest.java fails with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1 + JDK-8318490: Increase timeout for JDK tests that are close to the limit when run with libgraal + JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java + JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni tests + JDK-8318608: Enable parallelism in vmTestbase/nsk/stress/threads tests + JDK-8318689: jtreg is confused when folder name is the same as the test name + JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with 'transport error 202: bind failed: Address already in use' + JDK-8318951: Additional negative value check in JPEG decoding + JDK-8318955: Add ReleaseIntArrayElements in Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to early return + JDK-8318957: Enhance agentlib:jdwp help output by info about allow option + JDK-8318961: increase javacserver connection timeout values and max retry attempts + JDK-8318971: Better Error Handling for Jar Tool When Processing Non-existent Files + JDK-8318983: Fix comment typo in PKCS12Passwd.java + JDK-8319124: Update XML Security for Java to 3.0.3 + JDK-8319213: Compatibility.java reads both stdout and stderr of JdkUtils + JDK-8319436: Proxy.newProxyInstance throws NPE if loader is null and interface not visible from class loader + JDK-8319456: jdk/jfr/event/gc/collection/ /TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker Initiated GC' not in the valid causes + JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh + JDK-8319922: libCreationTimeHelper.so fails to link in JDK 21 + JDK-8319961: JvmtiEnvBase doesn't zero _ext_event_callbacks + JDK-8320001: javac crashes while adding type annotations to the return type of a constructor + JDK-8320168: handle setsocktopt return values + JDK-8320208: Update Public Suffix List to b5bf572 + JDK-8320300: Adjust hs_err output in malloc/mmap error cases + JDK-8320363: ppc64 TypeEntries::type_unknown logic looks wrong, missed optimization opportunity + JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly + JDK-8320798: Console read line with zero out should zero out underlying buffer + JDK-8320885: Bump update version for OpenJDK: jdk-17.0.11 + JDK-8320921: GHA: Parallelize hotspot_compiler test jobs + JDK-8320937: support latest VS2022 MSC_VER in abstract_vm_version.cpp + JDK-8321151: JDK-8294427 breaks Windows L&F on all older Windows versions + JDK-8321215: Incorrect x86 instruction encoding for VSIB addressing mode + JDK-8321408: Add Certainly roots R1 and E1 + JDK-8321480: ISO 4217 Amendment 176 Update + JDK-8321599: Data loss in AVX3 Base64 decoding + JDK-8321815: Shenandoah: gc state should be synchronized to java threads only once per safepoint + JDK-8321972: test runtime/Unsafe/InternalErrorTest.java timeout on linux-riscv64 platform + JDK-8322098: os::Linux::print_system_memory_info enhance the THP output with /sys/kernel/mm/transparent_hugepage/hpage_pmd_size + JDK-8322321: Add man page doc for -XX:+VerifySharedSpaces + JDK-8322417: Console read line with zero out should zero out when throwing exception + JDK-8322583: RISC-V: Enable fast class initialization checks + JDK-8322725: (tz) Update Timezone Data to 2023d + JDK-8322750: Test 'api/java_awt/interactive/ /SystemTrayTests.html' failed because A blue ball icon is added outside of the system tray + JDK-8322772: Clean up code after JDK-8322417 + JDK-8322783: prioritize /etc/os-release over /etc/SuSE-release in hs_err/info output + JDK-8322968: [17u] Amend Atomics gtest with 1-byte tests + JDK-8323008: filter out harmful -std* flags added by autoconf from CXX + JDK-8323021: Shenandoah: Encountered reference count always attributed to first worker thread + JDK-8323086: Shenandoah: Heap could be corrupted by oom during evacuation + JDK-8323243: JNI invocation of an abstract instance method corrupts the stack + JDK-8323331: fix typo hpage_pdm_size + JDK-8323428: Shenandoah: Unused memory in regions compacted during a full GC should be mangled + JDK-8323515: Create test alias 'all' for all test roots + JDK-8323637: Capture hotspot replay files in GHA + JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed + JDK-8323806: [17u] VS2017 build fails with warning after 8293117. + JDK-8324184: Windows VS2010 build failed with 'error C2275: 'int64_t'' + JDK-8324280: RISC-V: Incorrect implementation in VM_Version::parse_satp_mode + JDK-8324347: Enable 'maybe-uninitialized' warning for FreeType 2.13.1 + JDK-8324514: ClassLoaderData::print_on should print address of class loader + JDK-8324647: Invalid test group of lib-test after JDK-8323515 + JDK-8324659: GHA: Generic jtreg errors are not reported + JDK-8324937: GHA: Avoid multiple test suites per job + JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing + JDK-8325150: (tz) Update Timezone Data to 2024a + JDK-8325585: Remove no longer necessary calls to set/unset-in-asgct flag in JDK 17 + JDK-8326000: Remove obsolete comments for class sun.security.ssl.SunJSSE + JDK-8327036: [macosx-aarch64] SIGBUS in MarkActivationClosure::do_code_blob reached from Unsafe_CopySwapMemory0 + JDK-8327391: Add SipHash attribution file + JDK-8329836: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.11 - Removed the possibility to use the system timezone-java (bsc#1213470). The following package changes have been done: - java-17-openjdk-headless-17.0.11.0-150400.3.42.1 updated - java-17-openjdk-17.0.11.0-150400.3.42.1 updated From sle-container-updates at lists.suse.com Tue May 7 07:05:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 7 May 2024 09:05:18 +0200 (CEST) Subject: SUSE-CU-2024:1921-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20240507070518.5B904FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1921-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.12 , suse/manager/4.3/proxy-httpd:4.3.12.9.52.1 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.52.1 Severity : important Type : security References : 1170848 1170848 1208572 1208572 1214340 1214340 1214387 1214387 1216085 1216085 1217204 1217204 1217874 1217874 1218764 1218764 1218805 1218805 1218931 1218931 1218957 1218957 1219061 1219061 1219233 1219233 1219634 1219634 1219875 1219875 1220001 1220101 1220101 1220169 1220169 1220194 1220194 1220221 1220221 1220376 1220376 1220705 1220705 1220726 1220726 1220903 1220903 1220980 1220980 1221111 1221111 1221182 1221182 1221279 1221279 1221465 1221465 1221571 1221571 1221784 1221784 1221922 1221922 1222110 1222110 1222347 1222347 CVE-2023-51775 CVE-2023-51775 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1507-1 Released: Mon May 6 11:45:59 2024 Summary: Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Type: security Severity: moderate References: 1170848,1208572,1214340,1214387,1216085,1217204,1217874,1218764,1218805,1218931,1218957,1219061,1219233,1219634,1219875,1220101,1220169,1220194,1220221,1220376,1220705,1220726,1220903,1220980,1221111,1221182,1221279,1221465,1221571,1221784,1221922,1222110,1222347,CVE-2023-51775 Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1532-1 Released: Mon May 6 11:55:25 2024 Summary: Maintenance update for SUSE Manager 4.3 Release Notes Type: security Severity: important References: 1170848,1208572,1214340,1214387,1216085,1217204,1217874,1218764,1218805,1218931,1218957,1219061,1219233,1219634,1219875,1220001,1220101,1220169,1220194,1220221,1220376,1220705,1220726,1220903,1220980,1221111,1221182,1221279,1221465,1221571,1221784,1221922,1222110,1222347,CVE-2023-51775 Maintenance update for SUSE Manager 4.3 Release Notes: This is a codestream only update The following package changes have been done: - release-notes-susemanager-proxy-4.3.12-150400.3.82.3 updated - python3-uyuni-common-libs-4.3.10-150400.3.18.4 updated - spacewalk-backend-4.3.28-150400.3.41.7 updated - python3-spacewalk-client-tools-4.3.19-150400.3.27.5 updated - spacewalk-client-tools-4.3.19-150400.3.27.5 updated From sle-container-updates at lists.suse.com Wed May 8 07:03:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 8 May 2024 09:03:31 +0200 (CEST) Subject: SUSE-CU-2024:1942-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20240508070331.3DEA8FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1942-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.8.26 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.8.26 Severity : important Type : security References : 1222188 1222849 CVE-2024-32487 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1504-1 Released: Mon May 6 11:27:19 2024 Summary: Recommended update for gdb Type: recommended Severity: important References: 1222188 This update for gdb fixes the following issues: - Fix crashing by handling varstring==nullptr (bsc#1222188) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1534-1 Released: Mon May 6 14:55:19 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) The following package changes have been done: - gdb-13.2-150100.8.42.1 updated - less-530-150000.3.9.1 updated From sle-container-updates at lists.suse.com Wed May 8 07:04:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 8 May 2024 09:04:14 +0200 (CEST) Subject: SUSE-CU-2024:1943-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20240508070414.53ED6FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1943-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.8.26 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.8.26 Severity : important Type : security References : 1222188 1222849 CVE-2024-32487 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1504-1 Released: Mon May 6 11:27:19 2024 Summary: Recommended update for gdb Type: recommended Severity: important References: 1222188 This update for gdb fixes the following issues: - Fix crashing by handling varstring==nullptr (bsc#1222188) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1534-1 Released: Mon May 6 14:55:19 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) The following package changes have been done: - gdb-13.2-150100.8.42.1 updated - less-530-150000.3.9.1 updated From sle-container-updates at lists.suse.com Thu May 9 07:01:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 9 May 2024 09:01:19 +0200 (CEST) Subject: SUSE-IU-2024:379-1: Security update of suse/sle-micro/5.5 Message-ID: <20240509070119.87A8CFCEF@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:379-1 Image Tags : suse/sle-micro/5.5:2.0.2 , suse/sle-micro/5.5:2.0.2-4.2.93 , suse/sle-micro/5.5:latest Image Release : 4.2.93 Severity : moderate Type : security References : 1189495 1191175 1218686 CVE-2021-3521 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1557-1 Released: Wed May 8 11:42:34 2024 Summary: Security update for rpm Type: security Severity: moderate References: 1189495,1191175,1218686,CVE-2021-3521 This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175) Other fixes: - accept more signature subpackets marked as critical (bsc#1218686) - backport limit support for the autopatch macro (bsc#1189495) The following package changes have been done: - rpm-4.14.3-150400.59.16.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.2-4.2.66 updated From sle-container-updates at lists.suse.com Thu May 9 07:04:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 9 May 2024 09:04:33 +0200 (CEST) Subject: SUSE-CU-2024:1946-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20240509070433.51037FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1946-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.31 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.31 Container Release : 3.31 Severity : moderate Type : security References : 1189495 1191175 1218686 CVE-2021-3521 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1557-1 Released: Wed May 8 11:42:34 2024 Summary: Security update for rpm Type: security Severity: moderate References: 1189495,1191175,1218686,CVE-2021-3521 This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175) Other fixes: - accept more signature subpackets marked as critical (bsc#1218686) - backport limit support for the autopatch macro (bsc#1189495) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.16.1 updated From sle-container-updates at lists.suse.com Thu May 9 07:09:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 9 May 2024 09:09:53 +0200 (CEST) Subject: SUSE-CU-2024:1961-1: Security update of bci/bci-minimal Message-ID: <20240509070953.2269CFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1961-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.21.7 , bci/bci-minimal:latest Container Release : 21.7 Severity : moderate Type : security References : 1189495 1191175 1218686 CVE-2021-3521 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1557-1 Released: Wed May 8 11:42:34 2024 Summary: Security update for rpm Type: security Severity: moderate References: 1189495,1191175,1218686,CVE-2021-3521 This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175) Other fixes: - accept more signature subpackets marked as critical (bsc#1218686) - backport limit support for the autopatch macro (bsc#1189495) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.16.1 updated From sle-container-updates at lists.suse.com Thu May 9 07:14:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 9 May 2024 09:14:37 +0200 (CEST) Subject: SUSE-CU-2024:1971-1: Security update of bci/python Message-ID: <20240509071437.1C38CFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1971-1 Container Tags : bci/python:3 , bci/python:3-18.13 , bci/python:3.11 , bci/python:3.11-18.13 , bci/python:latest Container Release : 18.13 Severity : important Type : security References : 1189495 1211301 1219559 1219666 1221260 1221854 CVE-2023-52425 CVE-2023-6597 CVE-2024-0450 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1556-1 Released: Wed May 8 11:40:36 2024 Summary: Security update for python311 Type: security Severity: important References: 1189495,1211301,1219559,1219666,1221260,1221854,CVE-2023-52425,CVE-2023-6597,CVE-2024-0450 This update for python311 fixes the following issues: - CVE-2024-0450: Fixed 'quoted-overlap' issue inside the zipfile module (bsc#1221854). - CVE-2023-6597: Fixed removing tempfile.TemporaryDirectory in some edge cases related to symlinks (bsc#1219666). - CVE-2023-52425: Fixed denial of service (resource consumption) caused by processing large tokens (bsc#1219559). Bug fixes: - Eliminate ResourceWarning which broke the test suite in test_asyncio (bsc#1221260). - Revert use of %autopatch (bsc#1189495). - Use the system-wide crypto-policies (bsc#1211301). The following package changes have been done: - libpython3_11-1_0-3.11.9-150400.9.26.1 updated - python311-base-3.11.9-150400.9.26.1 updated - python311-3.11.9-150400.9.26.1 updated - python311-devel-3.11.9-150400.9.26.1 updated - container:sles15-image-15.0.0-36.11.31 updated From sle-container-updates at lists.suse.com Thu May 9 07:16:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 9 May 2024 09:16:47 +0200 (CEST) Subject: SUSE-CU-2024:1977-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240509071647.917BDFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1977-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.9.10 , bci/bci-sle15-kernel-module-devel:latest Container Release : 9.10 Severity : moderate Type : security References : 1189495 1191175 1218686 CVE-2021-3521 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1557-1 Released: Wed May 8 11:42:34 2024 Summary: Security update for rpm Type: security Severity: moderate References: 1189495,1191175,1218686,CVE-2021-3521 This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175) Other fixes: - accept more signature subpackets marked as critical (bsc#1218686) - backport limit support for the autopatch macro (bsc#1189495) The following package changes have been done: - rpm-build-4.14.3-150400.59.16.1 updated - container:sles15-image-15.0.0-36.11.31 updated From sle-container-updates at lists.suse.com Thu May 9 07:17:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 9 May 2024 09:17:11 +0200 (CEST) Subject: SUSE-CU-2024:1978-1: Security update of suse/sle15 Message-ID: <20240509071711.535B1FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1978-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.11.31 , suse/sle15:15.5 , suse/sle15:15.5.36.11.31 Container Release : 36.11.31 Severity : moderate Type : security References : 1189495 1191175 1218686 CVE-2021-3521 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1557-1 Released: Wed May 8 11:42:34 2024 Summary: Security update for rpm Type: security Severity: moderate References: 1189495,1191175,1218686,CVE-2021-3521 This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175) Other fixes: - accept more signature subpackets marked as critical (bsc#1218686) - backport limit support for the autopatch macro (bsc#1189495) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.16.1 updated From sle-container-updates at lists.suse.com Thu May 9 07:17:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 9 May 2024 09:17:35 +0200 (CEST) Subject: SUSE-CU-2024:1979-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20240509071735.B1899FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1979-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.12 , suse/manager/4.3/proxy-httpd:4.3.12.9.52.2 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.52.2 Severity : moderate Type : security References : 1189495 1191175 1218686 CVE-2021-3521 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1557-1 Released: Wed May 8 11:42:34 2024 Summary: Security update for rpm Type: security Severity: moderate References: 1189495,1191175,1218686,CVE-2021-3521 This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175) Other fixes: - accept more signature subpackets marked as critical (bsc#1218686) - backport limit support for the autopatch macro (bsc#1189495) The following package changes have been done: - python3-rpm-4.14.3-150400.59.16.1 updated From sle-container-updates at lists.suse.com Fri May 10 07:01:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 10 May 2024 09:01:22 +0200 (CEST) Subject: SUSE-IU-2024:421-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20240510070122.60525FCEF@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:421-1 Image Tags : suse/sle-micro/5.5:2.0.2 , suse/sle-micro/5.5:2.0.2-4.2.94 , suse/sle-micro/5.5:latest Image Release : 4.2.94 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1566-1 Released: Thu May 9 12:33:21 2024 Summary: Recommended update for catatonit Type: recommended Severity: moderate References: This update for catatonit fixes the following issues: - Update to catatonit v0.2.0 - Change license to GPL-2.0-or-later The following package changes have been done: - catatonit-0.2.0-150500.3.3.1 updated From sle-container-updates at lists.suse.com Fri May 10 07:02:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 10 May 2024 09:02:16 +0200 (CEST) Subject: SUSE-CU-2024:1980-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20240510070216.9AB70FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1980-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.8.26 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.8.26 Severity : moderate Type : security References : 1189495 1191175 1218686 CVE-2021-3521 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1557-1 Released: Wed May 8 11:42:34 2024 Summary: Security update for rpm Type: security Severity: moderate References: 1189495,1191175,1218686,CVE-2021-3521 This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175) Other fixes: - accept more signature subpackets marked as critical (bsc#1218686) - backport limit support for the autopatch macro (bsc#1189495) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.16.1 updated From sle-container-updates at lists.suse.com Fri May 10 07:03:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 10 May 2024 09:03:08 +0200 (CEST) Subject: SUSE-CU-2024:1981-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20240510070308.7887AFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1981-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.15.25 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.15.25 Severity : moderate Type : security References : 1189495 1191175 1218686 CVE-2021-3521 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1557-1 Released: Wed May 8 11:42:34 2024 Summary: Security update for rpm Type: security Severity: moderate References: 1189495,1191175,1218686,CVE-2021-3521 This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175) Other fixes: - accept more signature subpackets marked as critical (bsc#1218686) - backport limit support for the autopatch macro (bsc#1189495) The following package changes have been done: - rpm-ndb-4.14.3-150400.59.16.1 updated From sle-container-updates at lists.suse.com Fri May 10 07:04:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 10 May 2024 09:04:53 +0200 (CEST) Subject: SUSE-CU-2024:1983-1: Recommended update of suse/rmt-server Message-ID: <20240510070453.6CD4EFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1983-1 Container Tags : suse/rmt-server:2.16 , suse/rmt-server:2.16-16.12 , suse/rmt-server:latest Container Release : 16.12 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1566-1 Released: Thu May 9 12:33:21 2024 Summary: Recommended update for catatonit Type: recommended Severity: moderate References: This update for catatonit fixes the following issues: - Update to catatonit v0.2.0 - Change license to GPL-2.0-or-later The following package changes have been done: - catatonit-0.2.0-150500.3.3.1 updated From sle-container-updates at lists.suse.com Sat May 11 07:01:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 11 May 2024 09:01:28 +0200 (CEST) Subject: SUSE-IU-2024:425-1: Security update of suse/sle-micro/5.5 Message-ID: <20240511070128.D826AFCEF@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:425-1 Image Tags : suse/sle-micro/5.5:2.0.2 , suse/sle-micro/5.5:2.0.2-4.2.96 , suse/sle-micro/5.5:latest Image Release : 4.2.96 Severity : important Type : security References : 1222849 CVE-2024-32487 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1598-1 Released: Fri May 10 11:50:36 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) The following package changes have been done: - less-590-150400.3.9.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.2-5.5.1 updated From sle-container-updates at lists.suse.com Sat May 11 07:04:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 11 May 2024 09:04:11 +0200 (CEST) Subject: SUSE-CU-2024:1988-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20240511070411.7F1B9FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1988-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.8.27 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.8.27 Severity : important Type : security References : 1222849 CVE-2024-32487 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1598-1 Released: Fri May 10 11:50:36 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) The following package changes have been done: - less-590-150400.3.9.1 updated From sle-container-updates at lists.suse.com Sat May 11 07:06:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 11 May 2024 09:06:10 +0200 (CEST) Subject: SUSE-CU-2024:1990-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20240511070610.2AD56FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1990-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.15.26 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.15.26 Severity : important Type : security References : 1222849 CVE-2024-32487 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1598-1 Released: Fri May 10 11:50:36 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) The following package changes have been done: - less-590-150400.3.9.1 updated From sle-container-updates at lists.suse.com Sat May 11 07:06:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 11 May 2024 09:06:51 +0200 (CEST) Subject: SUSE-CU-2024:1991-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20240511070651.849F7FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1991-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.227 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.227 Severity : important Type : security References : 1222849 CVE-2024-32487 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1598-1 Released: Fri May 10 11:50:36 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) The following package changes have been done: - less-590-150400.3.9.1 updated From sle-container-updates at lists.suse.com Sat May 11 07:08:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 11 May 2024 09:08:39 +0200 (CEST) Subject: SUSE-CU-2024:1993-1: Security update of bci/golang Message-ID: <20240511070839.7F400FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1993-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-2.5.2 , bci/golang:oldstable , bci/golang:oldstable-2.5.2 Container Release : 5.2 Severity : important Type : security References : 1212475 1222849 1224017 CVE-2024-24787 CVE-2024-32487 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1588-1 Released: Fri May 10 09:18:56 2024 Summary: Security update for go1.21 Type: security Severity: moderate References: 1212475,1224017,CVE-2024-24787 This update for go1.21 fixes the following issues: Update to go1.21.10: - CVE-2024-24787: cmd/go: arbitrary code execution during build on darwin (bsc#1224017) - net/http: TestRequestLimit/h2 becomes significantly more expensive and slower after x/net at v0.23.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1598-1 Released: Fri May 10 11:50:36 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) The following package changes have been done: - go1.21-doc-1.21.10-150000.1.33.1 updated - less-590-150400.3.9.1 updated - go1.21-1.21.10-150000.1.33.1 updated - go1.21-race-1.21.10-150000.1.33.1 updated From sle-container-updates at lists.suse.com Sat May 11 07:09:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 11 May 2024 09:09:10 +0200 (CEST) Subject: SUSE-CU-2024:1994-1: Security update of bci/golang Message-ID: <20240511070910.AE272FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1994-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-15.2 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-15.2 Container Release : 15.2 Severity : important Type : security References : 1222849 CVE-2024-32487 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1598-1 Released: Fri May 10 11:50:36 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) The following package changes have been done: - less-590-150400.3.9.1 updated From sle-container-updates at lists.suse.com Sat May 11 07:09:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 11 May 2024 09:09:51 +0200 (CEST) Subject: SUSE-CU-2024:1995-1: Security update of bci/golang Message-ID: <20240511070951.EA0EDFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1995-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-1.5.2 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.5.2 Container Release : 5.2 Severity : important Type : security References : 1218424 1222849 1224017 1224018 CVE-2024-24787 CVE-2024-24788 CVE-2024-32487 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1587-1 Released: Fri May 10 09:18:38 2024 Summary: Security update for go1.22 Type: security Severity: moderate References: 1218424,1224017,1224018,CVE-2024-24787,CVE-2024-24788 This update for go1.22 fixes the following issues: Update to go1.22.3: - CVE-2024-24787: cmd/go: arbitrary code execution during build on darwin (bsc#1224017) - CVE-2024-24788: net: high cpu usage in extractExtendedRCode (bsc#1224018) - cmd/compile: Go 1.22.x failed to be bootstrapped from 386 to ppc64le - cmd/compile: changing a hot concrete method to interface method triggers a PGO ICE - runtime: deterministic fallback hashes across process boundary - net/http: TestRequestLimit/h2 becomes significantly more expensive and slower after x/net at v0.23.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1598-1 Released: Fri May 10 11:50:36 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) The following package changes have been done: - go1.22-doc-1.22.3-150000.1.15.1 updated - less-590-150400.3.9.1 updated - go1.22-1.22.3-150000.1.15.1 updated - go1.22-race-1.22.3-150000.1.15.1 updated From sle-container-updates at lists.suse.com Sat May 11 07:10:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 11 May 2024 09:10:20 +0200 (CEST) Subject: SUSE-CU-2024:1996-1: Security update of bci/golang Message-ID: <20240511071020.81E57FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1996-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-15.2 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-15.2 Container Release : 15.2 Severity : important Type : security References : 1222849 CVE-2024-32487 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1598-1 Released: Fri May 10 11:50:36 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) The following package changes have been done: - less-590-150400.3.9.1 updated From sle-container-updates at lists.suse.com Sat May 11 07:12:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 11 May 2024 09:12:11 +0200 (CEST) Subject: SUSE-CU-2024:1999-1: Security update of bci/nodejs Message-ID: <20240511071211.5A847FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1999-1 Container Tags : bci/node:18 , bci/node:18-18.2 , bci/nodejs:18 , bci/nodejs:18-18.2 Container Release : 18.2 Severity : important Type : security References : 1222849 CVE-2024-32487 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1598-1 Released: Fri May 10 11:50:36 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) The following package changes have been done: - less-590-150400.3.9.1 updated From sle-container-updates at lists.suse.com Sat May 11 07:12:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 11 May 2024 09:12:31 +0200 (CEST) Subject: SUSE-CU-2024:2000-1: Security update of bci/nodejs Message-ID: <20240511071231.6391AFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2000-1 Container Tags : bci/node:20 , bci/node:20-8.2 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-8.2 , bci/nodejs:latest Container Release : 8.2 Severity : important Type : security References : 1222849 CVE-2024-32487 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1598-1 Released: Fri May 10 11:50:36 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) The following package changes have been done: - less-590-150400.3.9.1 updated From sle-container-updates at lists.suse.com Sat May 11 07:13:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 11 May 2024 09:13:18 +0200 (CEST) Subject: SUSE-CU-2024:2001-1: Security update of bci/openjdk-devel Message-ID: <20240511071318.5D06FFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2001-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-16.3 Container Release : 16.3 Severity : important Type : security References : 1222849 CVE-2024-32487 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1598-1 Released: Fri May 10 11:50:36 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) The following package changes have been done: - less-590-150400.3.9.1 updated - container:bci-openjdk-11-15.5.11-17.1 updated From sle-container-updates at lists.suse.com Sat May 11 07:14:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 11 May 2024 09:14:41 +0200 (CEST) Subject: SUSE-CU-2024:2003-1: Security update of bci/openjdk-devel Message-ID: <20240511071441.9DBC5FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2003-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-18.3 , bci/openjdk-devel:latest Container Release : 18.3 Severity : important Type : security References : 1222849 CVE-2024-32487 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1598-1 Released: Fri May 10 11:50:36 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) The following package changes have been done: - less-590-150400.3.9.1 updated - container:bci-openjdk-17-15.5.17-18.1 updated From sle-container-updates at lists.suse.com Sat May 11 07:19:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 11 May 2024 09:19:11 +0200 (CEST) Subject: SUSE-CU-2024:2011-1: Security update of bci/python Message-ID: <20240511071911.3FB60FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2011-1 Container Tags : bci/python:3 , bci/python:3-19.2 , bci/python:3.11 , bci/python:3.11-19.2 , bci/python:latest Container Release : 19.2 Severity : important Type : security References : 1222849 CVE-2024-32487 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1598-1 Released: Fri May 10 11:50:36 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) The following package changes have been done: - less-590-150400.3.9.1 updated From sle-container-updates at lists.suse.com Sat May 11 07:19:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 11 May 2024 09:19:48 +0200 (CEST) Subject: SUSE-CU-2024:2012-1: Security update of bci/python Message-ID: <20240511071948.35734FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2012-1 Container Tags : bci/python:3 , bci/python:3-20.2 , bci/python:3.6 , bci/python:3.6-20.2 Container Release : 20.2 Severity : important Type : security References : 1222849 CVE-2024-32487 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1598-1 Released: Fri May 10 11:50:36 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) The following package changes have been done: - less-590-150400.3.9.1 updated From sle-container-updates at lists.suse.com Sun May 12 07:02:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 12 May 2024 09:02:33 +0200 (CEST) Subject: SUSE-CU-2024:2018-1: Security update of suse/git Message-ID: <20240512070233.4F9DEFCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2018-1 Container Tags : suse/git:2.35 , suse/git:2.35-12.4 , suse/git:latest Container Release : 12.4 Severity : important Type : security References : 1222849 CVE-2024-32487 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1598-1 Released: Fri May 10 11:50:36 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) The following package changes have been done: - less-590-150400.3.9.1 updated - container:micro-image-15.5.0-22.1 updated From sle-container-updates at lists.suse.com Sun May 12 07:03:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 12 May 2024 09:03:48 +0200 (CEST) Subject: SUSE-CU-2024:2024-1: Security update of bci/ruby Message-ID: <20240512070348.77A77FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2024-1 Container Tags : bci/ruby:2 , bci/ruby:2-19.1 , bci/ruby:2.5 , bci/ruby:2.5-19.1 , bci/ruby:latest Container Release : 19.1 Severity : important Type : security References : 1222849 CVE-2024-32487 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1598-1 Released: Fri May 10 11:50:36 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) The following package changes have been done: - less-590-150400.3.9.1 updated From sle-container-updates at lists.suse.com Tue May 14 07:02:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 14 May 2024 09:02:00 +0200 (CEST) Subject: SUSE-CU-2024:2033-1: Security update of suse/ltss/sle15.3/bci-base-fips Message-ID: <20240514070200.E84E0FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2033-1 Container Tags : suse/ltss/sle15.3/bci-base-fips:15.3 , suse/ltss/sle15.3/bci-base-fips:15.3.5.1 Container Release : 5.1 Severity : important Type : security References : 1217445 1217589 1218866 1220441 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container suse/ltss/sle15.3/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-ltss-image-15.0.0-4.47 added - container:sles15-image-15.0.0-17.20.233 removed From sle-container-updates at lists.suse.com Wed May 15 07:01:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 May 2024 09:01:19 +0200 (CEST) Subject: SUSE-IU-2024:430-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20240515070119.C42D4FCEF@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:430-1 Image Tags : suse/sle-micro/5.5:2.0.2 , suse/sle-micro/5.5:2.0.2-4.2.99 , suse/sle-micro/5.5:latest Image Release : 4.2.99 Severity : moderate Type : recommended References : 1197030 1213556 1216443 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1623-1 Released: Mon May 13 14:10:44 2024 Summary: Recommended update for libcontainers-common Type: recommended Severity: moderate References: 1197030,1213556,1216443 This update for libcontainers-common fixes the following issues: New release 20240206: - bump bundled c/common to 0.57.4 - bump bundled c/image to 0.29.2 - conditionally require libcontainers-sles-mounds for product(SLE-Micro) as well (SLE Micro 6.0 now no longer provides product(SUSE_SLE) and instead only provides product(SLE-Micro)), fixes bsc#1216443 New release 20231204: - bump c/common to 0.57.0 * Fix specification of unix:///run * libimage/layer_tree: if parent is empty and a manifest list then ignore check. * Split up util package into pkg/password, pkg/copy, pkg/version * Remove ActiveDestination method to move into podman * Default machine CPUs to Cores/2 * pkg/config: do NOT set StaticDir and VolumeDir * Implement negated label match function * chore: import packages only once - bump c/storage to 1.51.0 * overlay, composefs: mount loop device RO * Run codespell on code * store: serialize container deletion * pkg/system: reduce retry timeout for EnsureRemoveAll * overlay, composefs: use data-only lower layers * store: call RecordWrite() before graphDriver Cleanup() - bump c/image to 5.29.0 * Use constants and types from opencontainers/image-spec/specs-go/v1 * progress: set Current before Refill * copy: fix nil pointer dereference when checking compression algorithm * ociarchive: Add new ArchiveFileNotFoundError New release 20230913: - bump c/image to 5.28.0 * Adding IO decorator to copy progress bar * Ensure we close HTTP connections on all paths * manifest: ListUpdate add imgspecv1.Platform field * pkg/docker: use the same default auth path as macOS on FreeBSD * blob: TryReusingBlobWithOptions consider RequiredCompression if set * Fix tests of the ostree transport * helpers_test,cleanup: correct argument order * Make temporary names container/image specific * listupdate,oci: instance show read-only annotations and CompressionAlgorithmNames * Fix TestOCI1IndexChooseInstanc * Refactor data passing in c/image/copy * Update module github.com/sigstore/fulcio to v1.4.0 * copy/multiple: instanceCopyCopy honor UpdateCompressionAlgorithms * Update vendor of containers/storage * copy/single: accept custom *Options and wrap arguments in copySingleImageOptions * Improve transport documentation * copy: implement instanceCopyClone for zstd compression * copy/multiple: priority of instanceCopyCopy must be higher than instanceCopyClone * Clarify where mirrors are used * Update x/exp/slices, and some small slice-related cleanups * Use consistent example domains in #2069 * copy: add support for ForceCompressionFormat * storage.storageImageDestination.Commit(): leverage image options * Rename SKOPEO_CI_TAG to SKOPEO_CI_BRANCH * [CI:DOCS] Add cirrus-cron retry/monitor jobs * [release-5.27] Fix the branch we use for determining a git-validation starting point * OCI image-spec / distribution-spec v1.1 updates, first round * Merge release branch into main * BREAKING: Update for move of github.com/theupdateframework/go-tuf/encrypted * Update module github.com/containers/ocicrypt to v1.1.8 * fix removal of temp file in GetBlob on Windows * Fix build with golangci-lint 1.54.2 * Implement, and default to, a SQLite BlobInfoCache instead of BoltDB * Update dependencies of docker/docker * Correctly handle encryption/decryption changes in non-OCI formats New release 20230814: - bump c/storage to 1.48.0 * Fix error if continueWrite/continueRead pipe open fails * pkg/regexp: make sure that &Regexp implements the interfaces * Remove use of fillGo18FileTypeBits - bump c/image to 5.27.0 * Don't completely silently ignore non-OCI manifests in OCI layouts - bump c/common to 0.55.3 * Change default image volume mode to 'nullfs' on FreeBSD * [v0.55][CI-DOCS] remove zstd:chunked from docs * libimage: harden lookup by digest * libimage: HasDifferentDigest: add InsecureSkipTLSVerify option - Disable CNI related configs on ALP (bsc#1213556) (https://github.com/containers/podman/issues/19327) - Resolve choice on openSUSE distributions for libcontainer-policy by suggesting the libcontainers-openSUSE-policy explicitly. - Enforce BCI verification via Podman on openSUSE distributions using the already shipped container signing keys. (bsc#1197030) The following package changes have been done: - libcontainers-default-policy-20240206-150500.4.9.2 added - libcontainers-sles-mounts-20240206-150500.4.9.2 updated - libcontainers-common-20240206-150500.4.9.2 updated - container:suse-sle-micro-base-5.5-latest-2.0.2-5.5.3 updated From sle-container-updates at lists.suse.com Wed May 15 07:04:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 May 2024 09:04:06 +0200 (CEST) Subject: SUSE-CU-2024:2036-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20240515070406.A5D2EFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2036-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.4.51 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.4.51 Container Release : 4.51 Severity : moderate Type : security References : 1222548 CVE-2024-2511 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1633-1 Released: Tue May 14 11:35:56 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.88.1 updated - libopenssl1_1-1.1.1d-150200.11.88.1 updated - openssl-1_1-1.1.1d-150200.11.88.1 updated From sle-container-updates at lists.suse.com Wed May 15 07:04:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 May 2024 09:04:49 +0200 (CEST) Subject: SUSE-CU-2024:2037-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20240515070449.4D67DFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2037-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.8.29 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.8.29 Severity : moderate Type : security References : 1222548 CVE-2024-2511 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1633-1 Released: Tue May 14 11:35:56 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.88.1 updated - libopenssl1_1-1.1.1d-150200.11.88.1 updated - openssl-1_1-1.1.1d-150200.11.88.1 updated From sle-container-updates at lists.suse.com Wed May 15 07:06:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 15 May 2024 09:06:47 +0200 (CEST) Subject: SUSE-CU-2024:2039-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20240515070647.EC2DBFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2039-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.8.29 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.8.29 Severity : moderate Type : security References : 1222548 CVE-2024-2511 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1633-1 Released: Tue May 14 11:35:56 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.88.1 updated - libopenssl1_1-1.1.1d-150200.11.88.1 updated - openssl-1_1-1.1.1d-150200.11.88.1 updated From sle-container-updates at lists.suse.com Thu May 16 07:01:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 May 2024 09:01:23 +0200 (CEST) Subject: SUSE-IU-2024:432-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20240516070123.51AD9FCEF@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:432-1 Image Tags : suse/sle-micro/base-5.5:2.0.2 , suse/sle-micro/base-5.5:2.0.2-5.5.6 , suse/sle-micro/base-5.5:latest Image Release : 5.5.6 Severity : moderate Type : recommended References : 1210617 CVE-2023-30608 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1637-1 Released: Tue May 14 14:22:14 2024 Summary: Recommended update for google-cloud SDK Type: recommended Severity: moderate References: 1210617,CVE-2023-30608 This update for google-cloud SDK fixes the following issues: - Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697) - Bellow 5 binaries Obsolete the python3.6 counterpart: python311-google-resumable-media python311-google-api-core python311-google-cloud-storage python311-google-cloud-core python311-googleapis-common-protos - Regular python311 updates (without Obsoletes): python-google-auth python-grpcio python-sqlparse - New python311 packages: libcrc32c python-google-cloud-appengine-logging python-google-cloud-artifact-registry python-google-cloud-audit-log python-google-cloud-build python-google-cloud-compute python-google-cloud-dns python-google-cloud-domains python-google-cloud-iam python-google-cloud-kms-inventory python-google-cloud-kms python-google-cloud-logging python-google-cloud-run python-google-cloud-secret-manager python-google-cloud-service-directory python-google-cloud-spanner python-google-cloud-vpc-access python-google-crc32c python-grpc-google-iam-v1 python-grpcio-status python-proto-plus In python-sqlparse this security issue was fixed: CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (bsc#1210617) The following package changes have been done: - libprotobuf-lite25_1_0-25.1-150400.9.6.1 updated From sle-container-updates at lists.suse.com Thu May 16 07:02:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 May 2024 09:02:20 +0200 (CEST) Subject: SUSE-CU-2024:2040-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20240516070220.C8D63FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2040-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.8.29 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.8.29 Severity : moderate Type : recommended References : 1210617 CVE-2023-30608 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1637-1 Released: Tue May 14 14:22:14 2024 Summary: Recommended update for google-cloud SDK Type: recommended Severity: moderate References: 1210617,CVE-2023-30608 This update for google-cloud SDK fixes the following issues: - Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697) - Bellow 5 binaries Obsolete the python3.6 counterpart: python311-google-resumable-media python311-google-api-core python311-google-cloud-storage python311-google-cloud-core python311-googleapis-common-protos - Regular python311 updates (without Obsoletes): python-google-auth python-grpcio python-sqlparse - New python311 packages: libcrc32c python-google-cloud-appengine-logging python-google-cloud-artifact-registry python-google-cloud-audit-log python-google-cloud-build python-google-cloud-compute python-google-cloud-dns python-google-cloud-domains python-google-cloud-iam python-google-cloud-kms-inventory python-google-cloud-kms python-google-cloud-logging python-google-cloud-run python-google-cloud-secret-manager python-google-cloud-service-directory python-google-cloud-spanner python-google-cloud-vpc-access python-google-crc32c python-grpc-google-iam-v1 python-grpcio-status python-proto-plus In python-sqlparse this security issue was fixed: CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (bsc#1210617) The following package changes have been done: - libprotobuf-lite25_1_0-25.1-150400.9.6.1 updated From sle-container-updates at lists.suse.com Thu May 16 07:03:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 May 2024 09:03:34 +0200 (CEST) Subject: SUSE-CU-2024:2042-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20240516070334.AE496FCFA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2042-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.232 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.232 Severity : moderate Type : recommended References : 1210617 CVE-2023-30608 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1637-1 Released: Tue May 14 14:22:14 2024 Summary: Recommended update for google-cloud SDK Type: recommended Severity: moderate References: 1210617,CVE-2023-30608 This update for google-cloud SDK fixes the following issues: - Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697) - Bellow 5 binaries Obsolete the python3.6 counterpart: python311-google-resumable-media python311-google-api-core python311-google-cloud-storage python311-google-cloud-core python311-googleapis-common-protos - Regular python311 updates (without Obsoletes): python-google-auth python-grpcio python-sqlparse - New python311 packages: libcrc32c python-google-cloud-appengine-logging python-google-cloud-artifact-registry python-google-cloud-audit-log python-google-cloud-build python-google-cloud-compute python-google-cloud-dns python-google-cloud-domains python-google-cloud-iam python-google-cloud-kms-inventory python-google-cloud-kms python-google-cloud-logging python-google-cloud-run python-google-cloud-secret-manager python-google-cloud-service-directory python-google-cloud-spanner python-google-cloud-vpc-access python-google-crc32c python-grpc-google-iam-v1 python-grpcio-status python-proto-plus In python-sqlparse this security issue was fixed: CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (bsc#1210617) The following package changes have been done: - libprotobuf-lite25_1_0-25.1-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.32 updated From sle-container-updates at lists.suse.com Thu May 16 07:05:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 May 2024 09:05:20 +0200 (CEST) Subject: SUSE-CU-2024:2043-1: Recommended update of suse/sles12sp5 Message-ID: <20240516070520.E3A58FCFA@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2043-1 Container Tags : suse/sles12sp5:6.5.594 , suse/sles12sp5:latest Container Release : 6.5.594 Severity : moderate Type : recommended References : 1186827 1219855 1220716 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1662-1 Released: Wed May 15 14:49:10 2024 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1186827,1219855,1220716 This update for container-suseconnect fixes the following issues: - remove unnecessary packaging buildrequires (bsc#1220716) - update to 2.5.0: * Upgrade to go 1.21 * Allow setting of SCC credentials via environment variables * Bump github.com/urfave/cli/v2 from 2.25.7 to 2.27.1 * Use switch instead of else if construction * Add system token header to query SCC subscriptions (bsc#1219855) - update to 2.4.0 (jsc#PED-1710): * Fix docker build example for non-SLE hosts * Minor fixes to --help and README * Improve documentation when building with podman on non-SLE host * Add flag --log-credentials-errors * Add GitHub actions * Remove vendor/ dir * Cleanup tests * Update capture to the 1.0.0 release * Bump cli to 2.34.4 * Update cli to 2.23.5 * Add dependabot * Use URL.Redacted() to avoid security scanner warning * Regcode fix - strip binaries (removes 4MB/25% of the uncompressed size) (bsc#1186827) The following package changes have been done: - container-suseconnect-2.5.0-1.17.1 updated From sle-container-updates at lists.suse.com Thu May 16 07:07:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 May 2024 09:07:26 +0200 (CEST) Subject: SUSE-CU-2024:2044-1: Security update of suse/sle15 Message-ID: <20240516070726.2CBA5FCFA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2044-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.449 Container Release : 9.5.449 Severity : important Type : security References : 1047178 1082216 1082233 1210999 1222548 CVE-2017-6512 CVE-2018-6798 CVE-2018-6913 CVE-2023-31484 CVE-2024-2511 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1630-1 Released: Tue May 14 09:20:44 2024 Summary: Security update for perl Type: security Severity: important References: 1047178,1082216,1082233,1210999,CVE-2017-6512,CVE-2018-6798,CVE-2018-6913,CVE-2023-31484 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) - CVE-2023-31484: Enabled TLS certificate verification in CPAN (bsc#1210999) - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1633-1 Released: Tue May 14 11:35:56 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.88.1 updated - libopenssl1_1-1.1.1d-150200.11.88.1 updated - openssl-1_1-1.1.1d-150200.11.88.1 updated - perl-base-5.26.1-150000.7.18.1 updated From sle-container-updates at lists.suse.com Thu May 16 07:08:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 May 2024 09:08:12 +0200 (CEST) Subject: SUSE-CU-2024:2047-1: Recommended update of suse/389-ds Message-ID: <20240516070812.1DA8EFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2047-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-22.3 , suse/389-ds:latest Container Release : 22.3 Severity : moderate Type : recommended References : 1224109 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1631-1 Released: Tue May 14 10:03:50 2024 Summary: Recommended update for python-argcomplete and python-Twisted Type: recommended Severity: moderate References: 1224109 This update for python-argcomplete and python-Twisted fixes the following issue: - Fix update-alternatives (bsc#1224109) The following package changes have been done: - python3-argcomplete-1.9.2-150000.3.8.1 updated - container:sles15-image-15.0.0-36.11.32 updated From sle-container-updates at lists.suse.com Thu May 16 07:03:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 May 2024 09:03:02 +0200 (CEST) Subject: SUSE-CU-2024:2041-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20240516070302.1BDD1FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2041-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.15.28 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.15.28 Severity : moderate Type : recommended References : 1210617 CVE-2023-30608 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1637-1 Released: Tue May 14 14:22:14 2024 Summary: Recommended update for google-cloud SDK Type: recommended Severity: moderate References: 1210617,CVE-2023-30608 This update for google-cloud SDK fixes the following issues: - Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697) - Bellow 5 binaries Obsolete the python3.6 counterpart: python311-google-resumable-media python311-google-api-core python311-google-cloud-storage python311-google-cloud-core python311-googleapis-common-protos - Regular python311 updates (without Obsoletes): python-google-auth python-grpcio python-sqlparse - New python311 packages: libcrc32c python-google-cloud-appengine-logging python-google-cloud-artifact-registry python-google-cloud-audit-log python-google-cloud-build python-google-cloud-compute python-google-cloud-dns python-google-cloud-domains python-google-cloud-iam python-google-cloud-kms-inventory python-google-cloud-kms python-google-cloud-logging python-google-cloud-run python-google-cloud-secret-manager python-google-cloud-service-directory python-google-cloud-spanner python-google-cloud-vpc-access python-google-crc32c python-grpc-google-iam-v1 python-grpcio-status python-proto-plus In python-sqlparse this security issue was fixed: CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (bsc#1210617) The following package changes have been done: - libprotobuf-lite25_1_0-25.1-150400.9.6.1 updated From sle-container-updates at lists.suse.com Thu May 16 07:07:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 May 2024 09:07:41 +0200 (CEST) Subject: SUSE-CU-2024:2046-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20240516070741.B096EFCFA@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2046-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.32 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.32 Container Release : 3.32 Severity : moderate Type : recommended References : 1210617 CVE-2023-30608 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1637-1 Released: Tue May 14 14:22:14 2024 Summary: Recommended update for google-cloud SDK Type: recommended Severity: moderate References: 1210617,CVE-2023-30608 This update for google-cloud SDK fixes the following issues: - Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697) - Bellow 5 binaries Obsolete the python3.6 counterpart: python311-google-resumable-media python311-google-api-core python311-google-cloud-storage python311-google-cloud-core python311-googleapis-common-protos - Regular python311 updates (without Obsoletes): python-google-auth python-grpcio python-sqlparse - New python311 packages: libcrc32c python-google-cloud-appengine-logging python-google-cloud-artifact-registry python-google-cloud-audit-log python-google-cloud-build python-google-cloud-compute python-google-cloud-dns python-google-cloud-domains python-google-cloud-iam python-google-cloud-kms-inventory python-google-cloud-kms python-google-cloud-logging python-google-cloud-run python-google-cloud-secret-manager python-google-cloud-service-directory python-google-cloud-spanner python-google-cloud-vpc-access python-google-crc32c python-grpc-google-iam-v1 python-grpcio-status python-proto-plus In python-sqlparse this security issue was fixed: CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (bsc#1210617) The following package changes have been done: - libprotobuf-lite25_1_0-25.1-150400.9.6.1 updated From sle-container-updates at lists.suse.com Thu May 16 07:20:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 May 2024 09:20:41 +0200 (CEST) Subject: SUSE-CU-2024:2079-1: Security update of suse/postgres Message-ID: <20240516072041.24277FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2079-1 Container Tags : suse/postgres:15 , suse/postgres:15-19.3 , suse/postgres:15.6 , suse/postgres:15.6-19.3 Container Release : 19.3 Severity : moderate Type : security References : 1224038 1224051 CVE-2024-4317 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1652-1 Released: Wed May 15 09:18:14 2024 Summary: Security update for postgresql16 Type: security Severity: moderate References: 1224038,1224051,CVE-2024-4317 This update for postgresql16 fixes the following issues: PostgreSQL upgrade to version 16.3 (bsc#1224051): - CVE-2024-4317: Fixed visibility restriction of pg_stats_ext and pg_stats_ext_exprs entries to the table owner (bsc#1224038). Bug fixes: - Fix incompatibility with LLVM 18. - Prepare for PostgreSQL 17. - Make sure all compilation and doc generation happens in %build. - Require LLVM <= 17 for now, because LLVM 18 doesn't seem to work. - Remove constraints file because improved memory usage for s390x - Use %patch -P N instead of deprecated %patchN. Release notes: - https://www.postgresql.org/docs/release/16.3/ The following package changes have been done: - libpq5-16.3-150200.5.13.1 updated - container:sles15-image-15.0.0-36.11.32 updated From sle-container-updates at lists.suse.com Thu May 16 07:20:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 May 2024 09:20:56 +0200 (CEST) Subject: SUSE-CU-2024:2080-1: Security update of suse/postgres Message-ID: <20240516072056.9E6A5FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2080-1 Container Tags : suse/postgres:16 , suse/postgres:16-8.3 , suse/postgres:16.3 , suse/postgres:16.3-8.3 , suse/postgres:latest Container Release : 8.3 Severity : moderate Type : security References : 1224038 1224051 CVE-2024-4317 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1652-1 Released: Wed May 15 09:18:14 2024 Summary: Security update for postgresql16 Type: security Severity: moderate References: 1224038,1224051,CVE-2024-4317 This update for postgresql16 fixes the following issues: PostgreSQL upgrade to version 16.3 (bsc#1224051): - CVE-2024-4317: Fixed visibility restriction of pg_stats_ext and pg_stats_ext_exprs entries to the table owner (bsc#1224038). Bug fixes: - Fix incompatibility with LLVM 18. - Prepare for PostgreSQL 17. - Make sure all compilation and doc generation happens in %build. - Require LLVM <= 17 for now, because LLVM 18 doesn't seem to work. - Remove constraints file because improved memory usage for s390x - Use %patch -P N instead of deprecated %patchN. Release notes: - https://www.postgresql.org/docs/release/16.3/ The following package changes have been done: - libpq5-16.3-150200.5.13.1 updated - postgresql16-16.3-150200.5.13.1 updated - postgresql16-server-16.3-150200.5.13.1 updated - container:sles15-image-15.0.0-36.11.32 updated From sle-container-updates at lists.suse.com Thu May 16 07:25:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 May 2024 09:25:50 +0200 (CEST) Subject: SUSE-CU-2024:2091-1: Recommended update of suse/sle15 Message-ID: <20240516072550.823FCFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2091-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.11.32 , suse/sle15:15.5 , suse/sle15:15.5.36.11.32 Container Release : 36.11.32 Severity : moderate Type : recommended References : 1210617 CVE-2023-30608 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1637-1 Released: Tue May 14 14:22:14 2024 Summary: Recommended update for google-cloud SDK Type: recommended Severity: moderate References: 1210617,CVE-2023-30608 This update for google-cloud SDK fixes the following issues: - Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697) - Bellow 5 binaries Obsolete the python3.6 counterpart: python311-google-resumable-media python311-google-api-core python311-google-cloud-storage python311-google-cloud-core python311-googleapis-common-protos - Regular python311 updates (without Obsoletes): python-google-auth python-grpcio python-sqlparse - New python311 packages: libcrc32c python-google-cloud-appengine-logging python-google-cloud-artifact-registry python-google-cloud-audit-log python-google-cloud-build python-google-cloud-compute python-google-cloud-dns python-google-cloud-domains python-google-cloud-iam python-google-cloud-kms-inventory python-google-cloud-kms python-google-cloud-logging python-google-cloud-run python-google-cloud-secret-manager python-google-cloud-service-directory python-google-cloud-spanner python-google-cloud-vpc-access python-google-crc32c python-grpc-google-iam-v1 python-grpcio-status python-proto-plus In python-sqlparse this security issue was fixed: CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (bsc#1210617) The following package changes have been done: - libprotobuf-lite25_1_0-25.1-150400.9.6.1 updated From sle-container-updates at lists.suse.com Sun May 5 07:01:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 5 May 2024 09:01:11 +0200 (CEST) Subject: SUSE-IU-2024:366-1: Security update of suse-sles-15-sp5-chost-byos-v20240502-x86_64-gen2 Message-ID: <20240505070111.88E89FCF4@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20240502-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:366-1 Image Tags : suse-sles-15-sp5-chost-byos-v20240502-x86_64-gen2:20240502 Image Release : Severity : critical Type : security References : 1027519 1133277 1175678 1182659 1188500 1190495 1194869 1198101 1200465 1203378 1205316 1205588 1205855 1207948 1207987 1208794 1209635 1209657 1210382 1210959 1211721 1212180 1212182 1212514 1213418 1213456 1213945 1214148 1214852 1214934 1215005 1215098 1215099 1215100 1215101 1215102 1215103 1215221 1215322 1215334 1216474 1217301 1217302 1217316 1217320 1217321 1217324 1217326 1217329 1217330 1217339 1217432 1217450 1217667 1217829 1217959 1217987 1217988 1217989 1218171 1218321 1218336 1218431 1218479 1218492 1218562 1218643 1218777 1218871 1219031 1219169 1219170 1219264 1219443 1219460 1219520 1219559 1219581 1219834 1219901 1219937 1220061 1220114 1220132 1220176 1220237 1220251 1220279 1220320 1220325 1220328 1220337 1220340 1220365 1220366 1220393 1220398 1220411 1220413 1220433 1220439 1220441 1220443 1220445 1220466 1220469 1220478 1220482 1220484 1220486 1220487 1220492 1220703 1220724 1220735 1220736 1220763 1220775 1220790 1220797 1220831 1220833 1220836 1220839 1220840 1220843 1220845 1220848 1220870 1220871 1220872 1220878 1220879 1220883 1220885 1220887 1220898 1220917 1220918 1220920 1220921 1220926 1220927 1220929 1220930 1220931 1220932 1220933 1220937 1220938 1220940 1220954 1220955 1220959 1220960 1220961 1220965 1220969 1220978 1220979 1220981 1220982 1220983 1220985 1220986 1220987 1220989 1220990 1220996 1221009 1221012 1221015 1221022 1221039 1221040 1221044 1221045 1221046 1221048 1221055 1221056 1221058 1221060 1221061 1221062 1221066 1221067 1221068 1221069 1221070 1221071 1221077 1221082 1221090 1221097 1221123 1221132 1221156 1221184 1221194 1221239 1221242 1221252 1221273 1221274 1221276 1221277 1221289 1221291 1221293 1221298 1221337 1221338 1221358 1221361 1221375 1221379 1221399 1221407 1221525 1221551 1221553 1221613 1221614 1221616 1221618 1221631 1221633 1221665 1221667 1221713 1221725 1221726 1221746 1221747 1221777 1221814 1221816 1221830 1221831 1221866 1221951 1221984 1222033 1222056 1222060 1222070 1222073 1222086 1222105 1222109 1222113 1222117 1222259 1222274 1222291 1222300 1222302 1222304 1222317 1222331 1222355 1222356 1222360 1222366 1222373 1222453 1222547 1222619 1222620 1222831 1222842 1222952 1222992 1223094 CVE-2021-46925 CVE-2021-46926 CVE-2021-46927 CVE-2021-46929 CVE-2021-46930 CVE-2021-46931 CVE-2021-46933 CVE-2021-46934 CVE-2021-46936 CVE-2021-47082 CVE-2021-47083 CVE-2021-47087 CVE-2021-47091 CVE-2021-47093 CVE-2021-47094 CVE-2021-47095 CVE-2021-47096 CVE-2021-47097 CVE-2021-47098 CVE-2021-47099 CVE-2021-47100 CVE-2021-47101 CVE-2021-47102 CVE-2021-47104 CVE-2021-47105 CVE-2021-47107 CVE-2021-47108 CVE-2022-28737 CVE-2022-4744 CVE-2022-48624 CVE-2022-48626 CVE-2022-48627 CVE-2022-48628 CVE-2022-48629 CVE-2022-48630 CVE-2023-0160 CVE-2023-28746 CVE-2023-32731 CVE-2023-32732 CVE-2023-33953 CVE-2023-35827 CVE-2023-40546 CVE-2023-40547 CVE-2023-40548 CVE-2023-40549 CVE-2023-40550 CVE-2023-40551 CVE-2023-44487 CVE-2023-45918 CVE-2023-46842 CVE-2023-4750 CVE-2023-4785 CVE-2023-48231 CVE-2023-48232 CVE-2023-48233 CVE-2023-48234 CVE-2023-48235 CVE-2023-48236 CVE-2023-48237 CVE-2023-48706 CVE-2023-4881 CVE-2023-52425 CVE-2023-52447 CVE-2023-52450 CVE-2023-52453 CVE-2023-52454 CVE-2023-52462 CVE-2023-52463 CVE-2023-52467 CVE-2023-52469 CVE-2023-52470 CVE-2023-52474 CVE-2023-52476 CVE-2023-52477 CVE-2023-52481 CVE-2023-52482 CVE-2023-52484 CVE-2023-52486 CVE-2023-52492 CVE-2023-52493 CVE-2023-52494 CVE-2023-52497 CVE-2023-52500 CVE-2023-52501 CVE-2023-52502 CVE-2023-52504 CVE-2023-52507 CVE-2023-52508 CVE-2023-52509 CVE-2023-52510 CVE-2023-52511 CVE-2023-52513 CVE-2023-52515 CVE-2023-52517 CVE-2023-52518 CVE-2023-52519 CVE-2023-52520 CVE-2023-52523 CVE-2023-52524 CVE-2023-52525 CVE-2023-52528 CVE-2023-52529 CVE-2023-52530 CVE-2023-52531 CVE-2023-52532 CVE-2023-52559 CVE-2023-52563 CVE-2023-52564 CVE-2023-52566 CVE-2023-52567 CVE-2023-52569 CVE-2023-52574 CVE-2023-52575 CVE-2023-52576 CVE-2023-52582 CVE-2023-52583 CVE-2023-52587 CVE-2023-52591 CVE-2023-52594 CVE-2023-52595 CVE-2023-52597 CVE-2023-52598 CVE-2023-52599 CVE-2023-52600 CVE-2023-52601 CVE-2023-52602 CVE-2023-52603 CVE-2023-52604 CVE-2023-52605 CVE-2023-52606 CVE-2023-52607 CVE-2023-52608 CVE-2023-52612 CVE-2023-52615 CVE-2023-52617 CVE-2023-52619 CVE-2023-52621 CVE-2023-52623 CVE-2023-52628 CVE-2023-52632 CVE-2023-52637 CVE-2023-52639 CVE-2023-6270 CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2023-7042 CVE-2023-7192 CVE-2024-0841 CVE-2024-2004 CVE-2024-2201 CVE-2024-2201 CVE-2024-22099 CVE-2024-22667 CVE-2024-23307 CVE-2024-2398 CVE-2024-25629 CVE-2024-25739 CVE-2024-25742 CVE-2024-25743 CVE-2024-26599 CVE-2024-26600 CVE-2024-26602 CVE-2024-26607 CVE-2024-26612 CVE-2024-26614 CVE-2024-26620 CVE-2024-26627 CVE-2024-26629 CVE-2024-26642 CVE-2024-26645 CVE-2024-26646 CVE-2024-26651 CVE-2024-26654 CVE-2024-26659 CVE-2024-26664 CVE-2024-26667 CVE-2024-26670 CVE-2024-26695 CVE-2024-26717 CVE-2024-28085 CVE-2024-28182 CVE-2024-28757 CVE-2024-28834 CVE-2024-28835 CVE-2024-2961 CVE-2024-31142 CVE-2024-3651 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20240502-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:573-1 Released: Wed Feb 21 09:36:59 2024 Summary: Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 Type: security Severity: moderate References: 1133277,1182659,1203378,1208794,1212180,1212182,1214148,1215334,CVE-2023-32731,CVE-2023-32732,CVE-2023-33953,CVE-2023-44487,CVE-2023-4785 This update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 fixes the following issues: abseil-cpp was updated to: Update to 20230802.1: * Add StdcppWaiter to the end of the list of waiter implementations Update to 20230802.0 What's New: * Added the nullability library for designating the expected nullability of pointers. Currently these serve as annotations only, but it is expected that compilers will one day be able to use these annotations for diagnostic purposes. * Added the prefetch library as a portable layer for moving data into caches before it is read. * Abseil's hash tables now detect many more programming errors in debug and sanitizer builds. * Abseil's synchronization objects now differentiate absolute waits (when passed an absl::Time) from relative waits (when passed an absl::Duration) when the underlying platform supports differentiating these cases. This only makes a difference when system clocks are adjusted. * Abseil's flag parsing library includes additional methods that make it easier to use when another library also expects to be able to parse flags. * absl::string_view is now available as a smaller target, @com_google_absl//absl/strings:string_view, so that users may use this library without depending on the much larger @com_google_absl//absl/strings target. Update to 20230125.3 Details can be found on: https://github.com/abseil/abseil-cpp/releases/tag/20230125.3 Update to 20230125.2 What's New: The Abseil logging library has been released. This library provides facilities for writing short text messages about the status of a program to stderr, disk files, or other sinks (via an extension API). See the logging library documentation for more information. An extension point, AbslStringify(), allows user-defined types to seamlessly work with Abseil's string formatting functions like absl::StrCat() and absl::StrFormat(). A library for computing CRC32C checksums has been added. Floating-point parsing now uses the Eisel-Lemire algorithm, which provides a significant speed improvement. The flags library now provides suggestions for the closest flag(s) in the case of misspelled flags. Using CMake to install Abseil now makes the installed artifacts (in particular absl/base/options.h) reflect the compiled ABI. Breaking Changes: Abseil now requires at least C++14 and follows Google's Foundational C++ Support Policy. See this table for a list of currently supported versions compilers, platforms, and build tools. The legacy spellings of the thread annotation macros/functions (e.g. GUARDED_BY()) have been removed by default in favor of the ABSL_ prefixed versions (e.g. ABSL_GUARDED_BY()) due to clashes with other libraries. The compatibility macro ABSL_LEGACY_THREAD_ANNOTATIONS can be defined on the compile command-line to temporarily restore these spellings, but this compatibility macro will be removed in the future. Known Issues The Abseil logging library in this release is not a feature-complete replacement for glog yet. VLOG and DFATAL are examples of features that have not yet been released. Update to version 20220623.0 What's New: * Added absl::AnyInvocable, a move-only function type. * Added absl::CordBuffer, a type for buffering data for eventual inclusion an absl::Cord, which is useful for writing zero-copy code. * Added support for command-line flags of type absl::optional. Breaking Changes: * CMake builds now use the flag ABSL_BUILD_TESTING (default: OFF) to control whether or not unit tests are built. * The ABSL_DEPRECATED macro now works with the GCC compiler. GCC users that are experiencing new warnings can use -Wno-deprecated-declatations silence the warnings or use -Wno-error=deprecated-declarations to see warnings but not fail the build. * ABSL_CONST_INIT uses the C++20 keyword constinit when available. Some compilers are more strict about where this keyword must appear compared to the pre-C++20 implementation. * Bazel builds now depend on the bazelbuild/bazel-skylib repository. See Abseil's WORKSPACE file for an example of how to add this dependency. Other: * This will be the last release to support C++11. Future releases will require at least C++14. grpc was updated to 1.60: Update to release 1.60 * Implemented dualstack IPv4 and IPv6 backend support, as per draft gRFC A61. xDS support currently guarded by GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS env var. * Support for setting proxy for addresses. * Add v1 reflection. update to 1.59.3: * Security - Revocation: Crl backport to 1.59. (#34926) Update to release 1.59.2 * Fixes for CVE-2023-44487 Update to version 1.59.1: * C++: Fix MakeCordFromSlice memory bug (gh#grpc/grpc#34552). Update to version 1.59.0: * xds ssa: Remove environment variable protection for stateful affinity (gh#grpc/grpc#34435). * c-ares: fix spin loop bug when c-ares gives up on a socket that still has data left in its read buffer (gh#grpc/grpc#34185). * Deps: Adding upb as a submodule (gh#grpc/grpc#34199). * EventEngine: Update Cancel contract on closure deletion timeline (gh#grpc/grpc#34167). * csharp codegen: Handle empty base_namespace option value to fix gh#grpc/grpc#34113 (gh#grpc/grpc#34137). * Ruby: - replace strdup with gpr_strdup (gh#grpc/grpc#34177). - drop ruby 2.6 support (gh#grpc/grpc#34198). Update to release 1.58.1 * Reintroduced c-ares 1.14 or later support Update to release 1.58 * ruby extension: remove unnecessary background thread startup wait logic that interferes with forking Update to release 1.57 (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * EventEngine: Change GetDNSResolver to return absl::StatusOr>. * Improve server handling of file descriptor exhaustion. * Add a channel argument to set DSCP on streams. Update to release 1.56.2 * Improve server handling of file descriptor exhaustion Update to release 1.56.0 (CVE-2023-32731, bsc#1212180) * core: Add support for vsock transport. * EventEngine: Change TXT lookup result type to std::vector. * C++/Authz: support customizable audit functionality for authorization policy. Update to release 1.54.1 * Bring declarations and definitions to be in sync Update to release 1.54 (CVE-2023-32732, bsc#1212182) * XDS: enable XDS federation by default * TlsCreds: Support revocation of intermediate in chain Update to release 1.51.1 * Only a macOS/aarch64-related change Update to release 1.51 * c-ares DNS resolver: fix logical race between resolution timeout/cancellation and fd readability. * Remove support for pthread TLS Update to release 1.50.0 * Core - Derive EventEngine from std::enable_shared_from_this. (#31060) - Revert 'Revert '[chttp2] fix stream leak with queued flow control update and absence of writes (#30907)' (#30991)'. (#30992) - [chttp2] fix stream leak with queued flow control update and absence of writes. (#30907) - Remove gpr_codegen. (#30899) - client_channel: allow LB policy to communicate update errors to resolver. (#30809) - FaultInjection: Fix random number generation. (#30623) * C++ - OpenCensus Plugin: Add measure and views for started RPCs. (#31034) * C# - Grpc.Tools: Parse warnings from libprotobuf (fix #27502). (#30371) - Grpc.Tools add support for env variable GRPC_PROTOC_PLUGIN (fix #27099). (#30411) - Grpc.Tools document AdditionalImportDirs. (#30405) - Fix OutputOptions and GrpcOutputOptions (issue #25950). (#30410) Update to release 1.49.1 * All - Update protobuf to v21.6 on 1.49.x. (#31028) * Ruby - Backport 'Fix ruby windows ucrt build #31051' to 1.49.x. (#31053) Update to release 1.49.0 * Core - Backport: 'stabilize the C2P resolver URI scheme' to v1.49.x. (#30654) - Bump core version. (#30588) - Update OpenCensus to HEAD. (#30567) - Update protobuf submodule to 3.21.5. (#30548) - Update third_party/protobuf to 3.21.4. (#30377) - [core] Remove GRPC_INITIAL_METADATA_CORKED flag. (#30443) - HTTP2: Fix keepalive time throttling. (#30164) - Use AnyInvocable in EventEngine APIs. (#30220) * Python - Add type stub generation support to grpcio-tools. (#30498) Update to release 1.48.1 * Backport EventEngine Forkables Update to release 1.48.0 * C++14 is now required * xDS: Workaround to get gRPC clients working with istio Update to release 1.46.3 * backport: xds: use federation env var to guard new-style resource name parsing (#29725) #29727 Update to release 1.46 * Added HTTP/1.1 support in httpcli * HTTP2: Add graceful goaway Update to release 1.45.2 * Various fixes related to XDS * HTTP2: Should not run cancelling logic on servers when receiving GOAWAY Update to release 1.45.1 * Switched to epoll1 as a default polling engine for Linux Update to version 1.45.0: * Core: - Backport 'Include ADS stream error in XDS error updates (#29014)' to 1.45.x [gh#grpc/grpc#29121]. - Bump core version to 23.0.0 for upcoming release [gh#grpc/grpc#29026]. - Fix memory leak in HTTP request security handshake cancellation [gh#grpc/grpc#28971]. - CompositeChannelCredentials: Comparator implementation [gh#grpc/grpc#28902]. - Delete custom iomgr [gh#grpc/grpc#28816]. - Implement transparent retries [gh#grpc/grpc#28548]. - Uniquify channel args keys [gh#grpc/grpc#28799]. - Set trailing_metadata_available for recv_initial_metadata ops when generating a fake status [gh#grpc/grpc#28827]. - Eliminate gRPC insecure build [gh#grpc/grpc#25586]. - Fix for a racy WorkSerializer shutdown [gh#grpc/grpc#28769]. - InsecureCredentials: singleton object [gh#grpc/grpc#28777]. - Add http cancel api [gh#grpc/grpc#28354]. - Memory leak fix on windows in grpc_tcp_create() [gh#grpc/grpc#27457]. - xDS: Rbac filter updates [gh#grpc/grpc#28568]. * C++ - Bump the minimum gcc to 5 [gh#grpc/grpc#28786]. - Add experimental API for CRL checking support to gRPC C++ TlsCredentials [gh#grpc/grpc#28407]. Update to release 1.44.0 * Add a trace to list which filters are contained in a channel stack. * Remove grpc_httpcli_context. * xDS: Add support for RBAC HTTP filter. * API to cancel grpc_resolve_address. Update to version 1.43.2: * Fix google-c2p-experimental issue (gh#grpc/grpc#28692). Changes from version 1.43.0: * Core: - Remove redundant work serializer usage in c-ares windows code (gh#grpc/grpc#28016). - Support RDS updates on the server (gh#grpc/grpc#27851). - Use WorkSerializer in XdsClient to propagate updates in a synchronized manner (gh#grpc/grpc#27975). - Support Custom Post-handshake Verification in TlsCredentials (gh#grpc/grpc#25631). - Reintroduce the EventEngine default factory (gh#grpc/grpc#27920). - Assert Android API >= v21 (gh#grpc/grpc#27943). - Add support for abstract unix domain sockets (gh#grpc/grpc#27906). * C++: - OpenCensus: Move metadata storage to arena (gh#grpc/grpc#27948). * [C#] Add nullable type attributes to Grpc.Core.Api (gh#grpc/grpc#27887). - Update package name libgrpc++1 to libgrpc++1_43 in keeping with updated so number. Update to release 1.41.0 * xDS: Remove environmental variable guard for security. * xDS Security: Use new way to fetch certificate provider plugin instance config. * xDS server serving status: Use a struct to allow more fields to be added in the future. Update to release 1.39.1 * Fix C# protoc plugin argument parsing on 1.39.x Update to version 1.39.0: * Core - Initialize tcp_posix for CFStream when needed (gh#grpc/grpc#26530). - Update boringssl submodule (gh#grpc/grpc#26520). - Fix backup poller races (gh#grpc/grpc#26446). - Use default port 443 in HTTP CONNECT request (gh#grpc/grpc#26331). * C++ - New iomgr implementation backed by the EventEngine API (gh#grpc/grpc#26026). - async_unary_call: add a Destroy method, called by std::default_delete (gh#grpc/grpc#26389). - De-experimentalize C++ callback API (gh#grpc/grpc#25728). * PHP: stop reading composer.json file just to read the version string (gh#grpc/grpc#26156). * Ruby: Set XDS user agent in ruby via macros (gh#grpc/grpc#26268). Update to release 1.38.0 * Invalidate ExecCtx now before computing timeouts in all repeating timer events using a WorkSerializer or combiner. * Fix use-after-unref bug in fault_injection_filter * New gRPC EventEngine Interface * Allow the AWS_DEFAULT_REGION environment variable * s/OnServingStatusChange/OnServingStatusUpdate/ Update to release 1.37.1 * Use URI form of address for channelz listen node * Implementation CSDS (xDS Config Dump) * xDS status notifier * Remove CAS loops in global subchannel pool and simplify subchannel refcounting Update to release 1.36.4 * A fix for DNS SRV lookups on Windows Update to 1.36.1: * Core: * Remove unnecessary internal pollset set in c-ares DNS resolver * Support Default Root Certs in Tls Credentials * back-port: add env var protection for google-c2p resolver * C++: * Move third party identity C++ api out of experimental namespace * refactor!: change error_details functions to templates * Support ServerContext for callback API * PHP: * support for PSM security * fixed segfault on reused call object * fixed phpunit 8 warnings * Python: * Implement Python Client and Server xDS Creds Update to version 1.34.1: * Backport 'Lazily import grpc_tools when using runtime stub/message generation' to 1.34.x (gh#grpc/grpc#25011). * Backport 'do not use true on non-windows' to 1.34.x (gh#grpc/grpc#24995). Update to version 1.34.0: * Core: - Protect xds security code with the environment variable 'GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT' (gh#grpc/grpc#24782). - Add support for 'unix-abstract:' URIs to support abstract unix domain sockets (gh#grpc/grpc#24500). - Increment Index when parsing not plumbed SAN fields (gh#grpc/grpc#24601). - Revert 'Revert 'Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS'' (gh#grpc/grpc#24518). - xds: Set status code to INVALID_ARGUMENT when NACKing (gh#grpc/grpc#24516). - Include stddef.h in address_sorting.h (gh#grpc/grpc#24514). - xds: Add support for case_sensitive option in RouteMatch (gh#grpc/grpc#24381). * C++: - Fix --define=grpc_no_xds=true builds (gh#grpc/grpc#24503). - Experimental support and tests for CreateCustomInsecureChannelWithInterceptorsFromFd (gh#grpc/grpc#24362). Update to release 1.33.2 * Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS. * Expose Cronet error message to the application layer. * Remove grpc_channel_ping from surface API. * Do not send BDP pings if there is no receive side activity. Update to version 1.33.1 * Core - Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS (gh#grpc/grpc#24063). - Expose Cronet error message to the application layer (gh#grpc/grpc#24083). - Remove grpc_channel_ping from surface API (gh#grpc/grpc#23894). - Do not send BDP pings if there is no receive side activity (gh#grpc/grpc#22997). * C++ - Makefile: only support building deps from submodule (gh#grpc/grpc#23957). - Add new subpackages - libupb and upb-devel. Currently, grpc sources include also upb sources. Before this change, libupb and upb-devel used to be included in a separate package - upb. Update to version 1.32.0: * Core - Remove stream from stalled lists on remove_stream (gh#grpc/grpc#23984). - Do not cancel RPC if send metadata size if larger than peer's limit (gh#grpc/grpc#23806). - Don't consider receiving non-OK status as an error for HTTP2 (gh#grpc/grpc#19545). - Keepalive throttling (gh#grpc/grpc#23313). - Include the target_uri in 'target uri is not valid' error messages (gh#grpc/grpc#23782). - Fix 'cannot send compressed message large than 1024B' in cronet_transport (gh#grpc/grpc#23219). - Receive SETTINGS frame on clients before declaring subchannel READY (gh#grpc/grpc#23636). - Enabled GPR_ABSEIL_SYNC (gh#grpc/grpc#23372). - Experimental xDS v3 support (gh#grpc/grpc#23281). * C++ - Upgrade bazel used for all tests to 2.2.0 (gh#grpc/grpc#23902). - Remove test targets and test helper libraries from Makefile (gh#grpc/grpc#23813). - Fix repeated builds broken by re2's cmake (gh#grpc/grpc#23587). - Log the peer address of grpc_cli CallMethod RPCs to stderr (gh#grpc/grpc#23557). opencensus-proto was updated to 0.3.0+git.20200721: - Update to version 0.3.0+git.20200721: * Bump version to 0.3.0 * Generate Go types using protocolbuffers/protobuf-go (#218) * Load proto_library() rule. (#216) - Update to version 0.2.1+git.20190826: * Remove grpc_java dependency and java_proto rules. (#214) * Add C++ targets, especially for gRPC services. (#212) * Upgrade bazel and dependencies to latest. (#211) * Bring back bazel cache to make CI faster. (#210) * Travis: don't require sudo for bazel installation. (#209) - Update to version 0.2.1: * Add grpc-gateway for metrics service. (#205) * Pin bazel version in travis builds (#207) * Update gen-go files (#199) * Add Web JS as a LibraryInfo.Language option (#198) * Set up Python packaging for PyPI release. (#197) * Add tracestate to links. (#191) * Python proto file generator and generated proto files (#196) * Ruby proto file generator and generated proto files (#192) * Add py_proto_library() rules for envoy/api. (#194) * Gradle: Upgrade dependency versions. (#193) * Update release versions for readme. (#189) * Start 0.3.0 development cycle * Update gen-go files. (#187) * Revert 'Start 0.3.0 development cycle (#167)' (#183) * Revert optimization for metric descriptor and bucket options for now. (#184) * Constant sampler: add option to always follow the parent's decision. (#182) * Document that all maximum values must be specified. (#181) * Fix typo in bucket bounds. (#178) * Restrict people who can approve reviews. This is to ensure code quality. (#177) * Use bazel cache to make CI faster. (#176) * Add grpc generated files to the idea plugin. (#175) * Add Resource to Span (#174) * time is required (#170) * Upgrade protobuf dependency to v3.6.1.3. (#173) * assume Ok Status when not set (#171) * Minor comments fixes (#160) * Start 0.3.0 development cycle (#167) * Update gen-go files. (#162) * Update releasing instruction. (#163) * Fix Travis build. (#165) * Add OpenApi doc for trace agent grpc-gateway (#157) * Add command to generate OpenApi/Swagger doc for grpc-gateway (#156) * Update gen-go files (#155) * Add trace export grpc-gateway config (#77) * Fix bazel build after bazel upgrade (#154) * README: Add gitter, javadoc and godoc badge. (#151) * Update release versions for README. (#150) * Start 0.2.0 development cycle * Add resource and metrics_service proto to mkgogen. Re-generate gen-go files. (#147) * Add resource to protocol (#137) * Fix generating the javadoc. (#144) * Metrics/TimeSeries: start time should not be included while end time should. (#142) * README: Add instructions on using opencensus_proto with Bazel. (#140) * agent/README: update package info. (#138) * Agent: Add metrics service. (#136) * Tracing: Add default limits to TraceConfig. (#133) * Remove a stale TODO. (#134) * README: Add a note about go_proto_library rules. (#135) * add golang bazel build support (#132) * Remove exporter protos from mkgogen. (#128) * Update README and RELEASING. (#130) * Change histogram buckets definition to be OpenMetrics compatible. (#121) * Remove exporter/v1 protos. (#124) * Clean up the README for Agent proto. (#126) * Change Quantiles to ValuesAtPercentile. (#122) * Extend the TraceService service to support export/config for multiple Applications. (#119) * Add specifications on Agent implementation details. (#112) * Update gitignore (#118) * Remove maven support. Not used. (#116) * Add gauge distribution. (#117) * Add support for Summary type and value. (#110) * Add Maven status and instructions on adding dependencies. (#115) * Bump version to 0.0.3-SNAPSHOT * Bump version to 0.0.2 * Update gen-go files. (#114) * Gradle: Add missing source and javadoc rules. (#113) * Add support for float attributes. (#98) * Change from mean to sum in distribution. (#109) * Bump version to v0.0.2-SNAPSHOT * Bump version to v0.0.1 * Add releasing instructions in RELEASING.md. (#106) * Add Gradle build rules for generating gRPC service and releasing to Maven. (#102) * Re-organize proto directory structure. (#103) * Update gen-go files. (#101) * Add a note about interceptors of other libraries. (#94) * agent/common/v1: use exporter_version, core_library_version in LibraryInfo (#100) * opencensus/proto: add default Agent port to README (#97) * Update the message names for Config RPC. (#93) * Add details about agent protocol in the README. (#88) * Update gen-go files. (#92) * agent/trace/v1: fix signature for Config and comments too (#91) * Update gen-go files. (#86) * Make tracestate a list instead of a map to preserve ordering. (#84) * Allow MetricDescriptor to be sent only the first time. (#78) * Update mkgogen.sh. (#85) * Add agent trace service proto definitions. (#79) * Update proto and gen-go package names. (#83) * Add agent/common proto and BUILD. (#81) * Add trace_config.proto. (#80) * Build exporters with maven. (#76) * Make clear that cumulative int/float can go only up. (#75) * Add tracestate field to the Span proto. (#74) * gradle wrapper --gradle-version 4.9 (#72) * Change from multiple types of timeseries to have one. (#71) * Move exemplars in the Bucket. (#70) * Update gen-go files. (#69) * Move metrics in the top level directory. (#68) * Remove Range from Distribution. No backend supports this. (#67) * Remove unused MetricSet message. (#66) * Metrics: Add Exemplar to DistributionValue. (#62) * Gauge vs Cumulative. (#65) * Clarifying comment about bucket boundaries. (#64) * Make MetricDescriptor.Type capture the type of the value as well. (#63) * Regenerate the Go artifacts (#61) * Add export service proto (#60) - Initial version 20180523 protobuf was updated to 25.1: update to 25.1: * Raise warnings for deprecated python syntax usages * Add support for extensions in CRuby, JRuby, and FFI Ruby * Add support for options in CRuby, JRuby and FFI (#14594) update to 25.0: * Implement proto2/proto3 with editions * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Editions: Introduce functionality to protoc for generating edition feature set defaults. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Editions: Refactor feature resolution to use an intermediate message. * Publish extension declarations with declaration verifications. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Protoc: parser rejects explicit use of map_entry option * Protoc: validate that reserved range start is before end * Protoc: support identifiers as reserved names in addition to string literals (only in editions) * Drop support for Bazel 5. * Allow code generators to specify whether or not they support editions. C++: * Set `PROTOBUF_EXPORT` on `InternalOutOfLineDeleteMessageLite()` * Update stale checked-in files * Apply PROTOBUF_NOINLINE to declarations of some functions that want it. * Implement proto2/proto3 with editions * Make JSON UTF-8 boundary check inclusive of the largest possible UTF-8 character. * Reduce `Map::size_type` to 32-bits. Protobuf containers can't have more than that * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Fix bug in reflection based Swap of map fields. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Add prefetching to arena allocations. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated repeated and map field accessors. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated string field accessors. * Editions: Refactor feature resolution to use an intermediate message. * Fixes for 32-bit MSVC. * Publish extension declarations with declaration verifications. * Export the constants in protobuf's any.h to support DLL builds. * Implement AbslStringify for the Descriptor family of types. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated message field accessors. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Introduce C++ feature for UTF8 validation. * Protoc: validate that reserved range start is before end * Remove option to disable the table-driven parser in protoc. * Lock down ctype=CORD in proto file. * Support split repeated fields. * In OSS mode omit some extern template specializations. * Allow code generators to specify whether or not they support editions. Java: * Implement proto2/proto3 with editions * Remove synthetic oneofs from Java gencode field accessor tables. * Timestamps.parse: Add error handling for invalid hours/minutes in the timezone offset. * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Add missing debugging version info to Protobuf Java gencode when multiple files are generated. * Fix a bad cast in putBuilderIfAbsent when already present due to using the result of put() directly (which is null if it currently has no value) * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Fix a NPE in putBuilderIfAbsent due to using the result of put() directly (which is null if it currently has no value) * Update Kotlin compiler to escape package names * Add MapFieldBuilder and change codegen to generate it and the put{field}BuilderIfAbsent method. * Introduce recursion limit in Java text format parsing * Consider the protobuf.Any invalid if typeUrl.split('/') returns an empty array. * Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated. * Fixed Python memory leak in map lookup. * Loosen upb for json name conflict check in proto2 between json name and field * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Ensure Timestamp.ToDatetime(tz) has correct offset * Do not check required field for upb python MergeFrom * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Comparing a proto message with an object of unknown returns NotImplemented * Emit __slots__ in pyi output as a tuple rather than a list for --pyi_out. * Fix a bug that strips options from descriptor.proto in Python. * Raise warings for message.UnknownFields() usages and navigate to the new add * Add protobuf python keyword support in path for stub generator. * Add tuple support to set Struct * ### Python C-Extension (Default) * Comparing a proto message with an object of unknown returns NotImplemented * Check that ffi-compiler loads before using it to define tasks. UPB (Python/PHP/Ruby C-Extension): * Include .inc files directly instead of through a filegroup * Loosen upb for json name conflict check in proto2 between json name and field * Add utf8_validation feature back to the global feature set. * Do not check required field for upb python MergeFrom * Merge the protobuf and upb Bazel repos * Added malloc_trim() calls to Python allocator so RSS will decrease when memory is freed * Upb: fix a Python memory leak in ByteSize() * Support ASAN detection on clang * Upb: bugfix for importing a proto3 enum from within a proto2 file * Expose methods needed by Ruby FFI using UPB_API * Fix `PyUpb_Message_MergeInternal` segfault - Build with source and target levels 8 * fixes build with JDK21 - Install the pom file with the new %%mvn_install_pom macro - Do not install the pom-only artifacts, since the %%mvn_install_pom macro resolves the variables at the install time update to 23.4: * Add dllexport_decl for generated default instance. * Deps: Update Guava to 32.0.1 update to 23.3: C++: * Regenerate stale files * Use the same ABI for static and shared libraries on non- Windows platforms * Add a workaround for GCC constexpr bug Objective-C: * Regenerate stale files UPB (Python/PHP/Ruby C-Extension) * Fixed a bug in `upb_Map_Delete()` that caused crashes in map.delete(k) for Ruby when string-keyed maps were in use. Compiler: * Add missing header to Objective-c generator * Add a workaround for GCC constexpr bug Java: * Rollback of: Simplify protobuf Java message builder by removing methods that calls the super class only. Csharp: * [C#] Replace regex that validates descriptor names update to 22.5: C++: * Add missing cstdint header * Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700) * Avoid using string(JOIN..., which requires cmake 3.12 * Explicitly include GTest package in examples * Bump Abseil submodule to 20230125.3 (#12660) update to 22.4: C++: * Fix libprotoc: export useful symbols from .so Python: * Fix bug in _internal_copy_files where the rule would fail in downstream repositories. Other: * Bump utf8_range to version with working pkg-config (#12584) * Fix declared dependencies for pkg-config * Update abseil dependency and reorder dependencies to ensure we use the version specified in protobuf_deps. * Turn off clang::musttail on i386 update to v22.3 UPB (Python/PHP/Ruby C-Extension): * Remove src prefix from proto import * Fix .gitmodules to use the correct absl branch * Remove erroneous dependency on googletest update to 22.2: Java: * Add version to intra proto dependencies and add kotlin stdlib dependency * Add $ back for osgi header * Remove $ in pom files update to 22.1: * Add visibility of plugin.proto to python directory * Strip 'src' from file name of plugin.proto * Add OSGi headers to pom files. * Remove errorprone dependency from kotlin protos. * Version protoc according to the compiler version number. - update to 22.0: * This version includes breaking changes to: Cpp. Please refer to the migration guide for information: https://protobuf.dev/support/migration/#compiler-22 * [Cpp] Migrate to Abseil's logging library. * [Cpp] `proto2::Map::value_type` changes to `std::pair`. * [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream, and DefaultFieldComparator classes. * [Cpp] Add a dependency on Abseil (#10416) * [Cpp] Remove all autotools usage (#10132) * [Cpp] Add C++20 reserved keywords * [Cpp] Dropped C++11 Support * [Cpp] Delete Arena::Init * [Cpp] Replace JSON parser with new implementation * [Cpp] Make RepeatedField::GetArena non-const in order to support split RepeatedFields. * long list of bindings specific fixes see https://github.com/protocolbuffers/protobuf/releases/tag/v22.0 update to v21.12: * Python: * Fix broken enum ranges (#11171) * Stop requiring extension fields to have a sythetic oneof (#11091) * Python runtime 4.21.10 not works generated code can not load valid proto. update to 21.11: * Python: * Add license file to pypi wheels (#10936) * Fix round-trip bug (#10158) update to 21.10:: * Java: * Use bit-field int values in buildPartial to skip work on unset groups of fields. (#10960) * Mark nested builder as clean after clear is called (#10984) update to 21.9: * Ruby: * Replace libc strdup usage with internal impl to restore musl compat (#10818) * Auto capitalize enums name in Ruby (#10454) (#10763) * Other: * Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721) * C++: * 21.x No longer define no_threadlocal on OpenBSD (#10743) * Java: * Mark default instance as immutable first to avoid race during static initialization of default instances (#10771) * Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder. * Move proto wireformat parsing functionality from the private 'parsing constructor' to the Builder class. * Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations. * Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance. * Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field. update to 21.6: C++: * Reduce memory consumption of MessageSet parsing update to 21.5: PHP: * Added getContainingOneof and getRealContainingOneof to descriptor. * fix PHP readonly legacy files for nested messages Python: * Fixed comparison of maps in Python. - update to 21.4: * Reduce the required alignment of ArenaString from 8 to 4 - update to 21.3: * C++: * Add header search paths to Protobuf-C++.podspec (#10024) * Fixed Visual Studio constinit errors (#10232) * Fix #9947: make the ABI compatible between debug and non-debug builds (#10271) * UPB: * Allow empty package names (fixes behavior regression in 4.21.0) * Fix a SEGV bug when comparing a non-materialized sub-message (#10208) * Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name) * for x in mapping now yields keys rather than values, to match Python conventions and the behavior of the old library. * Lookup operations now correctly reject unhashable types as map keys. * We implement repr() to use the same format as dict. * Fix maps to use the ScalarMapContainer class when appropriate * Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717) * PHP: * Add 'readonly' as a keyword for PHP and add previous classnames to descriptor pool (#10041) * Python: * Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118) * Bazel: * Add back a filegroup for :well_known_protos (#10061) Update to 21.2: - C++: - cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614) - Escape GetObject macro inside protoc-generated code (#9739) - Update CMake configuration to add a dependency on Abseil (#9793) - Fix cmake install targets (#9822) - Use __constinit only in GCC 12.2 and up (#9936) - Java: - Update protobuf_version.bzl to separate protoc and per-language java ??? (#9900) - Python: - Increment python major version to 4 in version.json for python upb (#9926) - The C extension module for Python has been rewritten to use the upb library. - This is expected to deliver significant performance benefits, especially when parsing large payloads. There are some minor breaking changes, but these should not impact most users. For more information see: https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates - PHP: - [PHP] fix PHP build system (#9571) - Fix building packaged PHP extension (#9727) - fix: reserve 'ReadOnly' keyword for PHP 8.1 and add compatibility (#9633) - fix: phpdoc syntax for repeatedfield parameters (#9784) - fix: phpdoc for repeatedfield (#9783) - Change enum string name for reserved words (#9780) - chore: [PHP] fix phpdoc for MapField keys (#9536) - Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996) - Ruby: - Allow pre-compiled binaries for ruby 3.1.0 (#9566) - Implement respond_to? in RubyMessage (#9677) - [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722) - Do not use range based UTF-8 validation in truffleruby (#9769) - Improve range handling logic of RepeatedField (#9799) - Other: - Fix invalid dependency manifest when using descriptor_set_out (#9647) - Remove duplicate java generated code (#9909) - Update to 3.20.1: - PHP: - Fix building packaged PHP extension (#9727) - Fixed composer.json to only advertise compatibility with PHP 7.0+. (#9819) - Ruby: - Disable the aarch64 build on macOS until it can be fixed. (#9816) - Other: - Fix versioning issues in 3.20.0 - Update to 3.20.1: - Ruby: - Dropped Ruby 2.3 and 2.4 support for CI and releases. (#9311) - Added Ruby 3.1 support for CI and releases (#9566). - Message.decode/encode: Add recursion_limit option (#9218/#9486) - Allocate with xrealloc()/xfree() so message allocation is visible to the - Ruby GC. In certain tests this leads to much lower memory usage due to more - frequent GC runs (#9586). - Fix conversion of singleton classes in Ruby (#9342) - Suppress warning for intentional circular require (#9556) - JSON will now output shorter strings for double and float fields when possible - without losing precision. - Encoding and decoding of binary format will now work properly on big-endian - systems. - UTF-8 verification was fixed to properly reject surrogate code points. - Unknown enums for proto2 protos now properly implement proto2's behavior of - putting such values in unknown fields. - Java: - Revert 'Standardize on Array copyOf' (#9400) - Resolve more java field accessor name conflicts (#8198) - Fix parseFrom to only throw InvalidProtocolBufferException - InvalidProtocolBufferException now allows arbitrary wrapped Exception types. - Fix bug in FieldSet.Builder.mergeFrom - Flush CodedOutputStream also flushes underlying OutputStream - When oneof case is the same and the field type is Message, merge the - subfield. (previously it was replaced.)??? - Add @CheckReturnValue to some protobuf types - Report original exceptions when parsing JSON - Add more info to @deprecated javadoc for set/get/has methods - Fix initialization bug in doc comment line numbers - Fix comments for message set wire format. - Kotlin: - Add test scope to kotlin-test for protobuf-kotlin-lite (#9518) - Add orNull extensions for optional message fields. - Add orNull extensions to all proto3 message fields. - Python: - Dropped support for Python < 3.7 (#9480) - Protoc is now able to generate python stubs (.pyi) with --pyi_out - Pin multibuild scripts to get manylinux1 wheels back (#9216) - Fix type annotations of some Duration and Timestamp methods. - Repeated field containers are now generic in field types and could be used in type annotations. - Protobuf python generated codes are simplified. Descriptors and message classes' definitions are now dynamic created in internal/builder.py. - Insertion Points for messages classes are discarded. - has_presence is added for FieldDescriptor in python - Loosen indexing type requirements to allow valid index() implementations rather than only PyLongObjects. - Fix the deepcopy bug caused by not copying message_listener. - Added python JSON parse recursion limit (default 100) - Path info is added for python JSON parse errors - Pure python repeated scalar fields will not able to pickle. Convert to list first. - Timestamp.ToDatetime() now accepts an optional tzinfo parameter. If specified, the function returns a timezone-aware datetime in the given time zone. If omitted or None, the function returns a timezone-naive UTC datetime (as previously). - Adds client_streaming and server_streaming fields to MethodDescriptor. - Add 'ensure_ascii' parameter to json_format.MessageToJson. This allows smaller JSON serializations with UTF-8 or other non-ASCII encodings. - Added experimental support for directly assigning numpy scalars and array. - Improve the calculation of public_dependencies in DescriptorPool. - [Breaking Change] Disallow setting fields to numpy singleton arrays or repeated fields to numpy multi-dimensional arrays. Numpy arrays should be indexed or flattened explicitly before assignment. - Compiler: - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Rework allocations to power-of-two byte sizes. - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Make TaggedPtr Set...() calls explicitly spell out the content type. - Check for parsing error before verifying UTF8. - Enforce a maximum message nesting limit of 32 in the descriptor builder to - guard against stack overflows - Fixed bugs in operators for RepeatedPtrIterator - Assert a maximum map alignment for allocated values - Fix proto1 group extension protodb parsing error - Do not log/report the same descriptor symbol multiple times if it contains - more than one invalid character. - Add UnknownFieldSet::SerializeToString and SerializeToCodedStream. - Remove explicit default pointers and deprecated API from protocol compiler - Arenas: - Change Repeated*Field to reuse memory when using arenas. - Implements pbarenaz for profiling proto arenas - Introduce CreateString() and CreateArenaString() for cleaner semantics - Fix unreferenced parameter for MSVC builds - Add UnsafeSetAllocated to be used for one-of string fields. - Make Arena::AllocateAligned() a public function. - Determine if ArenaDtor related code generation is necessary in one place. - Implement on demand register ArenaDtor for InlinedStringField - C++: - Enable testing via CTest (#8737) - Add option to use external GTest in CMake (#8736) - CMake: Set correct sonames for libprotobuf-lite.so and libprotoc.so (#8635) (#9529) - Add cmake option protobuf_INSTALL to not install files (#7123) - CMake: Allow custom plugin options e.g. to generate mocks (#9105) - CMake: Use linker version scripts (#9545) - Manually *struct Cord fields to work better with arenas. - Manually destruct map fields. - Generate narrower code - Fix #9378 by removing - shadowed cached_size field - Remove GetPointer() and explicit nullptr defaults. - Add proto_h flag for speeding up large builds - Add missing overload for reference wrapped fields. - Add MergedDescriptorDatabase::FindAllFileNames() - RepeatedField now defines an iterator type instead of using a pointer. - Remove obsolete macros GOOGLE_PROTOBUF_HAS_ONEOF and GOOGLE_PROTOBUF_HAS_ARENAS. - PHP: - Fix: add missing reserved classnames (#9458) - PHP 8.1 compatibility (#9370) - C#: - Fix trim warnings (#9182) - Fixes NullReferenceException when accessing FieldDescriptor.IsPacked (#9430) - Add ToProto() method to all descriptor classes (#9426) - Add an option to preserve proto names in JsonFormatter (#6307) - Objective-C: - Add prefix_to_proto_package_mappings_path option. (#9498) - Rename proto_package_to_prefix_mappings_path to package_to_prefix_mappings_path. (#9552) - Add a generation option to control use of forward declarations in headers. (#9568) - update to 3.19.4: Python: * Make libprotobuf symbols local on OSX to fix issue #9395 (#9435) Ruby: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32 PHP: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32. - Update to 3.19.3: C++: * Make proto2::Message::DiscardUnknownFields() non-virtual * Separate RepeatedPtrField into its own header file * For default floating point values of 0, consider all bits significant * Fix shadowing warnings * Fix for issue #8484, constant initialization doesn't compile in msvc clang-cl environment Java: * Improve performance characteristics of UnknownFieldSet parsing * For default floating point values of 0, consider all bits significant * Annotate //java/com/google/protobuf/util/... with nullness annotations * Use ArrayList copy constructor Bazel: * Ensure that release archives contain everything needed for Bazel * Align dependency handling with Bazel best practices Javascript: * Fix ReferenceError: window is not defined when getting the global object Ruby: * Fix memory leak in MessageClass.encode * Override Map.clone to use Map's dup method * Ruby: build extensions for arm64-darwin * Add class method Timestamp.from_time to ruby well known types * Adopt pure ruby DSL implementation for JRuby * Add size to Map class * Fix for descriptor_pb.rb: google/protobuf should be required first Python: * Proto2 DecodeError now includes message name in error message * Make MessageToDict convert map keys to strings * Add python-requires in setup.py * Add python 3.10 - Update to 3.17.3: C++ * Introduce FieldAccessListener. * Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class * Provide stable versions of SortAndUnique(). * Make sure to cache proto3 optional message fields when they are cleared. * Expose UnsafeArena methods to Reflection. * Use std::string::empty() rather than std::string::size() > 0. * [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * Delete StringPiecePod (#8353) * Create a CMake option to control whether or not RTTI is enabled (#8347) * Make util::Status more similar to absl::Status (#8405) * The ::pb namespace is no longer exposed due to conflicts. * Allow MessageDifferencer::TreatAsSet() (and friends) to override previous calls instead of crashing. * Reduce the size of generated proto headers for protos with string or bytes fields. * Move arena() operation on uncommon path to out-of-line routine * For iterator-pair function parameter types, take both iterators by value. * Code-space savings and perhaps some modest performance improvements in * RepeatedPtrField. * Eliminate nullptr check from every tag parse. * Remove unused _$name$cached_byte_size fields. * Serialize extension ranges together when not broken by a proto field in the middle. * Do out-of-line allocation and deallocation of string object in ArenaString. * Streamline ParseContext::ParseMessage to avoid code bloat and improve performance. * New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}. on an error path. * util::DefaultFieldComparator will be final in a future version of protobuf. * Subclasses should inherit from SimpleFieldComparator instead. Kotlin * Introduce support for Kotlin protos (#8272) * Restrict extension setter and getter operators to non-nullable T. Java * Fixed parser to check that we are at a proper limit when a sub-message has finished parsing. * updating GSON and Guava to more recent versions (#8524) * Reduce the time spent evaluating isExtensionNumber by storing the extension ranges in a TreeMap for faster queries. This is particularly relevant for protos which define a large number of extension ranges, for example when each tag is defined as an extension. * Fix java bytecode estimation logic for optional fields. * Optimize Descriptor.isExtensionNumber. * deps: update JUnit and Truth (#8319) * Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented. * Exceptions thrown while reading from an InputStream in parseFrom are now included as causes. * Support potentially more efficient proto parsing from RopeByteStrings. * Clarify runtime of ByteString.Output.toStringBuffer(). * Added UnsafeByteOperations to protobuf-lite (#8426) Python: * Add MethodDescriptor.CopyToProto() (#8327) * Remove unused python_protobuf.{cc,h} (#8513) * Start publishing python aarch64 manylinux wheels normally (#8530) * Fix constness issue detected by MSVC standard conforming mode (#8568) * Make JSON parsing match C++ and Java when multiple fields from the same oneof are present and all but one is null. * Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344) * Switch on 'new' buffer API (#8339) * Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280) * Fixed a bug in text format where a trailing colon was printed for repeated field. * When TextFormat encounters a duplicate message map key, replace the current one instead of merging. Ruby: * Add support for proto3 json_name in compiler and field definitions (#8356) * Fixed memory leak of Ruby arena objects. (#8461) * Fix source gem compilation (#8471) * Fix various exceptions in Ruby on 64-bit Windows (#8563) * Fix crash when calculating Message hash values on 64-bit Windows (#8565) General: * Support M1 (#8557) Update to 3.15.8: - Fixed memory leak of Ruby arena objects (#8461) Update to 3.15.7: C++: * Remove the ::pb namespace (alias) (#8423) Ruby: * Fix unbounded memory growth for Ruby <2.7 (#8429) * Fixed message equality in cases where the message type is different (#8434) update to 3.15.6: Ruby: * Fixed bug in string comparison logic (#8386) * Fixed quadratic memory use in array append (#8379) * Fixed SEGV when users pass nil messages (#8363) * Fixed quadratic memory usage when appending to arrays (#8364) * Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341) * Fix for FieldDescriptor.get(msg) (#8330) * Bugfix for Message.[] for repeated or map fields (#8313) PHP: * read_property() handler is not supposed to return NULL (#8362) Protocol Compiler * Optional fields for proto3 are enabled by default, and no longer require the --experimental_allow_proto3_optional flag. C++: * Do not disable RTTI by default in the CMake build (#8377) * Create a CMake option to control whether or not RTTI is enabled (#8361) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * MessageDifferencer: fixed bug when using custom ignore with multiple unknown fields * Use init_seg in MSVC to push initialization to an earlier phase. * Runtime no longer triggers -Wsign-compare warnings. * Fixed -Wtautological-constant-out-of-range-compare warning. * DynamicCastToGenerated works for nullptr input for even if RTTI is disabled * Arena is refactored and optimized. * Clarified/specified that the exact value of Arena::SpaceAllocated() is an implementation detail users must not rely on. It should not be used in unit tests. * Change the signature of Any::PackFrom() to return false on error. * Add fast reflection getter API for strings. * Constant initialize the global message instances * Avoid potential for missed wakeup in UnknownFieldSet * Now Proto3 Oneof fields have 'has' methods for checking their presence in C++. * Bugfix for NVCC * Return early in _InternalSerialize for empty maps. * Adding functionality for outputting map key values in proto path logging output (does not affect comparison logic) and stop printing 'value' in the path. The modified print functionality is in the MessageDifferencer::StreamReporter. * Fixed https://github.com/protocolbuffers/protobuf/issues/8129 * Ensure that null char symbol, package and file names do not result in a crash. * Constant initialize the global message instances * Pretty print 'max' instead of numeric values in reserved ranges. * Removed remaining instances of std::is_pod, which is deprecated in C++20. * Changes to reduce code size for unknown field handling by making uncommon cases out of line. * Fix std::is_pod deprecated in C++20 (#7180) * Fix some -Wunused-parameter warnings (#8053) * Fix detecting file as directory on zOS issue #8051 (#8052) * Don't include sys/param.h for _BYTE_ORDER (#8106) * remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154) * Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159) * Fix for compiler warning issue#8145 (#8160) * fix: support deprecated enums for GCC < 6 (#8164) * Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125) Python: * Provided an override for the reverse() method that will reverse the internal collection directly instead of using the other methods of the BaseContainer. * MessageFactory.CreateProtoype can be overridden to customize class creation. * Fix PyUnknownFields memory leak (#7928) * Add macOS big sur compatibility (#8126) JavaScript * Generate `getDescriptor` methods with `*` as their `this` type. * Enforce `let/const` for generated messages. * js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with negative bitsLow and low but non-zero bitsHigh parameter. (#8170) PHP: * Added support for PHP 8. (#8105) * unregister INI entries and fix invalid read on shutdown (#8042) * Fix PhpDoc comments for message accessors to include '|null'. (#8136) * fix: convert native PHP floats to single precision (#8187) * Fixed PHP to support field numbers >=2**28. (#8235) * feat: add support for deprecated fields to PHP compiler (#8223) * Protect against stack overflow if the user derives from Message. (#8248) * Fixed clone for Message, RepeatedField, and MapField. (#8245) * Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258) Ruby: * Added support for Ruby 3. (#8184) * Rewrote the data storage layer to be based on upb_msg objects from the upb library. This should lead to much better parsing performance, particularly for large messages. (#8184). * Fill out JRuby support (#7923) * [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite recursion/run out of memory (#8195) * Fix jruby support to handle messages nested more than 1 level deep (#8194) Java: * Avoid possible UnsupportedOperationException when using CodedInputSteam with a direct ByteBuffer. * Make Durations.comparator() and Timestamps.comparator() Serializable. * Add more detailed error information for dynamic message field type validation failure * Removed declarations of functions declared in java_names.h from java_helpers.h. * Now Proto3 Oneof fields have 'has' methods for checking their presence in Java. * Annotates Java proto generated *_FIELD_NUMBER constants. * Add -assumevalues to remove JvmMemoryAccessor on Android. C#: * Fix parsing negative Int32Value that crosses segment boundary (#8035) * Change ByteString to use memory and support unsafe create without copy (#7645) * Optimize MapField serialization by removing MessageAdapter (#8143) * Allow FileDescriptors to be parsed with extension registries (#8220) * Optimize writing small strings (#8149) - Updated URL to https://github.com/protocolbuffers/protobuf Update to v3.14.0 Protocol Compiler: * The proto compiler no longer requires a .proto filename when it is not generating code. * Added flag `--deterministic_output` to `protoc --encode=...`. * Fixed deadlock when using google.protobuf.Any embedded in aggregate options. C++: * Arenas are now unconditionally enabled. cc_enable_arenas no longer has any effect. * Removed inlined string support, which is incompatible with arenas. * Fix a memory corruption bug in reflection when mixing optional and non-optional fields. * Make SpaceUsed() calculation more thorough for map fields. * Add stack overflow protection for text format with unknown field values. * FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds error was encountered. * Performance improvements for Map. * Minor formatting fix when dumping a descriptor to .proto format with DebugString. * UBSAN fix in RepeatedField * When running under ASAN, skip a test that makes huge allocations. * Fixed a crash that could happen when creating more than 256 extensions in a single message. * Fix a crash in BuildFile when passing in invalid descriptor proto. * Parser security fix when operating with CodedInputStream. * Warn against the use of AllowUnknownExtension. * Migrated to C++11 for-range loops instead of index-based loops where possible. This fixes a lot of warnings when compiling with -Wsign-compare. * Fix segment fault for proto3 optional * Adds a CMake option to build `libprotoc` separately Java * Bugfix in mergeFrom() when a oneof has multiple message fields. * Fix RopeByteString.RopeInputStream.read() returning -1 when told to read 0 bytes when not at EOF. * Redefine remove(Object) on primitive repeated field Lists to avoid autoboxing. * Support '\u' escapes in textformat string literals. * Trailing empty spaces are no longer ignored for FieldMask. * Fix FieldMaskUtil.subtract to recursively remove mask. * Mark enums with `@java.lang.Deprecated` if the proto enum has option `deprecated = true;`. * Adding forgotten duration.proto to the lite library Python: * Print google.protobuf.NullValue as null instead of 'NULL_VALUE' when it is used outside WKT Value/Struct. * Fix bug occurring when attempting to deep copy an enum type in python 3. * Add a setuptools extension for generating Python protobufs * Remove uses of pkg_resources in non-namespace packages * [bazel/py] Omit google/__init__.py from the Protobuf runtime * Removed the unnecessary setuptools package dependency for Python package * Fix PyUnknownFields memory leak PHP: * Added support for '==' to the PHP C extension * Added `==` operators for Map and Array * Native C well-known types * Optimized away hex2bin() call in generated code * New version of upb, and a new hash function wyhash in third_party * add missing hasOneof method to check presence of oneof fields Go: * Update go_package options to reference google.golang.org/protobuf module. C#: * annotate ByteString.CopyFrom(ReadOnlySpan) as SecuritySafeCritical * Fix C# optional field reflection when there are regular fields too * Fix parsing negative Int32Value that crosses segment boundary Javascript: * JS: parse (un)packed fields conditionally Update to version 3.13.0 PHP: * The C extension is completely rewritten. The new C extension has significantly better parsing performance and fixes a handful of conformance issues. It will also make it easier to add support for more features like proto2 and proto3 presence. * The new C extension does not support PHP 5.x. PHP 5.x users can still use pure-PHP. C++: * Removed deprecated unsafe arena string accessors * Enabled heterogeneous lookup for std::string keys in maps. * Removed implicit conversion from StringPiece to std::string * Fix use-after-destroy bug when the Map is allocated in the arena. * Improved the randomness of map ordering * Added stack overflow protection for text format with unknown fields * Use std::hash for proto maps to help with portability. * Added more Windows macros to proto whitelist. * Arena constructors for map entry messages are now marked 'explicit' (for regular messages they were already explicit). * Fix subtle aliasing bug in RepeatedField::Add * Fix mismatch between MapEntry ByteSize and Serialize with respect to unset fields. Python: * JSON format conformance fixes: * Reject lowercase t for Timestamp json format. * Print full_name directly for extensions (no camelCase). * Reject boolean values for integer fields. * Reject NaN, Infinity, -Infinity that is not quoted. * Base64 fixes for bytes fields: accept URL-safe base64 and missing padding. * Bugfix for fields/files named 'async' or 'await'. * Improved the error message when AttributeError is returned from __getattr__ in EnumTypeWrapper. Java: * Fixed a bug where setting optional proto3 enums with setFooValue() would not mark the value as present. * Add Subtract function to FieldMaskUtil. C#: * Dropped support for netstandard1.0 (replaced by support for netstandard1.1). This was required to modernize the parsing stack to use the `Span` type internally * Add `ParseFrom(ReadOnlySequence)` method to enable GC friendly parsing with reduced allocations and buffer copies * Add support for serialization directly to a `IBufferWriter` or to a `Span` to enable GC friendly serialization. The new API is available as extension methods on the `IMessage` type * Add `GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE` define to make generated code compatible with old C# compilers (pre-roslyn compilers from .NET framework and old versions of mono) that do not support ref structs. Users that are still on a legacy stack that does not support C# 7.2 compiler might need to use the new define in their projects to be able to build the newly generated code * Due to the major overhaul of parsing and serialization internals, it is recommended to regenerate your generated code to achieve the best performance (the legacy generated code will still work, but might incur a slight performance penalty). Update to version 3.12.3; notable changes since 3.11.4: Protocol Compiler: * [experimental] Singular, non-message typed fields in proto3 now support presence tracking. This is enabled by adding the 'optional' field label and passing the --experimental_allow_proto3_optional flag to protoc. * For usage info, see docs/field_presence.md. * During this experimental phase, code generators should update to support proto3 presence, see docs/implementing_proto3_presence.md for instructions. * Allow duplicate symbol names when multiple descriptor sets are passed on the command-line, to match the behavior when multiple .proto files are passed. * Deterministic `protoc --descriptor_set_out` (#7175) Objective-C: * Tweak the union used for Extensions to support old generated code. #7573 * Fix for the :protobuf_objc target in the Bazel BUILD file. (#7538) * [experimental] ObjC Proto3 optional support (#7421) * Block subclassing of generated classes (#7124) * Use references to Obj C classes instead of names in descriptors. (#7026) * Revisit how the WKTs are bundled with ObjC. (#7173) C++: * Simplified the template export macros to fix the build for mingw32. (#7539) * [experimental] Added proto3 presence support. * New descriptor APIs to support proto3 presence. * Enable Arenas by default on all .proto files. * Documented that users are not allowed to subclass Message or MessageLite. * Mark generated classes as final; inheriting from protos is strongly discouraged. * Add stack overflow protection for text format with unknown fields. * Add accessors for map key and value FieldDescriptors. * Add FieldMaskUtil::FromFieldNumbers(). * MessageDifferencer: use ParsePartial() on Any fields so the diff does not fail when there are missing required fields. * ReflectionOps::Merge(): lookup messages in the right factory, if it can. * Added Descriptor::WellKnownTypes enum and Descriptor::well_known_type() accessor as an easier way of determining if a message is a Well-Known Type. * Optimized RepeatedField::Add() when it is used in a loop. * Made proto move/swap more efficient. * De-virtualize the GetArena() method in MessageLite. * Improves performance of json_stream_parser.cc by factor 1000 (#7230) * bug: #7076 undefine Windows OUT and OPTIONAL macros (#7087) * Fixed a bug in FieldDescriptor::DebugString() that would erroneously print an 'optional' label for a field in a oneof. * Fix bug in parsing bool extensions that assumed they are always 1 byte. * Fix off-by-one error in FieldOptions::ByteSize() when extensions are present. * Clarified the comments to show an example of the difference between Descriptor::extension and DescriptorPool::FindAllExtensions. * Add a compiler option 'code_size' to force optimize_for=code_size on all protos where this is possible. Ruby: * Re-add binary gems for Ruby 2.3 and 2.4. These are EOL upstream, however many people still use them and dropping support will require more coordination. * [experimental] Implemented proto3 presence for Ruby. (#7406) * Stop building binary gems for ruby <2.5 (#7453) * Fix for wrappers with a zero value (#7195) * Fix for JSON serialization of 0/empty-valued wrapper types (#7198) * Call 'Class#new' over rb_class_new_instance in decoding (#7352) * Build extensions for Ruby 2.7 (#7027) * assigning 'nil' to submessage should clear the field. (#7397) Java: * [experimental] Added proto3 presence support. * Mark java enum _VALUE constants as @Deprecated if the enum field is deprecated * reduce size for enums with allow_alias set to true. * Sort map fields alphabetically by the field's key when printing textproto. * Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508). * TextFormat.merge() handles Any as top level type. * Throw a descriptive IllegalArgumentException when calling getValueDescriptor() on enum special value UNRECOGNIZED instead of ArrayIndexOutOfBoundsException. * Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts() would override the configuration passed into includingDefaultValueFields(). * Implement overrides of indexOf() and contains() on primitive lists returned for repeated fields to avoid autoboxing the list contents. * Add overload to FieldMaskUtil.fromStringList that accepts a descriptor. * [bazel] Move Java runtime/toolchains into //java (#7190) Python: * [experimental] Added proto3 presence support. * [experimental] fast import protobuf module, only works with cpp generated code linked in. * Truncate 'float' fields to 4 bytes of precision in setters for pure-Python implementation (C++ extension was already doing this). * Fixed a memory leak in C++ bindings. * Added a deprecation warning when code tries to create Descriptor objects directly. * Fix unintended comparison between bytes and string in descriptor.py. * Avoid printing excess digits for float fields in TextFormat. * Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code. * Drop 3.3, 3.4 and use single version docker images for all python tests (#7396) JavaScript: * Fix js message pivot selection (#6813) PHP: * Persistent Descriptor Pool (#6899) * Implement lazy loading of php class for proto messages (#6911) * Correct @return in Any.unpack docblock (#7089) * Ignore unknown enum value when ignore_unknown specified (#7455) C#: * [experimental] Add support for proto3 presence fields in C# (#7382) * Mark GetOption API as obsolete and expose the 'GetOptions()' method on descriptors instead (#7491) * Remove Has/Clear members for C# message fields in proto2 (#7429) * Enforce recursion depth checking for unknown fields (#7132) * Fix conformance test failures for Google.Protobuf (#6910) * Cleanup various bits of Google.Protobuf (#6674) * Fix latest ArgumentException for C# extensions (#6938) * Remove unnecessary branch from ReadTag (#7289) Other: * Add a proto_lang_toolchain for javalite (#6882) * [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237) * Add application note for explicit presence tracking. (#7390) * Howto doc for implementing proto3 presence in a code generator. (#7407) Update to version 3.11.4; notable changes since 3.9.2: * C++: Make serialization method naming consistent * C++: Moved ShutdownProtobufLibrary() to message_lite.h. For backward compatibility a declaration is still available in stubs/common.h, but users should prefer message_lite.h * C++: Removed non-namespace macro EXPECT_OK() * C++: Removed mathlimits.h from stubs in favor of using std::numeric_limits from C++11 * C++: Support direct pickling of nested messages * C++: Disable extension code gen for C# * C++: Switch the proto parser to the faster MOMI parser * C++: Unused imports of files defining descriptor extensions will now be reported * C++: Add proto2::util::RemoveSubranges to remove multiple subranges in linear time * C++: Support 32 bit values for ProtoStreamObjectWriter to Struct * C++: Removed the internal-only header coded_stream_inl.h and the internal-only methods defined there * C++: Enforced no SWIG wrapping of descriptor_database.h (other headers already had this restriction) * C++: Implementation of the equivalent of the MOMI parser for serialization. This removes one of the two serialization routines, by making the fast array serialization routine completely general. SerializeToCodedStream can now be implemented in terms of the much much faster array serialization. The array serialization regresses slightly, but when array serialization is not possible this wins big * C++: Add move constructor for Reflection's SetString * Java: Remove the usage of MethodHandle, so that Android users prior to API version 26 can use protobuf-java * Java: Publish ProGuard config for javalite * Java: Include unknown fields when merging proto3 messages in Java lite builders * Java: Have oneof enums implement a separate interface (other than EnumLite) for clarity * Java: Opensource Android Memory Accessors * Java: Change ProtobufArrayList to use Object[] instead of ArrayList for 5-10% faster parsing * Java: Make a copy of JsonFormat.TypeRegistry at the protobuf top level package. This will eventually replace JsonFormat.TypeRegistry * Java: Add Automatic-Module-Name entries to the Manifest * Python: Add float_precision option in json format printer * Python: Optionally print bytes fields as messages in unknown fields, if possible * Python: Experimental code gen (fast import protobuf module) which only work with cpp generated code linked in * Python: Add descriptor methods in descriptor_pool are deprecated * Python: Added delitem for Python extension dict * JavaScript: Remove guard for Symbol iterator for jspb.Map * JavaScript: Remove deprecated boolean option to getResultBase64String() * JavaScript: Change the parameter types of binaryReaderFn in ExtensionFieldBinaryInfo to (number, ?, ?) * JavaScript: Create dates.ts and time_of_days.ts to mirror Java versions. This is a near-identical conversion of c.g.type.util.{Dates,TimeOfDays} respectively * JavaScript: Migrate moneys to TypeScript * PHP: Increase php7.4 compatibility * PHP: Implement lazy loading of php class for proto messages * Ruby: Support hashes for struct initializers * C#: Experimental proto2 support is now officially available * C#: Change _Extensions property to normal body rather than expression * Objective C: Remove OSReadLittle* due to alignment requirements * Other: Override CocoaPods module to lowercase * further bugfixes and optimisations - Install LICENSE - Drop protobuf-libs as it is just workaround for rpmlint issue * python bindings now require recent python-google-apputils * Released memory allocated by InitializeDefaultRepeatedFields() and GetEmptyString(). Some memory sanitizers reported them * Updated DynamicMessage.setField() to handle repeated enum * Fixed a bug that caused NullPointerException to be thrown when converting manually constructed FileDescriptorProto to * Added oneofs(unions) feature. Fields in the same oneof will * Files, services, enums, messages, methods and enum values * Added Support for list values, including lists of mesaages, * Added SwapFields() in reflection API to swap a subset of * Repeated primitive extensions are now packable. The it is possible to switch a repeated extension field to * writeTo() method in ByteString can now write a substring to * java_generate_equals_and_hash can now be used with the * A new C++-backed extension module (aka 'cpp api v2') that replaces the old ('cpp api v1') one. Much faster than the pure Python code. This one resolves many bugs and is mosh reqires it python-abseil was udpated: version update to 1.4.0 New: (testing) Added @flagsaver.as_parsed: this allows saving/restoring flags using string values as if parsed from the command line and will also reflect other flag states after command line parsing, e.g. .present is set. Changed: (logging) If no log dir is specified logging.find_log_dir() now falls back to tempfile.gettempdir() instead of /tmp/. Fixed: (flags) Additional kwargs (e.g. short_name=) to DEFINE_multi_enum_class are now correctly passed to the underlying Flag object. version update to 1.2.0 * Fixed a crash in Python 3.11 when `TempFileCleanup.SUCCESS` is used. * `Flag` instances now raise an error if used in a bool context. This prevents the occasional mistake of testing an instance for truthiness rather than testing `flag.value`. * `absl-py` no longer depends on `six`. Update to version 1.0.0 * absl-py no longer supports Python 2.7, 3.4, 3.5. All versions have reached end-of-life for more than a year now. * New releases will be tagged as vX.Y.Z instead of pypi-vX.Y.Z in the git repo going forward. - Release notes for 0.15.0 * (testing) #128: When running bazel with its --test_filter= flag, it now treats the filters as unittest's -k flag in Python 3.7+. - Release notes for 0.14.1 * Top-level LICENSE file is now exported in bazel. - Release notes for 0.14.0 * #171: Creating argparse_flags.ArgumentParser with argument_default= no longer raises an exception when other absl.flags flags are defined. * #173: absltest now correctly sets up test filtering and fail fast flags when an explicit argv= parameter is passed to absltest.main. - Release notes for 0.13.0 * (app) Type annotations for public app interfaces. * (testing) Added new decorator @absltest.skipThisClass to indicate a class contains shared functionality to be used as a base class for other TestCases, and therefore should be skipped. * (app) Annotated the flag_parser paramteter of run as keyword-only. This keyword-only constraint will be enforced at runtime in a future release. * (app, flags) Flag validations now include all errors from disjoint flag sets, instead of fail fast upon first error from all validators. Multiple validators on the same flag still fails fast. - Release notes for 0.12.0 * (flags) Made EnumClassSerializer and EnumClassListSerializer public. * (flags) Added a required: Optional[bool] = False parameter to DEFINE_* functions. * (testing) flagsaver overrides can now be specified in terms of FlagHolder. * (testing) parameterized.product: Allows testing a method over cartesian product of parameters values, specified as a sequences of values for each parameter or as kwargs-like dicts of parameter values. * (testing) Added public flag holders for --test_srcdir and --test_tmpdir. Users should use absltest.TEST_SRCDIR.value and absltest.TEST_TMPDIR.value instead of FLAGS.test_srcdir and FLAGS.test_tmpdir. * (flags) Made CsvListSerializer respect its delimiter argument. - Add Provides python-absl-py python-grpcuio was updated: - Update to version 1.60.0: * No python specfic changes. - Update to version 1.59.2: * No python specific changes. - Update to version 1.59.0: * [Python 3.12] Support Python 3.12 (gh#grpc/grpc#34398). * [Python 3.12] Deprecate distutil (gh#grpc/grpc#34186). - Update to version 1.58.0: * [Bazel] Enable grpcio-reflection to be used via Bazel (gh#grpc/grpc#31013). * [packaging] Publish xds-protos as part of the standard package pipeline (gh#grpc/grpc#33797). - Update to version 1.57.0: (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * [posix] Enable systemd sockets for libsystemd>=233 (gh#grpc/grpc#32671). * [python O11Y] Initial Implementation (gh#grpc/grpc#32974). - Build with LTO (don't set _lto_cflags to %nil). - No need to pass '-std=c++17' to build CFLAGS. - Update to version 1.56.2: * [WRR] backport (gh#grpc/grpc#33694) to 1.56 (gh#grpc/grpc#33698) * [backport][iomgr][EventEngine] Improve server handling of file descriptor exhaustion (gh#grpc/grpc#33667) - Switch build to pip/wheel. - Use system abseil with '-std=c++17' to prevent undefined symbol eg. with python-grpcio-tools (_ZN3re23RE213GlobalReplaceEPNSt7__ cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKS0_N4absl12lts_ 2023012511string_viewE) - Upstream only supports python >= 3.7, so adjust BuildRequires accordingly. - Add %{?sle15_python_module_pythons} - Update to version 1.56.0: (CVE-2023-32731, bsc#1212180) * [aio types] Fix some grpc.aio python types (gh#grpc/grpc#32475). - Update to version 1.55.0: * [EventEngine] Disable EventEngine polling in gRPC Python (gh#grpc/grpc#33279) (gh#grpc/grpc#33320). * [Bazel Python3.11] Update Bazel dependencies for Python 3.11 (gh#grpc/grpc#33318) (gh#grpc/grpc#33319). - Drop Requires: python-six; not required any more. - Switch Suggests to Recommends. - Update to version 1.54.0: (CVE-2023-32732, bsc#1212182) * Fix DeprecationWarning when calling asyncio.get_event_loop() (gh#grpc/grpc#32533). * Remove references to deprecated syntax field (gh#grpc/grpc#32497). - Update to version 1.51.1: * No Linux specific changes. - Changes from version 1.51.0: * Fix lack of cooldown between poll attempts (gh#grpc/grpc#31550). * Remove enum and future (gh#grpc/grpc#31381). * [Remove Six] Remove dependency on six (gh#grpc/grpc#31340). * Update xds-protos package to pull in protobuf 4.X (gh#grpc/grpc#31113). - Update to version 1.50.0: * Support Python 3.11. [gh#grpc/grpc#30818]. - Update to version 1.49.1 * Support Python 3.11. (#30818) * Add type stub generation support to grpcio-tools. (#30498) - Update to version 1.48.0: * [Aio] Ensure Core channel closes when deallocated [gh#grpc/grpc#29797]. * [Aio] Fix the wait_for_termination return value [gh#grpc/grpc#29795]. - update to 1.46.3: * backport: xds: use federation env var to guard new-style resource name parsing * This release contains refinements, improvements, and bug fixes. - Update to version 1.46.0: * Add Python GCF Distribtest [gh#grpc/grpc#29303]. * Add Python Reflection Client [gh#grpc/grpc#29085]. * Revert 'Fix prefork handler register's default behavior' [gh#grpc/grpc#29229]. * Fix prefork handler register's default behavior [gh#grpc/grpc#29103]. * Fix fetching CXX variable in setup.py [gh#grpc/grpc#28873]. - Update to version 1.45.0: * Reimplement Gevent Integration [gh#grpc/grpc#28276]. * Support musllinux binary wheels on x64 and x86 [gh#grpc/grpc#28092]. * Increase the Python protobuf requirement to >=3.12.0 [gh#grpc/grpc#28604]. - Build with system re2; add BuildRequires: pkgconfig(re2). - Update to version 1.44.0: * Add python async example for hellostreamingworld using generator (gh#grpc/grpc#27343). * Disable __wrap_memcpy hack for Python builds (gh#grpc/grpc#28410). * Bump Bazel Python Cython dependency to 0.29.26 (gh#grpc/grpc#28398). * Fix libatomic linking on Raspberry Pi OS Bullseye (gh#grpc/grpc#28041). * Allow generated proto sources in remote repositories for py_proto_library (gh#grpc/grpc#28103). - Update to version 1.43.0: * [Aio] Validate the input type for set_trailing_metadata and abort (gh#grpc/grpc#27958). - update to 1.41.1: * This is release 1.41.0 (goat) of gRPC Core. - Update to version 1.41.0: * Add Python 3.10 support and drop 3.5 (gh#grpc/grpc#26074). * [Aio] Remove custom IO manager support (gh#grpc/grpc#27090). - Update to version 1.39.0: * Python AIO: Match continuation typing on Interceptors (gh#grpc/grpc#26500). * Workaround #26279 by publishing manylinux_2_24 wheels instead of manylinux2014 on aarch64 (gh#grpc/grpc#26430). * Fix zlib unistd.h import problem (gh#grpc/grpc#26374). * Handle gevent exception in gevent poller (gh#grpc/grpc#26058). - Update to version 1.38.1: * Backport gh#grpc/grpc#26430 and gh#grpc/grpc#26435 to v1.38.x (gh#grpc/grpc#26436). - Update to version 1.38.0: * Add grpcio-admin Python package (gh#grpc/grpc#26166). * Add CSDS API to Python (gh#grpc/grpc#26114). * Expose code and details from context on the server side (gh#grpc/grpc#25457). * Explicitly import importlib.abc; required on Python 3.10. Fixes #26062 (gh#grpc/grpc#26083). * Fix potential deadlock on the GIL in AuthMetdataPlugin (gh#grpc/grpc#26009). * Introduce new Python package 'xds_protos' (gh#grpc/grpc#25975). * Remove async mark for set_trailing_metadata interface (gh#grpc/grpc#25814). - Update to version 1.37.1: * No user visible changes. - Changes from version 1.37.0: * Clarify Guarantees about grpc.Future Interface (gh#grpc/grpc#25383). * [Aio] Add time_remaining method to ServicerContext (gh#grpc/grpc#25719). * Standardize all environment variable boolean configuration in python's setup.py (gh#grpc/grpc#25444). * Fix Signal Safety Issue (gh#grpc/grpc#25394). - Update to version 1.36.1: * Core: back-port: add env var protection for google-c2p resolver (gh#grpc/grpc#25569). - Update to version 1.35.0: * Implement Python Client and Server xDS Creds. (gh#grpc/grpc#25365) * Add %define _lto_cflags %{nil} (bsc#1182659) (rh#1893533) * Link roots.pem to ca-bundle.pem from ca-certificates package - Update to version 1.34.1: * Backport 'Lazily import grpc_tools when using runtime stub/message generation' to 1.34.x (gh#grpc/grpc#25011). - Update to version 1.34.0: * Incur setuptools as an dependency for grpcio_tools (gh#grpc/grpc#24752). * Stop the spamming log generated by ctrl-c for AsyncIO server (gh#grpc/grpc#24718). * [gRPC Easy] Make Well-Known Types Available to Runtime Protos (gh#grpc/grpc#24478). * Bump MACOSX_DEPLOYMENT_TARGET to 10.10 for Python (gh#grpc/grpc#24480). * Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24407). * [Linux] [macOS] Support pre-compiled Python 3.9 wheels (gh#grpc/grpc#24356). - Update to version 1.33.2: * [Backport] Implement grpc.Future interface in SingleThreadedRendezvous (gh#grpc/grpc#24574). - Update to version 1.33.1: * [Backport] Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24452). * Allow asyncio API to be imported as grpc.aio. (gh#grpc/grpc#24289). * [gRPC Easy] Fix import errors on Windows (gh#grpc/grpc#24124). * Make version check for importlib.abc in grpcio-tools more stringent (gh#grpc/grpc#24098). Added re2 package in version 2024-02-01. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1127-1 Released: Mon Apr 8 07:07:09 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1220996,1221194,1221358 This update for wicked fixes the following issues: - Fix fallback-lease drop in addrconf (bsc#1220996) - Use upstream `nvme nbft show` (bsc#1221358) - Hide secrets in debug log (bsc#1221194) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1136-1 Released: Mon Apr 8 11:30:15 2024 Summary: Security update for c-ares Type: security Severity: moderate References: 1220279,CVE-2024-25629 This update for c-ares fixes the following issues: - CVE-2024-25629: Fixed out of bounds read in ares__read_line() (bsc#1220279). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1172-1 Released: Tue Apr 9 09:52:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1176-1 Released: Tue Apr 9 10:43:33 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to 0.380 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1180-1 Released: Tue Apr 9 21:13:49 2024 Summary: Recommended update for python-azure-agent Type: recommended Severity: important References: 1217301,1217302 This update for python-azure-agent contains the following fixes: - Recognise SLE-Micro as a SLE based distro. - Create sub-packages for the config (jsc#PED-7869) + Remove config manipulation from image building + Set up a config for SLE-Micro + Makes deafult upstream config available - Update to 2.9.1.1 (bsc#1217301, bsc#1217302) + Update unittest.mock + Download certificates when goal state source is fast track #2761 + Increase the max number of extension events by 20% #2785 + Remove version suffix from extension slice #2782 + Support int type for eventPid and eventTid fields #2786 + Improve log for swap counter not found #2789 + Remove cgroup files during deprovisioning #2790 + Log VM architecture in heartbeat telemetry for arm64 adoption monitoring #2818 + Enforce memory usage for agent #2671 + Use common download logic for agent downloads #2682 + Implement Fedora distro #2642 + Report message in handler heartbeat #2688 + Remove dependency on pathlib from makepkg #2717 + Do not fetch extensions goal state in log collector #2713 + Update log collector unit file to remove memory limit #2757 + Fix bug in get_dhcp_pid (CoreOS) #2784 + Fetch full distro version for mariner #2773 >From 2.9.04 + Resource Governance on extensions (CPU monitoring and enforcing & Memory monitoring) #2632 #2581 #2555 + Agent resource governance #2597 #2591 #2546 + monitor system-wide memory metrics (#2610) + Additional telemetry for goal state (#2675) + HostGAPlugin usage improvements #2662 #2673 #2655 #2651 + Add logging statements for mrseq migration during update (#2667) + Logcollector memory usage #2658 #2637 + Update Log Collector default in Comments and Readme (#2608) + Improve telemetry success and failure markers (#2605) #2604 #2599 + Fix formatting of exceptions on Python 3.10 (traceback.format's etype argument) (#2663) + Fix UNKNOWN(Zombie) Process in unexpected processes check (#2644) + SUSE: Fix valid values for DHCLIENT_HOSTNAME_OPTION (#2643) + Debian - string conversion for systemd service (#2574) + Do not set a CPU quota on the agent for RHEL and Centos (#2685) #2689 #2693 + support rhel distro (#2620) #2598 + Added support for devuan linux distribution (#2553) No incremental updates between 2.8.011 and 2.9.0.4 - Clean up conditions in spec file: + There is no maintained distro > 1315 (SLE12) AND < 1500 (SLE15). Only openSUSE 13.2 and 13.3 lived in that space, but they are clearly not the target of this spec file. + if 0%{?Suse_version} && 0{?suse_version} > 1315: no need to first validate suse_version being defined: whenever it is > 1315, must be defined. - Add patch to use unittest.mock first, falling back to mock if required. - Tighten Requires against python3-mock. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1192-1 Released: Wed Apr 10 09:14:37 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1201-1 Released: Thu Apr 11 10:47:58 2024 Summary: Recommended update for xfsprogs-scrub and jctools Type: recommended Severity: low References: 1190495,1213418 This update for xfsprogs-scrub fixes the following issues: - Added missing xfsprogs-scrub to Package Hub for SLE-15-SP5 (bsc#1190495) - Added missing jctools to Package Hub for SLE-15-SP5 (bsc#1213418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1206-1 Released: Thu Apr 11 12:56:24 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1222259 This update for rpm fixes the following issues: - remove imaevmsign plugin from rpm-ndb [bsc#1222259] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1271-1 Released: Fri Apr 12 15:35:55 2024 Summary: Security update for gnutls Type: security Severity: moderate References: 1221242,1221746,1221747,CVE-2024-28834,CVE-2024-28835 This update for gnutls fixes the following issues: - CVE-2024-28834: Fixed side-channel in the deterministic ECDSA (bsc#1221746) - CVE-2024-28835: Fixed denial of service during certificate chain verification (bsc#1221747) Other fixes: - jitterentropy: Release the memory of the entropy collector when using jitterentropy with phtreads as there is also a pre-intitization done in the main thread (bsc#1221242) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1287-1 Released: Mon Apr 15 15:03:40 2024 Summary: Security update for vim Type: security Severity: important References: 1215005,1217316,1217320,1217321,1217324,1217326,1217329,1217330,1217432,1219581,CVE-2023-4750,CVE-2023-48231,CVE-2023-48232,CVE-2023-48233,CVE-2023-48234,CVE-2023-48235,CVE-2023-48236,CVE-2023-48237,CVE-2023-48706,CVE-2024-22667 This update for vim fixes the following issues: Updated to version 9.1.0111, fixes the following security problems - CVE-2023-48231: Use-After-Free in win_close() (bsc#1217316). - CVE-2023-48232: Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320). - CVE-2023-48233: overflow with count for :s command (bsc#1217321). - CVE-2023-48234: overflow in nv_z_get_count (bsc#1217324). - CVE-2023-48235: overflow in ex address parsing (CVE-2023-48235). - CVE-2023-48236: overflow in get_number (bsc#1217329). - CVE-2023-48237: overflow in shift_line (bsc#1217330). - CVE-2023-48706: heap-use-after-free in ex_substitute (bsc#1217432). - CVE-2024-22667: stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581). - CVE-2023-4750: Heap use-after-free in function bt_quickfix (bsc#1215005). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1295-1 Released: Mon Apr 15 18:37:21 2024 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1221984,1222302,1222453,CVE-2023-46842,CVE-2024-2201,CVE-2024-31142 This update for xen fixes the following issues: - CVE-2023-46842: Fixed denial of service due to Xen bug check triggered by HVM hypercalls (XSA-454) in xen x86 (bsc#1221984) - CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455) in xen x86 (bsc#1222302) - CVE-2024-2201: Fixed memory disclosure via Native Branch History Injection (XSA-456) in xen x86 (bsc#1222453) Other fixes: - Update to Xen 4.17.4 (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1302-1 Released: Tue Apr 16 07:23:44 2024 Summary: Recommended update for python-azure-agent Type: recommended Severity: critical References: 1222620 This update for python-azure-agent fixes the following issues: - Keep the existing config file (bsc#1222620) - Do not force wicked dependency for networking, allow NM in SLE Micro 5.5 and for ALP based products ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1331-1 Released: Wed Apr 17 19:39:59 2024 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1221866 This update for grub2 fixes the following issues: - Fix LPAR falls into grub shell after installation with lvm (bsc#1221866) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1333-1 Released: Thu Apr 18 13:30:04 2024 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1218431,1219937 This update for samba fixes the following issues: - fd_handle_destructor() panics within an smbd_smb2_close() if vfs_stat_fsp() fails in fd_close() (bsc#1219937). - Remove -x from bash shebang update-apparmor-samba-profile; (bsc#1218431). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1336-1 Released: Thu Apr 18 14:44:43 2024 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1222105 This update for wicked fixes the following issues: - Do not convert sec to msec twice (bsc#1222105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1344-1 Released: Thu Apr 18 18:50:37 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1175678,1218171,1221525,1222086 This update for libzypp, zypper fixes the following issues: - Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398) - Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086) - TmpFile: Don't call chmod if makeSibling failed - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add default stripe minimum - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config - version 17.32.0 - ProblemSolution::skipsPatchesOnly overload to handout the patches - Show active dry-run/download-only at the commit propmpt - Add --skip-not-applicable-patches option - Fix printing detailed solver problem description - Fix bash-completion to work with right adjusted numbers in the 1st column too - Set libzypp shutdown request signal on Ctrl+C - In the detailed view show all baseurls not just the first one (bsc#1218171) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1352-1 Released: Fri Apr 19 15:28:38 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1220132,1221132,1221726,1222113 This update for cloud-init contains the following fixes: - Add cloud-init-no-nmcfg-needed.patch (bsc#1221726) + Do not require a NetworkManager config file in order to detect NetworkManager as the renderer - Add cloud-init-no-openstack-guess.patch (bsc#1222113) + Do not guess if we are running on OpenStack or not. Only recognize the known markers and enable cloud-init if we know for sure. - Do not guess a data source when checking for a CloudStack environment. (bsc#1221132) - Hardcode distribution to suse for proper cloud.cfg generation (bsc#1220132). - Prepare for RPM 4.20 switch patch syntax ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1366-1 Released: Mon Apr 22 11:04:32 2024 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1216474,1218871,1221123,1222831 This update for openssh fixes the following issues: - Fix hostbased ssh login failing occasionally with 'signature unverified: incorrect signature' by fixing a typo in patch (bsc#1221123) - Avoid closing IBM Z crypto devices nodes. (bsc#1218871) - Allow usage of IBM Z crypto adapter cards in seccomp filters (bsc#1216474) - Change the default value of UpdateHostKeys to Yes (unless VerifyHostKeyDNS is enabled). This makes ssh update the known_hosts stored keys with all published versions by the server (after it's authenticated with an existing key), which will allow to identify the server with a different key if the existing key is considered insecure at some point in the future (bsc#1222831). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1368-1 Released: Mon Apr 22 11:06:29 2024 Summary: Security update for shim Type: security Severity: important References: 1198101,1205588,1205855,1210382,1213945,1215098,1215099,1215100,1215101,1215102,1215103,1219460,CVE-2022-28737,CVE-2023-40546,CVE-2023-40547,CVE-2023-40548,CVE-2023-40549,CVE-2023-40550,CVE-2023-40551 This update for shim fixes the following issues: - Update shim-install to set the TPM2 SRK algorithm (bsc#1213945) - Limit the requirement of fde-tpm-helper-macros to the distro with suse_version 1600 and above (bsc#1219460) Update to version 15.8: Security issues fixed: - mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546) - avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547) - Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548) - Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549) - pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550) - pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551) The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now. - Generate dbx during build so we don't include binary files in sources - Don't require grub so shim can still be used with systemd-boot - Update shim-install to fix boot failure of ext4 root file system on RAID10 (bsc#1205855) - Adopt the macros from fde-tpm-helper-macros to update the signature in the sealed key after a bootloader upgrade - Update shim-install to amend full disk encryption support - Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector - Use the long name to specify the grub2 key protector - cryptodisk: support TPM authorized policies - Do not use tpm_record_pcrs unless the command is in command.lst - Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to enable the NX compatibility flag when using post-process-pe after discussed with grub2 experts in mail. It's useful for further development and testing. (bsc#1205588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1398-1 Released: Tue Apr 23 13:58:22 2024 Summary: Recommended update for systemd-default-settings Type: recommended Severity: moderate References: This update for systemd-default-settings fixes the following issues: - Disable pids controller limit under user instances (jsc#SLE-10123) - Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific 'feature' has been abandoned. - User priority '26' for SLE-Micro - Convert more drop-ins into early ones ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1439-1 Released: Thu Apr 25 23:41:12 2024 Summary: Security update for python-idna Type: security Severity: moderate References: 1222842,CVE-2024-3651 This update for python-idna fixes the following issues: - CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1458-1 Released: Mon Apr 29 07:47:34 2024 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1220763 This update for vim fixes the following issues: - Fix segmentation fault after updating to version 9.1.0111-150500.20.9.1 (bsc#1220763) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1471-1 Released: Tue Apr 30 05:56:22 2024 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1223094 This update for libzypp fixes the following issues: - Don't try to refresh volatile media as long as raw metadata are present (bsc#1223094) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1480-1 Released: Tue Apr 30 16:01:59 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194869,1200465,1205316,1207948,1209635,1209657,1212514,1213456,1214852,1215221,1215322,1217339,1217829,1217959,1217987,1217988,1217989,1218321,1218336,1218479,1218562,1218643,1218777,1219169,1219170,1219264,1219443,1219834,1220114,1220176,1220237,1220251,1220320,1220325,1220328,1220337,1220340,1220365,1220366,1220393,1220398,1220411,1220413,1220433,1220439,1220443,1220445,1220466,1220469,1220478,1220482,1220484,1220486,1220487,1220492,1220703,1220735,1220736,1220775,1220790,1220797,1220831,1220833,1220836,1220839,1220840,1220843,1220845,1220848,1220870,1220871,1220872,1220878,1220879,1220883,1220885,1220887,1220898,1220917,1220918,1220920,1220921,1220926,1220927,1220929,1220930,1220931,1220932,1220933,1220937,1220938,1220940,1220954,1220955,1220959,1220960,1220961,1220965,1220969,1220978,1220979,1220981,1220982,1220983,1220985,1220986,1220987,1220989,1220990,1221009,1221012,1221015,1221022,1221039,1221040,1221044,1221045,1221046,1221048,1221055,1221056,1221058,1221060,1 221061,1221062,1221066,1221067,1221068,1221069,1221070,1221071,1221077,1221082,1221090,1221097,1221156,1221252,1221273,1221274,1221276,1221277,1221291,1221293,1221298,1221337,1221338,1221375,1221379,1221551,1221553,1221613,1221614,1221616,1221618,1221631,1221633,1221713,1221725,1221777,1221814,1221816,1221830,1221951,1222033,1222056,1222060,1222070,1222073,1222117,1222274,1222291,1222300,1222304,1222317,1222331,1222355,1222356,1222360,1222366,1222373,1222619,1222952,CVE-2021-46925,CVE-2021-46926,CVE-2021-46927,CVE-2021-46929,CVE-2021-46930,CVE-2021-46931,CVE-2021-46933,CVE-2021-46934,CVE-2021-46936,CVE-2021-47082,CVE-2021-47083,CVE-2021-47087,CVE-2021-47091,CVE-2021-47093,CVE-2021-47094,CVE-2021-47095,CVE-2021-47096,CVE-2021-47097,CVE-2021-47098,CVE-2021-47099,CVE-2021-47100,CVE-2021-47101,CVE-2021-47102,CVE-2021-47104,CVE-2021-47105,CVE-2021-47107,CVE-2021-47108,CVE-2022-4744,CVE-2022-48626,CVE-2022-48627,CVE-2022-48628,CVE-2022-48629,CVE-2022-48630,CVE-2023-0160,CVE-2023-28746,CVE -2023-35827,CVE-2023-4881,CVE-2023-52447,CVE-2023-52450,CVE-2023-52453,CVE-2023-52454,CVE-2023-52462,CVE-2023-52463,CVE-2023-52467,CVE-2023-52469,CVE-2023-52470,CVE-2023-52474,CVE-2023-52476,CVE-2023-52477,CVE-2023-52481,CVE-2023-52482,CVE-2023-52484,CVE-2023-52486,CVE-2023-52492,CVE-2023-52493,CVE-2023-52494,CVE-2023-52497,CVE-2023-52500,CVE-2023-52501,CVE-2023-52502,CVE-2023-52504,CVE-2023-52507,CVE-2023-52508,CVE-2023-52509,CVE-2023-52510,CVE-2023-52511,CVE-2023-52513,CVE-2023-52515,CVE-2023-52517,CVE-2023-52518,CVE-2023-52519,CVE-2023-52520,CVE-2023-52523,CVE-2023-52524,CVE-2023-52525,CVE-2023-52528,CVE-2023-52529,CVE-2023-52530,CVE-2023-52531,CVE-2023-52532,CVE-2023-52559,CVE-2023-52563,CVE-2023-52564,CVE-2023-52566,CVE-2023-52567,CVE-2023-52569,CVE-2023-52574,CVE-2023-52575,CVE-2023-52576,CVE-2023-52582,CVE-2023-52583,CVE-2023-52587,CVE-2023-52591,CVE-2023-52594,CVE-2023-52595,CVE-2023-52597,CVE-2023-52598,CVE-2023-52599,CVE-2023-52600,CVE-2023-52601,CVE-2023-52602,CVE-2023-52 603,CVE-2023-52604,CVE-2023-52605,CVE-2023-52606,CVE-2023-52607,CVE-2023-52608,CVE-2023-52612,CVE-2023-52615,CVE-2023-52617,CVE-2023-52619,CVE-2023-52621,CVE-2023-52623,CVE-2023-52628,CVE-2023-52632,CVE-2023-52637,CVE-2023-52639,CVE-2023-6270,CVE-2023-6356,CVE-2023-6535,CVE-2023-6536,CVE-2023-7042,CVE-2023-7192,CVE-2024-0841,CVE-2024-2201,CVE-2024-22099,CVE-2024-23307,CVE-2024-25739,CVE-2024-25742,CVE-2024-25743,CVE-2024-26599,CVE-2024-26600,CVE-2024-26602,CVE-2024-26607,CVE-2024-26612,CVE-2024-26614,CVE-2024-26620,CVE-2024-26627,CVE-2024-26629,CVE-2024-26642,CVE-2024-26645,CVE-2024-26646,CVE-2024-26651,CVE-2024-26654,CVE-2024-26659,CVE-2024-26664,CVE-2024-26667,CVE-2024-26670,CVE-2024-26695,CVE-2024-26717 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466). - CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478). - CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443). - CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482). - CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484). - CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486). - CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487). - CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469). - CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439). - CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969). - CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917). - CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954). - CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959). - CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978). - CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551). - CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979). - CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981). - CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982). - CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983). - CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955). - CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985). - CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987). - CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009). - CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960). - CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961). - CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965). - CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366). - CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845). - CVE-2022-48628: Fixed possible lock in ceph (bsc#1220848). - CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989). - CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990). - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657). - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251). - CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237). - CVE-2023-52453: Fixed data corruption in hisi_acc_vfio_pci (bsc#1220337). - CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320). - CVE-2023-52462: Fixed check for attempt to corrupt spilled pointer (bsc#1220325). - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). - CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433). - CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411). - CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413). - CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445). - CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703). - CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790). - CVE-2023-52481: Fixed speculative unprivileged load in Cortex-A520 (bsc#1220887). - CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735). - CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797). - CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277). - CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276). - CVE-2023-52493: Fixed possible soft lockup in bus/mhi/host (bsc#1221274). - CVE-2023-52494: Fixed missing alignment check for event ring read pointer in bus/mhi/host (bsc#1221273). - CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879). - CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883). - CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885). - CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831). - CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553). - CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833). - CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015). - CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836). - CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898). - CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012). - CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022). - CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048). - CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055). - CVE-2023-52518: Fixed information leak in bluetooth/hci_codec (bsc#1221056). - CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920). - CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921). - CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926). - CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927). - CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840). - CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843). - CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929). - CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930). - CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931). - CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932). - CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933). - CVE-2023-52563: Fixed memory leak on ->hpd_notify callback() in drm/meson (bsc#1220937). - CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938). - CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940). - CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839). - CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918). - CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870). - CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871). - CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872). - CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878). - CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058). - CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082). - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044). - CVE-2023-52594: Fixed potential array-index-out-of-bounds read in ath9k_htc_txstatus() (bsc#1221045). - CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046). - CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040). - CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace (bsc#1221060). - CVE-2023-52599: Fixed array-index-out-of-bounds in diNewExt() in jfs (bsc#1221062). - CVE-2023-52600: Fixed uaf in jfs_evict_inode() (bsc#1221071). - CVE-2023-52601: Fixed array-index-out-of-bounds in dbAdjTree() in jfs (bsc#1221068). - CVE-2023-52602: Fixed slab-out-of-bounds Read in dtSearch() in jfs (bsc#1221070). - CVE-2023-52603: Fixed array-index-out-of-bounds in dtSplitRoot() (bsc#1221066). - CVE-2023-52604: Fixed array-index-out-of-bounds in dbAdjTree() (bsc#1221067). - CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039) - CVE-2023-52606: Fixed possible kernel stack corruption in powerpc/lib (bsc#1221069). - CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061). - CVE-2023-52608: Fixed possible race condition in firmware/arm_scmi (bsc#1221375). - CVE-2023-52612: Fixed req->dst buffer overflow in crypto/scomp (bsc#1221616). - CVE-2023-52615: Fixed page fault dead lock on mmap-ed hwrng (bsc#1221614). - CVE-2023-52617: Fixed stdev_release() crash after surprise hot remove (bsc#1221613). - CVE-2023-52619: Fixed possible crash when setting number of cpus to an odd number in pstore/ram (bsc#1221618). - CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073). - CVE-2023-52623: Fixed suspicious RCU usage in SUNRPC (bsc#1222060). - CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117). - CVE-2023-52632: Fixed lock dependency warning with srcu in drm/amdkfd (bsc#1222274). - CVE-2023-52637: Fixed UAF in j1939_sk_match_filter() in can/k1939 (bsc#1222291). - CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie Fixed (bsc#1222300). - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336). - CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479). - CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264). - CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339). - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169). - CVE-2024-25739: Fixed possible crash in create_empty_lvol() in drivers/mtd/ubi/vtbl.c (bsc#1219834). - CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725). - CVE-2024-25743: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725). - CVE-2024-26599: Fixed out-of-bounds access in of_pwm_single_xlate() (bsc#1220365). - CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340). - CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). - CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736). - CVE-2024-26612: Fixed Oops in fscache_put_cache() This function dereferences (bsc#1221291). - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293). - CVE-2024-26620: Fixed possible device model violation in s390/vfio-ap (bsc#1221298). - CVE-2024-26627: Fixed possible hard lockup in scsi (bsc#1221090). - CVE-2024-26629: Fixed possible protocol violation via RELEASE_LOCKOWNER in nfsd (bsc#1221379). - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830). - CVE-2024-26645: Fixed missing visibility when inserting an element into tracing_map (bsc#1222056). - CVE-2024-26646: Fixed potential memory corruption when resuming from suspend or hibernation in thermal/intel/hfi (bsc#1222070). - CVE-2024-26651: Fixed possible oops via malicious devices in sr9800 (bsc#1221337). - CVE-2024-26654: Fixed use after free in ALSA/sh/aica (bsc#1222304). - CVE-2024-26659: Fixed wrong handling of isoc Babble and Buffer Overrun events in xhci (bsc#1222317). - CVE-2024-26664: Fixed out-of-bounds memory access in create_core_data() in hwmon coretemp (bsc#1222355). - CVE-2024-26667: Fixed null pointer reference in dpu_encoder_helper_phys_cleanup in drm/msm/dpu (bsc#1222331). - CVE-2024-26670: Fixed ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround in kernel arm64 (bsc#1222356). - CVE-2024-26695: Fixed null pointer dereference in __sev_platform_shutdown_locked in crypto ccp (bsc#1222373). - CVE-2024-26717: Fixed null pointer dereference on failed power up in HID i2c-hid-of (bsc#1222360). The following non-security bugs were fixed: - acpi: CPPC: enable AMD CPPC V2 support for family 17h processors (git-fixes). - acpi: processor_idle: Fix memory leak in acpi_processor_power_exit() (git-fixes). - acpi: resource: Add Infinity laptops to irq1_edge_low_force_override (stable-fixes). - acpi: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override (git-fixes). - acpi: resource: Do IRQ override on Lunnen Ground laptops (stable-fixes). - acpi: scan: Fix device check notification handling (git-fixes). - acpica: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() (git-fixes). - alsa: aaci: Delete unused variable in aaci_do_suspend (git-fixes). - alsa: aoa: avoid false-positive format truncation warning (git-fixes). - alsa: aw2: avoid casting function pointers (git-fixes). - alsa: ctxfi: avoid casting function pointers (git-fixes). - alsa: hda/realtek - ALC285 reduce pop noise from Headphone port (stable-fixes). - alsa: hda/realtek - Add Headset Mic supported Acer NB platform (stable-fixes). - alsa: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform (git-fixes). - alsa: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) (git-fixes). - alsa: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone (git-fixes). - alsa: hda/realtek: fix ALC285 issues on HP Envy x360 laptops (stable-fixes). - alsa: hda/realtek: fix mute/micmute LED For HP mt440 (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs for HP EliteBook (stable-fixes). - alsa: seq: fix function cast warnings (git-fixes). - alsa: sh: aica: reorder cleanup operations to avoid UAF bugs (git-fixes). - alsa: usb-audio: Stop parsing channels bits when all channels are found (git-fixes). - arm64: dts: allwinner: h6: add rx dma channel for spdif (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (git-fixes) - arm64: dts: imx8mm-kontron: add support for ultra high speed modes on (git-fixes) - arm64: dts: imx8mm-venice-gw71xx: fix usb otg vbus (git-fixes) - arm64: dts: marvell: reorder crypto interrupts on armada socs (git-fixes) - arm64: dts: rockchip: add es8316 codec for rock pi 4 (git-fixes) - arm64: dts: rockchip: add spdif node for rock pi 4 (git-fixes) - arm64: dts: rockchip: fix regulator name on rk3399-rock-4 (git-fixes) - arm64: dts: rockchip: set num-cs property for spi on px30 (git-fixes) - arm64: mm: fix va-range sanity check (git-fixes) - arm64: set __exception_irq_entry with __irq_entry as a default (git-fixes) - asoc: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet (stable-fixes). - asoc: amd: acp: Add missing error handling in sof-mach (git-fixes). - asoc: amd: acp: fix for acp_init function error handling (git-fixes). - asoc: madera: Fix typo in madera_set_fll_clks shift value (git-fixes). - asoc: meson: Use dev_err_probe() helper (stable-fixes). - asoc: meson: aiu: fix function pointer type mismatch (git-fixes). - asoc: meson: axg-tdm-interface: add frame rate constraint (git-fixes). - asoc: meson: axg-tdm-interface: fix mclk setup without mclk-fs (git-fixes). - asoc: meson: t9015: fix function pointer type mismatch (git-fixes). - asoc: ops: Fix wraparound for mask in snd_soc_get_volsw (git-fixes). - asoc: rcar: adg: correct TIMSEL setting for SSI9 (git-fixes). - asoc: rt5645: Make LattePanda board DMI match more precise (stable-fixes). - asoc: rt5682-sdw: fix locking sequence (git-fixes). - asoc: rt711-sdca: fix locking sequence (git-fixes). - asoc: rt711-sdw: fix locking sequence (git-fixes). - asoc: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode (stable-fixes). - asoc: wm8962: Enable oscillator if selecting WM8962_FLL_OSC (stable-fixes). - asoc: wm8962: Fix up incorrect error message in wm8962_set_fll (stable-fixes). - ata: sata_mv: fix pci device id table declaration compilation warning (git-fixes). - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit (git-fixes). - backlight: da9052: fully initialize backlight_properties during probe (git-fixes). - backlight: lm3630a: do not set bl->props.brightness in get_brightness (git-fixes). - backlight: lm3630a: initialize backlight_properties on init (git-fixes). - backlight: lm3639: fully initialize backlight_properties during probe (git-fixes). - backlight: lp8788: fully initialize backlight_properties during probe (git-fixes). - blocklayoutdriver: fix reference leak of pnfs_device_node (git-fixes). - bluetooth: Remove HCI_POWER_OFF_TIMEOUT (git-fixes). - bluetooth: Remove superfluous call to hci_conn_check_pending() (git-fixes). - bluetooth: hci_core: Fix possible buffer overflow (git-fixes). - bluetooth: mgmt: Remove leftover queuing of power_off work (git-fixes). - bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (stable-fixes). - bpf, scripts: correct gpl license name (git-fixes). - bpf, sockmap: fix preempt_rt splat when using raw_spin_lock_t (git-fixes). - can: softing: remove redundant null check (git-fixes). - clk: zynq: prevent null pointer dereference caused by kmalloc failure (git-fixes). - comedi: comedi_test: prevent timers rescheduling during deletion (git-fixes). - coresight: etm4x: do not access trcidr1 for identification (bsc#1220775) - coresight: etm4x: fix accesses to trcseqrstevr and trcseqstr (bsc#1220775) - coresight: etm: override trcidr3.ccitmin on errata affected cpus (bsc#1220775) - cpufreq: amd-pstate: fix min_perf assignment in amd_pstate_adjust_perf() (git-fixes). - cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value (git-fixes). - crypto: arm/sha - fix function cast warnings (git-fixes). - crypto: qat - avoid division by zero (git-fixes). - crypto: qat - fix deadlock in backlog processing (git-fixes). - crypto: qat - fix double free during reset (git-fixes). - crypto: qat - fix state machines cleanup paths (bsc#1218321). - crypto: qat - fix unregistration of compression algorithms (git-fixes). - crypto: qat - fix unregistration of crypto algorithms (git-fixes). - crypto: qat - ignore subsequent state up commands (git-fixes). - crypto: qat - increase size of buffers (git-fixes). - crypto: qat - resolve race condition during aer recovery (git-fixes). - crypto: xilinx - call finalize with bh disabled (git-fixes). - doc-guide: kernel-doc: tell about object-like macros (git-fixes). - doc/readme.suse: update information about module support status (jsc#ped-5759) - drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (git-fixes). - drm/amd/display: add fams validation before trying to use it (git-fixes). - drm/amd/display: add fb_damage_clips support (git-fixes). - drm/amd/display: add function for validate and update new stream (git-fixes). - drm/amd/display: add odm case when looking for first split pipe (git-fixes). - drm/amd/display: always switch off odm before committing more streams (git-fixes). - drm/amd/display: avoid abm when odm combine is enabled for edp (git-fixes). - drm/amd/display: blocking invalid 420 modes on hdmi tmds for dcn31 (git-fixes). - drm/amd/display: check if link state is valid (git-fixes). - drm/amd/display: clean code-style issues in dcn30_set_mpc_shaper_3dlut (git-fixes). - drm/amd/display: copy dc context in the commit streams (git-fixes). - drm/amd/display: dc.h: eliminate kernel-doc warnings (git-fixes). - drm/amd/display: disable psr-su on parade 0803 tcon again (git-fixes). - drm/amd/display: enable fast plane updates on dcn3.2 and above (git-fixes). - drm/amd/display: enable new commit sequence only for dcn32x (git-fixes). - drm/amd/display: ensure async flips are only accepted for fast updates (git-fixes). - drm/amd/display: exit idle optimizations before attempt to access phy (git-fixes). - drm/amd/display: expand kernel doc for dc (git-fixes). - drm/amd/display: fix a bug when searching for insert_above_mpcc (git-fixes). - drm/amd/display: fix a null pointer dereference in amdgpu_dm_i2c_xfer() (git-fixes). - drm/amd/display: fix a potential buffer overflow in 'dp_dsc_clock_en_read()' (git-fixes). - drm/amd/display: fix abm disablement (git-fixes). - drm/amd/display: fix dc/core/dc.c kernel-doc (git-fixes). - drm/amd/display: fix hw rotated modes when psr-su is enabled (git-fixes). - drm/amd/display: fix kernel-doc issues in dc.h (git-fixes). - drm/amd/display: fix possible underflow for displays with large vblank (git-fixes). - drm/amd/display: fix the delta clamping for shaper lut (git-fixes). - drm/amd/display: fix unbounded requesting for high pixel rate modes on dcn315 (git-fixes). - drm/amd/display: fix underflow issue on 175hz timing (git-fixes). - drm/amd/display: for prefetch mode > 0, extend prefetch if possible (git-fixes). - drm/amd/display: guard against invalid rptr/wptr being set (git-fixes). - drm/amd/display: guard dcn31 phyd32clk logic against chip family (git-fixes). - drm/amd/display: handle range offsets in vrr ranges (stable-fixes). - drm/amd/display: handle seamless boot stream (git-fixes). - drm/amd/display: handle virtual hardware detect (git-fixes). - drm/amd/display: include surface of unaffected streams (git-fixes). - drm/amd/display: include udelay when waiting for inbox0 ack (git-fixes). - drm/amd/display: increase frame warning limit with kasan or kcsan in dml (git-fixes). - drm/amd/display: keep phy active for dp config (git-fixes). - drm/amd/display: perform a bounds check before filling dirty rectangles (git-fixes). - drm/amd/display: prevent vtotal from being set to 0 (git-fixes). - drm/amd/display: remove min_dst_y_next_start check for z8 (git-fixes). - drm/amd/display: restore rptr/wptr for dmcub as workaround (git-fixes). - drm/amd/display: return the correct hdcp error code (stable-fixes). - drm/amd/display: revert vblank change that causes null pointer crash (git-fixes). - drm/amd/display: rework comments on dc file (git-fixes). - drm/amd/display: rework context change check (git-fixes). - drm/amd/display: set minimum requirement for using psr-su on phoenix (git-fixes). - drm/amd/display: set minimum requirement for using psr-su on rembrandt (git-fixes). - drm/amd/display: set per pipe dppclk to 0 when dpp is off (git-fixes). - drm/amd/display: update correct dcn314 register header (git-fixes). - drm/amd/display: update extended blank for dcn314 onwards (git-fixes). - drm/amd/display: update min z8 residency time to 2100 for dcn314 (git-fixes). - drm/amd/display: update otg instance in the commit stream (git-fixes). - drm/amd/display: use dram speed from validation for dummy p-state (git-fixes). - drm/amd/display: use dtbclk as refclk instead of dprefclk (git-fixes). - drm/amd/display: use low clocks for no plane configs (git-fixes). - drm/amd/display: use min transition for all subvp plane add/remove (git-fixes). - drm/amd/display: write to correct dirty_rect (git-fixes). - drm/amd/display: wrong colorimetry workaround (git-fixes). - drm/amd/pm: fix a memleak in aldebaran_tables_init (git-fixes). - drm/amd/pm: fix error of maco flag setting code (git-fixes). - drm/amd/smu: use averagegfxclkfrequency* to replace previous gfx curr clock (git-fixes). - drm/amd: enable pcie pme from d3 (git-fixes). - drm/amdgpu/pm: fix the error of pwm1_enable setting (stable-fixes). - drm/amdgpu/pm: make gfxclock consistent for sienna cichlid (git-fixes). - drm/amdgpu/pm: make mclk consistent for smu 13.0.7 (git-fixes). - drm/amdgpu/smu13: drop compute workload workaround (git-fixes). - drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (stable-fixes). - drm/amdgpu: enable gpu reset for s3 abort cases on raven series (stable-fixes). - drm/amdgpu: fix missing break in atom_arg_imm case of atom_get_src_int() (git-fixes). - drm/amdgpu: force order between a read and write to the same address (git-fixes). - drm/amdgpu: lower cs errors to debug severity (git-fixes). - drm/amdgpu: match against exact bootloader status (git-fixes). - drm/amdgpu: unset context priority is now invalid (git-fixes). - drm/amdgpu: update min() to min_t() in 'amdgpu_info_ioctl' (git-fixes). - drm/amdkfd: fix tlb flush after unmap for gfx9.4.2 (stable-fixes). - drm/bridge: tc358762: instruct dsi host to generate hse packets (git-fixes). - drm/display: fix typo (git-fixes). - drm/edid: add quirk for osvr hdk 2.0 (git-fixes). - drm/etnaviv: restore some id values (git-fixes). - drm/exynos: do not return negative values from .get_modes() (stable-fixes). - drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() (git-fixes). - drm/i915/bios: tolerate devdata==null in intel_bios_encoder_supports_dp_dual_mode() (stable-fixes). - drm/i915/gt: do not generate the command streamer for all the ccs (git-fixes). - drm/i915/gt: reset queue_priority_hint on parking (git-fixes). - drm/i915/gt: use i915_vm_put on ppgtt_create error paths (git-fixes). - drm/i915/selftests: fix dependency of some timeouts on hz (git-fixes). - drm/i915: add missing ccs documentation (git-fixes). - drm/i915: call intel_pre_plane_updates() also for pipes getting enabled (git-fixes). - drm/i915: check before removing mm notifier (git-fixes). - drm/lima: fix a memleak in lima_heap_alloc (git-fixes). - drm/mediatek: dsi: fix dsi rgb666 formats and definitions (git-fixes). - drm/mediatek: fix a null pointer crash in mtk_drm_crtc_finish_page_flip (git-fixes). - drm/msm/dpu: add division of drm_display_mode's hskew parameter (git-fixes). - drm/msm/dpu: fix the programming of intf_cfg2_data_hctl_en (git-fixes). - drm/msm/dpu: improve dsc allocation (git-fixes). - drm/msm/dpu: only enable dsc_mode_multiplex if dsc_merge is enabled (git-fixes). - drm/panel-edp: use put_sync in unprepare (git-fixes). - drm/panel: auo,b101uan08.3: fine tune the panel power sequence (git-fixes). - drm/panel: boe-tv101wum-nl6: fine tune the panel power sequence (git-fixes). - drm/panel: do not return negative error codes from drm_panel_get_modes() (stable-fixes). - drm/panel: move aux b116xw03 out of panel-edp back to panel-simple (git-fixes). - drm/panfrost: fix power transition timeout warnings (git-fixes). - drm/probe-helper: warn about negative .get_modes() (stable-fixes). - drm/qxl: remove unused `count` variable from `qxl_surface_id_alloc()` (git-fixes). - drm/qxl: remove unused variable from `qxl_process_single_command()` (git-fixes). - drm/radeon/ni: fix wrong firmware size logging in ni_init_microcode() (git-fixes). - drm/radeon/ni_dpm: remove redundant null check (git-fixes). - drm/radeon: remove dead code in ni_mc_load_microcode() (git-fixes). - drm/rockchip: dsi: clean up 'usage_mode' when failing to attach (git-fixes). - drm/rockchip: inno_hdmi: fix video timing (git-fixes). - drm/rockchip: lvds: do not overwrite error code (git-fixes). - drm/rockchip: lvds: do not print scary message when probing defer (git-fixes). - drm/tegra: dpaux: fix pm disable depth imbalance in tegra_dpaux_probe (git-fixes). - drm/tegra: dsi: add missing check for of_find_device_by_node (git-fixes). - drm/tegra: dsi: fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() (git-fixes). - drm/tegra: dsi: fix some error handling paths in tegra_dsi_probe() (git-fixes). - drm/tegra: dsi: make use of the helper function dev_err_probe() (stable-fixes). - drm/tegra: hdmi: convert to devm_platform_ioremap_resource() (stable-fixes). - drm/tegra: hdmi: fix some error handling paths in tegra_hdmi_probe() (git-fixes). - drm/tegra: output: fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() (git-fixes). - drm/tegra: put drm_gem_object ref on error in tegra_fb_create (git-fixes). - drm/tegra: rgb: fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() (git-fixes). - drm/tegra: rgb: fix some error handling paths in tegra_dc_rgb_probe() (git-fixes). - drm/tidss: fix initial plane zpos values (git-fixes). - drm/tidss: fix sync-lost issue with two displays (git-fixes). - drm/ttm: do not leak a resource on eviction error (git-fixes). - drm/ttm: do not print error message if eviction was interrupted (git-fixes). - drm/vc4: add module dependency on hdmi-codec (git-fixes). - drm/vmwgfx: create debugfs ttm_resource_manager entry only if needed (git-fixes). - drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (git-fixes). - drm/vmwgfx: fix possible null pointer derefence with invalid contexts (git-fixes). - drm: do not treat 0 as -1 in drm_fixp2int_ceil (git-fixes). - drm: fix drm_fixp2int_round() making it add 0.5 (git-fixes). - drm: panel-orientation-quirks: add quirk for acer switch v 10 (sw5-017) (git-fixes). - firewire: core: use long bus reset on gap count error (stable-fixes). - fix 'coresight: etm4x: Change etm4_platform_driver driver for MMIO devices' (bsc#1220775) - hid: amd_sfh: Update HPD sensor structure elements (git-fixes). - hid: lenovo: Add middleclick_workaround sysfs knob for cptkbd (git-fixes). - hid: multitouch: Add required quirk for Synaptics 0xcddc device (stable-fixes). - hv_netvsc: calculate correct ring size when page_size is not 4 kbytes (git-fixes). - hv_netvsc: fix race condition between netvsc_probe and netvsc_remove (git-fixes). - hv_netvsc: register vf in netvsc_probe if net_device_register missed (git-fixes). - i2c: aspeed: fix the dummy irq expected print (git-fixes). - i2c: i801: avoid potential double call to gpiod_remove_lookup_table (git-fixes). - i2c: wmt: fix an error handling path in wmt_i2c_probe() (git-fixes). - ib/ipoib: Fix mcast list locking (git-fixes) - iio: dummy_evgen: remove excess kernel-doc comments (git-fixes). - iio: pressure: dlhl60d: initialize empty dlh bytes (git-fixes). - input: gpio_keys_polled - suppress deferred probe error for gpio (stable-fixes). - input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table (git-fixes). - input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table (git-fixes). - input: i8042 - add quirk for Fujitsu Lifebook A574/H (git-fixes). - input: i8042 - fix strange behavior of touchpad on Clevo NS70PU (git-fixes). - input: pm8941-powerkey - fix debounce on gen2+ PMICs (git-fixes). - input: pm8941-pwrkey - add software key press debouncing support (git-fixes). - input: pm8941-pwrkey - add support for PON GEN3 base addresses (git-fixes). - input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal (git-fixes). - input: xpad - add Lenovo Legion Go controllers (git-fixes). - iommu/amd: mark interrupt as managed (git-fixes). - iommu/dma: trace bounce buffer usage when mapping buffers (git-fixes). - iommu/mediatek-v1: fix an error handling path in mtk_iommu_v1_probe() (git-fixes). - iommu/mediatek: fix forever loop in error handling (git-fixes). - iommu/vt-d: allow to use flush-queue when first level is default (git-fixes). - iommu/vt-d: do not issue ats invalidation request when device is disconnected (git-fixes). - iommu/vt-d: fix pasid directory pointer coherency (git-fixes). - iommu/vt-d: set no execute enable bit in pasid table entry (git-fixes). - kabi: pci: add locking to rmw pci express capability register accessors (kabi). - kconfig: fix infinite loop when expanding a macro at the end of file (git-fixes). - kvm: s390: only deliver the set service event bits (git-fixes bsc#1221631). - lan78xx: enable auto speed configuration for lan7850 if no eeprom is detected (git-commit). - leds: aw2013: unlock mutex before destroying it (git-fixes). - lib/cmdline: fix an invalid format specifier in an assertion msg (git-fixes). - make nvidiA Grace-Hopper TPM related drivers build-ins (bsc#1221156) - md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes). - md/raid5: release batch_last before waiting for another stripe_head (git-fixes). - md/raid6: use valid sector values to determine if an i/o should wait on the reshape (git-fixes). - md: do not ignore suspended array in md_check_recovery() (git-fixes). - md: do not leave 'md_recovery_frozen' in error path of md_set_readonly() (git-fixes). - md: fix data corruption for raid456 when reshape restart while grow up (git-fixes). - md: introduce md_ro_state (git-fixes). - md: make sure md_do_sync() will set md_recovery_done (git-fixes). - md: whenassemble the array, consult the superblock of the freshest device (git-fixes). - media: dvb-frontends: avoid stack overflow warnings with clang (git-fixes). - media: edia: dvbdev: fix a use-after-free (git-fixes). - media: em28xx: annotate unchecked call to media_device_register() (git-fixes). - media: go7007: add check of return value of go7007_read_addr() (git-fixes). - media: go7007: fix a memleak in go7007_load_encoder (git-fixes). - media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak (git-fixes). - media: pvrusb2: fix pvr2_stream_callback casts (git-fixes). - media: pvrusb2: fix uaf in pvr2_context_set_notify (git-fixes). - media: pvrusb2: remove redundant null check (git-fixes). - media: staging: ipu3-imgu: set fields before media_entity_pads_init() (git-fixes). - media: sun8i-di: fix chroma difference threshold (git-fixes). - media: sun8i-di: fix coefficient writes (git-fixes). - media: sun8i-di: fix power on/off sequences (git-fixes). - media: tc358743: register v4l2 async device only after successful setup (git-fixes). - media: ttpci: fix two memleaks in budget_av_attach (git-fixes). - media: usbtv: remove useless locks in usbtv_video_free() (git-fixes). - media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity (git-fixes). - media: v4l2-tpg: fix some memleaks in tpg_alloc (git-fixes). - media: xc4000: fix atomicity violation in xc4000_get_frequency (git-fixes). - mfd: altera-sysmgr: call of_node_put() only when of_parse_phandle() takes a ref (git-fixes). - mfd: syscon: call of_node_put() only when of_parse_phandle() takes a ref (git-fixes). - mm,page_owner: Defer enablement of static branch (bsc#1222366). - mm,page_owner: check for null stack_record before bumping its refcount (bsc#1222366). - mm,page_owner: drop unnecessary check (bsc#1222366). - mm,page_owner: fix accounting of pages when migrating (bsc#1222366). - mm,page_owner: fix printing of stack records (bsc#1222366). - mm,page_owner: fix recursion (bsc#1222366). - mm,page_owner: fix refcount imbalance (bsc#1222366). - mm,page_owner: update metadata for tail pages (bsc#1222366). - mm/vmalloc: huge vmalloc backing pages should be split rather than compound (bsc#1217829). - mmc: core: avoid negative index with array access (git-fixes). - mmc: core: fix switch on gp3 partition (git-fixes). - mmc: core: initialize mmc_blk_ioc_data (git-fixes). - mmc: mmci: stm32: fix dma api overlapping mappings warning (git-fixes). - mmc: mmci: stm32: use a buffer for unaligned dma requests (git-fixes). - mmc: tmio: avoid concurrent runs of mmc_request_done() (git-fixes). - mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function (git-fixes). - mtd: maps: physmap-core: fix flash size larger than 32-bit (git-fixes). - mtd: rawnand: lpc32xx_mlc: fix irq handler prototype (git-fixes). - mtd: rawnand: meson: fix scrambling mode value in command macro (git-fixes). - net/bnx2x: prevent access to a freed page in page_pool (bsc#1215322). - net/x25: fix incorrect parameter validation in the x25_getsockopt() function (git-fixes). - net: fix features skip in for_each_netdev_feature() (git-fixes). - net: lan78xx: fix runtime pm count underflow on link stop (git-fixes). - net: ll_temac: platform_get_resource replaced by wrong function (git-fixes). - net: mana: fix rx dma datasize and skb_over_panic (git-fixes). - net: phy: fix phy_get_internal_delay accessing an empty array (git-fixes). - net: sunrpc: fix an off by one in rpc_sockaddr2uaddr() (git-fixes). - net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes). - nfc: nci: fix uninit-value in nci_dev_up and nci_ntf_packet (git-fixes). - nfs: fix an off by one in root_nfs_cat() (git-fixes). - nfs: rename nfs_client_kset to nfs_kset (git-fixes). - nfsd: change LISTXATTRS cookie encoding to big-endian (git-fixes). - nfsd: convert the callback workqueue to use delayed_work (git-fixes). - nfsd: do not take fi_lock in nfsd_break_deleg_cb() (git-fixes). - nfsd: fix LISTXATTRS returning a short list with eof=TRUE (git-fixes). - nfsd: fix LISTXATTRS returning more bytes than maxcount (git-fixes). - nfsd: fix file memleak on client_opens_release (git-fixes). - nfsd: fix nfsd4_listxattr_validate_cookie (git-fixes). - nfsd: lock_rename() needs both directories to live on the same fs (git-fixes). - nfsd: reschedule CB operations when backchannel rpc_clnt is shut down (git-fixes). - nfsd: reset cb_seq_status after NFS4ERR_DELAY (git-fixes). - nfsd: retransmit callbacks after client reconnects (git-fixes). - nfsd: use vfs setgid helper (git-fixes). - nfsv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT (git-fixes). - nfsv4.1: fix SP4_MACH_CRED protection for pnfs IO (git-fixes). - nfsv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes). - nfsv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes). - nfsv4.2: fix listxattr maximum XDR buffer size (git-fixes). - nfsv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (git-fixes). - nfsv4.2: fix wrong shrinker_id (git-fixes). - nfsv4: fix a nfs4_state_manager() race (git-fixes). - nfsv4: fix a state manager thread deadlock regression (git-fixes). - nilfs2: fix failure to detect dat corruption in btree and direct mappings (git-fixes). - nilfs2: prevent kernel bug at submit_bh_wbc() (git-fixes). - nouveau/dmem: handle kcalloc() allocation failure (git-fixes). - nouveau: reset the bo resource bus info after an eviction (git-fixes). - ntfs: fix use-after-free in ntfs_ucsncmp() (bsc#1221713). - nvme-fc: do not wait in vain when unloading module (git-fixes). - nvme: fix reconnection fail due to reserved tag allocation (git-fixes). - nvmet-fc: abort command when there is no binding (git-fixes). - nvmet-fc: avoid deadlock on delete association path (git-fixes). - nvmet-fc: defer cleanup using rcu properly (git-fixes). - nvmet-fc: hold reference on hostport match (git-fixes). - nvmet-fc: release reference on target port (git-fixes). - nvmet-fc: take ref count on tgtport before delete assoc (git-fixes). - nvmet-fcloop: swap the list_add_tail arguments (git-fixes). - nvmet-tcp: fix nvme tcp ida memory leak (git-fixes). - pci/aer: fix rootport attribute paths in ABI docs (git-fixes). - pci/aspm: Use RMW accessors for changing LNKCTL (git-fixes). - pci/dpc: print all TLP Prefixes, not just the first (git-fixes). - pci/msi: prevent MSI hardware interrupt number truncation (bsc#1218777) - pci/p2pdma: Fix a sleeping issue in a RCU read section (git-fixes). - pci: add locking to RMW PCI Express Capability Register accessors (git-fixes). - pci: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() (git-fixes). - pci: dwc: endpoint: Fix advertised resizable BAR size (git-fixes). - pci: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support (git-fixes). - pci: fu740: Set the number of MSI vectors (git-fixes). - pci: lengthen reset delay for VideoPropulsion Torrent QN16e card (git-fixes). - pci: make link retraining use RMW accessors for changing LNKCTL (git-fixes). - pci: mark 3ware-9650SE Root Port Extended Tags as broken (git-fixes). - pci: mediatek-gen3: Fix translation window size calculation (git-fixes). - pci: mediatek: Clear interrupt status before dispatching handler (git-fixes). - pci: qcom: Enable BDF to SID translation properly (git-fixes). - pci: qcom: Use DWC helpers for modifying the read-only DBI registers (git-fixes). - pci: rockchip: Do not advertise MSI-X in PCIe capabilities (git-fixes). - pci: rockchip: Fix window mapping and address translation for endpoint (git-fixes). - pci: rockchip: Use 64-bit mask on MSI 64-bit PCI address (git-fixes). - pci: switchtec: Fix an error handling path in switchtec_pci_probe() (git-fixes). - pinctrl: mediatek: drop bogus slew rate register range for mt8192 (git-fixes). - platform/mellanox: mlxreg-hotplug: Remove redundant NULL-check (git-fixes). - pm: suspend: Set mem_sleep_current during kernel command line setup (git-fixes). - pnfs/flexfiles: check the layout validity in ff_layout_mirror_prepare_stats (git-fixes). - pnfs: fix a hang in nfs4_evict_inode() (git-fixes). - pnfs: fix the pnfs block driver's calculation of layoutget size (git-fixes). - powerpc/64s: POWER10 CPU Kconfig build option (bsc#1194869). - powerpc/boot: Disable power10 features after BOOTAFLAGS assignment (bsc#1194869). - powerpc/boot: Fix boot wrapper code generation with CONFIG_POWER10_CPU (bsc#1194869). - powerpc/lib/sstep: Do not use __{get/put}_user() on kernel addresses (bsc#1194869). - powerpc/lib/sstep: Remove unneeded #ifdef __powerpc64__ (bsc#1194869). - powerpc/lib/sstep: Use l1_dcache_bytes() instead of opencoding (bsc#1194869). - powerpc/lib/sstep: use truncate_if_32bit() (bsc#1194869). - powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270). - powerpc/pseries: Fix potential memleak in papr_get_attr() (bsc#1200465 ltc#197256 jsc#SLE-18130 git-fixes). - powerpc/sstep: Use bitwise instead of arithmetic operator for flags (bsc#1194869). - powerpc: add compile-time support for lbarx, lharx (bsc#1194869). - pwm: mediatek: Update kernel doc for struct pwm_mediatek_of_data (git-fixes). - qedf: Do not process stag work during unload (bsc#1214852). - qedf: Wait for stag work during unload (bsc#1214852). - raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1221097). - ras/amd/fmpm: Add debugfs interface to print record entries (jsc#PED-7619). - ras/amd/fmpm: Avoid NULL ptr deref in get_saved_records() (jsc#PED-7619). - ras/amd/fmpm: Fix build when debugfs is not enabled (jsc#PED-7619). - ras/amd/fmpm: Fix off by one when unwinding on error (jsc#PED-7619). - ras/amd/fmpm: Safely handle saved records of various sizes (jsc#PED-7619). - ras/amd/fmpm: Save SPA values (jsc#PED-7619). - ras: Avoid build errors when CONFIG_DEBUG_FS=n (git-fixes). - ras: export helper to get ras_debugfs_dir (jsc#PED-7619). - rdma/device: fix a race between mad_client and cm_client init (git-fixes) - rdma/hns: fix mis-modifying default congestion control algorithm (git-fixes) - rdma/ipoib: fix error code return in ipoib_mcast_join (git-fixes) - rdma/irdma: remove duplicate assignment (git-fixes) - rdma/mana_ib: fix bug in creation of dma regions (git-fixes). - rdma/mlx5: fix fortify source warning while accessing eth segment (git-fixes) - rdma/mlx5: relax devx access upon modify commands (git-fixes) - rdma/rtrs-clt: check strnlen return len in sysfs mpath_policy_store() (git-fixes) - rdma/srpt: do not register event handler until srpt device is fully setup (git-fixes) - revert 'drm/amd: disable psr-su on parade 0803 tcon' (git-fixes). - revert 'drm/amd: disable s/g for apus when 64gb or more host memory' (git-fixes). - revert 'drm/amdgpu/display: change pipe policy for dcn 2.0' (git-fixes). - revert 'drm/amdgpu/display: change pipe policy for dcn 2.1' (git-fixes). - revert 'drm/vc4: hdmi: enforce the minimum rate at runtime_resume' (git-fixes). - revert 'fbdev: flush deferred io before closing (git-fixes).' (bsc#1221814) - revert 'pci: tegra194: enable support for 256 byte payload' (git-fixes). - revert 'revert 'drm/amdgpu/display: change pipe policy for dcn 2.0'' (git-fixes). - revert 'sunrpc dont update timeout value on connection reset' (git-fixes). - ring-buffer: Clean ring_buffer_poll_wait() error return (git-fixes). - rtc: mt6397: select IRQ_DOMAIN instead of depending on it (git-fixes). - s390/pai: fix attr_event_free upper limit for pai device drivers (git-fixes bsc#1221633). - s390/vfio-ap: realize the VFIO_DEVICE_GET_IRQ_INFO ioctl (bsc#1205316). - s390/vfio-ap: realize the VFIO_DEVICE_SET_IRQS ioctl (bsc#1205316). - s390/vfio-ap: wire in the vfio_device_ops request callback (bsc#1205316). - s390/vtime: fix average steal time calculation (git-fixes bsc#1221951). - sched/rt: Disallow writing invalid values to sched_rt_period_us (bsc#1220176). - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset (bsc#1220176). - scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() (bsc#1221777). - scsi: lpfc: Correct size for wqe for memset() (bsc#1221777). - scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr (bsc#1221777). - scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr (bsc#1221777). - scsi: lpfc: Define types in a union for generic void *context3 ptr (bsc#1221777). - scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (bsc#1221777). - scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1221777). - scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1221777 bsc#1217959). - scsi: lpfc: Remove unnecessary log message in queuecommand path (bsc#1221777). - scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() (bsc#1221777). - scsi: lpfc: Update lpfc version to 14.4.0.1 (bsc#1221777). - scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic (bsc#1221777). - scsi: lpfc: Use a dedicated lock for ras_fwlog state (bsc#1221777). - scsi: qedf: Remove set but unused variable 'page' (bsc#1214852). - scsi: qedf: Remove unused 'num_handled' variable (bsc#1214852). - scsi: qedf: Remove unused declaration (bsc#1214852). - scsi: qla2xxx: Change debug message during driver unload (bsc1221816). - scsi: qla2xxx: Delay I/O Abort on PCI error (bsc1221816). - scsi: qla2xxx: Fix N2N stuck connection (bsc1221816). - scsi: qla2xxx: Fix command flush on cable pull (bsc1221816). - scsi: qla2xxx: Fix double free of fcport (bsc1221816). - scsi: qla2xxx: Fix double free of the ha->vp_map pointer (bsc1221816). - scsi: qla2xxx: NVME|FCP prefer flag not being honored (bsc1221816). - scsi: qla2xxx: Prevent command send on chip reset (bsc1221816). - scsi: qla2xxx: Split FCE|EFT trace control (bsc1221816). - scsi: qla2xxx: Update manufacturer detail (bsc1221816). - scsi: qla2xxx: Update version to 10.02.09.200-k (bsc1221816). - scsi: storvsc: Fix ring buffer size calculation (git-fixes). - scsi: target: core: Silence the message about unknown VPD pages (bsc#1221252). - selftests/bpf: add generic BPF program tester-loader (bsc#1222033). - serial: 8250_exar: Do not remove GPIO device on suspend (git-fixes). - serial: max310x: fix syntax error in IRQ error message (git-fixes). - slimbus: core: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - soc: fsl: qbman: Always disable interrupts when taking cgr_lock (git-fixes). - spi: lm70llp: fix links in doc and comments (git-fixes). - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (git-fixes). - sr9800: Add check for usbnet_get_endpoints (git-fixes). - stackdepot: rename pool_index to pool_index_plus_1 (git-fixes). - staging: vc04_services: fix information leak in create_component() (git-fixes). - sunrpc: add an is_err() check back to where it was (git-fixes). - sunrpc: econnreset might require a rebind (git-fixes). - sunrpc: fix a memleak in gss_import_v2_context (git-fixes). - sunrpc: fix a suspicious rcu usage warning (git-fixes). - sunrpc: fix rpc client cleaned up the freed pipefs dentries (git-fixes). - sunrpc: fix some memleaks in gssx_dec_option_array (git-fixes). - svcrdma: Drop connection after an RDMA Read error (git-fixes). - topology/sysfs: Hide PPIN on systems that do not support it (jsc#PED-7618). - topology: Fix up build warning in topology_is_visible() (jsc#PED-7618). - tracing/probes: Fix to show a parse error for bad type for $comm (git-fixes). - tracing: Fix wasted memory in saved_cmdlines logic (git-fixes). - tracing: Inform kmemleak of saved_cmdlines allocation (git-fixes). - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619). - tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled (git-fixes). - tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (git-fixes). - tty: vt: fix 20 vs 0x20 typo in EScsiignore (git-fixes). - ubifs: Queue up space reservation tasks if retrying many times (git-fixes). - ubifs: Remove unreachable code in dbg_check_ltab_lnum (git-fixes). - ubifs: Set page uptodate in the correct place (git-fixes). - ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed (git-fixes). - ubifs: fix sort function prototype (git-fixes). - usb: audio-v2: Correct comments for struct uac_clock_selector_descriptor (git-fixes). - usb: cdc-wdm: close race between read and workqueue (git-fixes). - usb: core: fix deadlock in usb_deauthorize_interface() (git-fixes). - usb: dwc2: gadget: Fix exiting from clock gating (git-fixes). - usb: dwc2: gadget: LPM flow fix (git-fixes). - usb: dwc2: host: Fix ISOC flow in DDMA mode (git-fixes). - usb: dwc2: host: Fix hibernation flow (git-fixes). - usb: dwc2: host: Fix remote wakeup from hibernation (git-fixes). - usb: dwc3: Properly set system wakeup (git-fixes). - usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes). - usb: gadget: ncm: Fix handling of zero block length packets (git-fixes). - usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (git-fixes). - usb: hub: Replace hardcoded quirk value with BIT() macro (git-fixes). - usb: port: Do not try to peer unused USB ports based on location (git-fixes). - usb: typec: Return size of buffer if pd_set operation succeeds (git-fixes). - usb: typec: ucsi: Check for notifications after init (git-fixes). - usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (git-fixes). - usb: typec: ucsi: Clear EVENT_PENDING under PPM lock (git-fixes). - usb: usb-storage: prevent divide-by-0 error in isd200_ata_command (git-fixes). - usb: xhci: Add error handling in xhci_map_urb_for_dma (git-fixes). - vboxsf: Avoid an spurious warning if load_nls_xxx() fails (git-fixes). - vt: fix unicode buffer corruption when deleting characters (git-fixes). - watchdog: stm32_iwdg: initialize default timeout (git-fixes). - wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (git-fixes). - wifi: ath11k: decrease MHI channel buffer length to 8KB (bsc#1207948). - wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use (git-fixes). - wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (git-fixes). - wifi: b43: Disable QoS for bcm4331 (git-fixes). - wifi: b43: Stop correct queue in DMA worker when QoS is disabled (git-fixes). - wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled (git-fixes). - wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled (git-fixes). - wifi: brcmfmac: fix copyright year mentioned in platform_data header (git-fixes). - wifi: brcmsmac: avoid function pointer casts (git-fixes). - wifi: iwlwifi: dbg-tlv: ensure NUL termination (git-fixes). - wifi: iwlwifi: fix EWRD table validity check (git-fixes). - wifi: iwlwifi: fw: do not always use FW dump trig (git-fixes). - wifi: iwlwifi: mvm: do not set replay counters to 0xff (git-fixes). - wifi: iwlwifi: mvm: report beacon protection failures (git-fixes). - wifi: iwlwifi: mvm: rfi: fix potential response leaks (git-fixes). - wifi: iwlwifi: mvm: use FW rate for non-data only on new devices (git-fixes). - wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (git-fixes). - wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() (git-fixes). - wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (git-fixes). - wifi: rtw88: 8821c: Fix false alarm count (git-fixes). - wifi: wilc1000: fix RCU usage in connect path (git-fixes). - wifi: wilc1000: fix declarations ordering (stable-fixes). - wifi: wilc1000: fix multi-vif management when deleting a vif (git-fixes). - wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces (git-fixes). - x86/CPU/AMD: Update the Zenbleed microcode revisions (git-fixes). - x86/bugs: Fix the SRSO mitigation on Zen3/4 (git-fixes). - x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (git-fixes). - xhci: handle isoc Babble and Buffer Overrun events properly (git-fixes). - xhci: process isoc TD properly when there was a transaction error mid TD (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.17.3 updated - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - cloud-init-config-suse-23.3-150100.8.79.2 updated - cloud-init-23.3-150100.8.79.2 updated - curl-8.0.1-150400.5.44.1 updated - glibc-locale-base-2.31-150300.74.1 updated - glibc-locale-2.31-150300.74.1 updated - glibc-2.31-150300.74.1 updated - grub2-i386-pc-2.06-150500.29.25.12 updated - grub2-x86_64-efi-2.06-150500.29.25.12 updated - grub2-2.06-150500.29.25.12 updated - hwdata-0.380-150000.3.68.1 updated - kernel-default-5.14.21-150500.55.59.1 updated - less-590-150400.3.6.2 updated - libabsl2308_0_0-20230802.1-150400.10.4.1 added - libblkid1-2.37.4-150500.9.6.1 updated - libcares2-1.19.1-150000.3.26.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - libfdisk1-2.37.4-150500.9.6.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libgnutls30-3.7.3-150400.4.44.1 updated - libmount1-2.37.4-150500.9.6.1 updated - libncurses6-6.1-150000.5.24.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - libprotobuf-lite25_1_0-25.1-150400.9.3.1 added - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - libsemanage1-3.1-150400.3.4.2 updated - libsmartcols1-2.37.4-150500.9.6.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libuuid1-2.37.4-150500.9.6.1 updated - libzypp-17.32.5-150400.3.64.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - openssh-clients-8.4p1-150300.3.37.1 updated - openssh-common-8.4p1-150300.3.37.1 updated - openssh-server-8.4p1-150300.3.37.1 updated - openssh-8.4p1-150300.3.37.1 updated - python-azure-agent-config-server-2.9.1.1-150100.3.32.3 added - python-azure-agent-2.9.1.1-150100.3.32.3 updated - python3-base-3.6.15-150300.10.60.1 updated - python3-idna-2.6-150000.3.3.1 updated - python3-3.6.15-150300.10.60.1 updated - rpm-ndb-4.14.3-150400.59.13.1 updated - samba-client-libs-4.17.12+git.462.df636292e62-150500.3.23.7 updated - shim-15.8-150300.4.20.2 updated - systemd-default-settings-branding-SLE-0.10-150300.3.7.1 updated - systemd-default-settings-0.10-150300.3.7.1 updated - terminfo-base-6.1-150000.5.24.1 updated - terminfo-6.1-150000.5.24.1 updated - util-linux-systemd-2.37.4-150500.9.6.1 updated - util-linux-2.37.4-150500.9.6.1 updated - vim-data-common-9.1.0330-150500.20.12.1 updated - vim-9.1.0330-150500.20.12.1 updated - wicked-service-0.6.74-150500.3.21.1 updated - wicked-0.6.74-150500.3.21.1 updated - xen-libs-4.17.4_02-150500.3.30.1 updated - xfsprogs-5.13.0-150400.3.7.1 updated - zypper-1.14.71-150400.3.45.2 updated - libimaevm3-1.4-150400.3.2.1 removed - libprotobuf-lite20-3.9.2-150200.4.21.1 removed From sle-container-updates at lists.suse.com Sun May 5 07:01:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 5 May 2024 09:01:16 +0200 (CEST) Subject: SUSE-IU-2024:367-1: Security update of suse-sles-15-sp5-chost-byos-v20240502-hvm-ssd-x86_64 Message-ID: <20240505070116.A2F41FCF4@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20240502-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:367-1 Image Tags : suse-sles-15-sp5-chost-byos-v20240502-hvm-ssd-x86_64:20240502 Image Release : Severity : important Type : security References : 1027519 1133277 1175678 1182659 1188500 1190495 1194869 1198101 1200465 1203378 1205316 1205588 1205855 1207948 1207987 1208794 1209635 1209657 1210382 1210959 1211721 1212180 1212182 1212514 1213418 1213456 1213945 1214148 1214852 1214934 1215005 1215098 1215099 1215100 1215101 1215102 1215103 1215221 1215322 1215334 1216474 1217316 1217320 1217321 1217324 1217326 1217329 1217330 1217339 1217432 1217450 1217667 1217829 1217959 1217987 1217988 1217989 1218171 1218321 1218336 1218431 1218479 1218492 1218562 1218643 1218777 1218871 1219031 1219169 1219170 1219264 1219443 1219460 1219520 1219559 1219581 1219834 1219901 1219937 1220061 1220114 1220132 1220176 1220237 1220251 1220279 1220320 1220325 1220328 1220337 1220340 1220365 1220366 1220393 1220398 1220411 1220413 1220433 1220439 1220441 1220443 1220445 1220466 1220469 1220478 1220482 1220484 1220486 1220487 1220492 1220703 1220724 1220735 1220736 1220763 1220775 1220790 1220797 1220831 1220833 1220836 1220839 1220840 1220843 1220845 1220848 1220870 1220871 1220872 1220878 1220879 1220883 1220885 1220887 1220898 1220917 1220918 1220920 1220921 1220926 1220927 1220929 1220930 1220931 1220932 1220933 1220937 1220938 1220940 1220954 1220955 1220959 1220960 1220961 1220965 1220969 1220978 1220979 1220981 1220982 1220983 1220985 1220986 1220987 1220989 1220990 1220996 1221009 1221012 1221015 1221022 1221039 1221040 1221044 1221045 1221046 1221048 1221055 1221056 1221058 1221060 1221061 1221062 1221066 1221067 1221068 1221069 1221070 1221071 1221077 1221082 1221090 1221097 1221123 1221132 1221156 1221184 1221194 1221239 1221242 1221252 1221273 1221274 1221276 1221277 1221289 1221291 1221293 1221298 1221337 1221338 1221358 1221361 1221375 1221379 1221399 1221407 1221525 1221551 1221553 1221613 1221614 1221616 1221618 1221631 1221633 1221665 1221667 1221713 1221725 1221726 1221746 1221747 1221777 1221814 1221816 1221830 1221831 1221866 1221951 1221984 1222033 1222056 1222060 1222070 1222073 1222086 1222105 1222109 1222113 1222117 1222259 1222274 1222291 1222300 1222302 1222304 1222317 1222331 1222355 1222356 1222360 1222366 1222373 1222453 1222547 1222619 1222831 1222842 1222952 1222992 1223094 CVE-2021-46925 CVE-2021-46926 CVE-2021-46927 CVE-2021-46929 CVE-2021-46930 CVE-2021-46931 CVE-2021-46933 CVE-2021-46934 CVE-2021-46936 CVE-2021-47082 CVE-2021-47083 CVE-2021-47087 CVE-2021-47091 CVE-2021-47093 CVE-2021-47094 CVE-2021-47095 CVE-2021-47096 CVE-2021-47097 CVE-2021-47098 CVE-2021-47099 CVE-2021-47100 CVE-2021-47101 CVE-2021-47102 CVE-2021-47104 CVE-2021-47105 CVE-2021-47107 CVE-2021-47108 CVE-2022-28737 CVE-2022-4744 CVE-2022-48624 CVE-2022-48626 CVE-2022-48627 CVE-2022-48628 CVE-2022-48629 CVE-2022-48630 CVE-2023-0160 CVE-2023-28746 CVE-2023-32731 CVE-2023-32732 CVE-2023-33953 CVE-2023-35827 CVE-2023-40546 CVE-2023-40547 CVE-2023-40548 CVE-2023-40549 CVE-2023-40550 CVE-2023-40551 CVE-2023-44487 CVE-2023-45918 CVE-2023-46842 CVE-2023-4750 CVE-2023-4785 CVE-2023-48231 CVE-2023-48232 CVE-2023-48233 CVE-2023-48234 CVE-2023-48235 CVE-2023-48236 CVE-2023-48237 CVE-2023-48706 CVE-2023-4881 CVE-2023-52425 CVE-2023-52447 CVE-2023-52450 CVE-2023-52453 CVE-2023-52454 CVE-2023-52462 CVE-2023-52463 CVE-2023-52467 CVE-2023-52469 CVE-2023-52470 CVE-2023-52474 CVE-2023-52476 CVE-2023-52477 CVE-2023-52481 CVE-2023-52482 CVE-2023-52484 CVE-2023-52486 CVE-2023-52492 CVE-2023-52493 CVE-2023-52494 CVE-2023-52497 CVE-2023-52500 CVE-2023-52501 CVE-2023-52502 CVE-2023-52504 CVE-2023-52507 CVE-2023-52508 CVE-2023-52509 CVE-2023-52510 CVE-2023-52511 CVE-2023-52513 CVE-2023-52515 CVE-2023-52517 CVE-2023-52518 CVE-2023-52519 CVE-2023-52520 CVE-2023-52523 CVE-2023-52524 CVE-2023-52525 CVE-2023-52528 CVE-2023-52529 CVE-2023-52530 CVE-2023-52531 CVE-2023-52532 CVE-2023-52559 CVE-2023-52563 CVE-2023-52564 CVE-2023-52566 CVE-2023-52567 CVE-2023-52569 CVE-2023-52574 CVE-2023-52575 CVE-2023-52576 CVE-2023-52582 CVE-2023-52583 CVE-2023-52587 CVE-2023-52591 CVE-2023-52594 CVE-2023-52595 CVE-2023-52597 CVE-2023-52598 CVE-2023-52599 CVE-2023-52600 CVE-2023-52601 CVE-2023-52602 CVE-2023-52603 CVE-2023-52604 CVE-2023-52605 CVE-2023-52606 CVE-2023-52607 CVE-2023-52608 CVE-2023-52612 CVE-2023-52615 CVE-2023-52617 CVE-2023-52619 CVE-2023-52621 CVE-2023-52623 CVE-2023-52628 CVE-2023-52632 CVE-2023-52637 CVE-2023-52639 CVE-2023-6270 CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2023-7042 CVE-2023-7192 CVE-2024-0841 CVE-2024-2004 CVE-2024-2201 CVE-2024-2201 CVE-2024-22099 CVE-2024-22667 CVE-2024-23307 CVE-2024-2398 CVE-2024-25629 CVE-2024-25739 CVE-2024-25742 CVE-2024-25743 CVE-2024-26599 CVE-2024-26600 CVE-2024-26602 CVE-2024-26607 CVE-2024-26612 CVE-2024-26614 CVE-2024-26620 CVE-2024-26627 CVE-2024-26629 CVE-2024-26642 CVE-2024-26645 CVE-2024-26646 CVE-2024-26651 CVE-2024-26654 CVE-2024-26659 CVE-2024-26664 CVE-2024-26667 CVE-2024-26670 CVE-2024-26695 CVE-2024-26717 CVE-2024-28085 CVE-2024-28182 CVE-2024-28757 CVE-2024-28834 CVE-2024-28835 CVE-2024-2961 CVE-2024-31142 CVE-2024-3651 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20240502-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:573-1 Released: Wed Feb 21 09:36:59 2024 Summary: Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 Type: security Severity: moderate References: 1133277,1182659,1203378,1208794,1212180,1212182,1214148,1215334,CVE-2023-32731,CVE-2023-32732,CVE-2023-33953,CVE-2023-44487,CVE-2023-4785 This update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 fixes the following issues: abseil-cpp was updated to: Update to 20230802.1: * Add StdcppWaiter to the end of the list of waiter implementations Update to 20230802.0 What's New: * Added the nullability library for designating the expected nullability of pointers. Currently these serve as annotations only, but it is expected that compilers will one day be able to use these annotations for diagnostic purposes. * Added the prefetch library as a portable layer for moving data into caches before it is read. * Abseil's hash tables now detect many more programming errors in debug and sanitizer builds. * Abseil's synchronization objects now differentiate absolute waits (when passed an absl::Time) from relative waits (when passed an absl::Duration) when the underlying platform supports differentiating these cases. This only makes a difference when system clocks are adjusted. * Abseil's flag parsing library includes additional methods that make it easier to use when another library also expects to be able to parse flags. * absl::string_view is now available as a smaller target, @com_google_absl//absl/strings:string_view, so that users may use this library without depending on the much larger @com_google_absl//absl/strings target. Update to 20230125.3 Details can be found on: https://github.com/abseil/abseil-cpp/releases/tag/20230125.3 Update to 20230125.2 What's New: The Abseil logging library has been released. This library provides facilities for writing short text messages about the status of a program to stderr, disk files, or other sinks (via an extension API). See the logging library documentation for more information. An extension point, AbslStringify(), allows user-defined types to seamlessly work with Abseil's string formatting functions like absl::StrCat() and absl::StrFormat(). A library for computing CRC32C checksums has been added. Floating-point parsing now uses the Eisel-Lemire algorithm, which provides a significant speed improvement. The flags library now provides suggestions for the closest flag(s) in the case of misspelled flags. Using CMake to install Abseil now makes the installed artifacts (in particular absl/base/options.h) reflect the compiled ABI. Breaking Changes: Abseil now requires at least C++14 and follows Google's Foundational C++ Support Policy. See this table for a list of currently supported versions compilers, platforms, and build tools. The legacy spellings of the thread annotation macros/functions (e.g. GUARDED_BY()) have been removed by default in favor of the ABSL_ prefixed versions (e.g. ABSL_GUARDED_BY()) due to clashes with other libraries. The compatibility macro ABSL_LEGACY_THREAD_ANNOTATIONS can be defined on the compile command-line to temporarily restore these spellings, but this compatibility macro will be removed in the future. Known Issues The Abseil logging library in this release is not a feature-complete replacement for glog yet. VLOG and DFATAL are examples of features that have not yet been released. Update to version 20220623.0 What's New: * Added absl::AnyInvocable, a move-only function type. * Added absl::CordBuffer, a type for buffering data for eventual inclusion an absl::Cord, which is useful for writing zero-copy code. * Added support for command-line flags of type absl::optional. Breaking Changes: * CMake builds now use the flag ABSL_BUILD_TESTING (default: OFF) to control whether or not unit tests are built. * The ABSL_DEPRECATED macro now works with the GCC compiler. GCC users that are experiencing new warnings can use -Wno-deprecated-declatations silence the warnings or use -Wno-error=deprecated-declarations to see warnings but not fail the build. * ABSL_CONST_INIT uses the C++20 keyword constinit when available. Some compilers are more strict about where this keyword must appear compared to the pre-C++20 implementation. * Bazel builds now depend on the bazelbuild/bazel-skylib repository. See Abseil's WORKSPACE file for an example of how to add this dependency. Other: * This will be the last release to support C++11. Future releases will require at least C++14. grpc was updated to 1.60: Update to release 1.60 * Implemented dualstack IPv4 and IPv6 backend support, as per draft gRFC A61. xDS support currently guarded by GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS env var. * Support for setting proxy for addresses. * Add v1 reflection. update to 1.59.3: * Security - Revocation: Crl backport to 1.59. (#34926) Update to release 1.59.2 * Fixes for CVE-2023-44487 Update to version 1.59.1: * C++: Fix MakeCordFromSlice memory bug (gh#grpc/grpc#34552). Update to version 1.59.0: * xds ssa: Remove environment variable protection for stateful affinity (gh#grpc/grpc#34435). * c-ares: fix spin loop bug when c-ares gives up on a socket that still has data left in its read buffer (gh#grpc/grpc#34185). * Deps: Adding upb as a submodule (gh#grpc/grpc#34199). * EventEngine: Update Cancel contract on closure deletion timeline (gh#grpc/grpc#34167). * csharp codegen: Handle empty base_namespace option value to fix gh#grpc/grpc#34113 (gh#grpc/grpc#34137). * Ruby: - replace strdup with gpr_strdup (gh#grpc/grpc#34177). - drop ruby 2.6 support (gh#grpc/grpc#34198). Update to release 1.58.1 * Reintroduced c-ares 1.14 or later support Update to release 1.58 * ruby extension: remove unnecessary background thread startup wait logic that interferes with forking Update to release 1.57 (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * EventEngine: Change GetDNSResolver to return absl::StatusOr>. * Improve server handling of file descriptor exhaustion. * Add a channel argument to set DSCP on streams. Update to release 1.56.2 * Improve server handling of file descriptor exhaustion Update to release 1.56.0 (CVE-2023-32731, bsc#1212180) * core: Add support for vsock transport. * EventEngine: Change TXT lookup result type to std::vector. * C++/Authz: support customizable audit functionality for authorization policy. Update to release 1.54.1 * Bring declarations and definitions to be in sync Update to release 1.54 (CVE-2023-32732, bsc#1212182) * XDS: enable XDS federation by default * TlsCreds: Support revocation of intermediate in chain Update to release 1.51.1 * Only a macOS/aarch64-related change Update to release 1.51 * c-ares DNS resolver: fix logical race between resolution timeout/cancellation and fd readability. * Remove support for pthread TLS Update to release 1.50.0 * Core - Derive EventEngine from std::enable_shared_from_this. (#31060) - Revert 'Revert '[chttp2] fix stream leak with queued flow control update and absence of writes (#30907)' (#30991)'. (#30992) - [chttp2] fix stream leak with queued flow control update and absence of writes. (#30907) - Remove gpr_codegen. (#30899) - client_channel: allow LB policy to communicate update errors to resolver. (#30809) - FaultInjection: Fix random number generation. (#30623) * C++ - OpenCensus Plugin: Add measure and views for started RPCs. (#31034) * C# - Grpc.Tools: Parse warnings from libprotobuf (fix #27502). (#30371) - Grpc.Tools add support for env variable GRPC_PROTOC_PLUGIN (fix #27099). (#30411) - Grpc.Tools document AdditionalImportDirs. (#30405) - Fix OutputOptions and GrpcOutputOptions (issue #25950). (#30410) Update to release 1.49.1 * All - Update protobuf to v21.6 on 1.49.x. (#31028) * Ruby - Backport 'Fix ruby windows ucrt build #31051' to 1.49.x. (#31053) Update to release 1.49.0 * Core - Backport: 'stabilize the C2P resolver URI scheme' to v1.49.x. (#30654) - Bump core version. (#30588) - Update OpenCensus to HEAD. (#30567) - Update protobuf submodule to 3.21.5. (#30548) - Update third_party/protobuf to 3.21.4. (#30377) - [core] Remove GRPC_INITIAL_METADATA_CORKED flag. (#30443) - HTTP2: Fix keepalive time throttling. (#30164) - Use AnyInvocable in EventEngine APIs. (#30220) * Python - Add type stub generation support to grpcio-tools. (#30498) Update to release 1.48.1 * Backport EventEngine Forkables Update to release 1.48.0 * C++14 is now required * xDS: Workaround to get gRPC clients working with istio Update to release 1.46.3 * backport: xds: use federation env var to guard new-style resource name parsing (#29725) #29727 Update to release 1.46 * Added HTTP/1.1 support in httpcli * HTTP2: Add graceful goaway Update to release 1.45.2 * Various fixes related to XDS * HTTP2: Should not run cancelling logic on servers when receiving GOAWAY Update to release 1.45.1 * Switched to epoll1 as a default polling engine for Linux Update to version 1.45.0: * Core: - Backport 'Include ADS stream error in XDS error updates (#29014)' to 1.45.x [gh#grpc/grpc#29121]. - Bump core version to 23.0.0 for upcoming release [gh#grpc/grpc#29026]. - Fix memory leak in HTTP request security handshake cancellation [gh#grpc/grpc#28971]. - CompositeChannelCredentials: Comparator implementation [gh#grpc/grpc#28902]. - Delete custom iomgr [gh#grpc/grpc#28816]. - Implement transparent retries [gh#grpc/grpc#28548]. - Uniquify channel args keys [gh#grpc/grpc#28799]. - Set trailing_metadata_available for recv_initial_metadata ops when generating a fake status [gh#grpc/grpc#28827]. - Eliminate gRPC insecure build [gh#grpc/grpc#25586]. - Fix for a racy WorkSerializer shutdown [gh#grpc/grpc#28769]. - InsecureCredentials: singleton object [gh#grpc/grpc#28777]. - Add http cancel api [gh#grpc/grpc#28354]. - Memory leak fix on windows in grpc_tcp_create() [gh#grpc/grpc#27457]. - xDS: Rbac filter updates [gh#grpc/grpc#28568]. * C++ - Bump the minimum gcc to 5 [gh#grpc/grpc#28786]. - Add experimental API for CRL checking support to gRPC C++ TlsCredentials [gh#grpc/grpc#28407]. Update to release 1.44.0 * Add a trace to list which filters are contained in a channel stack. * Remove grpc_httpcli_context. * xDS: Add support for RBAC HTTP filter. * API to cancel grpc_resolve_address. Update to version 1.43.2: * Fix google-c2p-experimental issue (gh#grpc/grpc#28692). Changes from version 1.43.0: * Core: - Remove redundant work serializer usage in c-ares windows code (gh#grpc/grpc#28016). - Support RDS updates on the server (gh#grpc/grpc#27851). - Use WorkSerializer in XdsClient to propagate updates in a synchronized manner (gh#grpc/grpc#27975). - Support Custom Post-handshake Verification in TlsCredentials (gh#grpc/grpc#25631). - Reintroduce the EventEngine default factory (gh#grpc/grpc#27920). - Assert Android API >= v21 (gh#grpc/grpc#27943). - Add support for abstract unix domain sockets (gh#grpc/grpc#27906). * C++: - OpenCensus: Move metadata storage to arena (gh#grpc/grpc#27948). * [C#] Add nullable type attributes to Grpc.Core.Api (gh#grpc/grpc#27887). - Update package name libgrpc++1 to libgrpc++1_43 in keeping with updated so number. Update to release 1.41.0 * xDS: Remove environmental variable guard for security. * xDS Security: Use new way to fetch certificate provider plugin instance config. * xDS server serving status: Use a struct to allow more fields to be added in the future. Update to release 1.39.1 * Fix C# protoc plugin argument parsing on 1.39.x Update to version 1.39.0: * Core - Initialize tcp_posix for CFStream when needed (gh#grpc/grpc#26530). - Update boringssl submodule (gh#grpc/grpc#26520). - Fix backup poller races (gh#grpc/grpc#26446). - Use default port 443 in HTTP CONNECT request (gh#grpc/grpc#26331). * C++ - New iomgr implementation backed by the EventEngine API (gh#grpc/grpc#26026). - async_unary_call: add a Destroy method, called by std::default_delete (gh#grpc/grpc#26389). - De-experimentalize C++ callback API (gh#grpc/grpc#25728). * PHP: stop reading composer.json file just to read the version string (gh#grpc/grpc#26156). * Ruby: Set XDS user agent in ruby via macros (gh#grpc/grpc#26268). Update to release 1.38.0 * Invalidate ExecCtx now before computing timeouts in all repeating timer events using a WorkSerializer or combiner. * Fix use-after-unref bug in fault_injection_filter * New gRPC EventEngine Interface * Allow the AWS_DEFAULT_REGION environment variable * s/OnServingStatusChange/OnServingStatusUpdate/ Update to release 1.37.1 * Use URI form of address for channelz listen node * Implementation CSDS (xDS Config Dump) * xDS status notifier * Remove CAS loops in global subchannel pool and simplify subchannel refcounting Update to release 1.36.4 * A fix for DNS SRV lookups on Windows Update to 1.36.1: * Core: * Remove unnecessary internal pollset set in c-ares DNS resolver * Support Default Root Certs in Tls Credentials * back-port: add env var protection for google-c2p resolver * C++: * Move third party identity C++ api out of experimental namespace * refactor!: change error_details functions to templates * Support ServerContext for callback API * PHP: * support for PSM security * fixed segfault on reused call object * fixed phpunit 8 warnings * Python: * Implement Python Client and Server xDS Creds Update to version 1.34.1: * Backport 'Lazily import grpc_tools when using runtime stub/message generation' to 1.34.x (gh#grpc/grpc#25011). * Backport 'do not use true on non-windows' to 1.34.x (gh#grpc/grpc#24995). Update to version 1.34.0: * Core: - Protect xds security code with the environment variable 'GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT' (gh#grpc/grpc#24782). - Add support for 'unix-abstract:' URIs to support abstract unix domain sockets (gh#grpc/grpc#24500). - Increment Index when parsing not plumbed SAN fields (gh#grpc/grpc#24601). - Revert 'Revert 'Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS'' (gh#grpc/grpc#24518). - xds: Set status code to INVALID_ARGUMENT when NACKing (gh#grpc/grpc#24516). - Include stddef.h in address_sorting.h (gh#grpc/grpc#24514). - xds: Add support for case_sensitive option in RouteMatch (gh#grpc/grpc#24381). * C++: - Fix --define=grpc_no_xds=true builds (gh#grpc/grpc#24503). - Experimental support and tests for CreateCustomInsecureChannelWithInterceptorsFromFd (gh#grpc/grpc#24362). Update to release 1.33.2 * Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS. * Expose Cronet error message to the application layer. * Remove grpc_channel_ping from surface API. * Do not send BDP pings if there is no receive side activity. Update to version 1.33.1 * Core - Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS (gh#grpc/grpc#24063). - Expose Cronet error message to the application layer (gh#grpc/grpc#24083). - Remove grpc_channel_ping from surface API (gh#grpc/grpc#23894). - Do not send BDP pings if there is no receive side activity (gh#grpc/grpc#22997). * C++ - Makefile: only support building deps from submodule (gh#grpc/grpc#23957). - Add new subpackages - libupb and upb-devel. Currently, grpc sources include also upb sources. Before this change, libupb and upb-devel used to be included in a separate package - upb. Update to version 1.32.0: * Core - Remove stream from stalled lists on remove_stream (gh#grpc/grpc#23984). - Do not cancel RPC if send metadata size if larger than peer's limit (gh#grpc/grpc#23806). - Don't consider receiving non-OK status as an error for HTTP2 (gh#grpc/grpc#19545). - Keepalive throttling (gh#grpc/grpc#23313). - Include the target_uri in 'target uri is not valid' error messages (gh#grpc/grpc#23782). - Fix 'cannot send compressed message large than 1024B' in cronet_transport (gh#grpc/grpc#23219). - Receive SETTINGS frame on clients before declaring subchannel READY (gh#grpc/grpc#23636). - Enabled GPR_ABSEIL_SYNC (gh#grpc/grpc#23372). - Experimental xDS v3 support (gh#grpc/grpc#23281). * C++ - Upgrade bazel used for all tests to 2.2.0 (gh#grpc/grpc#23902). - Remove test targets and test helper libraries from Makefile (gh#grpc/grpc#23813). - Fix repeated builds broken by re2's cmake (gh#grpc/grpc#23587). - Log the peer address of grpc_cli CallMethod RPCs to stderr (gh#grpc/grpc#23557). opencensus-proto was updated to 0.3.0+git.20200721: - Update to version 0.3.0+git.20200721: * Bump version to 0.3.0 * Generate Go types using protocolbuffers/protobuf-go (#218) * Load proto_library() rule. (#216) - Update to version 0.2.1+git.20190826: * Remove grpc_java dependency and java_proto rules. (#214) * Add C++ targets, especially for gRPC services. (#212) * Upgrade bazel and dependencies to latest. (#211) * Bring back bazel cache to make CI faster. (#210) * Travis: don't require sudo for bazel installation. (#209) - Update to version 0.2.1: * Add grpc-gateway for metrics service. (#205) * Pin bazel version in travis builds (#207) * Update gen-go files (#199) * Add Web JS as a LibraryInfo.Language option (#198) * Set up Python packaging for PyPI release. (#197) * Add tracestate to links. (#191) * Python proto file generator and generated proto files (#196) * Ruby proto file generator and generated proto files (#192) * Add py_proto_library() rules for envoy/api. (#194) * Gradle: Upgrade dependency versions. (#193) * Update release versions for readme. (#189) * Start 0.3.0 development cycle * Update gen-go files. (#187) * Revert 'Start 0.3.0 development cycle (#167)' (#183) * Revert optimization for metric descriptor and bucket options for now. (#184) * Constant sampler: add option to always follow the parent's decision. (#182) * Document that all maximum values must be specified. (#181) * Fix typo in bucket bounds. (#178) * Restrict people who can approve reviews. This is to ensure code quality. (#177) * Use bazel cache to make CI faster. (#176) * Add grpc generated files to the idea plugin. (#175) * Add Resource to Span (#174) * time is required (#170) * Upgrade protobuf dependency to v3.6.1.3. (#173) * assume Ok Status when not set (#171) * Minor comments fixes (#160) * Start 0.3.0 development cycle (#167) * Update gen-go files. (#162) * Update releasing instruction. (#163) * Fix Travis build. (#165) * Add OpenApi doc for trace agent grpc-gateway (#157) * Add command to generate OpenApi/Swagger doc for grpc-gateway (#156) * Update gen-go files (#155) * Add trace export grpc-gateway config (#77) * Fix bazel build after bazel upgrade (#154) * README: Add gitter, javadoc and godoc badge. (#151) * Update release versions for README. (#150) * Start 0.2.0 development cycle * Add resource and metrics_service proto to mkgogen. Re-generate gen-go files. (#147) * Add resource to protocol (#137) * Fix generating the javadoc. (#144) * Metrics/TimeSeries: start time should not be included while end time should. (#142) * README: Add instructions on using opencensus_proto with Bazel. (#140) * agent/README: update package info. (#138) * Agent: Add metrics service. (#136) * Tracing: Add default limits to TraceConfig. (#133) * Remove a stale TODO. (#134) * README: Add a note about go_proto_library rules. (#135) * add golang bazel build support (#132) * Remove exporter protos from mkgogen. (#128) * Update README and RELEASING. (#130) * Change histogram buckets definition to be OpenMetrics compatible. (#121) * Remove exporter/v1 protos. (#124) * Clean up the README for Agent proto. (#126) * Change Quantiles to ValuesAtPercentile. (#122) * Extend the TraceService service to support export/config for multiple Applications. (#119) * Add specifications on Agent implementation details. (#112) * Update gitignore (#118) * Remove maven support. Not used. (#116) * Add gauge distribution. (#117) * Add support for Summary type and value. (#110) * Add Maven status and instructions on adding dependencies. (#115) * Bump version to 0.0.3-SNAPSHOT * Bump version to 0.0.2 * Update gen-go files. (#114) * Gradle: Add missing source and javadoc rules. (#113) * Add support for float attributes. (#98) * Change from mean to sum in distribution. (#109) * Bump version to v0.0.2-SNAPSHOT * Bump version to v0.0.1 * Add releasing instructions in RELEASING.md. (#106) * Add Gradle build rules for generating gRPC service and releasing to Maven. (#102) * Re-organize proto directory structure. (#103) * Update gen-go files. (#101) * Add a note about interceptors of other libraries. (#94) * agent/common/v1: use exporter_version, core_library_version in LibraryInfo (#100) * opencensus/proto: add default Agent port to README (#97) * Update the message names for Config RPC. (#93) * Add details about agent protocol in the README. (#88) * Update gen-go files. (#92) * agent/trace/v1: fix signature for Config and comments too (#91) * Update gen-go files. (#86) * Make tracestate a list instead of a map to preserve ordering. (#84) * Allow MetricDescriptor to be sent only the first time. (#78) * Update mkgogen.sh. (#85) * Add agent trace service proto definitions. (#79) * Update proto and gen-go package names. (#83) * Add agent/common proto and BUILD. (#81) * Add trace_config.proto. (#80) * Build exporters with maven. (#76) * Make clear that cumulative int/float can go only up. (#75) * Add tracestate field to the Span proto. (#74) * gradle wrapper --gradle-version 4.9 (#72) * Change from multiple types of timeseries to have one. (#71) * Move exemplars in the Bucket. (#70) * Update gen-go files. (#69) * Move metrics in the top level directory. (#68) * Remove Range from Distribution. No backend supports this. (#67) * Remove unused MetricSet message. (#66) * Metrics: Add Exemplar to DistributionValue. (#62) * Gauge vs Cumulative. (#65) * Clarifying comment about bucket boundaries. (#64) * Make MetricDescriptor.Type capture the type of the value as well. (#63) * Regenerate the Go artifacts (#61) * Add export service proto (#60) - Initial version 20180523 protobuf was updated to 25.1: update to 25.1: * Raise warnings for deprecated python syntax usages * Add support for extensions in CRuby, JRuby, and FFI Ruby * Add support for options in CRuby, JRuby and FFI (#14594) update to 25.0: * Implement proto2/proto3 with editions * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Editions: Introduce functionality to protoc for generating edition feature set defaults. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Editions: Refactor feature resolution to use an intermediate message. * Publish extension declarations with declaration verifications. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Protoc: parser rejects explicit use of map_entry option * Protoc: validate that reserved range start is before end * Protoc: support identifiers as reserved names in addition to string literals (only in editions) * Drop support for Bazel 5. * Allow code generators to specify whether or not they support editions. C++: * Set `PROTOBUF_EXPORT` on `InternalOutOfLineDeleteMessageLite()` * Update stale checked-in files * Apply PROTOBUF_NOINLINE to declarations of some functions that want it. * Implement proto2/proto3 with editions * Make JSON UTF-8 boundary check inclusive of the largest possible UTF-8 character. * Reduce `Map::size_type` to 32-bits. Protobuf containers can't have more than that * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Fix bug in reflection based Swap of map fields. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Add prefetching to arena allocations. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated repeated and map field accessors. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated string field accessors. * Editions: Refactor feature resolution to use an intermediate message. * Fixes for 32-bit MSVC. * Publish extension declarations with declaration verifications. * Export the constants in protobuf's any.h to support DLL builds. * Implement AbslStringify for the Descriptor family of types. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated message field accessors. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Introduce C++ feature for UTF8 validation. * Protoc: validate that reserved range start is before end * Remove option to disable the table-driven parser in protoc. * Lock down ctype=CORD in proto file. * Support split repeated fields. * In OSS mode omit some extern template specializations. * Allow code generators to specify whether or not they support editions. Java: * Implement proto2/proto3 with editions * Remove synthetic oneofs from Java gencode field accessor tables. * Timestamps.parse: Add error handling for invalid hours/minutes in the timezone offset. * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Add missing debugging version info to Protobuf Java gencode when multiple files are generated. * Fix a bad cast in putBuilderIfAbsent when already present due to using the result of put() directly (which is null if it currently has no value) * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Fix a NPE in putBuilderIfAbsent due to using the result of put() directly (which is null if it currently has no value) * Update Kotlin compiler to escape package names * Add MapFieldBuilder and change codegen to generate it and the put{field}BuilderIfAbsent method. * Introduce recursion limit in Java text format parsing * Consider the protobuf.Any invalid if typeUrl.split('/') returns an empty array. * Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated. * Fixed Python memory leak in map lookup. * Loosen upb for json name conflict check in proto2 between json name and field * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Ensure Timestamp.ToDatetime(tz) has correct offset * Do not check required field for upb python MergeFrom * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Comparing a proto message with an object of unknown returns NotImplemented * Emit __slots__ in pyi output as a tuple rather than a list for --pyi_out. * Fix a bug that strips options from descriptor.proto in Python. * Raise warings for message.UnknownFields() usages and navigate to the new add * Add protobuf python keyword support in path for stub generator. * Add tuple support to set Struct * ### Python C-Extension (Default) * Comparing a proto message with an object of unknown returns NotImplemented * Check that ffi-compiler loads before using it to define tasks. UPB (Python/PHP/Ruby C-Extension): * Include .inc files directly instead of through a filegroup * Loosen upb for json name conflict check in proto2 between json name and field * Add utf8_validation feature back to the global feature set. * Do not check required field for upb python MergeFrom * Merge the protobuf and upb Bazel repos * Added malloc_trim() calls to Python allocator so RSS will decrease when memory is freed * Upb: fix a Python memory leak in ByteSize() * Support ASAN detection on clang * Upb: bugfix for importing a proto3 enum from within a proto2 file * Expose methods needed by Ruby FFI using UPB_API * Fix `PyUpb_Message_MergeInternal` segfault - Build with source and target levels 8 * fixes build with JDK21 - Install the pom file with the new %%mvn_install_pom macro - Do not install the pom-only artifacts, since the %%mvn_install_pom macro resolves the variables at the install time update to 23.4: * Add dllexport_decl for generated default instance. * Deps: Update Guava to 32.0.1 update to 23.3: C++: * Regenerate stale files * Use the same ABI for static and shared libraries on non- Windows platforms * Add a workaround for GCC constexpr bug Objective-C: * Regenerate stale files UPB (Python/PHP/Ruby C-Extension) * Fixed a bug in `upb_Map_Delete()` that caused crashes in map.delete(k) for Ruby when string-keyed maps were in use. Compiler: * Add missing header to Objective-c generator * Add a workaround for GCC constexpr bug Java: * Rollback of: Simplify protobuf Java message builder by removing methods that calls the super class only. Csharp: * [C#] Replace regex that validates descriptor names update to 22.5: C++: * Add missing cstdint header * Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700) * Avoid using string(JOIN..., which requires cmake 3.12 * Explicitly include GTest package in examples * Bump Abseil submodule to 20230125.3 (#12660) update to 22.4: C++: * Fix libprotoc: export useful symbols from .so Python: * Fix bug in _internal_copy_files where the rule would fail in downstream repositories. Other: * Bump utf8_range to version with working pkg-config (#12584) * Fix declared dependencies for pkg-config * Update abseil dependency and reorder dependencies to ensure we use the version specified in protobuf_deps. * Turn off clang::musttail on i386 update to v22.3 UPB (Python/PHP/Ruby C-Extension): * Remove src prefix from proto import * Fix .gitmodules to use the correct absl branch * Remove erroneous dependency on googletest update to 22.2: Java: * Add version to intra proto dependencies and add kotlin stdlib dependency * Add $ back for osgi header * Remove $ in pom files update to 22.1: * Add visibility of plugin.proto to python directory * Strip 'src' from file name of plugin.proto * Add OSGi headers to pom files. * Remove errorprone dependency from kotlin protos. * Version protoc according to the compiler version number. - update to 22.0: * This version includes breaking changes to: Cpp. Please refer to the migration guide for information: https://protobuf.dev/support/migration/#compiler-22 * [Cpp] Migrate to Abseil's logging library. * [Cpp] `proto2::Map::value_type` changes to `std::pair`. * [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream, and DefaultFieldComparator classes. * [Cpp] Add a dependency on Abseil (#10416) * [Cpp] Remove all autotools usage (#10132) * [Cpp] Add C++20 reserved keywords * [Cpp] Dropped C++11 Support * [Cpp] Delete Arena::Init * [Cpp] Replace JSON parser with new implementation * [Cpp] Make RepeatedField::GetArena non-const in order to support split RepeatedFields. * long list of bindings specific fixes see https://github.com/protocolbuffers/protobuf/releases/tag/v22.0 update to v21.12: * Python: * Fix broken enum ranges (#11171) * Stop requiring extension fields to have a sythetic oneof (#11091) * Python runtime 4.21.10 not works generated code can not load valid proto. update to 21.11: * Python: * Add license file to pypi wheels (#10936) * Fix round-trip bug (#10158) update to 21.10:: * Java: * Use bit-field int values in buildPartial to skip work on unset groups of fields. (#10960) * Mark nested builder as clean after clear is called (#10984) update to 21.9: * Ruby: * Replace libc strdup usage with internal impl to restore musl compat (#10818) * Auto capitalize enums name in Ruby (#10454) (#10763) * Other: * Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721) * C++: * 21.x No longer define no_threadlocal on OpenBSD (#10743) * Java: * Mark default instance as immutable first to avoid race during static initialization of default instances (#10771) * Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder. * Move proto wireformat parsing functionality from the private 'parsing constructor' to the Builder class. * Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations. * Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance. * Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field. update to 21.6: C++: * Reduce memory consumption of MessageSet parsing update to 21.5: PHP: * Added getContainingOneof and getRealContainingOneof to descriptor. * fix PHP readonly legacy files for nested messages Python: * Fixed comparison of maps in Python. - update to 21.4: * Reduce the required alignment of ArenaString from 8 to 4 - update to 21.3: * C++: * Add header search paths to Protobuf-C++.podspec (#10024) * Fixed Visual Studio constinit errors (#10232) * Fix #9947: make the ABI compatible between debug and non-debug builds (#10271) * UPB: * Allow empty package names (fixes behavior regression in 4.21.0) * Fix a SEGV bug when comparing a non-materialized sub-message (#10208) * Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name) * for x in mapping now yields keys rather than values, to match Python conventions and the behavior of the old library. * Lookup operations now correctly reject unhashable types as map keys. * We implement repr() to use the same format as dict. * Fix maps to use the ScalarMapContainer class when appropriate * Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717) * PHP: * Add 'readonly' as a keyword for PHP and add previous classnames to descriptor pool (#10041) * Python: * Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118) * Bazel: * Add back a filegroup for :well_known_protos (#10061) Update to 21.2: - C++: - cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614) - Escape GetObject macro inside protoc-generated code (#9739) - Update CMake configuration to add a dependency on Abseil (#9793) - Fix cmake install targets (#9822) - Use __constinit only in GCC 12.2 and up (#9936) - Java: - Update protobuf_version.bzl to separate protoc and per-language java ??? (#9900) - Python: - Increment python major version to 4 in version.json for python upb (#9926) - The C extension module for Python has been rewritten to use the upb library. - This is expected to deliver significant performance benefits, especially when parsing large payloads. There are some minor breaking changes, but these should not impact most users. For more information see: https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates - PHP: - [PHP] fix PHP build system (#9571) - Fix building packaged PHP extension (#9727) - fix: reserve 'ReadOnly' keyword for PHP 8.1 and add compatibility (#9633) - fix: phpdoc syntax for repeatedfield parameters (#9784) - fix: phpdoc for repeatedfield (#9783) - Change enum string name for reserved words (#9780) - chore: [PHP] fix phpdoc for MapField keys (#9536) - Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996) - Ruby: - Allow pre-compiled binaries for ruby 3.1.0 (#9566) - Implement respond_to? in RubyMessage (#9677) - [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722) - Do not use range based UTF-8 validation in truffleruby (#9769) - Improve range handling logic of RepeatedField (#9799) - Other: - Fix invalid dependency manifest when using descriptor_set_out (#9647) - Remove duplicate java generated code (#9909) - Update to 3.20.1: - PHP: - Fix building packaged PHP extension (#9727) - Fixed composer.json to only advertise compatibility with PHP 7.0+. (#9819) - Ruby: - Disable the aarch64 build on macOS until it can be fixed. (#9816) - Other: - Fix versioning issues in 3.20.0 - Update to 3.20.1: - Ruby: - Dropped Ruby 2.3 and 2.4 support for CI and releases. (#9311) - Added Ruby 3.1 support for CI and releases (#9566). - Message.decode/encode: Add recursion_limit option (#9218/#9486) - Allocate with xrealloc()/xfree() so message allocation is visible to the - Ruby GC. In certain tests this leads to much lower memory usage due to more - frequent GC runs (#9586). - Fix conversion of singleton classes in Ruby (#9342) - Suppress warning for intentional circular require (#9556) - JSON will now output shorter strings for double and float fields when possible - without losing precision. - Encoding and decoding of binary format will now work properly on big-endian - systems. - UTF-8 verification was fixed to properly reject surrogate code points. - Unknown enums for proto2 protos now properly implement proto2's behavior of - putting such values in unknown fields. - Java: - Revert 'Standardize on Array copyOf' (#9400) - Resolve more java field accessor name conflicts (#8198) - Fix parseFrom to only throw InvalidProtocolBufferException - InvalidProtocolBufferException now allows arbitrary wrapped Exception types. - Fix bug in FieldSet.Builder.mergeFrom - Flush CodedOutputStream also flushes underlying OutputStream - When oneof case is the same and the field type is Message, merge the - subfield. (previously it was replaced.)??? - Add @CheckReturnValue to some protobuf types - Report original exceptions when parsing JSON - Add more info to @deprecated javadoc for set/get/has methods - Fix initialization bug in doc comment line numbers - Fix comments for message set wire format. - Kotlin: - Add test scope to kotlin-test for protobuf-kotlin-lite (#9518) - Add orNull extensions for optional message fields. - Add orNull extensions to all proto3 message fields. - Python: - Dropped support for Python < 3.7 (#9480) - Protoc is now able to generate python stubs (.pyi) with --pyi_out - Pin multibuild scripts to get manylinux1 wheels back (#9216) - Fix type annotations of some Duration and Timestamp methods. - Repeated field containers are now generic in field types and could be used in type annotations. - Protobuf python generated codes are simplified. Descriptors and message classes' definitions are now dynamic created in internal/builder.py. - Insertion Points for messages classes are discarded. - has_presence is added for FieldDescriptor in python - Loosen indexing type requirements to allow valid index() implementations rather than only PyLongObjects. - Fix the deepcopy bug caused by not copying message_listener. - Added python JSON parse recursion limit (default 100) - Path info is added for python JSON parse errors - Pure python repeated scalar fields will not able to pickle. Convert to list first. - Timestamp.ToDatetime() now accepts an optional tzinfo parameter. If specified, the function returns a timezone-aware datetime in the given time zone. If omitted or None, the function returns a timezone-naive UTC datetime (as previously). - Adds client_streaming and server_streaming fields to MethodDescriptor. - Add 'ensure_ascii' parameter to json_format.MessageToJson. This allows smaller JSON serializations with UTF-8 or other non-ASCII encodings. - Added experimental support for directly assigning numpy scalars and array. - Improve the calculation of public_dependencies in DescriptorPool. - [Breaking Change] Disallow setting fields to numpy singleton arrays or repeated fields to numpy multi-dimensional arrays. Numpy arrays should be indexed or flattened explicitly before assignment. - Compiler: - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Rework allocations to power-of-two byte sizes. - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Make TaggedPtr Set...() calls explicitly spell out the content type. - Check for parsing error before verifying UTF8. - Enforce a maximum message nesting limit of 32 in the descriptor builder to - guard against stack overflows - Fixed bugs in operators for RepeatedPtrIterator - Assert a maximum map alignment for allocated values - Fix proto1 group extension protodb parsing error - Do not log/report the same descriptor symbol multiple times if it contains - more than one invalid character. - Add UnknownFieldSet::SerializeToString and SerializeToCodedStream. - Remove explicit default pointers and deprecated API from protocol compiler - Arenas: - Change Repeated*Field to reuse memory when using arenas. - Implements pbarenaz for profiling proto arenas - Introduce CreateString() and CreateArenaString() for cleaner semantics - Fix unreferenced parameter for MSVC builds - Add UnsafeSetAllocated to be used for one-of string fields. - Make Arena::AllocateAligned() a public function. - Determine if ArenaDtor related code generation is necessary in one place. - Implement on demand register ArenaDtor for InlinedStringField - C++: - Enable testing via CTest (#8737) - Add option to use external GTest in CMake (#8736) - CMake: Set correct sonames for libprotobuf-lite.so and libprotoc.so (#8635) (#9529) - Add cmake option protobuf_INSTALL to not install files (#7123) - CMake: Allow custom plugin options e.g. to generate mocks (#9105) - CMake: Use linker version scripts (#9545) - Manually *struct Cord fields to work better with arenas. - Manually destruct map fields. - Generate narrower code - Fix #9378 by removing - shadowed cached_size field - Remove GetPointer() and explicit nullptr defaults. - Add proto_h flag for speeding up large builds - Add missing overload for reference wrapped fields. - Add MergedDescriptorDatabase::FindAllFileNames() - RepeatedField now defines an iterator type instead of using a pointer. - Remove obsolete macros GOOGLE_PROTOBUF_HAS_ONEOF and GOOGLE_PROTOBUF_HAS_ARENAS. - PHP: - Fix: add missing reserved classnames (#9458) - PHP 8.1 compatibility (#9370) - C#: - Fix trim warnings (#9182) - Fixes NullReferenceException when accessing FieldDescriptor.IsPacked (#9430) - Add ToProto() method to all descriptor classes (#9426) - Add an option to preserve proto names in JsonFormatter (#6307) - Objective-C: - Add prefix_to_proto_package_mappings_path option. (#9498) - Rename proto_package_to_prefix_mappings_path to package_to_prefix_mappings_path. (#9552) - Add a generation option to control use of forward declarations in headers. (#9568) - update to 3.19.4: Python: * Make libprotobuf symbols local on OSX to fix issue #9395 (#9435) Ruby: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32 PHP: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32. - Update to 3.19.3: C++: * Make proto2::Message::DiscardUnknownFields() non-virtual * Separate RepeatedPtrField into its own header file * For default floating point values of 0, consider all bits significant * Fix shadowing warnings * Fix for issue #8484, constant initialization doesn't compile in msvc clang-cl environment Java: * Improve performance characteristics of UnknownFieldSet parsing * For default floating point values of 0, consider all bits significant * Annotate //java/com/google/protobuf/util/... with nullness annotations * Use ArrayList copy constructor Bazel: * Ensure that release archives contain everything needed for Bazel * Align dependency handling with Bazel best practices Javascript: * Fix ReferenceError: window is not defined when getting the global object Ruby: * Fix memory leak in MessageClass.encode * Override Map.clone to use Map's dup method * Ruby: build extensions for arm64-darwin * Add class method Timestamp.from_time to ruby well known types * Adopt pure ruby DSL implementation for JRuby * Add size to Map class * Fix for descriptor_pb.rb: google/protobuf should be required first Python: * Proto2 DecodeError now includes message name in error message * Make MessageToDict convert map keys to strings * Add python-requires in setup.py * Add python 3.10 - Update to 3.17.3: C++ * Introduce FieldAccessListener. * Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class * Provide stable versions of SortAndUnique(). * Make sure to cache proto3 optional message fields when they are cleared. * Expose UnsafeArena methods to Reflection. * Use std::string::empty() rather than std::string::size() > 0. * [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * Delete StringPiecePod (#8353) * Create a CMake option to control whether or not RTTI is enabled (#8347) * Make util::Status more similar to absl::Status (#8405) * The ::pb namespace is no longer exposed due to conflicts. * Allow MessageDifferencer::TreatAsSet() (and friends) to override previous calls instead of crashing. * Reduce the size of generated proto headers for protos with string or bytes fields. * Move arena() operation on uncommon path to out-of-line routine * For iterator-pair function parameter types, take both iterators by value. * Code-space savings and perhaps some modest performance improvements in * RepeatedPtrField. * Eliminate nullptr check from every tag parse. * Remove unused _$name$cached_byte_size fields. * Serialize extension ranges together when not broken by a proto field in the middle. * Do out-of-line allocation and deallocation of string object in ArenaString. * Streamline ParseContext::ParseMessage to avoid code bloat and improve performance. * New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}. on an error path. * util::DefaultFieldComparator will be final in a future version of protobuf. * Subclasses should inherit from SimpleFieldComparator instead. Kotlin * Introduce support for Kotlin protos (#8272) * Restrict extension setter and getter operators to non-nullable T. Java * Fixed parser to check that we are at a proper limit when a sub-message has finished parsing. * updating GSON and Guava to more recent versions (#8524) * Reduce the time spent evaluating isExtensionNumber by storing the extension ranges in a TreeMap for faster queries. This is particularly relevant for protos which define a large number of extension ranges, for example when each tag is defined as an extension. * Fix java bytecode estimation logic for optional fields. * Optimize Descriptor.isExtensionNumber. * deps: update JUnit and Truth (#8319) * Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented. * Exceptions thrown while reading from an InputStream in parseFrom are now included as causes. * Support potentially more efficient proto parsing from RopeByteStrings. * Clarify runtime of ByteString.Output.toStringBuffer(). * Added UnsafeByteOperations to protobuf-lite (#8426) Python: * Add MethodDescriptor.CopyToProto() (#8327) * Remove unused python_protobuf.{cc,h} (#8513) * Start publishing python aarch64 manylinux wheels normally (#8530) * Fix constness issue detected by MSVC standard conforming mode (#8568) * Make JSON parsing match C++ and Java when multiple fields from the same oneof are present and all but one is null. * Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344) * Switch on 'new' buffer API (#8339) * Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280) * Fixed a bug in text format where a trailing colon was printed for repeated field. * When TextFormat encounters a duplicate message map key, replace the current one instead of merging. Ruby: * Add support for proto3 json_name in compiler and field definitions (#8356) * Fixed memory leak of Ruby arena objects. (#8461) * Fix source gem compilation (#8471) * Fix various exceptions in Ruby on 64-bit Windows (#8563) * Fix crash when calculating Message hash values on 64-bit Windows (#8565) General: * Support M1 (#8557) Update to 3.15.8: - Fixed memory leak of Ruby arena objects (#8461) Update to 3.15.7: C++: * Remove the ::pb namespace (alias) (#8423) Ruby: * Fix unbounded memory growth for Ruby <2.7 (#8429) * Fixed message equality in cases where the message type is different (#8434) update to 3.15.6: Ruby: * Fixed bug in string comparison logic (#8386) * Fixed quadratic memory use in array append (#8379) * Fixed SEGV when users pass nil messages (#8363) * Fixed quadratic memory usage when appending to arrays (#8364) * Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341) * Fix for FieldDescriptor.get(msg) (#8330) * Bugfix for Message.[] for repeated or map fields (#8313) PHP: * read_property() handler is not supposed to return NULL (#8362) Protocol Compiler * Optional fields for proto3 are enabled by default, and no longer require the --experimental_allow_proto3_optional flag. C++: * Do not disable RTTI by default in the CMake build (#8377) * Create a CMake option to control whether or not RTTI is enabled (#8361) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * MessageDifferencer: fixed bug when using custom ignore with multiple unknown fields * Use init_seg in MSVC to push initialization to an earlier phase. * Runtime no longer triggers -Wsign-compare warnings. * Fixed -Wtautological-constant-out-of-range-compare warning. * DynamicCastToGenerated works for nullptr input for even if RTTI is disabled * Arena is refactored and optimized. * Clarified/specified that the exact value of Arena::SpaceAllocated() is an implementation detail users must not rely on. It should not be used in unit tests. * Change the signature of Any::PackFrom() to return false on error. * Add fast reflection getter API for strings. * Constant initialize the global message instances * Avoid potential for missed wakeup in UnknownFieldSet * Now Proto3 Oneof fields have 'has' methods for checking their presence in C++. * Bugfix for NVCC * Return early in _InternalSerialize for empty maps. * Adding functionality for outputting map key values in proto path logging output (does not affect comparison logic) and stop printing 'value' in the path. The modified print functionality is in the MessageDifferencer::StreamReporter. * Fixed https://github.com/protocolbuffers/protobuf/issues/8129 * Ensure that null char symbol, package and file names do not result in a crash. * Constant initialize the global message instances * Pretty print 'max' instead of numeric values in reserved ranges. * Removed remaining instances of std::is_pod, which is deprecated in C++20. * Changes to reduce code size for unknown field handling by making uncommon cases out of line. * Fix std::is_pod deprecated in C++20 (#7180) * Fix some -Wunused-parameter warnings (#8053) * Fix detecting file as directory on zOS issue #8051 (#8052) * Don't include sys/param.h for _BYTE_ORDER (#8106) * remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154) * Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159) * Fix for compiler warning issue#8145 (#8160) * fix: support deprecated enums for GCC < 6 (#8164) * Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125) Python: * Provided an override for the reverse() method that will reverse the internal collection directly instead of using the other methods of the BaseContainer. * MessageFactory.CreateProtoype can be overridden to customize class creation. * Fix PyUnknownFields memory leak (#7928) * Add macOS big sur compatibility (#8126) JavaScript * Generate `getDescriptor` methods with `*` as their `this` type. * Enforce `let/const` for generated messages. * js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with negative bitsLow and low but non-zero bitsHigh parameter. (#8170) PHP: * Added support for PHP 8. (#8105) * unregister INI entries and fix invalid read on shutdown (#8042) * Fix PhpDoc comments for message accessors to include '|null'. (#8136) * fix: convert native PHP floats to single precision (#8187) * Fixed PHP to support field numbers >=2**28. (#8235) * feat: add support for deprecated fields to PHP compiler (#8223) * Protect against stack overflow if the user derives from Message. (#8248) * Fixed clone for Message, RepeatedField, and MapField. (#8245) * Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258) Ruby: * Added support for Ruby 3. (#8184) * Rewrote the data storage layer to be based on upb_msg objects from the upb library. This should lead to much better parsing performance, particularly for large messages. (#8184). * Fill out JRuby support (#7923) * [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite recursion/run out of memory (#8195) * Fix jruby support to handle messages nested more than 1 level deep (#8194) Java: * Avoid possible UnsupportedOperationException when using CodedInputSteam with a direct ByteBuffer. * Make Durations.comparator() and Timestamps.comparator() Serializable. * Add more detailed error information for dynamic message field type validation failure * Removed declarations of functions declared in java_names.h from java_helpers.h. * Now Proto3 Oneof fields have 'has' methods for checking their presence in Java. * Annotates Java proto generated *_FIELD_NUMBER constants. * Add -assumevalues to remove JvmMemoryAccessor on Android. C#: * Fix parsing negative Int32Value that crosses segment boundary (#8035) * Change ByteString to use memory and support unsafe create without copy (#7645) * Optimize MapField serialization by removing MessageAdapter (#8143) * Allow FileDescriptors to be parsed with extension registries (#8220) * Optimize writing small strings (#8149) - Updated URL to https://github.com/protocolbuffers/protobuf Update to v3.14.0 Protocol Compiler: * The proto compiler no longer requires a .proto filename when it is not generating code. * Added flag `--deterministic_output` to `protoc --encode=...`. * Fixed deadlock when using google.protobuf.Any embedded in aggregate options. C++: * Arenas are now unconditionally enabled. cc_enable_arenas no longer has any effect. * Removed inlined string support, which is incompatible with arenas. * Fix a memory corruption bug in reflection when mixing optional and non-optional fields. * Make SpaceUsed() calculation more thorough for map fields. * Add stack overflow protection for text format with unknown field values. * FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds error was encountered. * Performance improvements for Map. * Minor formatting fix when dumping a descriptor to .proto format with DebugString. * UBSAN fix in RepeatedField * When running under ASAN, skip a test that makes huge allocations. * Fixed a crash that could happen when creating more than 256 extensions in a single message. * Fix a crash in BuildFile when passing in invalid descriptor proto. * Parser security fix when operating with CodedInputStream. * Warn against the use of AllowUnknownExtension. * Migrated to C++11 for-range loops instead of index-based loops where possible. This fixes a lot of warnings when compiling with -Wsign-compare. * Fix segment fault for proto3 optional * Adds a CMake option to build `libprotoc` separately Java * Bugfix in mergeFrom() when a oneof has multiple message fields. * Fix RopeByteString.RopeInputStream.read() returning -1 when told to read 0 bytes when not at EOF. * Redefine remove(Object) on primitive repeated field Lists to avoid autoboxing. * Support '\u' escapes in textformat string literals. * Trailing empty spaces are no longer ignored for FieldMask. * Fix FieldMaskUtil.subtract to recursively remove mask. * Mark enums with `@java.lang.Deprecated` if the proto enum has option `deprecated = true;`. * Adding forgotten duration.proto to the lite library Python: * Print google.protobuf.NullValue as null instead of 'NULL_VALUE' when it is used outside WKT Value/Struct. * Fix bug occurring when attempting to deep copy an enum type in python 3. * Add a setuptools extension for generating Python protobufs * Remove uses of pkg_resources in non-namespace packages * [bazel/py] Omit google/__init__.py from the Protobuf runtime * Removed the unnecessary setuptools package dependency for Python package * Fix PyUnknownFields memory leak PHP: * Added support for '==' to the PHP C extension * Added `==` operators for Map and Array * Native C well-known types * Optimized away hex2bin() call in generated code * New version of upb, and a new hash function wyhash in third_party * add missing hasOneof method to check presence of oneof fields Go: * Update go_package options to reference google.golang.org/protobuf module. C#: * annotate ByteString.CopyFrom(ReadOnlySpan) as SecuritySafeCritical * Fix C# optional field reflection when there are regular fields too * Fix parsing negative Int32Value that crosses segment boundary Javascript: * JS: parse (un)packed fields conditionally Update to version 3.13.0 PHP: * The C extension is completely rewritten. The new C extension has significantly better parsing performance and fixes a handful of conformance issues. It will also make it easier to add support for more features like proto2 and proto3 presence. * The new C extension does not support PHP 5.x. PHP 5.x users can still use pure-PHP. C++: * Removed deprecated unsafe arena string accessors * Enabled heterogeneous lookup for std::string keys in maps. * Removed implicit conversion from StringPiece to std::string * Fix use-after-destroy bug when the Map is allocated in the arena. * Improved the randomness of map ordering * Added stack overflow protection for text format with unknown fields * Use std::hash for proto maps to help with portability. * Added more Windows macros to proto whitelist. * Arena constructors for map entry messages are now marked 'explicit' (for regular messages they were already explicit). * Fix subtle aliasing bug in RepeatedField::Add * Fix mismatch between MapEntry ByteSize and Serialize with respect to unset fields. Python: * JSON format conformance fixes: * Reject lowercase t for Timestamp json format. * Print full_name directly for extensions (no camelCase). * Reject boolean values for integer fields. * Reject NaN, Infinity, -Infinity that is not quoted. * Base64 fixes for bytes fields: accept URL-safe base64 and missing padding. * Bugfix for fields/files named 'async' or 'await'. * Improved the error message when AttributeError is returned from __getattr__ in EnumTypeWrapper. Java: * Fixed a bug where setting optional proto3 enums with setFooValue() would not mark the value as present. * Add Subtract function to FieldMaskUtil. C#: * Dropped support for netstandard1.0 (replaced by support for netstandard1.1). This was required to modernize the parsing stack to use the `Span` type internally * Add `ParseFrom(ReadOnlySequence)` method to enable GC friendly parsing with reduced allocations and buffer copies * Add support for serialization directly to a `IBufferWriter` or to a `Span` to enable GC friendly serialization. The new API is available as extension methods on the `IMessage` type * Add `GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE` define to make generated code compatible with old C# compilers (pre-roslyn compilers from .NET framework and old versions of mono) that do not support ref structs. Users that are still on a legacy stack that does not support C# 7.2 compiler might need to use the new define in their projects to be able to build the newly generated code * Due to the major overhaul of parsing and serialization internals, it is recommended to regenerate your generated code to achieve the best performance (the legacy generated code will still work, but might incur a slight performance penalty). Update to version 3.12.3; notable changes since 3.11.4: Protocol Compiler: * [experimental] Singular, non-message typed fields in proto3 now support presence tracking. This is enabled by adding the 'optional' field label and passing the --experimental_allow_proto3_optional flag to protoc. * For usage info, see docs/field_presence.md. * During this experimental phase, code generators should update to support proto3 presence, see docs/implementing_proto3_presence.md for instructions. * Allow duplicate symbol names when multiple descriptor sets are passed on the command-line, to match the behavior when multiple .proto files are passed. * Deterministic `protoc --descriptor_set_out` (#7175) Objective-C: * Tweak the union used for Extensions to support old generated code. #7573 * Fix for the :protobuf_objc target in the Bazel BUILD file. (#7538) * [experimental] ObjC Proto3 optional support (#7421) * Block subclassing of generated classes (#7124) * Use references to Obj C classes instead of names in descriptors. (#7026) * Revisit how the WKTs are bundled with ObjC. (#7173) C++: * Simplified the template export macros to fix the build for mingw32. (#7539) * [experimental] Added proto3 presence support. * New descriptor APIs to support proto3 presence. * Enable Arenas by default on all .proto files. * Documented that users are not allowed to subclass Message or MessageLite. * Mark generated classes as final; inheriting from protos is strongly discouraged. * Add stack overflow protection for text format with unknown fields. * Add accessors for map key and value FieldDescriptors. * Add FieldMaskUtil::FromFieldNumbers(). * MessageDifferencer: use ParsePartial() on Any fields so the diff does not fail when there are missing required fields. * ReflectionOps::Merge(): lookup messages in the right factory, if it can. * Added Descriptor::WellKnownTypes enum and Descriptor::well_known_type() accessor as an easier way of determining if a message is a Well-Known Type. * Optimized RepeatedField::Add() when it is used in a loop. * Made proto move/swap more efficient. * De-virtualize the GetArena() method in MessageLite. * Improves performance of json_stream_parser.cc by factor 1000 (#7230) * bug: #7076 undefine Windows OUT and OPTIONAL macros (#7087) * Fixed a bug in FieldDescriptor::DebugString() that would erroneously print an 'optional' label for a field in a oneof. * Fix bug in parsing bool extensions that assumed they are always 1 byte. * Fix off-by-one error in FieldOptions::ByteSize() when extensions are present. * Clarified the comments to show an example of the difference between Descriptor::extension and DescriptorPool::FindAllExtensions. * Add a compiler option 'code_size' to force optimize_for=code_size on all protos where this is possible. Ruby: * Re-add binary gems for Ruby 2.3 and 2.4. These are EOL upstream, however many people still use them and dropping support will require more coordination. * [experimental] Implemented proto3 presence for Ruby. (#7406) * Stop building binary gems for ruby <2.5 (#7453) * Fix for wrappers with a zero value (#7195) * Fix for JSON serialization of 0/empty-valued wrapper types (#7198) * Call 'Class#new' over rb_class_new_instance in decoding (#7352) * Build extensions for Ruby 2.7 (#7027) * assigning 'nil' to submessage should clear the field. (#7397) Java: * [experimental] Added proto3 presence support. * Mark java enum _VALUE constants as @Deprecated if the enum field is deprecated * reduce size for enums with allow_alias set to true. * Sort map fields alphabetically by the field's key when printing textproto. * Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508). * TextFormat.merge() handles Any as top level type. * Throw a descriptive IllegalArgumentException when calling getValueDescriptor() on enum special value UNRECOGNIZED instead of ArrayIndexOutOfBoundsException. * Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts() would override the configuration passed into includingDefaultValueFields(). * Implement overrides of indexOf() and contains() on primitive lists returned for repeated fields to avoid autoboxing the list contents. * Add overload to FieldMaskUtil.fromStringList that accepts a descriptor. * [bazel] Move Java runtime/toolchains into //java (#7190) Python: * [experimental] Added proto3 presence support. * [experimental] fast import protobuf module, only works with cpp generated code linked in. * Truncate 'float' fields to 4 bytes of precision in setters for pure-Python implementation (C++ extension was already doing this). * Fixed a memory leak in C++ bindings. * Added a deprecation warning when code tries to create Descriptor objects directly. * Fix unintended comparison between bytes and string in descriptor.py. * Avoid printing excess digits for float fields in TextFormat. * Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code. * Drop 3.3, 3.4 and use single version docker images for all python tests (#7396) JavaScript: * Fix js message pivot selection (#6813) PHP: * Persistent Descriptor Pool (#6899) * Implement lazy loading of php class for proto messages (#6911) * Correct @return in Any.unpack docblock (#7089) * Ignore unknown enum value when ignore_unknown specified (#7455) C#: * [experimental] Add support for proto3 presence fields in C# (#7382) * Mark GetOption API as obsolete and expose the 'GetOptions()' method on descriptors instead (#7491) * Remove Has/Clear members for C# message fields in proto2 (#7429) * Enforce recursion depth checking for unknown fields (#7132) * Fix conformance test failures for Google.Protobuf (#6910) * Cleanup various bits of Google.Protobuf (#6674) * Fix latest ArgumentException for C# extensions (#6938) * Remove unnecessary branch from ReadTag (#7289) Other: * Add a proto_lang_toolchain for javalite (#6882) * [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237) * Add application note for explicit presence tracking. (#7390) * Howto doc for implementing proto3 presence in a code generator. (#7407) Update to version 3.11.4; notable changes since 3.9.2: * C++: Make serialization method naming consistent * C++: Moved ShutdownProtobufLibrary() to message_lite.h. For backward compatibility a declaration is still available in stubs/common.h, but users should prefer message_lite.h * C++: Removed non-namespace macro EXPECT_OK() * C++: Removed mathlimits.h from stubs in favor of using std::numeric_limits from C++11 * C++: Support direct pickling of nested messages * C++: Disable extension code gen for C# * C++: Switch the proto parser to the faster MOMI parser * C++: Unused imports of files defining descriptor extensions will now be reported * C++: Add proto2::util::RemoveSubranges to remove multiple subranges in linear time * C++: Support 32 bit values for ProtoStreamObjectWriter to Struct * C++: Removed the internal-only header coded_stream_inl.h and the internal-only methods defined there * C++: Enforced no SWIG wrapping of descriptor_database.h (other headers already had this restriction) * C++: Implementation of the equivalent of the MOMI parser for serialization. This removes one of the two serialization routines, by making the fast array serialization routine completely general. SerializeToCodedStream can now be implemented in terms of the much much faster array serialization. The array serialization regresses slightly, but when array serialization is not possible this wins big * C++: Add move constructor for Reflection's SetString * Java: Remove the usage of MethodHandle, so that Android users prior to API version 26 can use protobuf-java * Java: Publish ProGuard config for javalite * Java: Include unknown fields when merging proto3 messages in Java lite builders * Java: Have oneof enums implement a separate interface (other than EnumLite) for clarity * Java: Opensource Android Memory Accessors * Java: Change ProtobufArrayList to use Object[] instead of ArrayList for 5-10% faster parsing * Java: Make a copy of JsonFormat.TypeRegistry at the protobuf top level package. This will eventually replace JsonFormat.TypeRegistry * Java: Add Automatic-Module-Name entries to the Manifest * Python: Add float_precision option in json format printer * Python: Optionally print bytes fields as messages in unknown fields, if possible * Python: Experimental code gen (fast import protobuf module) which only work with cpp generated code linked in * Python: Add descriptor methods in descriptor_pool are deprecated * Python: Added delitem for Python extension dict * JavaScript: Remove guard for Symbol iterator for jspb.Map * JavaScript: Remove deprecated boolean option to getResultBase64String() * JavaScript: Change the parameter types of binaryReaderFn in ExtensionFieldBinaryInfo to (number, ?, ?) * JavaScript: Create dates.ts and time_of_days.ts to mirror Java versions. This is a near-identical conversion of c.g.type.util.{Dates,TimeOfDays} respectively * JavaScript: Migrate moneys to TypeScript * PHP: Increase php7.4 compatibility * PHP: Implement lazy loading of php class for proto messages * Ruby: Support hashes for struct initializers * C#: Experimental proto2 support is now officially available * C#: Change _Extensions property to normal body rather than expression * Objective C: Remove OSReadLittle* due to alignment requirements * Other: Override CocoaPods module to lowercase * further bugfixes and optimisations - Install LICENSE - Drop protobuf-libs as it is just workaround for rpmlint issue * python bindings now require recent python-google-apputils * Released memory allocated by InitializeDefaultRepeatedFields() and GetEmptyString(). Some memory sanitizers reported them * Updated DynamicMessage.setField() to handle repeated enum * Fixed a bug that caused NullPointerException to be thrown when converting manually constructed FileDescriptorProto to * Added oneofs(unions) feature. Fields in the same oneof will * Files, services, enums, messages, methods and enum values * Added Support for list values, including lists of mesaages, * Added SwapFields() in reflection API to swap a subset of * Repeated primitive extensions are now packable. The it is possible to switch a repeated extension field to * writeTo() method in ByteString can now write a substring to * java_generate_equals_and_hash can now be used with the * A new C++-backed extension module (aka 'cpp api v2') that replaces the old ('cpp api v1') one. Much faster than the pure Python code. This one resolves many bugs and is mosh reqires it python-abseil was udpated: version update to 1.4.0 New: (testing) Added @flagsaver.as_parsed: this allows saving/restoring flags using string values as if parsed from the command line and will also reflect other flag states after command line parsing, e.g. .present is set. Changed: (logging) If no log dir is specified logging.find_log_dir() now falls back to tempfile.gettempdir() instead of /tmp/. Fixed: (flags) Additional kwargs (e.g. short_name=) to DEFINE_multi_enum_class are now correctly passed to the underlying Flag object. version update to 1.2.0 * Fixed a crash in Python 3.11 when `TempFileCleanup.SUCCESS` is used. * `Flag` instances now raise an error if used in a bool context. This prevents the occasional mistake of testing an instance for truthiness rather than testing `flag.value`. * `absl-py` no longer depends on `six`. Update to version 1.0.0 * absl-py no longer supports Python 2.7, 3.4, 3.5. All versions have reached end-of-life for more than a year now. * New releases will be tagged as vX.Y.Z instead of pypi-vX.Y.Z in the git repo going forward. - Release notes for 0.15.0 * (testing) #128: When running bazel with its --test_filter= flag, it now treats the filters as unittest's -k flag in Python 3.7+. - Release notes for 0.14.1 * Top-level LICENSE file is now exported in bazel. - Release notes for 0.14.0 * #171: Creating argparse_flags.ArgumentParser with argument_default= no longer raises an exception when other absl.flags flags are defined. * #173: absltest now correctly sets up test filtering and fail fast flags when an explicit argv= parameter is passed to absltest.main. - Release notes for 0.13.0 * (app) Type annotations for public app interfaces. * (testing) Added new decorator @absltest.skipThisClass to indicate a class contains shared functionality to be used as a base class for other TestCases, and therefore should be skipped. * (app) Annotated the flag_parser paramteter of run as keyword-only. This keyword-only constraint will be enforced at runtime in a future release. * (app, flags) Flag validations now include all errors from disjoint flag sets, instead of fail fast upon first error from all validators. Multiple validators on the same flag still fails fast. - Release notes for 0.12.0 * (flags) Made EnumClassSerializer and EnumClassListSerializer public. * (flags) Added a required: Optional[bool] = False parameter to DEFINE_* functions. * (testing) flagsaver overrides can now be specified in terms of FlagHolder. * (testing) parameterized.product: Allows testing a method over cartesian product of parameters values, specified as a sequences of values for each parameter or as kwargs-like dicts of parameter values. * (testing) Added public flag holders for --test_srcdir and --test_tmpdir. Users should use absltest.TEST_SRCDIR.value and absltest.TEST_TMPDIR.value instead of FLAGS.test_srcdir and FLAGS.test_tmpdir. * (flags) Made CsvListSerializer respect its delimiter argument. - Add Provides python-absl-py python-grpcuio was updated: - Update to version 1.60.0: * No python specfic changes. - Update to version 1.59.2: * No python specific changes. - Update to version 1.59.0: * [Python 3.12] Support Python 3.12 (gh#grpc/grpc#34398). * [Python 3.12] Deprecate distutil (gh#grpc/grpc#34186). - Update to version 1.58.0: * [Bazel] Enable grpcio-reflection to be used via Bazel (gh#grpc/grpc#31013). * [packaging] Publish xds-protos as part of the standard package pipeline (gh#grpc/grpc#33797). - Update to version 1.57.0: (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * [posix] Enable systemd sockets for libsystemd>=233 (gh#grpc/grpc#32671). * [python O11Y] Initial Implementation (gh#grpc/grpc#32974). - Build with LTO (don't set _lto_cflags to %nil). - No need to pass '-std=c++17' to build CFLAGS. - Update to version 1.56.2: * [WRR] backport (gh#grpc/grpc#33694) to 1.56 (gh#grpc/grpc#33698) * [backport][iomgr][EventEngine] Improve server handling of file descriptor exhaustion (gh#grpc/grpc#33667) - Switch build to pip/wheel. - Use system abseil with '-std=c++17' to prevent undefined symbol eg. with python-grpcio-tools (_ZN3re23RE213GlobalReplaceEPNSt7__ cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKS0_N4absl12lts_ 2023012511string_viewE) - Upstream only supports python >= 3.7, so adjust BuildRequires accordingly. - Add %{?sle15_python_module_pythons} - Update to version 1.56.0: (CVE-2023-32731, bsc#1212180) * [aio types] Fix some grpc.aio python types (gh#grpc/grpc#32475). - Update to version 1.55.0: * [EventEngine] Disable EventEngine polling in gRPC Python (gh#grpc/grpc#33279) (gh#grpc/grpc#33320). * [Bazel Python3.11] Update Bazel dependencies for Python 3.11 (gh#grpc/grpc#33318) (gh#grpc/grpc#33319). - Drop Requires: python-six; not required any more. - Switch Suggests to Recommends. - Update to version 1.54.0: (CVE-2023-32732, bsc#1212182) * Fix DeprecationWarning when calling asyncio.get_event_loop() (gh#grpc/grpc#32533). * Remove references to deprecated syntax field (gh#grpc/grpc#32497). - Update to version 1.51.1: * No Linux specific changes. - Changes from version 1.51.0: * Fix lack of cooldown between poll attempts (gh#grpc/grpc#31550). * Remove enum and future (gh#grpc/grpc#31381). * [Remove Six] Remove dependency on six (gh#grpc/grpc#31340). * Update xds-protos package to pull in protobuf 4.X (gh#grpc/grpc#31113). - Update to version 1.50.0: * Support Python 3.11. [gh#grpc/grpc#30818]. - Update to version 1.49.1 * Support Python 3.11. (#30818) * Add type stub generation support to grpcio-tools. (#30498) - Update to version 1.48.0: * [Aio] Ensure Core channel closes when deallocated [gh#grpc/grpc#29797]. * [Aio] Fix the wait_for_termination return value [gh#grpc/grpc#29795]. - update to 1.46.3: * backport: xds: use federation env var to guard new-style resource name parsing * This release contains refinements, improvements, and bug fixes. - Update to version 1.46.0: * Add Python GCF Distribtest [gh#grpc/grpc#29303]. * Add Python Reflection Client [gh#grpc/grpc#29085]. * Revert 'Fix prefork handler register's default behavior' [gh#grpc/grpc#29229]. * Fix prefork handler register's default behavior [gh#grpc/grpc#29103]. * Fix fetching CXX variable in setup.py [gh#grpc/grpc#28873]. - Update to version 1.45.0: * Reimplement Gevent Integration [gh#grpc/grpc#28276]. * Support musllinux binary wheels on x64 and x86 [gh#grpc/grpc#28092]. * Increase the Python protobuf requirement to >=3.12.0 [gh#grpc/grpc#28604]. - Build with system re2; add BuildRequires: pkgconfig(re2). - Update to version 1.44.0: * Add python async example for hellostreamingworld using generator (gh#grpc/grpc#27343). * Disable __wrap_memcpy hack for Python builds (gh#grpc/grpc#28410). * Bump Bazel Python Cython dependency to 0.29.26 (gh#grpc/grpc#28398). * Fix libatomic linking on Raspberry Pi OS Bullseye (gh#grpc/grpc#28041). * Allow generated proto sources in remote repositories for py_proto_library (gh#grpc/grpc#28103). - Update to version 1.43.0: * [Aio] Validate the input type for set_trailing_metadata and abort (gh#grpc/grpc#27958). - update to 1.41.1: * This is release 1.41.0 (goat) of gRPC Core. - Update to version 1.41.0: * Add Python 3.10 support and drop 3.5 (gh#grpc/grpc#26074). * [Aio] Remove custom IO manager support (gh#grpc/grpc#27090). - Update to version 1.39.0: * Python AIO: Match continuation typing on Interceptors (gh#grpc/grpc#26500). * Workaround #26279 by publishing manylinux_2_24 wheels instead of manylinux2014 on aarch64 (gh#grpc/grpc#26430). * Fix zlib unistd.h import problem (gh#grpc/grpc#26374). * Handle gevent exception in gevent poller (gh#grpc/grpc#26058). - Update to version 1.38.1: * Backport gh#grpc/grpc#26430 and gh#grpc/grpc#26435 to v1.38.x (gh#grpc/grpc#26436). - Update to version 1.38.0: * Add grpcio-admin Python package (gh#grpc/grpc#26166). * Add CSDS API to Python (gh#grpc/grpc#26114). * Expose code and details from context on the server side (gh#grpc/grpc#25457). * Explicitly import importlib.abc; required on Python 3.10. Fixes #26062 (gh#grpc/grpc#26083). * Fix potential deadlock on the GIL in AuthMetdataPlugin (gh#grpc/grpc#26009). * Introduce new Python package 'xds_protos' (gh#grpc/grpc#25975). * Remove async mark for set_trailing_metadata interface (gh#grpc/grpc#25814). - Update to version 1.37.1: * No user visible changes. - Changes from version 1.37.0: * Clarify Guarantees about grpc.Future Interface (gh#grpc/grpc#25383). * [Aio] Add time_remaining method to ServicerContext (gh#grpc/grpc#25719). * Standardize all environment variable boolean configuration in python's setup.py (gh#grpc/grpc#25444). * Fix Signal Safety Issue (gh#grpc/grpc#25394). - Update to version 1.36.1: * Core: back-port: add env var protection for google-c2p resolver (gh#grpc/grpc#25569). - Update to version 1.35.0: * Implement Python Client and Server xDS Creds. (gh#grpc/grpc#25365) * Add %define _lto_cflags %{nil} (bsc#1182659) (rh#1893533) * Link roots.pem to ca-bundle.pem from ca-certificates package - Update to version 1.34.1: * Backport 'Lazily import grpc_tools when using runtime stub/message generation' to 1.34.x (gh#grpc/grpc#25011). - Update to version 1.34.0: * Incur setuptools as an dependency for grpcio_tools (gh#grpc/grpc#24752). * Stop the spamming log generated by ctrl-c for AsyncIO server (gh#grpc/grpc#24718). * [gRPC Easy] Make Well-Known Types Available to Runtime Protos (gh#grpc/grpc#24478). * Bump MACOSX_DEPLOYMENT_TARGET to 10.10 for Python (gh#grpc/grpc#24480). * Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24407). * [Linux] [macOS] Support pre-compiled Python 3.9 wheels (gh#grpc/grpc#24356). - Update to version 1.33.2: * [Backport] Implement grpc.Future interface in SingleThreadedRendezvous (gh#grpc/grpc#24574). - Update to version 1.33.1: * [Backport] Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24452). * Allow asyncio API to be imported as grpc.aio. (gh#grpc/grpc#24289). * [gRPC Easy] Fix import errors on Windows (gh#grpc/grpc#24124). * Make version check for importlib.abc in grpcio-tools more stringent (gh#grpc/grpc#24098). Added re2 package in version 2024-02-01. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1127-1 Released: Mon Apr 8 07:07:09 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1220996,1221194,1221358 This update for wicked fixes the following issues: - Fix fallback-lease drop in addrconf (bsc#1220996) - Use upstream `nvme nbft show` (bsc#1221358) - Hide secrets in debug log (bsc#1221194) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1136-1 Released: Mon Apr 8 11:30:15 2024 Summary: Security update for c-ares Type: security Severity: moderate References: 1220279,CVE-2024-25629 This update for c-ares fixes the following issues: - CVE-2024-25629: Fixed out of bounds read in ares__read_line() (bsc#1220279). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1172-1 Released: Tue Apr 9 09:52:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1176-1 Released: Tue Apr 9 10:43:33 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to 0.380 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1192-1 Released: Wed Apr 10 09:14:37 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1201-1 Released: Thu Apr 11 10:47:58 2024 Summary: Recommended update for xfsprogs-scrub and jctools Type: recommended Severity: low References: 1190495,1213418 This update for xfsprogs-scrub fixes the following issues: - Added missing xfsprogs-scrub to Package Hub for SLE-15-SP5 (bsc#1190495) - Added missing jctools to Package Hub for SLE-15-SP5 (bsc#1213418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1206-1 Released: Thu Apr 11 12:56:24 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1222259 This update for rpm fixes the following issues: - remove imaevmsign plugin from rpm-ndb [bsc#1222259] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1271-1 Released: Fri Apr 12 15:35:55 2024 Summary: Security update for gnutls Type: security Severity: moderate References: 1221242,1221746,1221747,CVE-2024-28834,CVE-2024-28835 This update for gnutls fixes the following issues: - CVE-2024-28834: Fixed side-channel in the deterministic ECDSA (bsc#1221746) - CVE-2024-28835: Fixed denial of service during certificate chain verification (bsc#1221747) Other fixes: - jitterentropy: Release the memory of the entropy collector when using jitterentropy with phtreads as there is also a pre-intitization done in the main thread (bsc#1221242) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1287-1 Released: Mon Apr 15 15:03:40 2024 Summary: Security update for vim Type: security Severity: important References: 1215005,1217316,1217320,1217321,1217324,1217326,1217329,1217330,1217432,1219581,CVE-2023-4750,CVE-2023-48231,CVE-2023-48232,CVE-2023-48233,CVE-2023-48234,CVE-2023-48235,CVE-2023-48236,CVE-2023-48237,CVE-2023-48706,CVE-2024-22667 This update for vim fixes the following issues: Updated to version 9.1.0111, fixes the following security problems - CVE-2023-48231: Use-After-Free in win_close() (bsc#1217316). - CVE-2023-48232: Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320). - CVE-2023-48233: overflow with count for :s command (bsc#1217321). - CVE-2023-48234: overflow in nv_z_get_count (bsc#1217324). - CVE-2023-48235: overflow in ex address parsing (CVE-2023-48235). - CVE-2023-48236: overflow in get_number (bsc#1217329). - CVE-2023-48237: overflow in shift_line (bsc#1217330). - CVE-2023-48706: heap-use-after-free in ex_substitute (bsc#1217432). - CVE-2024-22667: stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581). - CVE-2023-4750: Heap use-after-free in function bt_quickfix (bsc#1215005). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1295-1 Released: Mon Apr 15 18:37:21 2024 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1221984,1222302,1222453,CVE-2023-46842,CVE-2024-2201,CVE-2024-31142 This update for xen fixes the following issues: - CVE-2023-46842: Fixed denial of service due to Xen bug check triggered by HVM hypercalls (XSA-454) in xen x86 (bsc#1221984) - CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455) in xen x86 (bsc#1222302) - CVE-2024-2201: Fixed memory disclosure via Native Branch History Injection (XSA-456) in xen x86 (bsc#1222453) Other fixes: - Update to Xen 4.17.4 (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1331-1 Released: Wed Apr 17 19:39:59 2024 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1221866 This update for grub2 fixes the following issues: - Fix LPAR falls into grub shell after installation with lvm (bsc#1221866) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1333-1 Released: Thu Apr 18 13:30:04 2024 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1218431,1219937 This update for samba fixes the following issues: - fd_handle_destructor() panics within an smbd_smb2_close() if vfs_stat_fsp() fails in fd_close() (bsc#1219937). - Remove -x from bash shebang update-apparmor-samba-profile; (bsc#1218431). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1336-1 Released: Thu Apr 18 14:44:43 2024 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1222105 This update for wicked fixes the following issues: - Do not convert sec to msec twice (bsc#1222105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1344-1 Released: Thu Apr 18 18:50:37 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1175678,1218171,1221525,1222086 This update for libzypp, zypper fixes the following issues: - Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398) - Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086) - TmpFile: Don't call chmod if makeSibling failed - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add default stripe minimum - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config - version 17.32.0 - ProblemSolution::skipsPatchesOnly overload to handout the patches - Show active dry-run/download-only at the commit propmpt - Add --skip-not-applicable-patches option - Fix printing detailed solver problem description - Fix bash-completion to work with right adjusted numbers in the 1st column too - Set libzypp shutdown request signal on Ctrl+C - In the detailed view show all baseurls not just the first one (bsc#1218171) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1352-1 Released: Fri Apr 19 15:28:38 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1220132,1221132,1221726,1222113 This update for cloud-init contains the following fixes: - Add cloud-init-no-nmcfg-needed.patch (bsc#1221726) + Do not require a NetworkManager config file in order to detect NetworkManager as the renderer - Add cloud-init-no-openstack-guess.patch (bsc#1222113) + Do not guess if we are running on OpenStack or not. Only recognize the known markers and enable cloud-init if we know for sure. - Do not guess a data source when checking for a CloudStack environment. (bsc#1221132) - Hardcode distribution to suse for proper cloud.cfg generation (bsc#1220132). - Prepare for RPM 4.20 switch patch syntax ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1366-1 Released: Mon Apr 22 11:04:32 2024 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1216474,1218871,1221123,1222831 This update for openssh fixes the following issues: - Fix hostbased ssh login failing occasionally with 'signature unverified: incorrect signature' by fixing a typo in patch (bsc#1221123) - Avoid closing IBM Z crypto devices nodes. (bsc#1218871) - Allow usage of IBM Z crypto adapter cards in seccomp filters (bsc#1216474) - Change the default value of UpdateHostKeys to Yes (unless VerifyHostKeyDNS is enabled). This makes ssh update the known_hosts stored keys with all published versions by the server (after it's authenticated with an existing key), which will allow to identify the server with a different key if the existing key is considered insecure at some point in the future (bsc#1222831). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1368-1 Released: Mon Apr 22 11:06:29 2024 Summary: Security update for shim Type: security Severity: important References: 1198101,1205588,1205855,1210382,1213945,1215098,1215099,1215100,1215101,1215102,1215103,1219460,CVE-2022-28737,CVE-2023-40546,CVE-2023-40547,CVE-2023-40548,CVE-2023-40549,CVE-2023-40550,CVE-2023-40551 This update for shim fixes the following issues: - Update shim-install to set the TPM2 SRK algorithm (bsc#1213945) - Limit the requirement of fde-tpm-helper-macros to the distro with suse_version 1600 and above (bsc#1219460) Update to version 15.8: Security issues fixed: - mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546) - avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547) - Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548) - Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549) - pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550) - pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551) The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now. - Generate dbx during build so we don't include binary files in sources - Don't require grub so shim can still be used with systemd-boot - Update shim-install to fix boot failure of ext4 root file system on RAID10 (bsc#1205855) - Adopt the macros from fde-tpm-helper-macros to update the signature in the sealed key after a bootloader upgrade - Update shim-install to amend full disk encryption support - Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector - Use the long name to specify the grub2 key protector - cryptodisk: support TPM authorized policies - Do not use tpm_record_pcrs unless the command is in command.lst - Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to enable the NX compatibility flag when using post-process-pe after discussed with grub2 experts in mail. It's useful for further development and testing. (bsc#1205588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1398-1 Released: Tue Apr 23 13:58:22 2024 Summary: Recommended update for systemd-default-settings Type: recommended Severity: moderate References: This update for systemd-default-settings fixes the following issues: - Disable pids controller limit under user instances (jsc#SLE-10123) - Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific 'feature' has been abandoned. - User priority '26' for SLE-Micro - Convert more drop-ins into early ones ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1439-1 Released: Thu Apr 25 23:41:12 2024 Summary: Security update for python-idna Type: security Severity: moderate References: 1222842,CVE-2024-3651 This update for python-idna fixes the following issues: - CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1458-1 Released: Mon Apr 29 07:47:34 2024 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1220763 This update for vim fixes the following issues: - Fix segmentation fault after updating to version 9.1.0111-150500.20.9.1 (bsc#1220763) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1471-1 Released: Tue Apr 30 05:56:22 2024 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1223094 This update for libzypp fixes the following issues: - Don't try to refresh volatile media as long as raw metadata are present (bsc#1223094) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1480-1 Released: Tue Apr 30 16:01:59 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194869,1200465,1205316,1207948,1209635,1209657,1212514,1213456,1214852,1215221,1215322,1217339,1217829,1217959,1217987,1217988,1217989,1218321,1218336,1218479,1218562,1218643,1218777,1219169,1219170,1219264,1219443,1219834,1220114,1220176,1220237,1220251,1220320,1220325,1220328,1220337,1220340,1220365,1220366,1220393,1220398,1220411,1220413,1220433,1220439,1220443,1220445,1220466,1220469,1220478,1220482,1220484,1220486,1220487,1220492,1220703,1220735,1220736,1220775,1220790,1220797,1220831,1220833,1220836,1220839,1220840,1220843,1220845,1220848,1220870,1220871,1220872,1220878,1220879,1220883,1220885,1220887,1220898,1220917,1220918,1220920,1220921,1220926,1220927,1220929,1220930,1220931,1220932,1220933,1220937,1220938,1220940,1220954,1220955,1220959,1220960,1220961,1220965,1220969,1220978,1220979,1220981,1220982,1220983,1220985,1220986,1220987,1220989,1220990,1221009,1221012,1221015,1221022,1221039,1221040,1221044,1221045,1221046,1221048,1221055,1221056,1221058,1221060,1 221061,1221062,1221066,1221067,1221068,1221069,1221070,1221071,1221077,1221082,1221090,1221097,1221156,1221252,1221273,1221274,1221276,1221277,1221291,1221293,1221298,1221337,1221338,1221375,1221379,1221551,1221553,1221613,1221614,1221616,1221618,1221631,1221633,1221713,1221725,1221777,1221814,1221816,1221830,1221951,1222033,1222056,1222060,1222070,1222073,1222117,1222274,1222291,1222300,1222304,1222317,1222331,1222355,1222356,1222360,1222366,1222373,1222619,1222952,CVE-2021-46925,CVE-2021-46926,CVE-2021-46927,CVE-2021-46929,CVE-2021-46930,CVE-2021-46931,CVE-2021-46933,CVE-2021-46934,CVE-2021-46936,CVE-2021-47082,CVE-2021-47083,CVE-2021-47087,CVE-2021-47091,CVE-2021-47093,CVE-2021-47094,CVE-2021-47095,CVE-2021-47096,CVE-2021-47097,CVE-2021-47098,CVE-2021-47099,CVE-2021-47100,CVE-2021-47101,CVE-2021-47102,CVE-2021-47104,CVE-2021-47105,CVE-2021-47107,CVE-2021-47108,CVE-2022-4744,CVE-2022-48626,CVE-2022-48627,CVE-2022-48628,CVE-2022-48629,CVE-2022-48630,CVE-2023-0160,CVE-2023-28746,CVE -2023-35827,CVE-2023-4881,CVE-2023-52447,CVE-2023-52450,CVE-2023-52453,CVE-2023-52454,CVE-2023-52462,CVE-2023-52463,CVE-2023-52467,CVE-2023-52469,CVE-2023-52470,CVE-2023-52474,CVE-2023-52476,CVE-2023-52477,CVE-2023-52481,CVE-2023-52482,CVE-2023-52484,CVE-2023-52486,CVE-2023-52492,CVE-2023-52493,CVE-2023-52494,CVE-2023-52497,CVE-2023-52500,CVE-2023-52501,CVE-2023-52502,CVE-2023-52504,CVE-2023-52507,CVE-2023-52508,CVE-2023-52509,CVE-2023-52510,CVE-2023-52511,CVE-2023-52513,CVE-2023-52515,CVE-2023-52517,CVE-2023-52518,CVE-2023-52519,CVE-2023-52520,CVE-2023-52523,CVE-2023-52524,CVE-2023-52525,CVE-2023-52528,CVE-2023-52529,CVE-2023-52530,CVE-2023-52531,CVE-2023-52532,CVE-2023-52559,CVE-2023-52563,CVE-2023-52564,CVE-2023-52566,CVE-2023-52567,CVE-2023-52569,CVE-2023-52574,CVE-2023-52575,CVE-2023-52576,CVE-2023-52582,CVE-2023-52583,CVE-2023-52587,CVE-2023-52591,CVE-2023-52594,CVE-2023-52595,CVE-2023-52597,CVE-2023-52598,CVE-2023-52599,CVE-2023-52600,CVE-2023-52601,CVE-2023-52602,CVE-2023-52 603,CVE-2023-52604,CVE-2023-52605,CVE-2023-52606,CVE-2023-52607,CVE-2023-52608,CVE-2023-52612,CVE-2023-52615,CVE-2023-52617,CVE-2023-52619,CVE-2023-52621,CVE-2023-52623,CVE-2023-52628,CVE-2023-52632,CVE-2023-52637,CVE-2023-52639,CVE-2023-6270,CVE-2023-6356,CVE-2023-6535,CVE-2023-6536,CVE-2023-7042,CVE-2023-7192,CVE-2024-0841,CVE-2024-2201,CVE-2024-22099,CVE-2024-23307,CVE-2024-25739,CVE-2024-25742,CVE-2024-25743,CVE-2024-26599,CVE-2024-26600,CVE-2024-26602,CVE-2024-26607,CVE-2024-26612,CVE-2024-26614,CVE-2024-26620,CVE-2024-26627,CVE-2024-26629,CVE-2024-26642,CVE-2024-26645,CVE-2024-26646,CVE-2024-26651,CVE-2024-26654,CVE-2024-26659,CVE-2024-26664,CVE-2024-26667,CVE-2024-26670,CVE-2024-26695,CVE-2024-26717 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466). - CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478). - CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443). - CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482). - CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484). - CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486). - CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487). - CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469). - CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439). - CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969). - CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917). - CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954). - CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959). - CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978). - CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551). - CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979). - CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981). - CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982). - CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983). - CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955). - CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985). - CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987). - CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009). - CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960). - CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961). - CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965). - CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366). - CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845). - CVE-2022-48628: Fixed possible lock in ceph (bsc#1220848). - CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989). - CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990). - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657). - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251). - CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237). - CVE-2023-52453: Fixed data corruption in hisi_acc_vfio_pci (bsc#1220337). - CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320). - CVE-2023-52462: Fixed check for attempt to corrupt spilled pointer (bsc#1220325). - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). - CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433). - CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411). - CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413). - CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445). - CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703). - CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790). - CVE-2023-52481: Fixed speculative unprivileged load in Cortex-A520 (bsc#1220887). - CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735). - CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797). - CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277). - CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276). - CVE-2023-52493: Fixed possible soft lockup in bus/mhi/host (bsc#1221274). - CVE-2023-52494: Fixed missing alignment check for event ring read pointer in bus/mhi/host (bsc#1221273). - CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879). - CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883). - CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885). - CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831). - CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553). - CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833). - CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015). - CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836). - CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898). - CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012). - CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022). - CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048). - CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055). - CVE-2023-52518: Fixed information leak in bluetooth/hci_codec (bsc#1221056). - CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920). - CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921). - CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926). - CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927). - CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840). - CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843). - CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929). - CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930). - CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931). - CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932). - CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933). - CVE-2023-52563: Fixed memory leak on ->hpd_notify callback() in drm/meson (bsc#1220937). - CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938). - CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940). - CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839). - CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918). - CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870). - CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871). - CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872). - CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878). - CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058). - CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082). - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044). - CVE-2023-52594: Fixed potential array-index-out-of-bounds read in ath9k_htc_txstatus() (bsc#1221045). - CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046). - CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040). - CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace (bsc#1221060). - CVE-2023-52599: Fixed array-index-out-of-bounds in diNewExt() in jfs (bsc#1221062). - CVE-2023-52600: Fixed uaf in jfs_evict_inode() (bsc#1221071). - CVE-2023-52601: Fixed array-index-out-of-bounds in dbAdjTree() in jfs (bsc#1221068). - CVE-2023-52602: Fixed slab-out-of-bounds Read in dtSearch() in jfs (bsc#1221070). - CVE-2023-52603: Fixed array-index-out-of-bounds in dtSplitRoot() (bsc#1221066). - CVE-2023-52604: Fixed array-index-out-of-bounds in dbAdjTree() (bsc#1221067). - CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039) - CVE-2023-52606: Fixed possible kernel stack corruption in powerpc/lib (bsc#1221069). - CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061). - CVE-2023-52608: Fixed possible race condition in firmware/arm_scmi (bsc#1221375). - CVE-2023-52612: Fixed req->dst buffer overflow in crypto/scomp (bsc#1221616). - CVE-2023-52615: Fixed page fault dead lock on mmap-ed hwrng (bsc#1221614). - CVE-2023-52617: Fixed stdev_release() crash after surprise hot remove (bsc#1221613). - CVE-2023-52619: Fixed possible crash when setting number of cpus to an odd number in pstore/ram (bsc#1221618). - CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073). - CVE-2023-52623: Fixed suspicious RCU usage in SUNRPC (bsc#1222060). - CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117). - CVE-2023-52632: Fixed lock dependency warning with srcu in drm/amdkfd (bsc#1222274). - CVE-2023-52637: Fixed UAF in j1939_sk_match_filter() in can/k1939 (bsc#1222291). - CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie Fixed (bsc#1222300). - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336). - CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479). - CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264). - CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339). - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169). - CVE-2024-25739: Fixed possible crash in create_empty_lvol() in drivers/mtd/ubi/vtbl.c (bsc#1219834). - CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725). - CVE-2024-25743: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725). - CVE-2024-26599: Fixed out-of-bounds access in of_pwm_single_xlate() (bsc#1220365). - CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340). - CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). - CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736). - CVE-2024-26612: Fixed Oops in fscache_put_cache() This function dereferences (bsc#1221291). - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293). - CVE-2024-26620: Fixed possible device model violation in s390/vfio-ap (bsc#1221298). - CVE-2024-26627: Fixed possible hard lockup in scsi (bsc#1221090). - CVE-2024-26629: Fixed possible protocol violation via RELEASE_LOCKOWNER in nfsd (bsc#1221379). - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830). - CVE-2024-26645: Fixed missing visibility when inserting an element into tracing_map (bsc#1222056). - CVE-2024-26646: Fixed potential memory corruption when resuming from suspend or hibernation in thermal/intel/hfi (bsc#1222070). - CVE-2024-26651: Fixed possible oops via malicious devices in sr9800 (bsc#1221337). - CVE-2024-26654: Fixed use after free in ALSA/sh/aica (bsc#1222304). - CVE-2024-26659: Fixed wrong handling of isoc Babble and Buffer Overrun events in xhci (bsc#1222317). - CVE-2024-26664: Fixed out-of-bounds memory access in create_core_data() in hwmon coretemp (bsc#1222355). - CVE-2024-26667: Fixed null pointer reference in dpu_encoder_helper_phys_cleanup in drm/msm/dpu (bsc#1222331). - CVE-2024-26670: Fixed ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround in kernel arm64 (bsc#1222356). - CVE-2024-26695: Fixed null pointer dereference in __sev_platform_shutdown_locked in crypto ccp (bsc#1222373). - CVE-2024-26717: Fixed null pointer dereference on failed power up in HID i2c-hid-of (bsc#1222360). The following non-security bugs were fixed: - acpi: CPPC: enable AMD CPPC V2 support for family 17h processors (git-fixes). - acpi: processor_idle: Fix memory leak in acpi_processor_power_exit() (git-fixes). - acpi: resource: Add Infinity laptops to irq1_edge_low_force_override (stable-fixes). - acpi: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override (git-fixes). - acpi: resource: Do IRQ override on Lunnen Ground laptops (stable-fixes). - acpi: scan: Fix device check notification handling (git-fixes). - acpica: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() (git-fixes). - alsa: aaci: Delete unused variable in aaci_do_suspend (git-fixes). - alsa: aoa: avoid false-positive format truncation warning (git-fixes). - alsa: aw2: avoid casting function pointers (git-fixes). - alsa: ctxfi: avoid casting function pointers (git-fixes). - alsa: hda/realtek - ALC285 reduce pop noise from Headphone port (stable-fixes). - alsa: hda/realtek - Add Headset Mic supported Acer NB platform (stable-fixes). - alsa: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform (git-fixes). - alsa: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) (git-fixes). - alsa: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone (git-fixes). - alsa: hda/realtek: fix ALC285 issues on HP Envy x360 laptops (stable-fixes). - alsa: hda/realtek: fix mute/micmute LED For HP mt440 (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs for HP EliteBook (stable-fixes). - alsa: seq: fix function cast warnings (git-fixes). - alsa: sh: aica: reorder cleanup operations to avoid UAF bugs (git-fixes). - alsa: usb-audio: Stop parsing channels bits when all channels are found (git-fixes). - arm64: dts: allwinner: h6: add rx dma channel for spdif (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (git-fixes) - arm64: dts: imx8mm-kontron: add support for ultra high speed modes on (git-fixes) - arm64: dts: imx8mm-venice-gw71xx: fix usb otg vbus (git-fixes) - arm64: dts: marvell: reorder crypto interrupts on armada socs (git-fixes) - arm64: dts: rockchip: add es8316 codec for rock pi 4 (git-fixes) - arm64: dts: rockchip: add spdif node for rock pi 4 (git-fixes) - arm64: dts: rockchip: fix regulator name on rk3399-rock-4 (git-fixes) - arm64: dts: rockchip: set num-cs property for spi on px30 (git-fixes) - arm64: mm: fix va-range sanity check (git-fixes) - arm64: set __exception_irq_entry with __irq_entry as a default (git-fixes) - asoc: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet (stable-fixes). - asoc: amd: acp: Add missing error handling in sof-mach (git-fixes). - asoc: amd: acp: fix for acp_init function error handling (git-fixes). - asoc: madera: Fix typo in madera_set_fll_clks shift value (git-fixes). - asoc: meson: Use dev_err_probe() helper (stable-fixes). - asoc: meson: aiu: fix function pointer type mismatch (git-fixes). - asoc: meson: axg-tdm-interface: add frame rate constraint (git-fixes). - asoc: meson: axg-tdm-interface: fix mclk setup without mclk-fs (git-fixes). - asoc: meson: t9015: fix function pointer type mismatch (git-fixes). - asoc: ops: Fix wraparound for mask in snd_soc_get_volsw (git-fixes). - asoc: rcar: adg: correct TIMSEL setting for SSI9 (git-fixes). - asoc: rt5645: Make LattePanda board DMI match more precise (stable-fixes). - asoc: rt5682-sdw: fix locking sequence (git-fixes). - asoc: rt711-sdca: fix locking sequence (git-fixes). - asoc: rt711-sdw: fix locking sequence (git-fixes). - asoc: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode (stable-fixes). - asoc: wm8962: Enable oscillator if selecting WM8962_FLL_OSC (stable-fixes). - asoc: wm8962: Fix up incorrect error message in wm8962_set_fll (stable-fixes). - ata: sata_mv: fix pci device id table declaration compilation warning (git-fixes). - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit (git-fixes). - backlight: da9052: fully initialize backlight_properties during probe (git-fixes). - backlight: lm3630a: do not set bl->props.brightness in get_brightness (git-fixes). - backlight: lm3630a: initialize backlight_properties on init (git-fixes). - backlight: lm3639: fully initialize backlight_properties during probe (git-fixes). - backlight: lp8788: fully initialize backlight_properties during probe (git-fixes). - blocklayoutdriver: fix reference leak of pnfs_device_node (git-fixes). - bluetooth: Remove HCI_POWER_OFF_TIMEOUT (git-fixes). - bluetooth: Remove superfluous call to hci_conn_check_pending() (git-fixes). - bluetooth: hci_core: Fix possible buffer overflow (git-fixes). - bluetooth: mgmt: Remove leftover queuing of power_off work (git-fixes). - bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (stable-fixes). - bpf, scripts: correct gpl license name (git-fixes). - bpf, sockmap: fix preempt_rt splat when using raw_spin_lock_t (git-fixes). - can: softing: remove redundant null check (git-fixes). - clk: zynq: prevent null pointer dereference caused by kmalloc failure (git-fixes). - comedi: comedi_test: prevent timers rescheduling during deletion (git-fixes). - coresight: etm4x: do not access trcidr1 for identification (bsc#1220775) - coresight: etm4x: fix accesses to trcseqrstevr and trcseqstr (bsc#1220775) - coresight: etm: override trcidr3.ccitmin on errata affected cpus (bsc#1220775) - cpufreq: amd-pstate: fix min_perf assignment in amd_pstate_adjust_perf() (git-fixes). - cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value (git-fixes). - crypto: arm/sha - fix function cast warnings (git-fixes). - crypto: qat - avoid division by zero (git-fixes). - crypto: qat - fix deadlock in backlog processing (git-fixes). - crypto: qat - fix double free during reset (git-fixes). - crypto: qat - fix state machines cleanup paths (bsc#1218321). - crypto: qat - fix unregistration of compression algorithms (git-fixes). - crypto: qat - fix unregistration of crypto algorithms (git-fixes). - crypto: qat - ignore subsequent state up commands (git-fixes). - crypto: qat - increase size of buffers (git-fixes). - crypto: qat - resolve race condition during aer recovery (git-fixes). - crypto: xilinx - call finalize with bh disabled (git-fixes). - doc-guide: kernel-doc: tell about object-like macros (git-fixes). - doc/readme.suse: update information about module support status (jsc#ped-5759) - drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (git-fixes). - drm/amd/display: add fams validation before trying to use it (git-fixes). - drm/amd/display: add fb_damage_clips support (git-fixes). - drm/amd/display: add function for validate and update new stream (git-fixes). - drm/amd/display: add odm case when looking for first split pipe (git-fixes). - drm/amd/display: always switch off odm before committing more streams (git-fixes). - drm/amd/display: avoid abm when odm combine is enabled for edp (git-fixes). - drm/amd/display: blocking invalid 420 modes on hdmi tmds for dcn31 (git-fixes). - drm/amd/display: check if link state is valid (git-fixes). - drm/amd/display: clean code-style issues in dcn30_set_mpc_shaper_3dlut (git-fixes). - drm/amd/display: copy dc context in the commit streams (git-fixes). - drm/amd/display: dc.h: eliminate kernel-doc warnings (git-fixes). - drm/amd/display: disable psr-su on parade 0803 tcon again (git-fixes). - drm/amd/display: enable fast plane updates on dcn3.2 and above (git-fixes). - drm/amd/display: enable new commit sequence only for dcn32x (git-fixes). - drm/amd/display: ensure async flips are only accepted for fast updates (git-fixes). - drm/amd/display: exit idle optimizations before attempt to access phy (git-fixes). - drm/amd/display: expand kernel doc for dc (git-fixes). - drm/amd/display: fix a bug when searching for insert_above_mpcc (git-fixes). - drm/amd/display: fix a null pointer dereference in amdgpu_dm_i2c_xfer() (git-fixes). - drm/amd/display: fix a potential buffer overflow in 'dp_dsc_clock_en_read()' (git-fixes). - drm/amd/display: fix abm disablement (git-fixes). - drm/amd/display: fix dc/core/dc.c kernel-doc (git-fixes). - drm/amd/display: fix hw rotated modes when psr-su is enabled (git-fixes). - drm/amd/display: fix kernel-doc issues in dc.h (git-fixes). - drm/amd/display: fix possible underflow for displays with large vblank (git-fixes). - drm/amd/display: fix the delta clamping for shaper lut (git-fixes). - drm/amd/display: fix unbounded requesting for high pixel rate modes on dcn315 (git-fixes). - drm/amd/display: fix underflow issue on 175hz timing (git-fixes). - drm/amd/display: for prefetch mode > 0, extend prefetch if possible (git-fixes). - drm/amd/display: guard against invalid rptr/wptr being set (git-fixes). - drm/amd/display: guard dcn31 phyd32clk logic against chip family (git-fixes). - drm/amd/display: handle range offsets in vrr ranges (stable-fixes). - drm/amd/display: handle seamless boot stream (git-fixes). - drm/amd/display: handle virtual hardware detect (git-fixes). - drm/amd/display: include surface of unaffected streams (git-fixes). - drm/amd/display: include udelay when waiting for inbox0 ack (git-fixes). - drm/amd/display: increase frame warning limit with kasan or kcsan in dml (git-fixes). - drm/amd/display: keep phy active for dp config (git-fixes). - drm/amd/display: perform a bounds check before filling dirty rectangles (git-fixes). - drm/amd/display: prevent vtotal from being set to 0 (git-fixes). - drm/amd/display: remove min_dst_y_next_start check for z8 (git-fixes). - drm/amd/display: restore rptr/wptr for dmcub as workaround (git-fixes). - drm/amd/display: return the correct hdcp error code (stable-fixes). - drm/amd/display: revert vblank change that causes null pointer crash (git-fixes). - drm/amd/display: rework comments on dc file (git-fixes). - drm/amd/display: rework context change check (git-fixes). - drm/amd/display: set minimum requirement for using psr-su on phoenix (git-fixes). - drm/amd/display: set minimum requirement for using psr-su on rembrandt (git-fixes). - drm/amd/display: set per pipe dppclk to 0 when dpp is off (git-fixes). - drm/amd/display: update correct dcn314 register header (git-fixes). - drm/amd/display: update extended blank for dcn314 onwards (git-fixes). - drm/amd/display: update min z8 residency time to 2100 for dcn314 (git-fixes). - drm/amd/display: update otg instance in the commit stream (git-fixes). - drm/amd/display: use dram speed from validation for dummy p-state (git-fixes). - drm/amd/display: use dtbclk as refclk instead of dprefclk (git-fixes). - drm/amd/display: use low clocks for no plane configs (git-fixes). - drm/amd/display: use min transition for all subvp plane add/remove (git-fixes). - drm/amd/display: write to correct dirty_rect (git-fixes). - drm/amd/display: wrong colorimetry workaround (git-fixes). - drm/amd/pm: fix a memleak in aldebaran_tables_init (git-fixes). - drm/amd/pm: fix error of maco flag setting code (git-fixes). - drm/amd/smu: use averagegfxclkfrequency* to replace previous gfx curr clock (git-fixes). - drm/amd: enable pcie pme from d3 (git-fixes). - drm/amdgpu/pm: fix the error of pwm1_enable setting (stable-fixes). - drm/amdgpu/pm: make gfxclock consistent for sienna cichlid (git-fixes). - drm/amdgpu/pm: make mclk consistent for smu 13.0.7 (git-fixes). - drm/amdgpu/smu13: drop compute workload workaround (git-fixes). - drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (stable-fixes). - drm/amdgpu: enable gpu reset for s3 abort cases on raven series (stable-fixes). - drm/amdgpu: fix missing break in atom_arg_imm case of atom_get_src_int() (git-fixes). - drm/amdgpu: force order between a read and write to the same address (git-fixes). - drm/amdgpu: lower cs errors to debug severity (git-fixes). - drm/amdgpu: match against exact bootloader status (git-fixes). - drm/amdgpu: unset context priority is now invalid (git-fixes). - drm/amdgpu: update min() to min_t() in 'amdgpu_info_ioctl' (git-fixes). - drm/amdkfd: fix tlb flush after unmap for gfx9.4.2 (stable-fixes). - drm/bridge: tc358762: instruct dsi host to generate hse packets (git-fixes). - drm/display: fix typo (git-fixes). - drm/edid: add quirk for osvr hdk 2.0 (git-fixes). - drm/etnaviv: restore some id values (git-fixes). - drm/exynos: do not return negative values from .get_modes() (stable-fixes). - drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() (git-fixes). - drm/i915/bios: tolerate devdata==null in intel_bios_encoder_supports_dp_dual_mode() (stable-fixes). - drm/i915/gt: do not generate the command streamer for all the ccs (git-fixes). - drm/i915/gt: reset queue_priority_hint on parking (git-fixes). - drm/i915/gt: use i915_vm_put on ppgtt_create error paths (git-fixes). - drm/i915/selftests: fix dependency of some timeouts on hz (git-fixes). - drm/i915: add missing ccs documentation (git-fixes). - drm/i915: call intel_pre_plane_updates() also for pipes getting enabled (git-fixes). - drm/i915: check before removing mm notifier (git-fixes). - drm/lima: fix a memleak in lima_heap_alloc (git-fixes). - drm/mediatek: dsi: fix dsi rgb666 formats and definitions (git-fixes). - drm/mediatek: fix a null pointer crash in mtk_drm_crtc_finish_page_flip (git-fixes). - drm/msm/dpu: add division of drm_display_mode's hskew parameter (git-fixes). - drm/msm/dpu: fix the programming of intf_cfg2_data_hctl_en (git-fixes). - drm/msm/dpu: improve dsc allocation (git-fixes). - drm/msm/dpu: only enable dsc_mode_multiplex if dsc_merge is enabled (git-fixes). - drm/panel-edp: use put_sync in unprepare (git-fixes). - drm/panel: auo,b101uan08.3: fine tune the panel power sequence (git-fixes). - drm/panel: boe-tv101wum-nl6: fine tune the panel power sequence (git-fixes). - drm/panel: do not return negative error codes from drm_panel_get_modes() (stable-fixes). - drm/panel: move aux b116xw03 out of panel-edp back to panel-simple (git-fixes). - drm/panfrost: fix power transition timeout warnings (git-fixes). - drm/probe-helper: warn about negative .get_modes() (stable-fixes). - drm/qxl: remove unused `count` variable from `qxl_surface_id_alloc()` (git-fixes). - drm/qxl: remove unused variable from `qxl_process_single_command()` (git-fixes). - drm/radeon/ni: fix wrong firmware size logging in ni_init_microcode() (git-fixes). - drm/radeon/ni_dpm: remove redundant null check (git-fixes). - drm/radeon: remove dead code in ni_mc_load_microcode() (git-fixes). - drm/rockchip: dsi: clean up 'usage_mode' when failing to attach (git-fixes). - drm/rockchip: inno_hdmi: fix video timing (git-fixes). - drm/rockchip: lvds: do not overwrite error code (git-fixes). - drm/rockchip: lvds: do not print scary message when probing defer (git-fixes). - drm/tegra: dpaux: fix pm disable depth imbalance in tegra_dpaux_probe (git-fixes). - drm/tegra: dsi: add missing check for of_find_device_by_node (git-fixes). - drm/tegra: dsi: fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() (git-fixes). - drm/tegra: dsi: fix some error handling paths in tegra_dsi_probe() (git-fixes). - drm/tegra: dsi: make use of the helper function dev_err_probe() (stable-fixes). - drm/tegra: hdmi: convert to devm_platform_ioremap_resource() (stable-fixes). - drm/tegra: hdmi: fix some error handling paths in tegra_hdmi_probe() (git-fixes). - drm/tegra: output: fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() (git-fixes). - drm/tegra: put drm_gem_object ref on error in tegra_fb_create (git-fixes). - drm/tegra: rgb: fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() (git-fixes). - drm/tegra: rgb: fix some error handling paths in tegra_dc_rgb_probe() (git-fixes). - drm/tidss: fix initial plane zpos values (git-fixes). - drm/tidss: fix sync-lost issue with two displays (git-fixes). - drm/ttm: do not leak a resource on eviction error (git-fixes). - drm/ttm: do not print error message if eviction was interrupted (git-fixes). - drm/vc4: add module dependency on hdmi-codec (git-fixes). - drm/vmwgfx: create debugfs ttm_resource_manager entry only if needed (git-fixes). - drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (git-fixes). - drm/vmwgfx: fix possible null pointer derefence with invalid contexts (git-fixes). - drm: do not treat 0 as -1 in drm_fixp2int_ceil (git-fixes). - drm: fix drm_fixp2int_round() making it add 0.5 (git-fixes). - drm: panel-orientation-quirks: add quirk for acer switch v 10 (sw5-017) (git-fixes). - firewire: core: use long bus reset on gap count error (stable-fixes). - fix 'coresight: etm4x: Change etm4_platform_driver driver for MMIO devices' (bsc#1220775) - hid: amd_sfh: Update HPD sensor structure elements (git-fixes). - hid: lenovo: Add middleclick_workaround sysfs knob for cptkbd (git-fixes). - hid: multitouch: Add required quirk for Synaptics 0xcddc device (stable-fixes). - hv_netvsc: calculate correct ring size when page_size is not 4 kbytes (git-fixes). - hv_netvsc: fix race condition between netvsc_probe and netvsc_remove (git-fixes). - hv_netvsc: register vf in netvsc_probe if net_device_register missed (git-fixes). - i2c: aspeed: fix the dummy irq expected print (git-fixes). - i2c: i801: avoid potential double call to gpiod_remove_lookup_table (git-fixes). - i2c: wmt: fix an error handling path in wmt_i2c_probe() (git-fixes). - ib/ipoib: Fix mcast list locking (git-fixes) - iio: dummy_evgen: remove excess kernel-doc comments (git-fixes). - iio: pressure: dlhl60d: initialize empty dlh bytes (git-fixes). - input: gpio_keys_polled - suppress deferred probe error for gpio (stable-fixes). - input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table (git-fixes). - input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table (git-fixes). - input: i8042 - add quirk for Fujitsu Lifebook A574/H (git-fixes). - input: i8042 - fix strange behavior of touchpad on Clevo NS70PU (git-fixes). - input: pm8941-powerkey - fix debounce on gen2+ PMICs (git-fixes). - input: pm8941-pwrkey - add software key press debouncing support (git-fixes). - input: pm8941-pwrkey - add support for PON GEN3 base addresses (git-fixes). - input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal (git-fixes). - input: xpad - add Lenovo Legion Go controllers (git-fixes). - iommu/amd: mark interrupt as managed (git-fixes). - iommu/dma: trace bounce buffer usage when mapping buffers (git-fixes). - iommu/mediatek-v1: fix an error handling path in mtk_iommu_v1_probe() (git-fixes). - iommu/mediatek: fix forever loop in error handling (git-fixes). - iommu/vt-d: allow to use flush-queue when first level is default (git-fixes). - iommu/vt-d: do not issue ats invalidation request when device is disconnected (git-fixes). - iommu/vt-d: fix pasid directory pointer coherency (git-fixes). - iommu/vt-d: set no execute enable bit in pasid table entry (git-fixes). - kabi: pci: add locking to rmw pci express capability register accessors (kabi). - kconfig: fix infinite loop when expanding a macro at the end of file (git-fixes). - kvm: s390: only deliver the set service event bits (git-fixes bsc#1221631). - lan78xx: enable auto speed configuration for lan7850 if no eeprom is detected (git-commit). - leds: aw2013: unlock mutex before destroying it (git-fixes). - lib/cmdline: fix an invalid format specifier in an assertion msg (git-fixes). - make nvidiA Grace-Hopper TPM related drivers build-ins (bsc#1221156) - md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes). - md/raid5: release batch_last before waiting for another stripe_head (git-fixes). - md/raid6: use valid sector values to determine if an i/o should wait on the reshape (git-fixes). - md: do not ignore suspended array in md_check_recovery() (git-fixes). - md: do not leave 'md_recovery_frozen' in error path of md_set_readonly() (git-fixes). - md: fix data corruption for raid456 when reshape restart while grow up (git-fixes). - md: introduce md_ro_state (git-fixes). - md: make sure md_do_sync() will set md_recovery_done (git-fixes). - md: whenassemble the array, consult the superblock of the freshest device (git-fixes). - media: dvb-frontends: avoid stack overflow warnings with clang (git-fixes). - media: edia: dvbdev: fix a use-after-free (git-fixes). - media: em28xx: annotate unchecked call to media_device_register() (git-fixes). - media: go7007: add check of return value of go7007_read_addr() (git-fixes). - media: go7007: fix a memleak in go7007_load_encoder (git-fixes). - media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak (git-fixes). - media: pvrusb2: fix pvr2_stream_callback casts (git-fixes). - media: pvrusb2: fix uaf in pvr2_context_set_notify (git-fixes). - media: pvrusb2: remove redundant null check (git-fixes). - media: staging: ipu3-imgu: set fields before media_entity_pads_init() (git-fixes). - media: sun8i-di: fix chroma difference threshold (git-fixes). - media: sun8i-di: fix coefficient writes (git-fixes). - media: sun8i-di: fix power on/off sequences (git-fixes). - media: tc358743: register v4l2 async device only after successful setup (git-fixes). - media: ttpci: fix two memleaks in budget_av_attach (git-fixes). - media: usbtv: remove useless locks in usbtv_video_free() (git-fixes). - media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity (git-fixes). - media: v4l2-tpg: fix some memleaks in tpg_alloc (git-fixes). - media: xc4000: fix atomicity violation in xc4000_get_frequency (git-fixes). - mfd: altera-sysmgr: call of_node_put() only when of_parse_phandle() takes a ref (git-fixes). - mfd: syscon: call of_node_put() only when of_parse_phandle() takes a ref (git-fixes). - mm,page_owner: Defer enablement of static branch (bsc#1222366). - mm,page_owner: check for null stack_record before bumping its refcount (bsc#1222366). - mm,page_owner: drop unnecessary check (bsc#1222366). - mm,page_owner: fix accounting of pages when migrating (bsc#1222366). - mm,page_owner: fix printing of stack records (bsc#1222366). - mm,page_owner: fix recursion (bsc#1222366). - mm,page_owner: fix refcount imbalance (bsc#1222366). - mm,page_owner: update metadata for tail pages (bsc#1222366). - mm/vmalloc: huge vmalloc backing pages should be split rather than compound (bsc#1217829). - mmc: core: avoid negative index with array access (git-fixes). - mmc: core: fix switch on gp3 partition (git-fixes). - mmc: core: initialize mmc_blk_ioc_data (git-fixes). - mmc: mmci: stm32: fix dma api overlapping mappings warning (git-fixes). - mmc: mmci: stm32: use a buffer for unaligned dma requests (git-fixes). - mmc: tmio: avoid concurrent runs of mmc_request_done() (git-fixes). - mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function (git-fixes). - mtd: maps: physmap-core: fix flash size larger than 32-bit (git-fixes). - mtd: rawnand: lpc32xx_mlc: fix irq handler prototype (git-fixes). - mtd: rawnand: meson: fix scrambling mode value in command macro (git-fixes). - net/bnx2x: prevent access to a freed page in page_pool (bsc#1215322). - net/x25: fix incorrect parameter validation in the x25_getsockopt() function (git-fixes). - net: fix features skip in for_each_netdev_feature() (git-fixes). - net: lan78xx: fix runtime pm count underflow on link stop (git-fixes). - net: ll_temac: platform_get_resource replaced by wrong function (git-fixes). - net: mana: fix rx dma datasize and skb_over_panic (git-fixes). - net: phy: fix phy_get_internal_delay accessing an empty array (git-fixes). - net: sunrpc: fix an off by one in rpc_sockaddr2uaddr() (git-fixes). - net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes). - nfc: nci: fix uninit-value in nci_dev_up and nci_ntf_packet (git-fixes). - nfs: fix an off by one in root_nfs_cat() (git-fixes). - nfs: rename nfs_client_kset to nfs_kset (git-fixes). - nfsd: change LISTXATTRS cookie encoding to big-endian (git-fixes). - nfsd: convert the callback workqueue to use delayed_work (git-fixes). - nfsd: do not take fi_lock in nfsd_break_deleg_cb() (git-fixes). - nfsd: fix LISTXATTRS returning a short list with eof=TRUE (git-fixes). - nfsd: fix LISTXATTRS returning more bytes than maxcount (git-fixes). - nfsd: fix file memleak on client_opens_release (git-fixes). - nfsd: fix nfsd4_listxattr_validate_cookie (git-fixes). - nfsd: lock_rename() needs both directories to live on the same fs (git-fixes). - nfsd: reschedule CB operations when backchannel rpc_clnt is shut down (git-fixes). - nfsd: reset cb_seq_status after NFS4ERR_DELAY (git-fixes). - nfsd: retransmit callbacks after client reconnects (git-fixes). - nfsd: use vfs setgid helper (git-fixes). - nfsv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT (git-fixes). - nfsv4.1: fix SP4_MACH_CRED protection for pnfs IO (git-fixes). - nfsv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes). - nfsv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes). - nfsv4.2: fix listxattr maximum XDR buffer size (git-fixes). - nfsv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (git-fixes). - nfsv4.2: fix wrong shrinker_id (git-fixes). - nfsv4: fix a nfs4_state_manager() race (git-fixes). - nfsv4: fix a state manager thread deadlock regression (git-fixes). - nilfs2: fix failure to detect dat corruption in btree and direct mappings (git-fixes). - nilfs2: prevent kernel bug at submit_bh_wbc() (git-fixes). - nouveau/dmem: handle kcalloc() allocation failure (git-fixes). - nouveau: reset the bo resource bus info after an eviction (git-fixes). - ntfs: fix use-after-free in ntfs_ucsncmp() (bsc#1221713). - nvme-fc: do not wait in vain when unloading module (git-fixes). - nvme: fix reconnection fail due to reserved tag allocation (git-fixes). - nvmet-fc: abort command when there is no binding (git-fixes). - nvmet-fc: avoid deadlock on delete association path (git-fixes). - nvmet-fc: defer cleanup using rcu properly (git-fixes). - nvmet-fc: hold reference on hostport match (git-fixes). - nvmet-fc: release reference on target port (git-fixes). - nvmet-fc: take ref count on tgtport before delete assoc (git-fixes). - nvmet-fcloop: swap the list_add_tail arguments (git-fixes). - nvmet-tcp: fix nvme tcp ida memory leak (git-fixes). - pci/aer: fix rootport attribute paths in ABI docs (git-fixes). - pci/aspm: Use RMW accessors for changing LNKCTL (git-fixes). - pci/dpc: print all TLP Prefixes, not just the first (git-fixes). - pci/msi: prevent MSI hardware interrupt number truncation (bsc#1218777) - pci/p2pdma: Fix a sleeping issue in a RCU read section (git-fixes). - pci: add locking to RMW PCI Express Capability Register accessors (git-fixes). - pci: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() (git-fixes). - pci: dwc: endpoint: Fix advertised resizable BAR size (git-fixes). - pci: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support (git-fixes). - pci: fu740: Set the number of MSI vectors (git-fixes). - pci: lengthen reset delay for VideoPropulsion Torrent QN16e card (git-fixes). - pci: make link retraining use RMW accessors for changing LNKCTL (git-fixes). - pci: mark 3ware-9650SE Root Port Extended Tags as broken (git-fixes). - pci: mediatek-gen3: Fix translation window size calculation (git-fixes). - pci: mediatek: Clear interrupt status before dispatching handler (git-fixes). - pci: qcom: Enable BDF to SID translation properly (git-fixes). - pci: qcom: Use DWC helpers for modifying the read-only DBI registers (git-fixes). - pci: rockchip: Do not advertise MSI-X in PCIe capabilities (git-fixes). - pci: rockchip: Fix window mapping and address translation for endpoint (git-fixes). - pci: rockchip: Use 64-bit mask on MSI 64-bit PCI address (git-fixes). - pci: switchtec: Fix an error handling path in switchtec_pci_probe() (git-fixes). - pinctrl: mediatek: drop bogus slew rate register range for mt8192 (git-fixes). - platform/mellanox: mlxreg-hotplug: Remove redundant NULL-check (git-fixes). - pm: suspend: Set mem_sleep_current during kernel command line setup (git-fixes). - pnfs/flexfiles: check the layout validity in ff_layout_mirror_prepare_stats (git-fixes). - pnfs: fix a hang in nfs4_evict_inode() (git-fixes). - pnfs: fix the pnfs block driver's calculation of layoutget size (git-fixes). - powerpc/64s: POWER10 CPU Kconfig build option (bsc#1194869). - powerpc/boot: Disable power10 features after BOOTAFLAGS assignment (bsc#1194869). - powerpc/boot: Fix boot wrapper code generation with CONFIG_POWER10_CPU (bsc#1194869). - powerpc/lib/sstep: Do not use __{get/put}_user() on kernel addresses (bsc#1194869). - powerpc/lib/sstep: Remove unneeded #ifdef __powerpc64__ (bsc#1194869). - powerpc/lib/sstep: Use l1_dcache_bytes() instead of opencoding (bsc#1194869). - powerpc/lib/sstep: use truncate_if_32bit() (bsc#1194869). - powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270). - powerpc/pseries: Fix potential memleak in papr_get_attr() (bsc#1200465 ltc#197256 jsc#SLE-18130 git-fixes). - powerpc/sstep: Use bitwise instead of arithmetic operator for flags (bsc#1194869). - powerpc: add compile-time support for lbarx, lharx (bsc#1194869). - pwm: mediatek: Update kernel doc for struct pwm_mediatek_of_data (git-fixes). - qedf: Do not process stag work during unload (bsc#1214852). - qedf: Wait for stag work during unload (bsc#1214852). - raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1221097). - ras/amd/fmpm: Add debugfs interface to print record entries (jsc#PED-7619). - ras/amd/fmpm: Avoid NULL ptr deref in get_saved_records() (jsc#PED-7619). - ras/amd/fmpm: Fix build when debugfs is not enabled (jsc#PED-7619). - ras/amd/fmpm: Fix off by one when unwinding on error (jsc#PED-7619). - ras/amd/fmpm: Safely handle saved records of various sizes (jsc#PED-7619). - ras/amd/fmpm: Save SPA values (jsc#PED-7619). - ras: Avoid build errors when CONFIG_DEBUG_FS=n (git-fixes). - ras: export helper to get ras_debugfs_dir (jsc#PED-7619). - rdma/device: fix a race between mad_client and cm_client init (git-fixes) - rdma/hns: fix mis-modifying default congestion control algorithm (git-fixes) - rdma/ipoib: fix error code return in ipoib_mcast_join (git-fixes) - rdma/irdma: remove duplicate assignment (git-fixes) - rdma/mana_ib: fix bug in creation of dma regions (git-fixes). - rdma/mlx5: fix fortify source warning while accessing eth segment (git-fixes) - rdma/mlx5: relax devx access upon modify commands (git-fixes) - rdma/rtrs-clt: check strnlen return len in sysfs mpath_policy_store() (git-fixes) - rdma/srpt: do not register event handler until srpt device is fully setup (git-fixes) - revert 'drm/amd: disable psr-su on parade 0803 tcon' (git-fixes). - revert 'drm/amd: disable s/g for apus when 64gb or more host memory' (git-fixes). - revert 'drm/amdgpu/display: change pipe policy for dcn 2.0' (git-fixes). - revert 'drm/amdgpu/display: change pipe policy for dcn 2.1' (git-fixes). - revert 'drm/vc4: hdmi: enforce the minimum rate at runtime_resume' (git-fixes). - revert 'fbdev: flush deferred io before closing (git-fixes).' (bsc#1221814) - revert 'pci: tegra194: enable support for 256 byte payload' (git-fixes). - revert 'revert 'drm/amdgpu/display: change pipe policy for dcn 2.0'' (git-fixes). - revert 'sunrpc dont update timeout value on connection reset' (git-fixes). - ring-buffer: Clean ring_buffer_poll_wait() error return (git-fixes). - rtc: mt6397: select IRQ_DOMAIN instead of depending on it (git-fixes). - s390/pai: fix attr_event_free upper limit for pai device drivers (git-fixes bsc#1221633). - s390/vfio-ap: realize the VFIO_DEVICE_GET_IRQ_INFO ioctl (bsc#1205316). - s390/vfio-ap: realize the VFIO_DEVICE_SET_IRQS ioctl (bsc#1205316). - s390/vfio-ap: wire in the vfio_device_ops request callback (bsc#1205316). - s390/vtime: fix average steal time calculation (git-fixes bsc#1221951). - sched/rt: Disallow writing invalid values to sched_rt_period_us (bsc#1220176). - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset (bsc#1220176). - scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() (bsc#1221777). - scsi: lpfc: Correct size for wqe for memset() (bsc#1221777). - scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr (bsc#1221777). - scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr (bsc#1221777). - scsi: lpfc: Define types in a union for generic void *context3 ptr (bsc#1221777). - scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (bsc#1221777). - scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1221777). - scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1221777 bsc#1217959). - scsi: lpfc: Remove unnecessary log message in queuecommand path (bsc#1221777). - scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() (bsc#1221777). - scsi: lpfc: Update lpfc version to 14.4.0.1 (bsc#1221777). - scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic (bsc#1221777). - scsi: lpfc: Use a dedicated lock for ras_fwlog state (bsc#1221777). - scsi: qedf: Remove set but unused variable 'page' (bsc#1214852). - scsi: qedf: Remove unused 'num_handled' variable (bsc#1214852). - scsi: qedf: Remove unused declaration (bsc#1214852). - scsi: qla2xxx: Change debug message during driver unload (bsc1221816). - scsi: qla2xxx: Delay I/O Abort on PCI error (bsc1221816). - scsi: qla2xxx: Fix N2N stuck connection (bsc1221816). - scsi: qla2xxx: Fix command flush on cable pull (bsc1221816). - scsi: qla2xxx: Fix double free of fcport (bsc1221816). - scsi: qla2xxx: Fix double free of the ha->vp_map pointer (bsc1221816). - scsi: qla2xxx: NVME|FCP prefer flag not being honored (bsc1221816). - scsi: qla2xxx: Prevent command send on chip reset (bsc1221816). - scsi: qla2xxx: Split FCE|EFT trace control (bsc1221816). - scsi: qla2xxx: Update manufacturer detail (bsc1221816). - scsi: qla2xxx: Update version to 10.02.09.200-k (bsc1221816). - scsi: storvsc: Fix ring buffer size calculation (git-fixes). - scsi: target: core: Silence the message about unknown VPD pages (bsc#1221252). - selftests/bpf: add generic BPF program tester-loader (bsc#1222033). - serial: 8250_exar: Do not remove GPIO device on suspend (git-fixes). - serial: max310x: fix syntax error in IRQ error message (git-fixes). - slimbus: core: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - soc: fsl: qbman: Always disable interrupts when taking cgr_lock (git-fixes). - spi: lm70llp: fix links in doc and comments (git-fixes). - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (git-fixes). - sr9800: Add check for usbnet_get_endpoints (git-fixes). - stackdepot: rename pool_index to pool_index_plus_1 (git-fixes). - staging: vc04_services: fix information leak in create_component() (git-fixes). - sunrpc: add an is_err() check back to where it was (git-fixes). - sunrpc: econnreset might require a rebind (git-fixes). - sunrpc: fix a memleak in gss_import_v2_context (git-fixes). - sunrpc: fix a suspicious rcu usage warning (git-fixes). - sunrpc: fix rpc client cleaned up the freed pipefs dentries (git-fixes). - sunrpc: fix some memleaks in gssx_dec_option_array (git-fixes). - svcrdma: Drop connection after an RDMA Read error (git-fixes). - topology/sysfs: Hide PPIN on systems that do not support it (jsc#PED-7618). - topology: Fix up build warning in topology_is_visible() (jsc#PED-7618). - tracing/probes: Fix to show a parse error for bad type for $comm (git-fixes). - tracing: Fix wasted memory in saved_cmdlines logic (git-fixes). - tracing: Inform kmemleak of saved_cmdlines allocation (git-fixes). - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619). - tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled (git-fixes). - tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (git-fixes). - tty: vt: fix 20 vs 0x20 typo in EScsiignore (git-fixes). - ubifs: Queue up space reservation tasks if retrying many times (git-fixes). - ubifs: Remove unreachable code in dbg_check_ltab_lnum (git-fixes). - ubifs: Set page uptodate in the correct place (git-fixes). - ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed (git-fixes). - ubifs: fix sort function prototype (git-fixes). - usb: audio-v2: Correct comments for struct uac_clock_selector_descriptor (git-fixes). - usb: cdc-wdm: close race between read and workqueue (git-fixes). - usb: core: fix deadlock in usb_deauthorize_interface() (git-fixes). - usb: dwc2: gadget: Fix exiting from clock gating (git-fixes). - usb: dwc2: gadget: LPM flow fix (git-fixes). - usb: dwc2: host: Fix ISOC flow in DDMA mode (git-fixes). - usb: dwc2: host: Fix hibernation flow (git-fixes). - usb: dwc2: host: Fix remote wakeup from hibernation (git-fixes). - usb: dwc3: Properly set system wakeup (git-fixes). - usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes). - usb: gadget: ncm: Fix handling of zero block length packets (git-fixes). - usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (git-fixes). - usb: hub: Replace hardcoded quirk value with BIT() macro (git-fixes). - usb: port: Do not try to peer unused USB ports based on location (git-fixes). - usb: typec: Return size of buffer if pd_set operation succeeds (git-fixes). - usb: typec: ucsi: Check for notifications after init (git-fixes). - usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (git-fixes). - usb: typec: ucsi: Clear EVENT_PENDING under PPM lock (git-fixes). - usb: usb-storage: prevent divide-by-0 error in isd200_ata_command (git-fixes). - usb: xhci: Add error handling in xhci_map_urb_for_dma (git-fixes). - vboxsf: Avoid an spurious warning if load_nls_xxx() fails (git-fixes). - vt: fix unicode buffer corruption when deleting characters (git-fixes). - watchdog: stm32_iwdg: initialize default timeout (git-fixes). - wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (git-fixes). - wifi: ath11k: decrease MHI channel buffer length to 8KB (bsc#1207948). - wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use (git-fixes). - wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (git-fixes). - wifi: b43: Disable QoS for bcm4331 (git-fixes). - wifi: b43: Stop correct queue in DMA worker when QoS is disabled (git-fixes). - wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled (git-fixes). - wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled (git-fixes). - wifi: brcmfmac: fix copyright year mentioned in platform_data header (git-fixes). - wifi: brcmsmac: avoid function pointer casts (git-fixes). - wifi: iwlwifi: dbg-tlv: ensure NUL termination (git-fixes). - wifi: iwlwifi: fix EWRD table validity check (git-fixes). - wifi: iwlwifi: fw: do not always use FW dump trig (git-fixes). - wifi: iwlwifi: mvm: do not set replay counters to 0xff (git-fixes). - wifi: iwlwifi: mvm: report beacon protection failures (git-fixes). - wifi: iwlwifi: mvm: rfi: fix potential response leaks (git-fixes). - wifi: iwlwifi: mvm: use FW rate for non-data only on new devices (git-fixes). - wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (git-fixes). - wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() (git-fixes). - wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (git-fixes). - wifi: rtw88: 8821c: Fix false alarm count (git-fixes). - wifi: wilc1000: fix RCU usage in connect path (git-fixes). - wifi: wilc1000: fix declarations ordering (stable-fixes). - wifi: wilc1000: fix multi-vif management when deleting a vif (git-fixes). - wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces (git-fixes). - x86/CPU/AMD: Update the Zenbleed microcode revisions (git-fixes). - x86/bugs: Fix the SRSO mitigation on Zen3/4 (git-fixes). - x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (git-fixes). - xhci: handle isoc Babble and Buffer Overrun events properly (git-fixes). - xhci: process isoc TD properly when there was a transaction error mid TD (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.17.3 updated - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - cloud-init-config-suse-23.3-150100.8.79.2 updated - cloud-init-23.3-150100.8.79.2 updated - curl-8.0.1-150400.5.44.1 updated - glibc-locale-base-2.31-150300.74.1 updated - glibc-locale-2.31-150300.74.1 updated - glibc-2.31-150300.74.1 updated - grub2-i386-pc-2.06-150500.29.25.12 updated - grub2-x86_64-efi-2.06-150500.29.25.12 updated - grub2-x86_64-xen-2.06-150500.29.25.12 updated - grub2-2.06-150500.29.25.12 updated - hwdata-0.380-150000.3.68.1 updated - kernel-default-5.14.21-150500.55.59.1 updated - less-590-150400.3.6.2 updated - libabsl2308_0_0-20230802.1-150400.10.4.1 added - libblkid1-2.37.4-150500.9.6.1 updated - libcares2-1.19.1-150000.3.26.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - libfdisk1-2.37.4-150500.9.6.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libgnutls30-3.7.3-150400.4.44.1 updated - libmount1-2.37.4-150500.9.6.1 updated - libncurses6-6.1-150000.5.24.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - libprotobuf-lite25_1_0-25.1-150400.9.3.1 added - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - libsemanage1-3.1-150400.3.4.2 updated - libsmartcols1-2.37.4-150500.9.6.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libuuid1-2.37.4-150500.9.6.1 updated - libzypp-17.32.5-150400.3.64.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - openssh-clients-8.4p1-150300.3.37.1 updated - openssh-common-8.4p1-150300.3.37.1 updated - openssh-server-8.4p1-150300.3.37.1 updated - openssh-8.4p1-150300.3.37.1 updated - python3-base-3.6.15-150300.10.60.1 updated - python3-idna-2.6-150000.3.3.1 updated - python3-3.6.15-150300.10.60.1 updated - rpm-ndb-4.14.3-150400.59.13.1 updated - samba-client-libs-4.17.12+git.462.df636292e62-150500.3.23.7 updated - shim-15.8-150300.4.20.2 updated - systemd-default-settings-branding-SLE-0.10-150300.3.7.1 updated - systemd-default-settings-0.10-150300.3.7.1 updated - terminfo-base-6.1-150000.5.24.1 updated - terminfo-6.1-150000.5.24.1 updated - util-linux-systemd-2.37.4-150500.9.6.1 updated - util-linux-2.37.4-150500.9.6.1 updated - vim-data-common-9.1.0330-150500.20.12.1 updated - vim-9.1.0330-150500.20.12.1 updated - wicked-service-0.6.74-150500.3.21.1 updated - wicked-0.6.74-150500.3.21.1 updated - xen-libs-4.17.4_02-150500.3.30.1 updated - xen-tools-domU-4.17.4_02-150500.3.30.1 updated - xfsprogs-5.13.0-150400.3.7.1 updated - zypper-1.14.71-150400.3.45.2 updated - libimaevm3-1.4-150400.3.2.1 removed - libprotobuf-lite20-3.9.2-150200.4.21.1 removed From sle-container-updates at lists.suse.com Sun May 5 07:01:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 5 May 2024 09:01:27 +0200 (CEST) Subject: SUSE-IU-2024:368-1: Security update of sles-15-sp5-chost-byos-v20240502-arm64 Message-ID: <20240505070127.21AB2FCF4@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20240502-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:368-1 Image Tags : sles-15-sp5-chost-byos-v20240502-arm64:20240502 Image Release : Severity : important Type : security References : 1027519 1133277 1175678 1182659 1188500 1190495 1194869 1198101 1200465 1203378 1205316 1205588 1205855 1207948 1207987 1208794 1209635 1209657 1210382 1210959 1211721 1212180 1212182 1212514 1213418 1213456 1213768 1213945 1214148 1214852 1214934 1215005 1215098 1215099 1215100 1215101 1215102 1215103 1215221 1215322 1215334 1215994 1216474 1216546 1217316 1217320 1217321 1217324 1217326 1217329 1217330 1217339 1217432 1217450 1217667 1217829 1217959 1217987 1217988 1217989 1218171 1218321 1218336 1218431 1218479 1218492 1218548 1218562 1218643 1218777 1218871 1219031 1219169 1219170 1219264 1219443 1219460 1219520 1219559 1219581 1219834 1219901 1219937 1220061 1220114 1220176 1220237 1220251 1220279 1220320 1220325 1220328 1220337 1220340 1220365 1220366 1220393 1220398 1220411 1220413 1220433 1220439 1220441 1220443 1220445 1220466 1220469 1220478 1220482 1220484 1220486 1220487 1220492 1220703 1220724 1220735 1220736 1220763 1220775 1220790 1220797 1220831 1220833 1220836 1220839 1220840 1220843 1220845 1220848 1220870 1220871 1220872 1220878 1220879 1220883 1220885 1220887 1220898 1220917 1220918 1220920 1220921 1220926 1220927 1220929 1220930 1220931 1220932 1220933 1220937 1220938 1220940 1220954 1220955 1220959 1220960 1220961 1220965 1220969 1220971 1220978 1220979 1220981 1220982 1220983 1220985 1220986 1220987 1220989 1220990 1220996 1221009 1221012 1221015 1221022 1221039 1221040 1221044 1221045 1221046 1221048 1221055 1221056 1221058 1221060 1221061 1221062 1221066 1221067 1221068 1221069 1221070 1221071 1221077 1221082 1221090 1221097 1221123 1221146 1221146 1221156 1221184 1221194 1221239 1221242 1221252 1221273 1221274 1221276 1221277 1221289 1221291 1221293 1221298 1221337 1221338 1221358 1221361 1221375 1221379 1221399 1221407 1221525 1221551 1221553 1221613 1221614 1221616 1221618 1221631 1221633 1221665 1221667 1221713 1221725 1221746 1221747 1221777 1221814 1221816 1221830 1221831 1221866 1221900 1221900 1221901 1221901 1221951 1221984 1222033 1222056 1222060 1222070 1222073 1222086 1222105 1222109 1222117 1222171 1222259 1222274 1222291 1222300 1222302 1222304 1222317 1222331 1222355 1222356 1222360 1222366 1222373 1222453 1222547 1222619 1222831 1222842 1222952 1222992 1223094 CVE-2021-46925 CVE-2021-46926 CVE-2021-46927 CVE-2021-46929 CVE-2021-46930 CVE-2021-46931 CVE-2021-46933 CVE-2021-46934 CVE-2021-46936 CVE-2021-47082 CVE-2021-47083 CVE-2021-47087 CVE-2021-47091 CVE-2021-47093 CVE-2021-47094 CVE-2021-47095 CVE-2021-47096 CVE-2021-47097 CVE-2021-47098 CVE-2021-47099 CVE-2021-47100 CVE-2021-47101 CVE-2021-47102 CVE-2021-47104 CVE-2021-47105 CVE-2021-47107 CVE-2021-47108 CVE-2022-28737 CVE-2022-4744 CVE-2022-48624 CVE-2022-48626 CVE-2022-48627 CVE-2022-48628 CVE-2022-48629 CVE-2022-48630 CVE-2023-0160 CVE-2023-28746 CVE-2023-32731 CVE-2023-32732 CVE-2023-33953 CVE-2023-35827 CVE-2023-40546 CVE-2023-40547 CVE-2023-40548 CVE-2023-40549 CVE-2023-40550 CVE-2023-40551 CVE-2023-44487 CVE-2023-45918 CVE-2023-46842 CVE-2023-4750 CVE-2023-4785 CVE-2023-48231 CVE-2023-48232 CVE-2023-48233 CVE-2023-48234 CVE-2023-48235 CVE-2023-48236 CVE-2023-48237 CVE-2023-48706 CVE-2023-4881 CVE-2023-52425 CVE-2023-52447 CVE-2023-52450 CVE-2023-52453 CVE-2023-52454 CVE-2023-52462 CVE-2023-52463 CVE-2023-52467 CVE-2023-52469 CVE-2023-52470 CVE-2023-52474 CVE-2023-52476 CVE-2023-52477 CVE-2023-52481 CVE-2023-52482 CVE-2023-52484 CVE-2023-52486 CVE-2023-52492 CVE-2023-52493 CVE-2023-52494 CVE-2023-52497 CVE-2023-52500 CVE-2023-52501 CVE-2023-52502 CVE-2023-52504 CVE-2023-52507 CVE-2023-52508 CVE-2023-52509 CVE-2023-52510 CVE-2023-52511 CVE-2023-52513 CVE-2023-52515 CVE-2023-52517 CVE-2023-52518 CVE-2023-52519 CVE-2023-52520 CVE-2023-52523 CVE-2023-52524 CVE-2023-52525 CVE-2023-52528 CVE-2023-52529 CVE-2023-52530 CVE-2023-52531 CVE-2023-52532 CVE-2023-52559 CVE-2023-52563 CVE-2023-52564 CVE-2023-52566 CVE-2023-52567 CVE-2023-52569 CVE-2023-52574 CVE-2023-52575 CVE-2023-52576 CVE-2023-52582 CVE-2023-52583 CVE-2023-52587 CVE-2023-52591 CVE-2023-52594 CVE-2023-52595 CVE-2023-52597 CVE-2023-52598 CVE-2023-52599 CVE-2023-52600 CVE-2023-52601 CVE-2023-52602 CVE-2023-52603 CVE-2023-52604 CVE-2023-52605 CVE-2023-52606 CVE-2023-52607 CVE-2023-52608 CVE-2023-52612 CVE-2023-52615 CVE-2023-52617 CVE-2023-52619 CVE-2023-52621 CVE-2023-52623 CVE-2023-52628 CVE-2023-52632 CVE-2023-52637 CVE-2023-52639 CVE-2023-6270 CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2023-7042 CVE-2023-7192 CVE-2024-0841 CVE-2024-2004 CVE-2024-2201 CVE-2024-2201 CVE-2024-22099 CVE-2024-22667 CVE-2024-23307 CVE-2024-2398 CVE-2024-25629 CVE-2024-25739 CVE-2024-25742 CVE-2024-25743 CVE-2024-26599 CVE-2024-26600 CVE-2024-26602 CVE-2024-26607 CVE-2024-26612 CVE-2024-26614 CVE-2024-26620 CVE-2024-26627 CVE-2024-26629 CVE-2024-26642 CVE-2024-26645 CVE-2024-26646 CVE-2024-26651 CVE-2024-26654 CVE-2024-26659 CVE-2024-26664 CVE-2024-26667 CVE-2024-26670 CVE-2024-26695 CVE-2024-26717 CVE-2024-28085 CVE-2024-28182 CVE-2024-28757 CVE-2024-28834 CVE-2024-28835 CVE-2024-2961 CVE-2024-31142 CVE-2024-3651 ----------------------------------------------------------------- The container sles-15-sp5-chost-byos-v20240502-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:573-1 Released: Wed Feb 21 09:36:59 2024 Summary: Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 Type: security Severity: moderate References: 1133277,1182659,1203378,1208794,1212180,1212182,1214148,1215334,CVE-2023-32731,CVE-2023-32732,CVE-2023-33953,CVE-2023-44487,CVE-2023-4785 This update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 fixes the following issues: abseil-cpp was updated to: Update to 20230802.1: * Add StdcppWaiter to the end of the list of waiter implementations Update to 20230802.0 What's New: * Added the nullability library for designating the expected nullability of pointers. Currently these serve as annotations only, but it is expected that compilers will one day be able to use these annotations for diagnostic purposes. * Added the prefetch library as a portable layer for moving data into caches before it is read. * Abseil's hash tables now detect many more programming errors in debug and sanitizer builds. * Abseil's synchronization objects now differentiate absolute waits (when passed an absl::Time) from relative waits (when passed an absl::Duration) when the underlying platform supports differentiating these cases. This only makes a difference when system clocks are adjusted. * Abseil's flag parsing library includes additional methods that make it easier to use when another library also expects to be able to parse flags. * absl::string_view is now available as a smaller target, @com_google_absl//absl/strings:string_view, so that users may use this library without depending on the much larger @com_google_absl//absl/strings target. Update to 20230125.3 Details can be found on: https://github.com/abseil/abseil-cpp/releases/tag/20230125.3 Update to 20230125.2 What's New: The Abseil logging library has been released. This library provides facilities for writing short text messages about the status of a program to stderr, disk files, or other sinks (via an extension API). See the logging library documentation for more information. An extension point, AbslStringify(), allows user-defined types to seamlessly work with Abseil's string formatting functions like absl::StrCat() and absl::StrFormat(). A library for computing CRC32C checksums has been added. Floating-point parsing now uses the Eisel-Lemire algorithm, which provides a significant speed improvement. The flags library now provides suggestions for the closest flag(s) in the case of misspelled flags. Using CMake to install Abseil now makes the installed artifacts (in particular absl/base/options.h) reflect the compiled ABI. Breaking Changes: Abseil now requires at least C++14 and follows Google's Foundational C++ Support Policy. See this table for a list of currently supported versions compilers, platforms, and build tools. The legacy spellings of the thread annotation macros/functions (e.g. GUARDED_BY()) have been removed by default in favor of the ABSL_ prefixed versions (e.g. ABSL_GUARDED_BY()) due to clashes with other libraries. The compatibility macro ABSL_LEGACY_THREAD_ANNOTATIONS can be defined on the compile command-line to temporarily restore these spellings, but this compatibility macro will be removed in the future. Known Issues The Abseil logging library in this release is not a feature-complete replacement for glog yet. VLOG and DFATAL are examples of features that have not yet been released. Update to version 20220623.0 What's New: * Added absl::AnyInvocable, a move-only function type. * Added absl::CordBuffer, a type for buffering data for eventual inclusion an absl::Cord, which is useful for writing zero-copy code. * Added support for command-line flags of type absl::optional. Breaking Changes: * CMake builds now use the flag ABSL_BUILD_TESTING (default: OFF) to control whether or not unit tests are built. * The ABSL_DEPRECATED macro now works with the GCC compiler. GCC users that are experiencing new warnings can use -Wno-deprecated-declatations silence the warnings or use -Wno-error=deprecated-declarations to see warnings but not fail the build. * ABSL_CONST_INIT uses the C++20 keyword constinit when available. Some compilers are more strict about where this keyword must appear compared to the pre-C++20 implementation. * Bazel builds now depend on the bazelbuild/bazel-skylib repository. See Abseil's WORKSPACE file for an example of how to add this dependency. Other: * This will be the last release to support C++11. Future releases will require at least C++14. grpc was updated to 1.60: Update to release 1.60 * Implemented dualstack IPv4 and IPv6 backend support, as per draft gRFC A61. xDS support currently guarded by GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS env var. * Support for setting proxy for addresses. * Add v1 reflection. update to 1.59.3: * Security - Revocation: Crl backport to 1.59. (#34926) Update to release 1.59.2 * Fixes for CVE-2023-44487 Update to version 1.59.1: * C++: Fix MakeCordFromSlice memory bug (gh#grpc/grpc#34552). Update to version 1.59.0: * xds ssa: Remove environment variable protection for stateful affinity (gh#grpc/grpc#34435). * c-ares: fix spin loop bug when c-ares gives up on a socket that still has data left in its read buffer (gh#grpc/grpc#34185). * Deps: Adding upb as a submodule (gh#grpc/grpc#34199). * EventEngine: Update Cancel contract on closure deletion timeline (gh#grpc/grpc#34167). * csharp codegen: Handle empty base_namespace option value to fix gh#grpc/grpc#34113 (gh#grpc/grpc#34137). * Ruby: - replace strdup with gpr_strdup (gh#grpc/grpc#34177). - drop ruby 2.6 support (gh#grpc/grpc#34198). Update to release 1.58.1 * Reintroduced c-ares 1.14 or later support Update to release 1.58 * ruby extension: remove unnecessary background thread startup wait logic that interferes with forking Update to release 1.57 (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * EventEngine: Change GetDNSResolver to return absl::StatusOr>. * Improve server handling of file descriptor exhaustion. * Add a channel argument to set DSCP on streams. Update to release 1.56.2 * Improve server handling of file descriptor exhaustion Update to release 1.56.0 (CVE-2023-32731, bsc#1212180) * core: Add support for vsock transport. * EventEngine: Change TXT lookup result type to std::vector. * C++/Authz: support customizable audit functionality for authorization policy. Update to release 1.54.1 * Bring declarations and definitions to be in sync Update to release 1.54 (CVE-2023-32732, bsc#1212182) * XDS: enable XDS federation by default * TlsCreds: Support revocation of intermediate in chain Update to release 1.51.1 * Only a macOS/aarch64-related change Update to release 1.51 * c-ares DNS resolver: fix logical race between resolution timeout/cancellation and fd readability. * Remove support for pthread TLS Update to release 1.50.0 * Core - Derive EventEngine from std::enable_shared_from_this. (#31060) - Revert 'Revert '[chttp2] fix stream leak with queued flow control update and absence of writes (#30907)' (#30991)'. (#30992) - [chttp2] fix stream leak with queued flow control update and absence of writes. (#30907) - Remove gpr_codegen. (#30899) - client_channel: allow LB policy to communicate update errors to resolver. (#30809) - FaultInjection: Fix random number generation. (#30623) * C++ - OpenCensus Plugin: Add measure and views for started RPCs. (#31034) * C# - Grpc.Tools: Parse warnings from libprotobuf (fix #27502). (#30371) - Grpc.Tools add support for env variable GRPC_PROTOC_PLUGIN (fix #27099). (#30411) - Grpc.Tools document AdditionalImportDirs. (#30405) - Fix OutputOptions and GrpcOutputOptions (issue #25950). (#30410) Update to release 1.49.1 * All - Update protobuf to v21.6 on 1.49.x. (#31028) * Ruby - Backport 'Fix ruby windows ucrt build #31051' to 1.49.x. (#31053) Update to release 1.49.0 * Core - Backport: 'stabilize the C2P resolver URI scheme' to v1.49.x. (#30654) - Bump core version. (#30588) - Update OpenCensus to HEAD. (#30567) - Update protobuf submodule to 3.21.5. (#30548) - Update third_party/protobuf to 3.21.4. (#30377) - [core] Remove GRPC_INITIAL_METADATA_CORKED flag. (#30443) - HTTP2: Fix keepalive time throttling. (#30164) - Use AnyInvocable in EventEngine APIs. (#30220) * Python - Add type stub generation support to grpcio-tools. (#30498) Update to release 1.48.1 * Backport EventEngine Forkables Update to release 1.48.0 * C++14 is now required * xDS: Workaround to get gRPC clients working with istio Update to release 1.46.3 * backport: xds: use federation env var to guard new-style resource name parsing (#29725) #29727 Update to release 1.46 * Added HTTP/1.1 support in httpcli * HTTP2: Add graceful goaway Update to release 1.45.2 * Various fixes related to XDS * HTTP2: Should not run cancelling logic on servers when receiving GOAWAY Update to release 1.45.1 * Switched to epoll1 as a default polling engine for Linux Update to version 1.45.0: * Core: - Backport 'Include ADS stream error in XDS error updates (#29014)' to 1.45.x [gh#grpc/grpc#29121]. - Bump core version to 23.0.0 for upcoming release [gh#grpc/grpc#29026]. - Fix memory leak in HTTP request security handshake cancellation [gh#grpc/grpc#28971]. - CompositeChannelCredentials: Comparator implementation [gh#grpc/grpc#28902]. - Delete custom iomgr [gh#grpc/grpc#28816]. - Implement transparent retries [gh#grpc/grpc#28548]. - Uniquify channel args keys [gh#grpc/grpc#28799]. - Set trailing_metadata_available for recv_initial_metadata ops when generating a fake status [gh#grpc/grpc#28827]. - Eliminate gRPC insecure build [gh#grpc/grpc#25586]. - Fix for a racy WorkSerializer shutdown [gh#grpc/grpc#28769]. - InsecureCredentials: singleton object [gh#grpc/grpc#28777]. - Add http cancel api [gh#grpc/grpc#28354]. - Memory leak fix on windows in grpc_tcp_create() [gh#grpc/grpc#27457]. - xDS: Rbac filter updates [gh#grpc/grpc#28568]. * C++ - Bump the minimum gcc to 5 [gh#grpc/grpc#28786]. - Add experimental API for CRL checking support to gRPC C++ TlsCredentials [gh#grpc/grpc#28407]. Update to release 1.44.0 * Add a trace to list which filters are contained in a channel stack. * Remove grpc_httpcli_context. * xDS: Add support for RBAC HTTP filter. * API to cancel grpc_resolve_address. Update to version 1.43.2: * Fix google-c2p-experimental issue (gh#grpc/grpc#28692). Changes from version 1.43.0: * Core: - Remove redundant work serializer usage in c-ares windows code (gh#grpc/grpc#28016). - Support RDS updates on the server (gh#grpc/grpc#27851). - Use WorkSerializer in XdsClient to propagate updates in a synchronized manner (gh#grpc/grpc#27975). - Support Custom Post-handshake Verification in TlsCredentials (gh#grpc/grpc#25631). - Reintroduce the EventEngine default factory (gh#grpc/grpc#27920). - Assert Android API >= v21 (gh#grpc/grpc#27943). - Add support for abstract unix domain sockets (gh#grpc/grpc#27906). * C++: - OpenCensus: Move metadata storage to arena (gh#grpc/grpc#27948). * [C#] Add nullable type attributes to Grpc.Core.Api (gh#grpc/grpc#27887). - Update package name libgrpc++1 to libgrpc++1_43 in keeping with updated so number. Update to release 1.41.0 * xDS: Remove environmental variable guard for security. * xDS Security: Use new way to fetch certificate provider plugin instance config. * xDS server serving status: Use a struct to allow more fields to be added in the future. Update to release 1.39.1 * Fix C# protoc plugin argument parsing on 1.39.x Update to version 1.39.0: * Core - Initialize tcp_posix for CFStream when needed (gh#grpc/grpc#26530). - Update boringssl submodule (gh#grpc/grpc#26520). - Fix backup poller races (gh#grpc/grpc#26446). - Use default port 443 in HTTP CONNECT request (gh#grpc/grpc#26331). * C++ - New iomgr implementation backed by the EventEngine API (gh#grpc/grpc#26026). - async_unary_call: add a Destroy method, called by std::default_delete (gh#grpc/grpc#26389). - De-experimentalize C++ callback API (gh#grpc/grpc#25728). * PHP: stop reading composer.json file just to read the version string (gh#grpc/grpc#26156). * Ruby: Set XDS user agent in ruby via macros (gh#grpc/grpc#26268). Update to release 1.38.0 * Invalidate ExecCtx now before computing timeouts in all repeating timer events using a WorkSerializer or combiner. * Fix use-after-unref bug in fault_injection_filter * New gRPC EventEngine Interface * Allow the AWS_DEFAULT_REGION environment variable * s/OnServingStatusChange/OnServingStatusUpdate/ Update to release 1.37.1 * Use URI form of address for channelz listen node * Implementation CSDS (xDS Config Dump) * xDS status notifier * Remove CAS loops in global subchannel pool and simplify subchannel refcounting Update to release 1.36.4 * A fix for DNS SRV lookups on Windows Update to 1.36.1: * Core: * Remove unnecessary internal pollset set in c-ares DNS resolver * Support Default Root Certs in Tls Credentials * back-port: add env var protection for google-c2p resolver * C++: * Move third party identity C++ api out of experimental namespace * refactor!: change error_details functions to templates * Support ServerContext for callback API * PHP: * support for PSM security * fixed segfault on reused call object * fixed phpunit 8 warnings * Python: * Implement Python Client and Server xDS Creds Update to version 1.34.1: * Backport 'Lazily import grpc_tools when using runtime stub/message generation' to 1.34.x (gh#grpc/grpc#25011). * Backport 'do not use true on non-windows' to 1.34.x (gh#grpc/grpc#24995). Update to version 1.34.0: * Core: - Protect xds security code with the environment variable 'GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT' (gh#grpc/grpc#24782). - Add support for 'unix-abstract:' URIs to support abstract unix domain sockets (gh#grpc/grpc#24500). - Increment Index when parsing not plumbed SAN fields (gh#grpc/grpc#24601). - Revert 'Revert 'Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS'' (gh#grpc/grpc#24518). - xds: Set status code to INVALID_ARGUMENT when NACKing (gh#grpc/grpc#24516). - Include stddef.h in address_sorting.h (gh#grpc/grpc#24514). - xds: Add support for case_sensitive option in RouteMatch (gh#grpc/grpc#24381). * C++: - Fix --define=grpc_no_xds=true builds (gh#grpc/grpc#24503). - Experimental support and tests for CreateCustomInsecureChannelWithInterceptorsFromFd (gh#grpc/grpc#24362). Update to release 1.33.2 * Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS. * Expose Cronet error message to the application layer. * Remove grpc_channel_ping from surface API. * Do not send BDP pings if there is no receive side activity. Update to version 1.33.1 * Core - Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS (gh#grpc/grpc#24063). - Expose Cronet error message to the application layer (gh#grpc/grpc#24083). - Remove grpc_channel_ping from surface API (gh#grpc/grpc#23894). - Do not send BDP pings if there is no receive side activity (gh#grpc/grpc#22997). * C++ - Makefile: only support building deps from submodule (gh#grpc/grpc#23957). - Add new subpackages - libupb and upb-devel. Currently, grpc sources include also upb sources. Before this change, libupb and upb-devel used to be included in a separate package - upb. Update to version 1.32.0: * Core - Remove stream from stalled lists on remove_stream (gh#grpc/grpc#23984). - Do not cancel RPC if send metadata size if larger than peer's limit (gh#grpc/grpc#23806). - Don't consider receiving non-OK status as an error for HTTP2 (gh#grpc/grpc#19545). - Keepalive throttling (gh#grpc/grpc#23313). - Include the target_uri in 'target uri is not valid' error messages (gh#grpc/grpc#23782). - Fix 'cannot send compressed message large than 1024B' in cronet_transport (gh#grpc/grpc#23219). - Receive SETTINGS frame on clients before declaring subchannel READY (gh#grpc/grpc#23636). - Enabled GPR_ABSEIL_SYNC (gh#grpc/grpc#23372). - Experimental xDS v3 support (gh#grpc/grpc#23281). * C++ - Upgrade bazel used for all tests to 2.2.0 (gh#grpc/grpc#23902). - Remove test targets and test helper libraries from Makefile (gh#grpc/grpc#23813). - Fix repeated builds broken by re2's cmake (gh#grpc/grpc#23587). - Log the peer address of grpc_cli CallMethod RPCs to stderr (gh#grpc/grpc#23557). opencensus-proto was updated to 0.3.0+git.20200721: - Update to version 0.3.0+git.20200721: * Bump version to 0.3.0 * Generate Go types using protocolbuffers/protobuf-go (#218) * Load proto_library() rule. (#216) - Update to version 0.2.1+git.20190826: * Remove grpc_java dependency and java_proto rules. (#214) * Add C++ targets, especially for gRPC services. (#212) * Upgrade bazel and dependencies to latest. (#211) * Bring back bazel cache to make CI faster. (#210) * Travis: don't require sudo for bazel installation. (#209) - Update to version 0.2.1: * Add grpc-gateway for metrics service. (#205) * Pin bazel version in travis builds (#207) * Update gen-go files (#199) * Add Web JS as a LibraryInfo.Language option (#198) * Set up Python packaging for PyPI release. (#197) * Add tracestate to links. (#191) * Python proto file generator and generated proto files (#196) * Ruby proto file generator and generated proto files (#192) * Add py_proto_library() rules for envoy/api. (#194) * Gradle: Upgrade dependency versions. (#193) * Update release versions for readme. (#189) * Start 0.3.0 development cycle * Update gen-go files. (#187) * Revert 'Start 0.3.0 development cycle (#167)' (#183) * Revert optimization for metric descriptor and bucket options for now. (#184) * Constant sampler: add option to always follow the parent's decision. (#182) * Document that all maximum values must be specified. (#181) * Fix typo in bucket bounds. (#178) * Restrict people who can approve reviews. This is to ensure code quality. (#177) * Use bazel cache to make CI faster. (#176) * Add grpc generated files to the idea plugin. (#175) * Add Resource to Span (#174) * time is required (#170) * Upgrade protobuf dependency to v3.6.1.3. (#173) * assume Ok Status when not set (#171) * Minor comments fixes (#160) * Start 0.3.0 development cycle (#167) * Update gen-go files. (#162) * Update releasing instruction. (#163) * Fix Travis build. (#165) * Add OpenApi doc for trace agent grpc-gateway (#157) * Add command to generate OpenApi/Swagger doc for grpc-gateway (#156) * Update gen-go files (#155) * Add trace export grpc-gateway config (#77) * Fix bazel build after bazel upgrade (#154) * README: Add gitter, javadoc and godoc badge. (#151) * Update release versions for README. (#150) * Start 0.2.0 development cycle * Add resource and metrics_service proto to mkgogen. Re-generate gen-go files. (#147) * Add resource to protocol (#137) * Fix generating the javadoc. (#144) * Metrics/TimeSeries: start time should not be included while end time should. (#142) * README: Add instructions on using opencensus_proto with Bazel. (#140) * agent/README: update package info. (#138) * Agent: Add metrics service. (#136) * Tracing: Add default limits to TraceConfig. (#133) * Remove a stale TODO. (#134) * README: Add a note about go_proto_library rules. (#135) * add golang bazel build support (#132) * Remove exporter protos from mkgogen. (#128) * Update README and RELEASING. (#130) * Change histogram buckets definition to be OpenMetrics compatible. (#121) * Remove exporter/v1 protos. (#124) * Clean up the README for Agent proto. (#126) * Change Quantiles to ValuesAtPercentile. (#122) * Extend the TraceService service to support export/config for multiple Applications. (#119) * Add specifications on Agent implementation details. (#112) * Update gitignore (#118) * Remove maven support. Not used. (#116) * Add gauge distribution. (#117) * Add support for Summary type and value. (#110) * Add Maven status and instructions on adding dependencies. (#115) * Bump version to 0.0.3-SNAPSHOT * Bump version to 0.0.2 * Update gen-go files. (#114) * Gradle: Add missing source and javadoc rules. (#113) * Add support for float attributes. (#98) * Change from mean to sum in distribution. (#109) * Bump version to v0.0.2-SNAPSHOT * Bump version to v0.0.1 * Add releasing instructions in RELEASING.md. (#106) * Add Gradle build rules for generating gRPC service and releasing to Maven. (#102) * Re-organize proto directory structure. (#103) * Update gen-go files. (#101) * Add a note about interceptors of other libraries. (#94) * agent/common/v1: use exporter_version, core_library_version in LibraryInfo (#100) * opencensus/proto: add default Agent port to README (#97) * Update the message names for Config RPC. (#93) * Add details about agent protocol in the README. (#88) * Update gen-go files. (#92) * agent/trace/v1: fix signature for Config and comments too (#91) * Update gen-go files. (#86) * Make tracestate a list instead of a map to preserve ordering. (#84) * Allow MetricDescriptor to be sent only the first time. (#78) * Update mkgogen.sh. (#85) * Add agent trace service proto definitions. (#79) * Update proto and gen-go package names. (#83) * Add agent/common proto and BUILD. (#81) * Add trace_config.proto. (#80) * Build exporters with maven. (#76) * Make clear that cumulative int/float can go only up. (#75) * Add tracestate field to the Span proto. (#74) * gradle wrapper --gradle-version 4.9 (#72) * Change from multiple types of timeseries to have one. (#71) * Move exemplars in the Bucket. (#70) * Update gen-go files. (#69) * Move metrics in the top level directory. (#68) * Remove Range from Distribution. No backend supports this. (#67) * Remove unused MetricSet message. (#66) * Metrics: Add Exemplar to DistributionValue. (#62) * Gauge vs Cumulative. (#65) * Clarifying comment about bucket boundaries. (#64) * Make MetricDescriptor.Type capture the type of the value as well. (#63) * Regenerate the Go artifacts (#61) * Add export service proto (#60) - Initial version 20180523 protobuf was updated to 25.1: update to 25.1: * Raise warnings for deprecated python syntax usages * Add support for extensions in CRuby, JRuby, and FFI Ruby * Add support for options in CRuby, JRuby and FFI (#14594) update to 25.0: * Implement proto2/proto3 with editions * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Editions: Introduce functionality to protoc for generating edition feature set defaults. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Editions: Refactor feature resolution to use an intermediate message. * Publish extension declarations with declaration verifications. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Protoc: parser rejects explicit use of map_entry option * Protoc: validate that reserved range start is before end * Protoc: support identifiers as reserved names in addition to string literals (only in editions) * Drop support for Bazel 5. * Allow code generators to specify whether or not they support editions. C++: * Set `PROTOBUF_EXPORT` on `InternalOutOfLineDeleteMessageLite()` * Update stale checked-in files * Apply PROTOBUF_NOINLINE to declarations of some functions that want it. * Implement proto2/proto3 with editions * Make JSON UTF-8 boundary check inclusive of the largest possible UTF-8 character. * Reduce `Map::size_type` to 32-bits. Protobuf containers can't have more than that * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Fix bug in reflection based Swap of map fields. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Add prefetching to arena allocations. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated repeated and map field accessors. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated string field accessors. * Editions: Refactor feature resolution to use an intermediate message. * Fixes for 32-bit MSVC. * Publish extension declarations with declaration verifications. * Export the constants in protobuf's any.h to support DLL builds. * Implement AbslStringify for the Descriptor family of types. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated message field accessors. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Introduce C++ feature for UTF8 validation. * Protoc: validate that reserved range start is before end * Remove option to disable the table-driven parser in protoc. * Lock down ctype=CORD in proto file. * Support split repeated fields. * In OSS mode omit some extern template specializations. * Allow code generators to specify whether or not they support editions. Java: * Implement proto2/proto3 with editions * Remove synthetic oneofs from Java gencode field accessor tables. * Timestamps.parse: Add error handling for invalid hours/minutes in the timezone offset. * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Add missing debugging version info to Protobuf Java gencode when multiple files are generated. * Fix a bad cast in putBuilderIfAbsent when already present due to using the result of put() directly (which is null if it currently has no value) * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Fix a NPE in putBuilderIfAbsent due to using the result of put() directly (which is null if it currently has no value) * Update Kotlin compiler to escape package names * Add MapFieldBuilder and change codegen to generate it and the put{field}BuilderIfAbsent method. * Introduce recursion limit in Java text format parsing * Consider the protobuf.Any invalid if typeUrl.split('/') returns an empty array. * Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated. * Fixed Python memory leak in map lookup. * Loosen upb for json name conflict check in proto2 between json name and field * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Ensure Timestamp.ToDatetime(tz) has correct offset * Do not check required field for upb python MergeFrom * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Comparing a proto message with an object of unknown returns NotImplemented * Emit __slots__ in pyi output as a tuple rather than a list for --pyi_out. * Fix a bug that strips options from descriptor.proto in Python. * Raise warings for message.UnknownFields() usages and navigate to the new add * Add protobuf python keyword support in path for stub generator. * Add tuple support to set Struct * ### Python C-Extension (Default) * Comparing a proto message with an object of unknown returns NotImplemented * Check that ffi-compiler loads before using it to define tasks. UPB (Python/PHP/Ruby C-Extension): * Include .inc files directly instead of through a filegroup * Loosen upb for json name conflict check in proto2 between json name and field * Add utf8_validation feature back to the global feature set. * Do not check required field for upb python MergeFrom * Merge the protobuf and upb Bazel repos * Added malloc_trim() calls to Python allocator so RSS will decrease when memory is freed * Upb: fix a Python memory leak in ByteSize() * Support ASAN detection on clang * Upb: bugfix for importing a proto3 enum from within a proto2 file * Expose methods needed by Ruby FFI using UPB_API * Fix `PyUpb_Message_MergeInternal` segfault - Build with source and target levels 8 * fixes build with JDK21 - Install the pom file with the new %%mvn_install_pom macro - Do not install the pom-only artifacts, since the %%mvn_install_pom macro resolves the variables at the install time update to 23.4: * Add dllexport_decl for generated default instance. * Deps: Update Guava to 32.0.1 update to 23.3: C++: * Regenerate stale files * Use the same ABI for static and shared libraries on non- Windows platforms * Add a workaround for GCC constexpr bug Objective-C: * Regenerate stale files UPB (Python/PHP/Ruby C-Extension) * Fixed a bug in `upb_Map_Delete()` that caused crashes in map.delete(k) for Ruby when string-keyed maps were in use. Compiler: * Add missing header to Objective-c generator * Add a workaround for GCC constexpr bug Java: * Rollback of: Simplify protobuf Java message builder by removing methods that calls the super class only. Csharp: * [C#] Replace regex that validates descriptor names update to 22.5: C++: * Add missing cstdint header * Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700) * Avoid using string(JOIN..., which requires cmake 3.12 * Explicitly include GTest package in examples * Bump Abseil submodule to 20230125.3 (#12660) update to 22.4: C++: * Fix libprotoc: export useful symbols from .so Python: * Fix bug in _internal_copy_files where the rule would fail in downstream repositories. Other: * Bump utf8_range to version with working pkg-config (#12584) * Fix declared dependencies for pkg-config * Update abseil dependency and reorder dependencies to ensure we use the version specified in protobuf_deps. * Turn off clang::musttail on i386 update to v22.3 UPB (Python/PHP/Ruby C-Extension): * Remove src prefix from proto import * Fix .gitmodules to use the correct absl branch * Remove erroneous dependency on googletest update to 22.2: Java: * Add version to intra proto dependencies and add kotlin stdlib dependency * Add $ back for osgi header * Remove $ in pom files update to 22.1: * Add visibility of plugin.proto to python directory * Strip 'src' from file name of plugin.proto * Add OSGi headers to pom files. * Remove errorprone dependency from kotlin protos. * Version protoc according to the compiler version number. - update to 22.0: * This version includes breaking changes to: Cpp. Please refer to the migration guide for information: https://protobuf.dev/support/migration/#compiler-22 * [Cpp] Migrate to Abseil's logging library. * [Cpp] `proto2::Map::value_type` changes to `std::pair`. * [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream, and DefaultFieldComparator classes. * [Cpp] Add a dependency on Abseil (#10416) * [Cpp] Remove all autotools usage (#10132) * [Cpp] Add C++20 reserved keywords * [Cpp] Dropped C++11 Support * [Cpp] Delete Arena::Init * [Cpp] Replace JSON parser with new implementation * [Cpp] Make RepeatedField::GetArena non-const in order to support split RepeatedFields. * long list of bindings specific fixes see https://github.com/protocolbuffers/protobuf/releases/tag/v22.0 update to v21.12: * Python: * Fix broken enum ranges (#11171) * Stop requiring extension fields to have a sythetic oneof (#11091) * Python runtime 4.21.10 not works generated code can not load valid proto. update to 21.11: * Python: * Add license file to pypi wheels (#10936) * Fix round-trip bug (#10158) update to 21.10:: * Java: * Use bit-field int values in buildPartial to skip work on unset groups of fields. (#10960) * Mark nested builder as clean after clear is called (#10984) update to 21.9: * Ruby: * Replace libc strdup usage with internal impl to restore musl compat (#10818) * Auto capitalize enums name in Ruby (#10454) (#10763) * Other: * Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721) * C++: * 21.x No longer define no_threadlocal on OpenBSD (#10743) * Java: * Mark default instance as immutable first to avoid race during static initialization of default instances (#10771) * Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder. * Move proto wireformat parsing functionality from the private 'parsing constructor' to the Builder class. * Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations. * Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance. * Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field. update to 21.6: C++: * Reduce memory consumption of MessageSet parsing update to 21.5: PHP: * Added getContainingOneof and getRealContainingOneof to descriptor. * fix PHP readonly legacy files for nested messages Python: * Fixed comparison of maps in Python. - update to 21.4: * Reduce the required alignment of ArenaString from 8 to 4 - update to 21.3: * C++: * Add header search paths to Protobuf-C++.podspec (#10024) * Fixed Visual Studio constinit errors (#10232) * Fix #9947: make the ABI compatible between debug and non-debug builds (#10271) * UPB: * Allow empty package names (fixes behavior regression in 4.21.0) * Fix a SEGV bug when comparing a non-materialized sub-message (#10208) * Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name) * for x in mapping now yields keys rather than values, to match Python conventions and the behavior of the old library. * Lookup operations now correctly reject unhashable types as map keys. * We implement repr() to use the same format as dict. * Fix maps to use the ScalarMapContainer class when appropriate * Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717) * PHP: * Add 'readonly' as a keyword for PHP and add previous classnames to descriptor pool (#10041) * Python: * Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118) * Bazel: * Add back a filegroup for :well_known_protos (#10061) Update to 21.2: - C++: - cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614) - Escape GetObject macro inside protoc-generated code (#9739) - Update CMake configuration to add a dependency on Abseil (#9793) - Fix cmake install targets (#9822) - Use __constinit only in GCC 12.2 and up (#9936) - Java: - Update protobuf_version.bzl to separate protoc and per-language java ??? (#9900) - Python: - Increment python major version to 4 in version.json for python upb (#9926) - The C extension module for Python has been rewritten to use the upb library. - This is expected to deliver significant performance benefits, especially when parsing large payloads. There are some minor breaking changes, but these should not impact most users. For more information see: https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates - PHP: - [PHP] fix PHP build system (#9571) - Fix building packaged PHP extension (#9727) - fix: reserve 'ReadOnly' keyword for PHP 8.1 and add compatibility (#9633) - fix: phpdoc syntax for repeatedfield parameters (#9784) - fix: phpdoc for repeatedfield (#9783) - Change enum string name for reserved words (#9780) - chore: [PHP] fix phpdoc for MapField keys (#9536) - Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996) - Ruby: - Allow pre-compiled binaries for ruby 3.1.0 (#9566) - Implement respond_to? in RubyMessage (#9677) - [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722) - Do not use range based UTF-8 validation in truffleruby (#9769) - Improve range handling logic of RepeatedField (#9799) - Other: - Fix invalid dependency manifest when using descriptor_set_out (#9647) - Remove duplicate java generated code (#9909) - Update to 3.20.1: - PHP: - Fix building packaged PHP extension (#9727) - Fixed composer.json to only advertise compatibility with PHP 7.0+. (#9819) - Ruby: - Disable the aarch64 build on macOS until it can be fixed. (#9816) - Other: - Fix versioning issues in 3.20.0 - Update to 3.20.1: - Ruby: - Dropped Ruby 2.3 and 2.4 support for CI and releases. (#9311) - Added Ruby 3.1 support for CI and releases (#9566). - Message.decode/encode: Add recursion_limit option (#9218/#9486) - Allocate with xrealloc()/xfree() so message allocation is visible to the - Ruby GC. In certain tests this leads to much lower memory usage due to more - frequent GC runs (#9586). - Fix conversion of singleton classes in Ruby (#9342) - Suppress warning for intentional circular require (#9556) - JSON will now output shorter strings for double and float fields when possible - without losing precision. - Encoding and decoding of binary format will now work properly on big-endian - systems. - UTF-8 verification was fixed to properly reject surrogate code points. - Unknown enums for proto2 protos now properly implement proto2's behavior of - putting such values in unknown fields. - Java: - Revert 'Standardize on Array copyOf' (#9400) - Resolve more java field accessor name conflicts (#8198) - Fix parseFrom to only throw InvalidProtocolBufferException - InvalidProtocolBufferException now allows arbitrary wrapped Exception types. - Fix bug in FieldSet.Builder.mergeFrom - Flush CodedOutputStream also flushes underlying OutputStream - When oneof case is the same and the field type is Message, merge the - subfield. (previously it was replaced.)??? - Add @CheckReturnValue to some protobuf types - Report original exceptions when parsing JSON - Add more info to @deprecated javadoc for set/get/has methods - Fix initialization bug in doc comment line numbers - Fix comments for message set wire format. - Kotlin: - Add test scope to kotlin-test for protobuf-kotlin-lite (#9518) - Add orNull extensions for optional message fields. - Add orNull extensions to all proto3 message fields. - Python: - Dropped support for Python < 3.7 (#9480) - Protoc is now able to generate python stubs (.pyi) with --pyi_out - Pin multibuild scripts to get manylinux1 wheels back (#9216) - Fix type annotations of some Duration and Timestamp methods. - Repeated field containers are now generic in field types and could be used in type annotations. - Protobuf python generated codes are simplified. Descriptors and message classes' definitions are now dynamic created in internal/builder.py. - Insertion Points for messages classes are discarded. - has_presence is added for FieldDescriptor in python - Loosen indexing type requirements to allow valid index() implementations rather than only PyLongObjects. - Fix the deepcopy bug caused by not copying message_listener. - Added python JSON parse recursion limit (default 100) - Path info is added for python JSON parse errors - Pure python repeated scalar fields will not able to pickle. Convert to list first. - Timestamp.ToDatetime() now accepts an optional tzinfo parameter. If specified, the function returns a timezone-aware datetime in the given time zone. If omitted or None, the function returns a timezone-naive UTC datetime (as previously). - Adds client_streaming and server_streaming fields to MethodDescriptor. - Add 'ensure_ascii' parameter to json_format.MessageToJson. This allows smaller JSON serializations with UTF-8 or other non-ASCII encodings. - Added experimental support for directly assigning numpy scalars and array. - Improve the calculation of public_dependencies in DescriptorPool. - [Breaking Change] Disallow setting fields to numpy singleton arrays or repeated fields to numpy multi-dimensional arrays. Numpy arrays should be indexed or flattened explicitly before assignment. - Compiler: - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Rework allocations to power-of-two byte sizes. - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Make TaggedPtr Set...() calls explicitly spell out the content type. - Check for parsing error before verifying UTF8. - Enforce a maximum message nesting limit of 32 in the descriptor builder to - guard against stack overflows - Fixed bugs in operators for RepeatedPtrIterator - Assert a maximum map alignment for allocated values - Fix proto1 group extension protodb parsing error - Do not log/report the same descriptor symbol multiple times if it contains - more than one invalid character. - Add UnknownFieldSet::SerializeToString and SerializeToCodedStream. - Remove explicit default pointers and deprecated API from protocol compiler - Arenas: - Change Repeated*Field to reuse memory when using arenas. - Implements pbarenaz for profiling proto arenas - Introduce CreateString() and CreateArenaString() for cleaner semantics - Fix unreferenced parameter for MSVC builds - Add UnsafeSetAllocated to be used for one-of string fields. - Make Arena::AllocateAligned() a public function. - Determine if ArenaDtor related code generation is necessary in one place. - Implement on demand register ArenaDtor for InlinedStringField - C++: - Enable testing via CTest (#8737) - Add option to use external GTest in CMake (#8736) - CMake: Set correct sonames for libprotobuf-lite.so and libprotoc.so (#8635) (#9529) - Add cmake option protobuf_INSTALL to not install files (#7123) - CMake: Allow custom plugin options e.g. to generate mocks (#9105) - CMake: Use linker version scripts (#9545) - Manually *struct Cord fields to work better with arenas. - Manually destruct map fields. - Generate narrower code - Fix #9378 by removing - shadowed cached_size field - Remove GetPointer() and explicit nullptr defaults. - Add proto_h flag for speeding up large builds - Add missing overload for reference wrapped fields. - Add MergedDescriptorDatabase::FindAllFileNames() - RepeatedField now defines an iterator type instead of using a pointer. - Remove obsolete macros GOOGLE_PROTOBUF_HAS_ONEOF and GOOGLE_PROTOBUF_HAS_ARENAS. - PHP: - Fix: add missing reserved classnames (#9458) - PHP 8.1 compatibility (#9370) - C#: - Fix trim warnings (#9182) - Fixes NullReferenceException when accessing FieldDescriptor.IsPacked (#9430) - Add ToProto() method to all descriptor classes (#9426) - Add an option to preserve proto names in JsonFormatter (#6307) - Objective-C: - Add prefix_to_proto_package_mappings_path option. (#9498) - Rename proto_package_to_prefix_mappings_path to package_to_prefix_mappings_path. (#9552) - Add a generation option to control use of forward declarations in headers. (#9568) - update to 3.19.4: Python: * Make libprotobuf symbols local on OSX to fix issue #9395 (#9435) Ruby: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32 PHP: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32. - Update to 3.19.3: C++: * Make proto2::Message::DiscardUnknownFields() non-virtual * Separate RepeatedPtrField into its own header file * For default floating point values of 0, consider all bits significant * Fix shadowing warnings * Fix for issue #8484, constant initialization doesn't compile in msvc clang-cl environment Java: * Improve performance characteristics of UnknownFieldSet parsing * For default floating point values of 0, consider all bits significant * Annotate //java/com/google/protobuf/util/... with nullness annotations * Use ArrayList copy constructor Bazel: * Ensure that release archives contain everything needed for Bazel * Align dependency handling with Bazel best practices Javascript: * Fix ReferenceError: window is not defined when getting the global object Ruby: * Fix memory leak in MessageClass.encode * Override Map.clone to use Map's dup method * Ruby: build extensions for arm64-darwin * Add class method Timestamp.from_time to ruby well known types * Adopt pure ruby DSL implementation for JRuby * Add size to Map class * Fix for descriptor_pb.rb: google/protobuf should be required first Python: * Proto2 DecodeError now includes message name in error message * Make MessageToDict convert map keys to strings * Add python-requires in setup.py * Add python 3.10 - Update to 3.17.3: C++ * Introduce FieldAccessListener. * Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class * Provide stable versions of SortAndUnique(). * Make sure to cache proto3 optional message fields when they are cleared. * Expose UnsafeArena methods to Reflection. * Use std::string::empty() rather than std::string::size() > 0. * [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * Delete StringPiecePod (#8353) * Create a CMake option to control whether or not RTTI is enabled (#8347) * Make util::Status more similar to absl::Status (#8405) * The ::pb namespace is no longer exposed due to conflicts. * Allow MessageDifferencer::TreatAsSet() (and friends) to override previous calls instead of crashing. * Reduce the size of generated proto headers for protos with string or bytes fields. * Move arena() operation on uncommon path to out-of-line routine * For iterator-pair function parameter types, take both iterators by value. * Code-space savings and perhaps some modest performance improvements in * RepeatedPtrField. * Eliminate nullptr check from every tag parse. * Remove unused _$name$cached_byte_size fields. * Serialize extension ranges together when not broken by a proto field in the middle. * Do out-of-line allocation and deallocation of string object in ArenaString. * Streamline ParseContext::ParseMessage to avoid code bloat and improve performance. * New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}. on an error path. * util::DefaultFieldComparator will be final in a future version of protobuf. * Subclasses should inherit from SimpleFieldComparator instead. Kotlin * Introduce support for Kotlin protos (#8272) * Restrict extension setter and getter operators to non-nullable T. Java * Fixed parser to check that we are at a proper limit when a sub-message has finished parsing. * updating GSON and Guava to more recent versions (#8524) * Reduce the time spent evaluating isExtensionNumber by storing the extension ranges in a TreeMap for faster queries. This is particularly relevant for protos which define a large number of extension ranges, for example when each tag is defined as an extension. * Fix java bytecode estimation logic for optional fields. * Optimize Descriptor.isExtensionNumber. * deps: update JUnit and Truth (#8319) * Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented. * Exceptions thrown while reading from an InputStream in parseFrom are now included as causes. * Support potentially more efficient proto parsing from RopeByteStrings. * Clarify runtime of ByteString.Output.toStringBuffer(). * Added UnsafeByteOperations to protobuf-lite (#8426) Python: * Add MethodDescriptor.CopyToProto() (#8327) * Remove unused python_protobuf.{cc,h} (#8513) * Start publishing python aarch64 manylinux wheels normally (#8530) * Fix constness issue detected by MSVC standard conforming mode (#8568) * Make JSON parsing match C++ and Java when multiple fields from the same oneof are present and all but one is null. * Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344) * Switch on 'new' buffer API (#8339) * Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280) * Fixed a bug in text format where a trailing colon was printed for repeated field. * When TextFormat encounters a duplicate message map key, replace the current one instead of merging. Ruby: * Add support for proto3 json_name in compiler and field definitions (#8356) * Fixed memory leak of Ruby arena objects. (#8461) * Fix source gem compilation (#8471) * Fix various exceptions in Ruby on 64-bit Windows (#8563) * Fix crash when calculating Message hash values on 64-bit Windows (#8565) General: * Support M1 (#8557) Update to 3.15.8: - Fixed memory leak of Ruby arena objects (#8461) Update to 3.15.7: C++: * Remove the ::pb namespace (alias) (#8423) Ruby: * Fix unbounded memory growth for Ruby <2.7 (#8429) * Fixed message equality in cases where the message type is different (#8434) update to 3.15.6: Ruby: * Fixed bug in string comparison logic (#8386) * Fixed quadratic memory use in array append (#8379) * Fixed SEGV when users pass nil messages (#8363) * Fixed quadratic memory usage when appending to arrays (#8364) * Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341) * Fix for FieldDescriptor.get(msg) (#8330) * Bugfix for Message.[] for repeated or map fields (#8313) PHP: * read_property() handler is not supposed to return NULL (#8362) Protocol Compiler * Optional fields for proto3 are enabled by default, and no longer require the --experimental_allow_proto3_optional flag. C++: * Do not disable RTTI by default in the CMake build (#8377) * Create a CMake option to control whether or not RTTI is enabled (#8361) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * MessageDifferencer: fixed bug when using custom ignore with multiple unknown fields * Use init_seg in MSVC to push initialization to an earlier phase. * Runtime no longer triggers -Wsign-compare warnings. * Fixed -Wtautological-constant-out-of-range-compare warning. * DynamicCastToGenerated works for nullptr input for even if RTTI is disabled * Arena is refactored and optimized. * Clarified/specified that the exact value of Arena::SpaceAllocated() is an implementation detail users must not rely on. It should not be used in unit tests. * Change the signature of Any::PackFrom() to return false on error. * Add fast reflection getter API for strings. * Constant initialize the global message instances * Avoid potential for missed wakeup in UnknownFieldSet * Now Proto3 Oneof fields have 'has' methods for checking their presence in C++. * Bugfix for NVCC * Return early in _InternalSerialize for empty maps. * Adding functionality for outputting map key values in proto path logging output (does not affect comparison logic) and stop printing 'value' in the path. The modified print functionality is in the MessageDifferencer::StreamReporter. * Fixed https://github.com/protocolbuffers/protobuf/issues/8129 * Ensure that null char symbol, package and file names do not result in a crash. * Constant initialize the global message instances * Pretty print 'max' instead of numeric values in reserved ranges. * Removed remaining instances of std::is_pod, which is deprecated in C++20. * Changes to reduce code size for unknown field handling by making uncommon cases out of line. * Fix std::is_pod deprecated in C++20 (#7180) * Fix some -Wunused-parameter warnings (#8053) * Fix detecting file as directory on zOS issue #8051 (#8052) * Don't include sys/param.h for _BYTE_ORDER (#8106) * remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154) * Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159) * Fix for compiler warning issue#8145 (#8160) * fix: support deprecated enums for GCC < 6 (#8164) * Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125) Python: * Provided an override for the reverse() method that will reverse the internal collection directly instead of using the other methods of the BaseContainer. * MessageFactory.CreateProtoype can be overridden to customize class creation. * Fix PyUnknownFields memory leak (#7928) * Add macOS big sur compatibility (#8126) JavaScript * Generate `getDescriptor` methods with `*` as their `this` type. * Enforce `let/const` for generated messages. * js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with negative bitsLow and low but non-zero bitsHigh parameter. (#8170) PHP: * Added support for PHP 8. (#8105) * unregister INI entries and fix invalid read on shutdown (#8042) * Fix PhpDoc comments for message accessors to include '|null'. (#8136) * fix: convert native PHP floats to single precision (#8187) * Fixed PHP to support field numbers >=2**28. (#8235) * feat: add support for deprecated fields to PHP compiler (#8223) * Protect against stack overflow if the user derives from Message. (#8248) * Fixed clone for Message, RepeatedField, and MapField. (#8245) * Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258) Ruby: * Added support for Ruby 3. (#8184) * Rewrote the data storage layer to be based on upb_msg objects from the upb library. This should lead to much better parsing performance, particularly for large messages. (#8184). * Fill out JRuby support (#7923) * [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite recursion/run out of memory (#8195) * Fix jruby support to handle messages nested more than 1 level deep (#8194) Java: * Avoid possible UnsupportedOperationException when using CodedInputSteam with a direct ByteBuffer. * Make Durations.comparator() and Timestamps.comparator() Serializable. * Add more detailed error information for dynamic message field type validation failure * Removed declarations of functions declared in java_names.h from java_helpers.h. * Now Proto3 Oneof fields have 'has' methods for checking their presence in Java. * Annotates Java proto generated *_FIELD_NUMBER constants. * Add -assumevalues to remove JvmMemoryAccessor on Android. C#: * Fix parsing negative Int32Value that crosses segment boundary (#8035) * Change ByteString to use memory and support unsafe create without copy (#7645) * Optimize MapField serialization by removing MessageAdapter (#8143) * Allow FileDescriptors to be parsed with extension registries (#8220) * Optimize writing small strings (#8149) - Updated URL to https://github.com/protocolbuffers/protobuf Update to v3.14.0 Protocol Compiler: * The proto compiler no longer requires a .proto filename when it is not generating code. * Added flag `--deterministic_output` to `protoc --encode=...`. * Fixed deadlock when using google.protobuf.Any embedded in aggregate options. C++: * Arenas are now unconditionally enabled. cc_enable_arenas no longer has any effect. * Removed inlined string support, which is incompatible with arenas. * Fix a memory corruption bug in reflection when mixing optional and non-optional fields. * Make SpaceUsed() calculation more thorough for map fields. * Add stack overflow protection for text format with unknown field values. * FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds error was encountered. * Performance improvements for Map. * Minor formatting fix when dumping a descriptor to .proto format with DebugString. * UBSAN fix in RepeatedField * When running under ASAN, skip a test that makes huge allocations. * Fixed a crash that could happen when creating more than 256 extensions in a single message. * Fix a crash in BuildFile when passing in invalid descriptor proto. * Parser security fix when operating with CodedInputStream. * Warn against the use of AllowUnknownExtension. * Migrated to C++11 for-range loops instead of index-based loops where possible. This fixes a lot of warnings when compiling with -Wsign-compare. * Fix segment fault for proto3 optional * Adds a CMake option to build `libprotoc` separately Java * Bugfix in mergeFrom() when a oneof has multiple message fields. * Fix RopeByteString.RopeInputStream.read() returning -1 when told to read 0 bytes when not at EOF. * Redefine remove(Object) on primitive repeated field Lists to avoid autoboxing. * Support '\u' escapes in textformat string literals. * Trailing empty spaces are no longer ignored for FieldMask. * Fix FieldMaskUtil.subtract to recursively remove mask. * Mark enums with `@java.lang.Deprecated` if the proto enum has option `deprecated = true;`. * Adding forgotten duration.proto to the lite library Python: * Print google.protobuf.NullValue as null instead of 'NULL_VALUE' when it is used outside WKT Value/Struct. * Fix bug occurring when attempting to deep copy an enum type in python 3. * Add a setuptools extension for generating Python protobufs * Remove uses of pkg_resources in non-namespace packages * [bazel/py] Omit google/__init__.py from the Protobuf runtime * Removed the unnecessary setuptools package dependency for Python package * Fix PyUnknownFields memory leak PHP: * Added support for '==' to the PHP C extension * Added `==` operators for Map and Array * Native C well-known types * Optimized away hex2bin() call in generated code * New version of upb, and a new hash function wyhash in third_party * add missing hasOneof method to check presence of oneof fields Go: * Update go_package options to reference google.golang.org/protobuf module. C#: * annotate ByteString.CopyFrom(ReadOnlySpan) as SecuritySafeCritical * Fix C# optional field reflection when there are regular fields too * Fix parsing negative Int32Value that crosses segment boundary Javascript: * JS: parse (un)packed fields conditionally Update to version 3.13.0 PHP: * The C extension is completely rewritten. The new C extension has significantly better parsing performance and fixes a handful of conformance issues. It will also make it easier to add support for more features like proto2 and proto3 presence. * The new C extension does not support PHP 5.x. PHP 5.x users can still use pure-PHP. C++: * Removed deprecated unsafe arena string accessors * Enabled heterogeneous lookup for std::string keys in maps. * Removed implicit conversion from StringPiece to std::string * Fix use-after-destroy bug when the Map is allocated in the arena. * Improved the randomness of map ordering * Added stack overflow protection for text format with unknown fields * Use std::hash for proto maps to help with portability. * Added more Windows macros to proto whitelist. * Arena constructors for map entry messages are now marked 'explicit' (for regular messages they were already explicit). * Fix subtle aliasing bug in RepeatedField::Add * Fix mismatch between MapEntry ByteSize and Serialize with respect to unset fields. Python: * JSON format conformance fixes: * Reject lowercase t for Timestamp json format. * Print full_name directly for extensions (no camelCase). * Reject boolean values for integer fields. * Reject NaN, Infinity, -Infinity that is not quoted. * Base64 fixes for bytes fields: accept URL-safe base64 and missing padding. * Bugfix for fields/files named 'async' or 'await'. * Improved the error message when AttributeError is returned from __getattr__ in EnumTypeWrapper. Java: * Fixed a bug where setting optional proto3 enums with setFooValue() would not mark the value as present. * Add Subtract function to FieldMaskUtil. C#: * Dropped support for netstandard1.0 (replaced by support for netstandard1.1). This was required to modernize the parsing stack to use the `Span` type internally * Add `ParseFrom(ReadOnlySequence)` method to enable GC friendly parsing with reduced allocations and buffer copies * Add support for serialization directly to a `IBufferWriter` or to a `Span` to enable GC friendly serialization. The new API is available as extension methods on the `IMessage` type * Add `GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE` define to make generated code compatible with old C# compilers (pre-roslyn compilers from .NET framework and old versions of mono) that do not support ref structs. Users that are still on a legacy stack that does not support C# 7.2 compiler might need to use the new define in their projects to be able to build the newly generated code * Due to the major overhaul of parsing and serialization internals, it is recommended to regenerate your generated code to achieve the best performance (the legacy generated code will still work, but might incur a slight performance penalty). Update to version 3.12.3; notable changes since 3.11.4: Protocol Compiler: * [experimental] Singular, non-message typed fields in proto3 now support presence tracking. This is enabled by adding the 'optional' field label and passing the --experimental_allow_proto3_optional flag to protoc. * For usage info, see docs/field_presence.md. * During this experimental phase, code generators should update to support proto3 presence, see docs/implementing_proto3_presence.md for instructions. * Allow duplicate symbol names when multiple descriptor sets are passed on the command-line, to match the behavior when multiple .proto files are passed. * Deterministic `protoc --descriptor_set_out` (#7175) Objective-C: * Tweak the union used for Extensions to support old generated code. #7573 * Fix for the :protobuf_objc target in the Bazel BUILD file. (#7538) * [experimental] ObjC Proto3 optional support (#7421) * Block subclassing of generated classes (#7124) * Use references to Obj C classes instead of names in descriptors. (#7026) * Revisit how the WKTs are bundled with ObjC. (#7173) C++: * Simplified the template export macros to fix the build for mingw32. (#7539) * [experimental] Added proto3 presence support. * New descriptor APIs to support proto3 presence. * Enable Arenas by default on all .proto files. * Documented that users are not allowed to subclass Message or MessageLite. * Mark generated classes as final; inheriting from protos is strongly discouraged. * Add stack overflow protection for text format with unknown fields. * Add accessors for map key and value FieldDescriptors. * Add FieldMaskUtil::FromFieldNumbers(). * MessageDifferencer: use ParsePartial() on Any fields so the diff does not fail when there are missing required fields. * ReflectionOps::Merge(): lookup messages in the right factory, if it can. * Added Descriptor::WellKnownTypes enum and Descriptor::well_known_type() accessor as an easier way of determining if a message is a Well-Known Type. * Optimized RepeatedField::Add() when it is used in a loop. * Made proto move/swap more efficient. * De-virtualize the GetArena() method in MessageLite. * Improves performance of json_stream_parser.cc by factor 1000 (#7230) * bug: #7076 undefine Windows OUT and OPTIONAL macros (#7087) * Fixed a bug in FieldDescriptor::DebugString() that would erroneously print an 'optional' label for a field in a oneof. * Fix bug in parsing bool extensions that assumed they are always 1 byte. * Fix off-by-one error in FieldOptions::ByteSize() when extensions are present. * Clarified the comments to show an example of the difference between Descriptor::extension and DescriptorPool::FindAllExtensions. * Add a compiler option 'code_size' to force optimize_for=code_size on all protos where this is possible. Ruby: * Re-add binary gems for Ruby 2.3 and 2.4. These are EOL upstream, however many people still use them and dropping support will require more coordination. * [experimental] Implemented proto3 presence for Ruby. (#7406) * Stop building binary gems for ruby <2.5 (#7453) * Fix for wrappers with a zero value (#7195) * Fix for JSON serialization of 0/empty-valued wrapper types (#7198) * Call 'Class#new' over rb_class_new_instance in decoding (#7352) * Build extensions for Ruby 2.7 (#7027) * assigning 'nil' to submessage should clear the field. (#7397) Java: * [experimental] Added proto3 presence support. * Mark java enum _VALUE constants as @Deprecated if the enum field is deprecated * reduce size for enums with allow_alias set to true. * Sort map fields alphabetically by the field's key when printing textproto. * Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508). * TextFormat.merge() handles Any as top level type. * Throw a descriptive IllegalArgumentException when calling getValueDescriptor() on enum special value UNRECOGNIZED instead of ArrayIndexOutOfBoundsException. * Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts() would override the configuration passed into includingDefaultValueFields(). * Implement overrides of indexOf() and contains() on primitive lists returned for repeated fields to avoid autoboxing the list contents. * Add overload to FieldMaskUtil.fromStringList that accepts a descriptor. * [bazel] Move Java runtime/toolchains into //java (#7190) Python: * [experimental] Added proto3 presence support. * [experimental] fast import protobuf module, only works with cpp generated code linked in. * Truncate 'float' fields to 4 bytes of precision in setters for pure-Python implementation (C++ extension was already doing this). * Fixed a memory leak in C++ bindings. * Added a deprecation warning when code tries to create Descriptor objects directly. * Fix unintended comparison between bytes and string in descriptor.py. * Avoid printing excess digits for float fields in TextFormat. * Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code. * Drop 3.3, 3.4 and use single version docker images for all python tests (#7396) JavaScript: * Fix js message pivot selection (#6813) PHP: * Persistent Descriptor Pool (#6899) * Implement lazy loading of php class for proto messages (#6911) * Correct @return in Any.unpack docblock (#7089) * Ignore unknown enum value when ignore_unknown specified (#7455) C#: * [experimental] Add support for proto3 presence fields in C# (#7382) * Mark GetOption API as obsolete and expose the 'GetOptions()' method on descriptors instead (#7491) * Remove Has/Clear members for C# message fields in proto2 (#7429) * Enforce recursion depth checking for unknown fields (#7132) * Fix conformance test failures for Google.Protobuf (#6910) * Cleanup various bits of Google.Protobuf (#6674) * Fix latest ArgumentException for C# extensions (#6938) * Remove unnecessary branch from ReadTag (#7289) Other: * Add a proto_lang_toolchain for javalite (#6882) * [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237) * Add application note for explicit presence tracking. (#7390) * Howto doc for implementing proto3 presence in a code generator. (#7407) Update to version 3.11.4; notable changes since 3.9.2: * C++: Make serialization method naming consistent * C++: Moved ShutdownProtobufLibrary() to message_lite.h. For backward compatibility a declaration is still available in stubs/common.h, but users should prefer message_lite.h * C++: Removed non-namespace macro EXPECT_OK() * C++: Removed mathlimits.h from stubs in favor of using std::numeric_limits from C++11 * C++: Support direct pickling of nested messages * C++: Disable extension code gen for C# * C++: Switch the proto parser to the faster MOMI parser * C++: Unused imports of files defining descriptor extensions will now be reported * C++: Add proto2::util::RemoveSubranges to remove multiple subranges in linear time * C++: Support 32 bit values for ProtoStreamObjectWriter to Struct * C++: Removed the internal-only header coded_stream_inl.h and the internal-only methods defined there * C++: Enforced no SWIG wrapping of descriptor_database.h (other headers already had this restriction) * C++: Implementation of the equivalent of the MOMI parser for serialization. This removes one of the two serialization routines, by making the fast array serialization routine completely general. SerializeToCodedStream can now be implemented in terms of the much much faster array serialization. The array serialization regresses slightly, but when array serialization is not possible this wins big * C++: Add move constructor for Reflection's SetString * Java: Remove the usage of MethodHandle, so that Android users prior to API version 26 can use protobuf-java * Java: Publish ProGuard config for javalite * Java: Include unknown fields when merging proto3 messages in Java lite builders * Java: Have oneof enums implement a separate interface (other than EnumLite) for clarity * Java: Opensource Android Memory Accessors * Java: Change ProtobufArrayList to use Object[] instead of ArrayList for 5-10% faster parsing * Java: Make a copy of JsonFormat.TypeRegistry at the protobuf top level package. This will eventually replace JsonFormat.TypeRegistry * Java: Add Automatic-Module-Name entries to the Manifest * Python: Add float_precision option in json format printer * Python: Optionally print bytes fields as messages in unknown fields, if possible * Python: Experimental code gen (fast import protobuf module) which only work with cpp generated code linked in * Python: Add descriptor methods in descriptor_pool are deprecated * Python: Added delitem for Python extension dict * JavaScript: Remove guard for Symbol iterator for jspb.Map * JavaScript: Remove deprecated boolean option to getResultBase64String() * JavaScript: Change the parameter types of binaryReaderFn in ExtensionFieldBinaryInfo to (number, ?, ?) * JavaScript: Create dates.ts and time_of_days.ts to mirror Java versions. This is a near-identical conversion of c.g.type.util.{Dates,TimeOfDays} respectively * JavaScript: Migrate moneys to TypeScript * PHP: Increase php7.4 compatibility * PHP: Implement lazy loading of php class for proto messages * Ruby: Support hashes for struct initializers * C#: Experimental proto2 support is now officially available * C#: Change _Extensions property to normal body rather than expression * Objective C: Remove OSReadLittle* due to alignment requirements * Other: Override CocoaPods module to lowercase * further bugfixes and optimisations - Install LICENSE - Drop protobuf-libs as it is just workaround for rpmlint issue * python bindings now require recent python-google-apputils * Released memory allocated by InitializeDefaultRepeatedFields() and GetEmptyString(). Some memory sanitizers reported them * Updated DynamicMessage.setField() to handle repeated enum * Fixed a bug that caused NullPointerException to be thrown when converting manually constructed FileDescriptorProto to * Added oneofs(unions) feature. Fields in the same oneof will * Files, services, enums, messages, methods and enum values * Added Support for list values, including lists of mesaages, * Added SwapFields() in reflection API to swap a subset of * Repeated primitive extensions are now packable. The it is possible to switch a repeated extension field to * writeTo() method in ByteString can now write a substring to * java_generate_equals_and_hash can now be used with the * A new C++-backed extension module (aka 'cpp api v2') that replaces the old ('cpp api v1') one. Much faster than the pure Python code. This one resolves many bugs and is mosh reqires it python-abseil was udpated: version update to 1.4.0 New: (testing) Added @flagsaver.as_parsed: this allows saving/restoring flags using string values as if parsed from the command line and will also reflect other flag states after command line parsing, e.g. .present is set. Changed: (logging) If no log dir is specified logging.find_log_dir() now falls back to tempfile.gettempdir() instead of /tmp/. Fixed: (flags) Additional kwargs (e.g. short_name=) to DEFINE_multi_enum_class are now correctly passed to the underlying Flag object. version update to 1.2.0 * Fixed a crash in Python 3.11 when `TempFileCleanup.SUCCESS` is used. * `Flag` instances now raise an error if used in a bool context. This prevents the occasional mistake of testing an instance for truthiness rather than testing `flag.value`. * `absl-py` no longer depends on `six`. Update to version 1.0.0 * absl-py no longer supports Python 2.7, 3.4, 3.5. All versions have reached end-of-life for more than a year now. * New releases will be tagged as vX.Y.Z instead of pypi-vX.Y.Z in the git repo going forward. - Release notes for 0.15.0 * (testing) #128: When running bazel with its --test_filter= flag, it now treats the filters as unittest's -k flag in Python 3.7+. - Release notes for 0.14.1 * Top-level LICENSE file is now exported in bazel. - Release notes for 0.14.0 * #171: Creating argparse_flags.ArgumentParser with argument_default= no longer raises an exception when other absl.flags flags are defined. * #173: absltest now correctly sets up test filtering and fail fast flags when an explicit argv= parameter is passed to absltest.main. - Release notes for 0.13.0 * (app) Type annotations for public app interfaces. * (testing) Added new decorator @absltest.skipThisClass to indicate a class contains shared functionality to be used as a base class for other TestCases, and therefore should be skipped. * (app) Annotated the flag_parser paramteter of run as keyword-only. This keyword-only constraint will be enforced at runtime in a future release. * (app, flags) Flag validations now include all errors from disjoint flag sets, instead of fail fast upon first error from all validators. Multiple validators on the same flag still fails fast. - Release notes for 0.12.0 * (flags) Made EnumClassSerializer and EnumClassListSerializer public. * (flags) Added a required: Optional[bool] = False parameter to DEFINE_* functions. * (testing) flagsaver overrides can now be specified in terms of FlagHolder. * (testing) parameterized.product: Allows testing a method over cartesian product of parameters values, specified as a sequences of values for each parameter or as kwargs-like dicts of parameter values. * (testing) Added public flag holders for --test_srcdir and --test_tmpdir. Users should use absltest.TEST_SRCDIR.value and absltest.TEST_TMPDIR.value instead of FLAGS.test_srcdir and FLAGS.test_tmpdir. * (flags) Made CsvListSerializer respect its delimiter argument. - Add Provides python-absl-py python-grpcuio was updated: - Update to version 1.60.0: * No python specfic changes. - Update to version 1.59.2: * No python specific changes. - Update to version 1.59.0: * [Python 3.12] Support Python 3.12 (gh#grpc/grpc#34398). * [Python 3.12] Deprecate distutil (gh#grpc/grpc#34186). - Update to version 1.58.0: * [Bazel] Enable grpcio-reflection to be used via Bazel (gh#grpc/grpc#31013). * [packaging] Publish xds-protos as part of the standard package pipeline (gh#grpc/grpc#33797). - Update to version 1.57.0: (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * [posix] Enable systemd sockets for libsystemd>=233 (gh#grpc/grpc#32671). * [python O11Y] Initial Implementation (gh#grpc/grpc#32974). - Build with LTO (don't set _lto_cflags to %nil). - No need to pass '-std=c++17' to build CFLAGS. - Update to version 1.56.2: * [WRR] backport (gh#grpc/grpc#33694) to 1.56 (gh#grpc/grpc#33698) * [backport][iomgr][EventEngine] Improve server handling of file descriptor exhaustion (gh#grpc/grpc#33667) - Switch build to pip/wheel. - Use system abseil with '-std=c++17' to prevent undefined symbol eg. with python-grpcio-tools (_ZN3re23RE213GlobalReplaceEPNSt7__ cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKS0_N4absl12lts_ 2023012511string_viewE) - Upstream only supports python >= 3.7, so adjust BuildRequires accordingly. - Add %{?sle15_python_module_pythons} - Update to version 1.56.0: (CVE-2023-32731, bsc#1212180) * [aio types] Fix some grpc.aio python types (gh#grpc/grpc#32475). - Update to version 1.55.0: * [EventEngine] Disable EventEngine polling in gRPC Python (gh#grpc/grpc#33279) (gh#grpc/grpc#33320). * [Bazel Python3.11] Update Bazel dependencies for Python 3.11 (gh#grpc/grpc#33318) (gh#grpc/grpc#33319). - Drop Requires: python-six; not required any more. - Switch Suggests to Recommends. - Update to version 1.54.0: (CVE-2023-32732, bsc#1212182) * Fix DeprecationWarning when calling asyncio.get_event_loop() (gh#grpc/grpc#32533). * Remove references to deprecated syntax field (gh#grpc/grpc#32497). - Update to version 1.51.1: * No Linux specific changes. - Changes from version 1.51.0: * Fix lack of cooldown between poll attempts (gh#grpc/grpc#31550). * Remove enum and future (gh#grpc/grpc#31381). * [Remove Six] Remove dependency on six (gh#grpc/grpc#31340). * Update xds-protos package to pull in protobuf 4.X (gh#grpc/grpc#31113). - Update to version 1.50.0: * Support Python 3.11. [gh#grpc/grpc#30818]. - Update to version 1.49.1 * Support Python 3.11. (#30818) * Add type stub generation support to grpcio-tools. (#30498) - Update to version 1.48.0: * [Aio] Ensure Core channel closes when deallocated [gh#grpc/grpc#29797]. * [Aio] Fix the wait_for_termination return value [gh#grpc/grpc#29795]. - update to 1.46.3: * backport: xds: use federation env var to guard new-style resource name parsing * This release contains refinements, improvements, and bug fixes. - Update to version 1.46.0: * Add Python GCF Distribtest [gh#grpc/grpc#29303]. * Add Python Reflection Client [gh#grpc/grpc#29085]. * Revert 'Fix prefork handler register's default behavior' [gh#grpc/grpc#29229]. * Fix prefork handler register's default behavior [gh#grpc/grpc#29103]. * Fix fetching CXX variable in setup.py [gh#grpc/grpc#28873]. - Update to version 1.45.0: * Reimplement Gevent Integration [gh#grpc/grpc#28276]. * Support musllinux binary wheels on x64 and x86 [gh#grpc/grpc#28092]. * Increase the Python protobuf requirement to >=3.12.0 [gh#grpc/grpc#28604]. - Build with system re2; add BuildRequires: pkgconfig(re2). - Update to version 1.44.0: * Add python async example for hellostreamingworld using generator (gh#grpc/grpc#27343). * Disable __wrap_memcpy hack for Python builds (gh#grpc/grpc#28410). * Bump Bazel Python Cython dependency to 0.29.26 (gh#grpc/grpc#28398). * Fix libatomic linking on Raspberry Pi OS Bullseye (gh#grpc/grpc#28041). * Allow generated proto sources in remote repositories for py_proto_library (gh#grpc/grpc#28103). - Update to version 1.43.0: * [Aio] Validate the input type for set_trailing_metadata and abort (gh#grpc/grpc#27958). - update to 1.41.1: * This is release 1.41.0 (goat) of gRPC Core. - Update to version 1.41.0: * Add Python 3.10 support and drop 3.5 (gh#grpc/grpc#26074). * [Aio] Remove custom IO manager support (gh#grpc/grpc#27090). - Update to version 1.39.0: * Python AIO: Match continuation typing on Interceptors (gh#grpc/grpc#26500). * Workaround #26279 by publishing manylinux_2_24 wheels instead of manylinux2014 on aarch64 (gh#grpc/grpc#26430). * Fix zlib unistd.h import problem (gh#grpc/grpc#26374). * Handle gevent exception in gevent poller (gh#grpc/grpc#26058). - Update to version 1.38.1: * Backport gh#grpc/grpc#26430 and gh#grpc/grpc#26435 to v1.38.x (gh#grpc/grpc#26436). - Update to version 1.38.0: * Add grpcio-admin Python package (gh#grpc/grpc#26166). * Add CSDS API to Python (gh#grpc/grpc#26114). * Expose code and details from context on the server side (gh#grpc/grpc#25457). * Explicitly import importlib.abc; required on Python 3.10. Fixes #26062 (gh#grpc/grpc#26083). * Fix potential deadlock on the GIL in AuthMetdataPlugin (gh#grpc/grpc#26009). * Introduce new Python package 'xds_protos' (gh#grpc/grpc#25975). * Remove async mark for set_trailing_metadata interface (gh#grpc/grpc#25814). - Update to version 1.37.1: * No user visible changes. - Changes from version 1.37.0: * Clarify Guarantees about grpc.Future Interface (gh#grpc/grpc#25383). * [Aio] Add time_remaining method to ServicerContext (gh#grpc/grpc#25719). * Standardize all environment variable boolean configuration in python's setup.py (gh#grpc/grpc#25444). * Fix Signal Safety Issue (gh#grpc/grpc#25394). - Update to version 1.36.1: * Core: back-port: add env var protection for google-c2p resolver (gh#grpc/grpc#25569). - Update to version 1.35.0: * Implement Python Client and Server xDS Creds. (gh#grpc/grpc#25365) * Add %define _lto_cflags %{nil} (bsc#1182659) (rh#1893533) * Link roots.pem to ca-bundle.pem from ca-certificates package - Update to version 1.34.1: * Backport 'Lazily import grpc_tools when using runtime stub/message generation' to 1.34.x (gh#grpc/grpc#25011). - Update to version 1.34.0: * Incur setuptools as an dependency for grpcio_tools (gh#grpc/grpc#24752). * Stop the spamming log generated by ctrl-c for AsyncIO server (gh#grpc/grpc#24718). * [gRPC Easy] Make Well-Known Types Available to Runtime Protos (gh#grpc/grpc#24478). * Bump MACOSX_DEPLOYMENT_TARGET to 10.10 for Python (gh#grpc/grpc#24480). * Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24407). * [Linux] [macOS] Support pre-compiled Python 3.9 wheels (gh#grpc/grpc#24356). - Update to version 1.33.2: * [Backport] Implement grpc.Future interface in SingleThreadedRendezvous (gh#grpc/grpc#24574). - Update to version 1.33.1: * [Backport] Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24452). * Allow asyncio API to be imported as grpc.aio. (gh#grpc/grpc#24289). * [gRPC Easy] Fix import errors on Windows (gh#grpc/grpc#24124). * Make version check for importlib.abc in grpcio-tools more stringent (gh#grpc/grpc#24098). Added re2 package in version 2024-02-01. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1127-1 Released: Mon Apr 8 07:07:09 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1220996,1221194,1221358 This update for wicked fixes the following issues: - Fix fallback-lease drop in addrconf (bsc#1220996) - Use upstream `nvme nbft show` (bsc#1221358) - Hide secrets in debug log (bsc#1221194) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1136-1 Released: Mon Apr 8 11:30:15 2024 Summary: Security update for c-ares Type: security Severity: moderate References: 1220279,CVE-2024-25629 This update for c-ares fixes the following issues: - CVE-2024-25629: Fixed out of bounds read in ares__read_line() (bsc#1220279). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1172-1 Released: Tue Apr 9 09:52:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1176-1 Released: Tue Apr 9 10:43:33 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to 0.380 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1192-1 Released: Wed Apr 10 09:14:37 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1197-1 Released: Wed Apr 10 09:54:15 2024 Summary: Recommended update for nvme-cli Type: recommended Severity: moderate References: 1213768,1215994,1220971 This update for nvme-cli fixes the following issues: - Version update and nvme-netapp fix. Adding nspath tlv handling (bsc#1220971) - Connection reuse issue when multiple Host NQNs are used for the same host (bsc#1213768) - Include nvme-cli updates for NetApp udev rule (bsc#1215994) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1201-1 Released: Thu Apr 11 10:47:58 2024 Summary: Recommended update for xfsprogs-scrub and jctools Type: recommended Severity: low References: 1190495,1213418 This update for xfsprogs-scrub fixes the following issues: - Added missing xfsprogs-scrub to Package Hub for SLE-15-SP5 (bsc#1190495) - Added missing jctools to Package Hub for SLE-15-SP5 (bsc#1213418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1206-1 Released: Thu Apr 11 12:56:24 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1222259 This update for rpm fixes the following issues: - remove imaevmsign plugin from rpm-ndb [bsc#1222259] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1271-1 Released: Fri Apr 12 15:35:55 2024 Summary: Security update for gnutls Type: security Severity: moderate References: 1221242,1221746,1221747,CVE-2024-28834,CVE-2024-28835 This update for gnutls fixes the following issues: - CVE-2024-28834: Fixed side-channel in the deterministic ECDSA (bsc#1221746) - CVE-2024-28835: Fixed denial of service during certificate chain verification (bsc#1221747) Other fixes: - jitterentropy: Release the memory of the entropy collector when using jitterentropy with phtreads as there is also a pre-intitization done in the main thread (bsc#1221242) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1287-1 Released: Mon Apr 15 15:03:40 2024 Summary: Security update for vim Type: security Severity: important References: 1215005,1217316,1217320,1217321,1217324,1217326,1217329,1217330,1217432,1219581,CVE-2023-4750,CVE-2023-48231,CVE-2023-48232,CVE-2023-48233,CVE-2023-48234,CVE-2023-48235,CVE-2023-48236,CVE-2023-48237,CVE-2023-48706,CVE-2024-22667 This update for vim fixes the following issues: Updated to version 9.1.0111, fixes the following security problems - CVE-2023-48231: Use-After-Free in win_close() (bsc#1217316). - CVE-2023-48232: Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320). - CVE-2023-48233: overflow with count for :s command (bsc#1217321). - CVE-2023-48234: overflow in nv_z_get_count (bsc#1217324). - CVE-2023-48235: overflow in ex address parsing (CVE-2023-48235). - CVE-2023-48236: overflow in get_number (bsc#1217329). - CVE-2023-48237: overflow in shift_line (bsc#1217330). - CVE-2023-48706: heap-use-after-free in ex_substitute (bsc#1217432). - CVE-2024-22667: stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581). - CVE-2023-4750: Heap use-after-free in function bt_quickfix (bsc#1215005). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1295-1 Released: Mon Apr 15 18:37:21 2024 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1221984,1222302,1222453,CVE-2023-46842,CVE-2024-2201,CVE-2024-31142 This update for xen fixes the following issues: - CVE-2023-46842: Fixed denial of service due to Xen bug check triggered by HVM hypercalls (XSA-454) in xen x86 (bsc#1221984) - CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455) in xen x86 (bsc#1222302) - CVE-2024-2201: Fixed memory disclosure via Native Branch History Injection (XSA-456) in xen x86 (bsc#1222453) Other fixes: - Update to Xen 4.17.4 (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1331-1 Released: Wed Apr 17 19:39:59 2024 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1221866 This update for grub2 fixes the following issues: - Fix LPAR falls into grub shell after installation with lvm (bsc#1221866) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1333-1 Released: Thu Apr 18 13:30:04 2024 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1218431,1219937 This update for samba fixes the following issues: - fd_handle_destructor() panics within an smbd_smb2_close() if vfs_stat_fsp() fails in fd_close() (bsc#1219937). - Remove -x from bash shebang update-apparmor-samba-profile; (bsc#1218431). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1336-1 Released: Thu Apr 18 14:44:43 2024 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1222105 This update for wicked fixes the following issues: - Do not convert sec to msec twice (bsc#1222105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1344-1 Released: Thu Apr 18 18:50:37 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1175678,1218171,1221525,1222086 This update for libzypp, zypper fixes the following issues: - Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398) - Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086) - TmpFile: Don't call chmod if makeSibling failed - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add default stripe minimum - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config - version 17.32.0 - ProblemSolution::skipsPatchesOnly overload to handout the patches - Show active dry-run/download-only at the commit propmpt - Add --skip-not-applicable-patches option - Fix printing detailed solver problem description - Fix bash-completion to work with right adjusted numbers in the 1st column too - Set libzypp shutdown request signal on Ctrl+C - In the detailed view show all baseurls not just the first one (bsc#1218171) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1366-1 Released: Mon Apr 22 11:04:32 2024 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1216474,1218871,1221123,1222831 This update for openssh fixes the following issues: - Fix hostbased ssh login failing occasionally with 'signature unverified: incorrect signature' by fixing a typo in patch (bsc#1221123) - Avoid closing IBM Z crypto devices nodes. (bsc#1218871) - Allow usage of IBM Z crypto adapter cards in seccomp filters (bsc#1216474) - Change the default value of UpdateHostKeys to Yes (unless VerifyHostKeyDNS is enabled). This makes ssh update the known_hosts stored keys with all published versions by the server (after it's authenticated with an existing key), which will allow to identify the server with a different key if the existing key is considered insecure at some point in the future (bsc#1222831). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1368-1 Released: Mon Apr 22 11:06:29 2024 Summary: Security update for shim Type: security Severity: important References: 1198101,1205588,1205855,1210382,1213945,1215098,1215099,1215100,1215101,1215102,1215103,1219460,CVE-2022-28737,CVE-2023-40546,CVE-2023-40547,CVE-2023-40548,CVE-2023-40549,CVE-2023-40550,CVE-2023-40551 This update for shim fixes the following issues: - Update shim-install to set the TPM2 SRK algorithm (bsc#1213945) - Limit the requirement of fde-tpm-helper-macros to the distro with suse_version 1600 and above (bsc#1219460) Update to version 15.8: Security issues fixed: - mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546) - avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547) - Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548) - Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549) - pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550) - pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551) The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now. - Generate dbx during build so we don't include binary files in sources - Don't require grub so shim can still be used with systemd-boot - Update shim-install to fix boot failure of ext4 root file system on RAID10 (bsc#1205855) - Adopt the macros from fde-tpm-helper-macros to update the signature in the sealed key after a bootloader upgrade - Update shim-install to amend full disk encryption support - Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector - Use the long name to specify the grub2 key protector - cryptodisk: support TPM authorized policies - Do not use tpm_record_pcrs unless the command is in command.lst - Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to enable the NX compatibility flag when using post-process-pe after discussed with grub2 experts in mail. It's useful for further development and testing. (bsc#1205588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1398-1 Released: Tue Apr 23 13:58:22 2024 Summary: Recommended update for systemd-default-settings Type: recommended Severity: moderate References: This update for systemd-default-settings fixes the following issues: - Disable pids controller limit under user instances (jsc#SLE-10123) - Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific 'feature' has been abandoned. - User priority '26' for SLE-Micro - Convert more drop-ins into early ones ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1439-1 Released: Thu Apr 25 23:41:12 2024 Summary: Security update for python-idna Type: security Severity: moderate References: 1222842,CVE-2024-3651 This update for python-idna fixes the following issues: - CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1458-1 Released: Mon Apr 29 07:47:34 2024 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1220763 This update for vim fixes the following issues: - Fix segmentation fault after updating to version 9.1.0111-150500.20.9.1 (bsc#1220763) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1471-1 Released: Tue Apr 30 05:56:22 2024 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1223094 This update for libzypp fixes the following issues: - Don't try to refresh volatile media as long as raw metadata are present (bsc#1223094) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1477-1 Released: Tue Apr 30 14:59:59 2024 Summary: Recommended update for google-guest-configs Type: recommended Severity: moderate References: 1221146,1221900,1221901 This update for google-guest-configs contains the following fixes: - Update to version 20240307.00 (bsc#1221146, bsc#1221900, bsc#1221901) * Support dot in NVMe device ids - from version 20240304.00 * google_set_hostname: Extract rsyslog service name with a regexp for valid systemd unit names - from version 20240228.00 * Remove quintonamore from OWNERS - from version 20240119.00 * Setup smp affinity for IRQs and XPS on A3+ VMs - Update to version 20231214.00 * set multiqueue: A3 check set timeout the MDS call in 1s - from version 20231103.00 * Update owners * Update owners - Update to version 20230929.00 * Update multinic filter to pick only pci devices ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1479-1 Released: Tue Apr 30 15:00:48 2024 Summary: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent Type: recommended Severity: moderate References: 1216546,1218548,1221146,1221900,1221901,1222171 This update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent contains the following fixes: - Fix file permissions for google_authorized_principals binary (bsc#1222171) - Update to version 20240314.00 (bsc#1221900, bsc#1221901) * NetworkManager: only set secondary interfaces as up (#378) * address manager: make sure we check for oldMetadata (#375) * network: early setup network (#374) * NetworkManager: fix ipv6 and ipv4 mode attribute (#373) * Network Manager: make sure we clean up ifcfg files (#371) * metadata script runner: fix script download (#370) * oslogin: avoid adding extra empty line at the end of /etc/security/group.conf (#369) * Dynamic vlan (#361) * Check for nil response (#366) * Create NetworkManager implementation (#362) * Skip interface manager on Windows (#363) * network: remove ignore setup (#360) * Create wicked network service implementation and its respective unit (#356) * Update metadata script runner, add tests (#357) * Refactor guest-agent to use common retry util (#355) * Flush logs before exiting #358 (#359) - Refresh ifcfg patches for new version - No need for double %setup. - Use %patch -P N instead of deprecated %patchN. - Update to version 20240213.00 * Create systemd-networkd unit tests (#354) - from version 20240209.00 * Update network manager unit tests (#351) - from version 20240207.02 * Implement retry util (#350) - from version 20240207.01 * Refactor utils package to not dump everything unrelated into one file (#352) - from version 20240207.00 * Set version on metadata script runner (#353) * Implement cleanup of deprecated configuration directives (#348) * Ignore DHCP offered routes only for secondary nics (#347) * Deprecate DHClient in favor of systemd-networkd (#342) * Generate windows and linux licenses (#346) - from version 20240122.00 * Remove quintonamore from OWNERS (#345) - from version 20240111.00 * Delete integration tests (#343) - from version 20240109.00 * Update licenses with dependencies of go-winio (#339) * Add github.com/Microsoft/go-winio to third party licensing (#337) - Refresh ifcfg patches for new version - Update to version 20231214.00 * Fix snapshot test failure (#336) - from version 20231212.00 * Implement json-based command messaging system for guest-agent (#326) - from version 20231118.00 * sshca: Remove certificate caching (#334) - from version 20231115.00 * revert: 3ddd9d4a496f7a9c591ded58c3f541fd9cc7e317 (#333) * Update script runner to use common cfg package (#331) - Update to version 20231110.00 * Update Google UEFI variable (#329) * Update owners (#328) - from version 20231103.00 * Make config parsing order consistent (#327) - Update to version 20240307.00 (bsc#1221146, bsc#1221900, bsc#1221901) * Support dot in NVMe device ids (#68) - from version 20240304.00 * google_set_hostname: Extract rsyslog service name with a regexp for valid systemd unit names (#67) - from version 20240228.00 * Remove quintonamore from OWNERS (#64) - from version 20240119.00 * Setup smp affinity for IRQs and XPS on A3+ VMs (#63) - Update to version 20231214.00 * set multiqueue: A3 check set timeout the MDS call in 1s (#62) - from version 20231103.00 * Update owners (#61) * Update owners (#58) - Update to version 20230929.00 * Update multinic filter to pick only pci devices (#59) - Update to version 20240311.00 (bsc#1218548, bsc#1221900, bsc#1221901) * pam: Bring back pam's account management implementation (#133) * Change error messages when checking login policy (#129) * Remove quintonamore from OWNERS (#128) - Update to version 20231116.00 * build: Fix DESTDIR concatenation (#124) - from version 20231113.00 * build: Fix clang build (#122) - from version 20231103.00 * Update owners (#121) - Update to version 20240320.00 (bsc#1221900, bsc#1221901) * Enable OSConfig agent to read GPG keys files with multiple entities (#537) - from version 20240314.00 * Update OWNERS file to replace mahmoudn GitHub username by personal email GitHub username (#534) - from version 20240313.01 * Bump google.golang.org/protobuf from 1.30.0 to 1.33.0 in /e2e_tests (#535) - from version 20240313.00 * Adds a console and gcloud example policies (#533) - from version 20240228.00 * GuestPolicies e2e: Remove ed package if exist for zypper startup_script in recipe-steps tests (#532) - from version 20240126.00 * Fix Enterprise Linux Recipe-Steps tests to install info dependency package in the startup-script (#530) - from version 20240125.01 * Fix SUSE pkg-update and pkg-no-update e2e tests (#529) - from version 20240125.00 * Fix zypper patch info parser to consider conflicts-pkgs float versions (#528) - from version 20240123.01 * Fix SUSE package update e2e tests to use another existing package (#527) - from version 20240123.00 * Update cis-exclude-check-once-a-day.yaml (#526) - Update to version 20231219.00 * Bump golang.org/x/crypto from 0.14.0 to 0.17.0 (#524) - from version 20231207.01 * Some change to create an agent release (#523) - from version 20231207.00 * Some change to create an agent release (#522) - from version 20231205.00 * Some change to create an agent release (#521) - from version 20231130.02 * Merge pull request #519 from Gulio/just-release * Merge branch 'master' into just-release * Some change to create an agent release * Some change to create an agent release - from version 20231130.00 * Some change to create an agent release (#518) - from version 20231129.00 * Fix parse yum updates to consider the packages under installing-dependencies keyword (#502) * Update feature names in the README file (#517) - from version 20231128.00 * Updating owners (#508) - from version 20231127.00 * Move OS policy CIS examples under the console folder (#514) - from version 20231123.01 * Adds three more OS Policy examples to CIS folder (#509) * Added ekrementeskii and MahmoudNada0 to OWNERS (#505) - from version 20231123.00 * docs(osconfig):add OS policy examples for CIS scanning (#503) - from version 20231121.02 * Added SCODE to Windows error description (#504) - from version 20231121.01 * Update OWNERS (#501) * Update go version to 1.21 (#507) - from version 20231121.00 * Call fqdn (#481) - from version 20231116.00 * Removing obsolete MS Windows 2019 images (#500) - from version 20231107.00 * Update owners. (#498) - from version 20231103.02 * Increasing test timeouts (#499) * Update OWNERS (#497) - from version 20231103.01 * Bump google.golang.org/grpc from 1.53.0 to 1.56.3 in /e2e_tests (#493) * Bump google.golang.org/grpc from 1.53.0 to 1.56.3 (#494) - from version 20231103.00 * Removing deprecated Win for containers OSs (#496) - from version 20231027.00 * Shortening the reported image names (#495) - from version 20231025.00 * Merge pull request #492 from GoogleCloudPlatform/michaljankowiak-patch-1 * Merge branch 'master' into michaljankowiak-patch-1 * Fixing name changes * Fixing rename issue * Fixed formatting * Fixed formatting * Fixing formatting * Removing support for RHEL 6, adding RHEL 9 * Removing support for RHEL 6, adding for RHEL 9 * Removing support for RHEL 6 and adding for RHEL 9 * Removing step needed for RHEL 6 * Fixing build issues * Removing nonexistent images and adding new ones - from version 20231024.00 * Removing obsolete OS images and adding new ones (#491) - from version 20231020.00 * Change debug messages when parsing zypper patch output (#490) - from version 20231013.00 * Bump golang.org/x/net from 0.7.0 to 0.17.0 (#489) - from version 20231010.00 * Revert 'Added [main] section with gpgcheck to the agent-managed repo file (#484)' (#488) - from version 20231003.00 * Bump google.golang.org/grpc from 1.42.0 to 1.53.0 in /e2e_tests (#478) - from version 20230920.00 * Update OWNERS (#485) - from version 20230912.00 * Added [main] section with gpgcheck to the agent-managed repo file (#484) * Migrate empty interface to any (#483) - Bump the golang compiler version to 1.21 (bsc#1216546) - Update to version 20230829.00 * Added burov, dowgird, paulinakania and Gulio to OWNERS (#482) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1480-1 Released: Tue Apr 30 16:01:59 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194869,1200465,1205316,1207948,1209635,1209657,1212514,1213456,1214852,1215221,1215322,1217339,1217829,1217959,1217987,1217988,1217989,1218321,1218336,1218479,1218562,1218643,1218777,1219169,1219170,1219264,1219443,1219834,1220114,1220176,1220237,1220251,1220320,1220325,1220328,1220337,1220340,1220365,1220366,1220393,1220398,1220411,1220413,1220433,1220439,1220443,1220445,1220466,1220469,1220478,1220482,1220484,1220486,1220487,1220492,1220703,1220735,1220736,1220775,1220790,1220797,1220831,1220833,1220836,1220839,1220840,1220843,1220845,1220848,1220870,1220871,1220872,1220878,1220879,1220883,1220885,1220887,1220898,1220917,1220918,1220920,1220921,1220926,1220927,1220929,1220930,1220931,1220932,1220933,1220937,1220938,1220940,1220954,1220955,1220959,1220960,1220961,1220965,1220969,1220978,1220979,1220981,1220982,1220983,1220985,1220986,1220987,1220989,1220990,1221009,1221012,1221015,1221022,1221039,1221040,1221044,1221045,1221046,1221048,1221055,1221056,1221058,1221060,1 221061,1221062,1221066,1221067,1221068,1221069,1221070,1221071,1221077,1221082,1221090,1221097,1221156,1221252,1221273,1221274,1221276,1221277,1221291,1221293,1221298,1221337,1221338,1221375,1221379,1221551,1221553,1221613,1221614,1221616,1221618,1221631,1221633,1221713,1221725,1221777,1221814,1221816,1221830,1221951,1222033,1222056,1222060,1222070,1222073,1222117,1222274,1222291,1222300,1222304,1222317,1222331,1222355,1222356,1222360,1222366,1222373,1222619,1222952,CVE-2021-46925,CVE-2021-46926,CVE-2021-46927,CVE-2021-46929,CVE-2021-46930,CVE-2021-46931,CVE-2021-46933,CVE-2021-46934,CVE-2021-46936,CVE-2021-47082,CVE-2021-47083,CVE-2021-47087,CVE-2021-47091,CVE-2021-47093,CVE-2021-47094,CVE-2021-47095,CVE-2021-47096,CVE-2021-47097,CVE-2021-47098,CVE-2021-47099,CVE-2021-47100,CVE-2021-47101,CVE-2021-47102,CVE-2021-47104,CVE-2021-47105,CVE-2021-47107,CVE-2021-47108,CVE-2022-4744,CVE-2022-48626,CVE-2022-48627,CVE-2022-48628,CVE-2022-48629,CVE-2022-48630,CVE-2023-0160,CVE-2023-28746,CVE -2023-35827,CVE-2023-4881,CVE-2023-52447,CVE-2023-52450,CVE-2023-52453,CVE-2023-52454,CVE-2023-52462,CVE-2023-52463,CVE-2023-52467,CVE-2023-52469,CVE-2023-52470,CVE-2023-52474,CVE-2023-52476,CVE-2023-52477,CVE-2023-52481,CVE-2023-52482,CVE-2023-52484,CVE-2023-52486,CVE-2023-52492,CVE-2023-52493,CVE-2023-52494,CVE-2023-52497,CVE-2023-52500,CVE-2023-52501,CVE-2023-52502,CVE-2023-52504,CVE-2023-52507,CVE-2023-52508,CVE-2023-52509,CVE-2023-52510,CVE-2023-52511,CVE-2023-52513,CVE-2023-52515,CVE-2023-52517,CVE-2023-52518,CVE-2023-52519,CVE-2023-52520,CVE-2023-52523,CVE-2023-52524,CVE-2023-52525,CVE-2023-52528,CVE-2023-52529,CVE-2023-52530,CVE-2023-52531,CVE-2023-52532,CVE-2023-52559,CVE-2023-52563,CVE-2023-52564,CVE-2023-52566,CVE-2023-52567,CVE-2023-52569,CVE-2023-52574,CVE-2023-52575,CVE-2023-52576,CVE-2023-52582,CVE-2023-52583,CVE-2023-52587,CVE-2023-52591,CVE-2023-52594,CVE-2023-52595,CVE-2023-52597,CVE-2023-52598,CVE-2023-52599,CVE-2023-52600,CVE-2023-52601,CVE-2023-52602,CVE-2023-52 603,CVE-2023-52604,CVE-2023-52605,CVE-2023-52606,CVE-2023-52607,CVE-2023-52608,CVE-2023-52612,CVE-2023-52615,CVE-2023-52617,CVE-2023-52619,CVE-2023-52621,CVE-2023-52623,CVE-2023-52628,CVE-2023-52632,CVE-2023-52637,CVE-2023-52639,CVE-2023-6270,CVE-2023-6356,CVE-2023-6535,CVE-2023-6536,CVE-2023-7042,CVE-2023-7192,CVE-2024-0841,CVE-2024-2201,CVE-2024-22099,CVE-2024-23307,CVE-2024-25739,CVE-2024-25742,CVE-2024-25743,CVE-2024-26599,CVE-2024-26600,CVE-2024-26602,CVE-2024-26607,CVE-2024-26612,CVE-2024-26614,CVE-2024-26620,CVE-2024-26627,CVE-2024-26629,CVE-2024-26642,CVE-2024-26645,CVE-2024-26646,CVE-2024-26651,CVE-2024-26654,CVE-2024-26659,CVE-2024-26664,CVE-2024-26667,CVE-2024-26670,CVE-2024-26695,CVE-2024-26717 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466). - CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478). - CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443). - CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482). - CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484). - CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486). - CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487). - CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469). - CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439). - CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969). - CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917). - CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954). - CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959). - CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978). - CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551). - CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979). - CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981). - CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982). - CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983). - CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955). - CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985). - CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987). - CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009). - CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960). - CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961). - CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965). - CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366). - CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845). - CVE-2022-48628: Fixed possible lock in ceph (bsc#1220848). - CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989). - CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990). - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657). - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251). - CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237). - CVE-2023-52453: Fixed data corruption in hisi_acc_vfio_pci (bsc#1220337). - CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320). - CVE-2023-52462: Fixed check for attempt to corrupt spilled pointer (bsc#1220325). - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). - CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433). - CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411). - CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413). - CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445). - CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703). - CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790). - CVE-2023-52481: Fixed speculative unprivileged load in Cortex-A520 (bsc#1220887). - CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735). - CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797). - CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277). - CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276). - CVE-2023-52493: Fixed possible soft lockup in bus/mhi/host (bsc#1221274). - CVE-2023-52494: Fixed missing alignment check for event ring read pointer in bus/mhi/host (bsc#1221273). - CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879). - CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883). - CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885). - CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831). - CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553). - CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833). - CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015). - CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836). - CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898). - CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012). - CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022). - CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048). - CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055). - CVE-2023-52518: Fixed information leak in bluetooth/hci_codec (bsc#1221056). - CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920). - CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921). - CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926). - CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927). - CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840). - CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843). - CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929). - CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930). - CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931). - CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932). - CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933). - CVE-2023-52563: Fixed memory leak on ->hpd_notify callback() in drm/meson (bsc#1220937). - CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938). - CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940). - CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839). - CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918). - CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870). - CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871). - CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872). - CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878). - CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058). - CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082). - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044). - CVE-2023-52594: Fixed potential array-index-out-of-bounds read in ath9k_htc_txstatus() (bsc#1221045). - CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046). - CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040). - CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace (bsc#1221060). - CVE-2023-52599: Fixed array-index-out-of-bounds in diNewExt() in jfs (bsc#1221062). - CVE-2023-52600: Fixed uaf in jfs_evict_inode() (bsc#1221071). - CVE-2023-52601: Fixed array-index-out-of-bounds in dbAdjTree() in jfs (bsc#1221068). - CVE-2023-52602: Fixed slab-out-of-bounds Read in dtSearch() in jfs (bsc#1221070). - CVE-2023-52603: Fixed array-index-out-of-bounds in dtSplitRoot() (bsc#1221066). - CVE-2023-52604: Fixed array-index-out-of-bounds in dbAdjTree() (bsc#1221067). - CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039) - CVE-2023-52606: Fixed possible kernel stack corruption in powerpc/lib (bsc#1221069). - CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061). - CVE-2023-52608: Fixed possible race condition in firmware/arm_scmi (bsc#1221375). - CVE-2023-52612: Fixed req->dst buffer overflow in crypto/scomp (bsc#1221616). - CVE-2023-52615: Fixed page fault dead lock on mmap-ed hwrng (bsc#1221614). - CVE-2023-52617: Fixed stdev_release() crash after surprise hot remove (bsc#1221613). - CVE-2023-52619: Fixed possible crash when setting number of cpus to an odd number in pstore/ram (bsc#1221618). - CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073). - CVE-2023-52623: Fixed suspicious RCU usage in SUNRPC (bsc#1222060). - CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117). - CVE-2023-52632: Fixed lock dependency warning with srcu in drm/amdkfd (bsc#1222274). - CVE-2023-52637: Fixed UAF in j1939_sk_match_filter() in can/k1939 (bsc#1222291). - CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie Fixed (bsc#1222300). - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336). - CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479). - CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264). - CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339). - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169). - CVE-2024-25739: Fixed possible crash in create_empty_lvol() in drivers/mtd/ubi/vtbl.c (bsc#1219834). - CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725). - CVE-2024-25743: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725). - CVE-2024-26599: Fixed out-of-bounds access in of_pwm_single_xlate() (bsc#1220365). - CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340). - CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). - CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736). - CVE-2024-26612: Fixed Oops in fscache_put_cache() This function dereferences (bsc#1221291). - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293). - CVE-2024-26620: Fixed possible device model violation in s390/vfio-ap (bsc#1221298). - CVE-2024-26627: Fixed possible hard lockup in scsi (bsc#1221090). - CVE-2024-26629: Fixed possible protocol violation via RELEASE_LOCKOWNER in nfsd (bsc#1221379). - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830). - CVE-2024-26645: Fixed missing visibility when inserting an element into tracing_map (bsc#1222056). - CVE-2024-26646: Fixed potential memory corruption when resuming from suspend or hibernation in thermal/intel/hfi (bsc#1222070). - CVE-2024-26651: Fixed possible oops via malicious devices in sr9800 (bsc#1221337). - CVE-2024-26654: Fixed use after free in ALSA/sh/aica (bsc#1222304). - CVE-2024-26659: Fixed wrong handling of isoc Babble and Buffer Overrun events in xhci (bsc#1222317). - CVE-2024-26664: Fixed out-of-bounds memory access in create_core_data() in hwmon coretemp (bsc#1222355). - CVE-2024-26667: Fixed null pointer reference in dpu_encoder_helper_phys_cleanup in drm/msm/dpu (bsc#1222331). - CVE-2024-26670: Fixed ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround in kernel arm64 (bsc#1222356). - CVE-2024-26695: Fixed null pointer dereference in __sev_platform_shutdown_locked in crypto ccp (bsc#1222373). - CVE-2024-26717: Fixed null pointer dereference on failed power up in HID i2c-hid-of (bsc#1222360). The following non-security bugs were fixed: - acpi: CPPC: enable AMD CPPC V2 support for family 17h processors (git-fixes). - acpi: processor_idle: Fix memory leak in acpi_processor_power_exit() (git-fixes). - acpi: resource: Add Infinity laptops to irq1_edge_low_force_override (stable-fixes). - acpi: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override (git-fixes). - acpi: resource: Do IRQ override on Lunnen Ground laptops (stable-fixes). - acpi: scan: Fix device check notification handling (git-fixes). - acpica: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() (git-fixes). - alsa: aaci: Delete unused variable in aaci_do_suspend (git-fixes). - alsa: aoa: avoid false-positive format truncation warning (git-fixes). - alsa: aw2: avoid casting function pointers (git-fixes). - alsa: ctxfi: avoid casting function pointers (git-fixes). - alsa: hda/realtek - ALC285 reduce pop noise from Headphone port (stable-fixes). - alsa: hda/realtek - Add Headset Mic supported Acer NB platform (stable-fixes). - alsa: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform (git-fixes). - alsa: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) (git-fixes). - alsa: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone (git-fixes). - alsa: hda/realtek: fix ALC285 issues on HP Envy x360 laptops (stable-fixes). - alsa: hda/realtek: fix mute/micmute LED For HP mt440 (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs for HP EliteBook (stable-fixes). - alsa: seq: fix function cast warnings (git-fixes). - alsa: sh: aica: reorder cleanup operations to avoid UAF bugs (git-fixes). - alsa: usb-audio: Stop parsing channels bits when all channels are found (git-fixes). - arm64: dts: allwinner: h6: add rx dma channel for spdif (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (git-fixes) - arm64: dts: imx8mm-kontron: add support for ultra high speed modes on (git-fixes) - arm64: dts: imx8mm-venice-gw71xx: fix usb otg vbus (git-fixes) - arm64: dts: marvell: reorder crypto interrupts on armada socs (git-fixes) - arm64: dts: rockchip: add es8316 codec for rock pi 4 (git-fixes) - arm64: dts: rockchip: add spdif node for rock pi 4 (git-fixes) - arm64: dts: rockchip: fix regulator name on rk3399-rock-4 (git-fixes) - arm64: dts: rockchip: set num-cs property for spi on px30 (git-fixes) - arm64: mm: fix va-range sanity check (git-fixes) - arm64: set __exception_irq_entry with __irq_entry as a default (git-fixes) - asoc: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet (stable-fixes). - asoc: amd: acp: Add missing error handling in sof-mach (git-fixes). - asoc: amd: acp: fix for acp_init function error handling (git-fixes). - asoc: madera: Fix typo in madera_set_fll_clks shift value (git-fixes). - asoc: meson: Use dev_err_probe() helper (stable-fixes). - asoc: meson: aiu: fix function pointer type mismatch (git-fixes). - asoc: meson: axg-tdm-interface: add frame rate constraint (git-fixes). - asoc: meson: axg-tdm-interface: fix mclk setup without mclk-fs (git-fixes). - asoc: meson: t9015: fix function pointer type mismatch (git-fixes). - asoc: ops: Fix wraparound for mask in snd_soc_get_volsw (git-fixes). - asoc: rcar: adg: correct TIMSEL setting for SSI9 (git-fixes). - asoc: rt5645: Make LattePanda board DMI match more precise (stable-fixes). - asoc: rt5682-sdw: fix locking sequence (git-fixes). - asoc: rt711-sdca: fix locking sequence (git-fixes). - asoc: rt711-sdw: fix locking sequence (git-fixes). - asoc: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode (stable-fixes). - asoc: wm8962: Enable oscillator if selecting WM8962_FLL_OSC (stable-fixes). - asoc: wm8962: Fix up incorrect error message in wm8962_set_fll (stable-fixes). - ata: sata_mv: fix pci device id table declaration compilation warning (git-fixes). - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit (git-fixes). - backlight: da9052: fully initialize backlight_properties during probe (git-fixes). - backlight: lm3630a: do not set bl->props.brightness in get_brightness (git-fixes). - backlight: lm3630a: initialize backlight_properties on init (git-fixes). - backlight: lm3639: fully initialize backlight_properties during probe (git-fixes). - backlight: lp8788: fully initialize backlight_properties during probe (git-fixes). - blocklayoutdriver: fix reference leak of pnfs_device_node (git-fixes). - bluetooth: Remove HCI_POWER_OFF_TIMEOUT (git-fixes). - bluetooth: Remove superfluous call to hci_conn_check_pending() (git-fixes). - bluetooth: hci_core: Fix possible buffer overflow (git-fixes). - bluetooth: mgmt: Remove leftover queuing of power_off work (git-fixes). - bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (stable-fixes). - bpf, scripts: correct gpl license name (git-fixes). - bpf, sockmap: fix preempt_rt splat when using raw_spin_lock_t (git-fixes). - can: softing: remove redundant null check (git-fixes). - clk: zynq: prevent null pointer dereference caused by kmalloc failure (git-fixes). - comedi: comedi_test: prevent timers rescheduling during deletion (git-fixes). - coresight: etm4x: do not access trcidr1 for identification (bsc#1220775) - coresight: etm4x: fix accesses to trcseqrstevr and trcseqstr (bsc#1220775) - coresight: etm: override trcidr3.ccitmin on errata affected cpus (bsc#1220775) - cpufreq: amd-pstate: fix min_perf assignment in amd_pstate_adjust_perf() (git-fixes). - cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value (git-fixes). - crypto: arm/sha - fix function cast warnings (git-fixes). - crypto: qat - avoid division by zero (git-fixes). - crypto: qat - fix deadlock in backlog processing (git-fixes). - crypto: qat - fix double free during reset (git-fixes). - crypto: qat - fix state machines cleanup paths (bsc#1218321). - crypto: qat - fix unregistration of compression algorithms (git-fixes). - crypto: qat - fix unregistration of crypto algorithms (git-fixes). - crypto: qat - ignore subsequent state up commands (git-fixes). - crypto: qat - increase size of buffers (git-fixes). - crypto: qat - resolve race condition during aer recovery (git-fixes). - crypto: xilinx - call finalize with bh disabled (git-fixes). - doc-guide: kernel-doc: tell about object-like macros (git-fixes). - doc/readme.suse: update information about module support status (jsc#ped-5759) - drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (git-fixes). - drm/amd/display: add fams validation before trying to use it (git-fixes). - drm/amd/display: add fb_damage_clips support (git-fixes). - drm/amd/display: add function for validate and update new stream (git-fixes). - drm/amd/display: add odm case when looking for first split pipe (git-fixes). - drm/amd/display: always switch off odm before committing more streams (git-fixes). - drm/amd/display: avoid abm when odm combine is enabled for edp (git-fixes). - drm/amd/display: blocking invalid 420 modes on hdmi tmds for dcn31 (git-fixes). - drm/amd/display: check if link state is valid (git-fixes). - drm/amd/display: clean code-style issues in dcn30_set_mpc_shaper_3dlut (git-fixes). - drm/amd/display: copy dc context in the commit streams (git-fixes). - drm/amd/display: dc.h: eliminate kernel-doc warnings (git-fixes). - drm/amd/display: disable psr-su on parade 0803 tcon again (git-fixes). - drm/amd/display: enable fast plane updates on dcn3.2 and above (git-fixes). - drm/amd/display: enable new commit sequence only for dcn32x (git-fixes). - drm/amd/display: ensure async flips are only accepted for fast updates (git-fixes). - drm/amd/display: exit idle optimizations before attempt to access phy (git-fixes). - drm/amd/display: expand kernel doc for dc (git-fixes). - drm/amd/display: fix a bug when searching for insert_above_mpcc (git-fixes). - drm/amd/display: fix a null pointer dereference in amdgpu_dm_i2c_xfer() (git-fixes). - drm/amd/display: fix a potential buffer overflow in 'dp_dsc_clock_en_read()' (git-fixes). - drm/amd/display: fix abm disablement (git-fixes). - drm/amd/display: fix dc/core/dc.c kernel-doc (git-fixes). - drm/amd/display: fix hw rotated modes when psr-su is enabled (git-fixes). - drm/amd/display: fix kernel-doc issues in dc.h (git-fixes). - drm/amd/display: fix possible underflow for displays with large vblank (git-fixes). - drm/amd/display: fix the delta clamping for shaper lut (git-fixes). - drm/amd/display: fix unbounded requesting for high pixel rate modes on dcn315 (git-fixes). - drm/amd/display: fix underflow issue on 175hz timing (git-fixes). - drm/amd/display: for prefetch mode > 0, extend prefetch if possible (git-fixes). - drm/amd/display: guard against invalid rptr/wptr being set (git-fixes). - drm/amd/display: guard dcn31 phyd32clk logic against chip family (git-fixes). - drm/amd/display: handle range offsets in vrr ranges (stable-fixes). - drm/amd/display: handle seamless boot stream (git-fixes). - drm/amd/display: handle virtual hardware detect (git-fixes). - drm/amd/display: include surface of unaffected streams (git-fixes). - drm/amd/display: include udelay when waiting for inbox0 ack (git-fixes). - drm/amd/display: increase frame warning limit with kasan or kcsan in dml (git-fixes). - drm/amd/display: keep phy active for dp config (git-fixes). - drm/amd/display: perform a bounds check before filling dirty rectangles (git-fixes). - drm/amd/display: prevent vtotal from being set to 0 (git-fixes). - drm/amd/display: remove min_dst_y_next_start check for z8 (git-fixes). - drm/amd/display: restore rptr/wptr for dmcub as workaround (git-fixes). - drm/amd/display: return the correct hdcp error code (stable-fixes). - drm/amd/display: revert vblank change that causes null pointer crash (git-fixes). - drm/amd/display: rework comments on dc file (git-fixes). - drm/amd/display: rework context change check (git-fixes). - drm/amd/display: set minimum requirement for using psr-su on phoenix (git-fixes). - drm/amd/display: set minimum requirement for using psr-su on rembrandt (git-fixes). - drm/amd/display: set per pipe dppclk to 0 when dpp is off (git-fixes). - drm/amd/display: update correct dcn314 register header (git-fixes). - drm/amd/display: update extended blank for dcn314 onwards (git-fixes). - drm/amd/display: update min z8 residency time to 2100 for dcn314 (git-fixes). - drm/amd/display: update otg instance in the commit stream (git-fixes). - drm/amd/display: use dram speed from validation for dummy p-state (git-fixes). - drm/amd/display: use dtbclk as refclk instead of dprefclk (git-fixes). - drm/amd/display: use low clocks for no plane configs (git-fixes). - drm/amd/display: use min transition for all subvp plane add/remove (git-fixes). - drm/amd/display: write to correct dirty_rect (git-fixes). - drm/amd/display: wrong colorimetry workaround (git-fixes). - drm/amd/pm: fix a memleak in aldebaran_tables_init (git-fixes). - drm/amd/pm: fix error of maco flag setting code (git-fixes). - drm/amd/smu: use averagegfxclkfrequency* to replace previous gfx curr clock (git-fixes). - drm/amd: enable pcie pme from d3 (git-fixes). - drm/amdgpu/pm: fix the error of pwm1_enable setting (stable-fixes). - drm/amdgpu/pm: make gfxclock consistent for sienna cichlid (git-fixes). - drm/amdgpu/pm: make mclk consistent for smu 13.0.7 (git-fixes). - drm/amdgpu/smu13: drop compute workload workaround (git-fixes). - drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (stable-fixes). - drm/amdgpu: enable gpu reset for s3 abort cases on raven series (stable-fixes). - drm/amdgpu: fix missing break in atom_arg_imm case of atom_get_src_int() (git-fixes). - drm/amdgpu: force order between a read and write to the same address (git-fixes). - drm/amdgpu: lower cs errors to debug severity (git-fixes). - drm/amdgpu: match against exact bootloader status (git-fixes). - drm/amdgpu: unset context priority is now invalid (git-fixes). - drm/amdgpu: update min() to min_t() in 'amdgpu_info_ioctl' (git-fixes). - drm/amdkfd: fix tlb flush after unmap for gfx9.4.2 (stable-fixes). - drm/bridge: tc358762: instruct dsi host to generate hse packets (git-fixes). - drm/display: fix typo (git-fixes). - drm/edid: add quirk for osvr hdk 2.0 (git-fixes). - drm/etnaviv: restore some id values (git-fixes). - drm/exynos: do not return negative values from .get_modes() (stable-fixes). - drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() (git-fixes). - drm/i915/bios: tolerate devdata==null in intel_bios_encoder_supports_dp_dual_mode() (stable-fixes). - drm/i915/gt: do not generate the command streamer for all the ccs (git-fixes). - drm/i915/gt: reset queue_priority_hint on parking (git-fixes). - drm/i915/gt: use i915_vm_put on ppgtt_create error paths (git-fixes). - drm/i915/selftests: fix dependency of some timeouts on hz (git-fixes). - drm/i915: add missing ccs documentation (git-fixes). - drm/i915: call intel_pre_plane_updates() also for pipes getting enabled (git-fixes). - drm/i915: check before removing mm notifier (git-fixes). - drm/lima: fix a memleak in lima_heap_alloc (git-fixes). - drm/mediatek: dsi: fix dsi rgb666 formats and definitions (git-fixes). - drm/mediatek: fix a null pointer crash in mtk_drm_crtc_finish_page_flip (git-fixes). - drm/msm/dpu: add division of drm_display_mode's hskew parameter (git-fixes). - drm/msm/dpu: fix the programming of intf_cfg2_data_hctl_en (git-fixes). - drm/msm/dpu: improve dsc allocation (git-fixes). - drm/msm/dpu: only enable dsc_mode_multiplex if dsc_merge is enabled (git-fixes). - drm/panel-edp: use put_sync in unprepare (git-fixes). - drm/panel: auo,b101uan08.3: fine tune the panel power sequence (git-fixes). - drm/panel: boe-tv101wum-nl6: fine tune the panel power sequence (git-fixes). - drm/panel: do not return negative error codes from drm_panel_get_modes() (stable-fixes). - drm/panel: move aux b116xw03 out of panel-edp back to panel-simple (git-fixes). - drm/panfrost: fix power transition timeout warnings (git-fixes). - drm/probe-helper: warn about negative .get_modes() (stable-fixes). - drm/qxl: remove unused `count` variable from `qxl_surface_id_alloc()` (git-fixes). - drm/qxl: remove unused variable from `qxl_process_single_command()` (git-fixes). - drm/radeon/ni: fix wrong firmware size logging in ni_init_microcode() (git-fixes). - drm/radeon/ni_dpm: remove redundant null check (git-fixes). - drm/radeon: remove dead code in ni_mc_load_microcode() (git-fixes). - drm/rockchip: dsi: clean up 'usage_mode' when failing to attach (git-fixes). - drm/rockchip: inno_hdmi: fix video timing (git-fixes). - drm/rockchip: lvds: do not overwrite error code (git-fixes). - drm/rockchip: lvds: do not print scary message when probing defer (git-fixes). - drm/tegra: dpaux: fix pm disable depth imbalance in tegra_dpaux_probe (git-fixes). - drm/tegra: dsi: add missing check for of_find_device_by_node (git-fixes). - drm/tegra: dsi: fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() (git-fixes). - drm/tegra: dsi: fix some error handling paths in tegra_dsi_probe() (git-fixes). - drm/tegra: dsi: make use of the helper function dev_err_probe() (stable-fixes). - drm/tegra: hdmi: convert to devm_platform_ioremap_resource() (stable-fixes). - drm/tegra: hdmi: fix some error handling paths in tegra_hdmi_probe() (git-fixes). - drm/tegra: output: fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() (git-fixes). - drm/tegra: put drm_gem_object ref on error in tegra_fb_create (git-fixes). - drm/tegra: rgb: fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() (git-fixes). - drm/tegra: rgb: fix some error handling paths in tegra_dc_rgb_probe() (git-fixes). - drm/tidss: fix initial plane zpos values (git-fixes). - drm/tidss: fix sync-lost issue with two displays (git-fixes). - drm/ttm: do not leak a resource on eviction error (git-fixes). - drm/ttm: do not print error message if eviction was interrupted (git-fixes). - drm/vc4: add module dependency on hdmi-codec (git-fixes). - drm/vmwgfx: create debugfs ttm_resource_manager entry only if needed (git-fixes). - drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (git-fixes). - drm/vmwgfx: fix possible null pointer derefence with invalid contexts (git-fixes). - drm: do not treat 0 as -1 in drm_fixp2int_ceil (git-fixes). - drm: fix drm_fixp2int_round() making it add 0.5 (git-fixes). - drm: panel-orientation-quirks: add quirk for acer switch v 10 (sw5-017) (git-fixes). - firewire: core: use long bus reset on gap count error (stable-fixes). - fix 'coresight: etm4x: Change etm4_platform_driver driver for MMIO devices' (bsc#1220775) - hid: amd_sfh: Update HPD sensor structure elements (git-fixes). - hid: lenovo: Add middleclick_workaround sysfs knob for cptkbd (git-fixes). - hid: multitouch: Add required quirk for Synaptics 0xcddc device (stable-fixes). - hv_netvsc: calculate correct ring size when page_size is not 4 kbytes (git-fixes). - hv_netvsc: fix race condition between netvsc_probe and netvsc_remove (git-fixes). - hv_netvsc: register vf in netvsc_probe if net_device_register missed (git-fixes). - i2c: aspeed: fix the dummy irq expected print (git-fixes). - i2c: i801: avoid potential double call to gpiod_remove_lookup_table (git-fixes). - i2c: wmt: fix an error handling path in wmt_i2c_probe() (git-fixes). - ib/ipoib: Fix mcast list locking (git-fixes) - iio: dummy_evgen: remove excess kernel-doc comments (git-fixes). - iio: pressure: dlhl60d: initialize empty dlh bytes (git-fixes). - input: gpio_keys_polled - suppress deferred probe error for gpio (stable-fixes). - input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table (git-fixes). - input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table (git-fixes). - input: i8042 - add quirk for Fujitsu Lifebook A574/H (git-fixes). - input: i8042 - fix strange behavior of touchpad on Clevo NS70PU (git-fixes). - input: pm8941-powerkey - fix debounce on gen2+ PMICs (git-fixes). - input: pm8941-pwrkey - add software key press debouncing support (git-fixes). - input: pm8941-pwrkey - add support for PON GEN3 base addresses (git-fixes). - input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal (git-fixes). - input: xpad - add Lenovo Legion Go controllers (git-fixes). - iommu/amd: mark interrupt as managed (git-fixes). - iommu/dma: trace bounce buffer usage when mapping buffers (git-fixes). - iommu/mediatek-v1: fix an error handling path in mtk_iommu_v1_probe() (git-fixes). - iommu/mediatek: fix forever loop in error handling (git-fixes). - iommu/vt-d: allow to use flush-queue when first level is default (git-fixes). - iommu/vt-d: do not issue ats invalidation request when device is disconnected (git-fixes). - iommu/vt-d: fix pasid directory pointer coherency (git-fixes). - iommu/vt-d: set no execute enable bit in pasid table entry (git-fixes). - kabi: pci: add locking to rmw pci express capability register accessors (kabi). - kconfig: fix infinite loop when expanding a macro at the end of file (git-fixes). - kvm: s390: only deliver the set service event bits (git-fixes bsc#1221631). - lan78xx: enable auto speed configuration for lan7850 if no eeprom is detected (git-commit). - leds: aw2013: unlock mutex before destroying it (git-fixes). - lib/cmdline: fix an invalid format specifier in an assertion msg (git-fixes). - make nvidiA Grace-Hopper TPM related drivers build-ins (bsc#1221156) - md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes). - md/raid5: release batch_last before waiting for another stripe_head (git-fixes). - md/raid6: use valid sector values to determine if an i/o should wait on the reshape (git-fixes). - md: do not ignore suspended array in md_check_recovery() (git-fixes). - md: do not leave 'md_recovery_frozen' in error path of md_set_readonly() (git-fixes). - md: fix data corruption for raid456 when reshape restart while grow up (git-fixes). - md: introduce md_ro_state (git-fixes). - md: make sure md_do_sync() will set md_recovery_done (git-fixes). - md: whenassemble the array, consult the superblock of the freshest device (git-fixes). - media: dvb-frontends: avoid stack overflow warnings with clang (git-fixes). - media: edia: dvbdev: fix a use-after-free (git-fixes). - media: em28xx: annotate unchecked call to media_device_register() (git-fixes). - media: go7007: add check of return value of go7007_read_addr() (git-fixes). - media: go7007: fix a memleak in go7007_load_encoder (git-fixes). - media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak (git-fixes). - media: pvrusb2: fix pvr2_stream_callback casts (git-fixes). - media: pvrusb2: fix uaf in pvr2_context_set_notify (git-fixes). - media: pvrusb2: remove redundant null check (git-fixes). - media: staging: ipu3-imgu: set fields before media_entity_pads_init() (git-fixes). - media: sun8i-di: fix chroma difference threshold (git-fixes). - media: sun8i-di: fix coefficient writes (git-fixes). - media: sun8i-di: fix power on/off sequences (git-fixes). - media: tc358743: register v4l2 async device only after successful setup (git-fixes). - media: ttpci: fix two memleaks in budget_av_attach (git-fixes). - media: usbtv: remove useless locks in usbtv_video_free() (git-fixes). - media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity (git-fixes). - media: v4l2-tpg: fix some memleaks in tpg_alloc (git-fixes). - media: xc4000: fix atomicity violation in xc4000_get_frequency (git-fixes). - mfd: altera-sysmgr: call of_node_put() only when of_parse_phandle() takes a ref (git-fixes). - mfd: syscon: call of_node_put() only when of_parse_phandle() takes a ref (git-fixes). - mm,page_owner: Defer enablement of static branch (bsc#1222366). - mm,page_owner: check for null stack_record before bumping its refcount (bsc#1222366). - mm,page_owner: drop unnecessary check (bsc#1222366). - mm,page_owner: fix accounting of pages when migrating (bsc#1222366). - mm,page_owner: fix printing of stack records (bsc#1222366). - mm,page_owner: fix recursion (bsc#1222366). - mm,page_owner: fix refcount imbalance (bsc#1222366). - mm,page_owner: update metadata for tail pages (bsc#1222366). - mm/vmalloc: huge vmalloc backing pages should be split rather than compound (bsc#1217829). - mmc: core: avoid negative index with array access (git-fixes). - mmc: core: fix switch on gp3 partition (git-fixes). - mmc: core: initialize mmc_blk_ioc_data (git-fixes). - mmc: mmci: stm32: fix dma api overlapping mappings warning (git-fixes). - mmc: mmci: stm32: use a buffer for unaligned dma requests (git-fixes). - mmc: tmio: avoid concurrent runs of mmc_request_done() (git-fixes). - mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function (git-fixes). - mtd: maps: physmap-core: fix flash size larger than 32-bit (git-fixes). - mtd: rawnand: lpc32xx_mlc: fix irq handler prototype (git-fixes). - mtd: rawnand: meson: fix scrambling mode value in command macro (git-fixes). - net/bnx2x: prevent access to a freed page in page_pool (bsc#1215322). - net/x25: fix incorrect parameter validation in the x25_getsockopt() function (git-fixes). - net: fix features skip in for_each_netdev_feature() (git-fixes). - net: lan78xx: fix runtime pm count underflow on link stop (git-fixes). - net: ll_temac: platform_get_resource replaced by wrong function (git-fixes). - net: mana: fix rx dma datasize and skb_over_panic (git-fixes). - net: phy: fix phy_get_internal_delay accessing an empty array (git-fixes). - net: sunrpc: fix an off by one in rpc_sockaddr2uaddr() (git-fixes). - net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes). - nfc: nci: fix uninit-value in nci_dev_up and nci_ntf_packet (git-fixes). - nfs: fix an off by one in root_nfs_cat() (git-fixes). - nfs: rename nfs_client_kset to nfs_kset (git-fixes). - nfsd: change LISTXATTRS cookie encoding to big-endian (git-fixes). - nfsd: convert the callback workqueue to use delayed_work (git-fixes). - nfsd: do not take fi_lock in nfsd_break_deleg_cb() (git-fixes). - nfsd: fix LISTXATTRS returning a short list with eof=TRUE (git-fixes). - nfsd: fix LISTXATTRS returning more bytes than maxcount (git-fixes). - nfsd: fix file memleak on client_opens_release (git-fixes). - nfsd: fix nfsd4_listxattr_validate_cookie (git-fixes). - nfsd: lock_rename() needs both directories to live on the same fs (git-fixes). - nfsd: reschedule CB operations when backchannel rpc_clnt is shut down (git-fixes). - nfsd: reset cb_seq_status after NFS4ERR_DELAY (git-fixes). - nfsd: retransmit callbacks after client reconnects (git-fixes). - nfsd: use vfs setgid helper (git-fixes). - nfsv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT (git-fixes). - nfsv4.1: fix SP4_MACH_CRED protection for pnfs IO (git-fixes). - nfsv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes). - nfsv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes). - nfsv4.2: fix listxattr maximum XDR buffer size (git-fixes). - nfsv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (git-fixes). - nfsv4.2: fix wrong shrinker_id (git-fixes). - nfsv4: fix a nfs4_state_manager() race (git-fixes). - nfsv4: fix a state manager thread deadlock regression (git-fixes). - nilfs2: fix failure to detect dat corruption in btree and direct mappings (git-fixes). - nilfs2: prevent kernel bug at submit_bh_wbc() (git-fixes). - nouveau/dmem: handle kcalloc() allocation failure (git-fixes). - nouveau: reset the bo resource bus info after an eviction (git-fixes). - ntfs: fix use-after-free in ntfs_ucsncmp() (bsc#1221713). - nvme-fc: do not wait in vain when unloading module (git-fixes). - nvme: fix reconnection fail due to reserved tag allocation (git-fixes). - nvmet-fc: abort command when there is no binding (git-fixes). - nvmet-fc: avoid deadlock on delete association path (git-fixes). - nvmet-fc: defer cleanup using rcu properly (git-fixes). - nvmet-fc: hold reference on hostport match (git-fixes). - nvmet-fc: release reference on target port (git-fixes). - nvmet-fc: take ref count on tgtport before delete assoc (git-fixes). - nvmet-fcloop: swap the list_add_tail arguments (git-fixes). - nvmet-tcp: fix nvme tcp ida memory leak (git-fixes). - pci/aer: fix rootport attribute paths in ABI docs (git-fixes). - pci/aspm: Use RMW accessors for changing LNKCTL (git-fixes). - pci/dpc: print all TLP Prefixes, not just the first (git-fixes). - pci/msi: prevent MSI hardware interrupt number truncation (bsc#1218777) - pci/p2pdma: Fix a sleeping issue in a RCU read section (git-fixes). - pci: add locking to RMW PCI Express Capability Register accessors (git-fixes). - pci: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() (git-fixes). - pci: dwc: endpoint: Fix advertised resizable BAR size (git-fixes). - pci: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support (git-fixes). - pci: fu740: Set the number of MSI vectors (git-fixes). - pci: lengthen reset delay for VideoPropulsion Torrent QN16e card (git-fixes). - pci: make link retraining use RMW accessors for changing LNKCTL (git-fixes). - pci: mark 3ware-9650SE Root Port Extended Tags as broken (git-fixes). - pci: mediatek-gen3: Fix translation window size calculation (git-fixes). - pci: mediatek: Clear interrupt status before dispatching handler (git-fixes). - pci: qcom: Enable BDF to SID translation properly (git-fixes). - pci: qcom: Use DWC helpers for modifying the read-only DBI registers (git-fixes). - pci: rockchip: Do not advertise MSI-X in PCIe capabilities (git-fixes). - pci: rockchip: Fix window mapping and address translation for endpoint (git-fixes). - pci: rockchip: Use 64-bit mask on MSI 64-bit PCI address (git-fixes). - pci: switchtec: Fix an error handling path in switchtec_pci_probe() (git-fixes). - pinctrl: mediatek: drop bogus slew rate register range for mt8192 (git-fixes). - platform/mellanox: mlxreg-hotplug: Remove redundant NULL-check (git-fixes). - pm: suspend: Set mem_sleep_current during kernel command line setup (git-fixes). - pnfs/flexfiles: check the layout validity in ff_layout_mirror_prepare_stats (git-fixes). - pnfs: fix a hang in nfs4_evict_inode() (git-fixes). - pnfs: fix the pnfs block driver's calculation of layoutget size (git-fixes). - powerpc/64s: POWER10 CPU Kconfig build option (bsc#1194869). - powerpc/boot: Disable power10 features after BOOTAFLAGS assignment (bsc#1194869). - powerpc/boot: Fix boot wrapper code generation with CONFIG_POWER10_CPU (bsc#1194869). - powerpc/lib/sstep: Do not use __{get/put}_user() on kernel addresses (bsc#1194869). - powerpc/lib/sstep: Remove unneeded #ifdef __powerpc64__ (bsc#1194869). - powerpc/lib/sstep: Use l1_dcache_bytes() instead of opencoding (bsc#1194869). - powerpc/lib/sstep: use truncate_if_32bit() (bsc#1194869). - powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270). - powerpc/pseries: Fix potential memleak in papr_get_attr() (bsc#1200465 ltc#197256 jsc#SLE-18130 git-fixes). - powerpc/sstep: Use bitwise instead of arithmetic operator for flags (bsc#1194869). - powerpc: add compile-time support for lbarx, lharx (bsc#1194869). - pwm: mediatek: Update kernel doc for struct pwm_mediatek_of_data (git-fixes). - qedf: Do not process stag work during unload (bsc#1214852). - qedf: Wait for stag work during unload (bsc#1214852). - raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1221097). - ras/amd/fmpm: Add debugfs interface to print record entries (jsc#PED-7619). - ras/amd/fmpm: Avoid NULL ptr deref in get_saved_records() (jsc#PED-7619). - ras/amd/fmpm: Fix build when debugfs is not enabled (jsc#PED-7619). - ras/amd/fmpm: Fix off by one when unwinding on error (jsc#PED-7619). - ras/amd/fmpm: Safely handle saved records of various sizes (jsc#PED-7619). - ras/amd/fmpm: Save SPA values (jsc#PED-7619). - ras: Avoid build errors when CONFIG_DEBUG_FS=n (git-fixes). - ras: export helper to get ras_debugfs_dir (jsc#PED-7619). - rdma/device: fix a race between mad_client and cm_client init (git-fixes) - rdma/hns: fix mis-modifying default congestion control algorithm (git-fixes) - rdma/ipoib: fix error code return in ipoib_mcast_join (git-fixes) - rdma/irdma: remove duplicate assignment (git-fixes) - rdma/mana_ib: fix bug in creation of dma regions (git-fixes). - rdma/mlx5: fix fortify source warning while accessing eth segment (git-fixes) - rdma/mlx5: relax devx access upon modify commands (git-fixes) - rdma/rtrs-clt: check strnlen return len in sysfs mpath_policy_store() (git-fixes) - rdma/srpt: do not register event handler until srpt device is fully setup (git-fixes) - revert 'drm/amd: disable psr-su on parade 0803 tcon' (git-fixes). - revert 'drm/amd: disable s/g for apus when 64gb or more host memory' (git-fixes). - revert 'drm/amdgpu/display: change pipe policy for dcn 2.0' (git-fixes). - revert 'drm/amdgpu/display: change pipe policy for dcn 2.1' (git-fixes). - revert 'drm/vc4: hdmi: enforce the minimum rate at runtime_resume' (git-fixes). - revert 'fbdev: flush deferred io before closing (git-fixes).' (bsc#1221814) - revert 'pci: tegra194: enable support for 256 byte payload' (git-fixes). - revert 'revert 'drm/amdgpu/display: change pipe policy for dcn 2.0'' (git-fixes). - revert 'sunrpc dont update timeout value on connection reset' (git-fixes). - ring-buffer: Clean ring_buffer_poll_wait() error return (git-fixes). - rtc: mt6397: select IRQ_DOMAIN instead of depending on it (git-fixes). - s390/pai: fix attr_event_free upper limit for pai device drivers (git-fixes bsc#1221633). - s390/vfio-ap: realize the VFIO_DEVICE_GET_IRQ_INFO ioctl (bsc#1205316). - s390/vfio-ap: realize the VFIO_DEVICE_SET_IRQS ioctl (bsc#1205316). - s390/vfio-ap: wire in the vfio_device_ops request callback (bsc#1205316). - s390/vtime: fix average steal time calculation (git-fixes bsc#1221951). - sched/rt: Disallow writing invalid values to sched_rt_period_us (bsc#1220176). - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset (bsc#1220176). - scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() (bsc#1221777). - scsi: lpfc: Correct size for wqe for memset() (bsc#1221777). - scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr (bsc#1221777). - scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr (bsc#1221777). - scsi: lpfc: Define types in a union for generic void *context3 ptr (bsc#1221777). - scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (bsc#1221777). - scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1221777). - scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1221777 bsc#1217959). - scsi: lpfc: Remove unnecessary log message in queuecommand path (bsc#1221777). - scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() (bsc#1221777). - scsi: lpfc: Update lpfc version to 14.4.0.1 (bsc#1221777). - scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic (bsc#1221777). - scsi: lpfc: Use a dedicated lock for ras_fwlog state (bsc#1221777). - scsi: qedf: Remove set but unused variable 'page' (bsc#1214852). - scsi: qedf: Remove unused 'num_handled' variable (bsc#1214852). - scsi: qedf: Remove unused declaration (bsc#1214852). - scsi: qla2xxx: Change debug message during driver unload (bsc1221816). - scsi: qla2xxx: Delay I/O Abort on PCI error (bsc1221816). - scsi: qla2xxx: Fix N2N stuck connection (bsc1221816). - scsi: qla2xxx: Fix command flush on cable pull (bsc1221816). - scsi: qla2xxx: Fix double free of fcport (bsc1221816). - scsi: qla2xxx: Fix double free of the ha->vp_map pointer (bsc1221816). - scsi: qla2xxx: NVME|FCP prefer flag not being honored (bsc1221816). - scsi: qla2xxx: Prevent command send on chip reset (bsc1221816). - scsi: qla2xxx: Split FCE|EFT trace control (bsc1221816). - scsi: qla2xxx: Update manufacturer detail (bsc1221816). - scsi: qla2xxx: Update version to 10.02.09.200-k (bsc1221816). - scsi: storvsc: Fix ring buffer size calculation (git-fixes). - scsi: target: core: Silence the message about unknown VPD pages (bsc#1221252). - selftests/bpf: add generic BPF program tester-loader (bsc#1222033). - serial: 8250_exar: Do not remove GPIO device on suspend (git-fixes). - serial: max310x: fix syntax error in IRQ error message (git-fixes). - slimbus: core: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - soc: fsl: qbman: Always disable interrupts when taking cgr_lock (git-fixes). - spi: lm70llp: fix links in doc and comments (git-fixes). - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (git-fixes). - sr9800: Add check for usbnet_get_endpoints (git-fixes). - stackdepot: rename pool_index to pool_index_plus_1 (git-fixes). - staging: vc04_services: fix information leak in create_component() (git-fixes). - sunrpc: add an is_err() check back to where it was (git-fixes). - sunrpc: econnreset might require a rebind (git-fixes). - sunrpc: fix a memleak in gss_import_v2_context (git-fixes). - sunrpc: fix a suspicious rcu usage warning (git-fixes). - sunrpc: fix rpc client cleaned up the freed pipefs dentries (git-fixes). - sunrpc: fix some memleaks in gssx_dec_option_array (git-fixes). - svcrdma: Drop connection after an RDMA Read error (git-fixes). - topology/sysfs: Hide PPIN on systems that do not support it (jsc#PED-7618). - topology: Fix up build warning in topology_is_visible() (jsc#PED-7618). - tracing/probes: Fix to show a parse error for bad type for $comm (git-fixes). - tracing: Fix wasted memory in saved_cmdlines logic (git-fixes). - tracing: Inform kmemleak of saved_cmdlines allocation (git-fixes). - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619). - tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled (git-fixes). - tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (git-fixes). - tty: vt: fix 20 vs 0x20 typo in EScsiignore (git-fixes). - ubifs: Queue up space reservation tasks if retrying many times (git-fixes). - ubifs: Remove unreachable code in dbg_check_ltab_lnum (git-fixes). - ubifs: Set page uptodate in the correct place (git-fixes). - ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed (git-fixes). - ubifs: fix sort function prototype (git-fixes). - usb: audio-v2: Correct comments for struct uac_clock_selector_descriptor (git-fixes). - usb: cdc-wdm: close race between read and workqueue (git-fixes). - usb: core: fix deadlock in usb_deauthorize_interface() (git-fixes). - usb: dwc2: gadget: Fix exiting from clock gating (git-fixes). - usb: dwc2: gadget: LPM flow fix (git-fixes). - usb: dwc2: host: Fix ISOC flow in DDMA mode (git-fixes). - usb: dwc2: host: Fix hibernation flow (git-fixes). - usb: dwc2: host: Fix remote wakeup from hibernation (git-fixes). - usb: dwc3: Properly set system wakeup (git-fixes). - usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes). - usb: gadget: ncm: Fix handling of zero block length packets (git-fixes). - usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (git-fixes). - usb: hub: Replace hardcoded quirk value with BIT() macro (git-fixes). - usb: port: Do not try to peer unused USB ports based on location (git-fixes). - usb: typec: Return size of buffer if pd_set operation succeeds (git-fixes). - usb: typec: ucsi: Check for notifications after init (git-fixes). - usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (git-fixes). - usb: typec: ucsi: Clear EVENT_PENDING under PPM lock (git-fixes). - usb: usb-storage: prevent divide-by-0 error in isd200_ata_command (git-fixes). - usb: xhci: Add error handling in xhci_map_urb_for_dma (git-fixes). - vboxsf: Avoid an spurious warning if load_nls_xxx() fails (git-fixes). - vt: fix unicode buffer corruption when deleting characters (git-fixes). - watchdog: stm32_iwdg: initialize default timeout (git-fixes). - wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (git-fixes). - wifi: ath11k: decrease MHI channel buffer length to 8KB (bsc#1207948). - wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use (git-fixes). - wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (git-fixes). - wifi: b43: Disable QoS for bcm4331 (git-fixes). - wifi: b43: Stop correct queue in DMA worker when QoS is disabled (git-fixes). - wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled (git-fixes). - wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled (git-fixes). - wifi: brcmfmac: fix copyright year mentioned in platform_data header (git-fixes). - wifi: brcmsmac: avoid function pointer casts (git-fixes). - wifi: iwlwifi: dbg-tlv: ensure NUL termination (git-fixes). - wifi: iwlwifi: fix EWRD table validity check (git-fixes). - wifi: iwlwifi: fw: do not always use FW dump trig (git-fixes). - wifi: iwlwifi: mvm: do not set replay counters to 0xff (git-fixes). - wifi: iwlwifi: mvm: report beacon protection failures (git-fixes). - wifi: iwlwifi: mvm: rfi: fix potential response leaks (git-fixes). - wifi: iwlwifi: mvm: use FW rate for non-data only on new devices (git-fixes). - wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (git-fixes). - wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() (git-fixes). - wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (git-fixes). - wifi: rtw88: 8821c: Fix false alarm count (git-fixes). - wifi: wilc1000: fix RCU usage in connect path (git-fixes). - wifi: wilc1000: fix declarations ordering (stable-fixes). - wifi: wilc1000: fix multi-vif management when deleting a vif (git-fixes). - wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces (git-fixes). - x86/CPU/AMD: Update the Zenbleed microcode revisions (git-fixes). - x86/bugs: Fix the SRSO mitigation on Zen3/4 (git-fixes). - x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (git-fixes). - xhci: handle isoc Babble and Buffer Overrun events properly (git-fixes). - xhci: process isoc TD properly when there was a transaction error mid TD (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.17.3 updated - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - curl-8.0.1-150400.5.44.1 updated - glibc-locale-base-2.31-150300.74.1 updated - glibc-locale-2.31-150300.74.1 updated - glibc-2.31-150300.74.1 updated - google-guest-agent-20240314.00-150000.1.46.2 updated - google-guest-configs-20240307.00-150400.13.9.1 updated - google-guest-oslogin-20240311.00-150000.1.43.1 updated - google-osconfig-agent-20240320.00-150000.1.33.5 updated - grub2-i386-pc-2.06-150500.29.25.12 updated - grub2-x86_64-efi-2.06-150500.29.25.12 updated - grub2-2.06-150500.29.25.12 updated - hwdata-0.380-150000.3.68.1 updated - kernel-default-5.14.21-150500.55.59.1 updated - less-590-150400.3.6.2 updated - libabsl2308_0_0-20230802.1-150400.10.4.1 added - libblkid1-2.37.4-150500.9.6.1 updated - libcares2-1.19.1-150000.3.26.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - libfdisk1-2.37.4-150500.9.6.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libgnutls30-3.7.3-150400.4.44.1 updated - libmount1-2.37.4-150500.9.6.1 updated - libncurses6-6.1-150000.5.24.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - libprotobuf-lite25_1_0-25.1-150400.9.3.1 added - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - libsemanage1-3.1-150400.3.4.2 updated - libsmartcols1-2.37.4-150500.9.6.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libuuid1-2.37.4-150500.9.6.1 updated - libzypp-17.32.5-150400.3.64.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - nvme-cli-2.4+32.g2e2531a-150500.4.15.3 updated - openssh-clients-8.4p1-150300.3.37.1 updated - openssh-common-8.4p1-150300.3.37.1 updated - openssh-server-8.4p1-150300.3.37.1 updated - openssh-8.4p1-150300.3.37.1 updated - python3-base-3.6.15-150300.10.60.1 updated - python3-idna-2.6-150000.3.3.1 updated - python3-3.6.15-150300.10.60.1 updated - rpm-ndb-4.14.3-150400.59.13.1 updated - samba-client-libs-4.17.12+git.462.df636292e62-150500.3.23.7 updated - shim-15.8-150300.4.20.2 updated - systemd-default-settings-branding-SLE-0.10-150300.3.7.1 updated - systemd-default-settings-0.10-150300.3.7.1 updated - terminfo-base-6.1-150000.5.24.1 updated - terminfo-6.1-150000.5.24.1 updated - util-linux-systemd-2.37.4-150500.9.6.1 updated - util-linux-2.37.4-150500.9.6.1 updated - vim-data-common-9.1.0330-150500.20.12.1 updated - vim-9.1.0330-150500.20.12.1 updated - wicked-service-0.6.74-150500.3.21.1 updated - wicked-0.6.74-150500.3.21.1 updated - xen-libs-4.17.4_02-150500.3.30.1 updated - xfsprogs-5.13.0-150400.3.7.1 updated - zypper-1.14.71-150400.3.45.2 updated - libimaevm3-1.4-150400.3.2.1 removed - libprotobuf-lite20-3.9.2-150200.4.21.1 removed From sle-container-updates at lists.suse.com Sat May 11 07:01:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 11 May 2024 09:01:22 +0200 (CEST) Subject: SUSE-IU-2024:423-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20240511070122.DA848FCEF@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:423-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.2 , suse/sle-micro/kvm-5.5:2.0.2-2.2.115 , suse/sle-micro/kvm-5.5:latest Image Release : 2.2.115 Severity : important Type : security References : 1189495 1191175 1194869 1200465 1205316 1207948 1209635 1209657 1211721 1212514 1213269 1213456 1214852 1215221 1215322 1217339 1217829 1217959 1217987 1217988 1217989 1218321 1218336 1218479 1218562 1218643 1218686 1218777 1218889 1219169 1219170 1219264 1219443 1219834 1220114 1220176 1220237 1220251 1220320 1220325 1220328 1220337 1220340 1220365 1220366 1220393 1220398 1220411 1220413 1220433 1220439 1220443 1220445 1220466 1220469 1220478 1220482 1220484 1220486 1220487 1220492 1220703 1220735 1220736 1220775 1220790 1220797 1220831 1220833 1220836 1220839 1220840 1220843 1220845 1220848 1220870 1220871 1220872 1220878 1220879 1220883 1220885 1220887 1220898 1220917 1220918 1220920 1220921 1220926 1220927 1220929 1220930 1220931 1220932 1220933 1220937 1220938 1220940 1220954 1220955 1220959 1220960 1220961 1220965 1220969 1220978 1220979 1220981 1220982 1220983 1220985 1220986 1220987 1220989 1220990 1221009 1221012 1221015 1221022 1221039 1221040 1221044 1221045 1221046 1221048 1221055 1221056 1221058 1221060 1221061 1221062 1221066 1221067 1221068 1221069 1221070 1221071 1221077 1221082 1221090 1221097 1221156 1221252 1221273 1221274 1221276 1221277 1221291 1221293 1221298 1221337 1221338 1221361 1221375 1221379 1221407 1221551 1221553 1221613 1221614 1221616 1221618 1221631 1221633 1221713 1221725 1221777 1221814 1221816 1221830 1221951 1222033 1222056 1222060 1222070 1222073 1222117 1222274 1222291 1222300 1222304 1222317 1222331 1222355 1222356 1222360 1222366 1222373 1222547 1222619 1222843 1222845 1222952 1222992 CVE-2021-3521 CVE-2021-46925 CVE-2021-46926 CVE-2021-46927 CVE-2021-46929 CVE-2021-46930 CVE-2021-46931 CVE-2021-46933 CVE-2021-46934 CVE-2021-46936 CVE-2021-47082 CVE-2021-47083 CVE-2021-47087 CVE-2021-47091 CVE-2021-47093 CVE-2021-47094 CVE-2021-47095 CVE-2021-47096 CVE-2021-47097 CVE-2021-47098 CVE-2021-47099 CVE-2021-47100 CVE-2021-47101 CVE-2021-47102 CVE-2021-47104 CVE-2021-47105 CVE-2021-47107 CVE-2021-47108 CVE-2022-4744 CVE-2022-48626 CVE-2022-48627 CVE-2022-48628 CVE-2022-48629 CVE-2022-48630 CVE-2023-0160 CVE-2023-28746 CVE-2023-3019 CVE-2023-35827 CVE-2023-4881 CVE-2023-52447 CVE-2023-52450 CVE-2023-52453 CVE-2023-52454 CVE-2023-52462 CVE-2023-52463 CVE-2023-52467 CVE-2023-52469 CVE-2023-52470 CVE-2023-52474 CVE-2023-52476 CVE-2023-52477 CVE-2023-52481 CVE-2023-52482 CVE-2023-52484 CVE-2023-52486 CVE-2023-52492 CVE-2023-52493 CVE-2023-52494 CVE-2023-52497 CVE-2023-52500 CVE-2023-52501 CVE-2023-52502 CVE-2023-52504 CVE-2023-52507 CVE-2023-52508 CVE-2023-52509 CVE-2023-52510 CVE-2023-52511 CVE-2023-52513 CVE-2023-52515 CVE-2023-52517 CVE-2023-52518 CVE-2023-52519 CVE-2023-52520 CVE-2023-52523 CVE-2023-52524 CVE-2023-52525 CVE-2023-52528 CVE-2023-52529 CVE-2023-52530 CVE-2023-52531 CVE-2023-52532 CVE-2023-52559 CVE-2023-52563 CVE-2023-52564 CVE-2023-52566 CVE-2023-52567 CVE-2023-52569 CVE-2023-52574 CVE-2023-52575 CVE-2023-52576 CVE-2023-52582 CVE-2023-52583 CVE-2023-52587 CVE-2023-52591 CVE-2023-52594 CVE-2023-52595 CVE-2023-52597 CVE-2023-52598 CVE-2023-52599 CVE-2023-52600 CVE-2023-52601 CVE-2023-52602 CVE-2023-52603 CVE-2023-52604 CVE-2023-52605 CVE-2023-52606 CVE-2023-52607 CVE-2023-52608 CVE-2023-52612 CVE-2023-52615 CVE-2023-52617 CVE-2023-52619 CVE-2023-52621 CVE-2023-52623 CVE-2023-52628 CVE-2023-52632 CVE-2023-52637 CVE-2023-52639 CVE-2023-6270 CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2023-6683 CVE-2023-7042 CVE-2023-7192 CVE-2024-0841 CVE-2024-2201 CVE-2024-22099 CVE-2024-23307 CVE-2024-25739 CVE-2024-25742 CVE-2024-25743 CVE-2024-26599 CVE-2024-26600 CVE-2024-26602 CVE-2024-26607 CVE-2024-26612 CVE-2024-26614 CVE-2024-26620 CVE-2024-26627 CVE-2024-26629 CVE-2024-26642 CVE-2024-26645 CVE-2024-26646 CVE-2024-26651 CVE-2024-26654 CVE-2024-26659 CVE-2024-26664 CVE-2024-26667 CVE-2024-26670 CVE-2024-26695 CVE-2024-26717 CVE-2024-2961 CVE-2024-3446 CVE-2024-3447 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1398-1 Released: Tue Apr 23 13:58:22 2024 Summary: Recommended update for systemd-default-settings Type: recommended Severity: moderate References: This update for systemd-default-settings fixes the following issues: - Disable pids controller limit under user instances (jsc#SLE-10123) - Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific 'feature' has been abandoned. - User priority '26' for SLE-Micro - Convert more drop-ins into early ones ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1438-1 Released: Thu Apr 25 23:40:18 2024 Summary: Security update for qemu Type: security Severity: important References: 1213269,1218889,1222843,1222845,CVE-2023-3019,CVE-2023-6683,CVE-2024-3446,CVE-2024-3447 This update for qemu fixes the following issues: - CVE-2024-3447: Fixed heap buffer overflow in sdhci_write_dataport() (bsc#1222845) - CVE-2023-6683: Fixed NULL pointer dereference in qemu_clipboard_request() (bsc#1218889) - CVE-2024-3446: Fixed DMA reentrancy issue leads to double free vulnerability (bsc#1222843) - CVE-2023-3019: Fixed heap use-after-free in e1000e_write_packet_to_guest() (bsc#1213269) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1480-1 Released: Tue Apr 30 16:01:59 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194869,1200465,1205316,1207948,1209635,1209657,1212514,1213456,1214852,1215221,1215322,1217339,1217829,1217959,1217987,1217988,1217989,1218321,1218336,1218479,1218562,1218643,1218777,1219169,1219170,1219264,1219443,1219834,1220114,1220176,1220237,1220251,1220320,1220325,1220328,1220337,1220340,1220365,1220366,1220393,1220398,1220411,1220413,1220433,1220439,1220443,1220445,1220466,1220469,1220478,1220482,1220484,1220486,1220487,1220492,1220703,1220735,1220736,1220775,1220790,1220797,1220831,1220833,1220836,1220839,1220840,1220843,1220845,1220848,1220870,1220871,1220872,1220878,1220879,1220883,1220885,1220887,1220898,1220917,1220918,1220920,1220921,1220926,1220927,1220929,1220930,1220931,1220932,1220933,1220937,1220938,1220940,1220954,1220955,1220959,1220960,1220961,1220965,1220969,1220978,1220979,1220981,1220982,1220983,1220985,1220986,1220987,1220989,1220990,1221009,1221012,1221015,1221022,1221039,1221040,1221044,1221045,1221046,1221048,1221055,1221056,1221058,1221060,1 221061,1221062,1221066,1221067,1221068,1221069,1221070,1221071,1221077,1221082,1221090,1221097,1221156,1221252,1221273,1221274,1221276,1221277,1221291,1221293,1221298,1221337,1221338,1221375,1221379,1221551,1221553,1221613,1221614,1221616,1221618,1221631,1221633,1221713,1221725,1221777,1221814,1221816,1221830,1221951,1222033,1222056,1222060,1222070,1222073,1222117,1222274,1222291,1222300,1222304,1222317,1222331,1222355,1222356,1222360,1222366,1222373,1222619,1222952,CVE-2021-46925,CVE-2021-46926,CVE-2021-46927,CVE-2021-46929,CVE-2021-46930,CVE-2021-46931,CVE-2021-46933,CVE-2021-46934,CVE-2021-46936,CVE-2021-47082,CVE-2021-47083,CVE-2021-47087,CVE-2021-47091,CVE-2021-47093,CVE-2021-47094,CVE-2021-47095,CVE-2021-47096,CVE-2021-47097,CVE-2021-47098,CVE-2021-47099,CVE-2021-47100,CVE-2021-47101,CVE-2021-47102,CVE-2021-47104,CVE-2021-47105,CVE-2021-47107,CVE-2021-47108,CVE-2022-4744,CVE-2022-48626,CVE-2022-48627,CVE-2022-48628,CVE-2022-48629,CVE-2022-48630,CVE-2023-0160,CVE-2023-28746,CVE -2023-35827,CVE-2023-4881,CVE-2023-52447,CVE-2023-52450,CVE-2023-52453,CVE-2023-52454,CVE-2023-52462,CVE-2023-52463,CVE-2023-52467,CVE-2023-52469,CVE-2023-52470,CVE-2023-52474,CVE-2023-52476,CVE-2023-52477,CVE-2023-52481,CVE-2023-52482,CVE-2023-52484,CVE-2023-52486,CVE-2023-52492,CVE-2023-52493,CVE-2023-52494,CVE-2023-52497,CVE-2023-52500,CVE-2023-52501,CVE-2023-52502,CVE-2023-52504,CVE-2023-52507,CVE-2023-52508,CVE-2023-52509,CVE-2023-52510,CVE-2023-52511,CVE-2023-52513,CVE-2023-52515,CVE-2023-52517,CVE-2023-52518,CVE-2023-52519,CVE-2023-52520,CVE-2023-52523,CVE-2023-52524,CVE-2023-52525,CVE-2023-52528,CVE-2023-52529,CVE-2023-52530,CVE-2023-52531,CVE-2023-52532,CVE-2023-52559,CVE-2023-52563,CVE-2023-52564,CVE-2023-52566,CVE-2023-52567,CVE-2023-52569,CVE-2023-52574,CVE-2023-52575,CVE-2023-52576,CVE-2023-52582,CVE-2023-52583,CVE-2023-52587,CVE-2023-52591,CVE-2023-52594,CVE-2023-52595,CVE-2023-52597,CVE-2023-52598,CVE-2023-52599,CVE-2023-52600,CVE-2023-52601,CVE-2023-52602,CVE-2023-52 603,CVE-2023-52604,CVE-2023-52605,CVE-2023-52606,CVE-2023-52607,CVE-2023-52608,CVE-2023-52612,CVE-2023-52615,CVE-2023-52617,CVE-2023-52619,CVE-2023-52621,CVE-2023-52623,CVE-2023-52628,CVE-2023-52632,CVE-2023-52637,CVE-2023-52639,CVE-2023-6270,CVE-2023-6356,CVE-2023-6535,CVE-2023-6536,CVE-2023-7042,CVE-2023-7192,CVE-2024-0841,CVE-2024-2201,CVE-2024-22099,CVE-2024-23307,CVE-2024-25739,CVE-2024-25742,CVE-2024-25743,CVE-2024-26599,CVE-2024-26600,CVE-2024-26602,CVE-2024-26607,CVE-2024-26612,CVE-2024-26614,CVE-2024-26620,CVE-2024-26627,CVE-2024-26629,CVE-2024-26642,CVE-2024-26645,CVE-2024-26646,CVE-2024-26651,CVE-2024-26654,CVE-2024-26659,CVE-2024-26664,CVE-2024-26667,CVE-2024-26670,CVE-2024-26695,CVE-2024-26717 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466). - CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478). - CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443). - CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482). - CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484). - CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486). - CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487). - CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469). - CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439). - CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969). - CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917). - CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954). - CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959). - CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978). - CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551). - CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979). - CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981). - CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982). - CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983). - CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955). - CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985). - CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987). - CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009). - CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960). - CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961). - CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965). - CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366). - CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845). - CVE-2022-48628: Fixed possible lock in ceph (bsc#1220848). - CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989). - CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990). - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657). - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251). - CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237). - CVE-2023-52453: Fixed data corruption in hisi_acc_vfio_pci (bsc#1220337). - CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320). - CVE-2023-52462: Fixed check for attempt to corrupt spilled pointer (bsc#1220325). - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). - CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433). - CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411). - CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413). - CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445). - CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703). - CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790). - CVE-2023-52481: Fixed speculative unprivileged load in Cortex-A520 (bsc#1220887). - CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735). - CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797). - CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277). - CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276). - CVE-2023-52493: Fixed possible soft lockup in bus/mhi/host (bsc#1221274). - CVE-2023-52494: Fixed missing alignment check for event ring read pointer in bus/mhi/host (bsc#1221273). - CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879). - CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883). - CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885). - CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831). - CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553). - CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833). - CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015). - CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836). - CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898). - CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012). - CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022). - CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048). - CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055). - CVE-2023-52518: Fixed information leak in bluetooth/hci_codec (bsc#1221056). - CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920). - CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921). - CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926). - CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927). - CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840). - CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843). - CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929). - CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930). - CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931). - CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932). - CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933). - CVE-2023-52563: Fixed memory leak on ->hpd_notify callback() in drm/meson (bsc#1220937). - CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938). - CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940). - CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839). - CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918). - CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870). - CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871). - CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872). - CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878). - CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058). - CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082). - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044). - CVE-2023-52594: Fixed potential array-index-out-of-bounds read in ath9k_htc_txstatus() (bsc#1221045). - CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046). - CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040). - CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace (bsc#1221060). - CVE-2023-52599: Fixed array-index-out-of-bounds in diNewExt() in jfs (bsc#1221062). - CVE-2023-52600: Fixed uaf in jfs_evict_inode() (bsc#1221071). - CVE-2023-52601: Fixed array-index-out-of-bounds in dbAdjTree() in jfs (bsc#1221068). - CVE-2023-52602: Fixed slab-out-of-bounds Read in dtSearch() in jfs (bsc#1221070). - CVE-2023-52603: Fixed array-index-out-of-bounds in dtSplitRoot() (bsc#1221066). - CVE-2023-52604: Fixed array-index-out-of-bounds in dbAdjTree() (bsc#1221067). - CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039) - CVE-2023-52606: Fixed possible kernel stack corruption in powerpc/lib (bsc#1221069). - CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061). - CVE-2023-52608: Fixed possible race condition in firmware/arm_scmi (bsc#1221375). - CVE-2023-52612: Fixed req->dst buffer overflow in crypto/scomp (bsc#1221616). - CVE-2023-52615: Fixed page fault dead lock on mmap-ed hwrng (bsc#1221614). - CVE-2023-52617: Fixed stdev_release() crash after surprise hot remove (bsc#1221613). - CVE-2023-52619: Fixed possible crash when setting number of cpus to an odd number in pstore/ram (bsc#1221618). - CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073). - CVE-2023-52623: Fixed suspicious RCU usage in SUNRPC (bsc#1222060). - CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117). - CVE-2023-52632: Fixed lock dependency warning with srcu in drm/amdkfd (bsc#1222274). - CVE-2023-52637: Fixed UAF in j1939_sk_match_filter() in can/k1939 (bsc#1222291). - CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie Fixed (bsc#1222300). - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336). - CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479). - CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264). - CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339). - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169). - CVE-2024-25739: Fixed possible crash in create_empty_lvol() in drivers/mtd/ubi/vtbl.c (bsc#1219834). - CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725). - CVE-2024-25743: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725). - CVE-2024-26599: Fixed out-of-bounds access in of_pwm_single_xlate() (bsc#1220365). - CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340). - CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). - CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736). - CVE-2024-26612: Fixed Oops in fscache_put_cache() This function dereferences (bsc#1221291). - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293). - CVE-2024-26620: Fixed possible device model violation in s390/vfio-ap (bsc#1221298). - CVE-2024-26627: Fixed possible hard lockup in scsi (bsc#1221090). - CVE-2024-26629: Fixed possible protocol violation via RELEASE_LOCKOWNER in nfsd (bsc#1221379). - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830). - CVE-2024-26645: Fixed missing visibility when inserting an element into tracing_map (bsc#1222056). - CVE-2024-26646: Fixed potential memory corruption when resuming from suspend or hibernation in thermal/intel/hfi (bsc#1222070). - CVE-2024-26651: Fixed possible oops via malicious devices in sr9800 (bsc#1221337). - CVE-2024-26654: Fixed use after free in ALSA/sh/aica (bsc#1222304). - CVE-2024-26659: Fixed wrong handling of isoc Babble and Buffer Overrun events in xhci (bsc#1222317). - CVE-2024-26664: Fixed out-of-bounds memory access in create_core_data() in hwmon coretemp (bsc#1222355). - CVE-2024-26667: Fixed null pointer reference in dpu_encoder_helper_phys_cleanup in drm/msm/dpu (bsc#1222331). - CVE-2024-26670: Fixed ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround in kernel arm64 (bsc#1222356). - CVE-2024-26695: Fixed null pointer dereference in __sev_platform_shutdown_locked in crypto ccp (bsc#1222373). - CVE-2024-26717: Fixed null pointer dereference on failed power up in HID i2c-hid-of (bsc#1222360). The following non-security bugs were fixed: - acpi: CPPC: enable AMD CPPC V2 support for family 17h processors (git-fixes). - acpi: processor_idle: Fix memory leak in acpi_processor_power_exit() (git-fixes). - acpi: resource: Add Infinity laptops to irq1_edge_low_force_override (stable-fixes). - acpi: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override (git-fixes). - acpi: resource: Do IRQ override on Lunnen Ground laptops (stable-fixes). - acpi: scan: Fix device check notification handling (git-fixes). - acpica: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() (git-fixes). - alsa: aaci: Delete unused variable in aaci_do_suspend (git-fixes). - alsa: aoa: avoid false-positive format truncation warning (git-fixes). - alsa: aw2: avoid casting function pointers (git-fixes). - alsa: ctxfi: avoid casting function pointers (git-fixes). - alsa: hda/realtek - ALC285 reduce pop noise from Headphone port (stable-fixes). - alsa: hda/realtek - Add Headset Mic supported Acer NB platform (stable-fixes). - alsa: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform (git-fixes). - alsa: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) (git-fixes). - alsa: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone (git-fixes). - alsa: hda/realtek: fix ALC285 issues on HP Envy x360 laptops (stable-fixes). - alsa: hda/realtek: fix mute/micmute LED For HP mt440 (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs for HP EliteBook (stable-fixes). - alsa: seq: fix function cast warnings (git-fixes). - alsa: sh: aica: reorder cleanup operations to avoid UAF bugs (git-fixes). - alsa: usb-audio: Stop parsing channels bits when all channels are found (git-fixes). - arm64: dts: allwinner: h6: add rx dma channel for spdif (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (git-fixes) - arm64: dts: imx8mm-kontron: add support for ultra high speed modes on (git-fixes) - arm64: dts: imx8mm-venice-gw71xx: fix usb otg vbus (git-fixes) - arm64: dts: marvell: reorder crypto interrupts on armada socs (git-fixes) - arm64: dts: rockchip: add es8316 codec for rock pi 4 (git-fixes) - arm64: dts: rockchip: add spdif node for rock pi 4 (git-fixes) - arm64: dts: rockchip: fix regulator name on rk3399-rock-4 (git-fixes) - arm64: dts: rockchip: set num-cs property for spi on px30 (git-fixes) - arm64: mm: fix va-range sanity check (git-fixes) - arm64: set __exception_irq_entry with __irq_entry as a default (git-fixes) - asoc: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet (stable-fixes). - asoc: amd: acp: Add missing error handling in sof-mach (git-fixes). - asoc: amd: acp: fix for acp_init function error handling (git-fixes). - asoc: madera: Fix typo in madera_set_fll_clks shift value (git-fixes). - asoc: meson: Use dev_err_probe() helper (stable-fixes). - asoc: meson: aiu: fix function pointer type mismatch (git-fixes). - asoc: meson: axg-tdm-interface: add frame rate constraint (git-fixes). - asoc: meson: axg-tdm-interface: fix mclk setup without mclk-fs (git-fixes). - asoc: meson: t9015: fix function pointer type mismatch (git-fixes). - asoc: ops: Fix wraparound for mask in snd_soc_get_volsw (git-fixes). - asoc: rcar: adg: correct TIMSEL setting for SSI9 (git-fixes). - asoc: rt5645: Make LattePanda board DMI match more precise (stable-fixes). - asoc: rt5682-sdw: fix locking sequence (git-fixes). - asoc: rt711-sdca: fix locking sequence (git-fixes). - asoc: rt711-sdw: fix locking sequence (git-fixes). - asoc: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode (stable-fixes). - asoc: wm8962: Enable oscillator if selecting WM8962_FLL_OSC (stable-fixes). - asoc: wm8962: Fix up incorrect error message in wm8962_set_fll (stable-fixes). - ata: sata_mv: fix pci device id table declaration compilation warning (git-fixes). - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit (git-fixes). - backlight: da9052: fully initialize backlight_properties during probe (git-fixes). - backlight: lm3630a: do not set bl->props.brightness in get_brightness (git-fixes). - backlight: lm3630a: initialize backlight_properties on init (git-fixes). - backlight: lm3639: fully initialize backlight_properties during probe (git-fixes). - backlight: lp8788: fully initialize backlight_properties during probe (git-fixes). - blocklayoutdriver: fix reference leak of pnfs_device_node (git-fixes). - bluetooth: Remove HCI_POWER_OFF_TIMEOUT (git-fixes). - bluetooth: Remove superfluous call to hci_conn_check_pending() (git-fixes). - bluetooth: hci_core: Fix possible buffer overflow (git-fixes). - bluetooth: mgmt: Remove leftover queuing of power_off work (git-fixes). - bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (stable-fixes). - bpf, scripts: correct gpl license name (git-fixes). - bpf, sockmap: fix preempt_rt splat when using raw_spin_lock_t (git-fixes). - can: softing: remove redundant null check (git-fixes). - clk: zynq: prevent null pointer dereference caused by kmalloc failure (git-fixes). - comedi: comedi_test: prevent timers rescheduling during deletion (git-fixes). - coresight: etm4x: do not access trcidr1 for identification (bsc#1220775) - coresight: etm4x: fix accesses to trcseqrstevr and trcseqstr (bsc#1220775) - coresight: etm: override trcidr3.ccitmin on errata affected cpus (bsc#1220775) - cpufreq: amd-pstate: fix min_perf assignment in amd_pstate_adjust_perf() (git-fixes). - cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value (git-fixes). - crypto: arm/sha - fix function cast warnings (git-fixes). - crypto: qat - avoid division by zero (git-fixes). - crypto: qat - fix deadlock in backlog processing (git-fixes). - crypto: qat - fix double free during reset (git-fixes). - crypto: qat - fix state machines cleanup paths (bsc#1218321). - crypto: qat - fix unregistration of compression algorithms (git-fixes). - crypto: qat - fix unregistration of crypto algorithms (git-fixes). - crypto: qat - ignore subsequent state up commands (git-fixes). - crypto: qat - increase size of buffers (git-fixes). - crypto: qat - resolve race condition during aer recovery (git-fixes). - crypto: xilinx - call finalize with bh disabled (git-fixes). - doc-guide: kernel-doc: tell about object-like macros (git-fixes). - doc/readme.suse: update information about module support status (jsc#ped-5759) - drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (git-fixes). - drm/amd/display: add fams validation before trying to use it (git-fixes). - drm/amd/display: add fb_damage_clips support (git-fixes). - drm/amd/display: add function for validate and update new stream (git-fixes). - drm/amd/display: add odm case when looking for first split pipe (git-fixes). - drm/amd/display: always switch off odm before committing more streams (git-fixes). - drm/amd/display: avoid abm when odm combine is enabled for edp (git-fixes). - drm/amd/display: blocking invalid 420 modes on hdmi tmds for dcn31 (git-fixes). - drm/amd/display: check if link state is valid (git-fixes). - drm/amd/display: clean code-style issues in dcn30_set_mpc_shaper_3dlut (git-fixes). - drm/amd/display: copy dc context in the commit streams (git-fixes). - drm/amd/display: dc.h: eliminate kernel-doc warnings (git-fixes). - drm/amd/display: disable psr-su on parade 0803 tcon again (git-fixes). - drm/amd/display: enable fast plane updates on dcn3.2 and above (git-fixes). - drm/amd/display: enable new commit sequence only for dcn32x (git-fixes). - drm/amd/display: ensure async flips are only accepted for fast updates (git-fixes). - drm/amd/display: exit idle optimizations before attempt to access phy (git-fixes). - drm/amd/display: expand kernel doc for dc (git-fixes). - drm/amd/display: fix a bug when searching for insert_above_mpcc (git-fixes). - drm/amd/display: fix a null pointer dereference in amdgpu_dm_i2c_xfer() (git-fixes). - drm/amd/display: fix a potential buffer overflow in 'dp_dsc_clock_en_read()' (git-fixes). - drm/amd/display: fix abm disablement (git-fixes). - drm/amd/display: fix dc/core/dc.c kernel-doc (git-fixes). - drm/amd/display: fix hw rotated modes when psr-su is enabled (git-fixes). - drm/amd/display: fix kernel-doc issues in dc.h (git-fixes). - drm/amd/display: fix possible underflow for displays with large vblank (git-fixes). - drm/amd/display: fix the delta clamping for shaper lut (git-fixes). - drm/amd/display: fix unbounded requesting for high pixel rate modes on dcn315 (git-fixes). - drm/amd/display: fix underflow issue on 175hz timing (git-fixes). - drm/amd/display: for prefetch mode > 0, extend prefetch if possible (git-fixes). - drm/amd/display: guard against invalid rptr/wptr being set (git-fixes). - drm/amd/display: guard dcn31 phyd32clk logic against chip family (git-fixes). - drm/amd/display: handle range offsets in vrr ranges (stable-fixes). - drm/amd/display: handle seamless boot stream (git-fixes). - drm/amd/display: handle virtual hardware detect (git-fixes). - drm/amd/display: include surface of unaffected streams (git-fixes). - drm/amd/display: include udelay when waiting for inbox0 ack (git-fixes). - drm/amd/display: increase frame warning limit with kasan or kcsan in dml (git-fixes). - drm/amd/display: keep phy active for dp config (git-fixes). - drm/amd/display: perform a bounds check before filling dirty rectangles (git-fixes). - drm/amd/display: prevent vtotal from being set to 0 (git-fixes). - drm/amd/display: remove min_dst_y_next_start check for z8 (git-fixes). - drm/amd/display: restore rptr/wptr for dmcub as workaround (git-fixes). - drm/amd/display: return the correct hdcp error code (stable-fixes). - drm/amd/display: revert vblank change that causes null pointer crash (git-fixes). - drm/amd/display: rework comments on dc file (git-fixes). - drm/amd/display: rework context change check (git-fixes). - drm/amd/display: set minimum requirement for using psr-su on phoenix (git-fixes). - drm/amd/display: set minimum requirement for using psr-su on rembrandt (git-fixes). - drm/amd/display: set per pipe dppclk to 0 when dpp is off (git-fixes). - drm/amd/display: update correct dcn314 register header (git-fixes). - drm/amd/display: update extended blank for dcn314 onwards (git-fixes). - drm/amd/display: update min z8 residency time to 2100 for dcn314 (git-fixes). - drm/amd/display: update otg instance in the commit stream (git-fixes). - drm/amd/display: use dram speed from validation for dummy p-state (git-fixes). - drm/amd/display: use dtbclk as refclk instead of dprefclk (git-fixes). - drm/amd/display: use low clocks for no plane configs (git-fixes). - drm/amd/display: use min transition for all subvp plane add/remove (git-fixes). - drm/amd/display: write to correct dirty_rect (git-fixes). - drm/amd/display: wrong colorimetry workaround (git-fixes). - drm/amd/pm: fix a memleak in aldebaran_tables_init (git-fixes). - drm/amd/pm: fix error of maco flag setting code (git-fixes). - drm/amd/smu: use averagegfxclkfrequency* to replace previous gfx curr clock (git-fixes). - drm/amd: enable pcie pme from d3 (git-fixes). - drm/amdgpu/pm: fix the error of pwm1_enable setting (stable-fixes). - drm/amdgpu/pm: make gfxclock consistent for sienna cichlid (git-fixes). - drm/amdgpu/pm: make mclk consistent for smu 13.0.7 (git-fixes). - drm/amdgpu/smu13: drop compute workload workaround (git-fixes). - drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (stable-fixes). - drm/amdgpu: enable gpu reset for s3 abort cases on raven series (stable-fixes). - drm/amdgpu: fix missing break in atom_arg_imm case of atom_get_src_int() (git-fixes). - drm/amdgpu: force order between a read and write to the same address (git-fixes). - drm/amdgpu: lower cs errors to debug severity (git-fixes). - drm/amdgpu: match against exact bootloader status (git-fixes). - drm/amdgpu: unset context priority is now invalid (git-fixes). - drm/amdgpu: update min() to min_t() in 'amdgpu_info_ioctl' (git-fixes). - drm/amdkfd: fix tlb flush after unmap for gfx9.4.2 (stable-fixes). - drm/bridge: tc358762: instruct dsi host to generate hse packets (git-fixes). - drm/display: fix typo (git-fixes). - drm/edid: add quirk for osvr hdk 2.0 (git-fixes). - drm/etnaviv: restore some id values (git-fixes). - drm/exynos: do not return negative values from .get_modes() (stable-fixes). - drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() (git-fixes). - drm/i915/bios: tolerate devdata==null in intel_bios_encoder_supports_dp_dual_mode() (stable-fixes). - drm/i915/gt: do not generate the command streamer for all the ccs (git-fixes). - drm/i915/gt: reset queue_priority_hint on parking (git-fixes). - drm/i915/gt: use i915_vm_put on ppgtt_create error paths (git-fixes). - drm/i915/selftests: fix dependency of some timeouts on hz (git-fixes). - drm/i915: add missing ccs documentation (git-fixes). - drm/i915: call intel_pre_plane_updates() also for pipes getting enabled (git-fixes). - drm/i915: check before removing mm notifier (git-fixes). - drm/lima: fix a memleak in lima_heap_alloc (git-fixes). - drm/mediatek: dsi: fix dsi rgb666 formats and definitions (git-fixes). - drm/mediatek: fix a null pointer crash in mtk_drm_crtc_finish_page_flip (git-fixes). - drm/msm/dpu: add division of drm_display_mode's hskew parameter (git-fixes). - drm/msm/dpu: fix the programming of intf_cfg2_data_hctl_en (git-fixes). - drm/msm/dpu: improve dsc allocation (git-fixes). - drm/msm/dpu: only enable dsc_mode_multiplex if dsc_merge is enabled (git-fixes). - drm/panel-edp: use put_sync in unprepare (git-fixes). - drm/panel: auo,b101uan08.3: fine tune the panel power sequence (git-fixes). - drm/panel: boe-tv101wum-nl6: fine tune the panel power sequence (git-fixes). - drm/panel: do not return negative error codes from drm_panel_get_modes() (stable-fixes). - drm/panel: move aux b116xw03 out of panel-edp back to panel-simple (git-fixes). - drm/panfrost: fix power transition timeout warnings (git-fixes). - drm/probe-helper: warn about negative .get_modes() (stable-fixes). - drm/qxl: remove unused `count` variable from `qxl_surface_id_alloc()` (git-fixes). - drm/qxl: remove unused variable from `qxl_process_single_command()` (git-fixes). - drm/radeon/ni: fix wrong firmware size logging in ni_init_microcode() (git-fixes). - drm/radeon/ni_dpm: remove redundant null check (git-fixes). - drm/radeon: remove dead code in ni_mc_load_microcode() (git-fixes). - drm/rockchip: dsi: clean up 'usage_mode' when failing to attach (git-fixes). - drm/rockchip: inno_hdmi: fix video timing (git-fixes). - drm/rockchip: lvds: do not overwrite error code (git-fixes). - drm/rockchip: lvds: do not print scary message when probing defer (git-fixes). - drm/tegra: dpaux: fix pm disable depth imbalance in tegra_dpaux_probe (git-fixes). - drm/tegra: dsi: add missing check for of_find_device_by_node (git-fixes). - drm/tegra: dsi: fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() (git-fixes). - drm/tegra: dsi: fix some error handling paths in tegra_dsi_probe() (git-fixes). - drm/tegra: dsi: make use of the helper function dev_err_probe() (stable-fixes). - drm/tegra: hdmi: convert to devm_platform_ioremap_resource() (stable-fixes). - drm/tegra: hdmi: fix some error handling paths in tegra_hdmi_probe() (git-fixes). - drm/tegra: output: fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() (git-fixes). - drm/tegra: put drm_gem_object ref on error in tegra_fb_create (git-fixes). - drm/tegra: rgb: fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() (git-fixes). - drm/tegra: rgb: fix some error handling paths in tegra_dc_rgb_probe() (git-fixes). - drm/tidss: fix initial plane zpos values (git-fixes). - drm/tidss: fix sync-lost issue with two displays (git-fixes). - drm/ttm: do not leak a resource on eviction error (git-fixes). - drm/ttm: do not print error message if eviction was interrupted (git-fixes). - drm/vc4: add module dependency on hdmi-codec (git-fixes). - drm/vmwgfx: create debugfs ttm_resource_manager entry only if needed (git-fixes). - drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (git-fixes). - drm/vmwgfx: fix possible null pointer derefence with invalid contexts (git-fixes). - drm: do not treat 0 as -1 in drm_fixp2int_ceil (git-fixes). - drm: fix drm_fixp2int_round() making it add 0.5 (git-fixes). - drm: panel-orientation-quirks: add quirk for acer switch v 10 (sw5-017) (git-fixes). - firewire: core: use long bus reset on gap count error (stable-fixes). - fix 'coresight: etm4x: Change etm4_platform_driver driver for MMIO devices' (bsc#1220775) - hid: amd_sfh: Update HPD sensor structure elements (git-fixes). - hid: lenovo: Add middleclick_workaround sysfs knob for cptkbd (git-fixes). - hid: multitouch: Add required quirk for Synaptics 0xcddc device (stable-fixes). - hv_netvsc: calculate correct ring size when page_size is not 4 kbytes (git-fixes). - hv_netvsc: fix race condition between netvsc_probe and netvsc_remove (git-fixes). - hv_netvsc: register vf in netvsc_probe if net_device_register missed (git-fixes). - i2c: aspeed: fix the dummy irq expected print (git-fixes). - i2c: i801: avoid potential double call to gpiod_remove_lookup_table (git-fixes). - i2c: wmt: fix an error handling path in wmt_i2c_probe() (git-fixes). - ib/ipoib: Fix mcast list locking (git-fixes) - iio: dummy_evgen: remove excess kernel-doc comments (git-fixes). - iio: pressure: dlhl60d: initialize empty dlh bytes (git-fixes). - input: gpio_keys_polled - suppress deferred probe error for gpio (stable-fixes). - input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table (git-fixes). - input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table (git-fixes). - input: i8042 - add quirk for Fujitsu Lifebook A574/H (git-fixes). - input: i8042 - fix strange behavior of touchpad on Clevo NS70PU (git-fixes). - input: pm8941-powerkey - fix debounce on gen2+ PMICs (git-fixes). - input: pm8941-pwrkey - add software key press debouncing support (git-fixes). - input: pm8941-pwrkey - add support for PON GEN3 base addresses (git-fixes). - input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal (git-fixes). - input: xpad - add Lenovo Legion Go controllers (git-fixes). - iommu/amd: mark interrupt as managed (git-fixes). - iommu/dma: trace bounce buffer usage when mapping buffers (git-fixes). - iommu/mediatek-v1: fix an error handling path in mtk_iommu_v1_probe() (git-fixes). - iommu/mediatek: fix forever loop in error handling (git-fixes). - iommu/vt-d: allow to use flush-queue when first level is default (git-fixes). - iommu/vt-d: do not issue ats invalidation request when device is disconnected (git-fixes). - iommu/vt-d: fix pasid directory pointer coherency (git-fixes). - iommu/vt-d: set no execute enable bit in pasid table entry (git-fixes). - kabi: pci: add locking to rmw pci express capability register accessors (kabi). - kconfig: fix infinite loop when expanding a macro at the end of file (git-fixes). - kvm: s390: only deliver the set service event bits (git-fixes bsc#1221631). - lan78xx: enable auto speed configuration for lan7850 if no eeprom is detected (git-commit). - leds: aw2013: unlock mutex before destroying it (git-fixes). - lib/cmdline: fix an invalid format specifier in an assertion msg (git-fixes). - make nvidiA Grace-Hopper TPM related drivers build-ins (bsc#1221156) - md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes). - md/raid5: release batch_last before waiting for another stripe_head (git-fixes). - md/raid6: use valid sector values to determine if an i/o should wait on the reshape (git-fixes). - md: do not ignore suspended array in md_check_recovery() (git-fixes). - md: do not leave 'md_recovery_frozen' in error path of md_set_readonly() (git-fixes). - md: fix data corruption for raid456 when reshape restart while grow up (git-fixes). - md: introduce md_ro_state (git-fixes). - md: make sure md_do_sync() will set md_recovery_done (git-fixes). - md: whenassemble the array, consult the superblock of the freshest device (git-fixes). - media: dvb-frontends: avoid stack overflow warnings with clang (git-fixes). - media: edia: dvbdev: fix a use-after-free (git-fixes). - media: em28xx: annotate unchecked call to media_device_register() (git-fixes). - media: go7007: add check of return value of go7007_read_addr() (git-fixes). - media: go7007: fix a memleak in go7007_load_encoder (git-fixes). - media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak (git-fixes). - media: pvrusb2: fix pvr2_stream_callback casts (git-fixes). - media: pvrusb2: fix uaf in pvr2_context_set_notify (git-fixes). - media: pvrusb2: remove redundant null check (git-fixes). - media: staging: ipu3-imgu: set fields before media_entity_pads_init() (git-fixes). - media: sun8i-di: fix chroma difference threshold (git-fixes). - media: sun8i-di: fix coefficient writes (git-fixes). - media: sun8i-di: fix power on/off sequences (git-fixes). - media: tc358743: register v4l2 async device only after successful setup (git-fixes). - media: ttpci: fix two memleaks in budget_av_attach (git-fixes). - media: usbtv: remove useless locks in usbtv_video_free() (git-fixes). - media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity (git-fixes). - media: v4l2-tpg: fix some memleaks in tpg_alloc (git-fixes). - media: xc4000: fix atomicity violation in xc4000_get_frequency (git-fixes). - mfd: altera-sysmgr: call of_node_put() only when of_parse_phandle() takes a ref (git-fixes). - mfd: syscon: call of_node_put() only when of_parse_phandle() takes a ref (git-fixes). - mm,page_owner: Defer enablement of static branch (bsc#1222366). - mm,page_owner: check for null stack_record before bumping its refcount (bsc#1222366). - mm,page_owner: drop unnecessary check (bsc#1222366). - mm,page_owner: fix accounting of pages when migrating (bsc#1222366). - mm,page_owner: fix printing of stack records (bsc#1222366). - mm,page_owner: fix recursion (bsc#1222366). - mm,page_owner: fix refcount imbalance (bsc#1222366). - mm,page_owner: update metadata for tail pages (bsc#1222366). - mm/vmalloc: huge vmalloc backing pages should be split rather than compound (bsc#1217829). - mmc: core: avoid negative index with array access (git-fixes). - mmc: core: fix switch on gp3 partition (git-fixes). - mmc: core: initialize mmc_blk_ioc_data (git-fixes). - mmc: mmci: stm32: fix dma api overlapping mappings warning (git-fixes). - mmc: mmci: stm32: use a buffer for unaligned dma requests (git-fixes). - mmc: tmio: avoid concurrent runs of mmc_request_done() (git-fixes). - mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function (git-fixes). - mtd: maps: physmap-core: fix flash size larger than 32-bit (git-fixes). - mtd: rawnand: lpc32xx_mlc: fix irq handler prototype (git-fixes). - mtd: rawnand: meson: fix scrambling mode value in command macro (git-fixes). - net/bnx2x: prevent access to a freed page in page_pool (bsc#1215322). - net/x25: fix incorrect parameter validation in the x25_getsockopt() function (git-fixes). - net: fix features skip in for_each_netdev_feature() (git-fixes). - net: lan78xx: fix runtime pm count underflow on link stop (git-fixes). - net: ll_temac: platform_get_resource replaced by wrong function (git-fixes). - net: mana: fix rx dma datasize and skb_over_panic (git-fixes). - net: phy: fix phy_get_internal_delay accessing an empty array (git-fixes). - net: sunrpc: fix an off by one in rpc_sockaddr2uaddr() (git-fixes). - net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes). - nfc: nci: fix uninit-value in nci_dev_up and nci_ntf_packet (git-fixes). - nfs: fix an off by one in root_nfs_cat() (git-fixes). - nfs: rename nfs_client_kset to nfs_kset (git-fixes). - nfsd: change LISTXATTRS cookie encoding to big-endian (git-fixes). - nfsd: convert the callback workqueue to use delayed_work (git-fixes). - nfsd: do not take fi_lock in nfsd_break_deleg_cb() (git-fixes). - nfsd: fix LISTXATTRS returning a short list with eof=TRUE (git-fixes). - nfsd: fix LISTXATTRS returning more bytes than maxcount (git-fixes). - nfsd: fix file memleak on client_opens_release (git-fixes). - nfsd: fix nfsd4_listxattr_validate_cookie (git-fixes). - nfsd: lock_rename() needs both directories to live on the same fs (git-fixes). - nfsd: reschedule CB operations when backchannel rpc_clnt is shut down (git-fixes). - nfsd: reset cb_seq_status after NFS4ERR_DELAY (git-fixes). - nfsd: retransmit callbacks after client reconnects (git-fixes). - nfsd: use vfs setgid helper (git-fixes). - nfsv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT (git-fixes). - nfsv4.1: fix SP4_MACH_CRED protection for pnfs IO (git-fixes). - nfsv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes). - nfsv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes). - nfsv4.2: fix listxattr maximum XDR buffer size (git-fixes). - nfsv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (git-fixes). - nfsv4.2: fix wrong shrinker_id (git-fixes). - nfsv4: fix a nfs4_state_manager() race (git-fixes). - nfsv4: fix a state manager thread deadlock regression (git-fixes). - nilfs2: fix failure to detect dat corruption in btree and direct mappings (git-fixes). - nilfs2: prevent kernel bug at submit_bh_wbc() (git-fixes). - nouveau/dmem: handle kcalloc() allocation failure (git-fixes). - nouveau: reset the bo resource bus info after an eviction (git-fixes). - ntfs: fix use-after-free in ntfs_ucsncmp() (bsc#1221713). - nvme-fc: do not wait in vain when unloading module (git-fixes). - nvme: fix reconnection fail due to reserved tag allocation (git-fixes). - nvmet-fc: abort command when there is no binding (git-fixes). - nvmet-fc: avoid deadlock on delete association path (git-fixes). - nvmet-fc: defer cleanup using rcu properly (git-fixes). - nvmet-fc: hold reference on hostport match (git-fixes). - nvmet-fc: release reference on target port (git-fixes). - nvmet-fc: take ref count on tgtport before delete assoc (git-fixes). - nvmet-fcloop: swap the list_add_tail arguments (git-fixes). - nvmet-tcp: fix nvme tcp ida memory leak (git-fixes). - pci/aer: fix rootport attribute paths in ABI docs (git-fixes). - pci/aspm: Use RMW accessors for changing LNKCTL (git-fixes). - pci/dpc: print all TLP Prefixes, not just the first (git-fixes). - pci/msi: prevent MSI hardware interrupt number truncation (bsc#1218777) - pci/p2pdma: Fix a sleeping issue in a RCU read section (git-fixes). - pci: add locking to RMW PCI Express Capability Register accessors (git-fixes). - pci: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() (git-fixes). - pci: dwc: endpoint: Fix advertised resizable BAR size (git-fixes). - pci: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support (git-fixes). - pci: fu740: Set the number of MSI vectors (git-fixes). - pci: lengthen reset delay for VideoPropulsion Torrent QN16e card (git-fixes). - pci: make link retraining use RMW accessors for changing LNKCTL (git-fixes). - pci: mark 3ware-9650SE Root Port Extended Tags as broken (git-fixes). - pci: mediatek-gen3: Fix translation window size calculation (git-fixes). - pci: mediatek: Clear interrupt status before dispatching handler (git-fixes). - pci: qcom: Enable BDF to SID translation properly (git-fixes). - pci: qcom: Use DWC helpers for modifying the read-only DBI registers (git-fixes). - pci: rockchip: Do not advertise MSI-X in PCIe capabilities (git-fixes). - pci: rockchip: Fix window mapping and address translation for endpoint (git-fixes). - pci: rockchip: Use 64-bit mask on MSI 64-bit PCI address (git-fixes). - pci: switchtec: Fix an error handling path in switchtec_pci_probe() (git-fixes). - pinctrl: mediatek: drop bogus slew rate register range for mt8192 (git-fixes). - platform/mellanox: mlxreg-hotplug: Remove redundant NULL-check (git-fixes). - pm: suspend: Set mem_sleep_current during kernel command line setup (git-fixes). - pnfs/flexfiles: check the layout validity in ff_layout_mirror_prepare_stats (git-fixes). - pnfs: fix a hang in nfs4_evict_inode() (git-fixes). - pnfs: fix the pnfs block driver's calculation of layoutget size (git-fixes). - powerpc/64s: POWER10 CPU Kconfig build option (bsc#1194869). - powerpc/boot: Disable power10 features after BOOTAFLAGS assignment (bsc#1194869). - powerpc/boot: Fix boot wrapper code generation with CONFIG_POWER10_CPU (bsc#1194869). - powerpc/lib/sstep: Do not use __{get/put}_user() on kernel addresses (bsc#1194869). - powerpc/lib/sstep: Remove unneeded #ifdef __powerpc64__ (bsc#1194869). - powerpc/lib/sstep: Use l1_dcache_bytes() instead of opencoding (bsc#1194869). - powerpc/lib/sstep: use truncate_if_32bit() (bsc#1194869). - powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270). - powerpc/pseries: Fix potential memleak in papr_get_attr() (bsc#1200465 ltc#197256 jsc#SLE-18130 git-fixes). - powerpc/sstep: Use bitwise instead of arithmetic operator for flags (bsc#1194869). - powerpc: add compile-time support for lbarx, lharx (bsc#1194869). - pwm: mediatek: Update kernel doc for struct pwm_mediatek_of_data (git-fixes). - qedf: Do not process stag work during unload (bsc#1214852). - qedf: Wait for stag work during unload (bsc#1214852). - raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1221097). - ras/amd/fmpm: Add debugfs interface to print record entries (jsc#PED-7619). - ras/amd/fmpm: Avoid NULL ptr deref in get_saved_records() (jsc#PED-7619). - ras/amd/fmpm: Fix build when debugfs is not enabled (jsc#PED-7619). - ras/amd/fmpm: Fix off by one when unwinding on error (jsc#PED-7619). - ras/amd/fmpm: Safely handle saved records of various sizes (jsc#PED-7619). - ras/amd/fmpm: Save SPA values (jsc#PED-7619). - ras: Avoid build errors when CONFIG_DEBUG_FS=n (git-fixes). - ras: export helper to get ras_debugfs_dir (jsc#PED-7619). - rdma/device: fix a race between mad_client and cm_client init (git-fixes) - rdma/hns: fix mis-modifying default congestion control algorithm (git-fixes) - rdma/ipoib: fix error code return in ipoib_mcast_join (git-fixes) - rdma/irdma: remove duplicate assignment (git-fixes) - rdma/mana_ib: fix bug in creation of dma regions (git-fixes). - rdma/mlx5: fix fortify source warning while accessing eth segment (git-fixes) - rdma/mlx5: relax devx access upon modify commands (git-fixes) - rdma/rtrs-clt: check strnlen return len in sysfs mpath_policy_store() (git-fixes) - rdma/srpt: do not register event handler until srpt device is fully setup (git-fixes) - revert 'drm/amd: disable psr-su on parade 0803 tcon' (git-fixes). - revert 'drm/amd: disable s/g for apus when 64gb or more host memory' (git-fixes). - revert 'drm/amdgpu/display: change pipe policy for dcn 2.0' (git-fixes). - revert 'drm/amdgpu/display: change pipe policy for dcn 2.1' (git-fixes). - revert 'drm/vc4: hdmi: enforce the minimum rate at runtime_resume' (git-fixes). - revert 'fbdev: flush deferred io before closing (git-fixes).' (bsc#1221814) - revert 'pci: tegra194: enable support for 256 byte payload' (git-fixes). - revert 'revert 'drm/amdgpu/display: change pipe policy for dcn 2.0'' (git-fixes). - revert 'sunrpc dont update timeout value on connection reset' (git-fixes). - ring-buffer: Clean ring_buffer_poll_wait() error return (git-fixes). - rtc: mt6397: select IRQ_DOMAIN instead of depending on it (git-fixes). - s390/pai: fix attr_event_free upper limit for pai device drivers (git-fixes bsc#1221633). - s390/vfio-ap: realize the VFIO_DEVICE_GET_IRQ_INFO ioctl (bsc#1205316). - s390/vfio-ap: realize the VFIO_DEVICE_SET_IRQS ioctl (bsc#1205316). - s390/vfio-ap: wire in the vfio_device_ops request callback (bsc#1205316). - s390/vtime: fix average steal time calculation (git-fixes bsc#1221951). - sched/rt: Disallow writing invalid values to sched_rt_period_us (bsc#1220176). - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset (bsc#1220176). - scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() (bsc#1221777). - scsi: lpfc: Correct size for wqe for memset() (bsc#1221777). - scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr (bsc#1221777). - scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr (bsc#1221777). - scsi: lpfc: Define types in a union for generic void *context3 ptr (bsc#1221777). - scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (bsc#1221777). - scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1221777). - scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1221777 bsc#1217959). - scsi: lpfc: Remove unnecessary log message in queuecommand path (bsc#1221777). - scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() (bsc#1221777). - scsi: lpfc: Update lpfc version to 14.4.0.1 (bsc#1221777). - scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic (bsc#1221777). - scsi: lpfc: Use a dedicated lock for ras_fwlog state (bsc#1221777). - scsi: qedf: Remove set but unused variable 'page' (bsc#1214852). - scsi: qedf: Remove unused 'num_handled' variable (bsc#1214852). - scsi: qedf: Remove unused declaration (bsc#1214852). - scsi: qla2xxx: Change debug message during driver unload (bsc1221816). - scsi: qla2xxx: Delay I/O Abort on PCI error (bsc1221816). - scsi: qla2xxx: Fix N2N stuck connection (bsc1221816). - scsi: qla2xxx: Fix command flush on cable pull (bsc1221816). - scsi: qla2xxx: Fix double free of fcport (bsc1221816). - scsi: qla2xxx: Fix double free of the ha->vp_map pointer (bsc1221816). - scsi: qla2xxx: NVME|FCP prefer flag not being honored (bsc1221816). - scsi: qla2xxx: Prevent command send on chip reset (bsc1221816). - scsi: qla2xxx: Split FCE|EFT trace control (bsc1221816). - scsi: qla2xxx: Update manufacturer detail (bsc1221816). - scsi: qla2xxx: Update version to 10.02.09.200-k (bsc1221816). - scsi: storvsc: Fix ring buffer size calculation (git-fixes). - scsi: target: core: Silence the message about unknown VPD pages (bsc#1221252). - selftests/bpf: add generic BPF program tester-loader (bsc#1222033). - serial: 8250_exar: Do not remove GPIO device on suspend (git-fixes). - serial: max310x: fix syntax error in IRQ error message (git-fixes). - slimbus: core: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - soc: fsl: qbman: Always disable interrupts when taking cgr_lock (git-fixes). - spi: lm70llp: fix links in doc and comments (git-fixes). - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (git-fixes). - sr9800: Add check for usbnet_get_endpoints (git-fixes). - stackdepot: rename pool_index to pool_index_plus_1 (git-fixes). - staging: vc04_services: fix information leak in create_component() (git-fixes). - sunrpc: add an is_err() check back to where it was (git-fixes). - sunrpc: econnreset might require a rebind (git-fixes). - sunrpc: fix a memleak in gss_import_v2_context (git-fixes). - sunrpc: fix a suspicious rcu usage warning (git-fixes). - sunrpc: fix rpc client cleaned up the freed pipefs dentries (git-fixes). - sunrpc: fix some memleaks in gssx_dec_option_array (git-fixes). - svcrdma: Drop connection after an RDMA Read error (git-fixes). - topology/sysfs: Hide PPIN on systems that do not support it (jsc#PED-7618). - topology: Fix up build warning in topology_is_visible() (jsc#PED-7618). - tracing/probes: Fix to show a parse error for bad type for $comm (git-fixes). - tracing: Fix wasted memory in saved_cmdlines logic (git-fixes). - tracing: Inform kmemleak of saved_cmdlines allocation (git-fixes). - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619). - tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled (git-fixes). - tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (git-fixes). - tty: vt: fix 20 vs 0x20 typo in EScsiignore (git-fixes). - ubifs: Queue up space reservation tasks if retrying many times (git-fixes). - ubifs: Remove unreachable code in dbg_check_ltab_lnum (git-fixes). - ubifs: Set page uptodate in the correct place (git-fixes). - ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed (git-fixes). - ubifs: fix sort function prototype (git-fixes). - usb: audio-v2: Correct comments for struct uac_clock_selector_descriptor (git-fixes). - usb: cdc-wdm: close race between read and workqueue (git-fixes). - usb: core: fix deadlock in usb_deauthorize_interface() (git-fixes). - usb: dwc2: gadget: Fix exiting from clock gating (git-fixes). - usb: dwc2: gadget: LPM flow fix (git-fixes). - usb: dwc2: host: Fix ISOC flow in DDMA mode (git-fixes). - usb: dwc2: host: Fix hibernation flow (git-fixes). - usb: dwc2: host: Fix remote wakeup from hibernation (git-fixes). - usb: dwc3: Properly set system wakeup (git-fixes). - usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes). - usb: gadget: ncm: Fix handling of zero block length packets (git-fixes). - usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (git-fixes). - usb: hub: Replace hardcoded quirk value with BIT() macro (git-fixes). - usb: port: Do not try to peer unused USB ports based on location (git-fixes). - usb: typec: Return size of buffer if pd_set operation succeeds (git-fixes). - usb: typec: ucsi: Check for notifications after init (git-fixes). - usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (git-fixes). - usb: typec: ucsi: Clear EVENT_PENDING under PPM lock (git-fixes). - usb: usb-storage: prevent divide-by-0 error in isd200_ata_command (git-fixes). - usb: xhci: Add error handling in xhci_map_urb_for_dma (git-fixes). - vboxsf: Avoid an spurious warning if load_nls_xxx() fails (git-fixes). - vt: fix unicode buffer corruption when deleting characters (git-fixes). - watchdog: stm32_iwdg: initialize default timeout (git-fixes). - wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (git-fixes). - wifi: ath11k: decrease MHI channel buffer length to 8KB (bsc#1207948). - wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use (git-fixes). - wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (git-fixes). - wifi: b43: Disable QoS for bcm4331 (git-fixes). - wifi: b43: Stop correct queue in DMA worker when QoS is disabled (git-fixes). - wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled (git-fixes). - wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled (git-fixes). - wifi: brcmfmac: fix copyright year mentioned in platform_data header (git-fixes). - wifi: brcmsmac: avoid function pointer casts (git-fixes). - wifi: iwlwifi: dbg-tlv: ensure NUL termination (git-fixes). - wifi: iwlwifi: fix EWRD table validity check (git-fixes). - wifi: iwlwifi: fw: do not always use FW dump trig (git-fixes). - wifi: iwlwifi: mvm: do not set replay counters to 0xff (git-fixes). - wifi: iwlwifi: mvm: report beacon protection failures (git-fixes). - wifi: iwlwifi: mvm: rfi: fix potential response leaks (git-fixes). - wifi: iwlwifi: mvm: use FW rate for non-data only on new devices (git-fixes). - wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (git-fixes). - wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() (git-fixes). - wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (git-fixes). - wifi: rtw88: 8821c: Fix false alarm count (git-fixes). - wifi: wilc1000: fix RCU usage in connect path (git-fixes). - wifi: wilc1000: fix declarations ordering (stable-fixes). - wifi: wilc1000: fix multi-vif management when deleting a vif (git-fixes). - wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces (git-fixes). - x86/CPU/AMD: Update the Zenbleed microcode revisions (git-fixes). - x86/bugs: Fix the SRSO mitigation on Zen3/4 (git-fixes). - x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (git-fixes). - xhci: handle isoc Babble and Buffer Overrun events properly (git-fixes). - xhci: process isoc TD properly when there was a transaction error mid TD (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1557-1 Released: Wed May 8 11:42:34 2024 Summary: Security update for rpm Type: security Severity: moderate References: 1189495,1191175,1218686,CVE-2021-3521 This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175) Other fixes: - accept more signature subpackets marked as critical (bsc#1218686) - backport limit support for the autopatch macro (bsc#1189495) The following package changes have been done: - glibc-2.31-150300.74.1 updated - systemd-default-settings-branding-SLE-0.10-150300.3.7.1 updated - systemd-default-settings-0.10-150300.3.7.1 updated - rpm-4.14.3-150400.59.16.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.17.3 updated - kernel-default-base-5.14.21-150500.55.59.1.150500.6.25.7 updated - qemu-guest-agent-7.1.0-150500.49.15.1 updated - glibc-locale-base-2.31-150300.74.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.2-5.5.1 updated From sle-container-updates at lists.suse.com Sat May 11 07:01:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 11 May 2024 09:01:24 +0200 (CEST) Subject: SUSE-IU-2024:424-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20240511070124.A7C14FCEF@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:424-1 Image Tags : suse/sle-micro/rt-5.5:2.0.2 , suse/sle-micro/rt-5.5:2.0.2-3.2.119 , suse/sle-micro/rt-5.5:latest Image Release : 3.2.119 Severity : important Type : security References : 1189495 1191175 1194869 1200465 1205316 1207948 1209635 1209657 1211721 1212514 1213456 1214852 1215221 1215322 1217339 1217829 1217959 1217987 1217988 1217989 1218321 1218336 1218479 1218562 1218643 1218686 1218777 1219169 1219170 1219264 1219834 1220114 1220176 1220237 1220251 1220320 1220325 1220328 1220337 1220340 1220365 1220366 1220398 1220411 1220413 1220433 1220439 1220443 1220445 1220466 1220469 1220478 1220482 1220484 1220486 1220487 1220492 1220703 1220735 1220736 1220775 1220790 1220797 1220831 1220833 1220836 1220839 1220840 1220843 1220845 1220848 1220870 1220871 1220872 1220878 1220879 1220883 1220885 1220887 1220898 1220917 1220918 1220920 1220921 1220926 1220927 1220929 1220930 1220931 1220932 1220933 1220937 1220938 1220940 1220954 1220955 1220959 1220960 1220961 1220965 1220969 1220978 1220979 1220981 1220982 1220983 1220985 1220986 1220987 1220989 1220990 1221009 1221012 1221015 1221022 1221039 1221040 1221044 1221045 1221046 1221048 1221055 1221056 1221058 1221060 1221061 1221062 1221066 1221067 1221068 1221069 1221070 1221071 1221077 1221082 1221090 1221097 1221156 1221252 1221273 1221274 1221276 1221277 1221291 1221293 1221298 1221337 1221338 1221361 1221375 1221379 1221407 1221551 1221553 1221613 1221614 1221616 1221618 1221631 1221633 1221713 1221725 1221777 1221814 1221816 1221830 1221951 1222033 1222056 1222060 1222070 1222073 1222117 1222274 1222291 1222300 1222304 1222317 1222331 1222355 1222356 1222360 1222366 1222373 1222547 1222619 1222952 1222992 CVE-2021-3521 CVE-2021-46925 CVE-2021-46926 CVE-2021-46927 CVE-2021-46929 CVE-2021-46930 CVE-2021-46931 CVE-2021-46933 CVE-2021-46934 CVE-2021-46936 CVE-2021-47082 CVE-2021-47083 CVE-2021-47087 CVE-2021-47091 CVE-2021-47093 CVE-2021-47094 CVE-2021-47095 CVE-2021-47096 CVE-2021-47097 CVE-2021-47098 CVE-2021-47099 CVE-2021-47100 CVE-2021-47101 CVE-2021-47102 CVE-2021-47104 CVE-2021-47105 CVE-2021-47107 CVE-2021-47108 CVE-2022-4744 CVE-2022-48626 CVE-2022-48627 CVE-2022-48628 CVE-2022-48629 CVE-2022-48630 CVE-2023-0160 CVE-2023-28746 CVE-2023-35827 CVE-2023-4881 CVE-2023-52447 CVE-2023-52450 CVE-2023-52453 CVE-2023-52454 CVE-2023-52462 CVE-2023-52463 CVE-2023-52467 CVE-2023-52469 CVE-2023-52470 CVE-2023-52474 CVE-2023-52476 CVE-2023-52477 CVE-2023-52481 CVE-2023-52482 CVE-2023-52484 CVE-2023-52486 CVE-2023-52492 CVE-2023-52493 CVE-2023-52494 CVE-2023-52497 CVE-2023-52500 CVE-2023-52501 CVE-2023-52502 CVE-2023-52504 CVE-2023-52507 CVE-2023-52508 CVE-2023-52509 CVE-2023-52510 CVE-2023-52511 CVE-2023-52513 CVE-2023-52515 CVE-2023-52517 CVE-2023-52518 CVE-2023-52519 CVE-2023-52520 CVE-2023-52523 CVE-2023-52524 CVE-2023-52525 CVE-2023-52528 CVE-2023-52529 CVE-2023-52530 CVE-2023-52531 CVE-2023-52532 CVE-2023-52559 CVE-2023-52563 CVE-2023-52564 CVE-2023-52566 CVE-2023-52567 CVE-2023-52569 CVE-2023-52574 CVE-2023-52575 CVE-2023-52576 CVE-2023-52582 CVE-2023-52583 CVE-2023-52587 CVE-2023-52591 CVE-2023-52594 CVE-2023-52595 CVE-2023-52597 CVE-2023-52598 CVE-2023-52599 CVE-2023-52600 CVE-2023-52601 CVE-2023-52602 CVE-2023-52603 CVE-2023-52604 CVE-2023-52605 CVE-2023-52606 CVE-2023-52607 CVE-2023-52608 CVE-2023-52612 CVE-2023-52615 CVE-2023-52617 CVE-2023-52619 CVE-2023-52621 CVE-2023-52623 CVE-2023-52628 CVE-2023-52632 CVE-2023-52637 CVE-2023-52639 CVE-2023-6270 CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2023-7042 CVE-2023-7192 CVE-2024-0841 CVE-2024-2201 CVE-2024-22099 CVE-2024-23307 CVE-2024-25739 CVE-2024-25742 CVE-2024-26599 CVE-2024-26600 CVE-2024-26602 CVE-2024-26607 CVE-2024-26612 CVE-2024-26614 CVE-2024-26620 CVE-2024-26627 CVE-2024-26629 CVE-2024-26642 CVE-2024-26645 CVE-2024-26646 CVE-2024-26651 CVE-2024-26654 CVE-2024-26659 CVE-2024-26664 CVE-2024-26667 CVE-2024-26670 CVE-2024-26695 CVE-2024-26717 CVE-2024-2961 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1398-1 Released: Tue Apr 23 13:58:22 2024 Summary: Recommended update for systemd-default-settings Type: recommended Severity: moderate References: This update for systemd-default-settings fixes the following issues: - Disable pids controller limit under user instances (jsc#SLE-10123) - Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific 'feature' has been abandoned. - User priority '26' for SLE-Micro - Convert more drop-ins into early ones ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1466-1 Released: Mon Apr 29 14:57:59 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194869,1200465,1205316,1207948,1209635,1209657,1212514,1213456,1214852,1215221,1215322,1217339,1217829,1217959,1217987,1217988,1217989,1218321,1218336,1218479,1218562,1218643,1218777,1219169,1219170,1219264,1219834,1220114,1220176,1220237,1220251,1220320,1220325,1220328,1220337,1220340,1220365,1220366,1220398,1220411,1220413,1220433,1220439,1220443,1220445,1220466,1220469,1220478,1220482,1220484,1220486,1220487,1220492,1220703,1220735,1220736,1220775,1220790,1220797,1220831,1220833,1220836,1220839,1220840,1220843,1220845,1220848,1220870,1220871,1220872,1220878,1220879,1220883,1220885,1220887,1220898,1220917,1220918,1220920,1220921,1220926,1220927,1220929,1220930,1220931,1220932,1220933,1220937,1220938,1220940,1220954,1220955,1220959,1220960,1220961,1220965,1220969,1220978,1220979,1220981,1220982,1220983,1220985,1220986,1220987,1220989,1220990,1221009,1221012,1221015,1221022,1221039,1221040,1221044,1221045,1221046,1221048,1221055,1221056,1221058,1221060,1221061,1221062,1 221066,1221067,1221068,1221069,1221070,1221071,1221077,1221082,1221090,1221097,1221156,1221252,1221273,1221274,1221276,1221277,1221291,1221293,1221298,1221337,1221338,1221375,1221379,1221551,1221553,1221613,1221614,1221616,1221618,1221631,1221633,1221713,1221725,1221777,1221814,1221816,1221830,1221951,1222033,1222056,1222060,1222070,1222073,1222117,1222274,1222291,1222300,1222304,1222317,1222331,1222355,1222356,1222360,1222366,1222373,1222619,1222952,CVE-2021-46925,CVE-2021-46926,CVE-2021-46927,CVE-2021-46929,CVE-2021-46930,CVE-2021-46931,CVE-2021-46933,CVE-2021-46934,CVE-2021-46936,CVE-2021-47082,CVE-2021-47083,CVE-2021-47087,CVE-2021-47091,CVE-2021-47093,CVE-2021-47094,CVE-2021-47095,CVE-2021-47096,CVE-2021-47097,CVE-2021-47098,CVE-2021-47099,CVE-2021-47100,CVE-2021-47101,CVE-2021-47102,CVE-2021-47104,CVE-2021-47105,CVE-2021-47107,CVE-2021-47108,CVE-2022-4744,CVE-2022-48626,CVE-2022-48627,CVE-2022-48628,CVE-2022-48629,CVE-2022-48630,CVE-2023-0160,CVE-2023-28746,CVE-2023-35827,CVE- 2023-4881,CVE-2023-52447,CVE-2023-52450,CVE-2023-52453,CVE-2023-52454,CVE-2023-52462,CVE-2023-52463,CVE-2023-52467,CVE-2023-52469,CVE-2023-52470,CVE-2023-52474,CVE-2023-52476,CVE-2023-52477,CVE-2023-52481,CVE-2023-52482,CVE-2023-52484,CVE-2023-52486,CVE-2023-52492,CVE-2023-52493,CVE-2023-52494,CVE-2023-52497,CVE-2023-52500,CVE-2023-52501,CVE-2023-52502,CVE-2023-52504,CVE-2023-52507,CVE-2023-52508,CVE-2023-52509,CVE-2023-52510,CVE-2023-52511,CVE-2023-52513,CVE-2023-52515,CVE-2023-52517,CVE-2023-52518,CVE-2023-52519,CVE-2023-52520,CVE-2023-52523,CVE-2023-52524,CVE-2023-52525,CVE-2023-52528,CVE-2023-52529,CVE-2023-52530,CVE-2023-52531,CVE-2023-52532,CVE-2023-52559,CVE-2023-52563,CVE-2023-52564,CVE-2023-52566,CVE-2023-52567,CVE-2023-52569,CVE-2023-52574,CVE-2023-52575,CVE-2023-52576,CVE-2023-52582,CVE-2023-52583,CVE-2023-52587,CVE-2023-52591,CVE-2023-52594,CVE-2023-52595,CVE-2023-52597,CVE-2023-52598,CVE-2023-52599,CVE-2023-52600,CVE-2023-52601,CVE-2023-52602,CVE-2023-52603,CVE-2023-526 04,CVE-2023-52605,CVE-2023-52606,CVE-2023-52607,CVE-2023-52608,CVE-2023-52612,CVE-2023-52615,CVE-2023-52617,CVE-2023-52619,CVE-2023-52621,CVE-2023-52623,CVE-2023-52628,CVE-2023-52632,CVE-2023-52637,CVE-2023-52639,CVE-2023-6270,CVE-2023-6356,CVE-2023-6535,CVE-2023-6536,CVE-2023-7042,CVE-2023-7192,CVE-2024-0841,CVE-2024-2201,CVE-2024-22099,CVE-2024-23307,CVE-2024-25739,CVE-2024-25742,CVE-2024-26599,CVE-2024-26600,CVE-2024-26602,CVE-2024-26607,CVE-2024-26612,CVE-2024-26614,CVE-2024-26620,CVE-2024-26627,CVE-2024-26629,CVE-2024-26642,CVE-2024-26645,CVE-2024-26646,CVE-2024-26651,CVE-2024-26654,CVE-2024-26659,CVE-2024-26664,CVE-2024-26667,CVE-2024-26670,CVE-2024-26695,CVE-2024-26717 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. NOTE: This update has been retracted due to a bug in the BHI CPU sidechannel mitigation, which led to incorrect selection of other CPU mitigations. The following security bugs were fixed: - CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466). - CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478). - CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443). - CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482). - CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484). - CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486). - CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487). - CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469). - CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439). - CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969). - CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917). - CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954). - CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959). - CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978). - CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551). - CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979). - CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981). - CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982). - CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983). - CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955). - CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985). - CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987). - CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009). - CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960). - CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961). - CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965). - CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366). - CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845). - CVE-2022-48628: Fixed possible lock in ceph (bsc#1220848). - CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989). - CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990). - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657). - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251). - CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237). - CVE-2023-52453: Fixed data corruption in hisi_acc_vfio_pci (bsc#1220337). - CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320). - CVE-2023-52462: Fixed check for attempt to corrupt spilled pointer (bsc#1220325). - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). - CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433). - CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411). - CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413). - CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445). - CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703). - CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790). - CVE-2023-52481: Fixed speculative unprivileged load in Cortex-A520 (bsc#1220887). - CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735). - CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797). - CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277). - CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276). - CVE-2023-52493: Fixed possible soft lockup in bus/mhi/host (bsc#1221274). - CVE-2023-52494: Fixed missing alignment check for event ring read pointer in bus/mhi/host (bsc#1221273). - CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879). - CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883). - CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885). - CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831). - CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553). - CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833). - CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015). - CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836). - CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898). - CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012). - CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022). - CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048). - CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055). - CVE-2023-52518: Fixed information leak in bluetooth/hci_codec (bsc#1221056). - CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920). - CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921). - CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926). - CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927). - CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840). - CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843). - CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929). - CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930). - CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931). - CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932). - CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933). - CVE-2023-52563: Fixed memory leak on ->hpd_notify callback() in drm/meson (bsc#1220937). - CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938). - CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940). - CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839). - CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918). - CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870). - CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871). - CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872). - CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878). - CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058). - CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082). - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044). - CVE-2023-52594: Fixed potential array-index-out-of-bounds read in ath9k_htc_txstatus() (bsc#1221045). - CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046). - CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040). - CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace (bsc#1221060). - CVE-2023-52599: Fixed array-index-out-of-bounds in diNewExt() in jfs (bsc#1221062). - CVE-2023-52600: Fixed uaf in jfs_evict_inode() (bsc#1221071). - CVE-2023-52601: Fixed array-index-out-of-bounds in dbAdjTree() in jfs (bsc#1221068). - CVE-2023-52602: Fixed slab-out-of-bounds Read in dtSearch() in jfs (bsc#1221070). - CVE-2023-52603: Fixed array-index-out-of-bounds in dtSplitRoot() (bsc#1221066). - CVE-2023-52604: Fixed array-index-out-of-bounds in dbAdjTree() (bsc#1221067). - CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039) - CVE-2023-52606: Fixed possible kernel stack corruption in powerpc/lib (bsc#1221069). - CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061). - CVE-2023-52608: Fixed possible race condition in firmware/arm_scmi (bsc#1221375). - CVE-2023-52612: Fixed req->dst buffer overflow in crypto/scomp (bsc#1221616). - CVE-2023-52615: Fixed page fault dead lock on mmap-ed hwrng (bsc#1221614). - CVE-2023-52617: Fixed stdev_release() crash after surprise hot remove (bsc#1221613). - CVE-2023-52619: Fixed possible crash when setting number of cpus to an odd number in pstore/ram (bsc#1221618). - CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073). - CVE-2023-52623: Fixed suspicious RCU usage in SUNRPC (bsc#1222060). - CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117). - CVE-2023-52632: Fixed lock dependency warning with srcu in drm/amdkfd (bsc#1222274). - CVE-2023-52637: Fixed UAF in j1939_sk_match_filter() in can/k1939 (bsc#1222291). - CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie Fixed (bsc#1222300). - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336). - CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479). - CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264). - CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339). - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169). - CVE-2024-25739: Fixed possible crash in create_empty_lvol() in drivers/mtd/ubi/vtbl.c (bsc#1219834). - CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725). - CVE-2024-26599: Fixed out-of-bounds access in of_pwm_single_xlate() (bsc#1220365). - CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340). - CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). - CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736). - CVE-2024-26612: Fixed Oops in fscache_put_cache() This function dereferences (bsc#1221291). - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293). - CVE-2024-26620: Fixed possible device model violation in s390/vfio-ap (bsc#1221298). - CVE-2024-26627: Fixed possible hard lockup in scsi (bsc#1221090). - CVE-2024-26629: Fixed possible protocol violation via RELEASE_LOCKOWNER in nfsd (bsc#1221379). - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830). - CVE-2024-26645: Fixed missing visibility when inserting an element into tracing_map (bsc#1222056). - CVE-2024-26646: Fixed potential memory corruption when resuming from suspend or hibernation in thermal/intel/hfi (bsc#1222070). - CVE-2024-26651: Fixed possible oops via malicious devices in sr9800 (bsc#1221337). - CVE-2024-26654: Fixed use after free in ALSA/sh/aica (bsc#1222304). - CVE-2024-26659: Fixed wrong handling of isoc Babble and Buffer Overrun events in xhci (bsc#1222317). - CVE-2024-26664: Fixed out-of-bounds memory access in create_core_data() in hwmon coretemp (bsc#1222355). - CVE-2024-26667: Fixed null pointer reference in dpu_encoder_helper_phys_cleanup in drm/msm/dpu (bsc#1222331). - CVE-2024-26670: Fixed ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround in kernel arm64 (bsc#1222356). - CVE-2024-26695: Fixed null pointer dereference in __sev_platform_shutdown_locked in crypto ccp (bsc#1222373). - CVE-2024-26717: Fixed null pointer dereference on failed power up in HID i2c-hid-of (bsc#1222360). The following non-security bugs were fixed: - acpi: CPPC: enable AMD CPPC V2 support for family 17h processors (git-fixes). - acpi: processor_idle: Fix memory leak in acpi_processor_power_exit() (git-fixes). - acpi: resource: Add Infinity laptops to irq1_edge_low_force_override (stable-fixes). - acpi: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override (git-fixes). - acpi: resource: Do IRQ override on Lunnen Ground laptops (stable-fixes). - acpi: scan: Fix device check notification handling (git-fixes). - acpica: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() (git-fixes). - alsa: aaci: Delete unused variable in aaci_do_suspend (git-fixes). - alsa: aoa: avoid false-positive format truncation warning (git-fixes). - alsa: aw2: avoid casting function pointers (git-fixes). - alsa: ctxfi: avoid casting function pointers (git-fixes). - alsa: hda/realtek - ALC285 reduce pop noise from Headphone port (stable-fixes). - alsa: hda/realtek - Add Headset Mic supported Acer NB platform (stable-fixes). - alsa: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform (git-fixes). - alsa: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) (git-fixes). - alsa: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone (git-fixes). - alsa: hda/realtek: fix ALC285 issues on HP Envy x360 laptops (stable-fixes). - alsa: hda/realtek: fix mute/micmute LED For HP mt440 (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs for HP EliteBook (stable-fixes). - alsa: seq: fix function cast warnings (git-fixes). - alsa: sh: aica: reorder cleanup operations to avoid UAF bugs (git-fixes). - alsa: usb-audio: Stop parsing channels bits when all channels are found (git-fixes). - arm64: dts: allwinner: h6: Add RX DMA channel for SPDIF (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (git-fixes) - arm64: dts: imx8mm-kontron: Add support for ultra high speed modes on (git-fixes) - arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS (git-fixes) - arm64: dts: marvell: reorder crypto interrupts on Armada SoCs (git-fixes) - arm64: dts: rockchip: add ES8316 codec for ROCK Pi 4 (git-fixes) - arm64: dts: rockchip: add SPDIF node for ROCK Pi 4 (git-fixes) - arm64: dts: rockchip: fix regulator name on rk3399-rock-4 (git-fixes) - arm64: dts: rockchip: set num-cs property for spi on px30 (git-fixes) - arm64: mm: fix VA-range sanity check (git-fixes) - arm64: set __exception_irq_entry with __irq_entry as a default (git-fixes) - asoc: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet (stable-fixes). - asoc: amd: acp: Add missing error handling in sof-mach (git-fixes). - asoc: amd: acp: fix for acp_init function error handling (git-fixes). - asoc: madera: Fix typo in madera_set_fll_clks shift value (git-fixes). - asoc: meson: Use dev_err_probe() helper (stable-fixes). - asoc: meson: aiu: fix function pointer type mismatch (git-fixes). - asoc: meson: axg-tdm-interface: add frame rate constraint (git-fixes). - asoc: meson: axg-tdm-interface: fix mclk setup without mclk-fs (git-fixes). - asoc: meson: t9015: fix function pointer type mismatch (git-fixes). - asoc: ops: Fix wraparound for mask in snd_soc_get_volsw (git-fixes). - asoc: rcar: adg: correct TIMSEL setting for SSI9 (git-fixes). - asoc: rt5645: Make LattePanda board DMI match more precise (stable-fixes). - asoc: rt5682-sdw: fix locking sequence (git-fixes). - asoc: rt711-sdca: fix locking sequence (git-fixes). - asoc: rt711-sdw: fix locking sequence (git-fixes). - asoc: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode (stable-fixes). - asoc: wm8962: Enable oscillator if selecting WM8962_FLL_OSC (stable-fixes). - asoc: wm8962: Fix up incorrect error message in wm8962_set_fll (stable-fixes). - ata: sata_mv: Fix PCI device ID table declaration compilation warning (git-fixes). - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit (git-fixes). - backlight: da9052: Fully initialize backlight_properties during probe (git-fixes). - backlight: lm3630a: Do not set bl->props.brightness in get_brightness (git-fixes). - backlight: lm3630a: Initialize backlight_properties on init (git-fixes). - backlight: lm3639: Fully initialize backlight_properties during probe (git-fixes). - backlight: lp8788: Fully initialize backlight_properties during probe (git-fixes). - blocklayoutdriver: Fix reference leak of pnfs_device_node (git-fixes). - bluetooth: Remove HCI_POWER_OFF_TIMEOUT (git-fixes). - bluetooth: Remove superfluous call to hci_conn_check_pending() (git-fixes). - bluetooth: hci_core: Fix possible buffer overflow (git-fixes). - bluetooth: mgmt: Remove leftover queuing of power_off work (git-fixes). - bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (stable-fixes). - bpf, scripts: Correct GPL license name (git-fixes). - bpf, sockmap: Fix preempt_rt splat when using raw_spin_lock_t (git-fixes). - can: softing: remove redundant NULL check (git-fixes). - clk: zynq: Prevent null pointer dereference caused by kmalloc failure (git-fixes). - comedi: comedi_test: Prevent timers rescheduling during deletion (git-fixes). - coresight: etm4x: Do not access TRCIDR1 for identification (bsc#1220775) - coresight: etm4x: Fix accesses to TRCSEQRSTEVR and TRCSEQSTR (bsc#1220775) - coresight: etm: Override TRCIDR3.CCITMIN on errata affected cpus (bsc#1220775) - cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf() (git-fixes). - cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value (git-fixes). - crypto: arm/sha - fix function cast warnings (git-fixes). - crypto: qat - avoid division by zero (git-fixes). - crypto: qat - fix deadlock in backlog processing (git-fixes). - crypto: qat - fix double free during reset (git-fixes). - crypto: qat - fix state machines cleanup paths (bsc#1218321). - crypto: qat - fix unregistration of compression algorithms (git-fixes). - crypto: qat - fix unregistration of crypto algorithms (git-fixes). - crypto: qat - ignore subsequent state up commands (git-fixes). - crypto: qat - increase size of buffers (git-fixes). - crypto: qat - resolve race condition during AER recovery (git-fixes). - crypto: xilinx - call finalize with bh disabled (git-fixes). - doc-guide: kernel-doc: tell about object-like macros (git-fixes). - doc/README.SUSE: Update information about module support status (jsc#PED-5759) - drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (git-fixes). - drm/amd/display: Add FAMS validation before trying to use it (git-fixes). - drm/amd/display: Add function for validate and update new stream (git-fixes). - drm/amd/display: Avoid ABM when ODM combine is enabled for eDP (git-fixes). - drm/amd/display: Blocking invalid 420 modes on HDMI TMDS for DCN31 (git-fixes). - drm/amd/display: Check if link state is valid (git-fixes). - drm/amd/display: Copy DC context in the commit streams (git-fixes). - drm/amd/display: Disable PSR-SU on Parade 0803 TCON again (git-fixes). - drm/amd/display: Enable fast plane updates on DCN3.2 and above (git-fixes). - drm/amd/display: Enable new commit sequence only for DCN32x (git-fixes). - drm/amd/display: Exit idle optimizations before attempt to access PHY (git-fixes). - drm/amd/display: Expand kernel doc for DC (git-fixes). - drm/amd/display: Fix a bug when searching for insert_above_mpcc (git-fixes). - drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' (git-fixes). - drm/amd/display: Fix possible underflow for displays with large vblank (git-fixes). - drm/amd/display: Fix the delta clamping for shaper LUT (git-fixes). - drm/amd/display: Fix underflow issue on 175hz timing (git-fixes). - drm/amd/display: For prefetch mode > 0, extend prefetch if possible (git-fixes). - drm/amd/display: Guard DCN31 PHYD32CLK logic against chip family (git-fixes). - drm/amd/display: Guard against invalid RPTR/WPTR being set (git-fixes). - drm/amd/display: Handle seamless boot stream (git-fixes). - drm/amd/display: Handle virtual hardware detect (git-fixes). - drm/amd/display: Include surface of unaffected streams (git-fixes). - drm/amd/display: Include udelay when waiting for INBOX0 ACK (git-fixes). - drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml (git-fixes). - drm/amd/display: Keep PHY active for dp config (git-fixes). - drm/amd/display: Prevent vtotal from being set to 0 (git-fixes). - drm/amd/display: Remove min_dst_y_next_start check for Z8 (git-fixes). - drm/amd/display: Restore rptr/wptr for DMCUB as workaround (git-fixes). - drm/amd/display: Return the correct HDCP error code (stable-fixes). - drm/amd/display: Revert vblank change that causes null pointer crash (git-fixes). - drm/amd/display: Rework comments on dc file (git-fixes). - drm/amd/display: Rework context change check (git-fixes). - drm/amd/display: Set minimum requirement for using PSR-SU on Phoenix (git-fixes). - drm/amd/display: Set minimum requirement for using PSR-SU on Rembrandt (git-fixes). - drm/amd/display: Update OTG instance in the commit stream (git-fixes). - drm/amd/display: Update correct DCN314 register header (git-fixes). - drm/amd/display: Update min Z8 residency time to 2100 for DCN314 (git-fixes). - drm/amd/display: Use DRAM speed from validation for dummy p-state (git-fixes). - drm/amd/display: Use DTBCLK as refclk instead of DPREFCLK (git-fixes). - drm/amd/display: Use min transition for all SubVP plane add/remove (git-fixes). - drm/amd/display: Write to correct dirty_rect (git-fixes). - drm/amd/display: Wrong colorimetry workaround (git-fixes). - drm/amd/display: add FB_DAMAGE_CLIPS support (git-fixes). - drm/amd/display: add ODM case when looking for first split pipe (git-fixes). - drm/amd/display: always switch off ODM before committing more streams (git-fixes). - drm/amd/display: clean code-style issues in dcn30_set_mpc_shaper_3dlut (git-fixes). - drm/amd/display: dc.h: eliminate kernel-doc warnings (git-fixes). - drm/amd/display: ensure async flips are only accepted for fast updates (git-fixes). - drm/amd/display: fix ABM disablement (git-fixes). - drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer() (git-fixes). - drm/amd/display: fix dc/core/dc.c kernel-doc (git-fixes). - drm/amd/display: fix hw rotated modes when PSR-SU is enabled (git-fixes). - drm/amd/display: fix kernel-doc issues in dc.h (git-fixes). - drm/amd/display: fix unbounded requesting for high pixel rate modes on dcn315 (git-fixes). - drm/amd/display: handle range offsets in VRR ranges (stable-fixes). - drm/amd/display: perform a bounds check before filling dirty rectangles (git-fixes). - drm/amd/display: set per pipe dppclk to 0 when dpp is off (git-fixes). - drm/amd/display: update extended blank for dcn314 onwards (git-fixes). - drm/amd/display: use low clocks for no plane configs (git-fixes). - drm/amd/pm: Fix error of MACO flag setting code (git-fixes). - drm/amd/pm: fix a memleak in aldebaran_tables_init (git-fixes). - drm/amd/smu: use AverageGfxclkFrequency* to replace previous GFX Curr Clock (git-fixes). - drm/amd: Enable PCIe PME from D3 (git-fixes). - drm/amdgpu/pm: Fix the error of pwm1_enable setting (stable-fixes). - drm/amdgpu/pm: make gfxclock consistent for sienna cichlid (git-fixes). - drm/amdgpu/pm: make mclk consistent for smu 13.0.7 (git-fixes). - drm/amdgpu/smu13: drop compute workload workaround (git-fixes). - drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series (stable-fixes). - drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() (git-fixes). - drm/amdgpu: Force order between a read and write to the same address (git-fixes). - drm/amdgpu: Match against exact bootloader status (git-fixes). - drm/amdgpu: Unset context priority is now invalid (git-fixes). - drm/amdgpu: Update min() to min_t() in 'amdgpu_info_ioctl' (git-fixes). - drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (stable-fixes). - drm/amdgpu: lower CS errors to debug severity (git-fixes). - drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 (stable-fixes). - drm/bridge: tc358762: Instruct DSI host to generate HSE packets (git-fixes). - drm/display: fix typo (git-fixes). - drm/edid: Add quirk for OSVR HDK 2.0 (git-fixes). - drm/etnaviv: Restore some id values (git-fixes). - drm/exynos: do not return negative values from .get_modes() (stable-fixes). - drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() (git-fixes). - drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() (stable-fixes). - drm/i915/gt: Do not generate the command streamer for all the CCS (git-fixes). - drm/i915/gt: Reset queue_priority_hint on parking (git-fixes). - drm/i915/gt: Use i915_vm_put on ppgtt_create error paths (git-fixes). - drm/i915/selftests: Fix dependency of some timeouts on HZ (git-fixes). - drm/i915: Add missing CCS documentation (git-fixes). - drm/i915: Call intel_pre_plane_updates() also for pipes getting enabled (git-fixes). - drm/i915: Check before removing mm notifier (git-fixes). - drm/lima: fix a memleak in lima_heap_alloc (git-fixes). - drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip (git-fixes). - drm/mediatek: dsi: Fix DSI RGB666 formats and definitions (git-fixes). - drm/msm/dpu: Only enable DSC_MODE_MULTIPLEX if dsc_merge is enabled (git-fixes). - drm/msm/dpu: add division of drm_display_mode's hskew parameter (git-fixes). - drm/msm/dpu: fix the programming of INTF_CFG2_DATA_HCTL_EN (git-fixes). - drm/msm/dpu: improve DSC allocation (git-fixes). - drm/panel-edp: use put_sync in unprepare (git-fixes). - drm/panel: Move AUX B116XW03 out of panel-edp back to panel-simple (git-fixes). - drm/panel: auo,b101uan08.3: Fine tune the panel power sequence (git-fixes). - drm/panel: boe-tv101wum-nl6: Fine tune the panel power sequence (git-fixes). - drm/panel: do not return negative error codes from drm_panel_get_modes() (stable-fixes). - drm/panfrost: fix power transition timeout warnings (git-fixes). - drm/probe-helper: warn about negative .get_modes() (stable-fixes). - drm/qxl: remove unused `count` variable from `qxl_surface_id_alloc()` (git-fixes). - drm/qxl: remove unused variable from `qxl_process_single_command()` (git-fixes). - drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() (git-fixes). - drm/radeon/ni_dpm: remove redundant NULL check (git-fixes). - drm/radeon: remove dead code in ni_mc_load_microcode() (git-fixes). - drm/rockchip: dsi: Clean up 'usage_mode' when failing to attach (git-fixes). - drm/rockchip: inno_hdmi: Fix video timing (git-fixes). - drm/rockchip: lvds: do not overwrite error code (git-fixes). - drm/rockchip: lvds: do not print scary message when probing defer (git-fixes). - drm/tegra: dpaux: Fix PM disable depth imbalance in tegra_dpaux_probe (git-fixes). - drm/tegra: dsi: Add missing check for of_find_device_by_node (git-fixes). - drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() (git-fixes). - drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() (git-fixes). - drm/tegra: dsi: Make use of the helper function dev_err_probe() (stable-fixes). - drm/tegra: hdmi: Convert to devm_platform_ioremap_resource() (stable-fixes). - drm/tegra: hdmi: Fix some error handling paths in tegra_hdmi_probe() (git-fixes). - drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() (git-fixes). - drm/tegra: put drm_gem_object ref on error in tegra_fb_create (git-fixes). - drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() (git-fixes). - drm/tegra: rgb: Fix some error handling paths in tegra_dc_rgb_probe() (git-fixes). - drm/tidss: Fix initial plane zpos values (git-fixes). - drm/tidss: Fix sync-lost issue with two displays (git-fixes). - drm/ttm: Do not leak a resource on eviction error (git-fixes). - drm/ttm: Do not print error message if eviction was interrupted (git-fixes). - drm/vc4: Add module dependency on hdmi-codec (git-fixes). - drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed (git-fixes). - drm/vmwgfx: Fix possible null pointer derefence with invalid contexts (git-fixes). - drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (git-fixes). - drm: Do not treat 0 as -1 in drm_fixp2int_ceil (git-fixes). - drm: Fix drm_fixp2int_round() making it add 0.5 (git-fixes). - drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017) (git-fixes). - firewire: core: use long bus reset on gap count error (stable-fixes). - fix 'coresight: etm4x: Change etm4_platform_driver driver for MMIO devices' (bsc#1220775) Hunk with clk_put(drvdata->pclk) was incorrectly moved to another function. - hid: amd_sfh: Update HPD sensor structure elements (git-fixes). - hid: lenovo: Add middleclick_workaround sysfs knob for cptkbd (git-fixes). - hid: multitouch: Add required quirk for Synaptics 0xcddc device (stable-fixes). - hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes (git-fixes). - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (git-fixes). - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (git-fixes). - i2c: aspeed: Fix the dummy irq expected print (git-fixes). - i2c: i801: Avoid potential double call to gpiod_remove_lookup_table (git-fixes). - i2c: wmt: Fix an error handling path in wmt_i2c_probe() (git-fixes). - ib/ipoib: Fix mcast list locking (git-fixes) - iio: dummy_evgen: remove Excess kernel-doc comments (git-fixes). - iio: pressure: dlhl60d: Initialize empty DLH bytes (git-fixes). - input: gpio_keys_polled - suppress deferred probe error for gpio (stable-fixes). - input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table (git-fixes). - input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table (git-fixes). - input: i8042 - add quirk for Fujitsu Lifebook A574/H (git-fixes). - input: i8042 - fix strange behavior of touchpad on Clevo NS70PU (git-fixes). - input: pm8941-powerkey - fix debounce on gen2+ PMICs (git-fixes). - input: pm8941-pwrkey - add software key press debouncing support (git-fixes). - input: pm8941-pwrkey - add support for PON GEN3 base addresses (git-fixes). - input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal (git-fixes). - input: xpad - add Lenovo Legion Go controllers (git-fixes). - iommu/amd: Mark interrupt as managed (git-fixes). - iommu/dma: Trace bounce buffer usage when mapping buffers (git-fixes). - iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe() (git-fixes). - iommu/mediatek: Fix forever loop in error handling (git-fixes). - iommu/vt-d: Allow to use flush-queue when first level is default (git-fixes). - iommu/vt-d: Do not issue ATS Invalidation request when device is disconnected (git-fixes). - iommu/vt-d: Fix PASID directory pointer coherency (git-fixes). - iommu/vt-d: Set No Execute Enable bit in PASID table entry (git-fixes). - kabi: PCI: Add locking to RMW PCI Express Capability Register accessors (kabi). - kconfig: fix infinite loop when expanding a macro at the end of file (git-fixes). - kvm: s390: only deliver the set service event bits (git-fixes bsc#1221631). - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected (git-commit). - leds: aw2013: Unlock mutex before destroying it (git-fixes). - lib/cmdline: Fix an invalid format specifier in an assertion msg (git-fixes). - make NVIDIA Grace-Hopper TPM related drivers build-ins (bsc#1221156) - md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes). - md/raid5: release batch_last before waiting for another stripe_head (git-fixes). - md/raid6: use valid sector values to determine if an I/O should wait on the reshape (git-fixes). - md: Do not ignore suspended array in md_check_recovery() (git-fixes). - md: Make sure md_do_sync() will set MD_RECOVERY_DONE (git-fixes). - md: Whenassemble the array, consult the superblock of the freshest device (git-fixes). - md: do not leave 'MD_RECOVERY_FROZEN' in error path of md_set_readonly() (git-fixes). - md: fix data corruption for raid456 when reshape restart while grow up (git-fixes). - md: introduce md_ro_state (git-fixes). - media: dvb-frontends: avoid stack overflow warnings with clang (git-fixes). - media: edia: dvbdev: fix a use-after-free (git-fixes). - media: em28xx: annotate unchecked call to media_device_register() (git-fixes). - media: go7007: add check of return value of go7007_read_addr() (git-fixes). - media: go7007: fix a memleak in go7007_load_encoder (git-fixes). - media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak (git-fixes). - media: pvrusb2: fix pvr2_stream_callback casts (git-fixes). - media: pvrusb2: fix uaf in pvr2_context_set_notify (git-fixes). - media: pvrusb2: remove redundant NULL check (git-fixes). - media: staging: ipu3-imgu: Set fields before media_entity_pads_init() (git-fixes). - media: sun8i-di: Fix chroma difference threshold (git-fixes). - media: sun8i-di: Fix coefficient writes (git-fixes). - media: sun8i-di: Fix power on/off sequences (git-fixes). - media: tc358743: register v4l2 async device only after successful setup (git-fixes). - media: ttpci: fix two memleaks in budget_av_attach (git-fixes). - media: usbtv: Remove useless locks in usbtv_video_free() (git-fixes). - media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity (git-fixes). - media: v4l2-tpg: fix some memleaks in tpg_alloc (git-fixes). - media: xc4000: Fix atomicity violation in xc4000_get_frequency (git-fixes). - mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref (git-fixes). - mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref (git-fixes). - mm,page_owner: Defer enablement of static branch (bsc#1222366). - mm,page_owner: Fix accounting of pages when migrating (bsc#1222366). - mm,page_owner: Fix printing of stack records (bsc#1222366). - mm,page_owner: Fix refcount imbalance (bsc#1222366). - mm,page_owner: Update metadata for tail pages (bsc#1222366). - mm,page_owner: check for null stack_record before bumping its refcount (bsc#1222366). - mm,page_owner: drop unnecessary check (bsc#1222366). - mm,page_owner: fix recursion (bsc#1222366). - mm/vmalloc: huge vmalloc backing pages should be split rather than compound (bsc#1217829). - mmc: core: Avoid negative index with array access (git-fixes). - mmc: core: Fix switch on gp3 partition (git-fixes). - mmc: core: Initialize mmc_blk_ioc_data (git-fixes). - mmc: mmci: stm32: fix DMA API overlapping mappings warning (git-fixes). - mmc: mmci: stm32: use a buffer for unaligned DMA requests (git-fixes). - mmc: tmio: avoid concurrent runs of mmc_request_done() (git-fixes). - mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function (git-fixes). - mtd: maps: physmap-core: fix flash size larger than 32-bit (git-fixes). - mtd: rawnand: lpc32xx_mlc: fix irq handler prototype (git-fixes). - mtd: rawnand: meson: fix scrambling mode value in command macro (git-fixes). - net/bnx2x: Prevent access to a freed page in page_pool (bsc#1215322). - net/x25: fix incorrect parameter validation in the x25_getsockopt() function (git-fixes). - net: Fix features skip in for_each_netdev_feature() (git-fixes). - net: lan78xx: fix runtime PM count underflow on link stop (git-fixes). - net: ll_temac: platform_get_resource replaced by wrong function (git-fixes). - net: mana: Fix Rx DMA datasize and skb_over_panic (git-fixes). - net: phy: fix phy_get_internal_delay accessing an empty array (git-fixes). - net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() (git-fixes). - net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes). - nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet (git-fixes). - nfs: fix an off by one in root_nfs_cat() (git-fixes). - nfs: rename nfs_client_kset to nfs_kset (git-fixes). - nfsd: change LISTXATTRS cookie encoding to big-endian (git-fixes). - nfsd: convert the callback workqueue to use delayed_work (git-fixes). - nfsd: do not take fi_lock in nfsd_break_deleg_cb() (git-fixes). - nfsd: fix LISTXATTRS returning a short list with eof=TRUE (git-fixes). - nfsd: fix LISTXATTRS returning more bytes than maxcount (git-fixes). - nfsd: fix file memleak on client_opens_release (git-fixes). - nfsd: fix nfsd4_listxattr_validate_cookie (git-fixes). - nfsd: lock_rename() needs both directories to live on the same fs (git-fixes). - nfsd: reschedule CB operations when backchannel rpc_clnt is shut down (git-fixes). - nfsd: reset cb_seq_status after NFS4ERR_DELAY (git-fixes). - nfsd: retransmit callbacks after client reconnects (git-fixes). - nfsd: use vfs setgid helper (git-fixes). - nfsv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT (git-fixes). - nfsv4.1: fix SP4_MACH_CRED protection for pnfs IO (git-fixes). - nfsv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes). - nfsv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes). - nfsv4.2: fix listxattr maximum XDR buffer size (git-fixes). - nfsv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (git-fixes). - nfsv4.2: fix wrong shrinker_id (git-fixes). - nfsv4: fix a nfs4_state_manager() race (git-fixes). - nfsv4: fix a state manager thread deadlock regression (git-fixes). - nilfs2: fix failure to detect DAT corruption in btree and direct mappings (git-fixes). - nilfs2: prevent kernel bug at submit_bh_wbc() (git-fixes). - nouveau/dmem: handle kcalloc() allocation failure (git-fixes). - nouveau: reset the bo resource bus info after an eviction (git-fixes). - ntfs: fix use-after-free in ntfs_ucsncmp() (bsc#1221713). - nvme-fc: do not wait in vain when unloading module (git-fixes). - nvme: fix reconnection fail due to reserved tag allocation (git-fixes). - nvmet-fc: abort command when there is no binding (git-fixes). - nvmet-fc: avoid deadlock on delete association path (git-fixes). - nvmet-fc: defer cleanup using RCU properly (git-fixes). - nvmet-fc: hold reference on hostport match (git-fixes). - nvmet-fc: release reference on target port (git-fixes). - nvmet-fc: take ref count on tgtport before delete assoc (git-fixes). - nvmet-fcloop: swap the list_add_tail arguments (git-fixes). - nvmet-tcp: fix nvme tcp ida memory leak (git-fixes). - pci/aer: fix rootport attribute paths in ABI docs (git-fixes). - pci/aspm: Use RMW accessors for changing LNKCTL (git-fixes). - pci/dpc: print all TLP Prefixes, not just the first (git-fixes). - pci/msi: prevent MSI hardware interrupt number truncation (bsc#1218777) - pci/p2pdma: Fix a sleeping issue in a RCU read section (git-fixes). - pci: add locking to RMW PCI Express Capability Register accessors (git-fixes). - pci: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() (git-fixes). - pci: dwc: endpoint: Fix advertised resizable BAR size (git-fixes). - pci: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support (git-fixes). - pci: fu740: Set the number of MSI vectors (git-fixes). - pci: lengthen reset delay for VideoPropulsion Torrent QN16e card (git-fixes). - pci: make link retraining use RMW accessors for changing LNKCTL (git-fixes). - pci: mark 3ware-9650SE Root Port Extended Tags as broken (git-fixes). - pci: mediatek-gen3: Fix translation window size calculation (git-fixes). - pci: mediatek: Clear interrupt status before dispatching handler (git-fixes). - pci: qcom: Enable BDF to SID translation properly (git-fixes). - pci: qcom: Use DWC helpers for modifying the read-only DBI registers (git-fixes). - pci: rockchip: Do not advertise MSI-X in PCIe capabilities (git-fixes). - pci: rockchip: Fix window mapping and address translation for endpoint (git-fixes). - pci: rockchip: Use 64-bit mask on MSI 64-bit PCI address (git-fixes). - pci: switchtec: Fix an error handling path in switchtec_pci_probe() (git-fixes). - pinctrl: mediatek: Drop bogus slew rate register range for MT8192 (git-fixes). - platform/mellanox: mlxreg-hotplug: Remove redundant NULL-check (git-fixes). - pm: suspend: Set mem_sleep_current during kernel command line setup (git-fixes). - pnfs/flexfiles: Check the layout validity in ff_layout_mirror_prepare_stats (git-fixes). - pnfs: Fix a hang in nfs4_evict_inode() (git-fixes). - pnfs: Fix the pnfs block driver's calculation of layoutget size (git-fixes). - powerpc/64s: POWER10 CPU Kconfig build option (bsc#1194869). - powerpc/boot: Disable power10 features after BOOTAFLAGS assignment (bsc#1194869). - powerpc/boot: Fix boot wrapper code generation with CONFIG_POWER10_CPU (bsc#1194869). - powerpc/lib/sstep: Do not use __{get/put}_user() on kernel addresses (bsc#1194869). - powerpc/lib/sstep: Remove unneeded #ifdef __powerpc64__ (bsc#1194869). - powerpc/lib/sstep: Use l1_dcache_bytes() instead of opencoding (bsc#1194869). - powerpc/lib/sstep: use truncate_if_32bit() (bsc#1194869). - powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270). - powerpc/pseries: Fix potential memleak in papr_get_attr() (bsc#1200465 ltc#197256 jsc#SLE-18130 git-fixes). - powerpc/sstep: Use bitwise instead of arithmetic operator for flags (bsc#1194869). - powerpc: add compile-time support for lbarx, lharx (bsc#1194869). - pwm: mediatek: Update kernel doc for struct pwm_mediatek_of_data (git-fixes). - qedf: Do not process stag work during unload (bsc#1214852). - qedf: Wait for stag work during unload (bsc#1214852). - raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1221097). - ras/amd/fmpm: Add debugfs interface to print record entries (jsc#PED-7619). - ras/amd/fmpm: Avoid NULL ptr deref in get_saved_records() (jsc#PED-7619). - ras/amd/fmpm: Fix build when debugfs is not enabled (jsc#PED-7619). - ras/amd/fmpm: Fix off by one when unwinding on error (jsc#PED-7619). - ras/amd/fmpm: Safely handle saved records of various sizes (jsc#PED-7619). - ras/amd/fmpm: Save SPA values (jsc#PED-7619). - ras: Avoid build errors when CONFIG_DEBUG_FS=n (git-fixes). - ras: export helper to get ras_debugfs_dir (jsc#PED-7619). - rdma/device: Fix a race between mad_client and cm_client init (git-fixes) - rdma/hns: fix mis-modifying default congestion control algorithm (git-fixes) - rdma/ipoib: Fix error code return in ipoib_mcast_join (git-fixes) - rdma/irdma: Remove duplicate assignment (git-fixes) - rdma/mana_ib: Fix bug in creation of dma regions (git-fixes). - rdma/mlx5: fix fortify source warning while accessing Eth segment (git-fixes) - rdma/mlx5: relax DEVX access upon modify commands (git-fixes) - rdma/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store() (git-fixes) - rdma/srpt: do not register event handler until srpt device is fully setup (git-fixes) - revert 'PCI: tegra194: Enable support for 256 Byte payload' (git-fixes). - revert 'Revert 'drm/amdgpu/display: change pipe policy for DCN 2.0'' (git-fixes). - revert 'SUNRPC dont update timeout value on connection reset' (git-fixes). - revert 'drm/amd: Disable PSR-SU on Parade 0803 TCON' (git-fixes). - revert 'drm/amd: Disable S/G for APUs when 64GB or more host memory' (git-fixes). - revert 'drm/amdgpu/display: change pipe policy for DCN 2.0' (git-fixes). - revert 'drm/amdgpu/display: change pipe policy for DCN 2.1' (git-fixes). - revert 'drm/vc4: hdmi: Enforce the minimum rate at runtime_resume' (git-fixes). - revert 'fbdev: flush deferred IO before closing (git-fixes).' (bsc#1221814) - ring-buffer: Clean ring_buffer_poll_wait() error return (git-fixes). - rtc: mt6397: select IRQ_DOMAIN instead of depending on it (git-fixes). - s390/pai: fix attr_event_free upper limit for pai device drivers (git-fixes bsc#1221633). - s390/vfio-ap: realize the VFIO_DEVICE_GET_IRQ_INFO ioctl (bsc#1205316). - s390/vfio-ap: realize the VFIO_DEVICE_SET_IRQS ioctl (bsc#1205316). - s390/vfio-ap: wire in the vfio_device_ops request callback (bsc#1205316). - s390/vtime: fix average steal time calculation (git-fixes bsc#1221951). - sched/rt: Disallow writing invalid values to sched_rt_period_us (bsc#1220176). - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset (bsc#1220176). - scsi: lpfc: Copyright updates for 14.4.0.1 patches (bsc#1221777). - scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() (bsc#1221777). - scsi: lpfc: Correct size for wqe for memset() (bsc#1221777). - scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr (bsc#1221777). - scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr (bsc#1221777). - scsi: lpfc: Define types in a union for generic void *context3 ptr (bsc#1221777). - scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (bsc#1221777). - scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1221777). - scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1221777 bsc#1217959). - scsi: lpfc: Remove unnecessary log message in queuecommand path (bsc#1221777). - scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() (bsc#1221777). - scsi: lpfc: Update lpfc version to 14.4.0.1 (bsc#1221777). - scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic (bsc#1221777). - scsi: lpfc: Use a dedicated lock for ras_fwlog state (bsc#1221777). - scsi: qedf: Remove set but unused variable 'page' (bsc#1214852). - scsi: qedf: Remove unused 'num_handled' variable (bsc#1214852). - scsi: qedf: Remove unused declaration (bsc#1214852). - scsi: qla2xxx: Change debug message during driver unload (bsc1221816). - scsi: qla2xxx: Delay I/O Abort on PCI error (bsc1221816). - scsi: qla2xxx: Fix N2N stuck connection (bsc1221816). - scsi: qla2xxx: Fix command flush on cable pull (bsc1221816). - scsi: qla2xxx: Fix double free of fcport (bsc1221816). - scsi: qla2xxx: Fix double free of the ha->vp_map pointer (bsc1221816). - scsi: qla2xxx: NVME|FCP prefer flag not being honored (bsc1221816). - scsi: qla2xxx: Prevent command send on chip reset (bsc1221816). - scsi: qla2xxx: Split FCE|EFT trace control (bsc1221816). - scsi: qla2xxx: Update manufacturer detail (bsc1221816). - scsi: qla2xxx: Update version to 10.02.09.200-k (bsc1221816). - scsi: storvsc: Fix ring buffer size calculation (git-fixes). - scsi: target: core: Silence the message about unknown VPD pages (bsc#1221252). - selftests/bpf: add generic BPF program tester-loader (bsc#1222033). - serial: 8250_exar: Do not remove GPIO device on suspend (git-fixes). - serial: max310x: fix syntax error in IRQ error message (git-fixes). - slimbus: core: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - soc: fsl: qbman: Always disable interrupts when taking cgr_lock (git-fixes). - spi: lm70llp: fix links in doc and comments (git-fixes). - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (git-fixes). - sr9800: Add check for usbnet_get_endpoints (git-fixes). - stackdepot: rename pool_index to pool_index_plus_1 (git-fixes). - staging: vc04_services: fix information leak in create_component() (git-fixes). - sunrpc: Add an IS_ERR() check back to where it was (git-fixes). - sunrpc: ECONNRESET might require a rebind (git-fixes). - sunrpc: Fix RPC client cleaned up the freed pipefs dentries (git-fixes). - sunrpc: Fix a suspicious RCU usage warning (git-fixes). - sunrpc: fix a memleak in gss_import_v2_context (git-fixes). - sunrpc: fix some memleaks in gssx_dec_option_array (git-fixes). - svcrdma: Drop connection after an RDMA Read error (git-fixes). - topology/sysfs: Hide PPIN on systems that do not support it (jsc#PED-7618). - topology: Fix up build warning in topology_is_visible() (jsc#PED-7618). - tracing/probes: Fix to show a parse error for bad type for $comm (git-fixes). - tracing: Fix wasted memory in saved_cmdlines logic (git-fixes). - tracing: Inform kmemleak of saved_cmdlines allocation (git-fixes). - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619). - tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled (git-fixes). - tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (git-fixes). - tty: vt: fix 20 vs 0x20 typo in EScsiignore (git-fixes). - ubifs: Queue up space reservation tasks if retrying many times (git-fixes). - ubifs: Remove unreachable code in dbg_check_ltab_lnum (git-fixes). - ubifs: Set page uptodate in the correct place (git-fixes). - ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed (git-fixes). - ubifs: fix sort function prototype (git-fixes). - usb: audio-v2: Correct comments for struct uac_clock_selector_descriptor (git-fixes). - usb: cdc-wdm: close race between read and workqueue (git-fixes). - usb: core: Fix deadlock in usb_deauthorize_interface() (git-fixes). - usb: dwc2: gadget: Fix exiting from clock gating (git-fixes). - usb: dwc2: gadget: LPM flow fix (git-fixes). - usb: dwc2: host: Fix ISOC flow in DDMA mode (git-fixes). - usb: dwc2: host: Fix hibernation flow (git-fixes). - usb: dwc2: host: Fix remote wakeup from hibernation (git-fixes). - usb: dwc3: Properly set system wakeup (git-fixes). - usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes). - usb: gadget: ncm: Fix handling of zero block length packets (git-fixes). - usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (git-fixes). - usb: hub: Replace hardcoded quirk value with BIT() macro (git-fixes). - usb: port: Do not try to peer unused USB ports based on location (git-fixes). - usb: typec: Return size of buffer if pd_set operation succeeds (git-fixes). - usb: typec: ucsi: Check for notifications after init (git-fixes). - usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (git-fixes). - usb: typec: ucsi: Clear EVENT_PENDING under PPM lock (git-fixes). - usb: usb-storage: Prevent divide-by-0 error in isd200_ata_command (git-fixes). - usb: xhci: Add error handling in xhci_map_urb_for_dma (git-fixes). - vboxsf: Avoid an spurious warning if load_nls_xxx() fails (git-fixes). - vt: fix unicode buffer corruption when deleting characters (git-fixes). - watchdog: stm32_iwdg: initialize default timeout (git-fixes). - wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (git-fixes). - wifi: ath11k: decrease MHI channel buffer length to 8KB (bsc#1207948). - wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use (git-fixes). - wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (git-fixes). - wifi: b43: Disable QoS for bcm4331 (git-fixes). - wifi: b43: Stop correct queue in DMA worker when QoS is disabled (git-fixes). - wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled (git-fixes). - wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled (git-fixes). - wifi: brcmfmac: fix copyright year mentioned in platform_data header (git-fixes). - wifi: brcmsmac: avoid function pointer casts (git-fixes). - wifi: iwlwifi: dbg-tlv: ensure NUL termination (git-fixes). - wifi: iwlwifi: fix EWRD table validity check (git-fixes). - wifi: iwlwifi: fw: do not always use FW dump trig (git-fixes). - wifi: iwlwifi: mvm: do not set replay counters to 0xff (git-fixes). - wifi: iwlwifi: mvm: report beacon protection failures (git-fixes). - wifi: iwlwifi: mvm: rfi: fix potential response leaks (git-fixes). - wifi: iwlwifi: mvm: use FW rate for non-data only on new devices (git-fixes). - wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (git-fixes). - wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() (git-fixes). - wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (git-fixes). - wifi: rtw88: 8821c: Fix false alarm count (git-fixes). - wifi: wilc1000: fix RCU usage in connect path (git-fixes). - wifi: wilc1000: fix declarations ordering (stable-fixes). - wifi: wilc1000: fix multi-vif management when deleting a vif (git-fixes). - wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces (git-fixes). - x86/CPU/AMD: Update the Zenbleed microcode revisions (git-fixes). - x86/bugs: Fix the SRSO mitigation on Zen3/4 (git-fixes). - x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (git-fixes). - xhci: handle isoc Babble and Buffer Overrun events properly (git-fixes). - xhci: process isoc TD properly when there was a transaction error mid TD (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1557-1 Released: Wed May 8 11:42:34 2024 Summary: Security update for rpm Type: security Severity: moderate References: 1189495,1191175,1218686,CVE-2021-3521 This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175) Other fixes: - accept more signature subpackets marked as critical (bsc#1218686) - backport limit support for the autopatch macro (bsc#1189495) The following package changes have been done: - glibc-2.31-150300.74.1 updated - systemd-default-settings-branding-SLE-0.10-150300.3.7.1 updated - systemd-default-settings-0.10-150300.3.7.1 updated - rpm-4.14.3-150400.59.16.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.17.3 updated - glibc-locale-base-2.31-150300.74.1 updated - kernel-rt-5.14.21-150500.13.47.1 updated - container:suse-sle-micro-5.5-latest-2.0.2-4.2.96 updated From sle-container-updates at lists.suse.com Thu May 16 07:21:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 May 2024 09:21:26 +0200 (CEST) Subject: SUSE-CU-2024:2081-1: Security update of bci/python Message-ID: <20240516072126.39413FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2081-1 Container Tags : bci/python:3 , bci/python:3-19.4 , bci/python:3.11 , bci/python:3.11-19.4 , bci/python:latest Container Release : 19.4 Severity : important Type : security References : 1118027 1144357 1162712 1167148 1171933 1172579 1172948 1179890 1189649 1190538 1192298 1199722 1209255 1209571 1209811 1209812 1210617 1211830 1216606 1217336 1220168 1222880 761162 CVE-2023-28858 CVE-2023-28859 CVE-2023-30608 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1637-1 Released: Tue May 14 14:22:14 2024 Summary: Recommended update for google-cloud SDK Type: recommended Severity: moderate References: 1210617,CVE-2023-30608 This update for google-cloud SDK fixes the following issues: - Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697) - Bellow 5 binaries Obsolete the python3.6 counterpart: python311-google-resumable-media python311-google-api-core python311-google-cloud-storage python311-google-cloud-core python311-googleapis-common-protos - Regular python311 updates (without Obsoletes): python-google-auth python-grpcio python-sqlparse - New python311 packages: libcrc32c python-google-cloud-appengine-logging python-google-cloud-artifact-registry python-google-cloud-audit-log python-google-cloud-build python-google-cloud-compute python-google-cloud-dns python-google-cloud-domains python-google-cloud-iam python-google-cloud-kms-inventory python-google-cloud-kms python-google-cloud-logging python-google-cloud-run python-google-cloud-secret-manager python-google-cloud-service-directory python-google-cloud-spanner python-google-cloud-vpc-access python-google-crc32c python-grpc-google-iam-v1 python-grpcio-status python-proto-plus In python-sqlparse this security issue was fixed: CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (bsc#1210617) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1638-1 Released: Tue May 14 14:23:49 2024 Summary: Recommended update for aws-cli and python311 dependencies Type: recommended Severity: moderate References: 1118027,1144357,1162712,1167148,1171933,1172579,1172948,1179890,1189649,1190538,1192298,1199722,1209255,1211830,1217336,1220168 This update for aws-cli and python311 dependencies fixes the following issues: - Upgrade aws-cli to v1.32 (jsc#PED-7487) - This upgrade for aws-cli also provides the needed python311 dependencies. - The bellow packages got obsoleted by the python311 counterpart: - python3-botocore (superseded by python311-botocore) - python3-s3transfer (superseded by python311-s3transfer) - python3-boto (superseded by python311-boto) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1639-1 Released: Tue May 14 14:26:29 2024 Summary: Security update for python-arcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack, python-marshmallow, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-opentelemetry-sdk, python-opentelemetry-semantic-conventions, python-opentelemetry-test-utils, python-pycomposefile, python-pydash, python-redis, python-retrying, python-semver, python-sshtunnel, python-strictyaml, python-sure, python-vcrpy, python-xmltodict Type: security Severity: important References: 1209571,1209811,1209812,1216606,1222880,761162,CVE-2023-28858,CVE-2023-28859 This update for python-argcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack, python-marshmallow, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-opentelemetry-sdk, python-opentelemetry-semantic-conventions, python-opentelemetry-test-utils, python-pycomposefile, python-pydash, python-redis, python-retrying, python-semver, python-sshtunnel, python-strictyaml, python-sure, python-vcrpy, python-xmltodict contains the following fixes: Changes in python-argcomplete - Update to 3.3.0 (bsc#1222880): * Preserve compatibility with argparse option tuples of length 4. This update is required to use argcomplete on Python 3.11.9+ or 3.12.3+. - update to 3.2.3: * Allow register-python-argcomplete output to be used as lazy-loaded zsh completion module (#475) - Move debug_stream initialization to helper method to allow fd 9 behavior to be overridden in subclasses (#471) - update to 3.2.2: * Expand tilde in zsh - Remove coverage check - Fix zsh test failures: avoid coloring terminal - update to 3.2.1: * Allow explicit zsh global completion activation (#467) * Fix and test global completion in zsh (#463, #466) * Add ???yes option to activate-global-python-argcomplete (#461) * Test suite improvements - drop without_zsh.patch: obsolete - update to 3.1.6: * Respect user choice in activate-global-python-argcomplete * Escape colon in zsh completions. Fixes #456 * Call \_default as a fallback in zsh global completion - update to 3.1.4: * Call \_default as a fallback in zsh global completion * zsh: Allow to use external script (#453) * Add support for Python 3.12 and drop EOL 3.6 and 3.7 (#449) * Use homebrew prefix by default * zsh: Allow to use external script (#453) Changes in python-Fabric: - Update to 3.2.2 - add fix-test-deps.patch to remove vendored dependencies *[Bug]: fabric.runners.Remote failed to properly deregister its SIGWINCH signal handler on shutdown; in rare situations this could cause tracebacks when the Python process receives SIGWINCH while no remote session is active. This has been fixed. * [Bug] #2204: The signal handling functionality added in Fabric 2.6 caused unrecoverable tracebacks when invoked from inside a thread (such as the use of fabric.group.ThreadingGroup) under certain interpreter versions. This has been fixed by simply refusing to register signal handlers when not in the main thread. Thanks to Francesco Giordano and others for the reports. * [Bug]: Neglected to actually add deprecated to our runtime dependency specification (it was still in our development dependencies). This has been fixed. * [Feature]: Enhanced fabric.testing in ways large and small: Backwards-compatibly merged the functionality of MockSFTP into MockRemote (may be opted-into by instantiating the latter with enable_sftp=True) so you can mock out both SSH and SFTP functionality in the same test, which was previously impossible. It also means you can use this in a Pytest autouse fixture to prevent any tests from accidentally hitting the network! A new pytest fixture, remote_with_sftp, has been added which leverages the previous bullet point (an all-in-one fixture suitable for, eg, preventing any incidental ssh/sftp attempts during test execution). A pile of documentation and test enhancements (yes, testing our testing helpers is a thing). * [Support]: Added a new runtime dependency on the Deprecated library. * [Support]: Language update: applied s/sanity/safety/g to the codebase (with the few actual API members using the term now marked deprecated & new ones added in the meantime, mostly in fabric.testing). * [Feature]: Add a new CLI flag to fab, fab --list-agent-keys, which will attempt to connect to your local SSH agent and print a key list, similarly to ssh-add -l. This is mostly useful for expectations-checking Fabric and Paramiko???s agent functionality, or for situations where you might not have ssh-add handy. * [Feature]: Implement opt-in support for Paramiko 3.2???s AuthStrategy machinery, as follows: Added a new module and class, fabric.auth.OpenSSHAuthStrategy, which leverages aforementioned new Paramiko functionality to marry loaded SSH config files with Fabric-level and runtime-level parameters, arriving at what should be OpenSSH-client-compatible authentication behavior. See its API docs for details. Added new configuration settings: authentication.strategy_class, which defaults to None, but can be set to OpenSSHAuthStrategy to opt-in to the new behavior. authentication.identities, which defaults to the empty list, and can be a list of private key paths for use by the new strategy class. * [Bug] #2263: Explicitly add our dependency on decorator to setup.py instead of using Invoke???s old, now removed, vendored copy of same. This allows Fabric to happily use Invoke 2.1 and above - Update to 3.0.1 * [Bug] #2241: A typo prevented Fabric???s command runner from properly calling its superclass stop() method, which in tandem with a related Invoke bug meant messy or long shutdowns in many scenarios. - Changes from 3.0.0 * [Feature]: Change the default configuration value for inline_ssh_env from False to True, to better align with the practicalities of common SSH server configurations. - Warning This change is backwards incompatible if you were using environment-variable-setting kwargs or config settings, such as Connection.run(command, env={'SOME': 'ENV VARS'}), and were not already explicitly specifying the value of inline_ssh_env. * [Bug] #1981: (fixed in #2195) Automatically close any open SFTP session during fabric.connection.Connection.close; this avoids issues encountered upon re-opening a previously-closed connection object. * [Support]: Drop support for Python <3.6, including Python 2. - Warning This is a backwards incompatible change if you are not yet on Python 3.6 or above; however, pip shouldn???t offer you this version of Fabric as long as your pip version understands python_requires metadata. - Drop remove-mock.patch because now in upstream. - Drop remove-pathlib2.patch because now in upstream. - Add %{?sle15_python_module_pythons} - Remove conditional definition of python_module. - Add patch remove-pathlib2.patch: * Drop install_requires on pathlib2. - Update to 2.7.1: * [Bug] #1924: (also #2007) Overhaul behavior and testing re: merging together different sources for the key_filename parameter in Connection.connect_kwargs. This fixes a number of type-related errors (string objects have no extend attribute, cannot add lists to strings, etc). - Update to 2.7.0: * Add ~fabric.connection.Connection.shell, a belated port of the v1 open_shell() feature. * Forward local terminal resizes to the remote end, when applicable. (For the technical: this means we now turn SIGWINCH into SSH window-change messages.) * Update ~fabric.connection.Connection temporarily so that it doesn't incidentally apply replace_env=True to local shell commands, only remote ones. - Add patch remove-mock.patch: * Use unittest.mock, instead of mock - pytest-relaxed now supports pytest 6, so test on all python versions. - Don't test on python310 -- gh#bitprophet/pytest-relaxed#12 (This is mainly required by azure-cli in the primary python3 flavor) - Update to 2.6.0: * [Feature] #1999: Add sudo support to Group. Thanks to Bonnie Hardin for the report and to Winston Nolan for an early patchset. * [Feature] #1810: Add put/get support to Group. * [Feature] #1868: Ported a feature from v1: interpolating the local path argument in Transfer.get with connection and remote filepath attributes. For example, cxn.get(remote='/var/log/foo.log', local='{host}/') is now feasible for storing a file in per-host-named directories or files, and in fact Group.get does this by default. * [Feature]: When the local path argument to Transfer.get contains nonexistent directories, they are now created instead of raising an error. Warning: This change introduces a new runtime dependency: pathlib2. * [Bug]: Fix a handful of issues in the handling and mocking of SFTP local paths and os.path members within fabric.testing; this should remove some occasional ???useless Mocks??? as well as hewing closer to the real behavior of things like os.path.abspath re: path normalization. - Update Requires from setup.py Changes in python-PyGithub: - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} + Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}} + Drop %define skip_python2 1 - Update to 1.57 Breaking Changes * Add support for Python 3.11, drop support for Python 3.6 (#2332) (1e2f10d) Bug Fixes & Improvements * Speed up get requested reviewers and teams for pr (#2349) (6725ece) * [WorkflowRun] - Add missing attributes (run_started_at & run_attempt), remove deprecated unicode type (#2273) (3a6235b) * Add support for repository autolink references (#2016) (0fadd6b) * Add retry and pool_size to typing (#2151) (784a3ef) * Fix/types for repo topic team (#2341) (db9337a) * Add class Artifact (#2313) (#2319) (437ff84) - Update to 1.56 This is the last release that will support Python 3.6. *Bug Fixes & Improvements Create repo from template (#2090) (b50283a) Improve signature of Repository.create_repo (#2118) (001970d) Add support for 'visibility' attribute preview for Repositories (#1872) (8d1397a) Add Repository.rename_branch method (#2089) (6452ddf) Add function to delete pending reviews on a pull request (#1897) (c8a945b) Cover all code paths in search_commits (#2087) (f1faf94) Correctly deal when PaginatedList's data is a dict (#2084) (93b92cd) Add two_factor_authentication in AuthenticatedUser. (#1972) (4f00cbf) Add ProjectCard.edit() to the type stub (#2080) (d417e4c) Add method to delete Workflow runs (#2078) (b1c8eec) Implement organization.cancel_invitation() (#2072) (53fb498) Feat: Add html_url property in Team Class. (#1983) (6570892) Add support for Python 3.10 (#2073) (aa694f8) Add github actions secrets to org (#2006) (bc5e595) Correct replay for Organization.create_project() test (#2075) (fcc1236) Fix install command example (#2043) (99e00a2) Fix: #1671 Convert Python Bool to API Parameter for Authenticated User Notifications (#2001) (1da600a) Do not transform requestHeaders when logging (#1965) (1265747) Add type to OrderedDict (#1954) (ed7d0fe) Add Commit.get_pulls() to pyi (#1958) (b466470) Adding headers in GithubException is a breaking change (#1931) (d1644e3) - Update to 1.55: * Remove client_id/client_secret authentication (#1888) (901af8c8) * Adjust to Github API changes regarding emails (#1890) (2c77cfad) + This impacts what AuthenticatedUser.get_emails() returns * Export headers in GithubException (#1887) (ddd437a7) * Do not import from unpackaged paths in typing (#1926) (27ba7838) * Implement hash for CompletableGithubObject (#1922) (4faff23c) * Use right variable in both get_check_runs() (#1889) (3003e065) * fix bad assertions in github.Project.edit (#1817) (6bae9e5c) * Add support for deleting repository secrets (#1868) (696793de) * Adding github actions secrets (#1681) (c90c050e) * Drop support for Python 3.5 (#1770) (63e4fae9) * Fix stubs file for Repository (fab682a5) * The Github.get_installation(integer) method has been removed. * Repository.create_deployment()'s payload parameter is now a dictionary. * Add support for Check Suites (#1764) (6d501b28) * Add missing preview features of Deployment and Deployment Statuses API * Add Support for Check Runs (#1727) (c77c0676) * Add WorkflowRun.workflow_id (#1737) (78a29a7c) * Added support for the Self-Hosted actions runners API (#1684) (24251f4b) * Fix Branch protection status in the examples (#1729) (88800844) * Filter the DeprecationWarning in Team tests (#1728) (23f47539) * Added get_installations() to Organizations (#1695) (b42fb244) * Fix #1507: Add new Teams: Add or update team repository endpoint * Added support for `Repository.get_workflow_runs` parameters * feat(pullrequest): add the rebaseable attribute (#1690) (ee4c7a7e) * Add support for deleting reactions (#1708) (f7d203c0) * Add get_timeline() to Issue's type stubs (#1663) (6bc9ecc8) - Update to 1.53: * Add method get_team_membership for user to Team (#1658) (749e8d35) * PaginatedList's totalCount is 0 if no last page (#1641) (69b37b4a) * Add initial support for Github Apps. (#1631) (260558c1) * Add delete_branch_on_merge arg to Repository.edit type stub (#1639) (15b5ae0c) * upload_asset with data in memory (#1601) (a7786393) * Make Issue.closed_by nullable (#1629) (06dae387) * Add support for workflow dispatch event (#1625) (16850ef1) * Do not check reaction_type before sending (#1592) (136a3e80) * more flexible header splitting (#1616) (85e71361) * Add support for deployment statuses (#1588) (048c8a1d) * Adds the 'twitter_username' attribute to NamedUser. (#1585) (079f75a7) * Add support for Workflow Runs (#1583) (4fb1d23f) * Small documentation correction in Repository.py (#1565) (f0f6ec83) * Remove 'api_preview' parameter from type stubs and docstrings (#1559) (cc1b884c) * Repository.update_file() content also accepts bytes (#1543) (9fb8588b) * Fix Repository.get_issues stub (#1540) (b40b75f8) * Check all arguments of NamedUser.get_repos() (#1532) (69bfc325) * Remove RateLimit.rate (#1529) (7abf6004) * PullRequestReview is not a completable object (#1528) (19fc43ab) * Remove pointless setters in GitReleaseAsset (#1527) (1dd1cf9c) * Drop some unimplemented methods in GitRef (#1525) (d4b61311) * Fixed formatting of docstrings for `Repository.create_git_tag_and_release()` and `StatsPunchCard`. (#1520) (ce400bc7) * Remove Repository.topics (#1505) (53d58d2b) * Correct Repository.get_workflows() (#1518) (8727003f) * correct Repository.stargazers_count return type to int (#1513) (b5737d41) * Raise a FutureWarning on use of client_{id,secret} (#1506) (2475fa66) * Improve type signature for create_from_raw_data (#1503) (c7b5eff0) * feat(column): move, edit and delete project columns (#1497) (a32a8965) * Add support for Workflows (#1496) (a1ed7c0e) * Add OAuth support for GitHub applications (4b437110) * Create AccessToken entity (4a6468aa) * Extend installation attributes (61808da1) - Update to 1.51 + New features * PyGithub now supports type checking * Ability to retrieve public events * Add and handle the maintainer_can_modify attribute in PullRequest * List matching references * Add create_repository_dispatch * Add some Organization and Repository attributes. * Add create project method + Bug Fixes & Improvements * Drop use of shadow-cat for draft PRs * AuthenticatedUser.get_organization_membership() should be str * Drop documentation for len() of PaginatedList * Fix param name of projectcard's move function * Correct typos found with codespell * Export IncompletableObject in the github namespace * Add GitHub Action workflow for checks * Drop unneeded ignore rule for flake8 * Use pytest to parametrize tests * Type stubs are now packaged with the build * Get the project column by id - Drop parametrized and pytest-cov from BuildRequires. - Update to 1.47 + Bug Fixes & Improvements * Add support to edit and delete a project (#1434) (f11f739) * Add method for fetching pull requests associated with a commit (#1433) (0c55381) * Add 'get_repo_permission' to Team class (#1416) (219bde5) * Add list projects support, update tests (#1431) (e44d11d) * Don't transform completely in PullRequest.*assignees (#1428) (b1c3549) * Add create_project support, add tests (#1429) (bf62f75) * Add draft attribute, update test (bd28524) * Docstring for Repository.create_git_tag_and_release (#1425) (bfeacde) * Create a tox docs environment (#1426) (b30c09a) * Add Deployments API (#1424) (3d93ee1) * Add support for editing project cards (#1418) (425280c) * Add draft flag parameter, update tests (bd0211e) * Switch to using pytest (#1423) (c822dd1) * Fix GitMembership with a hammer (#1420) (f2939eb) * Add support to reply to a Pull request comment (#1374) (1c82573) * PullRequest.update_branch(): allow expected_head_sha to be empty (#1412) (806130e) * Implement ProjectCard.delete() (#1417) (aeb27b7) * Add pre-commit plugin for black/isort/flake8 (#1398) (08b1c47) * Add tox (#1388) (125536f) * Open file in text mode in scripts/add_attribute.py (#1396) (0396a49) * Silence most ResourceWarnings (#1393) (dd31a70) * Assert more attributes in Membership (#1391) (d6dee01) * Assert on changed Repository attributes (#1390) (6e3ceb1) * Add reset to the repr for Rate (#1389) (0829af8) - Update to 1.46 + Bug Fixes & Improvements * Add repo edit support for delete_branch_on_merge * Fix mistake in Repository.create_fork() * Correct two attributes in Invitation * Search repo issues by string label * Correct Repository.create_git_tag_and_release() * exposed seats and filled_seats for Github Organization Plan * Repository.create_project() body is optional * Implement move action for ProjectCard * Tidy up ProjectCard.get_content() * Added nested teams and parent * Correct parameter for Label.edit * doc: example of Pull Request creation * Fix PyPI wheel deployment - No longer build Python 2 package - Drop BuildRequires on mock, no longer required - Drop no-hardcoded-dep.patch, no longer required - Update to 1.45: + Breaking Changes * Branch.edit_{user,team}_push_restrictions() have been removed The new API is: Branch.add_{user,team}_push_restrictions() to add new members Branch.replace_{user,team}_push_restrictions() to replace all members Branch.remove_{user,team}_push_restrictions() to remove members * The api_preview parameter to Github() has been removed. + Bug Fixes & Improvements * Allow sha=None for InputGitTreeElement * Support github timeline events. * Add support for update branch * Refactor Logging tests * Fix rtd build * Apply black to whole codebase * Fix class used returning pull request comments * Support for create_fork * Use Repository.get_contents() in tests * Allow GithubObject.update() to be passed headers * Correct URL for assignees on PRs * Use inclusive ordered comparison for 'parameterized' requirement * Deprecate Repository.get_dir_contents() * Apply some polish to manage.sh - Refresh no-hardcoded-dep.patch - Add patch to not pull in hardcoded dependencies: * no-hardcoded-dep.patch - Update to 1.44.1: * Too many changes to enumerate. - Drop PyGithub-drop-network-tests.patch, the test in question no longer requires network access. - Drop fix-httpretty-dep.patch, the httpretty requirement has been relaxed upstream. - Use %python_expand to run the test suite, it works fine on Python 3 now. - Add mock and parameterized to BuildRequires, the test suite requires them. - Update to 1.43.8: * Add two factor attributes on organizations (#1132) (a073168) * Add Repository methods for pending invitations (#1159) (57af1e0) * Adds get_issue_events to PullRequest object (#1154) (acd515a) * Add invitee and inviter to Invitation (#1156) (0f2beac) * Adding support for pending team invitations (#993) (edab176) * Add support for custom base_url in GithubIntegration class (#1093) (6cd0d64) * GithubIntegration: enable getting installation (#1135) (1818704) * Add sorting capability to Organization.get_repos() (#1139) (ef6f009) * Add new Organization.get_team_by_slug method (#1144) (4349bca) * Add description field when creating a new team (#1125) (4a37860) * Handle a path of / in Repository.get_contents() (#1070) (102c820) * Add issue lock/unlock (#1107) (ec7bbcf) * Fix bug in recursive repository contents example (#1166) (8b6b450) * Allow name to be specified for upload_asset (#1151) (8d2a6b5) * Fixes #1106 for GitHub Enterprise API (#1110) (5406579) - Update to 1.43.7: * Exclude tests from PyPI distribution (#1031) (78d283b9) * Add codecov badge (#1090) (4c0b54c0) - Update to 1.43.6: * New features o Add support for Python 3.7 (#1028) (6faa00ac) o Adding HTTP retry functionality via urllib3 (#1002) (5ae7af55) o Add new dismiss() method on PullRequestReview (#1053) (8ef71b1b) o Add since and before to get_notifications (#1074) (7ee6c417) o Add url parameter to include anonymous contributors in get_contributors (#1075) (293846be) o Provide option to extend expiration of jwt token (#1068) (86a9d8e9) * Bug Fixes & Improvements o Fix the default parameter for PullRequest.create_review (#1058) (118def30) o Fix get_access_token (#1042) (6a89eb64) o Fix Organization.add_to_members role passing (#1039) (480f91cf) * Deprecation o Remove Status API (6efd6318) - Add patch fix-httpretty-dep.patch Changes in python-antlr4-python3-runtime: - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} + Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}} + Drop %define skip_python2 1 + Drop support for older Python 3.x versions - fix build for python 3.12 - require setuptools - Update to version 4.13.1 csharp target * [CSharp] Fix for #4386 -- change signatures for ReportAttemptingFullContext() and ReportContextSensitivity() to be identical to all other targets (target:csharp, type:cleanup) go target * Move GetText(), SetText(), and String() from CommonToken to BaseToken (target:go, type:cleanup) * Restore 'Obtained from string' source name. (target:go, type:cleanup) * fix: Fix very minor code issues spotted by goreportcard.com (target:go, type:cleanup) java target * Java: suppress this-escape warning introduced in JDK 21. (actions, target:java) javascript target * Adds default targets for babel configuration (target:javascript) * fix dependabot warnings (target:javascript, type:cleanup) swift target * [SWIFT] Add Antlr4Dynamic product (target:swift) * Cleanup duplicate SwiftTarget code (target:swift, type:cleanup) dart target * [Dart] Fix for #4320--export additional types (type:bug, target:dart) - from version 4.13.0 Issues fixed * antlr4 jar doubled in size in 4.9.3 (unicode, comp:performance) * Go: exponentially bad/absymal performance as of ... (type:bug, target:go) * Go runtime panic (type:bug, target:go) Improvements, features * Update LexerATNSimulator.cs with virtual Consume (type:improvement, target:csharp) * Feature/fixembedding (type:improvement, target:go, comp:performance) * Provide Javascript port of TokenStreamRewriter (type:feature, target:javascript, target:typescript) - from version 4.12.0 Issues fixed * github actions now fail for python2 and ubuntu clang and ubuntu swift (comp:runtime, comp:build, comp:testing) * js mergeArrays output differs from java (atn-analysis, target:javascript) * C++ target fails Performance/DropLoopEntryBranchInLRRule_4.txt (atn-analysis, type:bug, target:cpp) * Wrong grammarFileName in generated code (code-gen, type:bug) * C++ crashes on new test ParserExec/ListLabelsOnRuleRefStartOfAlt.txt (atn-analysis, type:bug, target:cpp) * [JavaScript runtime] Bad field name, bad comments (type:bug) Improvements, features * Fully qualify std::move invocations to fix -Wunqualified-std-cast-call (type:improvement, target:cpp) * Extract FileUtils updates by @ericvergnaud (type:improvement, cross-platform-issue, comp:testing) * Extract unit test updates by @ericvergnaud needed for TypeScript (type:improvement, comp:testing) * [Go target] Fix for #3926: Add accessors for tree navigation to interfaces in generated parser (trees-contexts, code-gen, type:improvement, target:go) * GitHub Workflows security hardening (actions, type:improvement, comp:testing) - from version 4.11.1 * Just fixes 4.11.0 release issue. I forgot to change runtime tool version so it didn't say SNAPSHOT. - from version 4.11.0 Issues fixed * Disable failing CI tests in master (comp:build, comp:testing) * Create accessor for Go-based IntervalSet.intervals (target:go) * Grammar Name Conflict Golang with SPARQL issue (target:go, type:cleanup) * Dependency declaration error in ANTLR 4.10.1 (comp:build) * Drop old version of Visual Studio C++ (2013, 2015, 2017) (comp:build, target:cpp) * Circular grammar inclusion causes stack overflow in the tool. (comp:tool, type:bug) * Cpp, Go, JavaScript, Python2/3: Template rendering error. (code-gen, comp:runtime, target:java, target:javascript, target:python2, target:python3, target:go) Improvements, features * Augment error message during testing to include full cause of problem. (type:improvement, comp:testing) * Include swift & tool verification in CI workflow (type:improvement, comp:build, cross-platform-issue, target:swift) * Issue #3783: CI Check Builds (type:improvement, comp:build, cross-platform-issue, comp:testing) * Parallel lock free testing, remove potential deadlocks, cache static data, go to descriptor via test (comp:runtime, type:improvement, comp:testing) * update getting-started doc (type:improvement, comp:doc) * Getting Started has error (type:improvement, comp:doc) * new nuget directory for building ANTLR4 C++ runtime as 3 Nuget packages (type:improvement, comp:build, target:cpp) * Add interp tool like TestRig (comp:tool, type:feature) * Issue 3720: Java 2 Security issue (type:improvement, target:java) * Cpp: Disable warnings for external project (type:bug, type:improvement, target:cpp) * Fix Docker README for arm OS user (type:improvement, comp:doc) - from version 4.10.1 * [C++] Remove reference to antlrcpp:s2ws * Update publishing instruction for Dart - from version 4.10.0 Issues fixed * C++ runtime: Version identifier macro ? (target:cpp, type:cleanup) * Generating XPath lexer/parser (actions, type:bug) * do we need this C++ ATN serialization? (target:cpp, type:cleanup) * Incorrect type of token with number 0xFFFF because of incorrect ATN serialization (atn-analysis, type:bug) * Clean up ATN serialization: rm UUID and shifting by value of 2 (atn-analysis, type:cleanup) * The parseFile method of the InterpreterDataReader class is missing code: 'line = br.readLine();' (type:bug, target:java) * antlr.runtime.standard 4.9.3 invalid strong name. (type:bug, comp:build, target:csharp) * Serialized ATN data element 810567 element 11 out of range 0..65535 (atn-analysis, type:cleanup) * Go target, unable to check when custom error strategy is in recovery mode (target:go) * Escape issue for characeters (grammars, type:bug) * antlr4 java.lang.NullPointerException Antlr 4 4.8 (grammars, comp:tool, type:bug) * UnsupportedOperationException while generating code for large grammars. (atn-analysis, type:cleanup) * Add a more understandable message than 'Serialized ATN data element .... element ... out of range 0..65535' (atn-analysis, type:cleanup) * avoid java.lang.StackOverflowError (lexers, error-handling) * Getting this error: Exception in thread 'main' java.lang.UnsupportedOperationException: Serialized ATN data element out of range (atn-analysis, type:cleanup) Improvements, features * Updated getting started with Cpp documentation. (type:improvement, comp:doc) * Escape bad words during grammar generation (code-gen, type:improvement) * Implement caseInsensitive option (lexers, options, type:improvement) * Some tool bugfixes (error-handling, comp:tool, type:improvement, type:cleanup) - Run testsuite using the tests/run.py script instead of %pyunittest - Switch build systemd from setuptools to pyproject.toml - Update BuildRequires from pyproject.toml - Update filename pattern in %files section - Update to version 4.9.3 Issues fixed * Swift Target Crashes with Multi-Threading * JavaScript Runtime bug * Go target, cannot use superClass for the lexer grammar! * Python runtime is inconsistent with Java * FunctionDef source extract using getText() * Provide .NET Framework target in the csharp nuget package * Go target for Antlr tool, type ',int8' => 'int8' * Flutter/Dart web support * Allow Antlr Javascript runtime to be loaded into Kindle Touch * Fix Go test suite * Weird error Improvements, features * [C++] Use faster alternative to dynamic_cast when not testing inherit * Stackoverflow after upgrading from 4.6 to 4.7 - from version 4.9.2 Issues fixed * CSharp and Java produce different results for identical input, identical tokens Improvements, features * Moved away from travis-ci.com - Source upstream tarball from Github since PyPi tarball no longer ships testsuite - Update to version 4.9.1. * Improve python3 performance by adding slots * Fix incorrect python token string templates - Add testing. - Skip python2 because this is for python3. - Use python_alternative Changes in python-avro: - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} + Drop %define skip_python2 1 - Update to version 1.11.3: + See jira board for all the fixes addressed in this release: https://issues.apache.org/jira/browse/AVRO-3855?jql=project%3DAVRO%20AND%20fixVersion%3D1.11.3 - Drop py311.patch: fixed upstream. - Add py311.patch to make tests compatible with python 3.11 gh#apache/avro#1961 - Update to 1.11.1 (from GitHub release notes): - Avro specification - Clarify which names are allowed to be qualified with namespaces - Inconsistent behaviour on types as invalid names - Clarify how fullnames are created, with example - IDL: add syntax to create optional fields - Improve docs for logical type annotation - Python - Scale assignment optimization - 'Scale' property from decimal object - Byte reading in avro.io does not assert bytes read - validate the default value of an enum field - Pass LogicalType to BytesDecimalSchema - Website - Website refactor - Document IDL support in IDEs Changes in python-chardet: - update to 5.2.0: * Adds support for running chardet CLI via `python -m chardet` Changes in python-distro: - Switch to autosetup macro. - update to 1.9.0: * Refactor distro.info() method to return an InfoDict [#360] * Ignore the file '/etc/board-release' [#353] * Ignore the file '/etc/ec2_version' [#359] * Test on modern versions of CPython and PyPy and macOS [#362] * Add support for ALT Linux Server 10.1 distribution [#354] * Add Debian Testing to the tests [#356] * Update archlinux resource for tests [#352] - Remove duplicate files calling %fdupes - add sle15_python_module_pythons - update to 1.8.0: * Lowered `LinuxDistribution._distro_release_info` method complexity [#327] * Added official support for Buildroot distribution [#329] * Added official support for Guix distribution [#330] * Added support for `/etc/debian_version` [#333] & [#349] * Fixed a typography in CONTRIBUTING.md [#340] * Improved README.md 'Usage' code block [#343] * Bumped black to v22.3.0 in pre-commit.ci configuration [#331] * Enabled GitHub Dependabot to keep GitHub Actions up to date [#335] - remove shebang from distro.py - update to version 1.7.0: - BACKWARD COMPATIBILITY: - Dropped support for EOL Pythons 2.7, 3.4 and 3.5 [[#281](https://github.com/python-distro/distro/pull/281)] - Dropped support for LSB and `uname` back-ends when `--root-dir` is specified [[#311](https://github.com/python-distro/distro/pull/311)] - Moved `distro.py` to `src/distro/distro.py` [[#315](https://github.com/python-distro/distro/pull/315)] - ENHANCEMENTS: - Documented that `distro.version()` can return an empty string on rolling releases [[#312](https://github.com/python-distro/distro/pull/312)] - Documented support for Python 3.10 [[#316](https://github.com/python-distro/distro/pull/316)] - Added official support for Rocky Linux distribution [[#318](https://github.com/python-distro/distro/pull/318)] - Added a shebang to `distro.py` to allow standalone execution [[#313](https://github.com/python-distro/distro/pull/313)] - Added support for AIX platforms [[#311](https://github.com/python-distro/distro/pull/311)] - Added compliance for PEP-561 [[#315](https://github.com/python-distro/distro/pull/315)] - BUG FIXES: - Fixed `include_uname` parameter oversight [[#305](https://github.com/python-distro/distro/pull/305)] - Fixed crash when `uname -rs` output is empty [[#304](https://github.com/python-distro/distro/pull/304)] - Fixed Amazon Linux identifier in `distro.id()` documentation [[#318](https://github.com/python-distro/distro/pull/318)] - Fixed OpenSuse >= 15 support [[#319](https://github.com/python-distro/distro/pull/319)] - Fixed encoding issues when opening distro release files [[#324](https://github.com/python-distro/distro/pull/324)] - Fixed `linux_distribution` regression introduced in [[#230](https://github.com/python-distro/distro/pull/230)] [[#325](https://github.com/python-distro/distro/pull/325)] - Tests: Set locale to UTF-8 to fix tests on Leap 15.3. - Expliciting setting of locale is not necessary anymore (gh#python-distro/distro#223). - Update to version 1.6.0 * Deprecated the distro.linux_distribution() function. Use distro.id(), distro.version() and distro.name() instead [#296] * Deprecated Python 2.7, 3.4 and 3.5 support. Further releases will only support Python 3.6+ * Added type hints to distro module [#269] * Added __version__ for checking distro version [#292] * Added support for arbitrary rootfs via the root_dir parameter [#247] * Added the --root-dir option to CLI [#161] * Added fallback to /usr/lib/os-release when /etc/os-release isn't available [#262] * Fixed subprocess.CalledProcessError when running lsb_release [#261] * Ignore /etc/iredmail-release file while parsing distribution [#268] * Use a binary file for /dev/null to avoid TextIOWrapper overhead [#271] - use %pytest macro - Enable tests properly (this is pytest, not unittest), Changes in python-docker: - update to 7.0.0: * Removed SSL version (`ssl_version`) and explicit hostname check (`assert_hostname`) options (#3185) * Python 3.7+ supports TLSv1.3 by default * Websocket support is no longer included by default (#3123) * Use `pip install docker[websockets]` to include `websocket- client` dependency * By default, `docker-py` hijacks the TCP connection and does not use Websockets * Websocket client is only required to use `attach_socket(container, ws=True)` * Python 3.7 no longer supported (reached end-of-life June 2023) (#3187) * Python 3.12 support (#3185) * Full `networking_config` support for `containers.create()` * Replaces `network_driver_opt` (added in 6.1.0) * Add `health()` property to container that returns status (e.g. `unhealthy`) * Add `pause` option to `container.commit()` (#3159) * Add support for bind mount propagation (e.g. `rshared`, `private`) * Add support for `filters`, `keep_storage`, and `all` in `prune_builds()` on API v1.39+ (#3192) * Consistently return `docker.errors.NotFound` on 404 responses * Validate tag format before push (#3191) - update to 6.1.3: * Bugfixes - Fix eventlet compatibility (#3132) - update to 6.1.2: * Bugfixes - Fix for socket timeouts on long docker exec calls (#3125) - Respect timeout param on Windows (#3112) - update to 6.1.1: * Upgrade Notes (6.1.x) - Errors are no longer returned during client initialization if the credential helper cannot be found. A warning will be emitted instead, and an error is returned if the credential helper is used. * Bugfixes - Fix containers.stats() hanging with stream=True - Correct return type in docs for containers.diff() method - update to 6.1.0: * Upgrade Notes - Errors are no longer returned during client initialization if the credential helper cannot be found. A warning will be emitted instead, and an error is returned if the credential helper is used. * Features - Python 3.11 support - Use poll() instead of select() on non-Windows platforms - New API fields - network_driver_opt on container run / create - one-shot on container stats - status on services list * Bugfixes - Support for requests 2.29.0+ and urllib3 2.x - Do not strip characters from volume names - Fix connection leak on container.exec_* operations - Fix errors closing named pipes on Windows - update to 6.0.1: * Notice This version is not compatible with requests 2.29+ or urllib3 2.x. Either add requests < 2.29 and urllib3 < 2 to your requirements or upgrade to to the latest docker-py release. * Bugfixes - Fix for The pipe has been ended errors on Windows (#3056) - Support floats for timestamps in Docker logs (since / until) (#3031) - update to 6.0.0: * Upgrade Notes - Minimum supported Python version is 3.7+ - When installing with pip, the docker[tls] extra is deprecated and a no-op, use docker for same functionality (TLS support is always available now) - Native Python SSH client (used by default / use_ssh_client=False) will now - reject unknown host keys with paramiko.ssh_exception.SSHException - Short IDs are now 12 characters instead of 10 characters (same as Docker CLI) - Version metadata is now exposed as __version__ * Features - Python 3.10 support - Automatically negotiate most secure TLS version - Add platform (e.g. linux/amd64, darwin/arm64) to container create & run - Add support for GlobalJob and ReplicatedJobs for Swarm - Add remove() method on Image - Add force param to disable() on Plugin * Bugfixes - Fix install issues on Windows related to pywin32 - Do not accept unknown SSH host keys in native Python SSH mode - Use 12 character short IDs for consistency with Docker CLI - Ignore trailing whitespace in .dockerignore files - Fix IPv6 host parsing when explicit port specified - Fix ProxyCommand option for SSH connections - Do not spawn extra subshell when launching external SSH client - Improve exception semantics to preserve context - Documentation improvements (formatting, examples, typos, missing params) * Miscellaneous - Upgrade dependencies in requirements.txt to latest versions - Remove extraneous transitive dependencies - Eliminate usages of deprecated functions/methods - Test suite reliability improvements - GitHub Actions workflows for linting, unit tests, integration tests, and publishing releases - add sle15_python_module_pythons - python-six is not required as well - python-mock actually not required for build - update to 5.0.3: * Add cap_add and cap_drop parameters to service create and ContainerSpec * Add templating parameter to config create * Bump urllib3 to 1.26.5 * Bump requests to 2.26.0 * Remove support for Python 2.7 * Make Python 3.6 the minimum version supported - Update to 4.4.4 >From project changelog: 4.4.4 Bugfixes Remove LD_LIBRARY_PATH and SSL_CERT_FILE environment variables when shelling out to the ssh client 4.4.3 Features Add support for docker.types.Placement.MaxReplicas Bugfixes Fix SSH port parsing when shelling out to the ssh client 4.4.2 Bugfixes Fix SSH connection bug where the hostname was incorrectly trimmed and the error was hidden Fix docs example Miscellaneous Add Python3.8 and 3.9 in setup.py classifier list 4.4.1 Bugfixes Avoid setting unsuported parameter for subprocess.Popen on Windows Replace use of deprecated 'filter' argument on ''docker/api/image' - update to 4.4.0: - Add an alternative SSH connection to the paramiko one, based on shelling out to the SSh client. Similar to the behaviour of Docker cli - Default image tag to `latest` on `pull` - Fix plugin model upgrade - Fix examples URL in ulimits - Improve exception messages for server and client errors - Bump cryptography from 2.3 to 3.2 - Set default API version to `auto` - Fix conversion to bytes for `float` - Support OpenSSH `identityfile` option - Add `DeviceRequest` type to expose host resources such as GPUs - Add support for `DriverOpts` in EndpointConfig - Disable compression by default when using container.get_archive method - Update default API version to v1.39 - Update test engine version to 19.03.12 - update to 4.2.2: - Fix context load for non-docker endpoints - update to 4.2.1: - Add option on when to use `tls` on Context constructor - Make context orchestrator field optional - Bump required version of pycreds to 0.4.0 (sync with requirements.txt) - update to 3.7.0 (mandatory for latest docker-compose) - add python-dockerpycreds dependency in the spec file rebase hide_py_pckgmgmt.patch Changes in python-fakeredis: - update to 2.21.0: * Implement all TOP-K commands (`TOPK.INFO`, `TOPK.LIST`, `TOPK.RESERVE`, * `TOPK.ADD`, `TOPK.COUNT`, `TOPK.QUERY`, `TOPK.INCRBY`) #278 * Implement all cuckoo filter commands #276 * Implement all Count-Min Sketch commands #277 * Fix XREAD blocking bug #274 #275 * EXAT option does not work #279 - update to 2.20.1: * Fix `XREAD` bug #256 * Testing for python 3.12 - update to 2.20.0: * Implement `BITFIELD` command #247 * Implement `COMMAND`, `COMMAND INFO`, `COMMAND COUNT` #248 - Remove unnecessary BR on python-lupa - update to 2.19.0: * Implement Bloom filters commands #239 * Fix error on blocking XREADGROUP #237 - update to 2.18.1: * Fix stream type issue #233 - update to 2.18.0: * Implement `PUBSUB NUMPAT` #195, `SSUBSCRIBE` #199, `SPUBLISH` #198, `SUNSUBSCRIBE` #200, `PUBSUB SHARDCHANNELS` #196, `PUBSUB SHARDNUMSUB` #197 * Fix All aio.FakeRedis instances share the same server #218 - update to 2.17.0: * Implement `LPOS` #207, `LMPOP` #184, and `BLMPOP` #183 * Implement `ZMPOP` #191, `BZMPOP` #186 * Fix incorrect error msg for group not found #210 * fix: use same server_key within pipeline when issued watch issue with ZRANGE and ZRANGESTORE with BYLEX #214 * Implemented support for `JSON.MSET` #174, `JSON.MERGE` #181 * Add support for version for async FakeRedis #205 * Updated how to test django_rq #204 - update to 2.15.0: * Implemented support for various stream groups commands: * `XGROUP CREATE` #161, `XGROUP DESTROY` #164, `XGROUP SETID` #165, `XGROUP DELCONSUMER` #162, * `XGROUP CREATECONSUMER` #163, `XINFO GROUPS` #168, `XINFO CONSUMERS` #168, `XINFO STREAM` #169, `XREADGROUP` #171, * `XACK` #157, `XPENDING` #170, `XCLAIM` #159, `XAUTOCLAIM` * Implemented sorted set commands: * `ZRANDMEMBER` #192, `ZDIFF` #187, `ZINTER` #189, `ZUNION` #194, `ZDIFFSTORE` #188, * `ZINTERCARD` #190, `ZRANGESTORE` #193 * Implemented list commands: * `BLMOVE` #182, * Improved documentation. * Fix documentation link * Fix requirement for packaging.Version #177 * Implement `HRANDFIELD` #156 * Implement `JSON.MSET` * Improve streams code - update to 2.13.0: * Fixed xadd timestamp (fixes #151) (#152) * Implement XDEL #153 * Improve test code * Fix reported security issue * Add support for `Connection.read_response` arguments used in redis-py 4.5.5 and 5.0.0 * Adding state for scan commands (#99) * Improved documentation (added async sample, etc.) - update to 2.12.0: * Implement `XREAD` #147 * Unique FakeServer when no connection params are provided * Minor fixes supporting multiple connections * Update documentation * connection parameters awareness: * Creating multiple clients with the same connection parameters will result in the same server data structure. * Fix creating fakeredis.aioredis using url with user/password - add sle15_python_module_pythons - Update to 2.10.3: * Support for redis-py 5.0.0b1 * Include tests in sdist (#133) * Fix import used in GenericCommandsMixin.randomkey (#135) * Fix async_timeout usage on py3.11 (#132) * Enable testing django-cache using FakeConnection. * All geo commands implemented * Fix bug for xrange * Fix bug for xrevrange * Implement XTRIM * Add support for MAXLEN, MAXID, LIMIT arguments for XADD command * Add support for ZRANGE arguments for ZRANGE command #127 * Relax python version requirement #128 * Support for redis-py 4.5.0 #125 - update to 2.7.1: * Fix import error for NoneType (#120) * Implement - JSON.ARRINDEX - JSON.OBJLEN - JSON.OBJKEYS - JSON.ARRPOP - JSON.ARRTRIM - JSON.NUMINCRBY - JSON.NUMMULTBY - XADD - XLEN - XRANGE - XREVRANGE * Implement `JSON.TYPE`, `JSON.ARRLEN` and `JSON.ARRAPPEND` * Fix encoding of None (#118) - update to v2.5.0: * Implement support for BITPOS (bitmap command) (#112) * Fix json mget when dict is returned (#114) * fix: properly export (#116) * Extract param handling (#113) - update to v2.4.0: * Implement LCS (#111), BITOP (#110) * Fix bug checking type in scan_iter (#109) * Implement GETEX (#102) * Implement support for JSON.STRAPPEND (json command) (#98) * Implement JSON.STRLEN, JSON.TOGGLE and fix bugs with JSON.DEL (#96) * Implement PUBSUB CHANNELS, PUBSUB NUMSUB * Implement JSON.CLEAR (#87) * Support for redis-py v4.4.0 * Implement json.mget (#85) * Initial json module support - JSON.GET, JSON.SET and JSON.DEL (#80) * fix: add nowait for asyncio disconnect (#76) * Refactor how commands are registered (#79) * Refactor tests from redispy4_plus (#77) * Remove support for aioredis separate from redis-py (redis-py versions 4.1.2 and below). (#65) * Add support for redis-py v4.4rc4 (#73) * Add mypy support (#74) * Implement support for zmscore by @the-wondersmith in #67 * What's Changed * implement GETDEL and SINTERCARD support by @cunla in #57 * Test get float-type behavior by @cunla in #59 * Implement BZPOPMIN/BZPOPMAX support by @cunla in #60 - drop fakeredis-pr54-fix-ensure_str.patch (upstream) - Update to 1.9.3 * Removed python-six dependency * zadd support for GT/LT by @cunla in #49 * Remove six dependency by @cunla in #51 * Add host to conn_pool_args by @cunla in #51 - Drop python-fakeredis-no-six.patch which was incomplete * all commits, including the missing ones in release now - Add fakeredis-pr54-fix-ensure_str.patch - use upstream https://github.com/cunla/fakeredis-py/pull/51/ - modified patches % python-fakeredis-no-six.patch (refreshed) - version update to 1.9.1 * Zrange byscore by @cunla in #44 * Expire options by @cunla in #46 * Enable redis7 support by @cunla in #42 - added patches fix https://github.com/cunla/fakeredis-py/issues/50 + python-fakeredis-no-six.patch - Update to 1.8.1 * fix: allow redis 4.3.* by @terencehonles in #30 - Release 1.8 * Fix handling url with username and password by @cunla in #27 * Refactor tests by @cunla in #28 - Release 1.7.6 * add IMOVE operation by @BGroever in #11 * Add SMISMEMBER command by @OlegZv in #20 * fix: work with redis.asyncio by @zhongkechen in #10 * Migrate to poetry by @cunla in #12 * Create annotation for redis4+ tests by @cunla in #14 * Make aioredis and lupa optional dependencies by @cunla in #16 * Remove aioredis requirement if redis-py 4.2+ by @ikornaselur in #19 - update to 1.7.0 * Change a number of corner-case behaviours to match Redis 6.2.6. * Fix DeprecationWarning for sampling from a set * Improved support for constructor arguments * Support redis-py 4 * Add support for GET option to SET * PERSIST and EXPIRE should invalidate watches - Update to 1.6.1 * #305 Some packaging modernisation * #306 Fix FakeRedisMixin.from_url for unix sockets * #308 Remove use of async_generator from tests - Release 1.6.0 * #304 Support aioredis 2 * #302 Switch CI from Travis CI to Github Actions - update to 1.5.2 * support python 3.9 * support aioredis - Disable py2 as upstream actually disabled python2 support competely * The syntax simply is not compatible - Update to 1.3.0: * No upstream changelog - python2 tests are dysfunctional, test with python3 only - Update to 1.0.5: * No upstream changelog - Update to 1.0.4: * various bugfixes all around - Update to v1.0.3 * Support for redis 3.2 (no effective changes in v1.0.2) - Initial spec for v1.0.1 Changes in python-fixedint: - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install - Fix capitalization in Summary - Limit Python files matched in %files section - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} + Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}} - Initial build + Version 0.2.0 Changes in python-httplib2: - require setuptools - Clean up SPEC file. - Add %{?sle15_python_module_pythons} - update to 0.22.0: * https: disable_ssl_certificate_validation caused ValueError: Cannot set verify_mode to CERT_NONE when check_hostname is enabled - Update to 0.21.0: * http: `Content-Encoding: deflate` must accept zlib encapsulation * https://github.com/httplib2/httplib2/pull/230 * Begin support and CI against CPython 3.10 and 3.11. - update to 0.20.4: proxy: support proxy urls with ipv6 address Tests compatible with Python3.10 and recent pytest. - add pyparsing dependency - update to 0.20.2: auth: support pyparsing v3 proxy: correct extraction of errno from pysocks ProxyConnectionError IMPORTANT cacerts: remove expired DST Root CA X3, add ISRG Root X1, X2 - update to 0.19.1: * auth header parsing performance optimizations; Thanks to Paul McGuire * Use mock from the standard library on Python>=3.3 set first, othewise a 'ValueError: Cannot set verify_mode to CERT_NONE when check_hostname instead (bnc#761162) item not in cache - initial version of python-httplib2 (0.2.0) Changes in python-httpretty: - Add patch 0001-Fix-test_417_openssl.py-if-pyOpenSSL-not-available.patch: * Fix tests without pyOpenSSL support in urllib3 - Allow building with python-urllib3 >= 2.x - Do not use python-boto3 when building in SLE where it's currently not available for python311 - Add %{?sle15_python_module_pythons} - skip failing testsuite tests after requests update - Add patch relax-test-callback-response.patch: * Relax timeout for test_callback_response (bsc#1209571) - Add patch 460-miliseconds_tests.patch (gh#gabrielfalcao/HTTPretty#460): * Correct tests for s390x and aarch64 because of timeout failures after 2 miliseconds - Fix test suite: * Remove nose idioms * Remove outdated test skips - Add patch double-slash-paths.patch: * http.request may replace // with /, handle that in the testcase. - Add 453-fix-tests-pytest.patch (gh#gabrielfalcao/HTTPretty#449) to make tests compatible with pytest. - Add patch remove-mock.patch: * Use unittest.mock in the functional tests. - specfile: * update copyright year - update to version 1.1.4: * Bugfix: #435 Fallback to WARNING when logging.getLogger().level is None. - changes from version 1.1.3: * Bugfix: #430 Respect socket timeout. - changes from version 1.1.2: * Bugfix: #426 Segmentation fault when running against a large amount of tests with pytest --mypy. - changes from version 1.1.1: * Bugfix: httpretty.disable() injects pyopenssl into :py:mod:`urllib3` even if it originally wasn't #417 * Bugfix: 'Incompatibility with boto3 S3 put_object' #416 * Bugfix: 'Regular expression for URL -> TypeError: wrap_socket() missing 1 required' #413 * Bugfix: 'Making requests to non-stadard port throws TimeoutError '#387 - changes from version 1.1.0: * Feature: Display mismatched URL within UnmockedError whenever possible. #388 * Feature: Display mismatched URL via logging. #419 * Add new properties to :py:class:`httpretty.core.HTTPrettyRequest` (protocol, host, url, path, method). - Updater to 1.0.5 * Bugfix: Support socket.socketpair() . #402 * Bugfix: Prevent exceptions from re-applying monkey patches. #406 - Release 1.0.4 * Python 3.8 and 3.9 support. #407 - Update to 1.0.3 * Fix compatibility with urllib3>=1.26. #410 - Replace nose with nose2 - avoid reading DNS resolver settings gh#gabrielfalcao/HTTPretty#405 - remove unnecessary test packages - Update to 1.0.2 * Drop Python 2 support. * Fix usage with redis and improve overall real-socket passthrough. * Fix TypeError: wrap_socket() missing 1 required positional argument: 'sock'. * Fix simple typo: neighter -> neither. * Updated documentation for register_uri concerning using ports. * Clarify relation between ``enabled`` and ``httprettized`` in API docs. * Align signature with builtin socket. - Version update to 0.9.6: * Many fixes all around * Support for python 3.7 - Make sure we really run the tests - Remove superfluous devel dependency for noarch package Changes in python-javaproperties: - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} - version update to 0.8.1 v0.8.1 (2021-10-05) ------------------- - Fix a typing issue in Python 3.9 - Support Python 3.10 v0.8.0 (2020-11-28) ------------------- - Drop support for Python 2.7, 3.4, and 3.5 - Support Python 3.9 - `ensure_ascii` parameter added to `PropertiesFile.dump()` and `PropertiesFile.dumps()` - **Bugfix**: When parsing XML input, empty `` tags now produce an empty string as a value, not `None` - Added type annotations - `Properties` and `PropertiesFile` no longer raise `TypeError` when given a non-string key or value, as type correctness is now expected to be enforced through static type checking - The `PropertiesElement` classes returned by `parse()` are no longer subclasses of `namedtuple`, but they can still be iterated over to retrieve their fields like a tuple - python-six is not required Changes in python-jsondiff: - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install - Limit Python files matched in %files section - Add %{?sle15_python_module_pythons} - Update to version 2.0.0 * Removed deprecated function * Remove deprecated jsondiff entry point - from version 1.3.1 * Optionally allow different escape_str than '$' * Clarified the readme, closes #23 * Fixed readme - Remove jsondiff command from %install, %post, %postun and %files sections Changes in python-knack: - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} + Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}} + Drop %define skip_python2 1 - Update to version 0.11.0 * Declare support for Python 3.11 and drop support for Python 3.7 (#275) * Stop converting argument's `bool` default value to `DefaultInt` (#273) - Update to version 0.10.1 * Support bytearray serialization (#268) - Update to version 0.10.0 * Enable Virtual Terminal mode on legacy Windows terminal to support ANSI escape sequences (#265) * Drop Python 3.6 support (#259) - python-mock is not required for build Changes in python-marshmallow: - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install - Limit Python files matched in %files section - update to 3.20.2: * Bug fixes: - Fix Nested field type hint for lambda Schema types (:pr:`2164`). * Other changes: - Officially support Python 3.12 (:pr:`2188`). - update to 3.20.1: * Fix call to ``get_declared_fields``: pass ``dict_cls`` again * Add ``absolute`` parameter to ``URL`` validator and ``Url`` * Use Abstract Base Classes to define ``FieldABC`` and ``SchemaABC`` * Use `OrderedSet` as default `set_class`. Schemas are now ordered by default. * Handle ``OSError`` and ``OverflowError`` in ``utils.from_timestamp`` (:pr:`2102`). * Fix the default inheritance of nested partial schemas * Officially support Python 3.11 (:pr:`2067`). * Drop support for Python 3.7 (:pr:`2135`). - Switch documentation to be within the main package on SLE15 - rename docs subpackage to the more common doc name - Update to 3.19.0 * Add timestamp and timestamp_ms formats to fields.DateTime (#612). Thanks @vgavro for the suggestion and thanks @vanHoi for the PR. Changes in python-opencensus: - Add Obsoletes for old python3 package on SLE-15 - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install - Update to 0.11.4 * Changed bit-mapping for `httpx` and `fastapi` integrations - Refresh patches for new version * opencensus-pr1002-remove-mock.patch - Switch package to modern Python Stack on SLE-15 * Add %{?sle15_python_module_pythons} * Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}} - update to 0.11.3 * Updated azure modules - sorry, six is still needed :( - update to 0.11.2: * Updated `azure`, `fastapi`,`flask` modules * Updated `azure`, `httpx` modules - Update to 0.11.0 * Updated `azure`, `context`, `flask`, `requests` modules - from version 0.10.0 * Add kwargs to derived gauge (#1135) - from version 0.9.0 * Make sure handler.flush() doesn't deadlock (#1112) - Refresh patches for new version * opencensus-pr1002-remove-mock.patch - Update Requires from setup.py Changes in python-opencensus-context: - Clean up the SPEC file - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} + Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}} - Update to 0.1.3 * Move `version.py` file into `runtime_context` folder (#1143) Changes in python-opencensus-ext-threading: - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} + Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}} + Drop build support for Python 2.x Changes in python-opentelemetry-api: - update to 1.23.0: * Use Attribute rather than boundattribute in logrecord (#3567) * Fix flush error when no LoggerProvider configured for LoggingHandler (#3608) * Fix OTLPMetricExporter ignores preferred_aggregation property (#3603) * Logs: set observed_timestamp field (#3565) * Add missing Resource SchemaURL in OTLP exporters (#3652) * Fix loglevel warning text (#3566) * Prometheus Exporter string representation for target_info labels (#3659) * Logs: ObservedTimestamp field is missing in console exporter output (#3564) * Fix explicit bucket histogram aggregation (#3429) * Add code.lineno, code.function and code.filepath to all logs (#3645) * Add Synchronous Gauge instrument (#3462) * Drop support for 3.7 (#3668) * Include key in attribute sequence warning (#3639) * Upgrade markupsafe, Flask and related dependencies to dev and test environments (#3609) * Handle HTTP 2XX responses as successful in OTLP exporters (#3623) * Improve Resource Detector timeout messaging (#3645) * Add Proxy classes for logging (#3575) * Remove dependency on 'backoff' library (#3679) - update to 1.22.0: * Prometheus exporter sanitize info metric (#3572) * Remove Jaeger exporters (#3554) * Log stacktrace on `UNKNOWN` status OTLP export error (#3536) * Fix OTLPExporterMixin shutdown timeout period (#3524) * Handle `taskName` `logrecord` attribute (#3557) - update to 1.21.0: * Fix `SumAggregation`(#3390) * Fix handling of empty metric collection cycles (#3335) * Fix error when no LoggerProvider configured for LoggingHandler (#3423) * Make `opentelemetry_metrics_exporter` entrypoint support pull exporters (#3428) * Allow instrument names to have '/' and up to 255 characters (#3442) * Do not load Resource on sdk import (#3447) * Update semantic conventions to version 1.21.0 (#3251) * Add missing schema_url in global api for logging and metrics (#3251) * Prometheus exporter support for auto instrumentation (#3413) * Modify Prometheus exporter to translate non-monotonic Sums into Gauges (#3306) * Update the body type in the log ($3343) * Add max_scale option to Exponential Bucket Histogram Aggregation (#3323) * Use BoundedAttributes instead of raw dict to extract attributes from LogRecord (#3310) * Support dropped_attributes_count in LogRecord and exporters (#3351) * Add unit to view instrument selection criteria (#3341) * Upgrade opentelemetry-proto to 0.20 and regen #3355) * Include endpoint in Grpc transient error warning #3362) * Fixed bug where logging export is tracked as trace #3375) * Select histogram aggregation with an environment variable * Move Protobuf encoding to its own package (#3169) * Add experimental feature to detect resource detectors in auto instrumentation (#3181) * Fix exporting of ExponentialBucketHistogramAggregation from opentelemetry.sdk.metrics.view (#3240) * Fix headers types mismatch for OTLP Exporters (#3226) * Fix suppress instrumentation for log batch processor (#3223) * Add speced out environment variables and arguments for BatchLogRecordProcessor (#3237) - Fix `ParentBased` sampler for implicit parent spans. Fix also `trace_state` erasure for dropped spans or spans sampled by the `TraceIdRatioBased` sampler. Changes in python-opentelemetry-sdk: - Add missing python-wheel build dependency to BuildRequires - update to 1.23.0: * Use Attribute rather than boundattribute in logrecord (#3567) * Fix flush error when no LoggerProvider configured for LoggingHandler (#3608) * Fix OTLPMetricExporter ignores preferred_aggregation property (#3603) * Logs: set observed_timestamp field (#3565) * Add missing Resource SchemaURL in OTLP exporters (#3652) * Fix loglevel warning text (#3566) * Prometheus Exporter string representation for target_info labels (#3659) * Logs: ObservedTimestamp field is missing in console exporter output (#3564) * Fix explicit bucket histogram aggregation (#3429) * Add code.lineno, code.function and code.filepath to all logs (#3645) * Add Synchronous Gauge instrument (#3462) * Drop support for 3.7 (#3668) * Include key in attribute sequence warning (#3639) * Upgrade markupsafe, Flask and related dependencies to dev and test environments (#3609) * Handle HTTP 2XX responses as successful in OTLP exporters (#3623) * Improve Resource Detector timeout messaging (#3645) * Add Proxy classes for logging (#3575) * Remove dependency on 'backoff' library (#3679) - update to 1.23.0: * Use Attribute rather than boundattribute in logrecord (#3567) * Fix flush error when no LoggerProvider configured for LoggingHandler (#3608) * Fix OTLPMetricExporter ignores preferred_aggregation property (#3603) * Logs: set observed_timestamp field (#3565) * Add missing Resource SchemaURL in OTLP exporters (#3652) * Fix loglevel warning text (#3566) * Prometheus Exporter string representation for target_info labels (#3659) * Logs: ObservedTimestamp field is missing in console exporter output (#3564) * Fix explicit bucket histogram aggregation (#3429) * Add code.lineno, code.function and code.filepath to all logs (#3645) * Add Synchronous Gauge instrument (#3462) * Drop support for 3.7 (#3668) * Include key in attribute sequence warning (#3639) * Upgrade markupsafe, Flask and related dependencies to dev and test environments (#3609) * Handle HTTP 2XX responses as successful in OTLP exporters (#3623) * Improve Resource Detector timeout messaging (#3645) * Add Proxy classes for logging (#3575) * Remove dependency on 'backoff' library (#3679) - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} - Initial package (1.22.0) Changes in python-opentelemetry-semantic-conventions: - update to 0.44b0: * Use Attribute rather than boundattribute in logrecord (#3567) * Fix flush error when no LoggerProvider configured for LoggingHandler (#3608) * Fix OTLPMetricExporter ignores preferred_aggregation property (#3603) * Logs: set observed_timestamp field (#3565) * Add missing Resource SchemaURL in OTLP exporters (#3652) * Fix loglevel warning text (#3566) * Prometheus Exporter string representation for target_info labels (#3659) * Logs: ObservedTimestamp field is missing in console exporter output (#3564) * Fix explicit bucket histogram aggregation (#3429) * Add code.lineno, code.function and code.filepath to all logs (#3645) * Add Synchronous Gauge instrument (#3462) * Drop support for 3.7 (#3668) * Include key in attribute sequence warning (#3639) * Upgrade markupsafe, Flask and related dependencies to dev and test environments (#3609) * Handle HTTP 2XX responses as successful in OTLP exporters (#3623) * Improve Resource Detector timeout messaging (#3645) * Add Proxy classes for logging (#3575) * Remove dependency on 'backoff' library (#3679) - update to 0.43b0: * Prometheus exporter sanitize info metric * Remove Jaeger exporters * Log stacktrace on `UNKNOWN` status OTLP export error * Fix OTLPExporterMixin shutdown timeout period * Handle `taskName` `logrecord` attribute * Fix `SumAggregation` * Fix handling of empty metric collection cycles * Fix error when no LoggerProvider configured for LoggingHandler * Make `opentelemetry_metrics_exporter` entrypoint support pull exporters * Allow instrument names to have '/' and up to 255 characters * Do not load Resource on sdk import * Update semantic conventions to version 1.21.0 * Add missing schema_url in global api for logging and metrics * Prometheus exporter support for auto instrumentation * Drop `setuptools` runtime requirement. * Update the body type in the log ($3343) * Add max_scale option to Exponential Bucket Histogram Aggregation * Use BoundedAttributes instead of raw dict to extract attributes from LogRecord * Support dropped_attributes_count in LogRecord and exporters * Add unit to view instrument selection criteria * Upgrade opentelemetry-proto to 0.20 and regen #3355) * Include endpoint in Grpc transient error warning #3362) * Fixed bug where logging export is tracked as trace #3375) * Select histogram aggregation with an environment variable * Move Protobuf encoding to its own package * Add experimental feature to detect resource detectors in auto instrumentation * Fix exporting of ExponentialBucketHistogramAggregation from opentelemetry.sdk.metrics.view * Fix headers types mismatch for OTLP Exporters * Fix suppress instrumentation for log batch processor * Add speced out environment variables and arguments for BatchLogRecordProcessor - Initial build + Version 0.25b2 Changes in python-opentelemetry-test-utils: - update to 0.44b0: * Use Attribute rather than boundattribute in logrecord (#3567) * Fix flush error when no LoggerProvider configured for LoggingHandler (#3608) * Fix OTLPMetricExporter ignores preferred_aggregation property (#3603) * Logs: set observed_timestamp field (#3565) * Add missing Resource SchemaURL in OTLP exporters (#3652) * Fix loglevel warning text (#3566) * Prometheus Exporter string representation for target_info labels (#3659) * Logs: ObservedTimestamp field is missing in console exporter output (#3564) * Fix explicit bucket histogram aggregation (#3429) * Add code.lineno, code.function and code.filepath to all logs (#3645) * Add Synchronous Gauge instrument (#3462) * Drop support for 3.7 (#3668) * Include key in attribute sequence warning (#3639) * Upgrade markupsafe, Flask and related dependencies to dev and test environments (#3609) * Handle HTTP 2XX responses as successful in OTLP exporters (#3623) * Improve Resource Detector timeout messaging (#3645) * Add Proxy classes for logging (#3575) * Remove dependency on 'backoff' library (#3679) - Initial package (0.43b0) Changes in python-pycomposefile: - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} - Initial build + Version 0.0.30 Changes in python-pydash: - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} + Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}} - Update to version 6.0.2 * Only prevent access to object paths containing ``__globals__`` or ``__builtins__`` instead of all dunder-methods for non-dict/list objects. - from version 6.0.1 * Fix exception raised due to mishandling of non-string keys in functions like ``get()`` for non-dict/list objects that used integer index references like ``'[0]'``. - from version 6.0.0 * Prevent access to object paths containing dunder-methods in functions like ``get()`` for non-dict/list objects. Attempting to access dunder-methods using get-path keys will raise a ``KeyError`` (e.g. ``get(SomeClass(), '__init__'`` will raise). Access to dict keys are unaffected (e.g. ``get({'__init__': True}, '__init__')`` will return ``True``). (**breaking change**) * Add support for Python 3.11. * Drop support for Python 3.6 (**breaking change**) - from version 5.1.2 * Remove unnecessary type check and conversion for ``exceptions`` argument in ``pydash.retry``. - from version 5.1.1 * Add support for Python 3.10. * Fix timing assertion issue in test for ``pydash.delay`` where it could fail on certain environments. - Switch build system from setuptools to pyproject.toml - Update BuildRequires from pyproject.toml - version update to 5.1.0 v5.1.0 (2021-10-02) ------------------- - Support matches-style callbacks on non-dictionary objects that are compatible with ``pydash.get`` in functions like ``pydash.find``. v5.0.2 (2021-07-15) ------------------- - Fix compatibility issue between ``pydash.py_`` / ``pydash._`` and ``typing.Protocol`` + ``typing.runtime_checkable`` that caused an exception to be raised for ``isinstance(py_, SomeRuntimeCheckableProtocol)``. v5.0.1 (2021-06-27) ------------------- - Fix bug in ``merge_with`` that prevented custom iteratee from being used when recursively merging. Thanks weineel_! v5.0.0 (2021-03-29) ------------------- - Drop support for Python 2.7. (**breaking change**) - Improve Unicode word splitting in string functions to be inline with Lodash. Thanks mervynlee94_! (**breaking change**) - ``camel_case`` - ``human_case`` - ``kebab_case`` - ``lower_case`` - ``pascal_case`` - ``separator_case`` - ``slugify`` - ``snake_case`` - ``start_case`` - ``upper_case`` - Optimize regular expression constants used in ``pydash.strings`` by pre-compiling them to regular expression pattern objects. v4.9.3 (2021-03-03) ------------------- - Fix regression introduced in ``v4.8.0`` that caused ``merge`` and ``merge_with`` to raise an exception when passing ``None`` as the first argument. v4.9.2 (2020-12-24) ------------------- - Fix regression introduced in ``v4.9.1`` that broke ``pydash.get`` for dictionaries and dot-delimited keys that reference integer dict-keys. v4.9.1 (2020-12-14) ------------------- - Fix bug in ``get/has`` that caused ``defaultdict`` objects to get populated on key access. v4.9.0 (2020-10-27) ------------------- - Add ``default_to_any``. Thanks gonzalonaveira_! - Fix mishandling of key names containing ``\.`` in ``set_``, ``set_with``, and ``update_with`` where the ``.`` was not treated as a literal value within the key name. Thanks zhaowb_! - python-mock is not required for build - Activate test suite - Update to v4.8.0 - Initial spec for v4.7.6 Changes in python-redis: - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install - add https://github.com/redis/redis-py/pull/3005 as Close-various-objects-created-during-asyncio-tests.patch to fix tests for python 3.12 - Add patch to increase timeouts in s390x where tests take longer to run: * increase-test-timeout.patch - Disable broken tests for ppc64le, bsc#1216606 - Add pytest.ini source needed to run tests - Remove/disable broken tests because of suse environment - drop tox.ini. seems it does no longer exist in 5.0.1 - add support to easily disable the testsuite at build time - update to 5.0.1 - New Features - Provide aclose() / close() for classes requiring lifetime management (#2898) - Add support for ModuleCommands in cluster (#2951) - Add support for multiple values in RPUSHX (#2949) - Add Redis.from_pool() class method, for explicitly owning and closing a ConnectionPool (#2913) - Bug Fixes - Fixing monitor parsing for messages containing specific substrings (#2950) - Cluster determine slot command name need to be upper (#2919) - Support timeout = 0 in search query (#2934) - Fix async sentinel: add push_request keyword argument to read_response (#2922) - Fix protocol checking for search commands (#2923) - Fix: SentinelManagedConnection.read_response() got an unexpected keyword argument 'push_request' (#2894) - Fix: automatically close connection pool for async Sentinel (#2900) - Save a reference to created async tasks, to avoid tasks potentially disappearing (#2816) - Avoid reference cycling by the garbage collector during response reading (#2932) - Maintenance - Type hint improvements (#2952) - Replace clear_connect_callbacks with _deregister_connect_callback (#2955) - Async fixes, remove del and other things (#2870) - Add pagination, sorting and grouping examples to search json example (#2890) - Remove process-id checks from asyncio. Asyncio and fork() does not mix. (#2911) - Fix resource usage and cleanup Mocks in the unit tests (#2936) - Remove mentions of tox (#2929) - Add 7.2 to supported Redis versions (#2896) - Fix resource warnings in unit tests (#2899) - Fix typo in redis-stream-example.ipynb (#2918) - Deprecate RedisGraph (#2927) - Fix redis 7.2.0 tests (#2902) - Fix test_scorer (search) (#2920) - changes from 5.0.0 - What's new? - Triggers and Functions support Triggers and Functions allow you to execute server-side functions triggered when key values are modified or created in Redis, a stream entry arrival, or explicitly calling them. Simply put, you can replace Lua scripts with easy-to-develop JavaScript or TypeScript code. Move your business logic closer to the data to ensure a lower latency, and forget about updating dependent key values manually in your code. Try it for yourself with Quick start - Full Redis 7.2 and RESP3 support - Python 3.7 End-of-Life - Python 3.7 has reached its end-of-life (EOL) as of June 2023. This means that starting from this date, Python 3.7 will no longer receive any updates, including security patches, bug fixes, or improvements. If you continue to use Python 3.7 post-EOL, you may expose your projects and systems to potential security vulnerabilities. We ended its support in this version and strongly recommend migrating to Python 3.10. - Bug Fixes - Fix timeout retrying on pipeline execution (#2812) - Fix socket garbage collection (#2859) - Maintenance - Updating client license to clear, MIT (#2884) - Add py.typed in accordance with PEP-561 (#2738) - Dependabot label change (#2880) - Fix type hints in SearchCommands (#2817) - Add sync modules (except search) tests to cluster CI (#2850) - Fix a duplicate word in CONTRIBUTING.md (#2848) - Fixing doc builds (#2869) - Change cluster docker to edge and enable debug command (#2853) - changes from 4.6.0 - Experimental Features - Support JSON.MERGE command (#2761) - Support JSON.MSET command (#2766) - New Features - Extract abstract async connection class (#2734) - Add support for WAITAOF (#2760) - Introduce OutOfMemoryError exception for Redis write command rejections due to OOM errors (#2778) - Add WITHSCORE argument to ZRANK (#2758) - Bug Fixes - Fix dead weakref in sentinel connection causing ReferenceError (#2767) (#2771) - Fix Key Error in parse_xinfo_stream (#2788) - Remove unnecessary __del__ handlers (#2755) - Added support for missing argument to SentinelManagedConnection.read_response() (#2756) - Maintenance - Fix type hint for retry_on_error in async cluster (#2804) - Clean up documents and fix some redirects (#2801) - Add unit tests for the connect method of all Redis connection classes (#2631) - Docstring formatting fix (#2796) - update to 4.5.5: * Add support for CLIENT NO-TOUCH * Add support for CLUSTER MYSHARDID * Add 'address_remap' feature to RedisCluster * Add WITHSCORES argument to ZREVRANK command * Improve error output for master discovery * Fix XADD: allow non negative maxlen * Fix create single connection client from url * Optionally disable disconnects in read_response * Fix SLOWLOG GET return value * Fix potential race condition during disconnection * Return response in case of KeyError * Fix incorrect usage of once flag in async Sentinel * Fix memory leak caused by hiredis in asyncio case * Really do not use asyncio's timeout lib before 3.11.2 - add sle15_python_module_pythons - Update to 4.5.4: * Security + Cancelling an async future does not, properly trigger, leading to a potential data leak in specific cases. (CVE-2023-28858, bsc#1209811) + Cancelling an async future does not, properly trigger, leading to a potential data leak in specific cases. (CVE-2023-28859, bsc#1209812) * New Features + Introduce AbstractConnection so that UnixDomainSocketConnection can call super().init (#2588) + Added queue_class to REDIS_ALLOWED_KEYS (#2577) + Made search document subscriptable (#2615) + Sped up the protocol parsing (#2596) + Use hiredis::pack_command to serialized the commands. (#2570) + Add support for unlink in cluster pipeline (#2562) * Bug Fixes + Fixing cancelled async futures (#2666) + Fix: do not use asyncio's timeout lib before 3.11.2 (#2659) + Fix UDS in v4.5.2: UnixDomainSocketConnection missing constructor argument (#2630) + CWE-404 AsyncIO Race Condition Fix (#2624, #2579) + Fix behaviour of async PythonParser to match RedisParser as for issue #2349 (#2582) + Replace async_timeout by asyncio.timeout (#2602) + Update json().arrindex() default values (#2611) + Fix #2581 UnixDomainSocketConnection object has no attribute _command_packer (#2583) + Fix issue with pack_commands returning an empty byte sequence (#2416) + Async HiredisParser should finish parsing after a Connection.disconnect() (#2557) + Check for none, prior to raising exception (#2569) + Tuple function cannot be passed more than one argument (#2573) + Synchronise concurrent command calls to single-client to single-client mode (#2568) + Async: added 'blocking' argument to call lock method (#2454) + Added a replacement for the default cluster node in the event of failure. (#2463) + Fixed geosearch: Wrong number of arguments for geosearch command (#2464) - Clean up BuildRequires and Requires. - Disable broken test test_xautoclaim gh#redis/redis-py#2554 - udpate to 4.3.5: * Add support for TIMESERIES 1.8 (#2296) * Graph - add counters for removed labels and properties (#2292) * Add support for TDIGEST.QUANTILE extensions (#2317) * Add TDIGEST.TRIMMED_MEAN (#2300) * Add support for async GRAPH module (#2273) * Support TDIGEST.MERGESTORE and make compression optional on TDIGEST.CREATE (#2319) * Adding reserve as an alias for create, so that we have BF.RESERVE and CF.RESERVE accuratenly supported (#2331) * Fix async connection.is_connected to return a boolean value (#2278) * Fix: workaround asyncio bug on connection reset by peer (#2259) * Fix crash: key expire while search (#2270) * Async cluster: fix concurrent pipeline (#2280) * Fix async SEARCH pipeline (#2316) * Fix KeyError in async cluster - initialize before execute multi key commands (#2439) * Supply chain risk reduction: remove dependency on library named deprecated (#2386) * Search test - Ignore order of the items in the response (#2322) * Fix GRAPH.LIST & TDIGEST.QUANTILE tests (#2335) * Fix TimeSeries range aggregation (twa) tests (#2358) * Mark TOPK.COUNT as deprecated (#2363) - update to 4.3.4: * Fix backward compatibility from 4.3.2 in Lock.acquire() * Fix XAUTOCLAIM to return the full response, instead of only keys 2+ * Added dynamic_startup_nodes configuration to RedisCluster. * Fix retries in async mode * Async cluster: fix simultaneous initialize * Uppercased commands in CommandsParser.get_keys * Late eval of the skip condition in async tests * Reuse the old nodes' connections when a cluster topology refresh is being done * Docs: add pipeline examples * Correct retention_msecs value * Cluster: use pipeline to execute split commands * Docs: Add a note about client_setname and client_name difference - Delete unused redismod.conf, remove duplicate Source entry for tox.ini - Add redismod.conf and tox.ini as Sources to SPEC file. - Update to version 4.3.3 * Fix Lock crash, and versioning 4.3.3 (#2210) * Async cluster: improve docs (#2208) - Release 4.3.2 * SHUTDOWN - add support for the new NOW, FORCE and ABORT modifiers (#2150) * Adding pipeline support for async cluster (#2199) * Support CF.MEXISTS + Clean bf/commands.py (#2184) * Extending query_params for FT.PROFILE (#2198) * Implementing ClusterPipeline Lock (#2190) * Set default response_callbacks to redis.asyncio.cluster.ClusterNode (#2201) * Add default None for maxlen at xtrim command (#2188) * Async cluster: add/update typing (#2195) * Changed list type to single element type (#2203) * Made sync lock consistent and added types to it (#2137) * Async cluster: optimisations (#2205) * Fix typos in README (#2206) * Fix modules links to https://redis.io/commands/ (#2185) - Update to version 4.3.1 * Allow negative `retries` for `Retry` class to retry forever * Add `items` parameter to `hset` signature * Create codeql-analysis.yml (#1988). Thanks @chayim * Add limited support for Lua scripting with RedisCluster * Implement `.lock()` method on RedisCluster * Fix cursor returned by SCAN for RedisCluster & change default target to PRIMARIES * Fix scan_iter for RedisCluster * Remove verbose logging when initializing ClusterPubSub, ClusterPipeline or RedisCluster * Fix broken connection writer lock-up for asyncio (#2065) * Fix auth bug when provided with no username (#2086) - Release 4.1.3 * Fix flushdb and flushall (#1926) * Add redis5 and redis4 dockers (#1871) * Change json.clear test multi to be up to date with redisjson (#1922) * Fixing volume for unstable_cluster docker (#1914) * Update changes file with changes since 4.0.0-beta2 (#1915) - Release 4.1.2 * Invalid OCSP certificates should raise ConnectionError on failed validation (#1907) * Added retry mechanism on socket timeouts when connecting to the server (#1895) * LMOVE, BLMOVE return incorrect responses (#1906) * Fixing AttributeError in UnixDomainSocketConnection (#1903) * Fixing TypeError in GraphCommands.explain (#1901) * For tests, increasing wait time for the cluster (#1908) * Increased pubsub's wait_for_messages timeout to prevent flaky tests (#1893) * README code snippets formatted to highlight properly (#1888) * Fix link in the main page (#1897) * Documentation fixes: JSON Example, SSL Connection Examples, RTD version (#1887) * Direct link to readthedocs (#1885) - Release 4.1.1 * Add retries to connections in Sentinel Pools (#1879) * OCSP Stapling Support (#1873) * Define incr/decr as aliases of incrby/decrby (#1874) * FT.CREATE - support MAXTEXTFIELDS, TEMPORARY, NOHL, NOFREQS, SKIPINITIALSCAN (#1847) * Timeseries docs fix (#1877) * get_connection: catch OSError too (#1832) * Set keys var otherwise variable not created (#1853) * Clusters should optionally require full slot coverage (#1845) * Triple quote docstrings in client.py PEP 257 (#1876) * syncing requirements (#1870) * Typo and typing in GraphCommands documentation (#1855) * Allowing poetry and redis-py to install together (#1854) * setup.py: Add project_urls for PyPI (#1867) * Support test with redis unstable docker (#1850) * Connection examples (#1835) * Documentation cleanup (#1841) - Release 4.1.0 * OCSP stapling support (#1820) * Support for SELECT (#1825) * Support for specifying error types with retry (#1817) * Support for RESET command since Redis 6.2.0 (#1824) * Support CLIENT TRACKING (#1612) * Support WRITE in CLIENT PAUSE (#1549) * JSON set_file and set_path support (#1818) * Allow ssl_ca_path with rediss:// urls (#1814) * Support for password-encrypted SSL private keys (#1782) * Support SYNC and PSYNC (#1741) * Retry on error exception and timeout fixes (#1821) * Fixing read race condition during pubsub (#1737) * Fixing exception in listen (#1823) * Fixed MovedError, and stopped iterating through startup nodes when slots are fully covered (#1819) * Socket not closing after server disconnect (#1797) * Single sourcing the package version (#1791) * Ensure redis_connect_func is set on uds connection (#1794) * SRTALGO - Skip for redis versions greater than 7.0.0 (#1831) * Documentation updates (#1822) * Add CI action to install package from repository commit hash (#1781) (#1790) * Fix link in lmove docstring (#1793) * Disabling JSON.DEBUG tests (#1787) * Migrated targeted nodes to kwargs in Cluster Mode (#1762) * Added support for MONITOR in clusters (#1756) * Adding ROLE Command (#1610) * Integrate RedisBloom support (#1683) * Adding RedisGraph support (#1556) * Allow overriding connection class via keyword arguments (#1752) * Aggregation LOAD * support for RediSearch (#1735) * Adding cluster, bloom, and graph docs (#1779) * Add packaging to setup_requires, and use >= to play nice to setup.py (fixes #1625) (#1780) * Fixing the license link in the readme (#1778) * Removing distutils from tests (#1773) * Fix cluster ACL tests (#1774) * Improved RedisCluster's reinitialize_steps and documentation (#1765) * Added black and isort (#1734) * Link Documents for all module commands (#1711) * Pyupgrade + flynt + f-strings (#1759) * Remove unused aggregation subclasses in RediSearch (#1754) * Adding RedisCluster client to support Redis Cluster Mode (#1660) * Support RediSearch FT.PROFILE command (#1727) * Adding support for non-decodable commands (#1731) * COMMAND GETKEYS support (#1738) * RedisJSON 2.0.4 behaviour support (#1747) * Removing deprecating distutils (PEP 632) (#1730) * Updating PR template (#1745) * Removing duplication of Script class (#1751) * Splitting documentation for read the docs (#1743) * Improve code coverage for aggregation tests (#1713) * Fixing COMMAND GETKEYS tests (#1750) * GitHub release improvements (#1684) - Release 4.0.2 * Restoring Sentinel commands to redis client (#1723) * Better removal of hiredis warning (#1726) * Adding links to redis documents in function calls (#1719) - Release 4.0.1 * Removing command on initial connections (#1722) * Removing hiredis warning when not installed (#1721) - Release 4.0.0 * FT.EXPLAINCLI intentionally raising NotImplementedError * Restoring ZRANGE desc for Redis < 6.2.0 (#1697) * Response parsing occasionally fails to parse floats (#1692) * Re-enabling read-the-docs (#1707) * Call HSET after FT.CREATE to avoid keyspace scan (#1706) * Unit tests fixes for compatibility (#1703) * Improve documentation about Locks (#1701) * Fixes to allow --redis-url to pass through all tests (#1700) * Fix unit tests running against Redis 4.0.0 (#1699) * Search alias test fix (#1695) * Adding RediSearch/RedisJSON tests (#1691) * Updating codecov rules (#1689) * Tests to validate custom JSON decoders (#1681) * Added breaking icon to release drafter (#1702) * Removing dependency on six (#1676) * Re-enable pipeline support for JSON and TimeSeries (#1674) * Export Sentinel, and SSL like other classes (#1671) * Restore zrange functionality for older versions of Redis (#1670) * Fixed garbage collection deadlock (#1578) * Tests to validate built python packages (#1678) * Sleep for flaky search test (#1680) * Test function renames, to match standards (#1679) * Docstring improvements for Redis class (#1675) * Fix georadius tests (#1672) * Improvements to JSON coverage (#1666) * Add python_requires setuptools check for python > 3.6 (#1656) * SMISMEMBER support (#1667) * Exposing the module version in loaded_modules (#1648) * RedisTimeSeries support (#1652) * Support for json multipath ($) (#1663) * Added boolean parsing to PEXPIRE and PEXPIREAT (#1665) * Add python_requires setuptools check for python > 3.6 (#1656) * Adding vulture for static analysis (#1655) * Starting to clean the docs (#1657) * Update README.md (#1654) * Adding description format for package (#1651) * Publish to pypi as releases are generated with the release drafter (#1647) * Restore actions to prs (#1653) * Fixing the package to include commands (#1649) * Re-enabling codecov as part of CI process (#1646) * Adding support for redisearch (#1640) Thanks @chayim * redisjson support (#1636) Thanks @chayim * Sentinel: Add SentinelManagedSSLConnection (#1419) Thanks @AbdealiJK * Enable floating parameters in SET (ex and px) (#1635) Thanks @AvitalFineRedis * Add warning when hiredis not installed. Recommend installation. (#1621) Thanks @adiamzn * Raising NotImplementedError for SCRIPT DEBUG and DEBUG SEGFAULT (#1624) Thanks @chayim * CLIENT REDIR command support (#1623) Thanks @chayim * REPLICAOF command implementation (#1622) Thanks @chayim * Add support to NX XX and CH to GEOADD (#1605) Thanks @AvitalFineRedis * Add support to ZRANGE and ZRANGESTORE parameters (#1603) Thanks @AvitalFineRedis * Pre 6.2 redis should default to None for script flush (#1641) Thanks @chayim * Add FULL option to XINFO SUMMARY (#1638) Thanks @agusdmb * Geosearch test should use any=True (#1594) Thanks @Andrew-Chen-Wang * Removing packaging dependency (#1626) Thanks @chayim * Fix client_kill_filter docs for skimpy (#1596) Thanks @Andrew-Chen-Wang * Normalize minid and maxlen docs (#1593) Thanks @Andrew-Chen-Wang * Update docs for multiple usernames for ACL DELUSER (#1595) Thanks @Andrew-Chen-Wang * Fix grammar of get param in set command (#1588) Thanks @Andrew-Chen-Wang * Fix docs for client_kill_filter (#1584) Thanks @Andrew-Chen-Wang * Convert README & CONTRIBUTING from rst to md (#1633) Thanks @davidylee * Test BYLEX param in zrangestore (#1634) Thanks @AvitalFineRedis * Tox integrations with invoke and docker (#1632) Thanks @chayim * Adding the release drafter to help simplify release notes (#1618). Thanks @chayim * BACKWARDS INCOMPATIBLE: Removed support for end of life Python 2.7. #1318 * BACKWARDS INCOMPATIBLE: All values within Redis URLs are unquoted via urllib.parse.unquote. Prior versions of redis-py supported this by specifying the ``decode_components`` flag to the ``from_url`` functions. This is now done by default and cannot be disabled. #589 * POTENTIALLY INCOMPATIBLE: Redis commands were moved into a mixin (see commands.py). Anyone importing ``redis.client`` to access commands directly should import ``redis.commands``. #1534, #1550 * Removed technical debt on REDIS_6_VERSION placeholder. Thanks @chayim #1582. * Various docus fixes. Thanks @Andrew-Chen-Wang #1585, #1586. * Support for LOLWUT command, available since Redis 5.0.0. Thanks @brainix #1568. * Added support for CLIENT REPLY, available in Redis 3.2.0. Thanks @chayim #1581. * Support for Auto-reconnect PubSub on get_message. Thanks @luhn #1574. * Fix RST syntax error in README/ Thanks @JanCBrammer #1451. * IDLETIME and FREQ support for RESTORE. Thanks @chayim #1580. * Supporting args with MODULE LOAD. Thanks @chayim #1579. * Updating RedisLabs with Redis. Thanks @gkorland #1575. * Added support for ASYNC to SCRIPT FLUSH available in Redis 6.2.0. Thanks @chayim. #1567 * Added CLIENT LIST fix to support multiple client ids available in Redis 2.8.12. Thanks @chayim #1563. * Added DISCARD support for pipelines available in Redis 2.0.0. Thanks @chayim #1565. * Added ACL DELUSER support for deleting lists of users available in Redis 6.2.0. Thanks @chayim. #1562 * Added CLIENT TRACKINFO support available in Redis 6.2.0. Thanks @chayim. #1560 * Added GEOSEARCH and GEOSEARCHSTORE support available in Redis 6.2.0. Thanks @AvitalFine Redis. #1526 * Added LPUSHX support for lists available in Redis 4.0.0. Thanks @chayim. #1559 * Added support for QUIT available in Redis 1.0.0. Thanks @chayim. #1558 * Added support for COMMAND COUNT available in Redis 2.8.13. Thanks @chayim. #1554. * Added CREATECONSUMER support for XGROUP available in Redis 6.2.0. Thanks @AvitalFineRedis. #1553 * Including slowly complexity in INFO if available. Thanks @ian28223 #1489. * Added support for STRALGO available in Redis 6.0.0. Thanks @AvitalFineRedis. #1528 * Addes support for ZMSCORE available in Redis 6.2.0. Thanks @2014BDuck and @jiekun.zhu. #1437 * Support MINID and LIMIT on XADD available in Redis 6.2.0. Thanks @AvitalFineRedis. #1548 * Added sentinel commands FLUSHCONFIG, CKQUORUM, FAILOVER, and RESET available in Redis 2.8.12. Thanks @otherpirate. #834 * Migrated Version instead of StrictVersion for Python 3.10. Thanks @tirkarthi. #1552 * Added retry mechanism with backoff. Thanks @nbraun-amazon. #1494 * Migrated commands to a mixin. Thanks @chayim. #1534 * Added support for ZUNION, available in Redis 6.2.0. Thanks @AvitalFineRedis. #1522 * Added support for CLIENT LIST with ID, available in Redis 6.2.0. Thanks @chayim. #1505 * Added support for MINID and LIMIT with xtrim, available in Reds 6.2.0. Thanks @chayim. #1508 * Implemented LMOVE and BLMOVE commands, available in Redis 6.2.0. Thanks @chayim. #1504 * Added GET argument to SET command, available in Redis 6.2.0. Thanks @2014BDuck. #1412 * Documentation fixes. Thanks @enjoy-binbin @jonher937. #1496 #1532 * Added support for XAUTOCLAIM, available in Redis 6.2.0. Thanks @AvitalFineRedis. #1529 * Added IDLE support for XPENDING, available in Redis 6.2.0. Thanks @AvitalFineRedis. #1523 * Add a count parameter to lpop/rpop, available in Redis 6.2.0. Thanks @wavenator. #1487 * Added a (pypy) trove classifier for Python 3.9. Thanks @D3X. #1535 * Added ZINTER support, available in Redis 6.2.0. Thanks @AvitalFineRedis. #1520 * Added ZINTER support, available in Redis 6.2.0. Thanks @AvitalFineRedis. #1520 * Added ZDIFF and ZDIFFSTORE support, available in Redis 6.2.0. Thanks @AvitalFineRedis. #1518 * Added ZRANGESTORE support, available in Redis 6.2.0. Thanks @AvitalFineRedis. #1521 * Added LT and GT support for ZADD, available in Redis 6.2.0. Thanks @chayim. #1509 * Added ZRANDMEMBER support, available in Redis 6.2.0. Thanks @AvitalFineRedis. #1519 * Added GETDEL support, available in Redis 6.2.0. Thanks @AvitalFineRedis. #1514 * Added CLIENT KILL laddr filter, available in Redis 6.2.0. Thanks @chayim. #1506 * Added CLIENT UNPAUSE, available in Redis 6.2.0. Thanks @chayim. #1512 * Added NOMKSTREAM support for XADD, available in Redis 6.2.0. Thanks @chayim. #1507 * Added HRANDFIELD support, available in Redis 6.2.0. Thanks @AvitalFineRedis. #1513 * Added CLIENT INFO support, available in Redis 6.2.0. Thanks @AvitalFineRedis. #1517 * Added GETEX support, available in Redis 6.2.0. Thanks @AvitalFineRedis. #1515 * Added support for COPY command, available in Redis 6.2.0. Thanks @malinaa96. #1492 * Provide a development and testing environment via docker. Thanks @abrookins. #1365 * Added support for the LPOS command available in Redis 6.0.6. Thanks @aparcar #1353/#1354 * Added support for the ACL LOG command available in Redis 6. Thanks @2014BDuck. #1307 * Added support for ABSTTL option of the RESTORE command available in Redis 5.0. Thanks @charettes. #1423 - Drop account-defaults-redis.patch merged upstream - Add account-defaults-redis.patch which fixes failing tests by taking into consideration redis defaults, not overwriting them (gh#andymccurdy/redis-py#1499). - Skipp two tests because of gh#andymccurdy/redis-py#1459. - update to 3.5.3 * Restore try/except clauses to __del__ methods. These will be removed in 4.0 when more explicit resource management if enforced. #1339 * Update the master_address when Sentinels promote a new master. #847 * Update SentinelConnectionPool to not forcefully disconnect other in-use connections which can negatively affect threaded applications. #1345 3.5.2 * Tune the locking in ConnectionPool.get_connection so that the lock is not held while waiting for the socket to establish and validate the TCP connection. 3.5.1 * Fix for HSET argument validation to allow any non-None key. Thanks @AleksMat, #1337, #1341 3.5.0 * Removed exception trapping from __del__ methods. redis-py objects that hold various resources implement __del__ cleanup methods to release those resources when the object goes out of scope. This provides a fallback for when these objects aren't explicitly closed by user code. Prior to this change any errors encountered in closing these resources would be hidden from the user. Thanks @jdufresne. #1281 * Expanded support for connection strings specifying a username connecting to pre-v6 servers. #1274 * Optimized Lock's blocking_timeout and sleep. If the lock cannot be acquired and the sleep value would cause the loop to sleep beyond blocking_timeout, fail immediately. Thanks @clslgrnc. #1263 * Added support for passing Python memoryviews to Redis command args that expect strings or bytes. The memoryview instance is sent directly to the socket such that there are zero copies made of the underlying data during command packing. Thanks @Cody-G. #1265, #1285 * HSET command now can accept multiple pairs. HMSET has been marked as deprecated now. Thanks to @laixintao #1271 * Don't manually DISCARD when encountering an ExecAbortError. Thanks @nickgaya, #1300/#1301 * Reset the watched state of pipelines after calling exec. This saves a roundtrip to the server by not having to call UNWATCH within Pipeline.reset(). Thanks @nickgaya, #1299/#1302 * Added the KEEPTTL option for the SET command. Thanks @laixintao #1304/#1280 * Added the MEMORY STATS command. #1268 * Lock.extend() now has a new option, `replace_ttl`. When False (the default), Lock.extend() adds the `additional_time` to the lock's existing TTL. When replace_ttl=True, the lock's existing TTL is replaced with the value of `additional_time`. * Add testing and support for PyPy. - downgrade requires for redis to recommends * Better error handling Changes in python-retrying: - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} - require setuptools - Switch to pyproject macros. - Stop using greedy globs in %files. - Update to version 1.3.4 * Added Greg Roodt as maintainer * Formatted code with black * Updated repository references - Improve summary. - Remove superfluous devel dependency for noarch package - Initial package Changes in python-semver: - update to 3.0.2: * :pr:`418`: Replace :class:`~collection.OrderedDict` with :class:`dict`. * The dict datatype is ordered since Python 3.7. As we do not support Python 3.6 anymore, it can be considered safe to avoid :class:`~collection.OrderedDict`. * :pr:`431`: Clarify version policy for the different semver versions (v2, v3, >v3) and the supported Python versions. * :gh:`432`: Improve external doc links to Python and Pydantic. * :pr:`417`: Amend GitHub Actions to check against MacOS. - remove obsolete setup-remove-asterisk.patch - update to version 3.0.1: - Remove incorrect dependencies from build-system section of pyproject.toml by @mgorny in #405 - correct typo in function description of next_version by @treee111 in #406 - Improve GitHub Action by @tomschr in #408 - Add CITATION.cff for citation by @tomschr in #409 - Add Version class to __all__ export. Fix #410 by @Soneji in #411 - Configure docformatter by @tomschr in #412 - Prepare version 3.0.1 by @tomschr in #413 - update to version 3.0.0: - Bugfixes - :gh:`291`: Disallow negative numbers in VersionInfo arguments for ``major``, ``minor``, and ``patch``. * :gh:`310`: Rework API documentation. Follow a more 'semi-manual' attempt and add auto directives into :file:`docs/api.rst`. * :gh:`344`: Allow empty string, a string with a prefix, or ``None`` as token in :meth:`~semver.version.Version.bump_build` and :meth:`~semver.version.Version.bump_prerelease`. * :pr:`384`: General cleanup, reformat files: * Reformat source code with black again as some config options did accidentely exclude the semver source code. Mostly remove some includes/excludes in the black config. * Integrate concurrency in GH Action * Ignore Python files on project dirs in .gitignore * Remove unused patterns in MANIFEST.in * Use ``extend-exclude`` for flake in :file:`setup.cfg`` and adapt list. * Use ``skip_install=True`` in :file:`tox.ini` for black * :pr:`393`: Fix command :command:`python -m semver` to avoid the error 'invalid choice' * :pr:`396`: Calling :meth:`~semver.version.Version.parse` on a derived class will show correct type of derived class. - Deprecations * :gh:`169`: Deprecate CLI functions not imported from ``semver.cli``. * :gh:`234`: In :file:`setup.py` simplified file and remove ``Tox`` and ``Clean`` classes * :gh:`284`: Deprecate the use of :meth:`~Version.isvalid`. Rename :meth:`~semver.version.Version.isvalid` to :meth:`~semver.version.Version.is_valid` for consistency reasons with :meth:`~semver.version.Version.is_compatible`. * :pr:`402`: Keep :func:`semver.compare `. Although it breaks consistency with module level functions, it seems it's a much needed/used function. It's still unclear if we should deprecate this function or not (that's why we use :py:exc:`PendingDeprecationWarning`). As we don't have a uniform initializer yet, this function stays in the :file:`_deprecated.py` file for the time being until we find a better solution. See :gh:`258` for details. - Features * Remove :file:`semver.py` * Create :file:`src/semver/__init__.py` * Create :file:`src/semver/cli.py` for all CLI methods * Create :file:`src/semver/_deprecated.py` for the ``deprecated`` decorator and other deprecated functions * Create :file:`src/semver/__main__.py` to allow calling the CLI using :command:`python -m semver` * Create :file:`src/semver/_types.py` to hold type aliases * Create :file:`src/semver/version.py` to hold the :class:`Version` class (old name :class:`VersionInfo`) and its utility functions * Create :file:`src/semver/__about__.py` for all the metadata variables * :gh:`213`: Add typing information * :gh:`284`: Implement :meth:`~semver.version.Version.is_compatible` to make 'is self compatible with X'. * :gh:`305`: Rename :class:`~semver.version.VersionInfo` to :class:`~semver.version.Version` but keep an alias for compatibility - add setup-remove-asterisk.patch to fix build error - update to version 3.0.0-dev.4: - Bug Fixes: - :gh:`374`: Correct Towncrier's config entries in the :file:`pyproject.toml` file. The old entries ``[[tool.towncrier.type]]`` are deprecated and need to be replaced by ``[tool.towncrier.fragment.]``. - Deprecations: - :gh:`372`: Deprecate support for Python 3.6. Python 3.6 reached its end of life and isn't supported anymore. At the time of writing (Dec 2022), the lowest version is 3.7. Although the `poll `_ didn't cast many votes, the majority agree to remove support for Python 3.6. - Improved Documentation: - :gh:`335`: Add new section 'Converting versions between PyPI and semver' the limitations and possible use cases to convert from one into the other versioning scheme. - :gh:`340`: Describe how to get version from a file - :gh:`343`: Describe combining Pydantic with semver in the 'Advanced topic' section. - :gh:`350`: Restructure usage section. Create subdirectory 'usage/' and splitted all section into different files. - :gh:`351`: Introduce new topics for: * 'Migration to semver3' * 'Advanced topics' - Features: - :pr:`359`: Add optional parameter ``optional_minor_and_patch`` in :meth:`.Version.parse` to allow optional minor and patch parts. - :pr:`362`: Make :meth:`.Version.match` accept a bare version string as match expression, defaulting to equality testing. - :gh:`364`: Enhance :file:`pyproject.toml` to make it possible to use the :command:`pyproject-build` command from the build module. For more information, see :ref:`build-semver`. - :gh:`365`: Improve :file:`pyproject.toml`. * Use setuptools, add metadata. Taken approach from `A Practical Guide to Setuptools and Pyproject.toml `_. * Doc: Describe building of semver * Remove :file:`.travis.yml` in :file:`MANIFEST.in` (not needed anymore) * Distinguish between Python 3.6 and others in :file:`tox.ini` * Add skip_missing_interpreters option for :file:`tox.ini` * GH Action: Upgrade setuptools and setuptools-scm and test against 3.11.0-rc.2 - Trivial/Internal Changes: - :gh:`378`: Fix some typos in Towncrier configuration - switch to the tagged version rather than a gh branch tarball - fix support for Python 3.10 with update to development version: - update to revision g4d2df08: - Changes for the upcoming release can be found in: - the `'changelog.d' directory `_: - in our repository.: - update to version 3.0.0-dev.2: - Deprecations: - :gh:`169`: Deprecate CLI functions not imported from ``semver.cli``. - Features: - :gh:`169`: Create semver package and split code among different modules in the packages. * Remove :file:`semver.py` * Create :file:`src/semver/__init__.py` * Create :file:`src/semver/cli.py` for all CLI methods * Create :file:`src/semver/_deprecated.py` for the ``deprecated`` decorator and other deprecated functions * Create :file:`src/semver/__main__.py` to allow calling the CLI using :command:`python -m semver` * Create :file:`src/semver/_types.py` to hold type aliases * Create :file:`src/semver/version.py` to hold the :class:`Version` class (old name :class:`VersionInfo`) and its utility functions * Create :file:`src/semver/__about__.py` for all the metadata variables - :gh:`305`: Rename :class:`VersionInfo` to :class:`Version` but keep an alias for compatibility - Improved Documentation: - :gh:`304`: Several improvements in documentation: * Reorganize API documentation. * Add migration chapter from semver2 to semver3. * Distinguish between changlog for version 2 and 3 - :gh:`305`: Add note about :class:`Version` rename. - Trivial/Internal Changes: - :gh:`169`: Adapted infrastructure code to the new project layout. * Replace :file:`setup.py` with :file:`setup.cfg` because the :file:`setup.cfg` is easier to use * Adapt documentation code snippets where needed * Adapt tests * Changed the ``deprecated`` to hardcode the ``semver`` package name in the warning. Increase coverage to 100% for all non-deprecated APIs - :gh:`304`: Support PEP-561 :file:`py.typed`. According to the mentioned PEP: 'Package maintainers who wish to support type checking of their code MUST add a marker file named :file:`py.typed` to their package supporting typing.' Add package_data to :file:`setup.cfg` to include this marker in dist and whl file. - update to version 3.0.0-dev.1: - Deprecations: - :pr:`290`: For semver 3.0.0-alpha0: * Remove anything related to Python2 * In :file:`tox.ini` and :file:`.travis.yml` Remove targets py27, py34, py35, and pypy. Add py38, py39, and nightly (allow to fail) * In :file:`setup.py` simplified file and remove ``Tox`` and ``Clean`` classes * Remove old Python versions (2.7, 3.4, 3.5, and pypy) from Travis - :gh:`234`: In :file:`setup.py` simplified file and remove ``Tox`` and ``Clean`` classes - Features: - :pr:`290`: Create semver 3.0.0-alpha0 * Update :file:`README.rst`, mention maintenance branch ``maint/v2``. * Remove old code mainly used for Python2 compatibility, adjusted code to support Python3 features. * Split test suite into separate files under :file:`tests/` directory * Adjust and update :file:`setup.py`. Requires Python >=3.6.* Extract metadata directly from source (affects all the ``__version__``, ``__author__`` etc. variables) - :gh:`270`: Configure Towncrier (:pr:`273`:) * Add :file:`changelog.d/.gitignore` to keep this directory * Create :file:`changelog.d/README.rst` with some descriptions * Add :file:`changelog.d/_template.rst` as Towncrier template * Add ``[tool.towncrier]`` section in :file:`pyproject.toml` * Add 'changelog' target into :file:`tox.ini`. Use it like :command:`tox -e changelog -- CMD` whereas ``CMD`` is a Towncrier command. The default :command:`tox -e changelog` calls Towncrier to create a draft of the changelog file and output it to stdout. * Update documentation and add include a new section 'Changelog' included from :file:`changelog.d/README.rst`. - :gh:`276`: Document how to create a sublass from :class:`VersionInfo` class - :gh:`213`: Add typing information - Bug Fixes: - :gh:`291`: Disallow negative numbers in VersionInfo arguments for ``major``, ``minor``, and ``patch``. - Improved Documentation: - :pr:`290`: Several improvements in the documentation: * New layout to distinguish from the semver2 development line. * Create new logo. * Remove any occurances of Python2. * Describe changelog process with Towncrier. * Update the release process. - Trivial/Internal Changes: - :pr:`290`: Add supported Python versions to :command:`black`. * PR #62. Support custom default names for pre and build Changes in python-sshtunnel: - Require update-alternatives for the scriptlets. - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install - Limit Python files matched in %files section - Use %sle15_python_module_pythons - do not require python-mock for build - update to 0.4.0: + Change the daemon mod flag for all tunnel threads (is not fully backward compatible) to prevent unexpected hangs (`#219`_) + Add docker based end to end functinal tests for Mongo/Postgres/MySQL + Add docker based end to end hangs tests + Fix host key directory detection + Unify default ssh config folder to `~/.ssh` + Increase open connection timeout to 10 secods + Change default with context behavior to use `.stop(force=True)` on exit + Remove useless `daemon_forward_servers = True` hack for hangs prevention + Set transport keepalive to 5 second by default + Set default transport timeout to 0.1 + Deprecate and remove `block_on_close` option + Fix 'deadlocks' / 'tunneling hangs' + Add `.stop(force=True)` for force close active connections + Fixes bug with orphan thread for a tunnel that is DOWN + Support IPv6 without proxy command. Use built-in paramiko create socket logic. The logic tries to use ipv6 socket family first, then ipv4 socket family. Changes in python-strictyaml: - require setuptools - update to 1.7.3: * REFACTOR : Fix pipeline. * TOOLING : Improvements to pyenv multi-environment tester. * FEATURE : Upgraded package to use pyproject.toml files * REFACTOR : Fixed linter errors. * TOOLING : Build wheel and sdist that both work. - Add %{?sle15_python_module_pythons} - Update to 1.6.2 No relevant code changes. see details changelog: https://hitchdev.com/strictyaml/changelog/#latest - update to 1.6.1 too many changes to be listed here see detailed changelog: https://hitchdev.com/strictyaml/changelog/ - update to 1.4.4 * Add support for NaN and infinity representations * Optional keys in mappings and set value to None * Support underscores in int and decimal * NullNone - parse 'null' as None like YAML 1.2 does. * Bundle last propertly working ruamel.yaml version in with strictyaml. - version update to 1.0.6 * BUGFIX : Fix accidental python 2 breakage. * BUGFIX : Accidental misrecognition of boolean values as numbers - cause of #85. * BUGFIX : Fix for #86 - handle changing multiline strings. * BUGFIX: handle deprecated collections import in the parser (#82) - Update to 1.0.5: * BUGFIX : Fixed python 2 bug introduced when fixing #72. * FEATURE : Include tests / stories in package. * BUG: issue #72. Now setitem uses schema. - Expand %description. - Initial spec for v1.0.3 Changes in python-sure: - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install - update to 2.0.1: * Fixes CI build (Github Actions) * Fixes broken tests * Housekeeping: Licensing * Disable nosetests for testing leaving only pytest as supported test-runner for now - Add %{?sle15_python_module_pythons} - Remove mock from BuildRequires. - Rebase python-sure-no-mock.patch to remove one missed import. - do not require mock for build nor runtime - added patches fix https://github.com/gabrielfalcao/sure/pull/161 + python-sure-no-mock.patch - Update to 2.0.0 * No longer patch the builtin dir() function, which fixes pytest in some cases such as projects using gevent. - switch to pytest - Version update to 1.4.11: * Reading the version dynamically was causing import errors that caused error when installing package. Refs #144 Changes in python-vcrpy: - Update to 6.0.1 * BREAKING: Fix issue with httpx support (thanks @parkerhancock) in #784. * BREAKING: Drop support for `boto` (vcrpy still supports boto3, but is dropping the deprecated `boto` support in this release. (thanks @jairhenrique) * Fix compatibility issue with Python 3.12 (thanks @hartwork) * Drop simplejson (fixes some compatibility issues) (thanks @jairhenrique) * Run CI on Python 3.12 and PyPy 3.9-3.10 (thanks @mgorny) * Various linting and docs improvements (thanks @jairhenrique) * Tornado fixes (thanks @graingert) - version update to 5.1.0 * Use ruff for linting (instead of current flake8/isort/pyflakes) - thanks @jairhenrique * Enable rule B (flake8-bugbear) on ruff - thanks @jairhenrique * Configure read the docs V2 - thanks @jairhenrique * Fix typo in docs - thanks @quasimik * Make json.loads of Python >=3.6 decode bytes by itself - thanks @hartwork * Fix body matcher for chunked requests (fixes #734) - thanks @hartwork * Fix query param filter for aiohttp (fixes #517) - thanks @hartwork and @salomvary * Remove unnecessary dependency on six. - thanks @charettes * build(deps): update sphinx requirement from <7 to <8 - thanks @jairhenrique * Add action to validate docs - thanks @jairhenrique * Add editorconfig file - thanks @jairhenrique * Drop iscoroutinefunction fallback function for unsupported python thanks @jairhenrique - for changelog for older releases refer to https://github.com/kevin1024/vcrpy/releases - six is not required - Use sle15_python_module_pythons - Restrict urllib3 < 2 -- gh#kevin1024/vcrpy#688 - Update to version 4.2.1 * Fix a bug where the first request in a redirect chain was not being recorded with aiohttp * Various typos and small fixes, thanks @jairhenrique, @timgates42 - Update to 4.1.1: * Fix HTTPX support for versions greater than 0.15 (thanks @jairhenrique) * Include a trailing newline on json cassettes (thanks @AaronRobson) - Update to 4.1.0: * Add support for httpx!! (thanks @herdigiorgi) * Add the new allow_playback_repeats option (thanks @tysonholub) * Several aiohttp improvements (cookie support, multiple headers with same key) (Thanks @pauloromeira) * Use enums for record modes (thanks @aaronbannin) * Bugfix: Do not redirect on 304 in aiohttp (Thanks @royjs) * Bugfix: Fix test suite by switching to mockbin (thanks @jairhenrique) - Remove patch 0001-Revert-v4.0.x-Remove-legacy-python-and-add-python3.8.patch as we dropped py2 integration support on Tumbleweed - Added patch 0001-Revert-v4.0.x-Remove-legacy-python-and-add-python3.8.patch * Enable python2 again since it breaks many packages - Fix locale on Leap - update to version 4.0.2 * Remove Python2 support * Add Python 3.8 TravisCI support * Correct mock imports Changes in python-xmltodict: - Clean up the SPEC file. - add sle15_python_module_pythons - update to 0.13.0: * Add install info to readme for openSUSE. (#205) * Support defaultdict for namespace mapping (#211) * parse(generator) is now possible (#212) * Processing comments on parsing from xml to dict (connected to #109) (#221) * Add expand_iter kw to unparse to expand iterables (#213) * Fixed some typos * Add support for python3.8 * Drop Jython/Python 2 and add Python 3.9/3.10. * Drop OrderedDict in Python >= 3.7 * Do not use len() to determine if a sequence is empty * Add more namespace attribute tests * Fix encoding issue in setup.py - Add patch skip-tests-expat-245.patch: * Do not run tests that make no sense with a current Expat. Changes in python-asgiref: First package shipment. The following package changes have been done: - python311-setuptools-67.7.2-150400.3.12.1 updated - python311-pip-22.3.1-150400.17.16.4 updated - python311-packaging-23.1-150400.8.6.1 updated - python311-argcomplete-3.3.0-150400.12.12.2 updated - container:sles15-image-15.0.0-36.11.32 updated From sle-container-updates at lists.suse.com Thu May 16 07:25:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 16 May 2024 09:25:18 +0200 (CEST) Subject: SUSE-CU-2024:2090-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240516072518.C5505FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2090-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.11.3 , bci/bci-sle15-kernel-module-devel:latest Container Release : 11.3 Severity : important Type : security References : 1177529 1192145 1211592 1217408 1218562 1218917 1219104 1219126 1219169 1219170 1219264 1220342 1220569 1220761 1220901 1220915 1220935 1221042 1221044 1221080 1221084 1221088 1221162 1221299 1221612 1221617 1221645 1221791 1221825 1222011 1222051 1222247 1222266 1222294 1222307 1222357 1222368 1222379 1222416 1222422 1222424 1222427 1222428 1222430 1222431 1222435 1222437 1222445 1222449 1222482 1222503 1222520 1222536 1222549 1222550 1222557 1222559 1222585 1222586 1222596 1222609 1222610 1222613 1222615 1222618 1222624 1222630 1222632 1222660 1222662 1222664 1222666 1222669 1222671 1222677 1222678 1222680 1222703 1222704 1222706 1222709 1222710 1222720 1222721 1222724 1222726 1222727 1222764 1222772 1222773 1222776 1222781 1222784 1222785 1222787 1222790 1222791 1222792 1222796 1222798 1222801 1222812 1222824 1222829 1222832 1222836 1222838 1222866 1222867 1222869 1222876 1222878 1222879 1222881 1222883 1222888 1222894 1222901 1222968 1223012 1223014 1223016 1223024 1223030 1223033 1223034 1223035 1223036 1223037 1223041 1223042 1223051 1223052 1223056 1223057 1223058 1223060 1223061 1223065 1223066 1223067 1223068 1223076 1223078 1223111 1223115 1223118 1223187 1223189 1223190 1223191 1223196 1223197 1223198 1223275 1223323 1223369 1223380 1223473 1223474 1223475 1223477 1223478 1223479 1223481 1223482 1223484 1223487 1223490 1223496 1223498 1223499 1223501 1223502 1223503 1223505 1223509 1223511 1223512 1223513 1223516 1223517 1223518 1223519 1223520 1223522 1223523 1223525 1223539 1223574 1223595 1223598 1223634 1223643 1223644 1223645 1223646 1223648 1223655 1223657 1223660 1223661 1223663 1223664 1223668 1223686 1223693 1223705 1223714 1223735 1223745 1223784 1223785 1223790 1223816 1223821 1223822 1223824 1223827 1223834 1223875 1223876 1223877 1223878 1223879 1223894 1223921 1223922 1223923 1223924 1223929 1223931 1223932 1223934 1223941 1223948 1223949 1223950 1223951 1223952 1223953 1223956 1223957 1223960 1223962 1223963 1223964 CVE-2021-47047 CVE-2021-47181 CVE-2021-47182 CVE-2021-47183 CVE-2021-47184 CVE-2021-47185 CVE-2021-47187 CVE-2021-47188 CVE-2021-47189 CVE-2021-47191 CVE-2021-47192 CVE-2021-47193 CVE-2021-47194 CVE-2021-47195 CVE-2021-47196 CVE-2021-47197 CVE-2021-47198 CVE-2021-47199 CVE-2021-47200 CVE-2021-47201 CVE-2021-47202 CVE-2021-47203 CVE-2021-47204 CVE-2021-47205 CVE-2021-47206 CVE-2021-47207 CVE-2021-47209 CVE-2021-47210 CVE-2021-47211 CVE-2021-47212 CVE-2021-47214 CVE-2021-47215 CVE-2021-47216 CVE-2021-47217 CVE-2021-47218 CVE-2021-47219 CVE-2022-48631 CVE-2022-48632 CVE-2022-48634 CVE-2022-48636 CVE-2022-48637 CVE-2022-48638 CVE-2022-48639 CVE-2022-48640 CVE-2022-48642 CVE-2022-48644 CVE-2022-48646 CVE-2022-48647 CVE-2022-48648 CVE-2022-48650 CVE-2022-48651 CVE-2022-48652 CVE-2022-48653 CVE-2022-48654 CVE-2022-48655 CVE-2022-48656 CVE-2022-48657 CVE-2022-48658 CVE-2022-48659 CVE-2022-48660 CVE-2022-48662 CVE-2022-48663 CVE-2022-48667 CVE-2022-48668 CVE-2022-48671 CVE-2022-48672 CVE-2022-48673 CVE-2022-48675 CVE-2022-48686 CVE-2022-48687 CVE-2022-48688 CVE-2022-48690 CVE-2022-48692 CVE-2022-48693 CVE-2022-48694 CVE-2022-48695 CVE-2022-48697 CVE-2022-48698 CVE-2022-48700 CVE-2022-48701 CVE-2022-48702 CVE-2022-48703 CVE-2022-48704 CVE-2023-2860 CVE-2023-52488 CVE-2023-52503 CVE-2023-52561 CVE-2023-52585 CVE-2023-52589 CVE-2023-52590 CVE-2023-52591 CVE-2023-52593 CVE-2023-52614 CVE-2023-52616 CVE-2023-52620 CVE-2023-52627 CVE-2023-52635 CVE-2023-52636 CVE-2023-52645 CVE-2023-52652 CVE-2023-6270 CVE-2024-0639 CVE-2024-0841 CVE-2024-22099 CVE-2024-23307 CVE-2024-23848 CVE-2024-23850 CVE-2024-26601 CVE-2024-26610 CVE-2024-26656 CVE-2024-26660 CVE-2024-26671 CVE-2024-26673 CVE-2024-26675 CVE-2024-26680 CVE-2024-26681 CVE-2024-26684 CVE-2024-26685 CVE-2024-26687 CVE-2024-26688 CVE-2024-26689 CVE-2024-26696 CVE-2024-26697 CVE-2024-26702 CVE-2024-26704 CVE-2024-26718 CVE-2024-26722 CVE-2024-26727 CVE-2024-26733 CVE-2024-26736 CVE-2024-26737 CVE-2024-26739 CVE-2024-26743 CVE-2024-26744 CVE-2024-26745 CVE-2024-26747 CVE-2024-26749 CVE-2024-26751 CVE-2024-26754 CVE-2024-26760 CVE-2024-26763 CVE-2024-26764 CVE-2024-26766 CVE-2024-26769 CVE-2024-26771 CVE-2024-26772 CVE-2024-26773 CVE-2024-26776 CVE-2024-26779 CVE-2024-26783 CVE-2024-26787 CVE-2024-26790 CVE-2024-26792 CVE-2024-26793 CVE-2024-26798 CVE-2024-26805 CVE-2024-26807 CVE-2024-26816 CVE-2024-26817 CVE-2024-26820 CVE-2024-26825 CVE-2024-26830 CVE-2024-26833 CVE-2024-26836 CVE-2024-26843 CVE-2024-26848 CVE-2024-26852 CVE-2024-26853 CVE-2024-26855 CVE-2024-26856 CVE-2024-26857 CVE-2024-26861 CVE-2024-26862 CVE-2024-26866 CVE-2024-26872 CVE-2024-26875 CVE-2024-26878 CVE-2024-26879 CVE-2024-26881 CVE-2024-26882 CVE-2024-26883 CVE-2024-26884 CVE-2024-26885 CVE-2024-26891 CVE-2024-26893 CVE-2024-26895 CVE-2024-26896 CVE-2024-26897 CVE-2024-26898 CVE-2024-26901 CVE-2024-26903 CVE-2024-26917 CVE-2024-26927 CVE-2024-26948 CVE-2024-26950 CVE-2024-26951 CVE-2024-26955 CVE-2024-26956 CVE-2024-26960 CVE-2024-26965 CVE-2024-26966 CVE-2024-26969 CVE-2024-26970 CVE-2024-26972 CVE-2024-26981 CVE-2024-26982 CVE-2024-26993 CVE-2024-27013 CVE-2024-27014 CVE-2024-27030 CVE-2024-27038 CVE-2024-27039 CVE-2024-27041 CVE-2024-27043 CVE-2024-27046 CVE-2024-27056 CVE-2024-27062 CVE-2024-27389 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1659-1 Released: Wed May 15 11:29:35 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1177529,1192145,1211592,1217408,1218562,1218917,1219104,1219126,1219169,1219170,1219264,1220342,1220569,1220761,1220901,1220915,1220935,1221042,1221044,1221080,1221084,1221088,1221162,1221299,1221612,1221617,1221645,1221791,1221825,1222011,1222051,1222247,1222266,1222294,1222307,1222357,1222368,1222379,1222416,1222422,1222424,1222427,1222428,1222430,1222431,1222435,1222437,1222445,1222449,1222482,1222503,1222520,1222536,1222549,1222550,1222557,1222559,1222585,1222586,1222596,1222609,1222610,1222613,1222615,1222618,1222624,1222630,1222632,1222660,1222662,1222664,1222666,1222669,1222671,1222677,1222678,1222680,1222703,1222704,1222706,1222709,1222710,1222720,1222721,1222724,1222726,1222727,1222764,1222772,1222773,1222776,1222781,1222784,1222785,1222787,1222790,1222791,1222792,1222796,1222798,1222801,1222812,1222824,1222829,1222832,1222836,1222838,1222866,1222867,1222869,1222876,1222878,1222879,1222881,1222883,1222888,1222894,1222901,1222968,1223012,1223014,1223016,1223024,1 223030,1223033,1223034,1223035,1223036,1223037,1223041,1223042,1223051,1223052,1223056,1223057,1223058,1223060,1223061,1223065,1223066,1223067,1223068,1223076,1223078,1223111,1223115,1223118,1223187,1223189,1223190,1223191,1223196,1223197,1223198,1223275,1223323,1223369,1223380,1223473,1223474,1223475,1223477,1223478,1223479,1223481,1223482,1223484,1223487,1223490,1223496,1223498,1223499,1223501,1223502,1223503,1223505,1223509,1223511,1223512,1223513,1223516,1223517,1223518,1223519,1223520,1223522,1223523,1223525,1223539,1223574,1223595,1223598,1223634,1223643,1223644,1223645,1223646,1223648,1223655,1223657,1223660,1223661,1223663,1223664,1223668,1223686,1223693,1223705,1223714,1223735,1223745,1223784,1223785,1223790,1223816,1223821,1223822,1223824,1223827,1223834,1223875,1223876,1223877,1223878,1223879,1223894,1223921,1223922,1223923,1223924,1223929,1223931,1223932,1223934,1223941,1223948,1223949,1223950,1223951,1223952,1223953,1223956,1223957,1223960,1223962,1223963,1223964,CVE-20 21-47047,CVE-2021-47181,CVE-2021-47182,CVE-2021-47183,CVE-2021-47184,CVE-2021-47185,CVE-2021-47187,CVE-2021-47188,CVE-2021-47189,CVE-2021-47191,CVE-2021-47192,CVE-2021-47193,CVE-2021-47194,CVE-2021-47195,CVE-2021-47196,CVE-2021-47197,CVE-2021-47198,CVE-2021-47199,CVE-2021-47200,CVE-2021-47201,CVE-2021-47202,CVE-2021-47203,CVE-2021-47204,CVE-2021-47205,CVE-2021-47206,CVE-2021-47207,CVE-2021-47209,CVE-2021-47210,CVE-2021-47211,CVE-2021-47212,CVE-2021-47214,CVE-2021-47215,CVE-2021-47216,CVE-2021-47217,CVE-2021-47218,CVE-2021-47219,CVE-2022-48631,CVE-2022-48632,CVE-2022-48634,CVE-2022-48636,CVE-2022-48637,CVE-2022-48638,CVE-2022-48639,CVE-2022-48640,CVE-2022-48642,CVE-2022-48644,CVE-2022-48646,CVE-2022-48647,CVE-2022-48648,CVE-2022-48650,CVE-2022-48651,CVE-2022-48652,CVE-2022-48653,CVE-2022-48654,CVE-2022-48655,CVE-2022-48656,CVE-2022-48657,CVE-2022-48658,CVE-2022-48659,CVE-2022-48660,CVE-2022-48662,CVE-2022-48663,CVE-2022-48667,CVE-2022-48668,CVE-2022-48671,CVE-2022-48672,CVE-2022-4867 3,CVE-2022-48675,CVE-2022-48686,CVE-2022-48687,CVE-2022-48688,CVE-2022-48690,CVE-2022-48692,CVE-2022-48693,CVE-2022-48694,CVE-2022-48695,CVE-2022-48697,CVE-2022-48698,CVE-2022-48700,CVE-2022-48701,CVE-2022-48702,CVE-2022-48703,CVE-2022-48704,CVE-2023-2860,CVE-2023-52488,CVE-2023-52503,CVE-2023-52561,CVE-2023-52585,CVE-2023-52589,CVE-2023-52590,CVE-2023-52591,CVE-2023-52593,CVE-2023-52614,CVE-2023-52616,CVE-2023-52620,CVE-2023-52627,CVE-2023-52635,CVE-2023-52636,CVE-2023-52645,CVE-2023-52652,CVE-2023-6270,CVE-2024-0639,CVE-2024-0841,CVE-2024-22099,CVE-2024-23307,CVE-2024-23848,CVE-2024-23850,CVE-2024-26601,CVE-2024-26610,CVE-2024-26656,CVE-2024-26660,CVE-2024-26671,CVE-2024-26673,CVE-2024-26675,CVE-2024-26680,CVE-2024-26681,CVE-2024-26684,CVE-2024-26685,CVE-2024-26687,CVE-2024-26688,CVE-2024-26689,CVE-2024-26696,CVE-2024-26697,CVE-2024-26702,CVE-2024-26704,CVE-2024-26718,CVE-2024-26722,CVE-2024-26727,CVE-2024-26733,CVE-2024-26736,CVE-2024-26737,CVE-2024-26739,CVE-2024-26743,CVE-2024- 26744,CVE-2024-26745,CVE-2024-26747,CVE-2024-26749,CVE-2024-26751,CVE-2024-26754,CVE-2024-26760,CVE-2024-26763,CVE-2024-26764,CVE-2024-26766,CVE-2024-26769,CVE-2024-26771,CVE-2024-26772,CVE-2024-26773,CVE-2024-26776,CVE-2024-26779,CVE-2024-26783,CVE-2024-26787,CVE-2024-26790,CVE-2024-26792,CVE-2024-26793,CVE-2024-26798,CVE-2024-26805,CVE-2024-26807,CVE-2024-26816,CVE-2024-26817,CVE-2024-26820,CVE-2024-26825,CVE-2024-26830,CVE-2024-26833,CVE-2024-26836,CVE-2024-26843,CVE-2024-26848,CVE-2024-26852,CVE-2024-26853,CVE-2024-26855,CVE-2024-26856,CVE-2024-26857,CVE-2024-26861,CVE-2024-26862,CVE-2024-26866,CVE-2024-26872,CVE-2024-26875,CVE-2024-26878,CVE-2024-26879,CVE-2024-26881,CVE-2024-26882,CVE-2024-26883,CVE-2024-26884,CVE-2024-26885,CVE-2024-26891,CVE-2024-26893,CVE-2024-26895,CVE-2024-26896,CVE-2024-26897,CVE-2024-26898,CVE-2024-26901,CVE-2024-26903,CVE-2024-26917,CVE-2024-26927,CVE-2024-26948,CVE-2024-26950,CVE-2024-26951,CVE-2024-26955,CVE-2024-26956,CVE-2024-26960,CVE-2024-26965,C VE-2024-26966,CVE-2024-26969,CVE-2024-26970,CVE-2024-26972,CVE-2024-26981,CVE-2024-26982,CVE-2024-26993,CVE-2024-27013,CVE-2024-27014,CVE-2024-27030,CVE-2024-27038,CVE-2024-27039,CVE-2024-27041,CVE-2024-27043,CVE-2024-27046,CVE-2024-27056,CVE-2024-27062,CVE-2024-27389 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26760: Fixed scsi/target/pscsi bio_put() for error case (bsc#1222596). - CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705). - CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834). - CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists (bsc#1223822). - CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827). - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824). - CVE-2024-27041: Fixed drm/amd/display NULL checks for adev->dm.dc in amdgpu_dm_fini() (bsc#1223714). - CVE-2024-27039: Fixed clk/hisilicon/hi3559a an erroneous devm_kfree() (bsc#1223821). - CVE-2024-27038: Fixed clk_core_get NULL pointer dereference (bsc#1223816). - CVE-2024-27030: Fixed octeontx2-af to use separate handlers for interrupts (bsc#1223790). - CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735). - CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745). - CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693). - CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634). - CVE-2024-26970: Fixed clk/qcom/gcc-ipq6018 termination of frequency table arrays (bsc#1223644). - CVE-2024-26969: Fixed clk/qcom/gcc-ipq8074 termination of frequency table arrays (bsc#1223645). - CVE-2024-26966: Fixed clk/qcom/mmcc-apq8084 termination of frequency table arrays (bsc#1223646). - CVE-2024-26965: Fixed clk/qcom/mmcc-msm8974 termination of frequency table arrays (bsc#1223648). - CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and swapoff() (bsc#1223655). - CVE-2024-26951: Fixed wireguard/netlink check for dangling peer via is_dead instead of empty list (bsc#1223660). - CVE-2024-26950: Fixed wireguard/netlink to access device through ctx instead of peer (bsc#1223661). - CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664). - CVE-2024-26927: Fixed ASoC/SOF bounds checking to firmware data Smatch (bsc#1223525). - CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198). - CVE-2024-26896: Fixed wifi/wfx memory leak when starting AP (bsc#1223042). - CVE-2024-26893: Fixed firmware/arm_scmi for possible double free in SMC transport cleanup path (bsc#1223196). - CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches (bsc#1223190). - CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189). - CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035). - CVE-2024-26882: Fixed net/ip_tunnel to make sure to pull inner header in ip_tunnel_rcv() (bsc#1223034). - CVE-2024-26881: Fixed net/hns3 kernel crash when 1588 is received on HIP08 devices (bsc#1223041). - CVE-2024-26879: Fixed clk/meson by adding missing clocks to axg_clk_regmaps (bsc#1223066). - CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060). - CVE-2024-26866: Fixed spi/spi-fsl-lpspi by removing redundant spi_controller_put call (bsc#1223024). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-26861: Fixed wireguard/receive annotate data-race around receiving_counter.counter (bsc#1223076). - CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058). - CVE-2024-26856: Fixed use-after-free inside sparx5_del_mact_entry (bsc#1223052). - CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051). - CVE-2024-26853: Fixed igc returning frame twice in XDP_REDIRECT (bsc#1223061). - CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057). - CVE-2024-26848: Fixed afs endless loop in directory parsing (bsc#1223030). - CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for workstations (bsc#1222968). - CVE-2024-26830: Fixed i40e to not allow untrusted VF to remove administratively set MAC (bsc#1223012). - CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid integer overflow (bsc#1222812). - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624). - CVE-2024-26807: Fixed spi/cadence-qspi NULL pointer reference in runtime PM hooks (bsc#1222801). - CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink (bsc#1222630). - CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp (bsc#1222428). - CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a wrong zone index (bsc#1222615). - CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618). - CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (bsc#1222613). - CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma (bsc#1222610) - CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726). - CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721). - CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt (bsc#1222720). - CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in gtp_genl_dump_pdp() in gtp (bsc#1222632). - CVE-2024-26751: Fixed ARM/ep93xx terminator to gpiod_lookup_table (bsc#1222724). - CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449). - CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr (bsc#1222677). - CVE-2024-26737: Fixed selftests/bpf racing between bpf_timer_cancel_and_free and bpf_timer_cancel (bsc#1222557). - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585). - CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already gets read (bsc#1222536). - CVE-2024-26718: Fixed dm-crypt/dm-verity disable tasklets (bsc#1222416). - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422). - CVE-2024-26696: Fixed nilfs2 hang in nilfs_lookup_dirty_data_buffers() (bsc#1222549). - CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503). - CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435). - CVE-2024-26685: Fixed nilfs2 potential bug in end_buffer_async_write (bsc#1222437). - CVE-2024-26684: Fixed net/stmmac/xgmac handling of DPP safety error for DMA channels (bsc#1222445). - CVE-2024-26681: Fixed netdevsim to avoid potential loop in nsim_dev_trap_report_work() (bsc#1222431). - CVE-2024-26680: Fixed net/atlantic DMA mapping for PTP hwts ring (bsc#1222427). - CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379). - CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization (bsc#1222368). - CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357). - CVE-2024-26660: Fixed drm/amd/display bounds check for stream encoder creation (bsc#1222266). - CVE-2024-26656: Fixed drm/amdgpu use-after-free bug (bsc#1222307). - CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299). - CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342). - CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126). - CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104). - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169). - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264). - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686). - CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd (bsc#1223033). - CVE-2023-52636: Fixed libceph cursor init when preparing sparse read in msgr2 (bsc#1222247). - CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294). - CVE-2023-52627: Fixed iio:adc:ad7091r exports into IIO_AD7091R namespace (bsc#1222051). - CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous sets never used from userspace (bsc#1221825). - CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612). - CVE-2023-52614: Fixed PM/devfreq buffer overflow in trans_stat_show (bsc#1221617). - CVE-2023-52593: Fixed wifi/wfx possible NULL pointer dereference in wfx_set_mfp_ap() (bsc#1221042). - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044). - CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088). - CVE-2023-52589: Fixed media/rkisp1 IRQ disable race issue (bsc#1221084). - CVE-2023-52585: Fixed drm/amdgpu for possible NULL pointer dereference in amdgpu_ras_query_error_status_helper() (bsc#1221080). - CVE-2023-52561: Fixed arm64/dts/qcom/sdm845-db845c to mark cont splash memory region (bsc#1220935). - CVE-2023-52503: Fixed tee/amdtee use-after-free vulnerability in amdtee_close_session (bsc#1220915). - CVE-2023-52488: Fixed serial/sc16is7xx convert from _raw_ to _noinc_ regmap functions for FIFO (bsc#1221162). - CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505). - CVE-2022-48659: Fixed mm/slub to return errno if kmalloc() fails (bsc#1223498). - CVE-2022-48658: Fixed mm/slub to avoid a problem in flush_cpu_slab()/__free_slab() task context (bsc#1223496). - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513). - CVE-2022-48642: Fixed netfilter/nf_tables percpu memory leak at nf_tables_addchain() (bsc#1223478). - CVE-2022-48640: Fixed bonding for possible NULL pointer dereference in bond_rr_gen_slave_id (bsc#1223499). - CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475). - CVE-2021-47214: Fixed hugetlb/userfaultfd during restore reservation in hugetlb_mcopy_atomic_pte() (bsc#1222710). - CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878) - CVE-2021-47200: Fixed drm/prime for possible use-after-free in mmap within drm_gem_ttm_mmap() and drm_gem_ttm_mmap() (bsc#1222838). - CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832). - CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706). - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669). - CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664). - CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662). - CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660). The following non-security bugs were fixed: - ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter (stable-fixes). - ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC (stable-fixes). - ALSA: hda/realtek - Fix inactive headset mic jack (stable-fixes). - ALSA: hda/realtek: Add quirk for HP SnowWhite laptops (stable-fixes). - ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU (stable-fixes). - ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() (git-fixes). - ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support (stable-fixes). - ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support (stable-fixes). - ALSA: scarlett2: Add correct product series name to messages (stable-fixes). - ALSA: scarlett2: Add support for Clarett 8Pre USB (stable-fixes). - ALSA: scarlett2: Default mixer driver to enabled (stable-fixes). - ALSA: scarlett2: Move USB IDs out from device_info struct (stable-fixes). - ASoC: meson: axg-card: make links nonatomic (git-fixes). - ASoC: meson: axg-tdm-interface: manage formatters in trigger (git-fixes). - ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes). - ASoC: soc-core.c: Skip dummy codec when adding platforms (stable-fixes). - ASoC: tegra: Fix DSPK 16-bit playback (git-fixes). - ASoC: ti: davinci-mcasp: Fix race condition during probe (git-fixes). - Bluetooth: Add new quirk for broken read key length on ATS2851 (git-fixes). - Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes). - Bluetooth: Fix memory leak in hci_req_sync_complete() (git-fixes). - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() (stable-fixes). - Bluetooth: L2CAP: Fix not validating setsockopt user input (git-fixes). - Bluetooth: RFCOMM: Fix not validating setsockopt user input (git-fixes). - Bluetooth: SCO: Fix not validating setsockopt user input (git-fixes). - Bluetooth: add quirk for broken address properties (git-fixes). - Bluetooth: btintel: Fix null ptr deref in btintel_read_version (stable-fixes). - Bluetooth: btintel: Fixe build regression (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 (stable-fixes). - Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE (git-fixes). - Bluetooth: hci_event: set the conn encrypted before conn establishes (stable-fixes). - Bluetooth: hci_sock: Fix not validating setsockopt user input (git-fixes). - Bluetooth: qca: fix NULL-deref on non-serdev suspend (git-fixes). - Documentation: Add missing documentation for EXPORT_OP flags (stable-fixes). - HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (git-fixes). - HID: logitech-dj: allow mice to use all types of reports (git-fixes). - HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running (stable-fixes). - Input: synaptics-rmi4 - fail probing if memory allocation for 'phys' fails (stable-fixes). - NFC: trf7970a: disable all regulators on removal (git-fixes). - NFS: avoid spurious warning of lost lock that is being unlocked (bsc#1221791). - PCI/AER: Block runtime suspend when handling errors (git-fixes). - PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports (git-fixes). - PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports (git-fixes). - PCI/DPC: Quirk PIO log size for certain Intel Root Ports (git-fixes). - PCI/PM: Drain runtime-idle callbacks before driver removal (git-fixes). - PCI: Drop pci_device_remove() test of pci_dev->driver (git-fixes). - PCI: rpaphp: Error out on busy status from get-sensor-state (bsc#1223369 ltc#205888). - RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). - RDMA/cm: Print the old state when cm_destroy_id gets timeout (git-fixes). - RDMA/cm: add timeout to cm_destroy_id wait (git-fixes) - Reapply 'drm/qxl: simplify qxl_fence_wait' (stable-fixes). - Revert 'ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default' (stable-fixes). - Revert 'drm/qxl: simplify qxl_fence_wait' (git-fixes). - Revert 'ice: Fix ice VF reset during iavf initialization (jsc#PED-376).' (bsc#1223275) - Revert 'usb: cdc-wdm: close race between read and workqueue' (git-fixes). - Revert 'usb: phy: generic: Get the vbus supply' (git-fixes). - USB: UAS: return ENODEV when submit urbs fail with device not attached (stable-fixes). - USB: serial: add device ID for VeriFone adapter (stable-fixes). - USB: serial: cp210x: add ID for MGP Instruments PDS100 (stable-fixes). - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M (stable-fixes). - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB (stable-fixes). - USB: serial: option: add Fibocom FM135-GL variants (stable-fixes). - USB: serial: option: add Lonsung U8300/U9300 product (stable-fixes). - USB: serial: option: add MeiG Smart SLM320 product (stable-fixes). - USB: serial: option: add Rolling RW101-GL and RW135-GL support (stable-fixes). - USB: serial: option: add Telit FN920C04 rmnet compositions (stable-fixes). - USB: serial: option: add support for Fibocom FM650/FG650 (stable-fixes). - USB: serial: option: support Quectel EM060K sub-models (stable-fixes). - ahci: asm1064: asm1166: do not limit reported ports (git-fixes). - ahci: asm1064: correct count of reported ports (stable-fixes). - arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes) - arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes) - arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes) - arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes) - arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git-fixes) - arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes) - arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes) - arm64: hibernate: Fix level3 translation fault in swsusp_save() (git-fixes). - ax25: fix use-after-free bugs caused by ax25_ds_del_timer (git-fixes). - batman-adv: Avoid infinite loop trying to resize local TT (git-fixes). - bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes). - bcache: Remove dead references to cache_readaheads (git-fixes). - bcache: Remove unnecessary NULL point check in node allocations (git-fixes). - bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes). - bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes). - bcache: avoid oversize memory allocation by small stripe_size (git-fixes). - bcache: bset: Fix comment typos (git-fixes). - bcache: check return value from btree_node_alloc_replacement() (git-fixes). - bcache: fix NULL pointer reference in cached_dev_detach_finish (git-fixes). - bcache: fix error info in register_bcache() (git-fixes). - bcache: fixup bcache_dev_sectors_dirty_add() multithreaded CPU false sharing (git-fixes). - bcache: fixup btree_cache_wait list damage (git-fixes). - bcache: fixup init dirty data errors (git-fixes). - bcache: fixup lock c->root error (git-fixes). - bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes). - bcache: move calc_cached_dev_sectors to proper place on backing device detach (git-fixes). - bcache: move uapi header bcache.h to bcache code directory (git-fixes). - bcache: prevent potential division by zero error (git-fixes). - bcache: remove EXPERIMENTAL for Kconfig option 'Asynchronous device registration' (git-fixes). - bcache: remove redundant assignment to variable cur_idx (git-fixes). - bcache: remove the backing_dev_name field from struct cached_dev (git-fixes). - bcache: remove the cache_dev_name field from struct cache (git-fixes). - bcache: remove unnecessary flush_workqueue (git-fixes). - bcache: remove unused bch_mark_cache_readahead function def in stats.h (git-fixes). - bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes). - bcache: replace snprintf in show functions with sysfs_emit (git-fixes). - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes). - bcache: use bvec_kmap_local in bch_data_verify (git-fixes). - bcache: use bvec_kmap_local in bio_csum (git-fixes). - bcache: use default_groups in kobj_type (git-fixes). - bcache:: fix repeated words in comments (git-fixes). - ceph: stop copying to iter at EOF on sync reads (bsc#1223068). - ceph: switch to corrected encoding of max_xattr_size in mdsmap (bsc#1223067). - clk: Get runtime PM before walking tree during disable_unused (git-fixes). - clk: Initialize struct clk_core kref earlier (stable-fixes). - clk: Mark 'all_lists' as const (stable-fixes). - clk: Print an info line before disabling unused clocks (stable-fixes). - clk: Remove prepare_lock hold assertion in __clk_release() (git-fixes). - clk: remove extra empty line (stable-fixes). - comedi: vmk80xx: fix incomplete endpoint checking (git-fixes). - dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes). - dm cache: add cond_resched() to various workqueue loops (git-fixes). - dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes). - dm crypt: add cond_resched() to dmcrypt_write() (git-fixes). - dm crypt: avoid accessing uninitialized tasklet (git-fixes). - dm flakey: do not corrupt the zero page (git-fixes). - dm flakey: fix a bug with 32-bit highmem systems (git-fixes). - dm flakey: fix a crash with invalid table line (git-fixes). - dm flakey: fix logic when corrupting a bio (git-fixes). - dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes). - dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes). - dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes). - dm raid: fix false positive for requeue needed during reshape (git-fixes). - dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes). - dm stats: check for and propagate alloc_percpu failure (git-fixes). - dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes). - dm thin metadata: check fail_io before using data_sm (git-fixes). - dm thin: add cond_resched() to various workqueue loops (git-fixes). - dm thin: fix deadlock when swapping to thin device (bsc#1177529). - dm verity: do not perform FEC for failed readahead IO (git-fixes). - dm verity: fix error handling for check_at_most_once on FEC (git-fixes). - dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes). - dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes). - dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes). - dm-raid: fix lockdep waring in 'pers->hot_add_disk' (git-fixes). - dm-verity, dm-crypt: align 'struct bvec_iter' correctly (git-fixes). - dm-verity: align struct dm_verity_fec_io properly (git-fixes). - dm: add cond_resched() to dm_wq_work() (git-fixes). - dm: call the resume method on internal suspend (git-fixes). - dm: do not lock fs when the map is NULL during suspend or resume (git-fixes). - dm: do not lock fs when the map is NULL in process of resume (git-fixes). - dm: remove flush_scheduled_work() during local_exit() (git-fixes). - dm: send just one event on resize, not two (git-fixes). - dma: xilinx_dpdma: Fix locking (git-fixes). - dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (git-fixes). - dmaengine: owl: fix register access functions (git-fixes). - dmaengine: tegra186: Fix residual calculation (git-fixes). - docs: Document the FAN_FS_ERROR event (stable-fixes). - drm-print: add drm_dbg_driver to improve namespace symmetry (stable-fixes). - drm/amd/display: Do not recursively call manual trigger programming (stable-fixes). - drm/amd/display: Fix nanosec stat overflow (stable-fixes). - drm/amd/display: fix disable otg wa logic in DCN316 (stable-fixes). - drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 (stable-fixes). - drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 (stable-fixes). - drm/amdgpu: Fix leak when GPU memory allocation fails (stable-fixes). - drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes). - drm/amdgpu: always force full reset for SOC21 (stable-fixes). - drm/amdgpu: fix incorrect active rb bitmap for gfx11 (stable-fixes). - drm/amdgpu: fix incorrect number of active RBs for gfx11 (stable-fixes). - drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 (git-fixes). - drm/amdgpu: validate the parameters of bo mapping operations more clearly (git-fixes). - drm/amdkfd: Reset GPU on queue preemption failure (stable-fixes). - drm/ast: Fix soft lockup (git-fixes). - drm/client: Fully protect modes[] with dev->mode_config.mutex (stable-fixes). - drm/i915/cdclk: Fix CDCLK programming order when pipes are active (git-fixes). - drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes). - drm/i915: Disable port sync when bigjoiner is used (stable-fixes). - drm/msm/dp: fix typo in dp_display_handle_port_status_changed() (git-fixes). - drm/nouveau/nvkm: add a replacement for nvkm_notify (bsc#1223834) - drm/panel: ili9341: Respect deferred probe (git-fixes). - drm/panel: ili9341: Use predefined error codes (git-fixes). - drm/panel: visionox-rm69299: do not unregister DSI device (git-fixes). - drm/vc4: do not check if plane->state->fb == state->fb (stable-fixes). - drm/vmwgfx: Enable DMA mappings with SEV (git-fixes). - drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes). - drm/vmwgfx: Fix invalid reads in fence signaled events (git-fixes). - drm/vmwgfx: Sort primary plane formats by order of preference (git-fixes). - drm: nv04: Fix out of bounds access (git-fixes). - drm: panel-orientation-quirks: Add quirk for GPD Win Mini (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go (stable-fixes). - dump_stack: Do not get cpu_sync for panic CPU (bsc#1223574). - fbdev: fix incorrect address computation in deferred IO (git-fixes). - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 (stable-fixes). - fbmon: prevent division by zero in fb_videomode_from_videomode() (stable-fixes). - fix build warning - fuse: do not unhash root (bsc#1223951). - fuse: fix root lookup with nonzero generation (bsc#1223950). - hwmon: (amc6821) add of_match table (stable-fixes). - i2c: pxa: hide unused icr_bits[] variable (git-fixes). - i2c: smbus: fix NULL function pointer dereference (git-fixes). - i40e: Fix VF MAC filter removal (git-fixes). - idma64: Do not try to serve interrupts when device is powered off (git-fixes). - iio: accel: mxc4005: Interrupt handling fixes (git-fixes). - iio:imu: adis16475: Fix sync mode setting (git-fixes). - init/main.c: Fix potential static_command_line memory overflow (git-fixes). - iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter (git-fixes). - iommu/amd: Fix 'Guest Virtual APIC Table Root Pointer' configuration in IRTE (git-fixes). - iommu/amd: Fix domain flush size when syncing iotlb (git-fixes). - iommu/amd: Fix error handling for pdev_pri_ats_enable() (git-fixes). - iommu/arm-smmu-qcom: Limit the SMR groups to 128 (git-fixes). - iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any (git-fixes). - iommu/fsl: fix all kernel-doc warnings in fsl_pamu.c (git-fixes). - iommu/iova: Fix alloc iova overflows issue (git-fixes). - iommu/mediatek: Flush IOTLB completely only if domain has been attached (git-fixes). - iommu/rockchip: Fix unwind goto issue (git-fixes). - iommu/sprd: Release dma buffer to avoid memory leak (git-fixes). - iommu/vt-d: Allocate local memory for page request queue (git-fixes). - iommu/vt-d: Allow zero SAGAW if second-stage not supported (git-fixes). - iommu/vt-d: Fix error handling in sva enable/disable paths (git-fixes). - iommu: Fix error unwind in iommu_group_alloc() (git-fixes). - ipv6/addrconf: fix a potential refcount underflow for idev (git-fixes). - kABI: Adjust trace_iterator.wait_index (git-fixes). - kprobes: Fix double free of kretprobe_holder (bsc#1220901). - kprobes: Fix possible use-after-free issue on kprobe registration (git-fixes). - libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (git-fixes). - libnvdimm/region: Allow setting align attribute on regions without mappings (git-fixes). - livepatch: Fix missing newline character in klp_resolve_symbols() (bsc#1223539). - md/raid1: fix choose next idle in read_balance() (git-fixes). - md: Do not clear MD_CLOSING when the raid is about to stop (git-fixes). - md: do not clear MD_RECOVERY_FROZEN for new dm-raid until resume (git-fixes). - media: cec: core: remove length check of Timer Status (stable-fixes). - media: sta2x11: fix irq handler cast (stable-fixes). - mei: me: add arrow lake point H DID (stable-fixes). - mei: me: add arrow lake point S DID (stable-fixes). - mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes). - mm/vmscan: make sure wakeup_kswapd with managed zone (bsc#1223473). - mmc: sdhci-msm: pervent access to suspended controller (git-fixes). - mtd: diskonchip: work around ubsan link failure (stable-fixes). - nd_btt: Make BTT lanes preemptible (git-fixes). - net: bridge: vlan: fix memory leak in __allowed_ingress (git-fixes). - net: fix a memleak when uncloning an skb dst and its metadata (git-fixes). - net: fix skb leak in __skb_tstamp_tx() (git-fixes). - net: ipv6: ensure we call ipv6_mc_down() at most once (git-fixes). - net: mld: fix reference count leak in mld_{query | report}_work() (git-fixes). - net: stream: purge sk_error_queue in sk_stream_kill_queues() (git-fixes). - net: usb: ax88179_178a: avoid the interface always configured as random address (git-fixes). - net: usb: ax88179_178a: avoid writing the mac address before first reading (git-fixes). - net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes). - net: vlan: fix underflow for the real_dev refcnt (git-fixes). - netfilter: br_netfilter: Drop dst references before setting (git-fixes). - netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() (git-fixes). - netfilter: nft_ct: fix l3num expectations with inet pseudo family (git-fixes). - nfsd: use __fput_sync() to avoid delayed closing of files (bsc#1223380 bsc#1217408). - nilfs2: fix OOB in nilfs_set_de_type (git-fixes). - nilfs2: fix OOB in nilfs_set_de_type (git-fixes). - nouveau: fix function cast warning (git-fixes). - nouveau: fix instmem race condition around ptr stores (git-fixes). - nvdimm/namespace: drop nested variable in create_namespace_pmem() (git-fixes). - nvdimm: Allow overwrite in the presence of disabled dimms (git-fixes). - nvdimm: Fix badblocks clear off-by-one error (git-fixes). - nvdimm: Fix dereference after free in register_nvdimm_pmu() (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu() (git-fixes). - pci_iounmap(): Fix MMIO mapping leak (git-fixes). - phy: tegra: xusb: Add API to retrieve the port number of phy (stable-fixes). - pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs (stable-fixes). - platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet (stable-fixes). - powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191). - powerpc/pseries/iommu: LPAR panics when rebooted with a frozen PE (bsc#1222011 ltc#205900). - powerpc/rtas: define pr_fmt and convert printk call sites (bsc#1223369 ltc#205888). - powerpc/rtas: export rtas_error_rc() for reuse (bsc#1223369 ltc#205888). - powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191). - powerpc: Refactor verification of MSR_RI (bsc#1223191). - printk: Add this_cpu_in_panic() (bsc#1223574). - printk: Adjust mapping for 32bit seq macros (bsc#1223574). - printk: Avoid non-panic CPUs writing to ringbuffer (bsc#1223574). - printk: Disable passing console lock owner completely during panic() (bsc#1223574). - printk: Drop console_sem during panic (bsc#1223574). - printk: Rename abandon_console_lock_in_panic() to other_cpu_in_panic() (bsc#1223574). - printk: Use prb_first_seq() as base for 32bit seq macros (bsc#1223574). - printk: Wait for all reserved records with pr_flush() (bsc#1223574). - printk: nbcon: Relocate 32bit seq macros (bsc#1223574). - printk: ringbuffer: Clarify special lpos values (bsc#1223574). - printk: ringbuffer: Cleanup reader terminology (bsc#1223574). - printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() (bsc#1223574). - printk: ringbuffer: Improve prb_next_seq() performance (bsc#1223574). - printk: ringbuffer: Skip non-finalized records in panic (bsc#1223574). - pstore/zone: Add a null pointer check to the psz_kmsg_read (stable-fixes). - ring-buffer: Do not set shortest_full when full target is hit (git-fixes). - ring-buffer: Fix full_waiters_pending in poll (git-fixes). - ring-buffer: Fix resetting of shortest_full (git-fixes). - ring-buffer: Fix waking up ring buffer readers (git-fixes). - ring-buffer: Make wake once of ring_buffer_wait() more robust (git-fixes). - ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() (git-fixes). - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment (git-fixes). - s390/cio: Ensure the copied buf is NUL terminated (git-fixes bsc#1223875). - s390/decompressor: fix misaligned symbol build error (git-fixes bsc#1223785). - s390/mm: Fix clearing storage keys for huge pages (git-fixes bsc#1223877). - s390/mm: Fix storage key clearing for guest huge pages (git-fixes bsc#1223878). - s390/qeth: Fix kernel panic after setting hsuid (git-fixes bsc#1223879). - s390/scm: fix virtual vs physical address confusion (git-fixes bsc#1223784). - s390/vdso: Add CFI for RA register to asm macro vdso_func (git-fixes bsc#1223876). - s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223598). - s390/zcrypt: fix reference counting on zcrypt card objects (git-fixes bsc#1223595). - serial/pmac_zilog: Remove flawed mitigation for rx irq flood (git-fixes). - serial: core: Provide port lock wrappers (stable-fixes). - serial: core: fix kernel-doc for uart_port_unlock_irqrestore() (git-fixes). - serial: mxs-auart: add spinlock around changing cts state (git-fixes). - slimbus: qcom-ngd-ctrl: Add timeout for wait operation (git-fixes). - speakup: Avoid crash on very long word (git-fixes). - speakup: Fix 8bit characters from direct synth (git-fixes). - tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp (git-fixes). - thunderbolt: Avoid notify PM core about runtime PM resume (stable-fixes). - thunderbolt: Fix wake configurations after device unplug (stable-fixes). - tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string (git-fixes). - tracing/ring-buffer: Fix wait_on_pipe() race (git-fixes). - tracing: Have saved_cmdlines arrays all in one allocation (git-fixes). - tracing: Remove precision vsnprintf() check from print event (git-fixes). - tracing: Show size of requested perf buffer (git-fixes). - tracing: Use .flush() call to wake up readers (git-fixes). - usb: Disable USB3 LPM at shutdown (stable-fixes). - usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device (git-fixes). - usb: dwc2: host: Fix dereference issue in DDMA completion flow (git-fixes). - usb: gadget: composite: fix OS descriptors w_value logic (git-fixes). - usb: gadget: f_fs: Fix a race condition when processing setup packets (git-fixes). - usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error (stable-fixes). - usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic (git-fixes). - usb: ohci: Prevent missed ohci interrupts (git-fixes). - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined (stable-fixes). - usb: typec: tcpci: add generic tcpci fallback compatible (stable-fixes). - usb: typec: tcpm: Check for port partner validity before consuming it (git-fixes). - usb: typec: tcpm: unregister existing source caps before re-registration (bsc#1220569). - usb: typec: ucsi: Ack unsupported commands (stable-fixes). - usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset (stable-fixes). - usb: typec: ucsi: Fix connector check on init (git-fixes). - usb: udc: remove warning when queue disabled ep (stable-fixes). - vdpa/mlx5: Allow CVQ size changes (git-fixes). - virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal (bsc#1223949). - wifi: ath9k: fix LNA selection in ath_ant_try_scan() (stable-fixes). - wifi: iwlwifi: mvm: remove old PASN station when adding a new one (git-fixes). - wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd (git-fixes). - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (stable-fixes). - wifi: nl80211: do not free NULL coalescing rule (git-fixes). - x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git-fixes). - x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type (jsc#PED-7167 git-fixes). - x86/sev: Skip ROM range scans and validation for SEV-SNP guests (jsc#PED-7167 git-fixes). - x86/xen: Add some null pointer checking to smp.c (git-fixes). - x86/xen: add CPU dependencies for 32-bit build (git-fixes). - x86/xen: fix percpu vcpu_info allocation (git-fixes). - xen-netback: properly sync TX responses (git-fixes). - xen-netfront: Add missing skb_mark_for_recycle (git-fixes). - xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import (git-fixes). - xen/xenbus: document will_handle argument for xenbus_watch_path() (git-fixes). - xfrm6: fix inet6_dev refcount underflow problem (git-fixes). The following package changes have been done: - kernel-macros-5.14.21-150500.55.62.2 updated - kernel-devel-5.14.21-150500.55.62.2 updated - kernel-default-devel-5.14.21-150500.55.62.2 updated - kernel-syms-5.14.21-150500.55.62.1 updated From sle-container-updates at lists.suse.com Fri May 17 07:01:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 May 2024 09:01:21 +0200 (CEST) Subject: SUSE-IU-2024:434-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20240517070121.7D103FBA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:434-1 Image Tags : suse/sle-micro/5.5:2.0.2 , suse/sle-micro/5.5:2.0.2-4.2.105 , suse/sle-micro/5.5:latest Image Release : 4.2.105 Severity : important Type : recommended References : 1054800 1062837 1121964 1133623 1141969 1143452 1171003 1171764 1172693 1196803 1196804 1205962 1217478 1217796 1221632 1222089 474076 481137 944615 952645 994598 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1671-1 Released: Thu May 16 10:56:43 2024 Summary: Recommended update for open-vm-tools Type: recommended Severity: important References: 1054800,1062837,1121964,1133623,1141969,1143452,1171003,1171764,1172693,1196803,1196804,1205962,1217478,1217796,1222089,474076,481137,944615,952645,994598 This update for open-vm-tools fixes the following issues: - Remove protobuf less than v22 dependency from spec file (bsc#1217478) - Use for updating open-vm-tools to new version (bsc#1222089) - There are no new features in the current open-vm-tools release This is primarily a maintenance release that addresses a few critical problems - Use %patch -P N instead of deprecated %patchN - Own %{_modulesloaddir}: used to be present via udev-mini - kmod - suse-module-tools dependency before - Fix outdated libxmlsec1 dependency version Updates to open-vm-tools for SLES 12 SP4 and SP5 are now being built againt against libxmlsec1-1-1.2.37. Update the spec file to now require libxmlsec1-openssl1 v1.2.37 or above. (bsc#1217796) - limit to protobuf less than v22 for now until build failures have been fixed pam-vmtoolsd patch as instructed by vmware (bsc#1171003). This should fix both (bsc#1171003) and (bsc#1172693) - Update vmtoolsd.service to support cloud-init customization by default (bsc#994598) - Enable vgauth for openSUSE Leap 42.1 (bsc#952645) - Extensive rewrite of the spec file - rename vmware-KMP to vmware-guest-KMP for easier identification The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - libvmtools0-12.4.0-150300.49.11 updated - open-vm-tools-12.4.0-150300.49.11 updated - container:suse-sle-micro-base-5.5-latest-2.0.2-5.5.7 updated From sle-container-updates at lists.suse.com Fri May 17 07:03:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 May 2024 09:03:34 +0200 (CEST) Subject: SUSE-CU-2024:2101-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20240517070334.9CB98FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2101-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.8.30 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.8.30 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated From sle-container-updates at lists.suse.com Fri May 17 07:05:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 May 2024 09:05:12 +0200 (CEST) Subject: SUSE-CU-2024:2103-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20240517070512.80A92FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2103-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.15.29 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.15.29 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated From sle-container-updates at lists.suse.com Fri May 17 07:05:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 May 2024 09:05:41 +0200 (CEST) Subject: SUSE-CU-2024:2104-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20240517070541.E6159FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2104-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.4.52 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.4.52 Container Release : 4.52 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1666-1 Released: Thu May 16 08:00:53 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150300.3.8.1 updated From sle-container-updates at lists.suse.com Fri May 17 07:05:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 May 2024 09:05:54 +0200 (CEST) Subject: SUSE-CU-2024:2105-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20240517070554.DC203FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2105-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.33 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.33 Container Release : 3.33 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated From sle-container-updates at lists.suse.com Fri May 17 07:06:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 May 2024 09:06:21 +0200 (CEST) Subject: SUSE-CU-2024:2106-1: Recommended update of suse/389-ds Message-ID: <20240517070621.A188BFBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2106-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-22.5 , suse/389-ds:latest Container Release : 22.5 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Fri May 17 07:06:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 May 2024 09:06:49 +0200 (CEST) Subject: SUSE-CU-2024:2107-1: Recommended update of bci/dotnet-aspnet Message-ID: <20240517070649.72261FBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2107-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-27.1 , bci/dotnet-aspnet:6.0.30 , bci/dotnet-aspnet:6.0.30-27.1 Container Release : 27.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Fri May 17 07:06:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 May 2024 09:06:59 +0200 (CEST) Subject: SUSE-CU-2024:2108-1: Recommended update of bci/dotnet-aspnet Message-ID: <20240517070659.2C18CFBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2108-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0-10.1 , bci/dotnet-aspnet:8.0.5 , bci/dotnet-aspnet:8.0.5-10.1 , bci/dotnet-aspnet:latest Container Release : 10.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Fri May 17 07:07:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 May 2024 09:07:16 +0200 (CEST) Subject: SUSE-CU-2024:2109-1: Recommended update of suse/registry Message-ID: <20240517070716.B859DFBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2109-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-25.4 , suse/registry:latest Container Release : 25.4 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:micro-image-15.5.0-22.2 updated From sle-container-updates at lists.suse.com Fri May 17 07:07:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 May 2024 09:07:51 +0200 (CEST) Subject: SUSE-CU-2024:2110-1: Recommended update of bci/dotnet-sdk Message-ID: <20240517070751.720A2FBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2110-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-26.1 , bci/dotnet-sdk:6.0.30 , bci/dotnet-sdk:6.0.30-26.1 Container Release : 26.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Fri May 17 07:08:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 May 2024 09:08:02 +0200 (CEST) Subject: SUSE-CU-2024:2111-1: Recommended update of bci/dotnet-sdk Message-ID: <20240517070802.50CD3FBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2111-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0-11.1 , bci/dotnet-sdk:8.0.5 , bci/dotnet-sdk:8.0.5-11.1 , bci/dotnet-sdk:latest Container Release : 11.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Fri May 17 07:08:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 May 2024 09:08:29 +0200 (CEST) Subject: SUSE-CU-2024:2112-1: Recommended update of bci/dotnet-runtime Message-ID: <20240517070829.54956FBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2112-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-26.1 , bci/dotnet-runtime:6.0.30 , bci/dotnet-runtime:6.0.30-26.1 Container Release : 26.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Fri May 17 07:08:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 May 2024 09:08:37 +0200 (CEST) Subject: SUSE-CU-2024:2113-1: Recommended update of bci/dotnet-runtime Message-ID: <20240517070837.A6ED8FBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2113-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0-10.1 , bci/dotnet-runtime:8.0.5 , bci/dotnet-runtime:8.0.5-10.1 , bci/dotnet-runtime:latest Container Release : 10.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Fri May 17 07:09:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 May 2024 09:09:08 +0200 (CEST) Subject: SUSE-CU-2024:2115-1: Recommended update of bci/golang Message-ID: <20240517070908.3C3BFFBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2115-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-2.6.1 , bci/golang:oldstable , bci/golang:oldstable-2.6.1 Container Release : 6.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Fri May 17 07:09:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 May 2024 09:09:28 +0200 (CEST) Subject: SUSE-CU-2024:2116-1: Recommended update of bci/golang Message-ID: <20240517070928.6739CFBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2116-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-16.1 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-16.1 Container Release : 16.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Fri May 17 07:09:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 May 2024 09:09:48 +0200 (CEST) Subject: SUSE-CU-2024:2117-1: Recommended update of bci/golang Message-ID: <20240517070948.AFDC6FBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2117-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-16.1 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-16.1 Container Release : 16.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Fri May 17 07:09:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 May 2024 09:09:58 +0200 (CEST) Subject: SUSE-CU-2024:2118-1: Recommended update of suse/helm Message-ID: <20240517070958.1044CFBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2118-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-11.5 , suse/helm:latest Container Release : 11.5 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:micro-image-15.5.0-22.2 updated From sle-container-updates at lists.suse.com Fri May 17 07:10:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 May 2024 09:10:24 +0200 (CEST) Subject: SUSE-CU-2024:2119-1: Recommended update of bci/bci-init Message-ID: <20240517071024.3977DFBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2119-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.18.1 , bci/bci-init:latest Container Release : 18.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Fri May 17 07:10:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 May 2024 09:10:33 +0200 (CEST) Subject: SUSE-CU-2024:2120-1: Recommended update of bci/bci-micro Message-ID: <20240517071033.C13F7FBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2120-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.22.2 , bci/bci-micro:latest Container Release : 22.2 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated From sle-container-updates at lists.suse.com Fri May 17 07:10:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 May 2024 09:10:44 +0200 (CEST) Subject: SUSE-CU-2024:2121-1: Recommended update of bci/bci-minimal Message-ID: <20240517071044.BA679FBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2121-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.23.4 , bci/bci-minimal:latest Container Release : 23.4 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:micro-image-15.5.0-22.2 updated From sle-container-updates at lists.suse.com Fri May 17 07:11:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 17 May 2024 09:11:05 +0200 (CEST) Subject: SUSE-CU-2024:2122-1: Recommended update of suse/nginx Message-ID: <20240517071105.CA511FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2122-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-12.4 , suse/nginx:latest Container Release : 12.4 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Sat May 18 07:01:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 May 2024 09:01:19 +0200 (CEST) Subject: SUSE-IU-2024:435-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20240518070119.89F33FBA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:435-1 Image Tags : suse/sle-micro/base-5.5:2.0.2 , suse/sle-micro/base-5.5:2.0.2-5.5.9 , suse/sle-micro/base-5.5:latest Image Release : 5.5.9 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated From sle-container-updates at lists.suse.com Sat May 18 07:02:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 May 2024 09:02:02 +0200 (CEST) Subject: SUSE-CU-2024:2123-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20240518070202.7B239FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2123-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.234 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.234 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Sat May 18 07:03:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 May 2024 09:03:37 +0200 (CEST) Subject: SUSE-CU-2024:2124-1: Security update of suse/sles12sp5 Message-ID: <20240518070337.735DCFBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2124-1 Container Tags : suse/sles12sp5:6.5.595 , suse/sles12sp5:latest Container Release : 6.5.595 Severity : important Type : security References : 1222992 1223423 1223424 1223425 CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1675-1 Released: Fri May 17 09:52:43 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,1223423,1223424,1223425,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: - nscd: Fixed use-after-free in addgetnetgrentX (BZ #23520) - CVE-2024-33599: nscd: Fixed Stack-based buffer overflow in netgroup cache (bsc#1223423, BZ #31677) - CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bsc#1223424, BZ #31678) - CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424, BZ #31678) - CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (CVE-2024-33601, bsc#1223425, BZ #31680) - CVE-2024-33602; Use time_t for return type of addgetnetgrentX (bsc#1223425) - CVE-2024-2961: iconv: ISO-2022-CN-EXT: Fixed out-of-bound writes when writing escape sequence (bsc#1222992) The following package changes have been done: - glibc-2.22-114.34.1 updated From sle-container-updates at lists.suse.com Sat May 18 07:04:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 May 2024 09:04:00 +0200 (CEST) Subject: SUSE-CU-2024:2125-1: Recommended update of suse/ltss/sle15.3/bci-base-fips Message-ID: <20240518070400.688C6FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2125-1 Container Tags : suse/ltss/sle15.3/bci-base-fips:15.3 , suse/ltss/sle15.3/bci-base-fips:15.3.5.5 Container Release : 5.5 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container suse/ltss/sle15.3/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1666-1 Released: Thu May 16 08:00:53 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150300.3.8.1 updated - container:sles15-ltss-image-15.0.0-4.52 updated From sle-container-updates at lists.suse.com Sat May 18 07:06:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 May 2024 09:06:22 +0200 (CEST) Subject: SUSE-CU-2024:2122-1: Recommended update of suse/nginx Message-ID: <20240518070622.E636EFBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2122-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-12.4 , suse/nginx:latest Container Release : 12.4 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Sat May 18 07:06:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 May 2024 09:06:53 +0200 (CEST) Subject: SUSE-CU-2024:2130-1: Recommended update of bci/nodejs Message-ID: <20240518070653.47385FBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2130-1 Container Tags : bci/node:18 , bci/node:18-19.1 , bci/nodejs:18 , bci/nodejs:18-19.1 Container Release : 19.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Sat May 18 07:07:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 May 2024 09:07:10 +0200 (CEST) Subject: SUSE-CU-2024:2132-1: Recommended update of bci/nodejs Message-ID: <20240518070710.40B9FFBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2132-1 Container Tags : bci/node:20 , bci/node:20-9.1 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-9.1 , bci/nodejs:latest Container Release : 9.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Sat May 18 07:07:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 May 2024 09:07:47 +0200 (CEST) Subject: SUSE-CU-2024:2133-1: Recommended update of bci/openjdk-devel Message-ID: <20240518070747.6C4ABFBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2133-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-16.10 Container Release : 16.10 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:bci-openjdk-11-15.5.11-18.1 updated From sle-container-updates at lists.suse.com Sat May 18 07:08:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 May 2024 09:08:16 +0200 (CEST) Subject: SUSE-CU-2024:2134-1: Recommended update of bci/openjdk Message-ID: <20240518070816.4A509FBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2134-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-18.1 Container Release : 18.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Sat May 18 07:08:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 May 2024 09:08:55 +0200 (CEST) Subject: SUSE-CU-2024:2135-1: Recommended update of bci/openjdk-devel Message-ID: <20240518070855.7353FFBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2135-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-18.9 , bci/openjdk-devel:latest Container Release : 18.9 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:bci-openjdk-17-15.5.17-19.1 updated From sle-container-updates at lists.suse.com Sat May 18 07:09:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 May 2024 09:09:29 +0200 (CEST) Subject: SUSE-CU-2024:2136-1: Recommended update of bci/openjdk Message-ID: <20240518070929.A9BB7FBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2136-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-19.1 , bci/openjdk:latest Container Release : 19.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Sat May 18 07:10:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 May 2024 09:10:09 +0200 (CEST) Subject: SUSE-CU-2024:2137-1: Recommended update of suse/pcp Message-ID: <20240518071009.0B640FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2137-1 Container Tags : suse/pcp:5 , suse/pcp:5-26.9 , suse/pcp:5.2 , suse/pcp:5.2-26.9 , suse/pcp:5.2.5 , suse/pcp:5.2.5-26.9 , suse/pcp:latest Container Release : 26.9 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:bci-bci-init-15.5-15.5-18.1 updated From sle-container-updates at lists.suse.com Sat May 18 07:10:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 May 2024 09:10:39 +0200 (CEST) Subject: SUSE-CU-2024:2138-1: Recommended update of bci/php-apache Message-ID: <20240518071039.28B0FFBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2138-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-16.1 , bci/php-apache:latest Container Release : 16.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Sat May 18 07:11:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 May 2024 09:11:09 +0200 (CEST) Subject: SUSE-CU-2024:2140-1: Recommended update of bci/php-fpm Message-ID: <20240518071109.749D6FBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2140-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-16.1 , bci/php-fpm:latest Container Release : 16.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Sat May 18 07:11:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 May 2024 09:11:39 +0200 (CEST) Subject: SUSE-CU-2024:2142-1: Recommended update of bci/php Message-ID: <20240518071139.A0209FBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2142-1 Container Tags : bci/php:8 , bci/php:8-16.1 , bci/php:latest Container Release : 16.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Sat May 18 07:12:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 May 2024 09:12:13 +0200 (CEST) Subject: SUSE-CU-2024:2144-1: Recommended update of suse/postgres Message-ID: <20240518071213.56D8FFBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2144-1 Container Tags : suse/postgres:15 , suse/postgres:15-19.5 , suse/postgres:15.6 , suse/postgres:15.6-19.5 Container Release : 19.5 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Sat May 18 07:12:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 May 2024 09:12:28 +0200 (CEST) Subject: SUSE-CU-2024:2146-1: Recommended update of suse/postgres Message-ID: <20240518071228.DC003FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2146-1 Container Tags : suse/postgres:16 , suse/postgres:16-8.5 , suse/postgres:16.3 , suse/postgres:16.3-8.5 , suse/postgres:latest Container Release : 8.5 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Sat May 18 07:13:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 May 2024 09:13:02 +0200 (CEST) Subject: SUSE-CU-2024:2148-1: Recommended update of bci/python Message-ID: <20240518071302.13DB6FBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2148-1 Container Tags : bci/python:3 , bci/python:3-20.1 , bci/python:3.11 , bci/python:3.11-20.1 , bci/python:latest Container Release : 20.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Sat May 18 07:13:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 May 2024 09:13:30 +0200 (CEST) Subject: SUSE-CU-2024:2149-1: Recommended update of bci/python Message-ID: <20240518071330.BE7F1FBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2149-1 Container Tags : bci/python:3 , bci/python:3-21.1 , bci/python:3.6 , bci/python:3.6-21.1 Container Release : 21.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Sat May 18 07:13:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 May 2024 09:13:52 +0200 (CEST) Subject: SUSE-CU-2024:2151-1: Recommended update of suse/rmt-server Message-ID: <20240518071352.95C29FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2151-1 Container Tags : suse/rmt-server:2.16 , suse/rmt-server:2.16-18.1 , suse/rmt-server:latest Container Release : 18.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Sat May 18 07:14:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 18 May 2024 09:14:27 +0200 (CEST) Subject: SUSE-CU-2024:2153-1: Recommended update of bci/ruby Message-ID: <20240518071427.43858FBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2153-1 Container Tags : bci/ruby:2 , bci/ruby:2-20.1 , bci/ruby:2.5 , bci/ruby:2.5-20.1 , bci/ruby:latest Container Release : 20.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Sun May 19 07:02:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 19 May 2024 09:02:22 +0200 (CEST) Subject: SUSE-CU-2024:2153-1: Recommended update of bci/ruby Message-ID: <20240519070223.006B4FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2153-1 Container Tags : bci/ruby:2 , bci/ruby:2-20.1 , bci/ruby:2.5 , bci/ruby:2.5-20.1 , bci/ruby:latest Container Release : 20.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Sun May 19 07:02:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 19 May 2024 09:02:49 +0200 (CEST) Subject: SUSE-CU-2024:2154-1: Recommended update of bci/rust Message-ID: <20240519070249.71437FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2154-1 Container Tags : bci/rust:1.76 , bci/rust:1.76-2.6.1 , bci/rust:oldstable , bci/rust:oldstable-2.6.1 Container Release : 6.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Sun May 19 07:03:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 19 May 2024 09:03:17 +0200 (CEST) Subject: SUSE-CU-2024:2155-1: Recommended update of bci/rust Message-ID: <20240519070317.CE835FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2155-1 Container Tags : bci/rust:1.77 , bci/rust:1.77-1.6.1 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.6.1 Container Release : 6.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Sun May 19 07:03:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 19 May 2024 09:03:32 +0200 (CEST) Subject: SUSE-CU-2024:2156-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20240519070332.A5A52FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2156-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.12.1 , bci/bci-sle15-kernel-module-devel:latest Container Release : 12.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Sun May 19 07:03:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 19 May 2024 09:03:54 +0200 (CEST) Subject: SUSE-CU-2024:2157-1: Recommended update of suse/sle15 Message-ID: <20240519070354.BE6EAFCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2157-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.11.33 , suse/sle15:15.5 , suse/sle15:15.5.36.11.33 Container Release : 36.11.33 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated From sle-container-updates at lists.suse.com Sun May 19 07:05:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 19 May 2024 09:05:29 +0200 (CEST) Subject: SUSE-CU-2024:2169-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20240519070529.BD4CAFCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2169-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.8.30 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.8.30 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1666-1 Released: Thu May 16 08:00:53 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150300.3.8.1 updated From sle-container-updates at lists.suse.com Sun May 19 07:07:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 19 May 2024 09:07:34 +0200 (CEST) Subject: SUSE-CU-2024:2171-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20240519070734.A2677FCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2171-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.8.30 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.8.30 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1666-1 Released: Thu May 16 08:00:53 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150300.3.8.1 updated From sle-container-updates at lists.suse.com Tue May 21 07:02:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 21 May 2024 09:02:55 +0200 (CEST) Subject: SUSE-CU-2024:2180-1: Security update of suse/sles12sp5 Message-ID: <20240521070255.36011FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2180-1 Container Tags : suse/sles12sp5:6.5.596 , suse/sles12sp5:latest Container Release : 6.5.596 Severity : moderate Type : security References : 1189929 CVE-2021-37750 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1702-1 Released: Mon May 20 20:09:05 2024 Summary: Security update for krb5 Type: security Severity: moderate References: 1189929,CVE-2021-37750 This update for krb5 fixes the following issues: Fixed inside previous release (v1.16.3-46.3.1): - CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacked a server field (bsc#1189929). The following package changes have been done: - krb5-1.16.3-46.12.1 updated From sle-container-updates at lists.suse.com Tue May 21 07:03:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 21 May 2024 09:03:57 +0200 (CEST) Subject: SUSE-CU-2024:2181-1: Recommended update of bci/php-apache Message-ID: <20240521070357.DE7DCFBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2181-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-18.1 , bci/php-apache:latest Container Release : 18.1 Severity : moderate Type : recommended References : 1173407 1216578 1222046 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1906-1 Released: Tue Jul 14 15:58:16 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1173407 This update for lifecycle-data-sle-module-development-tools fixes the following issue: - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3603-1 Released: Wed Dec 2 15:11:46 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for the GCC 9 yearly update for the Toolchain/Development modules. (jsc#ECO-2373, jsc#SLE-10950, jsc#SLE-10951) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2245-1 Released: Mon Jul 5 12:14:52 2021 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - mark go1.14 as 'end of life' as go1.16 was released and we only support 2 go versions parallel (jsc#ECO-1484) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:950-1 Released: Fri Mar 25 12:47:04 2022 Summary: Feature update for lifecycle-data-sle-module-development-tools Type: feature Severity: moderate References: This feature update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for GCC 10 yearly update for the Toolchain/Development modules (jsc#ECO-2373, jsc#SLE-16821, jsc#SLE-16822) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2523-1 Released: Fri Jun 16 11:15:25 2023 Summary: Feature update for lifecycle-data-sle-module-development-tools Type: feature Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for GCC 11 yearly update for the Toolchain/Development modules (jsc#SLE-25046, jsc#SLE-25045, jsc#SLE-25044, jsc#PED-2030, jsc#PED-2033, jsc#PED-2035) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4193-1 Released: Wed Oct 25 10:36:43 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - added EOL dates for previous go1.xx compiler packages (go1.15 to go1.19) - added EOL dates for previous rust compiler versions (1.43 up to 1.70) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4695-1 Released: Fri Dec 8 09:01:20 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1216578 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Temporary remove go1.19-openssl EOL, will be readded once we ship get go1.21-openssl yet. (bsc#1216578) - Mark gcc12 EOL date to April 30th of 2024 (6 months after release of gcc13) (jsc#PED-6584) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1449-1 Released: Fri Apr 26 11:55:45 2024 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1222046 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - added go1.19 eol dates (bsc#1222046) - added rust1.73, 74 and 75 EOL dates (rust1.n+2 release + 1 week) (bsc#1222046) - also added for cargo1.7x The following package changes have been done: - lifecycle-data-sle-module-development-tools-1-150200.3.27.1 added From sle-container-updates at lists.suse.com Tue May 21 07:04:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 21 May 2024 09:04:29 +0200 (CEST) Subject: SUSE-CU-2024:2182-1: Recommended update of bci/php-fpm Message-ID: <20240521070429.1A66AFBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2182-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-18.1 , bci/php-fpm:latest Container Release : 18.1 Severity : moderate Type : recommended References : 1173407 1216578 1222046 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1906-1 Released: Tue Jul 14 15:58:16 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1173407 This update for lifecycle-data-sle-module-development-tools fixes the following issue: - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3603-1 Released: Wed Dec 2 15:11:46 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for the GCC 9 yearly update for the Toolchain/Development modules. (jsc#ECO-2373, jsc#SLE-10950, jsc#SLE-10951) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2245-1 Released: Mon Jul 5 12:14:52 2021 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - mark go1.14 as 'end of life' as go1.16 was released and we only support 2 go versions parallel (jsc#ECO-1484) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:950-1 Released: Fri Mar 25 12:47:04 2022 Summary: Feature update for lifecycle-data-sle-module-development-tools Type: feature Severity: moderate References: This feature update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for GCC 10 yearly update for the Toolchain/Development modules (jsc#ECO-2373, jsc#SLE-16821, jsc#SLE-16822) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2523-1 Released: Fri Jun 16 11:15:25 2023 Summary: Feature update for lifecycle-data-sle-module-development-tools Type: feature Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for GCC 11 yearly update for the Toolchain/Development modules (jsc#SLE-25046, jsc#SLE-25045, jsc#SLE-25044, jsc#PED-2030, jsc#PED-2033, jsc#PED-2035) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4193-1 Released: Wed Oct 25 10:36:43 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - added EOL dates for previous go1.xx compiler packages (go1.15 to go1.19) - added EOL dates for previous rust compiler versions (1.43 up to 1.70) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4695-1 Released: Fri Dec 8 09:01:20 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1216578 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Temporary remove go1.19-openssl EOL, will be readded once we ship get go1.21-openssl yet. (bsc#1216578) - Mark gcc12 EOL date to April 30th of 2024 (6 months after release of gcc13) (jsc#PED-6584) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1449-1 Released: Fri Apr 26 11:55:45 2024 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1222046 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - added go1.19 eol dates (bsc#1222046) - added rust1.73, 74 and 75 EOL dates (rust1.n+2 release + 1 week) (bsc#1222046) - also added for cargo1.7x The following package changes have been done: - lifecycle-data-sle-module-development-tools-1-150200.3.27.1 added From sle-container-updates at lists.suse.com Tue May 21 07:05:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 21 May 2024 09:05:02 +0200 (CEST) Subject: SUSE-CU-2024:2183-1: Recommended update of bci/php Message-ID: <20240521070502.0D920FBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2183-1 Container Tags : bci/php:8 , bci/php:8-18.1 , bci/php:latest Container Release : 18.1 Severity : moderate Type : recommended References : 1173407 1216578 1222046 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1906-1 Released: Tue Jul 14 15:58:16 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1173407 This update for lifecycle-data-sle-module-development-tools fixes the following issue: - Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3603-1 Released: Wed Dec 2 15:11:46 2020 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for the GCC 9 yearly update for the Toolchain/Development modules. (jsc#ECO-2373, jsc#SLE-10950, jsc#SLE-10951) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2245-1 Released: Mon Jul 5 12:14:52 2021 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - mark go1.14 as 'end of life' as go1.16 was released and we only support 2 go versions parallel (jsc#ECO-1484) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:950-1 Released: Fri Mar 25 12:47:04 2022 Summary: Feature update for lifecycle-data-sle-module-development-tools Type: feature Severity: moderate References: This feature update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for GCC 10 yearly update for the Toolchain/Development modules (jsc#ECO-2373, jsc#SLE-16821, jsc#SLE-16822) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2523-1 Released: Fri Jun 16 11:15:25 2023 Summary: Feature update for lifecycle-data-sle-module-development-tools Type: feature Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Added expiration data for GCC 11 yearly update for the Toolchain/Development modules (jsc#SLE-25046, jsc#SLE-25045, jsc#SLE-25044, jsc#PED-2030, jsc#PED-2033, jsc#PED-2035) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4193-1 Released: Wed Oct 25 10:36:43 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-development-tools fixes the following issues: - added EOL dates for previous go1.xx compiler packages (go1.15 to go1.19) - added EOL dates for previous rust compiler versions (1.43 up to 1.70) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4695-1 Released: Fri Dec 8 09:01:20 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1216578 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Temporary remove go1.19-openssl EOL, will be readded once we ship get go1.21-openssl yet. (bsc#1216578) - Mark gcc12 EOL date to April 30th of 2024 (6 months after release of gcc13) (jsc#PED-6584) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1449-1 Released: Fri Apr 26 11:55:45 2024 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1222046 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - added go1.19 eol dates (bsc#1222046) - added rust1.73, 74 and 75 EOL dates (rust1.n+2 release + 1 week) (bsc#1222046) - also added for cargo1.7x The following package changes have been done: - lifecycle-data-sle-module-development-tools-1-150200.3.27.1 added From sle-container-updates at lists.suse.com Wed May 22 07:04:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 22 May 2024 09:04:50 +0200 (CEST) Subject: SUSE-CU-2024:2190-1: Recommended update of suse/rmt-mariadb Message-ID: <20240522070450.7BDA4FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2190-1 Container Tags : suse/mariadb:10.6 , suse/mariadb:10.6-25.1 , suse/mariadb:latest , suse/rmt-mariadb:10.6 , suse/rmt-mariadb:10.6-25.1 , suse/rmt-mariadb:latest Container Release : 25.1 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - findutils-4.8.0-1.20 added - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Thu May 23 07:01:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 May 2024 09:01:23 +0200 (CEST) Subject: SUSE-IU-2024:439-1: Security update of suse/sle-micro/5.5 Message-ID: <20240523070123.4E1C4FBA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:439-1 Image Tags : suse/sle-micro/5.5:2.0.2 , suse/sle-micro/5.5:2.0.2-4.2.109 , suse/sle-micro/5.5:latest Image Release : 4.2.109 Severity : important Type : security References : 1082216 1082233 1213638 CVE-2018-6798 CVE-2018-6913 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) The following package changes have been done: - perl-base-5.26.1-150300.17.17.1 updated - perl-5.26.1-150300.17.17.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.2-5.5.10 updated From sle-container-updates at lists.suse.com Thu May 23 07:03:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 May 2024 09:03:42 +0200 (CEST) Subject: SUSE-CU-2024:2192-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20240523070342.DBE6DFBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2192-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.8.32 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.8.32 Severity : important Type : security References : 1082216 1082233 1213638 CVE-2018-6798 CVE-2018-6913 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) The following package changes have been done: - perl-base-5.26.1-150300.17.17.1 updated - perl-5.26.1-150300.17.17.1 updated From sle-container-updates at lists.suse.com Thu May 23 07:05:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 May 2024 09:05:21 +0200 (CEST) Subject: SUSE-CU-2024:2194-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20240523070521.3494DFBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2194-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.15.31 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.15.31 Severity : important Type : security References : 1082216 1082233 1213638 CVE-2018-6798 CVE-2018-6913 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) The following package changes have been done: - perl-base-5.26.1-150300.17.17.1 updated - perl-5.26.1-150300.17.17.1 updated From sle-container-updates at lists.suse.com Thu May 23 07:05:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 May 2024 09:05:54 +0200 (CEST) Subject: SUSE-CU-2024:2195-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20240523070554.27A83FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2195-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.236 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.236 Severity : important Type : security References : 1082216 1082233 1213638 CVE-2018-6798 CVE-2018-6913 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) The following package changes have been done: - perl-5.26.1-150300.17.17.1 updated From sle-container-updates at lists.suse.com Thu May 23 07:06:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 May 2024 09:06:25 +0200 (CEST) Subject: SUSE-CU-2024:2196-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20240523070625.4C87CFBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2196-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.4.54 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.4.54 Container Release : 4.54 Severity : important Type : security References : 1082216 1082233 1213638 CVE-2018-6798 CVE-2018-6913 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) The following package changes have been done: - perl-base-5.26.1-150300.17.17.1 updated From sle-container-updates at lists.suse.com Thu May 23 07:06:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 May 2024 09:06:37 +0200 (CEST) Subject: SUSE-CU-2024:2197-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20240523070637.DC1F4FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2197-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.34 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.34 Container Release : 3.34 Severity : important Type : security References : 1082216 1082233 1213638 CVE-2018-6798 CVE-2018-6913 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) The following package changes have been done: - perl-base-5.26.1-150300.17.17.1 updated From sle-container-updates at lists.suse.com Thu May 23 07:07:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 May 2024 09:07:06 +0200 (CEST) Subject: SUSE-CU-2024:2198-1: Security update of suse/389-ds Message-ID: <20240523070706.B9122FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2198-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-22.7 , suse/389-ds:latest Container Release : 22.7 Severity : important Type : security References : 1082216 1082233 1213638 CVE-2018-6798 CVE-2018-6913 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) The following package changes have been done: - perl-base-5.26.1-150300.17.17.1 updated - container:sles15-image-15.0.0-36.11.34 updated From sle-container-updates at lists.suse.com Thu May 23 07:07:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 May 2024 09:07:58 +0200 (CEST) Subject: SUSE-CU-2024:2201-1: Security update of suse/registry Message-ID: <20240523070758.93427FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2201-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-25.5 , suse/registry:latest Container Release : 25.5 Severity : important Type : security References : 1082216 1082233 1213638 CVE-2018-6798 CVE-2018-6913 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) The following package changes have been done: - perl-base-5.26.1-150300.17.17.1 updated - perl-5.26.1-150300.17.17.1 updated From sle-container-updates at lists.suse.com Thu May 23 07:11:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 May 2024 09:11:21 +0200 (CEST) Subject: SUSE-CU-2024:2210-1: Security update of bci/bci-init Message-ID: <20240523071121.25FF5FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2210-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.18.3 , bci/bci-init:latest Container Release : 18.3 Severity : important Type : security References : 1082216 1082233 1213638 CVE-2018-6798 CVE-2018-6913 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) The following package changes have been done: - perl-base-5.26.1-150300.17.17.1 updated - container:sles15-image-15.0.0-36.11.34 updated From sle-container-updates at lists.suse.com Thu May 23 07:11:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 May 2024 09:11:32 +0200 (CEST) Subject: SUSE-CU-2024:2211-1: Security update of bci/bci-minimal Message-ID: <20240523071132.EF845FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2211-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.23.5 , bci/bci-minimal:latest Container Release : 23.5 Severity : important Type : security References : 1082216 1082233 1213638 CVE-2018-6798 CVE-2018-6913 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) The following package changes have been done: - perl-base-5.26.1-150300.17.17.1 updated From sle-container-updates at lists.suse.com Thu May 23 07:11:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 May 2024 09:11:53 +0200 (CEST) Subject: SUSE-CU-2024:2212-1: Security update of suse/nginx Message-ID: <20240523071153.90615FCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2212-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-13.3 , suse/nginx:latest Container Release : 13.3 Severity : important Type : security References : 1082216 1082233 1213638 CVE-2018-6798 CVE-2018-6913 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) The following package changes have been done: - perl-base-5.26.1-150300.17.17.1 updated - perl-5.26.1-150300.17.17.1 updated - container:sles15-image-15.0.0-36.11.34 updated From sle-container-updates at lists.suse.com Thu May 23 07:13:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 May 2024 09:13:18 +0200 (CEST) Subject: SUSE-CU-2024:2215-1: Security update of bci/openjdk-devel Message-ID: <20240523071318.4835DFCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2215-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-16.13 Container Release : 16.13 Severity : important Type : security References : 1082216 1082233 1213638 CVE-2018-6798 CVE-2018-6913 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) The following package changes have been done: - perl-base-5.26.1-150300.17.17.1 updated - container:bci-openjdk-11-15.5.11-18.2 updated From sle-container-updates at lists.suse.com Thu May 23 07:14:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 May 2024 09:14:17 +0200 (CEST) Subject: SUSE-CU-2024:2217-1: Security update of bci/openjdk-devel Message-ID: <20240523071417.0F2A7FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2217-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-18.11 , bci/openjdk-devel:latest Container Release : 18.11 Severity : important Type : security References : 1082216 1082233 1213638 CVE-2018-6798 CVE-2018-6913 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) The following package changes have been done: - perl-base-5.26.1-150300.17.17.1 updated - container:bci-openjdk-17-15.5.17-19.2 updated From sle-container-updates at lists.suse.com Thu May 23 07:15:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 May 2024 09:15:16 +0200 (CEST) Subject: SUSE-CU-2024:2219-1: Security update of suse/pcp Message-ID: <20240523071516.465A5FCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2219-1 Container Tags : suse/pcp:5 , suse/pcp:5-26.12 , suse/pcp:5.2 , suse/pcp:5.2-26.12 , suse/pcp:5.2.5 , suse/pcp:5.2.5-26.12 , suse/pcp:latest Container Release : 26.12 Severity : important Type : security References : 1082216 1082233 1213638 CVE-2018-6798 CVE-2018-6913 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) The following package changes have been done: - perl-base-5.26.1-150300.17.17.1 updated - perl-5.26.1-150300.17.17.1 updated - container:bci-bci-init-15.5-15.5-18.3 updated From sle-container-updates at lists.suse.com Thu May 23 07:15:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 May 2024 09:15:41 +0200 (CEST) Subject: SUSE-CU-2024:2220-1: Security update of bci/php-apache Message-ID: <20240523071541.32F69FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2220-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-19.3 , bci/php-apache:latest Container Release : 19.3 Severity : important Type : security References : 1082216 1082233 1213638 CVE-2018-6798 CVE-2018-6913 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) The following package changes have been done: - perl-base-5.26.1-150300.17.17.1 updated - container:sles15-image-15.0.0-36.11.34 updated From sle-container-updates at lists.suse.com Thu May 23 07:10:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 May 2024 09:10:32 +0200 (CEST) Subject: SUSE-CU-2024:2208-1: Recommended update of bci/golang Message-ID: <20240523071032.20A13FBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2208-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-1.6.2 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.6.2 Container Release : 6.2 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.34 updated From sle-container-updates at lists.suse.com Thu May 23 07:18:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 May 2024 09:18:15 +0200 (CEST) Subject: SUSE-CU-2024:2227-1: Recommended update of suse/rmt-mariadb-client Message-ID: <20240523071815.60F07FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2227-1 Container Tags : suse/mariadb-client:10.6 , suse/mariadb-client:10.6-17.4 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.6 , suse/rmt-mariadb-client:10.6-17.4 , suse/rmt-mariadb-client:latest Container Release : 17.4 Severity : moderate Type : recommended References : 1221632 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - coreutils-8.32-150400.9.6.1 updated - container:sles15-image-15.0.0-36.11.33 updated From sle-container-updates at lists.suse.com Thu May 23 07:19:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 May 2024 09:19:43 +0200 (CEST) Subject: SUSE-CU-2024:2232-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240523071943.4FAA7FBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2232-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.12.3 , bci/bci-sle15-kernel-module-devel:latest Container Release : 12.3 Severity : important Type : security References : 1082216 1082233 1213638 CVE-2018-6798 CVE-2018-6913 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) The following package changes have been done: - perl-base-5.26.1-150300.17.17.1 updated - container:sles15-image-15.0.0-36.11.34 updated From sle-container-updates at lists.suse.com Thu May 23 07:20:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 May 2024 09:20:06 +0200 (CEST) Subject: SUSE-CU-2024:2233-1: Security update of suse/sle15 Message-ID: <20240523072006.43E4FFBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2233-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.11.34 , suse/sle15:15.5 , suse/sle15:15.5.36.11.34 Container Release : 36.11.34 Severity : important Type : security References : 1082216 1082233 1213638 CVE-2018-6798 CVE-2018-6913 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) The following package changes have been done: - perl-base-5.26.1-150300.17.17.1 updated From sle-container-updates at lists.suse.com Thu May 23 07:20:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 May 2024 09:20:41 +0200 (CEST) Subject: SUSE-CU-2024:2247-1: Recommended update of suse/sles/15.6/virt-handler Message-ID: <20240523072041.43DDBFBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2247-1 Container Tags : suse/sles/15.6/virt-handler:1.1.1 , suse/sles/15.6/virt-handler:1.1.1-150600.3.6 , suse/sles/15.6/virt-handler:1.1.1.24.478 Container Release : 24.478 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sles/15.6/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1398-1 Released: Tue Apr 23 13:58:22 2024 Summary: Recommended update for systemd-default-settings Type: recommended Severity: moderate References: This update for systemd-default-settings fixes the following issues: - Disable pids controller limit under user instances (jsc#SLE-10123) - Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific 'feature' has been abandoned. - User priority '26' for SLE-Micro - Convert more drop-ins into early ones The following package changes have been done: - cracklib-dict-small-2.9.11-150600.1.90 updated - libldap-data-2.4.46-150600.23.21 updated - glibc-2.38-150600.12.1 updated - libzstd1-1.5.5-150600.1.3 updated - libuuid1-2.39.3-150600.2.1 updated - libsmartcols1-2.39.3-150600.2.1 updated - libsepol2-3.5-150600.1.49 updated - libsasl2-3-2.1.28-150600.5.3 updated - libpcre2-8-0-10.42-150600.1.26 updated - libnghttp2-14-1.40.0-150600.23.2 updated - liblzma5-5.4.1-150600.1.2 updated - liblz4-1-1.9.4-150600.1.4 updated - libgpg-error0-1.47-150600.1.3 updated - libcom_err2-1.47.0-150600.2.26 updated - libblkid1-2.39.3-150600.2.1 updated - libselinux1-3.5-150600.1.46 updated - libglib-2_0-0-2.78.3-150600.2.2 updated - libgcrypt20-1.10.3-150600.1.23 updated - libfdisk1-2.39.3-150600.2.1 updated - libmount1-2.39.3-150600.2.1 updated - libgmodule-2_0-0-2.78.3-150600.2.2 updated - libopenssl3-3.1.4-150600.3.6 updated - libudev1-254.10-150600.2.3 updated - libsystemd0-254.10-150600.2.3 updated - libopenssl-3-fips-provider-3.1.4-150600.3.6 updated - libldap-2_4-2-2.4.46-150600.23.21 updated - krb5-1.20.1-150600.9.2 updated - patterns-base-fips-20200124-150600.30.1 updated - login_defs-4.8.1-150600.15.45 updated - libcrack2-2.9.11-150600.1.90 updated - cracklib-2.9.11-150600.1.90 updated - sed-4.9-150600.1.4 updated - libcurl4-8.6.0-150600.2.2 updated - sles-release-15.6-150600.37.2 updated - shadow-4.8.1-150600.15.45 updated - util-linux-2.39.3-150600.2.1 updated - curl-8.6.0-150600.2.2 updated - kubevirt-container-disk-1.1.1-150600.3.6 updated - kubevirt-virt-handler-1.1.1-150600.3.6 updated - libkmod2-29-150600.11.4 updated - libnettle8-3.9.1-150600.1.46 updated - pam-config-1.1-150600.14.3 updated - systemd-default-settings-branding-SLE-0.10-150300.3.7.1 updated - systemd-default-settings-0.10-150300.3.7.1 updated - libhogweed6-3.9.1-150600.1.46 updated - systemd-presets-branding-SLE-15.1-150600.33.1 updated - libgnutls30-3.8.3-150600.2.15 updated - systemd-254.10-150600.2.3 updated - qemu-img-8.2.2-150600.1.8 updated - util-linux-systemd-2.39.3-150600.2.1 updated - container:sles15-image-15.0.0-45.31 updated From sle-container-updates at lists.suse.com Thu May 23 07:20:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 23 May 2024 09:20:43 +0200 (CEST) Subject: SUSE-CU-2024:2248-1: Recommended update of suse/sles/15.6/virt-launcher Message-ID: <20240523072043.B353AFBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2248-1 Container Tags : suse/sles/15.6/virt-launcher:1.1.1 , suse/sles/15.6/virt-launcher:1.1.1-150600.3.6 , suse/sles/15.6/virt-launcher:1.1.1.28.74 Container Release : 28.74 Severity : moderate Type : recommended References : 1220763 ----------------------------------------------------------------- The container suse/sles/15.6/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1398-1 Released: Tue Apr 23 13:58:22 2024 Summary: Recommended update for systemd-default-settings Type: recommended Severity: moderate References: This update for systemd-default-settings fixes the following issues: - Disable pids controller limit under user instances (jsc#SLE-10123) - Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific 'feature' has been abandoned. - User priority '26' for SLE-Micro - Convert more drop-ins into early ones ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1458-1 Released: Mon Apr 29 07:47:34 2024 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1220763 This update for vim fixes the following issues: - Fix segmentation fault after updating to version 9.1.0111-150500.20.9.1 (bsc#1220763) The following package changes have been done: - ncat-7.92-150600.7.3 updated - cracklib-dict-small-2.9.11-150600.1.90 updated - libldap-data-2.4.46-150600.23.21 updated - glibc-2.38-150600.12.1 updated - libzstd1-1.5.5-150600.1.3 updated - libuuid1-2.39.3-150600.2.1 updated - libsmartcols1-2.39.3-150600.2.1 updated - libsepol2-3.5-150600.1.49 updated - libsasl2-3-2.1.28-150600.5.3 updated - libpcre2-8-0-10.42-150600.1.26 updated - libnghttp2-14-1.40.0-150600.23.2 updated - liblzma5-5.4.1-150600.1.2 updated - liblz4-1-1.9.4-150600.1.4 updated - libgpg-error0-1.47-150600.1.3 updated - libfa1-1.14.1-150600.1.3 updated - libcom_err2-1.47.0-150600.2.26 updated - libblkid1-2.39.3-150600.2.1 updated - libselinux1-3.5-150600.1.46 updated - libglib-2_0-0-2.78.3-150600.2.2 updated - libgcrypt20-1.10.3-150600.1.23 updated - libfdisk1-2.39.3-150600.2.1 updated - libmount1-2.39.3-150600.2.1 updated - libgmodule-2_0-0-2.78.3-150600.2.2 updated - libgobject-2_0-0-2.78.3-150600.2.2 updated - libopenssl3-3.1.4-150600.3.6 updated - libaugeas0-1.14.1-150600.1.3 updated - libudev1-254.10-150600.2.3 updated - libsystemd0-254.10-150600.2.3 updated - libopenssl-3-fips-provider-3.1.4-150600.3.6 updated - libldap-2_4-2-2.4.46-150600.23.21 updated - krb5-1.20.1-150600.9.2 updated - patterns-base-fips-20200124-150600.30.1 updated - shared-mime-info-2.4-150600.1.3 updated - login_defs-4.8.1-150600.15.45 updated - libcrack2-2.9.11-150600.1.90 updated - cracklib-2.9.11-150600.1.90 updated - sed-4.9-150600.1.4 updated - libcurl4-8.6.0-150600.2.2 updated - sles-release-15.6-150600.37.2 updated - libgio-2_0-0-2.78.3-150600.2.2 updated - glib2-tools-2.78.3-150600.2.2 updated - shadow-4.8.1-150600.15.45 updated - util-linux-2.39.3-150600.2.1 updated - curl-8.6.0-150600.2.2 updated - timezone-2024a-150600.89.2 updated - kubevirt-container-disk-1.1.1-150600.3.6 updated - libargon2-1-20190702-150600.1.4 updated - libburn4-1.5.6-150600.1.6 updated - libdevmapper1_03-2.03.22_1.02.196-150600.1.3 updated - libjpeg8-8.2.2-150600.22.5 updated - libjson-glib-1_0-0-1.8.0-150600.1.3 updated - libkmod2-29-150600.11.4 updated - libnettle8-3.9.1-150600.1.46 updated - libpng16-16-1.6.40-150600.1.3 updated - libtextstyle0-0.21.1-150600.1.7 updated - libvdeplug3-2.3.2+svn587-150600.17.3 updated - pam-config-1.1-150600.14.3 updated - qemu-accel-tcg-x86-8.2.2-150600.1.8 updated - qemu-hw-usb-host-8.2.2-150600.1.8 updated - qemu-ipxe-8.2.2-150600.1.8 updated - qemu-seabios-8.2.21.16.3_3_ga95067eb-150600.1.8 updated - qemu-vgabios-8.2.21.16.3_3_ga95067eb-150600.1.8 updated - systemd-default-settings-branding-SLE-0.10-150300.3.7.1 updated - systemd-default-settings-0.10-150300.3.7.1 updated - vim-data-common-9.1.0330-150500.20.12.1 updated - xz-5.4.1-150600.1.2 updated - cyrus-sasl-2.1.28-150600.5.3 updated - libisoburn1-1.5.6-150600.1.6 updated - libcryptsetup12-2.7.0-150600.1.4 updated - libndctl6-78-150600.1.10 updated - libhogweed6-3.9.1-150600.1.46 updated - virtiofsd-1.10.1-150600.2.5 updated - gettext-runtime-0.21.1-150600.1.7 updated - qemu-hw-usb-redirect-8.2.2-150600.1.8 updated - socat-1.7.3.2-150600.18.4 updated - systemd-presets-branding-SLE-15.1-150600.33.1 updated - kmod-29-150600.11.4 updated - vim-small-9.1.0330-150500.20.12.1 updated - cyrus-sasl-digestmd5-2.1.28-150600.5.3 updated - xorriso-1.5.6-150600.1.6 updated - libgnutls30-3.8.3-150600.2.15 updated - xen-libs-4.18.2_02-150600.1.11 updated - systemd-254.10-150600.2.3 updated - qemu-img-8.2.2-150600.1.8 updated - libvirt-libs-10.0.0-150600.6.2 updated - gnutls-3.8.3-150600.2.15 updated - udev-254.10-150600.2.3 updated - systemd-container-254.10-150600.2.3 updated - libvirt-daemon-log-10.0.0-150600.6.2 updated - kubevirt-virt-launcher-1.1.1-150600.3.6 updated - libvirt-client-10.0.0-150600.6.2 updated - trousers-0.3.15-150600.8.2 updated - rdma-core-49.1-150600.2.5 updated - libvirt-daemon-common-10.0.0-150600.6.2 updated - swtpm-0.7.3-150600.6.3 updated - libibverbs1-49.1-150600.2.5 updated - libmlx5-1-49.1-150600.2.5 updated - libmlx4-1-49.1-150600.2.5 updated - libmana1-49.1-150600.2.5 updated - libefa1-49.1-150600.2.5 updated - libibverbs-49.1-150600.2.5 updated - librdmacm1-49.1-150600.2.5 updated - qemu-ovmf-x86_64-202308-150600.3.1 updated - qemu-x86-8.2.2-150600.1.8 updated - qemu-8.2.2-150600.1.8 updated - libvirt-daemon-driver-qemu-10.0.0-150600.6.2 updated - container:sles15-image-15.0.0-45.31 updated From sle-container-updates at lists.suse.com Fri May 24 07:01:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 May 2024 09:01:19 +0200 (CEST) Subject: SUSE-IU-2024:440-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20240524070119.A5B44FBA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:440-1 Image Tags : suse/sle-micro/base-5.5:2.0.2 , suse/sle-micro/base-5.5:2.0.2-5.5.12 , suse/sle-micro/base-5.5:latest Image Release : 5.5.12 Severity : important Type : security References : 1082216 1082233 1213638 CVE-2018-6798 CVE-2018-6913 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) The following package changes have been done: - perl-base-5.26.1-150300.17.17.1 updated From sle-container-updates at lists.suse.com Fri May 24 07:03:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 May 2024 09:03:16 +0200 (CEST) Subject: SUSE-CU-2024:2251-1: Security update of suse/rmt-mariadb Message-ID: <20240524070316.65190FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2251-1 Container Tags : suse/mariadb:10.6 , suse/mariadb:10.6-25.3 , suse/mariadb:latest , suse/rmt-mariadb:10.6 , suse/rmt-mariadb:10.6-25.3 , suse/rmt-mariadb:latest Container Release : 25.3 Severity : important Type : security References : 1082216 1082233 1213638 CVE-2018-6798 CVE-2018-6913 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) The following package changes have been done: - perl-base-5.26.1-150300.17.17.1 updated - perl-5.26.1-150300.17.17.1 updated - container:sles15-image-15.0.0-36.11.34 updated From sle-container-updates at lists.suse.com Fri May 24 07:03:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 May 2024 09:03:44 +0200 (CEST) Subject: SUSE-CU-2024:2248-1: Recommended update of suse/sles/15.6/virt-launcher Message-ID: <20240524070344.0C66AFBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2248-1 Container Tags : suse/sles/15.6/virt-launcher:1.1.1 , suse/sles/15.6/virt-launcher:1.1.1-150600.3.6 , suse/sles/15.6/virt-launcher:1.1.1.28.74 Container Release : 28.74 Severity : moderate Type : recommended References : 1220763 ----------------------------------------------------------------- The container suse/sles/15.6/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1398-1 Released: Tue Apr 23 13:58:22 2024 Summary: Recommended update for systemd-default-settings Type: recommended Severity: moderate References: This update for systemd-default-settings fixes the following issues: - Disable pids controller limit under user instances (jsc#SLE-10123) - Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific 'feature' has been abandoned. - User priority '26' for SLE-Micro - Convert more drop-ins into early ones ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1458-1 Released: Mon Apr 29 07:47:34 2024 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1220763 This update for vim fixes the following issues: - Fix segmentation fault after updating to version 9.1.0111-150500.20.9.1 (bsc#1220763) The following package changes have been done: - ncat-7.92-150600.7.3 updated - cracklib-dict-small-2.9.11-150600.1.90 updated - libldap-data-2.4.46-150600.23.21 updated - glibc-2.38-150600.12.1 updated - libzstd1-1.5.5-150600.1.3 updated - libuuid1-2.39.3-150600.2.1 updated - libsmartcols1-2.39.3-150600.2.1 updated - libsepol2-3.5-150600.1.49 updated - libsasl2-3-2.1.28-150600.5.3 updated - libpcre2-8-0-10.42-150600.1.26 updated - libnghttp2-14-1.40.0-150600.23.2 updated - liblzma5-5.4.1-150600.1.2 updated - liblz4-1-1.9.4-150600.1.4 updated - libgpg-error0-1.47-150600.1.3 updated - libfa1-1.14.1-150600.1.3 updated - libcom_err2-1.47.0-150600.2.26 updated - libblkid1-2.39.3-150600.2.1 updated - libselinux1-3.5-150600.1.46 updated - libglib-2_0-0-2.78.3-150600.2.2 updated - libgcrypt20-1.10.3-150600.1.23 updated - libfdisk1-2.39.3-150600.2.1 updated - libmount1-2.39.3-150600.2.1 updated - libgmodule-2_0-0-2.78.3-150600.2.2 updated - libgobject-2_0-0-2.78.3-150600.2.2 updated - libopenssl3-3.1.4-150600.3.6 updated - libaugeas0-1.14.1-150600.1.3 updated - libudev1-254.10-150600.2.3 updated - libsystemd0-254.10-150600.2.3 updated - libopenssl-3-fips-provider-3.1.4-150600.3.6 updated - libldap-2_4-2-2.4.46-150600.23.21 updated - krb5-1.20.1-150600.9.2 updated - patterns-base-fips-20200124-150600.30.1 updated - shared-mime-info-2.4-150600.1.3 updated - login_defs-4.8.1-150600.15.45 updated - libcrack2-2.9.11-150600.1.90 updated - cracklib-2.9.11-150600.1.90 updated - sed-4.9-150600.1.4 updated - libcurl4-8.6.0-150600.2.2 updated - sles-release-15.6-150600.37.2 updated - libgio-2_0-0-2.78.3-150600.2.2 updated - glib2-tools-2.78.3-150600.2.2 updated - shadow-4.8.1-150600.15.45 updated - util-linux-2.39.3-150600.2.1 updated - curl-8.6.0-150600.2.2 updated - timezone-2024a-150600.89.2 updated - kubevirt-container-disk-1.1.1-150600.3.6 updated - libargon2-1-20190702-150600.1.4 updated - libburn4-1.5.6-150600.1.6 updated - libdevmapper1_03-2.03.22_1.02.196-150600.1.3 updated - libjpeg8-8.2.2-150600.22.5 updated - libjson-glib-1_0-0-1.8.0-150600.1.3 updated - libkmod2-29-150600.11.4 updated - libnettle8-3.9.1-150600.1.46 updated - libpng16-16-1.6.40-150600.1.3 updated - libtextstyle0-0.21.1-150600.1.7 updated - libvdeplug3-2.3.2+svn587-150600.17.3 updated - pam-config-1.1-150600.14.3 updated - qemu-accel-tcg-x86-8.2.2-150600.1.8 updated - qemu-hw-usb-host-8.2.2-150600.1.8 updated - qemu-ipxe-8.2.2-150600.1.8 updated - qemu-seabios-8.2.21.16.3_3_ga95067eb-150600.1.8 updated - qemu-vgabios-8.2.21.16.3_3_ga95067eb-150600.1.8 updated - systemd-default-settings-branding-SLE-0.10-150300.3.7.1 updated - systemd-default-settings-0.10-150300.3.7.1 updated - vim-data-common-9.1.0330-150500.20.12.1 updated - xz-5.4.1-150600.1.2 updated - cyrus-sasl-2.1.28-150600.5.3 updated - libisoburn1-1.5.6-150600.1.6 updated - libcryptsetup12-2.7.0-150600.1.4 updated - libndctl6-78-150600.1.10 updated - libhogweed6-3.9.1-150600.1.46 updated - virtiofsd-1.10.1-150600.2.5 updated - gettext-runtime-0.21.1-150600.1.7 updated - qemu-hw-usb-redirect-8.2.2-150600.1.8 updated - socat-1.7.3.2-150600.18.4 updated - systemd-presets-branding-SLE-15.1-150600.33.1 updated - kmod-29-150600.11.4 updated - vim-small-9.1.0330-150500.20.12.1 updated - cyrus-sasl-digestmd5-2.1.28-150600.5.3 updated - xorriso-1.5.6-150600.1.6 updated - libgnutls30-3.8.3-150600.2.15 updated - xen-libs-4.18.2_02-150600.1.11 updated - systemd-254.10-150600.2.3 updated - qemu-img-8.2.2-150600.1.8 updated - libvirt-libs-10.0.0-150600.6.2 updated - gnutls-3.8.3-150600.2.15 updated - udev-254.10-150600.2.3 updated - systemd-container-254.10-150600.2.3 updated - libvirt-daemon-log-10.0.0-150600.6.2 updated - kubevirt-virt-launcher-1.1.1-150600.3.6 updated - libvirt-client-10.0.0-150600.6.2 updated - trousers-0.3.15-150600.8.2 updated - rdma-core-49.1-150600.2.5 updated - libvirt-daemon-common-10.0.0-150600.6.2 updated - swtpm-0.7.3-150600.6.3 updated - libibverbs1-49.1-150600.2.5 updated - libmlx5-1-49.1-150600.2.5 updated - libmlx4-1-49.1-150600.2.5 updated - libmana1-49.1-150600.2.5 updated - libefa1-49.1-150600.2.5 updated - libibverbs-49.1-150600.2.5 updated - librdmacm1-49.1-150600.2.5 updated - qemu-ovmf-x86_64-202308-150600.3.1 updated - qemu-x86-8.2.2-150600.1.8 updated - qemu-8.2.2-150600.1.8 updated - libvirt-daemon-driver-qemu-10.0.0-150600.6.2 updated - container:sles15-image-15.0.0-45.31 updated From sle-container-updates at lists.suse.com Fri May 24 07:03:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 May 2024 09:03:46 +0200 (CEST) Subject: SUSE-CU-2024:2253-1: Security update of suse/sles/15.6/libguestfs-tools Message-ID: <20240524070346.351D7FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2253-1 Container Tags : suse/sles/15.6/libguestfs-tools:1.1.1 , suse/sles/15.6/libguestfs-tools:1.1.1-150600.3.6 , suse/sles/15.6/libguestfs-tools:1.1.1.23.352 Container Release : 23.352 Severity : important Type : security References : 1089524 1093733 1094301 1101776 1101777 1101786 1101788 1101791 1101794 1101800 1101802 1101804 1101810 1106514 1111647 1117740 1121231 1121232 1121233 1121234 1121235 1127367 1127369 1127370 1130165 1131941 1131945 1134078 1136021 1136572 1141980 1150690 1156288 1158505 1161052 1165241 1165710 1169420 1170609 1175006 1178692 1185157 1186382 1189720 1198533 1198657 1199978 1203988 1203989 1204734 1212756 1214169 1218952 957624 CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 CVE-2018-12086 CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14344 CVE-2018-14367 CVE-2018-14368 CVE-2018-14369 CVE-2018-14370 CVE-2018-16056 CVE-2018-16057 CVE-2018-16058 CVE-2018-18225 CVE-2018-18226 CVE-2018-18227 CVE-2018-19622 CVE-2018-19623 CVE-2018-19624 CVE-2018-19625 CVE-2018-19626 CVE-2018-19627 CVE-2018-19628 CVE-2019-10894 CVE-2019-10895 CVE-2019-10896 CVE-2019-10897 CVE-2019-10898 CVE-2019-10899 CVE-2019-10900 CVE-2019-10901 CVE-2019-10902 CVE-2019-10903 CVE-2019-13619 CVE-2019-16319 CVE-2019-19553 CVE-2019-5716 CVE-2019-5717 CVE-2019-5718 CVE-2019-5719 CVE-2019-5721 CVE-2019-6470 CVE-2019-9208 CVE-2019-9209 CVE-2019-9214 CVE-2019-9755 CVE-2019-9755 CVE-2020-7044 CVE-2020-9428 CVE-2020-9429 CVE-2020-9430 CVE-2020-9431 CVE-2021-25217 CVE-2021-33285 CVE-2021-33286 CVE-2021-33287 CVE-2021-33289 CVE-2021-35266 CVE-2021-35267 CVE-2021-35268 CVE-2021-35269 CVE-2021-39251 CVE-2021-39252 CVE-2021-39253 CVE-2021-39255 CVE-2021-39256 CVE-2021-39257 CVE-2021-39258 CVE-2021-39259 CVE-2021-39260 CVE-2021-39261 CVE-2021-39262 CVE-2021-39263 CVE-2021-46790 CVE-2022-2928 CVE-2022-2929 CVE-2022-30783 CVE-2022-30784 CVE-2022-30785 CVE-2022-30786 CVE-2022-30787 CVE-2022-30788 CVE-2022-30789 CVE-2022-40284 ----------------------------------------------------------------- The container suse/sles/15.6/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1001-1 Released: Wed Apr 24 09:41:15 2019 Summary: Security update for ntfs-3g_ntfsprogs Type: security Severity: moderate References: 1130165,CVE-2019-9755 This update for ntfs-3g_ntfsprogs fixes the following issues: Security issues fixed: - CVE-2019-9755: Fixed a heap-based buffer overflow which could lead to local privilege escalation (bsc#1130165). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2657-1 Released: Mon Oct 14 17:04:07 2019 Summary: Security update for dhcp Type: security Severity: moderate References: 1089524,1134078,1136572,CVE-2019-6470 This update for dhcp fixes the following issues: Secuirty issue fixed: - CVE-2019-6470: Fixed DHCPv6 server crashes (bsc#1134078). Bug fixes: - Add compile option --enable-secs-byteorder to avoid duplicate lease warnings (bsc#1089524). - Use IPv6 when called as dhclient6, dhcpd6, and dhcrelay6 (bsc#1136572). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:693-1 Released: Wed Apr 8 14:11:14 2020 Summary: Security update for wireshark Type: security Severity: moderate References: 1093733,1094301,1101776,1101777,1101786,1101788,1101791,1101794,1101800,1101802,1101804,1101810,1106514,1111647,1117740,1121231,1121232,1121233,1121234,1121235,1127367,1127369,1127370,1131941,1131945,1136021,1141980,1150690,1156288,1158505,1161052,1165241,1165710,957624,CVE-2018-11354,CVE-2018-11355,CVE-2018-11356,CVE-2018-11357,CVE-2018-11358,CVE-2018-11359,CVE-2018-11360,CVE-2018-11361,CVE-2018-11362,CVE-2018-12086,CVE-2018-14339,CVE-2018-14340,CVE-2018-14341,CVE-2018-14342,CVE-2018-14343,CVE-2018-14344,CVE-2018-14367,CVE-2018-14368,CVE-2018-14369,CVE-2018-14370,CVE-2018-16056,CVE-2018-16057,CVE-2018-16058,CVE-2018-18225,CVE-2018-18226,CVE-2018-18227,CVE-2018-19622,CVE-2018-19623,CVE-2018-19624,CVE-2018-19625,CVE-2018-19626,CVE-2018-19627,CVE-2018-19628,CVE-2019-10894,CVE-2019-10895,CVE-2019-10896,CVE-2019-10897,CVE-2019-10898,CVE-2019-10899,CVE-2019-10900,CVE-2019-10901,CVE-2019-10902,CVE-2019-10903,CVE-2019-13619,CVE-2019-16319,CVE-2019-19553,CVE-2019-5716,CVE-2019-5 717,CVE-2019-5718,CVE-2019-5719,CVE-2019-5721,CVE-2019-9208,CVE-2019-9209,CVE-2019-9214,CVE-2020-7044,CVE-2020-9428,CVE-2020-9429,CVE-2020-9430,CVE-2020-9431 This update for wireshark and libmaxminddb fixes the following issues: Update wireshark to new major version 3.2.2 and introduce libmaxminddb for GeoIP support (bsc#1156288). New features include: - Added support for 111 new protocols, including WireGuard, LoRaWAN, TPM 2.0, 802.11ax and QUIC - Improved support for existing protocols, like HTTP/2 - Improved analytics and usability functionalities ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1286-1 Released: Fri May 15 11:05:14 2020 Summary: Recommended update for cdrtools Type: recommended Severity: moderate References: 1169420 This update for cdrtools fixes the following issues: - Fix for an issue when 'mediacheck' fails if ISO sizes are larger than 4GB. (bsc#1169420) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1327-1 Released: Mon May 18 17:15:48 2020 Summary: Recommended update for ntfs-3g_ntfsprogs Type: recommended Severity: moderate References: 1170609 This update for ntfs-3g_ntfsprogs fixes the following issue: - the libntfs-3g-devel package is shipped into the Workstation Extension (bsc#1170609) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2440-1 Released: Tue Sep 1 22:14:33 2020 Summary: Recommended update for libmaxminddb Type: recommended Severity: moderate References: 1175006 This update for libmaxminddb fixes the following issues: - update to 1.4.3: * Use of uninitialized memory in dump_entry_data_list() could have cause a heap buffer flow in mmdblookup [bsc#1175006] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3773-1 Released: Mon Dec 14 11:12:18 2020 Summary: Recommended update for cdrtools and schily-libs Type: recommended Severity: moderate References: 1178692 This update for cdrtools and schily-libs fixes the following issues: cdrtools: - Initialize memory that created the partition table instead of writing random bytes to it. (bsc#1178692) schily-libs: - Initialize memory that created the partition table instead of writing random bytes to it. (bsc#1178692) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1451-1 Released: Fri Apr 30 08:08:45 2021 Summary: Recommended update for dhcp Type: recommended Severity: moderate References: 1185157 This update for dhcp fixes the following issues: - Use '/run' instead of '/var/run' for PIDFile in 'dhcrelay.service'. (bsc#1185157) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1841-1 Released: Wed Jun 2 16:30:17 2021 Summary: Security update for dhcp Type: security Severity: important References: 1186382,CVE-2021-25217 This update for dhcp fixes the following issues: - CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient (bsc#1186382) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2971-1 Released: Tue Sep 7 10:45:21 2021 Summary: Security update for ntfs-3g_ntfsprogs Type: security Severity: important References: 1189720,CVE-2019-9755,CVE-2021-33285,CVE-2021-33286,CVE-2021-33287,CVE-2021-33289,CVE-2021-35266,CVE-2021-35267,CVE-2021-35268,CVE-2021-35269,CVE-2021-39251,CVE-2021-39252,CVE-2021-39253,CVE-2021-39255,CVE-2021-39256,CVE-2021-39257,CVE-2021-39258,CVE-2021-39259,CVE-2021-39260,CVE-2021-39261,CVE-2021-39262,CVE-2021-39263 This update for ntfs-3g_ntfsprogs fixes the following issues: Update to version 2021.8.22 (bsc#1189720): * Fixed compile error when building with libfuse < 2.8.0 * Fixed obsolete macros in configure.ac * Signalled support of UTIME_OMIT to external libfuse2 * Fixed an improper macro usage in ntfscp.c * Updated the repository change in the README * Fixed vulnerability threats caused by maliciously tampered NTFS partitions * Security fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE_2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257, CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262, CVE-2021-39263. - Library soversion is now 89 * Changes in version 2017.3.23 * Delegated processing of special reparse points to external plugins * Allowed kernel cacheing by lowntfs-3g when not using Posix ACLs * Enabled fallback to read-only mount when the volume is hibernated * Made a full check for whether an extended attribute is allowed * Moved secaudit and usermap to ntfsprogs (now ntfssecaudit and ntfsusermap) * Enabled encoding broken UTF-16 into broken UTF-8 * Autoconfigured selecting vs * Allowed using the full library API on systems without extended attributes support * Fixed DISABLE_PLUGINS as the condition for not using plugins * Corrected validation of multi sector transfer protected records * Denied creating/removing files from $Extend * Returned the size of locale encoded target as the size of symlinks ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1824-1 Released: Tue May 24 10:31:13 2022 Summary: Recommended update for dhcp Type: recommended Severity: moderate References: 1198657 This update for dhcp fixes the following issues: - Properly handle DHCRELAY(6)_OPTIONS (bsc#1198657) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2835-1 Released: Wed Aug 17 16:52:22 2022 Summary: Security update for ntfs-3g_ntfsprogs Type: security Severity: important References: 1199978,CVE-2021-46790,CVE-2022-30783,CVE-2022-30784,CVE-2022-30785,CVE-2022-30786,CVE-2022-30787,CVE-2022-30788,CVE-2022-30789 This update for ntfs-3g_ntfsprogs fixes the following issues: Updated to version 2022.5.17 (bsc#1199978): - CVE-2022-30783: Fixed an issue where messages between NTFS-3G and the kernel could be intercepted when using libfuse-lite. - CVE-2022-30784: Fixed a memory exhaustion issue when opening a crafted NTFS image. - CVE-2022-30785: Fixed a bug where arbitrary memory read and write operations could be achieved whe using libfuse-lite. - CVE-2022-30786: Fixed a memory corruption issue when opening a crafted NTFS image. - CVE-2022-30787: Fixed an integer underflow which enabled arbitrary memory read operations when using libfuse-lite. - CVE-2022-30788: Fixed a memory corruption issue when opening a crafted NTFS image. - CVE-2022-30789: Fixed a memory corruption issue when opening a crafted NTFS image. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3866-1 Released: Thu Nov 3 14:34:47 2022 Summary: Security update for ntfs-3g_ntfsprogs Type: security Severity: important References: 1204734,CVE-2022-40284 This update for ntfs-3g_ntfsprogs fixes the following issues: - CVE-2022-40284: Fixed incorrect validation of some of the NTFS metadata that could cause buffer overflow (bsc#1204734). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3991-1 Released: Tue Nov 15 13:54:13 2022 Summary: Security update for dhcp Type: security Severity: moderate References: 1203988,1203989,CVE-2022-2928,CVE-2022-2929 This update for dhcp fixes the following issues: - CVE-2022-2928: Fixed an option refcount overflow (bsc#1203988). - CVE-2022-2929: Fixed a DHCP memory leak (bsc#1203989). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2905-1 Released: Thu Jul 20 10:17:54 2023 Summary: Recommended update for fstrm Type: recommended Severity: moderate References: This update for fstrm fixes the following issues: - Update to 0.6.1: - fstrm_capture: ignore SIGPIPE, which will cause the interrupted connections to generate an EPIPE instead. - Fix truncation in snprintf calls in argument processing. - fstrm_capture: Fix output printf format. - Update to 0.6.0 It adds a new feature for fstrm_capture. It can perform output file rotation when a SIGUSR1 signal is received by fstrm_capture. (See the --gmtime or --localtime options.) This allows fstrm_capture's output file to be rotated by logrotate or a similar external utility. (Output rotation is suppressed if fstrm_capture is writing to stdout.) Update to 0.5.0 - Change license to modern MIT license for compatibility with GPLv2 software. Contact software at farsightsecurity.com for alternate licensing. - src/fstrm_replay.c: For OpenBSD and Posix portability include netinet/in.h and sys/socket.h to get struct sockaddr_in and the AF_* defines respectively. - Fix various compiler warnings. Update to 0.4.0 The C implementation of the Frame Streams data transport protocol, fstrm version 0.4.0, was released. It adds TCP support, a new tool, new documentation, and several improvements. - Added manual pages for fstrm_capture and fstrm_dump. - Added new tool, fstrm_replay, for replaying saved Frame Streams data to a socket connection. - Adds TCP support. Add tcp_writer to the core library which implements a bi-directional Frame Streams writer as a TCP socket client. Introduces new developer API: fstrm_tcp_writer_init, fstrm_tcp_writer_options_init, fstrm_tcp_writer_options_destroy, fstrm_tcp_writer_options_set_socket_address, and fstrm_tcp_writer_options_set_socket_port. - fstrm_capture: new options for reading from TCP socket. - fstrm_capture: add '-c' / '--connections' option to limit the number of concurrent connections it will accept. - fstrm_capture: add '-b / --buffer-size' option to set the read buffer size (effectively the maximum frame size) to a value other than the default 256 KiB. - fstrm_capture: skip oversize messages to fix stalled connections caused by messages larger than the read highwater mark of the input buffer. Discarded messages are logged for the purposes of tuning the input buffer size. - fstrm_capture: complete sending of FINISH frame before closing connection. - Various test additions and improvements. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3117-1 Released: Wed Aug 2 05:57:30 2023 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1212756 This update for hwinfo fixes the following issues: - Avoid linking problems with libsamba (bsc#1212756) - Update to version 21.85 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:161-1 Released: Thu Jan 18 18:40:44 2024 Summary: Recommended update for dpdk22 Type: recommended Severity: moderate References: This update of dpdk22 fixes the following issue: - DPDK 22.11.1 is shipped to SLE Micro 5.5. (jsc#PED-7147) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:849-1 Released: Tue Mar 12 15:38:03 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1198533,1214169,1218952 This update for cloud-init contains the following fixes: - Skip tests with empty config. - Support reboot on package update/upgrade via the cloud-init config. (bsc#1198533, bsc#1218952, jsc#SMO-326) - Switch build dependency to the generic distribution-release package. - Move fdupes call back to %install. (bsc#1214169) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1398-1 Released: Tue Apr 23 13:58:22 2024 Summary: Recommended update for systemd-default-settings Type: recommended Severity: moderate References: This update for systemd-default-settings fixes the following issues: - Disable pids controller limit under user instances (jsc#SLE-10123) - Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific 'feature' has been abandoned. - User priority '26' for SLE-Micro - Convert more drop-ins into early ones The following package changes have been done: - virtiofsd-1.10.1-150600.2.5 updated - cracklib-dict-small-2.9.11-150600.1.90 updated - libldap-data-2.4.46-150600.23.21 updated - glibc-2.38-150600.12.1 updated - libzstd1-1.5.5-150600.1.3 updated - libuuid1-2.39.3-150600.2.1 updated - libsmartcols1-2.39.3-150600.2.1 updated - libsepol2-3.5-150600.1.49 updated - libsasl2-3-2.1.28-150600.5.3 updated - libpcre2-8-0-10.42-150600.1.26 updated - libnghttp2-14-1.40.0-150600.23.2 updated - liblzma5-5.4.1-150600.1.2 updated - liblz4-1-1.9.4-150600.1.4 updated - libgpg-error0-1.47-150600.1.3 updated - libfa1-1.14.1-150600.1.3 updated - libcom_err2-1.47.0-150600.2.26 updated - libblkid1-2.39.3-150600.2.1 updated - libselinux1-3.5-150600.1.46 updated - libglib-2_0-0-2.78.3-150600.2.2 updated - libgcrypt20-1.10.3-150600.1.23 updated - libfdisk1-2.39.3-150600.2.1 updated - libmount1-2.39.3-150600.2.1 updated - libgmodule-2_0-0-2.78.3-150600.2.2 updated - libabsl2401_0_0-20240116.1-150600.17.7 updated - libgobject-2_0-0-2.78.3-150600.2.2 updated - libopenssl3-3.1.4-150600.3.6 updated - libaugeas0-1.14.1-150600.1.3 updated - libudev1-254.10-150600.2.3 updated - libsystemd0-254.10-150600.2.3 updated - libprotobuf-lite25_1_0-25.1-150600.14.3 updated - libzck1-1.1.16-150600.9.3 updated - libopenssl-3-fips-provider-3.1.4-150600.3.6 updated - libldap-2_4-2-2.4.46-150600.23.21 updated - krb5-1.20.1-150600.9.2 updated - patterns-base-fips-20200124-150600.30.1 updated - shared-mime-info-2.4-150600.1.3 updated - login_defs-4.8.1-150600.15.45 updated - libcrack2-2.9.11-150600.1.90 updated - cracklib-2.9.11-150600.1.90 updated - sed-4.9-150600.1.4 updated - libcurl4-8.6.0-150600.2.2 updated - sles-release-15.6-150600.37.2 updated - libgio-2_0-0-2.78.3-150600.2.2 updated - glib2-tools-2.78.3-150600.2.2 updated - libpxbackend-1_0-0.5.3-150600.2.1 updated - libproxy1-0.5.3-150600.2.2 updated - gpg2-2.4.4-150600.1.4 updated - libgpgme11-1.23.0-150600.1.41 updated - libzypp-17.32.4-150600.1.2 updated - shadow-4.8.1-150600.15.45 updated - zypper-1.14.71-150600.8.2 updated - util-linux-2.39.3-150600.2.1 updated - curl-8.6.0-150600.2.2 updated - augeas-lenses-1.14.1-150600.1.3 updated - augeas-1.14.1-150600.1.3 updated - btrfsprogs-udev-rules-6.5.1-150600.2.4 updated - hostname-3.16-2.22 added - iputils-20221126-150500.1.1 added - libguestfs-winsupport-1.52.0-150600.2.2 updated - guestfs-tools-1.52.0-150600.2.1 updated - libargon2-1-20190702-150600.1.4 updated - libburn4-1.5.6-150600.1.6 updated - libdevmapper1_03-2.03.22_1.02.196-150600.1.3 updated - libext2fs2-1.47.0-150600.2.26 updated - libfstrm0-0.6.1-150300.9.5.1 added - libhivex0-1.3.23-150600.1.5 updated - libjpeg8-8.2.2-150600.22.5 updated - libjson-glib-1_0-0-1.8.0-150600.1.3 updated - libkcapi-tools-0.13.0-150600.15.27 updated - libkmod2-29-150600.11.4 updated - libmaxminddb0-1.4.3-150000.1.8.1 added - libmnl0-1.0.4-1.25 added - libnettle8-3.9.1-150600.1.46 updated - libpng16-16-1.6.40-150600.1.3 updated - libprotobuf-c1-1.5.0-150600.1.4 added - libpwquality1-1.4.5-150600.2.3 updated - libschily1_0-3.02~a09-4.6.1 added - libuv1-1.44.2-150500.3.2.1 added - libvdeplug3-2.3.2+svn587-150600.17.3 updated - libx86emu3-3.1-1.23 added - libxtables12-1.8.7-1.1 added - mdadm-4.3-150600.1.28 updated - osinfo-db-20231215-150600.3.1 updated - pam-config-1.1-150600.14.3 updated - qemu-accel-tcg-x86-8.2.2-150600.1.8 updated - qemu-ipxe-8.2.2-150600.1.8 updated - qemu-seabios-8.2.21.16.3_3_ga95067eb-150600.1.8 updated - qemu-vgabios-8.2.21.16.3_3_ga95067eb-150600.1.8 updated - systemd-default-settings-branding-SLE-0.10-150300.3.7.1 updated - systemd-default-settings-0.10-150300.3.7.1 updated - xz-5.4.1-150600.1.2 updated - zstd-1.5.5-150600.1.3 updated - e2fsprogs-1.47.0-150600.2.26 updated - cyrus-sasl-2.1.28-150600.5.3 updated - libisoburn1-1.5.6-150600.1.6 updated - libopenssl1_1-1.1.1w-150600.3.10 updated - libcryptsetup12-2.7.0-150600.1.4 updated - libndctl6-78-150600.1.10 updated - libhogweed6-3.9.1-150600.1.46 updated - btrfsprogs-6.5.1-150600.2.4 updated - libscg1_0-3.02~a09-4.6.1 added - xfsprogs-6.6.0-150600.1.3 updated - libmpath0-0.9.8+88+suse.d504d83-150600.1.2 updated - bind-utils-9.18.24-150600.1.5 added - hwinfo-21.85-150500.3.3.1 added - iproute2-5.14-150400.1.8 added - systemd-presets-branding-SLE-15.1-150600.33.1 updated - cyrus-sasl-digestmd5-2.1.28-150600.5.3 updated - xorriso-1.5.6-150600.1.6 updated - cryptsetup-2.7.0-150600.1.4 updated - libgnutls30-3.8.3-150600.2.15 updated - xen-libs-4.18.2_02-150600.1.11 updated - mkisofs-3.02~a09-4.6.1 added - zisofs-tools-1.0.8-1.27 added - libntfs-3g87-2022.5.17-150000.3.16.1 added - libxkbcommon0-1.5.0-150600.1.5 updated - systemd-254.10-150600.2.3 updated - qemu-pr-helper-8.2.2-150600.1.8 updated - qemu-img-8.2.2-150600.1.8 updated - libvirt-libs-10.0.0-150600.6.2 updated - glib-networking-2.78.0-150600.1.5 updated - ntfsprogs-2022.5.17-150000.3.16.1 added - ntfs-3g-2022.5.17-150000.3.16.1 added - util-linux-systemd-2.39.3-150600.2.1 updated - qemu-tools-8.2.2-150600.1.8 updated - wicked-0.6.74-150600.9.2 updated - wicked-service-0.6.74-150600.9.2 updated - libosinfo-1_0-0-1.11.0-150600.2.2 updated - libosinfo-1.11.0-150600.2.2 updated - kmod-29-150600.11.4 updated - udev-254.10-150600.2.3 updated - dracut-059+suse.521.g8412a1c0-150600.1.3 updated - supermin-5.3.3-150600.1.8 updated - dhcp-4.3.6.P1-150000.6.19.1 added - rdma-core-49.1-150600.2.5 updated - dracut-fips-059+suse.521.g8412a1c0-150600.1.3 updated - dhcp-client-4.3.6.P1-150000.6.19.1 added - libibverbs1-49.1-150600.2.5 updated - libmlx5-1-49.1-150600.2.5 updated - libmlx4-1-49.1-150600.2.5 updated - libmana1-49.1-150600.2.5 updated - libefa1-49.1-150600.2.5 updated - libibverbs-49.1-150600.2.5 updated - librdmacm1-49.1-150600.2.5 updated - qemu-x86-8.2.2-150600.1.8 updated - qemu-8.2.2-150600.1.8 updated - qemu-ovmf-x86_64-202308-150600.3.1 updated - libguestfs0-1.52.0-150600.2.2 updated - libguestfs-devel-1.52.0-150600.2.2 updated - libguestfs-appliance-1.52.0-150600.2.2 updated - libguestfs-1.52.0-150600.2.2 updated - container:sles15-image-15.0.0-45.31 updated From sle-container-updates at lists.suse.com Fri May 24 07:04:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 May 2024 09:04:28 +0200 (CEST) Subject: SUSE-CU-2024:2256-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20240524070428.8E2B2FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2256-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.8.32 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.8.32 Severity : important Type : security References : 1082216 1082233 1213638 CVE-2018-6798 CVE-2018-6913 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) The following package changes have been done: - perl-base-5.26.1-150300.17.17.1 updated - perl-5.26.1-150300.17.17.1 updated From sle-container-updates at lists.suse.com Fri May 24 07:06:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 May 2024 09:06:35 +0200 (CEST) Subject: SUSE-CU-2024:2258-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20240524070635.69B92FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2258-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.8.32 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.8.32 Severity : important Type : security References : 1082216 1082233 1213638 CVE-2018-6798 CVE-2018-6913 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) The following package changes have been done: - perl-base-5.26.1-150300.17.17.1 updated - perl-5.26.1-150300.17.17.1 updated From sle-container-updates at lists.suse.com Sat May 25 07:02:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 May 2024 09:02:39 +0200 (CEST) Subject: SUSE-CU-2024:2269-1: Recommended update of bci/bci-init Message-ID: <20240525070239.73201FBA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2269-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.18.4 , bci/bci-init:latest Container Release : 18.4 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1778-1 Released: Fri May 24 17:40:50 2024 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable sysctl-logger (jsc#PED-5024) The following package changes have been done: - systemd-presets-branding-SLE-15.1-150100.20.14.1 updated From sle-container-updates at lists.suse.com Sat May 25 07:01:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 May 2024 09:01:39 +0200 (CEST) Subject: SUSE-CU-2024:2266-1: Security update of rancher/elemental-operator Message-ID: <20240525070139.4ADDAFBA2@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2266-1 Container Tags : rancher/elemental-operator:1.4.3 , rancher/elemental-operator:1.4.3-4.5.18 , rancher/elemental-operator:latest Container Release : 4.5.18 Severity : important Type : security References : 1188500 1221184 1221632 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container rancher/elemental-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - glibc-2.31-150300.74.1 updated - libz1-1.2.13-150500.4.3.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libopenssl1_1-1.1.1l-150500.17.25.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.25.1 updated - coreutils-8.32-150400.9.6.1 updated - openssl-1_1-1.1.1l-150500.17.25.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - container:suse-sle15-15.5-- added - container:suse-sle15-15.4-- removed From sle-container-updates at lists.suse.com Sat May 25 07:01:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 May 2024 09:01:33 +0200 (CEST) Subject: SUSE-CU-2024:2261-1: Security update of rancher/elemental-channel Message-ID: <20240525070133.C46A7FBA2@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2261-1 Container Tags : rancher/elemental-channel:1.4.3 , rancher/elemental-channel:1.4.3-4.5.1 , rancher/elemental-channel:latest Container Release : 4.5.1 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container rancher/elemental-channel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated From sle-container-updates at lists.suse.com Sat May 25 07:01:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 May 2024 09:01:42 +0200 (CEST) Subject: SUSE-CU-2024:2268-1: Security update of rancher/seedimage-builder Message-ID: <20240525070142.9B9EDFBA2@maintenance.suse.de> SUSE Container Update Advisory: rancher/seedimage-builder ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2268-1 Container Tags : rancher/seedimage-builder:1.4.3 , rancher/seedimage-builder:1.4.3-4.5.1 , rancher/seedimage-builder:latest Container Release : 4.5.1 Severity : important Type : security References : 1188500 1221184 1221632 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container rancher/seedimage-builder was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - glibc-2.31-150300.74.1 updated - libz1-1.2.13-150500.4.3.1 updated - libsasl2-3-2.1.28-150500.1.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libopenssl1_1-1.1.1l-150500.17.25.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.25.1 updated - krb5-1.20.1-150500.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - coreutils-8.32-150400.9.6.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - curl-8.0.1-150400.5.44.1 updated - openssl-1_1-1.1.1l-150500.17.25.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - container:suse-sle15-15.5-- added - container:suse-sle15-15.4-- removed From sle-container-updates at lists.suse.com Sat May 25 07:01:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 May 2024 09:01:35 +0200 (CEST) Subject: SUSE-CU-2024:2263-1: Security update of rancher/elemental-rt-channel Message-ID: <20240525070135.516ECFBA2@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-rt-channel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2263-1 Container Tags : rancher/elemental-rt-channel:1.4.3 , rancher/elemental-rt-channel:1.4.3-3.5.1 , rancher/elemental-rt-channel:latest Container Release : 3.5.1 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container rancher/elemental-rt-channel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated From sle-container-updates at lists.suse.com Sat May 25 07:03:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 May 2024 09:03:08 +0200 (CEST) Subject: SUSE-CU-2024:2270-1: Recommended update of suse/pcp Message-ID: <20240525070308.3CBE1FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2270-1 Container Tags : suse/pcp:5 , suse/pcp:5-26.15 , suse/pcp:5.2 , suse/pcp:5.2-26.15 , suse/pcp:5.2.5 , suse/pcp:5.2.5-26.15 , suse/pcp:latest Container Release : 26.15 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1778-1 Released: Fri May 24 17:40:50 2024 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable sysctl-logger (jsc#PED-5024) The following package changes have been done: - systemd-presets-branding-SLE-15.1-150100.20.14.1 updated - container:bci-bci-init-15.5-15.5-18.4 updated From sle-container-updates at lists.suse.com Sat May 25 07:03:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 May 2024 09:03:32 +0200 (CEST) Subject: SUSE-CU-2024:2271-1: Security update of suse/postgres Message-ID: <20240525070332.85C8FFBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2271-1 Container Tags : suse/postgres:15 , suse/postgres:15-20.3 , suse/postgres:15.7 , suse/postgres:15.7-20.3 Container Release : 20.3 Severity : moderate Type : security References : 1224038 1224051 CVE-2024-4317 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1777-1 Released: Fri May 24 17:39:57 2024 Summary: Security update for postgresql15 Type: security Severity: moderate References: 1224038,1224051,CVE-2024-4317 This update for postgresql15 fixes the following issues: PostgreSQL upgrade to version 15.7 (bsc#1224051): - CVE-2024-4317: Fixed visibility restriction of pg_stats_ext and pg_stats_ext_exprs entries to the table owner (bsc#1224038). Bug fixes: - Fix incompatibility with LLVM 18. - Prepare for PostgreSQL 17. - Make sure all compilation and doc generation happens in %build. - Require LLVM <= 17 for now, because LLVM 18 doesn't seem to work. - Remove constraints file because improved memory usage for s390x - Use %patch -P N instead of deprecated %patchN. Release notes: - https://www.postgresql.org/docs/release/15.7/ The following package changes have been done: - postgresql15-15.7-150200.5.27.1 updated - postgresql15-server-15.7-150200.5.27.1 updated From sle-container-updates at lists.suse.com Sat May 25 07:03:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 May 2024 09:03:53 +0200 (CEST) Subject: SUSE-CU-2024:2272-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20240525070353.91903FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2272-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.12 , suse/manager/4.3/proxy-httpd:4.3.12.9.52.6 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.52.6 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1778-1 Released: Fri May 24 17:40:50 2024 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable sysctl-logger (jsc#PED-5024) The following package changes have been done: - systemd-presets-branding-SLE-15.1-150100.20.14.1 updated From sle-container-updates at lists.suse.com Tue May 28 07:02:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 28 May 2024 09:02:43 +0200 (CEST) Subject: SUSE-CU-2024:2275-1: Recommended update of bci/rust Message-ID: <20240528070243.48848FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2275-1 Container Tags : bci/rust:1.78 , bci/rust:1.78-1.2.1 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.1 Container Release : 2.1 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1761-1 Released: Wed May 22 16:11:57 2024 Summary: Recommended update for rust, rust1.78 Type: recommended Severity: moderate References: This update for rust, rust1.78 fixes the following issues: rust1.78 is shipped: Version 1.78.0 (2024-05-02) ========================== Language -------- - Stabilize `#[cfg(target_abi = ...)]` - Stabilize the `#[diagnostic]` namespace and `#[diagnostic::on_unimplemented]` attribute - Make async-fn-in-trait implementable with concrete signatures - Make matching on NaN a hard error, and remove the rest of `illegal_floating_point_literal_pattern` - static mut: allow mutable reference to arbitrary types, not just slices and arrays - Extend `invalid_reference_casting` to include references casting to bigger memory layout - Add `non_contiguous_range_endpoints` lint for singleton gaps after exclusive ranges - Add `wasm_c_abi` lint for use of older wasm-bindgen versions This lint currently only works when using Cargo. - Update `indirect_structural_match` and `pointer_structural_match` lints to match RFC - Make non-`PartialEq`-typed consts as patterns a hard error - Split `refining_impl_trait` lint into `_reachable`, `_internal` variants - Remove unnecessary type inference when using associated types inside of higher ranked `where`-bounds - Weaken eager detection of cyclic types during type inference - `trait Trait: Auto {}`: allow upcasting from `dyn Trait` to `dyn Auto` Compiler -------- - Made `INVALID_DOC_ATTRIBUTES` lint deny by default - Increase accuracy of redundant `use` checking - Suggest moving definition if non-found macro_rules! is defined later - Lower transmutes from int to pointer type as gep on null Target changes: - Windows tier 1 targets now require at least Windows 10 - Enable CMPXCHG16B, SSE3, SAHF/LAHF and 128-bit Atomics in tier 1 Windows - Add `wasm32-wasip1` tier 2 (without host tools) target - Add `wasm32-wasip2` tier 3 target - Rename `wasm32-wasi-preview1-threads` to `wasm32-wasip1-threads` - Add `arm64ec-pc-windows-msvc` tier 3 target - Add `armv8r-none-eabihf` tier 3 target for the Cortex-R52 - Add `loongarch64-unknown-linux-musl` tier 3 target Refer to Rust's platform support page for more information on Rust's tiered platform support. Libraries --------- - Bump Unicode to version 15.1.0, regenerate tables - Make align_offset, align_to well-behaved in all cases - PartialEq, PartialOrd: document expectations for transitive chains - Optimize away poison guards when std is built with panic=abort - Replace pthread `RwLock` with custom implementation - Implement unwind safety for Condvar on all platforms - Add ASCII fast-path for `char::is_grapheme_extended` Stabilized APIs --------------- - `impl Read for &Stdin` https://doc.rust-lang.org/stable/std/io/struct.Stdin.html#impl-Read-for-%26Stdin - Accept non `'static` lifetimes for several `std::error::Error` related implementations - Make `impl` impl take `?Sized` - `impl From for io::Error` https://doc.rust-lang.org/stable/std/io/struct.Error.html#impl-From%3CTryReserveError%3E-for-Error These APIs are now stable in const contexts: - `Barrier::new()` https://doc.rust-lang.org/stable/std/sync/struct.Barrier.html#method.new Cargo ----- - Stabilize lockfile v4 - Respect `rust-version` when generating lockfile - Control `--charset` via auto-detecting config value - Support `target..rustdocflags` officially - Stabilize global cache data tracking Misc ---- - rustdoc: add `--test-builder-wrapper` arg to support wrappers such as RUSTC_WRAPPER when building doctests Compatibility Notes ------------------- - Many unsafe precondition checks now run for user code with debug assertions enabled This change helps users catch undefined behavior in their code, though the details of how much is checked are generally not stable. - riscv only supports split_debuginfo=off for now - Consistently check bounds on hidden types of `impl Trait` - Change equality of higher ranked types to not rely on subtyping - When called, additionally check bounds on normalized function return type - Expand coverage for `arithmetic_overflow` lint - Fix detection of potential interior mutability in `const` initializers This code was accidentally accepted. The fix can break generic code that borrows a value of unknown type, as there is currently no way to declare 'this type has no interior mutability'. In the future, stabilizing the `Freeze` trait will allow proper support for such code. The following package changes have been done: - rust1.78-1.78.0-150500.11.3.1 added - cargo1.78-1.78.0-150500.11.3.1 added - cargo1.77-1.77.0-150500.11.3.1 removed - rust1.77-1.77.0-150500.11.3.1 removed From sle-container-updates at lists.suse.com Wed May 29 07:03:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 May 2024 09:03:50 +0200 (CEST) Subject: SUSE-CU-2024:2278-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20240529070350.89191FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2278-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.8.34 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.8.34 Severity : moderate Type : recommended References : 1223596 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) The following package changes have been done: - libcom_err2-1.46.4-150400.3.6.2 updated From sle-container-updates at lists.suse.com Wed May 29 07:05:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 May 2024 09:05:48 +0200 (CEST) Subject: SUSE-CU-2024:2280-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20240529070548.CEF3DFBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2280-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.15.33 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.15.33 Severity : moderate Type : recommended References : 1223596 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) The following package changes have been done: - libcom_err2-1.46.4-150400.3.6.2 updated From sle-container-updates at lists.suse.com Wed May 29 07:06:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 May 2024 09:06:31 +0200 (CEST) Subject: SUSE-CU-2024:2281-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20240529070631.8A031FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2281-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.35 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.35 Container Release : 3.35 Severity : moderate Type : recommended References : 1223596 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) The following package changes have been done: - libcom_err2-1.46.4-150400.3.6.2 updated From sle-container-updates at lists.suse.com Wed May 29 16:13:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 May 2024 18:13:41 +0200 (CEST) Subject: SUSE-CU-2024:2282-1: Security update of suse/helm Message-ID: <20240529161341.A3C87FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2282-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-11.6 , suse/helm:latest Container Release : 11.6 Severity : moderate Type : security References : 1222548 CVE-2024-2511 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.28.2 updated - openssl-1_1-1.1.1l-150500.17.28.2 updated From sle-container-updates at lists.suse.com Wed May 29 16:13:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 May 2024 18:13:47 +0200 (CEST) Subject: SUSE-CU-2024:2283-1: Security update of suse/manager/5.0/x86_64/proxy-httpd Message-ID: <20240529161347.A2A59FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2283-1 Container Tags : suse/manager/5.0/x86_64/proxy-httpd:5.0.0-rc , suse/manager/5.0/x86_64/proxy-httpd:5.0.0-rc.4.39 , suse/manager/5.0/x86_64/proxy-httpd:latest Container Release : 4.39 Severity : moderate Type : security References : 1189495 1191175 1215520 1218686 CVE-2021-3521 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1341-1 Released: Thu Apr 18 15:29:45 2024 Summary: Recommended update for tftp Type: recommended Severity: moderate References: 1215520 This update for tftp fixes the following issue: - Allow enabling the service via `systemctl enable tftp` to create the tftp.socket symlink (bsc#1215520) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1398-1 Released: Tue Apr 23 13:58:22 2024 Summary: Recommended update for systemd-default-settings Type: recommended Severity: moderate References: This update for systemd-default-settings fixes the following issues: - Disable pids controller limit under user instances (jsc#SLE-10123) - Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific 'feature' has been abandoned. - User priority '26' for SLE-Micro - Convert more drop-ins into early ones ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1557-1 Released: Wed May 8 11:42:34 2024 Summary: Security update for rpm Type: security Severity: moderate References: 1189495,1191175,1218686,CVE-2021-3521 This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175) Other fixes: - accept more signature subpackets marked as critical (bsc#1218686) - backport limit support for the autopatch macro (bsc#1189495) The following package changes have been done: - cracklib-dict-small-2.9.11-150600.1.90 updated - libldap-data-2.4.46-150600.23.21 updated - glibc-2.38-150600.12.1 updated - libzstd1-1.5.5-150600.1.3 updated - libuuid1-2.39.3-150600.2.1 updated - libsmartcols1-2.39.3-150600.2.1 updated - libsepol2-3.5-150600.1.49 updated - libsasl2-3-2.1.28-150600.5.3 updated - libpcre2-8-0-10.42-150600.1.26 updated - libnghttp2-14-1.40.0-150600.23.2 updated - liblzma5-5.4.1-150600.1.2 updated - liblz4-1-1.9.4-150600.1.4 updated - libgpg-error0-1.47-150600.1.3 updated - libfa1-1.14.1-150600.1.3 updated - libcom_err2-1.47.0-150600.2.26 updated - libblkid1-2.39.3-150600.2.1 updated - libselinux1-3.5-150600.1.46 updated - libglib-2_0-0-2.78.3-150600.2.2 updated - libgcrypt20-1.10.3-150600.1.23 updated - libfdisk1-2.39.3-150600.2.1 updated - libmount1-2.39.3-150600.2.1 updated - libgmodule-2_0-0-2.78.3-150600.2.2 updated - libabsl2401_0_0-20240116.1-150600.17.7 updated - libgobject-2_0-0-2.78.3-150600.2.2 updated - libopenssl3-3.1.4-150600.3.6 updated - libaugeas0-1.14.1-150600.1.3 updated - libudev1-254.10-150600.2.3 updated - libsystemd0-254.10-150600.2.3 updated - libprotobuf-lite25_1_0-25.1-150600.14.3 updated - libzck1-1.1.16-150600.9.3 updated - libopenssl-3-fips-provider-3.1.4-150600.3.6 updated - libldap-2_4-2-2.4.46-150600.23.21 updated - krb5-1.20.1-150600.9.2 updated - patterns-base-fips-20200124-150600.30.1 updated - shared-mime-info-2.4-150600.1.3 updated - login_defs-4.8.1-150600.15.45 updated - libcrack2-2.9.11-150600.1.90 updated - cracklib-2.9.11-150600.1.90 updated - sed-4.9-150600.1.4 updated - libcurl4-8.6.0-150600.2.2 updated - sles-release-15.6-150600.37.2 updated - libgio-2_0-0-2.78.3-150600.2.2 updated - glib2-tools-2.78.3-150600.2.2 updated - libpxbackend-1_0-0.5.3-150600.2.1 updated - libproxy1-0.5.3-150600.2.2 updated - gpg2-2.4.4-150600.1.4 updated - libgpgme11-1.23.0-150600.1.41 updated - libzypp-17.32.4-150600.1.2 updated - shadow-4.8.1-150600.15.45 updated - zypper-1.14.71-150600.8.2 updated - util-linux-2.39.3-150600.2.1 updated - curl-8.6.0-150600.2.2 updated - girepository-1_0-1.78.1-150600.2.3 updated - libgirepository-1_0-1-1.78.1-150600.2.3 updated - libkmod2-29-150600.11.4 updated - libyaml-0-2-0.1.7-1.17 added - pam-config-1.1-150600.14.3 updated - release-notes-susemanager-proxy-5.0.0~rc-150600.13.1 updated - selinux-tools-3.5-150600.1.46 updated - systemd-default-settings-branding-SLE-0.10-150300.3.7.1 updated - systemd-default-settings-0.10-150300.3.7.1 updated - xz-5.4.1-150600.1.2 updated - zstd-1.5.5-150600.1.3 updated - libopenssl1_1-1.1.1w-150600.3.10 updated - libmodulemd2-2.13.0-150400.1.8 added - systemd-presets-branding-SLE-15.1-150600.33.1 updated - apache2-prefork-2.4.58-150600.3.2 updated - typelib-1_0-Modulemd-2_0-2.13.0-150400.1.8 added - policycoreutils-3.5-150600.1.50 updated - systemd-254.10-150600.2.3 updated - tftp-5.2-150000.5.6.2 updated - python3-uyuni-common-libs-5.0.3-150600.1.41.1 updated - python3-rpm-4.14.3-150400.59.16.1 updated - apache2-2.4.58-150600.3.2 updated - python3-libmodulemd-2.13.0-150400.1.8 added - spacewalk-backend-5.0.6-150600.3.42.13 updated - python3-spacewalk-client-tools-5.0.5-150600.3.89.8 updated - spacewalk-client-tools-5.0.5-150600.3.89.8 updated - mgr-push-5.0.2-150600.1.28.1 updated - python3-mgr-push-5.0.2-150600.1.28.1 updated - spacewalk-proxy-package-manager-5.0.2-150600.1.1 updated - spacewalk-proxy-common-5.0.2-150600.1.1 updated - spacewalk-proxy-broker-5.0.2-150600.1.1 updated - spacewalk-proxy-redirect-5.0.2-150600.1.1 updated - container:sles15-image-15.0.0-45.31 updated - libnewt0_52-0.52.20-150000.7.2.3 removed - libslang2-2.3.1a-150000.5.2.3 removed - newt-0.52.20-150000.7.2.3 removed - python3-newt-0.52.20-150000.7.2.3 removed From sle-container-updates at lists.suse.com Wed May 29 16:13:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 May 2024 18:13:50 +0200 (CEST) Subject: SUSE-CU-2024:2284-1: Recommended update of suse/manager/5.0/x86_64/proxy-salt-broker Message-ID: <20240529161350.0A78CFBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2284-1 Container Tags : suse/manager/5.0/x86_64/proxy-salt-broker:5.0.0-rc , suse/manager/5.0/x86_64/proxy-salt-broker:5.0.0-rc.4.41 , suse/manager/5.0/x86_64/proxy-salt-broker:latest Container Release : 4.41 Severity : moderate Type : recommended References : 1188500 1221184 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed The following package changes have been done: - cracklib-dict-small-2.9.11-150600.1.90 updated - libldap-data-2.4.46-150600.23.21 updated - glibc-2.38-150600.12.1 updated - libzstd1-1.5.5-150600.1.3 updated - libuuid1-2.39.3-150600.2.1 updated - libsmartcols1-2.39.3-150600.2.1 updated - libsepol2-3.5-150600.1.49 updated - libsasl2-3-2.1.28-150600.5.3 updated - libpcre2-8-0-10.42-150600.1.26 updated - libnghttp2-14-1.40.0-150600.23.2 updated - liblzma5-5.4.1-150600.1.2 updated - liblz4-1-1.9.4-150600.1.4 updated - libgpg-error0-1.47-150600.1.3 updated - libfa1-1.14.1-150600.1.3 updated - libcom_err2-1.47.0-150600.2.26 updated - libblkid1-2.39.3-150600.2.1 updated - libselinux1-3.5-150600.1.46 updated - libglib-2_0-0-2.78.3-150600.2.2 updated - libgcrypt20-1.10.3-150600.1.23 updated - libfdisk1-2.39.3-150600.2.1 updated - libmount1-2.39.3-150600.2.1 updated - libgmodule-2_0-0-2.78.3-150600.2.2 updated - libabsl2401_0_0-20240116.1-150600.17.7 updated - libgobject-2_0-0-2.78.3-150600.2.2 updated - libopenssl3-3.1.4-150600.3.6 updated - libaugeas0-1.14.1-150600.1.3 updated - libudev1-254.10-150600.2.3 updated - libsystemd0-254.10-150600.2.3 updated - libprotobuf-lite25_1_0-25.1-150600.14.3 updated - libzck1-1.1.16-150600.9.3 updated - libopenssl-3-fips-provider-3.1.4-150600.3.6 updated - libldap-2_4-2-2.4.46-150600.23.21 updated - krb5-1.20.1-150600.9.2 updated - patterns-base-fips-20200124-150600.30.1 updated - shared-mime-info-2.4-150600.1.3 updated - login_defs-4.8.1-150600.15.45 updated - libcrack2-2.9.11-150600.1.90 updated - cracklib-2.9.11-150600.1.90 updated - sed-4.9-150600.1.4 updated - libcurl4-8.6.0-150600.2.2 updated - sles-release-15.6-150600.37.2 updated - libgio-2_0-0-2.78.3-150600.2.2 updated - glib2-tools-2.78.3-150600.2.2 updated - libpxbackend-1_0-0.5.3-150600.2.1 updated - libproxy1-0.5.3-150600.2.2 updated - gpg2-2.4.4-150600.1.4 updated - libgpgme11-1.23.0-150600.1.41 updated - libzypp-17.32.4-150600.1.2 updated - shadow-4.8.1-150600.15.45 updated - zypper-1.14.71-150600.8.2 updated - util-linux-2.39.3-150600.2.1 updated - curl-8.6.0-150600.2.2 updated - openssl-3-3.1.4-150600.3.6 updated - timezone-2024a-150600.89.2 updated - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - libopenssl1_1-1.1.1w-150600.3.10 updated - container:sles15-image-15.0.0-45.31 updated - dbus-1-1.12.2-150400.18.8.1 removed - libdbus-1-3-1.12.2-150400.18.8.1 removed - update-alternatives-1.19.0.4-150000.4.4.1 removed From sle-container-updates at lists.suse.com Wed May 29 16:13:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 May 2024 18:13:56 +0200 (CEST) Subject: SUSE-CU-2024:2287-1: Security update of suse/manager/5.0/x86_64/proxy-tftpd Message-ID: <20240529161356.A4034FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2287-1 Container Tags : suse/manager/5.0/x86_64/proxy-tftpd:5.0.0-rc , suse/manager/5.0/x86_64/proxy-tftpd:5.0.0-rc.4.29 , suse/manager/5.0/x86_64/proxy-tftpd:latest Container Release : 4.29 Severity : moderate Type : security References : 1188500 1221184 1222842 CVE-2024-3651 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1439-1 Released: Thu Apr 25 23:41:12 2024 Summary: Security update for python-idna Type: security Severity: moderate References: 1222842,CVE-2024-3651 This update for python-idna fixes the following issues: - CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842). The following package changes have been done: - glibc-2.38-150600.12.1 updated - libpcre2-8-0-10.42-150600.1.26 updated - liblzma5-5.4.1-150600.1.2 updated - libcom_err2-1.47.0-150600.2.26 updated - libselinux1-3.5-150600.1.46 updated - libopenssl3-3.1.4-150600.3.6 updated - libopenssl-3-fips-provider-3.1.4-150600.3.6 updated - krb5-1.20.1-150600.9.2 updated - patterns-base-fips-20200124-150600.30.1 updated - openssl-3-3.1.4-150600.3.6 updated - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - libopenssl1_1-1.1.1w-150600.3.10 updated - python3-idna-2.6-150000.3.3.1 updated - container:sles15-image-15.0.0-45.31 updated From sle-container-updates at lists.suse.com Wed May 29 16:13:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 May 2024 18:13:58 +0200 (CEST) Subject: SUSE-CU-2024:2288-1: Security update of suse/manager/5.0/x86_64/server-attestation Message-ID: <20240529161358.05AE4FBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-attestation ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2288-1 Container Tags : suse/manager/5.0/x86_64/server-attestation:5.0.0-rc , suse/manager/5.0/x86_64/server-attestation:5.0.0-rc.3.1 , suse/manager/5.0/x86_64/server-attestation:latest Container Release : 3.1 Severity : moderate Type : security References : 1188500 1213470 1219912 1221184 1221632 1222155 1222979 1222983 1222984 1222986 1222987 CVE-2023-6152 CVE-2024-1313 CVE-2024-21011 CVE-2024-21012 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server-attestation was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1498-1 Released: Mon May 6 09:42:11 2024 Summary: Security update for java-11-openjdk Type: security Severity: low References: 1213470,1222979,1222983,1222984,1222986,1222987,CVE-2024-21011,CVE-2024-21012,CVE-2024-21068,CVE-2024-21085,CVE-2024-21094 This update for java-11-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979) - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987) - CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983) - CVE-2024-21085: Fixed denial of service due to Pack200 excessive memory allocation (JDK-8322114,bsc#1222984) - CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with 'Exceeded _node_regs array' (JDK-8317507,JDK-8325348,bsc#1222986) Other fixes: - Upgrade to upstream tag jdk-11.0.23+9 (April 2024 CPU) * Security fixes + JDK-8318340: Improve RSA key implementations * Other changes + JDK-6928542: Chinese characters in RTF are not decoded + JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/ /bug4517214.java fails on MacOS + JDK-7148092: [macosx] When Alt+down arrow key is pressed, the combobox popup does not appear. + JDK-8054022: HttpURLConnection timeouts with Expect: 100-Continue and no chunking + JDK-8054572: [macosx] JComboBox paints the border incorrectly + JDK-8058176: [mlvm] tests should not allow code cache exhaustion + JDK-8067651: LevelTransitionTest.java, fix trivial methods levels logic + JDK-8068225: nsk/jdi/EventQueue/remove_l/remove_l005 intermittently times out + JDK-8156889: ListKeychainStore.sh fails in some virtualized environments + JDK-8166275: vm/mlvm/meth/stress/compiler/deoptimize keeps timeouting + JDK-8166554: Avoid compilation blocking in OverloadCompileQueueTest.java + JDK-8169475: WheelModifier.java fails by timeout + JDK-8180266: Convert sun/security/provider/KeyStore/DKSTest.sh to Java Jtreg Test + JDK-8186610: move ModuleUtils to top-level testlibrary + JDK-8192864: defmeth tests can hide failures + JDK-8193543: Regression automated test '/open/test/jdk/java/ /awt/TrayIcon/SystemTrayInstance/SystemTrayInstanceTest.java' fails + JDK-8198668: MemoryPoolMBean/isUsageThresholdExceeded/ /isexceeded001/TestDescription.java still failing + JDK-8202282: [TESTBUG] appcds TestCommon .makeCommandLineForAppCDS() can be removed + JDK-8202790: DnD test DisposeFrameOnDragTest.java does not clean up + JDK-8202931: [macos] java/awt/Choice/ChoicePopupLocation/ /ChoicePopupLocation.java fails + JDK-8207211: [TESTBUG] Remove excessive output from CDS/AppCDS tests + JDK-8207214: Broken links in JDK API serialized-form page + JDK-8207855: Make applications/jcstress invoke tests in batches + JDK-8208243: vmTestbase/gc/lock/jni/jnilock002/ /TestDescription.java fails in jdk/hs nightly + JDK-8208278: [mlvm] [TESTBUG] vm.mlvm.mixed.stress.java .findDeadlock.INDIFY_Test Deadlocked threads are not always detected + JDK-8208623: [TESTBUG] runtime/LoadClass/LongBCP.java fails in AUFS file system + JDK-8208699: remove unneeded imports from runtime tests + JDK-8208704: runtime/appcds/MultiReleaseJars.java timed out often in hs-tier7 testing + JDK-8208705: [TESTBUG] The -Xlog:cds,cds+hashtables vm option is not always required for appcds tests + JDK-8209549: remove VMPropsExt from TEST.ROOT + JDK-8209595: MonitorVmStartTerminate.java timed out + JDK-8209946: [TESTBUG] CDS tests should use '@run driver' + JDK-8211438: [Testbug] runtime/XCheckJniJsig/XCheckJSig.java looks for libjsig in wrong location + JDK-8211978: Move testlibrary/jdk/testlibrary/ /SimpleSSLContext.java and testkeys to network testlibrary + JDK-8213622: Windows VS2013 build failure - ''snprintf': identifier not found' + JDK-8213926: WB_EnqueueInitializerForCompilation requests compilation for NULL + JDK-8213927: G1 ignores AlwaysPreTouch when UseTransparentHugePages is enabled + JDK-8214908: add ctw tests for jdk.jfr and jdk.management.jfr modules + JDK-8214915: CtwRunner misses export for jdk.internal.access + JDK-8216408: XMLStreamWriter setDefaultNamespace(null) throws NullPointerException + JDK-8217475: Unexpected StackOverflowError in 'process reaper' thread + JDK-8218754: JDK-8068225 regression in JDIBreakpointTest + JDK-8219475: javap man page needs to be updated + JDK-8219585: [TESTBUG] sun/management/jmxremote/bootstrap/ /JMXInterfaceBindingTest.java passes trivially when it shouldn't + JDK-8219612: [TESTBUG] compiler.codecache.stress.Helper .TestCaseImpl can't be defined in different runtime package as its nest host + JDK-8225471: Test utility jdk.test.lib.util.FileUtils .areAllMountPointsAccessible needs to tolerate duplicates + JDK-8226706: (se) Reduce the number of outer loop iterations on Windows in java/nio/channels/Selector/RacyDeregister.java + JDK-8226905: unproblem list applications/ctw/modules/* tests on windows + JDK-8226910: make it possible to use jtreg's -match via run-test framework + JDK-8227438: [TESTLIB] Determine if file exists by Files.exists in function FileUtils.deleteFileIfExistsWithRetry + JDK-8231585: java/lang/management/ThreadMXBean/ /MaxDepthForThreadInfoTest.java fails with java.lang.NullPointerException + JDK-8232839: JDI AfterThreadDeathTest.java failed due to 'FAILED: Did not get expected IllegalThreadStateException on a StepRequest.enable()' + JDK-8233453: MLVM deoptimize stress test timed out + JDK-8234309: LFGarbageCollectedTest.java fails with parse Exception + JDK-8237222: [macos] java/awt/Focus/UnaccessibleChoice/ /AccessibleChoiceTest.java fails + JDK-8237777: 'Dumping core ...' is shown despite claiming that '# No core dump will be written.' + JDK-8237834: com/sun/jndi/ldap/LdapDnsProviderTest.java failing with LDAP response read timeout + JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel + JDK-8239801: [macos] java/awt/Focus/UnaccessibleChoice/ /AccessibleChoiceTest.java fails + JDK-8244679: JVM/TI GetCurrentContendedMonitor/contmon001 failed due to '(IsSameObject#3) unexpected monitor object: 0x000000562336DBA8' + JDK-8246222: Rename javac test T6395981.java to be more informative + JDK-8247818: GCC 10 warning stringop-overflow with symbol code + JDK-8249087: Always initialize _body[0..1] in Symbol constructor + JDK-8251349: Add TestCaseImpl to OverloadCompileQueueTest.java's build dependencies + JDK-8251904: vmTestbase/nsk/sysdict/vm/stress/btree/btree010/ /btree010.java fails with ClassNotFoundException: nsk.sysdict.share.BTree0LLRLRLRRLR + JDK-8253543: sanity/client/SwingSet/src/ /ButtonDemoScreenshotTest.java failed with 'AssertionError: All pixels are not black' + JDK-8253739: java/awt/image/MultiResolutionImage/ /MultiResolutionImageObserverTest.java fails + JDK-8253820: Save test images and dumps with timestamps from client sanity suite + JDK-8255277: randomDelay in DrainDeadlockT and LoggingDeadlock do not randomly delay + JDK-8255546: Missing coverage for javax.smartcardio.CardPermission and ResponseAPDU + JDK-8255743: Relax SIGFPE match in in runtime/ErrorHandling/SecondaryErrorTest.java + JDK-8257505: nsk/share/test/StressOptions stressTime is scaled in getter but not when printed + JDK-8259801: Enable XML Signature secure validation mode by default + JDK-8264135: UnsafeGetStableArrayElement should account for different JIT implementation details + JDK-8265349: vmTestbase/../stress/compiler/deoptimize/ /Test.java fails with OOME due to CodeCache exhaustion. + JDK-8269025: jsig/Testjsig.java doesn't check exit code + JDK-8269077: TestSystemGC uses 'require vm.gc.G1' for large pages subtest + JDK-8271094: runtime/duplAttributes/DuplAttributesTest.java doesn't check exit code + JDK-8271224: runtime/EnclosingMethodAttr/EnclMethodAttr.java doesn't check exit code + JDK-8271828: mark hotspot runtime/classFileParserBug tests which ignore external VM flags + JDK-8271829: mark hotspot runtime/Throwable tests which ignore external VM flags + JDK-8271890: mark hotspot runtime/Dictionary tests which ignore external VM flags + JDK-8272291: mark hotspot runtime/logging tests which ignore external VM flags + JDK-8272335: runtime/cds/appcds/MoveJDKTest.java doesn't check exit codes + JDK-8272551: mark hotspot runtime/modules tests which ignore external VM flags + JDK-8272552: mark hotspot runtime/cds tests which ignore external VM flags + JDK-8273803: Zero: Handle 'zero' variant in CommandLineOptionTest.java + JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java fails in Windows 11 + JDK-8274621: NullPointerException because listenAddress[0] is null + JDK-8276796: gc/TestSystemGC.java large pages subtest fails with ZGC + JDK-8280007: Enable Neoverse N1 optimizations for Arm Neoverse V1 & N2 + JDK-8281149: (fs) java/nio/file/FileStore/Basic.java fails with java.lang.RuntimeException: values differ by more than 1GB + JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/ /ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from problemlist. + JDK-8281717: Cover logout method for several LoginModule + JDK-8282665: [REDO] ByteBufferTest.java: replace endless recursion with RuntimeException in void ck(double x, double y) + JDK-8284090: com/sun/security/auth/module/AllPlatforms.java fails to compile + JDK-8285756: clean up use of bad arguments for `@clean` in langtools tests + JDK-8285785: CheckCleanerBound test fails with PasswordCallback object is not released + JDK-8285867: Convert applet manual tests SelectionVisible.java to Frame and automate + JDK-8286846: test/jdk/javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java fails on mac aarch64 + JDK-8286969: Add a new test library API to execute kinit in SecurityTools.java + JDK-8287113: JFR: Periodic task thread uses period for method sampling events + JDK-8289511: Improve test coverage for XPath Axes: child + JDK-8289764: gc/lock tests failed with 'OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects' + JDK-8289948: Improve test coverage for XPath functions: Node Set Functions + JDK-8290399: [macos] Aqua LAF does not fire an action event if combo box menu is displayed + JDK-8290909: MemoryPoolMBean/isUsageThresholdExceeded tests failed with 'isUsageThresholdExceeded() returned false, and is still false, while threshold = MMMMMMM and used peak = NNNNNNN' + JDK-8292182: [TESTLIB] Enhance JAXPPolicyManager to setup required permissions for jtreg version 7 jar + JDK-8292946: GC lock/jni/jnilock001 test failed 'assert(gch->gc_cause() == GCCause::_scavenge_alot || !gch->incremental_collection_failed()) failed: Twice in a row' + JDK-8293819: sun/util/logging/PlatformLoggerTest.java failed with 'RuntimeException: Retrieved backing PlatformLogger level null is not the expected CONFIG' + JDK-8294158: HTML formatting for PassFailJFrame instructions + JDK-8294254: [macOS] javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java failure + JDK-8294402: Add diagnostic logging to VMProps.checkDockerSupport + JDK-8294535: Add screen capture functionality to PassFailJFrame + JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails intermittently on a VM + JDK-8296384: [TESTBUG] sun/security/provider/SecureRandom/ /AbstractDrbg/SpecTest.java intermittently timeout + JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java failed: ExceptionInInitializerError: target class not found + JDK-8300269: The selected item in an editable JComboBox with titled border is not visible in Aqua LAF + JDK-8300727: java/awt/List/ListGarbageCollectionTest/ /AwtListGarbageCollectionTest.java failed with 'List wasn't garbage collected' + JDK-8301310: The SendRawSysexMessage test may cause a JVM crash + JDK-8301377: adjust timeout for JLI GetObjectSizeIntrinsicsTest.java subtest again + JDK-8301846: Invalid TargetDataLine after screen lock when using JFileChooser or COM library + JDK-8302017: Allocate BadPaddingException only if it will be thrown + JDK-8302109: Trivial fixes to btree tests + JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/TestAMEnotNPE.java + JDK-8302607: increase timeout for ContinuousCallSiteTargetChange.java + JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM + JDK-8304314: StackWalkTest.java fails after CODETOOLS-7903373 + JDK-8304725: AsyncGetCallTrace can cause SIGBUS on M1 + JDK-8305502: adjust timeouts in three more M&M tests + JDK-8305505: NPE in javazic compiler + JDK-8305972: Update XML Security for Java to 3.0.2 + JDK-8306072: Open source several AWT MouseInfo related tests + JDK-8306076: Open source AWT misc tests + JDK-8306409: Open source AWT KeyBoardFocusManger, LightWeightComponent related tests + JDK-8306640: Open source several AWT TextArea related tests + JDK-8306652: Open source AWT MenuItem related tests + JDK-8306681: Open source more AWT DnD related tests + JDK-8306683: Open source several clipboard and color AWT tests + JDK-8306752: Open source several container and component AWT tests + JDK-8306753: Open source several container AWT tests + JDK-8306755: Open source few Swing JComponent and AbstractButton tests + JDK-8306812: Open source several AWT Miscellaneous tests + JDK-8306871: Open source more AWT Drag & Drop tests + JDK-8306996: Open source Swing MenuItem related tests + JDK-8307123: Fix deprecation warnings in DPrinter + JDK-8307130: Open source few Swing JMenu tests + JDK-8307299: Move more DnD tests to open + JDK-8307311: Timeouts on one macOS 12.6.1 host of two Swing JTableHeader tests + JDK-8307381: Open Source JFrame, JIF related Swing Tests + JDK-8307683: Loop Predication should not hoist range checks with trap on success projection by negating their condition + JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC while allocating + JDK-8308116: jdk.test.lib.compiler.InMemoryJavaCompiler .compile does not close files + JDK-8308223: failure handler missed jcmd.vm.info command + JDK-8308232: nsk/jdb tests don't pass -verbose flag to the debuggee + JDK-8308245: Add -proc:full to describe current default annotation processing policy + JDK-8308336: Test java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java failed: java.net.BindException: Address already in use + JDK-8309104: [JVMCI] compiler/unsafe/ /UnsafeGetStableArrayElement test asserts wrong values with Graal + JDK-8309119: [17u/11u] Redo JDK-8297951: C2: Create skeleton predicates for all If nodes in loop predication + JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/ /agentthr001/TestDescription.java crashing due to empty while loop + JDK-8309778: java/nio/file/Files/CopyAndMove.java fails when using second test directory + JDK-8309870: Using -proc:full should be considered requesting explicit annotation processing + JDK-8310106: sun.security.ssl.SSLHandshake .getHandshakeProducer() incorrectly checks handshakeConsumers + JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/ /bug6889007.java fails + JDK-8310551: vmTestbase/nsk/jdb/interrupt/interrupt001/ /interrupt001.java timed out due to missing prompt + JDK-8310807: java/nio/channels/DatagramChannel/Connect.java timed out + JDK-8311081: KeytoolReaderP12Test.java fail on localized Windows platform + JDK-8311511: Improve description of NativeLibrary JFR event + JDK-8311585: Add JRadioButtonMenuItem to bug8031573.java + JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 + JDK-8313082: Enable CreateCoredumpOnCrash for testing in makefiles + JDK-8313164: src/java.desktop/windows/native/libawt/windows/ /awt_Robot.cpp GetRGBPixels adjust releasing of resources + JDK-8313252: Java_sun_awt_windows_ThemeReader_paintBackground release resources in early returns + JDK-8313643: Update HarfBuzz to 8.2.2 + JDK-8313816: Accessing jmethodID might lead to spurious crashes + JDK-8314144: gc/g1/ihop/TestIHOPStatic.java fails due to extra concurrent mark with -Xcomp + JDK-8314164: java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fails intermittently in timeout + JDK-8314883: Java_java_util_prefs_FileSystemPreferences_lockFile0 write result errno in missing case + JDK-8315034: File.mkdirs() occasionally fails to create folders on Windows shared folder + JDK-8315042: NPE in PKCS7.parseOldSignedData + JDK-8315415: OutputAnalyzer.shouldMatchByLine() fails in some cases + JDK-8315499: build using devkit on Linux ppc64le RHEL puts path to devkit into libsplashscreen + JDK-8315594: Open source few headless Swing misc tests + JDK-8315600: Open source few more headless Swing misc tests + JDK-8315602: Open source swing security manager test + JDK-8315606: Open source few swing text/html tests + JDK-8315611: Open source swing text/html and tree test + JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should run with -Xbatch + JDK-8315731: Open source several Swing Text related tests + JDK-8315761: Open source few swing JList and JMenuBar tests + JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/ /bug4654927.java: component must be showing on the screen to determine its location + JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use createTestJvm + JDK-8316028: Update FreeType to 2.13.2 + JDK-8316030: Update Libpng to 1.6.40 + JDK-8316106: Open source few swing JInternalFrame and JMenuBar tests + JDK-8316461: Fix: make test outputs TEST SUCCESS after unsuccessful exit + JDK-8316947: Write a test to check textArea triggers MouseEntered/MouseExited events properly + JDK-8317307: test/jdk/com/sun/jndi/ldap/ /LdapPoolTimeoutTest.java fails with ConnectException: Connection timed out: no further information + JDK-8317327: Remove JT_JAVA dead code in jib-profiles.js + JDK-8318154: Improve stability of WheelModifier.java test + JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows + JDK-8318468: compiler/tiered/LevelTransitionTest.java fails with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1 + JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java + JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni tests + JDK-8318608: Enable parallelism in vmTestbase/nsk/stress/threads tests + JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with 'transport error 202: bind failed: Address already in use' + JDK-8318889: C2: add bailout after assert Bad graph detected in build_loop_late + JDK-8318951: Additional negative value check in JPEG decoding + JDK-8318955: Add ReleaseIntArrayElements in Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to early return + JDK-8318971: Better Error Handling for Jar Tool When Processing Non-existent Files + JDK-8318983: Fix comment typo in PKCS12Passwd.java + JDK-8319124: Update XML Security for Java to 3.0.3 + JDK-8319456: jdk/jfr/event/gc/collection/ /TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker Initiated GC' not in the valid causes + JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh + JDK-8320001: javac crashes while adding type annotations to the return type of a constructor + JDK-8320208: Update Public Suffix List to b5bf572 + JDK-8320363: ppc64 TypeEntries::type_unknown logic looks wrong, missed optimization opportunity + JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly + JDK-8320798: Console read line with zero out should zero out underlying buffer + JDK-8320884: Bump update version for OpenJDK: jdk-11.0.23 + JDK-8320937: support latest VS2022 MSC_VER in abstract_vm_version.cpp + JDK-8321151: JDK-8294427 breaks Windows L&F on all older Windows versions + JDK-8321215: Incorrect x86 instruction encoding for VSIB addressing mode + JDK-8321408: Add Certainly roots R1 and E1 + JDK-8321480: ISO 4217 Amendment 176 Update + JDK-8322178: Error. can't find jdk.testlibrary .SimpleSSLContext in test directory or libraries + JDK-8322417: Console read line with zero out should zero out when throwing exception + JDK-8322725: (tz) Update Timezone Data to 2023d + JDK-8322750: Test 'api/java_awt/interactive/ /SystemTrayTests.html' failed because A blue ball icon is added outside of the system tray + JDK-8322752: [11u] GetStackTraceAndRetransformTest.java is failing assert + JDK-8322772: Clean up code after JDK-8322417 + JDK-8323008: filter out harmful -std* flags added by autoconf from CXX + JDK-8323243: JNI invocation of an abstract instance method corrupts the stack + JDK-8323515: Create test alias 'all' for all test roots + JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/ /platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed + JDK-8324184: Windows VS2010 build failed with 'error C2275: 'int64_t'' + JDK-8324307: [11u] hotspot fails to build with GCC 12 and newer (non-static data member initializers) + JDK-8324347: Enable 'maybe-uninitialized' warning for FreeType 2.13.1 + JDK-8324659: GHA: Generic jtreg errors are not reported + JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing + JDK-8325150: (tz) Update Timezone Data to 2024a + JDK-8326109: GCC 13 reports maybe-uninitialized warnings for jni.cpp with dtrace enabled + JDK-8326503: [11u] java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fail because of package org.junit.jupiter.api does not exist + JDK-8327391: Add SipHash attribution file + JDK-8329837: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.23 - Removed the possibility to use the system timezone-java (bsc#1213470) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1530-1 Released: Mon May 6 11:52:34 2024 Summary: Security update for grafana and mybatis Type: security Severity: moderate References: 1219912,1222155,CVE-2023-6152,CVE-2024-1313 This update for grafana and mybatis fixes the following issues: grafana was updated to version 9.5.18: - Grafana now requires Go 1.20 - Security issues fixed: * CVE-2024-1313: Require same organisation when deleting snapshots (bsc#1222155) * CVE-2023-6152: Add email verification when updating user email (bsc#1219912) - Other non-security related changes: * Version 9.5.17: + [FEATURE] Alerting: Backport use Alertmanager API v2 * Version 9.5.16: + [BUGFIX] Annotations: Split cleanup into separate queries and deletes to avoid deadlocks on MySQL * Version 9.5.15: + [FEATURE] Alerting: Attempt to retry retryable errors * Version 9.5.14: + [BUGFIX] Alerting: Fix state manager to not keep datasource_uid and ref_id labels in state after Error + [BUGFIX] Transformations: Config overrides being lost when config from query transform is applied + [BUGFIX] LDAP: Fix enable users on successfull login * Version 9.5.13: + [BUGFIX] BrowseDashboards: Only remember the most recent expanded folder + [BUGFIX] Licensing: Pass func to update env variables when starting plugin * Version 9.5.12: + [FEATURE] Azure: Add support for Workload Identity authentication * Version 9.5.9: + [FEATURE] SSE: Fix DSNode to not panic when response has empty response + [FEATURE] Prometheus: Handle the response with different field key order + [BUGFIX] LDAP: Fix user disabling mybatis: - `apache-commons-ognl` is now a non-optional dependency - Fixed building with log4j v1 and v2 dependencies ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) The following package changes have been done: - glibc-2.38-150600.12.1 updated - libpcre2-8-0-10.42-150600.1.26 updated - liblzma5-5.4.1-150600.1.2 updated - libselinux1-3.5-150600.1.46 updated - libglib-2_0-0-2.78.3-150600.2.2 updated - libopenssl3-3.1.4-150600.3.6 updated - libopenssl-3-fips-provider-3.1.4-150600.3.6 updated - patterns-base-fips-20200124-150600.30.1 updated - libgraphite2-3-1.3.14-150600.1.5 updated - libjpeg8-8.2.2-150600.22.5 updated - liblcms2-2-2.15-150600.1.5 updated - openssl-3-3.1.4-150600.3.6 updated - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - coreutils-8.32-150400.9.6.1 updated - libpng16-16-1.6.40-150600.1.3 updated - snpguest-0.3.2~0-150600.1.6 updated - libharfbuzz0-8.3.0-150600.1.3 updated - java-11-openjdk-headless-11.0.23.0-150000.3.113.1 updated - mybatis-3.5.6-150200.5.6.1 updated - uyuni-java-common-5.0.4-150600.1.2 updated - uyuni-coco-attestation-core-5.0.4-150600.1.2 updated - uyuni-coco-attestation-module-snpguest-5.0.4-150600.1.2 updated - uyuni-coco-attestation-module-secureboot-5.0.4-150600.1.2 added - container:sles15-image-15.0.0-45.31 updated From sle-container-updates at lists.suse.com Wed May 29 16:13:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 May 2024 18:13:59 +0200 (CEST) Subject: SUSE-CU-2024:2289-1: Recommended update of suse/manager/5.0/x86_64/server-hub-xmlrpc-api Message-ID: <20240529161359.9B52FFBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-hub-xmlrpc-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2289-1 Container Tags : suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.0-rc , suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.0-rc.3.35 , suse/manager/5.0/x86_64/server-hub-xmlrpc-api:latest Container Release : 3.35 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server-hub-xmlrpc-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1398-1 Released: Tue Apr 23 13:58:22 2024 Summary: Recommended update for systemd-default-settings Type: recommended Severity: moderate References: This update for systemd-default-settings fixes the following issues: - Disable pids controller limit under user instances (jsc#SLE-10123) - Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific 'feature' has been abandoned. - User priority '26' for SLE-Micro - Convert more drop-ins into early ones The following package changes have been done: - cracklib-dict-small-2.9.11-150600.1.90 updated - libldap-data-2.4.46-150600.23.21 updated - glibc-2.38-150600.12.1 updated - libzstd1-1.5.5-150600.1.3 updated - libuuid1-2.39.3-150600.2.1 updated - libsmartcols1-2.39.3-150600.2.1 updated - libsepol2-3.5-150600.1.49 updated - libsasl2-3-2.1.28-150600.5.3 updated - libpcre2-8-0-10.42-150600.1.26 updated - libnghttp2-14-1.40.0-150600.23.2 updated - liblzma5-5.4.1-150600.1.2 updated - liblz4-1-1.9.4-150600.1.4 updated - libgpg-error0-1.47-150600.1.3 updated - libcom_err2-1.47.0-150600.2.26 updated - libblkid1-2.39.3-150600.2.1 updated - libselinux1-3.5-150600.1.46 updated - libgcrypt20-1.10.3-150600.1.23 updated - libfdisk1-2.39.3-150600.2.1 updated - libmount1-2.39.3-150600.2.1 updated - libopenssl3-3.1.4-150600.3.6 updated - libudev1-254.10-150600.2.3 updated - libsystemd0-254.10-150600.2.3 updated - libopenssl-3-fips-provider-3.1.4-150600.3.6 updated - libldap-2_4-2-2.4.46-150600.23.21 updated - krb5-1.20.1-150600.9.2 updated - patterns-base-fips-20200124-150600.30.1 updated - login_defs-4.8.1-150600.15.45 updated - libcrack2-2.9.11-150600.1.90 updated - cracklib-2.9.11-150600.1.90 updated - sed-4.9-150600.1.4 updated - libcurl4-8.6.0-150600.2.2 updated - sles-release-15.6-150600.37.2 updated - shadow-4.8.1-150600.15.45 updated - util-linux-2.39.3-150600.2.1 updated - libkmod2-29-150600.11.4 updated - pam-config-1.1-150600.14.3 updated - systemd-default-settings-branding-SLE-0.10-150300.3.7.1 updated - systemd-default-settings-0.10-150300.3.7.1 updated - xz-5.4.1-150600.1.2 updated - systemd-presets-branding-SLE-15.1-150600.33.1 updated - systemd-254.10-150600.2.3 updated - util-linux-systemd-2.39.3-150600.2.1 updated - wicked-0.6.74-150600.9.2 updated - wicked-service-0.6.74-150600.9.2 updated - rsyslog-8.2306.0-150600.10.6 updated - hub-xmlrpc-api-0.7-150600.1.11 updated - container:sles15-image-15.0.0-45.31 updated From sle-container-updates at lists.suse.com Wed May 29 16:14:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 May 2024 18:14:02 +0200 (CEST) Subject: SUSE-CU-2024:2291-1: Security update of suse/manager/5.0/x86_64/server-migration-14-16 Message-ID: <20240529161402.813E0FCE8@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-migration-14-16 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2291-1 Container Tags : suse/manager/5.0/x86_64/server-migration-14-16:5.0.0-rc , suse/manager/5.0/x86_64/server-migration-14-16:5.0.0-rc.4.59 , suse/manager/5.0/x86_64/server-migration-14-16:latest Container Release : 4.59 Severity : important Type : security References : 1082216 1082233 1213638 CVE-2018-6798 CVE-2018-6913 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server-migration-14-16 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) The following package changes have been done: - cracklib-dict-small-2.9.11-150600.1.90 updated - libldap-data-2.4.46-150600.23.21 updated - glibc-2.38-150600.12.1 updated - libzstd1-1.5.5-150600.1.3 updated - libuuid1-2.39.3-150600.2.1 updated - libsepol2-3.5-150600.1.49 updated - libsasl2-3-2.1.28-150600.5.3 updated - libpcre2-8-0-10.42-150600.1.26 updated - liblzma5-5.4.1-150600.1.2 updated - liblz4-1-1.9.4-150600.1.4 updated - libgpg-error0-1.47-150600.1.3 updated - libcom_err2-1.47.0-150600.2.26 updated - libselinux1-3.5-150600.1.46 updated - libgcrypt20-1.10.3-150600.1.23 updated - libopenssl3-3.1.4-150600.3.6 updated - libsystemd0-254.10-150600.2.3 updated - libopenssl-3-fips-provider-3.1.4-150600.3.6 updated - libldap-2_4-2-2.4.46-150600.23.21 updated - krb5-1.20.1-150600.9.2 updated - patterns-base-fips-20200124-150600.30.1 updated - login_defs-4.8.1-150600.15.45 updated - libcrack2-2.9.11-150600.1.90 updated - cracklib-2.9.11-150600.1.90 updated - shadow-4.8.1-150600.15.45 updated - timezone-2024a-150600.89.2 updated - glibc-locale-base-2.38-150600.12.1 updated - libpq5-16.2-150600.14.11 updated - glibc-locale-2.38-150600.12.1 updated - perl-5.26.1-150300.17.17.1 updated - libopenssl1_1-1.1.1w-150600.3.10 updated - postgresql-16-150600.15.24 updated - postgresql14-14.11-150600.14.4 updated - postgresql16-16.2-150600.14.11 updated - postgresql-server-16-150600.15.24 updated - postgresql14-server-14.11-150600.14.4 updated - postgresql16-server-16.2-150600.14.11 updated - postgresql16-contrib-16.2-150600.14.11 updated - postgresql-contrib-16-150600.15.24 updated - postgresql14-contrib-14.11-150600.14.4 updated - container:suse-manager-5.0-init-5.0.0-rc-5.0.0-rc-4.58 added - container:suse-manager-5.0-init-5.0.0-beta2-5.0.0-beta2-3.74 removed From sle-container-updates at lists.suse.com Thu May 30 07:01:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 May 2024 09:01:51 +0200 (CEST) Subject: SUSE-IU-2024:462-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20240530070151.C8588F788@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:462-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.19 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.19 Severity : important Type : security References : 1218609 1220117 1222548 1223596 1223605 1223858 1224044 1224169 1224340 CVE-2024-2511 CVE-2024-34397 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1787-1 Released: Mon May 27 15:22:56 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1223858,1224169,1224340 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. This update fixes a regression with kerberized nfs4 shares in the previous update (bsc#1223858). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1810-1 Released: Wed May 29 08:58:01 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1218609,1220117,1223605 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) - lscpu: Add more ARM cores (bsc#1223605) - Document that chcpu -g is not supported on IBM z/VM (bsc#1218609) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1830-1 Released: Wed May 29 14:08:50 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1841-1 Released: Wed May 29 18:04:59 2024 Summary: Recommended update for elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image, operator-image1.5, seedimage-builder Type: recommended Severity: moderate References: This update for elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image, operator-image1.5, seedimage-builder contains the following fixes: Changes in elemental-operator: - Update to version 1.4.4: * Added the ability to create a node reset marker for unmanaged hosts Changes in elemental-operator-crds-helm, elemental-operator-helm, operator-image, seedimage-builder: - Update to version 1.4.4 Changes in elemental-operator1.5: - Update to version 1.5.3: * register: don't send new Disks and Controllers data - Update to version 1.5.2: * Added the ability to create a node reset marker for unmanaged hosts * seedimage: use ClusterIP Services Changes in elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image1.5: - Update to version 1.5.3 - Update to version 1.5.2 The following package changes have been done: - libuuid1-2.37.4-150500.9.11.1 updated - libsmartcols1-2.37.4-150500.9.11.1 updated - libcom_err2-1.46.4-150400.3.6.2 updated - libblkid1-2.37.4-150500.9.11.1 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libfdisk1-2.37.4-150500.9.11.1 updated - libmount1-2.37.4-150500.9.11.1 updated - util-linux-2.37.4-150500.9.11.1 updated - util-linux-systemd-2.37.4-150500.9.11.1 updated - kernel-default-base-5.14.21-150500.55.65.1.150500.6.29.1 updated - libglib-2_0-0-2.70.5-150400.3.11.1 updated - libgobject-2_0-0-2.70.5-150400.3.11.1 updated - libgmodule-2_0-0-2.70.5-150400.3.11.1 updated - libgio-2_0-0-2.70.5-150400.3.11.1 updated - glib2-tools-2.70.5-150400.3.11.1 updated - elemental-register1.5-1.5.3-150500.1.8.1 updated - elemental-support1.5-1.5.3-150500.1.8.1 updated - libext2fs2-1.46.4-150400.3.6.2 updated - e2fsprogs-1.46.4-150400.3.6.2 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.7 updated From sle-container-updates at lists.suse.com Thu May 30 07:01:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 May 2024 09:01:55 +0200 (CEST) Subject: SUSE-IU-2024:463-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20240530070155.36DEBF788@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:463-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.21 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.21 Severity : important Type : security References : 1218609 1220117 1222548 1223596 1223605 1223858 1224044 1224169 1224340 CVE-2024-2511 CVE-2024-34397 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1810-1 Released: Wed May 29 08:58:01 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1218609,1220117,1223605 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) - lscpu: Add more ARM cores (bsc#1223605) - Document that chcpu -g is not supported on IBM z/VM (bsc#1218609) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1813-1 Released: Wed May 29 10:06:38 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1223858,1224169,1224340 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. This update fixes a regression with kerberized nfs4 shares in the previous update (bsc#1223858). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1830-1 Released: Wed May 29 14:08:50 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1841-1 Released: Wed May 29 18:04:59 2024 Summary: Recommended update for elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image, operator-image1.5, seedimage-builder Type: recommended Severity: moderate References: This update for elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image, operator-image1.5, seedimage-builder contains the following fixes: Changes in elemental-operator: - Update to version 1.4.4: * Added the ability to create a node reset marker for unmanaged hosts Changes in elemental-operator-crds-helm, elemental-operator-helm, operator-image, seedimage-builder: - Update to version 1.4.4 Changes in elemental-operator1.5: - Update to version 1.5.3: * register: don't send new Disks and Controllers data - Update to version 1.5.2: * Added the ability to create a node reset marker for unmanaged hosts * seedimage: use ClusterIP Services Changes in elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image1.5: - Update to version 1.5.3 - Update to version 1.5.2 The following package changes have been done: - libuuid1-2.37.4-150500.9.11.1 updated - libsmartcols1-2.37.4-150500.9.11.1 updated - libcom_err2-1.46.4-150400.3.6.2 updated - libblkid1-2.37.4-150500.9.11.1 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libfdisk1-2.37.4-150500.9.11.1 updated - libmount1-2.37.4-150500.9.11.1 updated - util-linux-2.37.4-150500.9.11.1 updated - util-linux-systemd-2.37.4-150500.9.11.1 updated - libglib-2_0-0-2.70.5-150400.3.11.1 updated - libgobject-2_0-0-2.70.5-150400.3.11.1 updated - libgmodule-2_0-0-2.70.5-150400.3.11.1 updated - libgio-2_0-0-2.70.5-150400.3.11.1 updated - glib2-tools-2.70.5-150400.3.11.1 updated - elemental-register1.5-1.5.3-150500.1.8.1 updated - elemental-support1.5-1.5.3-150500.1.8.1 updated - libext2fs2-1.46.4-150400.3.6.2 updated - e2fsprogs-1.46.4-150400.3.6.2 updated - kernel-rt-5.14.21-150500.13.55.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.15 updated From sle-container-updates at lists.suse.com Thu May 30 07:02:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 May 2024 09:02:08 +0200 (CEST) Subject: SUSE-IU-2024:464-1: Security update of suse/sle-micro/5.5 Message-ID: <20240530070208.52166F788@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:464-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.15 , suse/sle-micro/5.5:latest Image Release : 5.5.15 Severity : moderate Type : security References : 1218609 1220117 1222548 1223596 1223605 1224044 CVE-2024-2511 CVE-2024-34397 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1810-1 Released: Wed May 29 08:58:01 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1218609,1220117,1223605 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) - lscpu: Add more ARM cores (bsc#1223605) - Document that chcpu -g is not supported on IBM z/VM (bsc#1218609) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1830-1 Released: Wed May 29 14:08:50 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1841-1 Released: Wed May 29 18:04:59 2024 Summary: Recommended update for elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image, operator-image1.5, seedimage-builder Type: recommended Severity: moderate References: This update for elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image, operator-image1.5, seedimage-builder contains the following fixes: Changes in elemental-operator: - Update to version 1.4.4: * Added the ability to create a node reset marker for unmanaged hosts Changes in elemental-operator-crds-helm, elemental-operator-helm, operator-image, seedimage-builder: - Update to version 1.4.4 Changes in elemental-operator1.5: - Update to version 1.5.3: * register: don't send new Disks and Controllers data - Update to version 1.5.2: * Added the ability to create a node reset marker for unmanaged hosts * seedimage: use ClusterIP Services Changes in elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image1.5: - Update to version 1.5.3 - Update to version 1.5.2 The following package changes have been done: - libuuid1-2.37.4-150500.9.11.1 updated - libsmartcols1-2.37.4-150500.9.11.1 updated - libcom_err2-1.46.4-150400.3.6.2 updated - libblkid1-2.37.4-150500.9.11.1 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libfdisk1-2.37.4-150500.9.11.1 updated - libmount1-2.37.4-150500.9.11.1 updated - openssl-1_1-1.1.1l-150500.17.28.2 updated - util-linux-2.37.4-150500.9.11.1 updated - util-linux-systemd-2.37.4-150500.9.11.1 updated - libglib-2_0-0-2.70.5-150400.3.11.1 updated - libgobject-2_0-0-2.70.5-150400.3.11.1 updated - libgmodule-2_0-0-2.70.5-150400.3.11.1 updated - libgio-2_0-0-2.70.5-150400.3.11.1 updated - glib2-tools-2.70.5-150400.3.11.1 updated - elemental-register1.5-1.5.3-150500.1.8.1 updated - elemental-support1.5-1.5.3-150500.1.8.1 updated - libext2fs2-1.46.4-150400.3.6.2 updated - e2fsprogs-1.46.4-150400.3.6.2 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.7 updated From sle-container-updates at lists.suse.com Thu May 30 07:02:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 May 2024 09:02:21 +0200 (CEST) Subject: SUSE-CU-2024:2294-1: Recommended update of rancher/elemental-channel Message-ID: <20240530070221.D8169F788@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2294-1 Container Tags : rancher/elemental-channel:1.4.4 , rancher/elemental-channel:1.4.4-4.5.22 , rancher/elemental-channel:latest Container Release : 4.5.22 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container rancher/elemental-channel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1841-1 Released: Wed May 29 18:04:59 2024 Summary: Recommended update for elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image, operator-image1.5, seedimage-builder Type: recommended Severity: moderate References: This update for elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image, operator-image1.5, seedimage-builder contains the following fixes: Changes in elemental-operator: - Update to version 1.4.4: * Added the ability to create a node reset marker for unmanaged hosts Changes in elemental-operator-crds-helm, elemental-operator-helm, operator-image, seedimage-builder: - Update to version 1.4.4 Changes in elemental-operator1.5: - Update to version 1.5.3: * register: don't send new Disks and Controllers data - Update to version 1.5.2: * Added the ability to create a node reset marker for unmanaged hosts * seedimage: use ClusterIP Services Changes in elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image1.5: - Update to version 1.5.3 - Update to version 1.5.2 The following package changes have been done: - elemental-register-1.4.4-150500.3.6.1 updated From sle-container-updates at lists.suse.com Thu May 30 07:02:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 May 2024 09:02:23 +0200 (CEST) Subject: SUSE-CU-2024:2295-1: Recommended update of rancher/elemental-channel Message-ID: <20240530070223.5C018F788@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2295-1 Container Tags : rancher/elemental-channel:1.5.3 , rancher/elemental-channel:1.5.3-1.5.22 , rancher/elemental-channel:latest Container Release : 1.5.22 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container rancher/elemental-channel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1841-1 Released: Wed May 29 18:04:59 2024 Summary: Recommended update for elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image, operator-image1.5, seedimage-builder Type: recommended Severity: moderate References: This update for elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image, operator-image1.5, seedimage-builder contains the following fixes: Changes in elemental-operator: - Update to version 1.4.4: * Added the ability to create a node reset marker for unmanaged hosts Changes in elemental-operator-crds-helm, elemental-operator-helm, operator-image, seedimage-builder: - Update to version 1.4.4 Changes in elemental-operator1.5: - Update to version 1.5.3: * register: don't send new Disks and Controllers data - Update to version 1.5.2: * Added the ability to create a node reset marker for unmanaged hosts * seedimage: use ClusterIP Services Changes in elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image1.5: - Update to version 1.5.3 - Update to version 1.5.2 The following package changes have been done: - elemental-register1.5-1.5.3-150500.1.8.1 updated From sle-container-updates at lists.suse.com Thu May 30 07:02:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 May 2024 09:02:26 +0200 (CEST) Subject: SUSE-CU-2024:2296-1: Recommended update of rancher/elemental-rt-channel Message-ID: <20240530070226.1852FF788@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-rt-channel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2296-1 Container Tags : rancher/elemental-rt-channel:1.4.4 , rancher/elemental-rt-channel:1.4.4-3.5.20 , rancher/elemental-rt-channel:latest Container Release : 3.5.20 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container rancher/elemental-rt-channel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1841-1 Released: Wed May 29 18:04:59 2024 Summary: Recommended update for elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image, operator-image1.5, seedimage-builder Type: recommended Severity: moderate References: This update for elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image, operator-image1.5, seedimage-builder contains the following fixes: Changes in elemental-operator: - Update to version 1.4.4: * Added the ability to create a node reset marker for unmanaged hosts Changes in elemental-operator-crds-helm, elemental-operator-helm, operator-image, seedimage-builder: - Update to version 1.4.4 Changes in elemental-operator1.5: - Update to version 1.5.3: * register: don't send new Disks and Controllers data - Update to version 1.5.2: * Added the ability to create a node reset marker for unmanaged hosts * seedimage: use ClusterIP Services Changes in elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image1.5: - Update to version 1.5.3 - Update to version 1.5.2 The following package changes have been done: - elemental-register-1.4.4-150500.3.6.1 updated From sle-container-updates at lists.suse.com Thu May 30 07:02:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 May 2024 09:02:27 +0200 (CEST) Subject: SUSE-CU-2024:2297-1: Recommended update of rancher/elemental-rt-channel Message-ID: <20240530070227.94C08F788@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-rt-channel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2297-1 Container Tags : rancher/elemental-rt-channel:1.5.3 , rancher/elemental-rt-channel:1.5.3-1.5.20 , rancher/elemental-rt-channel:latest Container Release : 1.5.20 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container rancher/elemental-rt-channel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1841-1 Released: Wed May 29 18:04:59 2024 Summary: Recommended update for elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image, operator-image1.5, seedimage-builder Type: recommended Severity: moderate References: This update for elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image, operator-image1.5, seedimage-builder contains the following fixes: Changes in elemental-operator: - Update to version 1.4.4: * Added the ability to create a node reset marker for unmanaged hosts Changes in elemental-operator-crds-helm, elemental-operator-helm, operator-image, seedimage-builder: - Update to version 1.4.4 Changes in elemental-operator1.5: - Update to version 1.5.3: * register: don't send new Disks and Controllers data - Update to version 1.5.2: * Added the ability to create a node reset marker for unmanaged hosts * seedimage: use ClusterIP Services Changes in elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image1.5: - Update to version 1.5.3 - Update to version 1.5.2 The following package changes have been done: - elemental-register1.5-1.5.3-150500.1.8.1 updated From sle-container-updates at lists.suse.com Thu May 30 07:05:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 May 2024 09:05:48 +0200 (CEST) Subject: SUSE-CU-2024:2303-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20240530070548.D945AF77F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2303-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.8.35 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.8.35 Severity : low Type : security References : 1224044 CVE-2024-34397 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1830-1 Released: Wed May 29 14:08:50 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044). The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.11.1 updated - libgmodule-2_0-0-2.70.5-150400.3.11.1 updated From sle-container-updates at lists.suse.com Thu May 30 07:08:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 May 2024 09:08:26 +0200 (CEST) Subject: SUSE-CU-2024:2305-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20240530070826.1E27DF77F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2305-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.15.34 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.15.34 Severity : low Type : security References : 1224044 CVE-2024-34397 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1830-1 Released: Wed May 29 14:08:50 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044). The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.11.1 updated - libgmodule-2_0-0-2.70.5-150400.3.11.1 updated From sle-container-updates at lists.suse.com Thu May 30 07:09:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 May 2024 09:09:13 +0200 (CEST) Subject: SUSE-CU-2024:2306-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20240530070913.1EC8AF77F@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2306-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.36 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.36 Container Release : 3.36 Severity : low Type : security References : 1224044 CVE-2024-34397 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1830-1 Released: Wed May 29 14:08:50 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044). The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.11.1 updated From sle-container-updates at lists.suse.com Thu May 30 07:09:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 May 2024 09:09:57 +0200 (CEST) Subject: SUSE-CU-2024:2307-1: Security update of suse/389-ds Message-ID: <20240530070957.0CF36F77F@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2307-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-22.14 , suse/389-ds:latest Container Release : 22.14 Severity : moderate Type : security References : 1222548 1223596 CVE-2024-2511 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). The following package changes have been done: - libcom_err2-1.46.4-150400.3.6.2 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libopenssl1_1-hmac-1.1.1l-150500.17.28.2 updated - openssl-1_1-1.1.1l-150500.17.28.2 updated - container:sles15-image-15.0.0-36.11.38 updated From sle-container-updates at lists.suse.com Thu May 30 07:11:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 May 2024 09:11:27 +0200 (CEST) Subject: SUSE-CU-2024:2310-1: Security update of suse/registry Message-ID: <20240530071127.8B62DF77F@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2310-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-25.8 , suse/registry:latest Container Release : 25.8 Severity : moderate Type : security References : 1218609 1220117 1222548 1223596 1223605 CVE-2024-2511 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1810-1 Released: Wed May 29 08:58:01 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1218609,1220117,1223605 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) - lscpu: Add more ARM cores (bsc#1223605) - Document that chcpu -g is not supported on IBM z/VM (bsc#1218609) The following package changes have been done: - libblkid1-2.37.4-150500.9.11.1 updated - libcom_err2-1.46.4-150400.3.6.2 updated - libfdisk1-2.37.4-150500.9.11.1 updated - libmount1-2.37.4-150500.9.11.1 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libsmartcols1-2.37.4-150500.9.11.1 updated - libuuid1-2.37.4-150500.9.11.1 updated - openssl-1_1-1.1.1l-150500.17.28.2 updated - util-linux-2.37.4-150500.9.11.1 updated From sle-container-updates at lists.suse.com Thu May 30 07:14:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 May 2024 09:14:14 +0200 (CEST) Subject: SUSE-CU-2024:2315-1: Security update of bci/golang Message-ID: <20240530071414.2D25DF77F@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2315-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-2.7.2 , bci/golang:oldstable , bci/golang:oldstable-2.7.2 Container Release : 7.2 Severity : important Type : security References : 1222548 1223596 1224168 1224170 1224171 1224172 1224173 CVE-2024-2511 CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1807-1 Released: Tue May 28 22:11:31 2024 Summary: Security update for git Type: security Severity: important References: 1224168,1224170,1224171,1224172,1224173,CVE-2024-32002,CVE-2024-32004,CVE-2024-32020,CVE-2024-32021,CVE-2024-32465 This update for git fixes the following issues: - CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (bsc#1224168). - CVE-2024-32004: Fixed arbitrary code execution during local clones (bsc#1224170). - CVE-2024-32020: Fixed file overwriting vulnerability during local clones (bsc#1224171). - CVE-2024-32021: Fixed git may create hardlinks to arbitrary user-readable files (bsc#1224172). - CVE-2024-32465: Fixed arbitrary code execution during clone operations (bsc#1224173). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). The following package changes have been done: - libcom_err2-1.46.4-150400.3.6.2 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libopenssl1_1-hmac-1.1.1l-150500.17.28.2 updated - git-core-2.35.3-150300.10.39.1 updated - container:sles15-image-15.0.0-36.11.38 updated From sle-container-updates at lists.suse.com Thu May 30 07:14:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 May 2024 09:14:42 +0200 (CEST) Subject: SUSE-CU-2024:2316-1: Security update of bci/golang Message-ID: <20240530071442.A1B06F77F@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2316-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-17.2 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-17.2 Container Release : 17.2 Severity : important Type : security References : 1222548 1223596 1224168 1224170 1224171 1224172 1224173 CVE-2024-2511 CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1807-1 Released: Tue May 28 22:11:31 2024 Summary: Security update for git Type: security Severity: important References: 1224168,1224170,1224171,1224172,1224173,CVE-2024-32002,CVE-2024-32004,CVE-2024-32020,CVE-2024-32021,CVE-2024-32465 This update for git fixes the following issues: - CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (bsc#1224168). - CVE-2024-32004: Fixed arbitrary code execution during local clones (bsc#1224170). - CVE-2024-32020: Fixed file overwriting vulnerability during local clones (bsc#1224171). - CVE-2024-32021: Fixed git may create hardlinks to arbitrary user-readable files (bsc#1224172). - CVE-2024-32465: Fixed arbitrary code execution during clone operations (bsc#1224173). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). The following package changes have been done: - libcom_err2-1.46.4-150400.3.6.2 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libopenssl1_1-hmac-1.1.1l-150500.17.28.2 updated - openssl-1_1-1.1.1l-150500.17.28.2 updated - git-core-2.35.3-150300.10.39.1 updated - libopenssl-1_1-devel-1.1.1l-150500.17.28.2 updated - container:sles15-image-15.0.0-36.11.38 updated From sle-container-updates at lists.suse.com Thu May 30 07:15:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 May 2024 09:15:09 +0200 (CEST) Subject: SUSE-CU-2024:2317-1: Security update of bci/golang Message-ID: <20240530071509.B7D58F77F@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2317-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-17.1 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-17.1 Container Release : 17.1 Severity : important Type : security References : 1222548 1223596 1224168 1224170 1224171 1224172 1224173 CVE-2024-2511 CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1807-1 Released: Tue May 28 22:11:31 2024 Summary: Security update for git Type: security Severity: important References: 1224168,1224170,1224171,1224172,1224173,CVE-2024-32002,CVE-2024-32004,CVE-2024-32020,CVE-2024-32021,CVE-2024-32465 This update for git fixes the following issues: - CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (bsc#1224168). - CVE-2024-32004: Fixed arbitrary code execution during local clones (bsc#1224170). - CVE-2024-32020: Fixed file overwriting vulnerability during local clones (bsc#1224171). - CVE-2024-32021: Fixed git may create hardlinks to arbitrary user-readable files (bsc#1224172). - CVE-2024-32465: Fixed arbitrary code execution during clone operations (bsc#1224173). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). The following package changes have been done: - libcom_err2-1.46.4-150400.3.6.2 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libopenssl1_1-hmac-1.1.1l-150500.17.28.2 updated - openssl-1_1-1.1.1l-150500.17.28.2 updated - git-core-2.35.3-150300.10.39.1 updated - libopenssl-1_1-devel-1.1.1l-150500.17.28.2 updated - container:sles15-image-15.0.0-36.11.38 updated From sle-container-updates at lists.suse.com Thu May 30 07:15:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 May 2024 09:15:48 +0200 (CEST) Subject: SUSE-CU-2024:2318-1: Security update of bci/bci-init Message-ID: <20240530071548.A5239F77F@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2318-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.18.12 , bci/bci-init:latest Container Release : 18.12 Severity : moderate Type : security References : 1218609 1220117 1222548 1223596 1223605 CVE-2024-2511 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1810-1 Released: Wed May 29 08:58:01 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1218609,1220117,1223605 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) - lscpu: Add more ARM cores (bsc#1223605) - Document that chcpu -g is not supported on IBM z/VM (bsc#1218609) The following package changes have been done: - libuuid1-2.37.4-150500.9.11.1 updated - libsmartcols1-2.37.4-150500.9.11.1 updated - libblkid1-2.37.4-150500.9.11.1 updated - libfdisk1-2.37.4-150500.9.11.1 updated - libcom_err2-1.46.4-150400.3.6.2 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libopenssl1_1-hmac-1.1.1l-150500.17.28.2 updated - libmount1-2.37.4-150500.9.11.1 updated - util-linux-2.37.4-150500.9.11.1 updated - container:sles15-image-15.0.0-36.11.38 updated From sle-container-updates at lists.suse.com Thu May 30 07:16:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 May 2024 09:16:18 +0200 (CEST) Subject: SUSE-CU-2024:2319-1: Security update of suse/nginx Message-ID: <20240530071618.D9753F77F@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2319-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-13.11 , suse/nginx:latest Container Release : 13.11 Severity : moderate Type : security References : 1218609 1220117 1222548 1223596 1223605 CVE-2024-2511 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1810-1 Released: Wed May 29 08:58:01 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1218609,1220117,1223605 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) - lscpu: Add more ARM cores (bsc#1223605) - Document that chcpu -g is not supported on IBM z/VM (bsc#1218609) The following package changes have been done: - libuuid1-2.37.4-150500.9.11.1 updated - libcom_err2-1.46.4-150400.3.6.2 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libopenssl1_1-hmac-1.1.1l-150500.17.28.2 updated - container:sles15-image-15.0.0-36.11.38 updated From sle-container-updates at lists.suse.com Thu May 30 07:16:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 May 2024 09:16:57 +0200 (CEST) Subject: SUSE-CU-2024:2320-1: Security update of bci/nodejs Message-ID: <20240530071657.A004BF77F@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2320-1 Container Tags : bci/node:18 , bci/node:18-21.9 , bci/nodejs:18 , bci/nodejs:18-21.9 Container Release : 21.9 Severity : important Type : security References : 1222548 1223596 1224168 1224170 1224171 1224172 1224173 CVE-2024-2511 CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1807-1 Released: Tue May 28 22:11:31 2024 Summary: Security update for git Type: security Severity: important References: 1224168,1224170,1224171,1224172,1224173,CVE-2024-32002,CVE-2024-32004,CVE-2024-32020,CVE-2024-32021,CVE-2024-32465 This update for git fixes the following issues: - CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (bsc#1224168). - CVE-2024-32004: Fixed arbitrary code execution during local clones (bsc#1224170). - CVE-2024-32020: Fixed file overwriting vulnerability during local clones (bsc#1224171). - CVE-2024-32021: Fixed git may create hardlinks to arbitrary user-readable files (bsc#1224172). - CVE-2024-32465: Fixed arbitrary code execution during clone operations (bsc#1224173). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). The following package changes have been done: - libcom_err2-1.46.4-150400.3.6.2 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libopenssl1_1-hmac-1.1.1l-150500.17.28.2 updated - git-core-2.35.3-150300.10.39.1 updated - container:sles15-image-15.0.0-36.11.38 updated From sle-container-updates at lists.suse.com Thu May 30 07:17:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 May 2024 09:17:20 +0200 (CEST) Subject: SUSE-CU-2024:2321-1: Security update of bci/nodejs Message-ID: <20240530071720.26874F77F@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2321-1 Container Tags : bci/node:20 , bci/node:20-10.9 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-10.9 , bci/nodejs:latest Container Release : 10.9 Severity : important Type : security References : 1222548 1223596 1224168 1224170 1224171 1224172 1224173 CVE-2024-2511 CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1807-1 Released: Tue May 28 22:11:31 2024 Summary: Security update for git Type: security Severity: important References: 1224168,1224170,1224171,1224172,1224173,CVE-2024-32002,CVE-2024-32004,CVE-2024-32020,CVE-2024-32021,CVE-2024-32465 This update for git fixes the following issues: - CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (bsc#1224168). - CVE-2024-32004: Fixed arbitrary code execution during local clones (bsc#1224170). - CVE-2024-32020: Fixed file overwriting vulnerability during local clones (bsc#1224171). - CVE-2024-32021: Fixed git may create hardlinks to arbitrary user-readable files (bsc#1224172). - CVE-2024-32465: Fixed arbitrary code execution during clone operations (bsc#1224173). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). The following package changes have been done: - libcom_err2-1.46.4-150400.3.6.2 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libopenssl1_1-hmac-1.1.1l-150500.17.28.2 updated - git-core-2.35.3-150300.10.39.1 updated - container:sles15-image-15.0.0-36.11.38 updated From sle-container-updates at lists.suse.com Fri May 31 07:01:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 May 2024 09:01:42 +0200 (CEST) Subject: SUSE-IU-2024:466-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20240531070142.17813F788@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:466-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.9 , suse/sle-micro/base-5.5:latest Image Release : 5.8.9 Severity : moderate Type : security References : 1218609 1220117 1222548 1223596 1223605 1224044 CVE-2024-2511 CVE-2024-34397 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1810-1 Released: Wed May 29 08:58:01 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1218609,1220117,1223605 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) - lscpu: Add more ARM cores (bsc#1223605) - Document that chcpu -g is not supported on IBM z/VM (bsc#1218609) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1830-1 Released: Wed May 29 14:08:50 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044). The following package changes have been done: - libuuid1-2.37.4-150500.9.11.1 updated - libsmartcols1-2.37.4-150500.9.11.1 updated - libblkid1-2.37.4-150500.9.11.1 updated - libfdisk1-2.37.4-150500.9.11.1 updated - libcom_err2-1.46.4-150400.3.6.2 updated - libglib-2_0-0-2.70.5-150400.3.11.1 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libopenssl1_1-hmac-1.1.1l-150500.17.28.2 updated - libmount1-2.37.4-150500.9.11.1 updated - util-linux-2.37.4-150500.9.11.1 updated - openssl-1_1-1.1.1l-150500.17.28.2 updated From sle-container-updates at lists.suse.com Fri May 31 07:04:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 May 2024 09:04:26 +0200 (CEST) Subject: SUSE-CU-2024:2323-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20240531070426.7F98EF77F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2323-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.15.35 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.15.35 Severity : important Type : recommended References : 1220082 1222021 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1848-1 Released: Thu May 30 06:52:35 2024 Summary: Recommended update for supportutils Type: recommended Severity: important References: 1220082,1222021 This update for supportutils fixes the following issues: - Suppress file descriptor leak warnings from lvm commands (bsc#1220082) - Add -V key:value pair option (bsc#1222021, PED-8211) - Avoid getting duplicate kernel verifications in boot.text - Include container log timestamps The following package changes have been done: - supportutils-3.1.30-150300.7.35.30.1 updated From sle-container-updates at lists.suse.com Fri May 31 07:03:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 May 2024 09:03:18 +0200 (CEST) Subject: SUSE-CU-2024:2322-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20240531070318.CE7ECF788@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2322-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.8.36 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.8.36 Severity : important Type : recommended References : 1220082 1222021 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1848-1 Released: Thu May 30 06:52:35 2024 Summary: Recommended update for supportutils Type: recommended Severity: important References: 1220082,1222021 This update for supportutils fixes the following issues: - Suppress file descriptor leak warnings from lvm commands (bsc#1220082) - Add -V key:value pair option (bsc#1222021, PED-8211) - Avoid getting duplicate kernel verifications in boot.text - Include container log timestamps The following package changes have been done: - supportutils-3.1.30-150300.7.35.30.1 updated From sle-container-updates at lists.suse.com Fri May 31 07:05:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 May 2024 09:05:18 +0200 (CEST) Subject: SUSE-CU-2024:2324-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20240531070518.D5B19F77F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2324-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.244 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.244 Severity : important Type : security References : 1218609 1220082 1220117 1222021 1222548 1223596 1223605 1224044 CVE-2024-2511 CVE-2024-34397 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1810-1 Released: Wed May 29 08:58:01 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1218609,1220117,1223605 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) - lscpu: Add more ARM cores (bsc#1223605) - Document that chcpu -g is not supported on IBM z/VM (bsc#1218609) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1830-1 Released: Wed May 29 14:08:50 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1848-1 Released: Thu May 30 06:52:35 2024 Summary: Recommended update for supportutils Type: recommended Severity: important References: 1220082,1222021 This update for supportutils fixes the following issues: - Suppress file descriptor leak warnings from lvm commands (bsc#1220082) - Add -V key:value pair option (bsc#1222021, PED-8211) - Avoid getting duplicate kernel verifications in boot.text - Include container log timestamps The following package changes have been done: - libblkid1-2.37.4-150500.9.11.1 updated - libcom_err2-1.46.4-150400.3.6.2 updated - libfdisk1-2.37.4-150500.9.11.1 updated - libglib-2_0-0-2.70.5-150400.3.11.1 updated - libgmodule-2_0-0-2.70.5-150400.3.11.1 updated - libmount1-2.37.4-150500.9.11.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.28.2 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libsmartcols1-2.37.4-150500.9.11.1 updated - libuuid1-2.37.4-150500.9.11.1 updated - openssl-1_1-1.1.1l-150500.17.28.2 updated - supportutils-3.1.30-150300.7.35.30.1 updated - util-linux-2.37.4-150500.9.11.1 updated - container:sles15-image-15.0.0-36.11.38 updated From sle-container-updates at lists.suse.com Fri May 31 07:06:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 May 2024 09:06:20 +0200 (CEST) Subject: SUSE-CU-2024:2325-1: Security update of suse/registry Message-ID: <20240531070620.44A8DF77F@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2325-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-25.9 , suse/registry:latest Container Release : 25.9 Severity : important Type : security References : 1221401 1222330 1222332 CVE-2023-38709 CVE-2024-24795 CVE-2024-27316 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1868-1 Released: Thu May 30 14:23:07 2024 Summary: Security update for apache2 Type: security Severity: important References: 1221401,1222330,1222332,CVE-2023-38709,CVE-2024-24795,CVE-2024-27316 This update for apache2 fixes the following issues: - CVE-2023-38709: Fixed faulty input validation inside the HTTP response splitting code (bsc#1222330). - CVE-2024-24795: Fixed handling of malicious HTTP splitting response headers in multiple modules (bsc#1222332). - CVE-2024-27316: Fixed HTTP/2 CONTINUATION frames that could have been utilized for DoS attacks (bsc#1221401). The following package changes have been done: - apache2-utils-2.4.51-150400.6.17.1 updated From sle-container-updates at lists.suse.com Fri May 31 07:06:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 May 2024 09:06:35 +0200 (CEST) Subject: SUSE-CU-2024:2326-1: Security update of suse/git Message-ID: <20240531070636.00115F77F@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2326-1 Container Tags : suse/git:2.35 , suse/git:2.35-12.7 , suse/git:latest Container Release : 12.7 Severity : important Type : security References : 1222548 1223596 1224168 1224170 1224171 1224172 1224173 CVE-2024-2511 CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1807-1 Released: Tue May 28 22:11:31 2024 Summary: Security update for git Type: security Severity: important References: 1224168,1224170,1224171,1224172,1224173,CVE-2024-32002,CVE-2024-32004,CVE-2024-32020,CVE-2024-32021,CVE-2024-32465 This update for git fixes the following issues: - CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (bsc#1224168). - CVE-2024-32004: Fixed arbitrary code execution during local clones (bsc#1224170). - CVE-2024-32020: Fixed file overwriting vulnerability during local clones (bsc#1224171). - CVE-2024-32021: Fixed git may create hardlinks to arbitrary user-readable files (bsc#1224172). - CVE-2024-32465: Fixed arbitrary code execution during clone operations (bsc#1224173). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). The following package changes have been done: - git-core-2.35.3-150300.10.39.1 updated - libcom_err2-1.46.4-150400.3.6.2 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated From sle-container-updates at lists.suse.com Fri May 31 07:07:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 May 2024 09:07:12 +0200 (CEST) Subject: SUSE-CU-2024:2327-1: Security update of bci/golang Message-ID: <20240531070712.18E9CF77F@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2327-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-1.7.2 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.7.2 Container Release : 7.2 Severity : important Type : security References : 1222548 1223596 1224168 1224170 1224171 1224172 1224173 CVE-2024-2511 CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1807-1 Released: Tue May 28 22:11:31 2024 Summary: Security update for git Type: security Severity: important References: 1224168,1224170,1224171,1224172,1224173,CVE-2024-32002,CVE-2024-32004,CVE-2024-32020,CVE-2024-32021,CVE-2024-32465 This update for git fixes the following issues: - CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (bsc#1224168). - CVE-2024-32004: Fixed arbitrary code execution during local clones (bsc#1224170). - CVE-2024-32020: Fixed file overwriting vulnerability during local clones (bsc#1224171). - CVE-2024-32021: Fixed git may create hardlinks to arbitrary user-readable files (bsc#1224172). - CVE-2024-32465: Fixed arbitrary code execution during clone operations (bsc#1224173). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). The following package changes have been done: - libcom_err2-1.46.4-150400.3.6.2 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libopenssl1_1-hmac-1.1.1l-150500.17.28.2 updated - git-core-2.35.3-150300.10.39.1 updated - container:sles15-image-15.0.0-36.11.38 updated From sle-container-updates at lists.suse.com Fri May 31 07:07:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 May 2024 09:07:38 +0200 (CEST) Subject: SUSE-CU-2024:2321-1: Security update of bci/nodejs Message-ID: <20240531070738.1C1C5F77F@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2321-1 Container Tags : bci/node:20 , bci/node:20-10.9 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-10.9 , bci/nodejs:latest Container Release : 10.9 Severity : important Type : security References : 1222548 1223596 1224168 1224170 1224171 1224172 1224173 CVE-2024-2511 CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1807-1 Released: Tue May 28 22:11:31 2024 Summary: Security update for git Type: security Severity: important References: 1224168,1224170,1224171,1224172,1224173,CVE-2024-32002,CVE-2024-32004,CVE-2024-32020,CVE-2024-32021,CVE-2024-32465 This update for git fixes the following issues: - CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (bsc#1224168). - CVE-2024-32004: Fixed arbitrary code execution during local clones (bsc#1224170). - CVE-2024-32020: Fixed file overwriting vulnerability during local clones (bsc#1224171). - CVE-2024-32021: Fixed git may create hardlinks to arbitrary user-readable files (bsc#1224172). - CVE-2024-32465: Fixed arbitrary code execution during clone operations (bsc#1224173). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). The following package changes have been done: - libcom_err2-1.46.4-150400.3.6.2 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libopenssl1_1-hmac-1.1.1l-150500.17.28.2 updated - git-core-2.35.3-150300.10.39.1 updated - container:sles15-image-15.0.0-36.11.38 updated From sle-container-updates at lists.suse.com Fri May 31 07:08:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 May 2024 09:08:16 +0200 (CEST) Subject: SUSE-CU-2024:2328-1: Security update of bci/openjdk Message-ID: <20240531070816.B89DCF77F@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2328-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-18.10 Container Release : 18.10 Severity : moderate Type : security References : 1218609 1220117 1222548 1223605 1224044 CVE-2024-2511 CVE-2024-34397 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1810-1 Released: Wed May 29 08:58:01 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1218609,1220117,1223605 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) - lscpu: Add more ARM cores (bsc#1223605) - Document that chcpu -g is not supported on IBM z/VM (bsc#1218609) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1830-1 Released: Wed May 29 14:08:50 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044). The following package changes have been done: - libuuid1-2.37.4-150500.9.11.1 updated - libglib-2_0-0-2.70.5-150400.3.11.1 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libopenssl1_1-hmac-1.1.1l-150500.17.28.2 updated - openssl-1_1-1.1.1l-150500.17.28.2 updated - container:sles15-image-15.0.0-36.11.38 updated From sle-container-updates at lists.suse.com Fri May 31 07:09:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 May 2024 09:09:00 +0200 (CEST) Subject: SUSE-CU-2024:2329-1: Security update of bci/openjdk Message-ID: <20240531070900.A5FC2F77F@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2329-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-19.9 , bci/openjdk:latest Container Release : 19.9 Severity : moderate Type : security References : 1218609 1220117 1222548 1223605 CVE-2024-2511 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1810-1 Released: Wed May 29 08:58:01 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1218609,1220117,1223605 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) - lscpu: Add more ARM cores (bsc#1223605) - Document that chcpu -g is not supported on IBM z/VM (bsc#1218609) The following package changes have been done: - libuuid1-2.37.4-150500.9.11.1 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libopenssl1_1-hmac-1.1.1l-150500.17.28.2 updated - openssl-1_1-1.1.1l-150500.17.28.2 updated - container:sles15-image-15.0.0-36.11.38 updated From sle-container-updates at lists.suse.com Fri May 31 07:09:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 May 2024 09:09:53 +0200 (CEST) Subject: SUSE-CU-2024:2330-1: Security update of suse/pcp Message-ID: <20240531070953.B9522F77F@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2330-1 Container Tags : suse/pcp:5 , suse/pcp:5-26.28 , suse/pcp:5.2 , suse/pcp:5.2-26.28 , suse/pcp:5.2.5 , suse/pcp:5.2.5-26.28 , suse/pcp:latest Container Release : 26.28 Severity : moderate Type : security References : 1218609 1220117 1222548 1223596 1223605 CVE-2024-2511 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1810-1 Released: Wed May 29 08:58:01 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1218609,1220117,1223605 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) - lscpu: Add more ARM cores (bsc#1223605) - Document that chcpu -g is not supported on IBM z/VM (bsc#1218609) The following package changes have been done: - libuuid1-2.37.4-150500.9.11.1 updated - libsmartcols1-2.37.4-150500.9.11.1 updated - libblkid1-2.37.4-150500.9.11.1 updated - libfdisk1-2.37.4-150500.9.11.1 updated - libcom_err2-1.46.4-150400.3.6.2 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libopenssl1_1-hmac-1.1.1l-150500.17.28.2 updated - libmount1-2.37.4-150500.9.11.1 updated - util-linux-2.37.4-150500.9.11.1 updated - util-linux-systemd-2.37.4-150500.9.11.1 updated - container:bci-bci-init-15.5-15.5-18.12 updated From sle-container-updates at lists.suse.com Fri May 31 07:10:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 May 2024 09:10:41 +0200 (CEST) Subject: SUSE-CU-2024:2331-1: Security update of bci/php-apache Message-ID: <20240531071041.CC758F77F@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2331-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-19.10 , bci/php-apache:latest Container Release : 19.10 Severity : moderate Type : security References : 1218609 1220117 1222548 1223596 1223605 CVE-2024-2511 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1810-1 Released: Wed May 29 08:58:01 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1218609,1220117,1223605 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) - lscpu: Add more ARM cores (bsc#1223605) - Document that chcpu -g is not supported on IBM z/VM (bsc#1218609) The following package changes have been done: - libuuid1-2.37.4-150500.9.11.1 updated - libcom_err2-1.46.4-150400.3.6.2 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libopenssl1_1-hmac-1.1.1l-150500.17.28.2 updated - container:sles15-image-15.0.0-36.11.38 updated From sle-container-updates at lists.suse.com Fri May 31 07:10:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 May 2024 09:10:42 +0200 (CEST) Subject: SUSE-CU-2024:2332-1: Security update of bci/php-apache Message-ID: <20240531071042.8EF5AF77F@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2332-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-19.11 , bci/php-apache:latest Container Release : 19.11 Severity : important Type : security References : 1221401 1222330 1222332 CVE-2023-38709 CVE-2024-24795 CVE-2024-27316 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1868-1 Released: Thu May 30 14:23:07 2024 Summary: Security update for apache2 Type: security Severity: important References: 1221401,1222330,1222332,CVE-2023-38709,CVE-2024-24795,CVE-2024-27316 This update for apache2 fixes the following issues: - CVE-2023-38709: Fixed faulty input validation inside the HTTP response splitting code (bsc#1222330). - CVE-2024-24795: Fixed handling of malicious HTTP splitting response headers in multiple modules (bsc#1222332). - CVE-2024-27316: Fixed HTTP/2 CONTINUATION frames that could have been utilized for DoS attacks (bsc#1221401). The following package changes have been done: - apache2-utils-2.4.51-150400.6.17.1 updated - apache2-2.4.51-150400.6.17.1 updated - apache2-prefork-2.4.51-150400.6.17.1 updated From sle-container-updates at lists.suse.com Fri May 31 07:11:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 May 2024 09:11:26 +0200 (CEST) Subject: SUSE-CU-2024:2333-1: Security update of bci/php-fpm Message-ID: <20240531071126.26B29F77F@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2333-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-20.8 , bci/php-fpm:latest Container Release : 20.8 Severity : moderate Type : security References : 1222548 1223596 CVE-2024-2511 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). The following package changes have been done: - libcom_err2-1.46.4-150400.3.6.2 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libopenssl1_1-hmac-1.1.1l-150500.17.28.2 updated - container:sles15-image-15.0.0-36.11.38 updated From sle-container-updates at lists.suse.com Fri May 31 07:12:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 May 2024 09:12:08 +0200 (CEST) Subject: SUSE-CU-2024:2334-1: Security update of bci/php Message-ID: <20240531071208.E874AF77F@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2334-1 Container Tags : bci/php:8 , bci/php:8-19.9 , bci/php:latest Container Release : 19.9 Severity : moderate Type : security References : 1222548 1223596 CVE-2024-2511 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). The following package changes have been done: - libcom_err2-1.46.4-150400.3.6.2 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libopenssl1_1-hmac-1.1.1l-150500.17.28.2 updated - container:sles15-image-15.0.0-36.11.38 updated From sle-container-updates at lists.suse.com Fri May 31 07:12:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 May 2024 09:12:47 +0200 (CEST) Subject: SUSE-CU-2024:2335-1: Security update of suse/postgres Message-ID: <20240531071247.CC3CEF77F@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2335-1 Container Tags : suse/postgres:15 , suse/postgres:15-20.10 , suse/postgres:15.7 , suse/postgres:15.7-20.10 Container Release : 20.10 Severity : moderate Type : security References : 1222548 1223596 CVE-2024-2511 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). The following package changes have been done: - libcom_err2-1.46.4-150400.3.6.2 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libopenssl1_1-hmac-1.1.1l-150500.17.28.2 updated - container:sles15-image-15.0.0-36.11.38 updated From sle-container-updates at lists.suse.com Fri May 31 07:13:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 May 2024 09:13:07 +0200 (CEST) Subject: SUSE-CU-2024:2336-1: Security update of suse/postgres Message-ID: <20240531071307.31BE8F77F@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2336-1 Container Tags : suse/postgres:16 , suse/postgres:16-9.9 , suse/postgres:16.3 , suse/postgres:16.3-9.9 , suse/postgres:latest Container Release : 9.9 Severity : moderate Type : security References : 1222548 1223596 CVE-2024-2511 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). The following package changes have been done: - libcom_err2-1.46.4-150400.3.6.2 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libopenssl1_1-hmac-1.1.1l-150500.17.28.2 updated - container:sles15-image-15.0.0-36.11.38 updated From sle-container-updates at lists.suse.com Fri May 31 07:13:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 May 2024 09:13:51 +0200 (CEST) Subject: SUSE-CU-2024:2337-1: Security update of bci/python Message-ID: <20240531071351.67A48F77F@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2337-1 Container Tags : bci/python:3 , bci/python:3-20.10 , bci/python:3.11 , bci/python:3.11-20.10 , bci/python:latest Container Release : 20.10 Severity : important Type : security References : 1218609 1220117 1222548 1223596 1223605 1224168 1224170 1224171 1224172 1224173 CVE-2024-2511 CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1807-1 Released: Tue May 28 22:11:31 2024 Summary: Security update for git Type: security Severity: important References: 1224168,1224170,1224171,1224172,1224173,CVE-2024-32002,CVE-2024-32004,CVE-2024-32020,CVE-2024-32021,CVE-2024-32465 This update for git fixes the following issues: - CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (bsc#1224168). - CVE-2024-32004: Fixed arbitrary code execution during local clones (bsc#1224170). - CVE-2024-32020: Fixed file overwriting vulnerability during local clones (bsc#1224171). - CVE-2024-32021: Fixed git may create hardlinks to arbitrary user-readable files (bsc#1224172). - CVE-2024-32465: Fixed arbitrary code execution during clone operations (bsc#1224173). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1810-1 Released: Wed May 29 08:58:01 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1218609,1220117,1223605 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) - lscpu: Add more ARM cores (bsc#1223605) - Document that chcpu -g is not supported on IBM z/VM (bsc#1218609) The following package changes have been done: - libuuid1-2.37.4-150500.9.11.1 updated - libcom_err2-1.46.4-150400.3.6.2 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libopenssl1_1-hmac-1.1.1l-150500.17.28.2 updated - openssl-1_1-1.1.1l-150500.17.28.2 updated - git-core-2.35.3-150300.10.39.1 updated - container:sles15-image-15.0.0-36.11.38 updated From sle-container-updates at lists.suse.com Fri May 31 07:14:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 May 2024 09:14:39 +0200 (CEST) Subject: SUSE-CU-2024:2338-1: Security update of bci/python Message-ID: <20240531071439.5ED05F77F@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2338-1 Container Tags : bci/python:3 , bci/python:3-22.9 , bci/python:3.6 , bci/python:3.6-22.9 Container Release : 22.9 Severity : important Type : security References : 1222548 1223596 1224168 1224170 1224171 1224172 1224173 CVE-2024-2511 CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1807-1 Released: Tue May 28 22:11:31 2024 Summary: Security update for git Type: security Severity: important References: 1224168,1224170,1224171,1224172,1224173,CVE-2024-32002,CVE-2024-32004,CVE-2024-32020,CVE-2024-32021,CVE-2024-32465 This update for git fixes the following issues: - CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (bsc#1224168). - CVE-2024-32004: Fixed arbitrary code execution during local clones (bsc#1224170). - CVE-2024-32020: Fixed file overwriting vulnerability during local clones (bsc#1224171). - CVE-2024-32021: Fixed git may create hardlinks to arbitrary user-readable files (bsc#1224172). - CVE-2024-32465: Fixed arbitrary code execution during clone operations (bsc#1224173). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). The following package changes have been done: - libcom_err2-1.46.4-150400.3.6.2 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libopenssl1_1-hmac-1.1.1l-150500.17.28.2 updated - openssl-1_1-1.1.1l-150500.17.28.2 updated - git-core-2.35.3-150300.10.39.1 updated - container:sles15-image-15.0.0-36.11.38 updated From sle-container-updates at lists.suse.com Fri May 31 07:14:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 May 2024 09:14:54 +0200 (CEST) Subject: SUSE-CU-2024:2339-1: Security update of suse/rmt-mariadb-client Message-ID: <20240531071454.28871F77F@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2339-1 Container Tags : suse/mariadb-client:10.6 , suse/mariadb-client:10.6-17.11 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.6 , suse/rmt-mariadb-client:10.6-17.11 , suse/rmt-mariadb-client:latest Container Release : 17.11 Severity : moderate Type : security References : 1222548 1223596 CVE-2024-2511 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). The following package changes have been done: - libcom_err2-1.46.4-150400.3.6.2 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libopenssl1_1-hmac-1.1.1l-150500.17.28.2 updated - container:sles15-image-15.0.0-36.11.38 updated From sle-container-updates at lists.suse.com Fri May 24 07:01:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 24 May 2024 09:01:26 +0200 (CEST) Subject: SUSE-IU-2024:443-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20240524070126.62F87FBA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:443-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.2 , suse/sle-micro/5.5:latest Image Release : 5.5.2 Severity : important Type : recommended References : 1218560 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1769-1 Released: Thu May 23 16:26:19 2024 Summary: Recommended update for SLE-Micro, SLE-Micro-base, SLE-Micro-kvm, SLE-Micro-rt, build-iso, build-iso-base, elemental, elemental-channel-image, elemental-channel1.5-image, elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, elemental-rt-channel-image, elemental-rt-channel1.5-image, elemental-toolkit, operator-image1.5, seedimage-builder, seedimage-builder1.5, systemd-presets-branding-SLE-Micro-for-Rancher Type: recommended Severity: important References: 1218560 This update for SLE-Micro, SLE-Micro-base, SLE-Micro-kvm, SLE-Micro-rt, build-iso, build-iso-base, elemental, elemental-channel-image, elemental-channel1.5-image, elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, elemental-rt-channel-image, elemental-rt-channel1.5-image, elemental-toolkit, operator-image1.5, seedimage-builder, seedimage-builder1.5, systemd-presets-branding-SLE-Micro-for-Rancher fixes the following issues: Changes in SLE-Micro: - Update to version 2.0.4: * [v2.0.x] Hostname backports (#1371) * Fix kvm and rt dockerfile arguments * Make sure no variables in /etc/os-release are duplicated * Fix endless reboot on FORCE upgrades (v2.0.x backport) (#1258) Changes in SLE-Micro-base: - Update to version 2.0.4: * [v2.0.x] Hostname backports (#1371) * Fix kvm and rt dockerfile arguments * Make sure no variables in /etc/os-release are duplicated - Update to version 2.0.3: * Fix endless reboot on FORCE upgrades (v2.0.x backport) (#1258) Changes in SLE-Micro-kvm: - Update to version 2.0.4: * [v2.0.x] Hostname backports (#1371) * Fix kvm and rt dockerfile arguments * Make sure no variables in /etc/os-release are duplicated - Update to version 2.0.3: * Fix endless reboot on FORCE upgrades (v2.0.x backport) (#1258) Changes in SLE-Micro-rt: - Update to version 2.0.4: * [v2.0.x] Hostname backports (#1371) * Fix kvm and rt dockerfile arguments * Make sure no variables in /etc/os-release are duplicated - Update to version 2.0.3: * Fix endless reboot on FORCE upgrades (v2.0.x backport) (#1258) Changes in build-iso: - Update to version 2.0.4: * Fix kvm and rt dockerfile arguments * Make sure no variables in /etc/os-release are duplicated - Update to version 2.0.3 Changes in build-iso-base: - Update to version 2.0.4: * Fix kvm and rt dockerfile arguments * Make sure no variables in /etc/os-release are duplicated - Update to version 2.0.3 Changes in elemental: - Update to version 2.0.4: * [v2.0.x] Hostname backports (#1371) * Fix kvm and rt dockerfile arguments * Make sure no variables in /etc/os-release are duplicated - Update to version 2.0.3: * Fix endless reboot on FORCE upgrades (v2.0.x backport) (#1258) Changes in elemental-channel-image: - Adapt Dockerfile to pull explicitly elemental-register instead of the newer 1.5 version of it - Add v2.0.2 image to channel Changes in elemental-channel1.5-image: - Add v2.0.2 image to channel - Remove `for Rancher` suffix - Channel adapted to 'suse/sle-micro' images Changes in elemental-operator1.5: - Update to version 1.5.1: * Repurpose v1.5.x branch for SLE Micro 5.5 * Micro rename (#684) * elemental-operator registration cleanups (#689) * Sanitize elemental-operator dependencies (#690) * github actions: add airgap script test * [Airgap] minor: fix debug message * [Airgap] add script tests * Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 * Bump docker/login-action from 3.0.0 to 3.1.0 * Bump docker/build-push-action from 5.2.0 to 5.3.0 * Add extension to seedimage url (#682) * registration: allow dots in machineInventory names * registration: decouple replacing data-labels from sanitizing strings * registration: move sanitize code in sanitizeString() * Fix ManagedOSImage cloudConfig (#671) * New name is elemental-rootfs * Use /run/elemental and elemental- services (#675) * Update github.com/golang/protobuf * Run make vendor * Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 * Bump docker/build-push-action from 5.1.0 to 5.2.0 * [Airgap] fix channel.json extraction (#669) * [Airgap] fix 'channel.image'/'channel.repository' value in 'next steps' (#665) * Align DrainSpec to system-upgrade-controller defaults (#668) * operator/Dockerfile: tag IMAGE_REPO with :latest * seedimage: add tag to IMG_REPO * Dockerfile: SLE_VERSION -> SLEMICRO_VERSION * operator: switch to toolbox for ALP * seedimage: switch labelprefix to com.suse.elemental * seedimage: Switch to toolbox for ALP * Drain nodes by default on upgrade (#660) * [Airgap] fix missing return code value * [Airgap] Use bash test syntax * [Airgap] make the script work with both legacy and newer charts * [Airgap] fix the airgap script - Update to version 1.5.0: * Enable ManagedOSImage updates (#658) * Review omitempty flag on API json converter * charts: backport changes from Rancher Marketplace chart (#652) * Make snapshotter configurable (#651) * [Airgap] fix the airgap script (#654) * Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 * [Airgap] add support to Hauler in the airgap script (#647) * Fix channel synchronization * Bump docker/metadata-action from 4.1.1 to 5.5.1 * Requeue reconcile loop for ongoing synchronizations * elemental-register: collect OS data for MachineInventories annotations (#642) * Bump go to 1.22 (#643) * Make channel sync more robust (#638) * Makefile/setup-full-cluster: build seedimage-builder image too (#639) * Makefile: fix commit date for local builds (#631) * Requeue after 1 second in case of failures * Recover on syncer pod creation failures * Bump docker/build-push-action from 3.2.0 to 5.1.0 * Bump docker/setup-buildx-action from 2.2.1 to 3.0.0 * Bump golangci/golangci-lint-action from 3 to 4 * Bump github/codeql-action from 2 to 3 * Update system-upgrade-controller test version (#630) * Add dev baseimage build (#619) * Test against k8s v1.27, rancher v2.8.2, and upgrade all test dependendencies (#628) * Use go 1.20 * Use rancher/yip v1.4.10 * Use go.mod ginkgo version * SeedImage builder arguments in wrong order * Use newer xorriso (#624) * Bump codecov/codecov-action from 3 to 4 * Bump docker/login-action from 2.1.0 to 3.0.0 * Bump actions/dependency-review-action from 2 to 4 * Update actions/labeler config * Make linter happy * Bump actions/labeler from 4 to 5 * README: drop legacy docs (#616) * Add dependabot config for actions * Bump github actions * Do not adopt machineinventories undergoing deletion/reset (#605) * Update seedimage build-disk command * Fix inversed reset options (#604) * Print system architecture (#603) * hostname: set the hostname on the newer location too * Charts/Makefile: fix default OS channel repo name (#594) * Add hostname to system-data * Add elemental-seedimage-hooks package (#592) * Restrict package arch to x86_64 and aarch64 * Update copyright year (2024) * Update copyright year (2024) * Change raw SeedImage deploy-command * Add target platform validation test * Add kubebuilder example and validation * Add TargetPlatform to SeedImageSpec * Fix default values in questions.yaml file * Bump golang.org/x/crypto to 0.17.0 * Add disable-boot-entry flag to reset command * Always pull channel image on channel sync * Fix channel sync bug * Avoid repeating package name in summary * Make summary start with a capital letter * Unify all chart files under .obs/charfile * Add warning if both device and device-selector set * Add grub package to seedimage built in OBS (#568) * Fix device-selector logic (#571) * Add missing questions.yaml file * Implement picking dynamic installation device (#561) * Build raw disk images in SeedImage (#557) * charts: fix annotations (#566) * ci: fix SeedImage builder used image * Bump github.com/docker/docker from 20.10.24+incompatible to 24.0.7+incompatible (#560) * Update google.golang.org/grpc to v1.56.3 * Keep old output-name * Add slem4r images in channel (#544) * Bring your own SeedImage builder (#542) - Update to version 1.4.3: * registration: allow dots in machineInventory names * registration: decouple replacing data-labels from sanitizing strings * registration: move sanitize code in sanitizeString() * V1.4.x fix channel synchronization (#683) * linter: fix copyright dates * Make linter happy - Update to version 1.4.2: * Fix inversed reset options (#604) * Add hostname to system-data * Fix default values in questions.yaml file - ExclusiveArch x86_64 and aarch64 (bsc#1218560) - Update to version 1.4.1 * Always pull channel image on channel sync * Fix channel sync bug * Avoid repeating package name in summary * Make summary start with a capital letter - Update to version 1.4.0+git20231129.c7f1dc1: * Add slem4r images in channel (#544) * Unify all chart files under .obs/charfile - Update to version 1.4.0+git20231127.55a37d4: * Add warning if both device and device-selector set * Fix device-selector logic (#571) * Implement picking dynamic installation device (#561) * Add missing questions.yaml file * charts: fix annotations (#566) * Make sure to not overlap with the already existing channel and use RT for tests * Remove use of images from quay.io * Prevent installing if previous CRDs are pending to be removed * elemental-airgap: allow to just create the channel (#548) * bump go to 1.20 or later * Bump dependencies (#540) * ci: bump k8s and Rancher Manager versions * Use helm/kind-action to install kind * ci: fix action versions used * Disable local plan for elemental-system-agent * Improve error management * Patch already existing versions on channel sync * Improve update events filtering to actually ignore status updates * Add some improvements * Run all syncers in a pod * Fix e2e workflow * elemental-airgap: fix skipping http/https URLs * Use the proper format for command arguments * Prevent recalling bootstrap.sh on 'systemctl restart elemental-system-agent' * elemental-airgap: fix automatic image channel name (#521) * register: add no-toolkit unit tests * register: add os.unmanaged inventory annotation * register: add no-toolkit option * make verify: stay on mockgen v0.2.0 (#523) * elemental-airgap: add support to OS images (#518) * Small refactor to centralize registration config checks * Ensure Elemental registration data includes the registration URL * Remove --debug flag from helm pull * Attempt to use charts from PR project in e2e tests * Publish OBS charts to gh-pages * elemental-airgap: allow to pass dev | staging | stable as argument * elemental-airgap: pick the operator chart as an argument * elemental-airgap: add script to help airgap deployment * Apply a regex on tags to match the same criteria as in OBS * Charts: fix OBS build * Publish all OBS repositories on PRs * Fix repository url * Charts: always use camelCase for values (#507) * Revert not-needed marker fix * Set default spec.config.elemental.reset block for MachineRegistration * Use elemental-register-reset service (#502) * Use OBS PR builds for the e2e tests * Build and publish charts for OBS/IBS artifacts in gh-pages - Update to version 1.3.2+git20230824.c90c1c8: * Disable service triggers on staging (#498) * Add CAPI cluster role to helm chart (#500) * Charts: sync OBS charts * tests: fix e2e workflow * tests: fix chart workflow * Makefile: add the REGISTRY_URL var * Charts: add registry templating for custom airgap * Charts: add README * Charts: enforce templating on the channel resource * Charts: update rancher annotations * Bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible (#442) * Fixed a typo in the version string for elemental-teal-channel in helm chart (#495) * Implement remote machines reset (#489) * Remove custom default config-dir on installation media * Remove SLE Micro reference from elemental-operator images * Include crds chart in OBS workflow * Update OBS workflow to the new project setup * Make SLE Micro version from image references dynamic (#480) * Recreate service account token secret if missing * Adds ca-certificates and ca-certificates-mozilla in operator image * Adapt .spec file to non-SUSE distributions (#482) * Improve re-registration (#479) * Do not make use of ServiceAccount.Secrets list * Fix elemental managed label value to match backup operator expectations * Make explicit elemental-operator image is under l3 support * Add CONTRIBUTING.md (#472) * Handle mkdir error * Create registration config directory if not exist * Persist registration state * Omit confusing debug message * Fix error formatting * Handle MsgUpdate response on client side * Remove unnecessary MsgUpdate payload. Rely on authentication data instead * Handle sendUpdate error * Do not terminate serveLoop on MsgUpdate * - Check protocol version before sending MsgUpdate - Use MsgUpdate to notify registration update only * Charts: add a new chart to host the pre-hook migration template * Charts: add template checking crds installation * Prevent registration update if MachineInventory is not found * Do not retry registration when on installed system and using randomized TPM seed * Do not retry registration when not on live system * Check for live registration config when no arguments passed * operator: copy cloud-config file not its link (#468) * Update README installation section (#465) * SeedImage: manage updates of builder Pod under deletion * SeedImage: add ResourcesNotCreatedYet Ready condition * SeedImage: reset download URL on Pod deletion * SeedImage: allow the controller full control on configmaps * SeedImage: isolate all the config map logic in a separate function * SeedImage: on retriggerBuild delete owned SeedImage resources * SeedImage: drop redundant set of retriggerBuild * The job was missing a templated name for the serviceaccount to be fully consistent * Update charts/crds/Chart.yaml * Update .obs/chartfile/crds/Chart.yaml * Add upgrade hook * Include channel as part of the installation * Adapt tests and Makefile * Split chart into crds chart and operator chart * websocket/trivial: messages: annotate version of introduction * register client: make linter happy * register client: annotate auth method used for registration * register client: rework getHostMacAddr() * register client: add 'mac' and 'sys-uuid' Plain Auth * register client: set TPM as default authentication method * operator: enable plain auth * operator: add plain auth * elemental api: add fields to support plain authentication * Bump rancher and k8s for e2e tests (#449) * OBS PR workflow: set the right project to disable images repo * Fix OBS PR workflow * goreleaser: fix releases CI (#444) * Chart: add logo and Rancher display-name annotation (#440) * Add channel hook-failed delete policy * Include display name field on ManagedOSVersions * Add ISO type in ManagedOSVersions * SeedImage: add to the github release workflow * Fix template * Include elemental-teal-channel by default on chart install * Merge default command and image in containersSpec * Add tests for containerized base ISO and utilities * Pull iso as a container * SeedImage extended API: drop debug log * SeedImage: extended api doesn't expect the iso name anymore * SeedImage: inject MachineRegistration and date in the built iso name * httpfy: allow to serve single file * SeedImage: pass whole SeedImage reference to fillBuildImagePod * SeedImage: add more seedimage_controller tests * Utils: generalize IsPodOwned func to IsObecjtOwned() and add tests * SeedImage: make the linter happy... * SeedImage: controller logic for the pod cleanup/retrigger * SeedImage: add image timeout and retrigger fields * httpfy: add timeout parameter * Use config map in seedimage pod (#423) * SeedImage: check OwnerReference in controller tests * SeedImage: retrieve MachineRegistration just once * SeedImage: set OwnerReferences * Add seedimage-builder into the OBS workflow * Feat: add CODEOWNERS * OBS: build ssl default certificates in SeedImage build image * Update default values file in OBS * SeedImage: set build image PullPolicy from the operator chart * unit-tests: cover MAC and Used Memory in labels test * unit-tests/trivial: move server.go test to the new server_test.go file * OBS: use SeedImage build image from OBS for the chart * Bump github.com/docker/docker from 20.10.22+incompatible to 20.10.24+incompatible (#410) * Update to go 1.19 (#408) * SeedImage: add Dockerfile for OBS build * httpfy: support automated building * Build elemental-operator image from scratch * Prevent a nil pointer dereference panic error * Fix event filters * Prevent retriggering a reconcile on ownership setup * Do not start error messages with capital letters * Extend unit tests for inventory and selector resources * Adapt unit tests to new condition states * Selector and inventory cleanup * Ensure optimistic locking is set on machine selectors * Adapt info and debug logging for the inventory and selector controllers * Read machine inventory only once on selector reconcile * Sets a validation process for Machine Inventory adoption * Enble cache for MachineInventorySelector resources * SeedImage: update OBS build recipes * SeedImage: busybox base64 decodes with -d only * SeedImage: pass the build image from the operator chart * SeedImage: build image for the builder pod * Add cloud-config support to seedImage (#399) * SeedImage: fix registration yaml name (#394) * operator: ensure elemental finalizers are removed if present (#393) * SeedImage: move sync status with running pod to new func * operator: allow seedimage download from the extended API * SeedImage: add DownloadToken in the Status * operator: return http 401 error on registration auth failure * operator: report error on unrecognized auth websocket connections * operator: drop build-image api (#389) * unit-tests: ensure resources cleanup (#390) * SeedImage: drop finalizer tests * SeedImage: check conditions and return early when needed * SeedImage: add more tests * Adapt tests to drop finalizers * Stop using finalizers if not extrictly needed * operator: add SeedImage CRD (#377) * Prevent MachineInventorySelector from being cached * Set object not found as a debug message * Update logs to not use info with custom depth * operator: use opensuse nginx to serve build-img ISO (#369) * Use variadic arguments in klog instead of slices * operator: register the host IP in MachineInventory annotations (#350) * Unify logging * operator: labels minor improvements (#363) * build-image API: add build job with single pod lifecycle (#362) * Turn MachineInventoryRef into LocalObjectReference (#359) * Remove branch filter on tag events (#361) * Update actions/download-artifact to v3.0.2 * Filter inventory list with a labelSelector and not with a labels map (#358) * Move system-data labels to templating * operator: let build-image API GET to return the image URL (#351) * register client: isolate TPM auth code (#346) * operator: fix label name (#348) * operator: fix MachineInventory search during registration (#342) * operator: always use software UUID as default machine name (#340) * Set default elemental-operator USER * operator: add support to old register clients (#338) * Lints * Update wharfie to 0.5.3 * register client: allow to register against lower version operators (#332) * Replace action engineerd/setup-kind (#328) * Copyright date-range 2022 - 2023 (#327) * Use go 1.18 * operator: expose build-image API (#315) * Fix node-labels regression * Do not store cpu info if not available (#321) * docs: add ref to the official docs in the chart readme (#316) * linter: fix go-header check (#319) * unit-tests: disable parallelization (#312) * Change tar-file layout in elemental-support * Add default config-dir value (#313) * Re-add config-dir install flag (#309) * Return registration errors to client (#301) * Properly sanitize extra system data (#307) * Improve unit tests (#308) * Derive TPM seed from system UUID (#297) * Add disable-boot-entry flag in install structure (#302) * Fetch commit and date from obsinfo file (#300) * operator: add back debug logs for logrus (registration) (#299) * [tpm] Set a random seed if emulated tpm seed is set to -1 (#282) * Include _helmignore file (#295) * Add OBS build repcipes into the repository (#294) * Drop legacy catalog for tests (#291) * Kubebuilder: fix MachineRegistration search during registration (#280) (#293) * Send full system data on registration (#276) * Bump rancher version in e2e tests (#290) * Set default syncTime when not provided (#289) * Remove invalid conditions from objects (#284) * operator: don't try to patch an empty MachineInventory (#274) * Backport minor fixes (#271) * Merge all main logic in one file (#270) * [controller_runtime] add registration protocol version (#266) * Kubebuilder: Remove unused code (#267) * [controller_runtime] operator/registration: switch to Kubebuilder client (#256) * Refactor ManagedOsImage e2e tests (#263) * Add a rate limiter to managedosversionchannel reconciler (#260) * Refactor MachineRegistration e2e tests (#253) * Drop requeuer, not needed anymore (#255) * Improve syncer (#252) * New syncer logic (#245) * Fix make verify (#248) * controller: add Secret name reference to the ServiceAccount (#247) * Kubebuilder: Add 'verify' workflow (#244) * Add remaining controllers (#232) * Kubebuilder: Add machine inventory selector controller (#224) * Kubebuilder: Add remaining API types (#225) * Kubebuilder: Add machine inventory controller (#221) * Kubebuilder: Add machine registration controller (#206) * Kubebuilder: Run new code and generate RBAC (#203) * Kubebuilder: Add make tasks for different tools (#194) * Add kubebuilder API definitions (#184) * Change yaml-marshalling of node-labels file (#287) * Remove yaml typo (#286) * Add helm labels and annotations to all crds (#281) * Set helm labels on CRDs (#277) * Change the helm chart oci reference to be aligned with other elemental images (#268) * Add version commands/flags for all binaries (#262) * Use custom names in upgrade objects (#254) * Several improvements to the support command (#258) * Also trigger Dev rebuild on tag push (#249) * Propagate inventory labels to node on bootstrap plan (#243) * Add codeql + escape user input before processing (#237) * Create dependency-review.yml (#236) * Bump golangci action (#234) * Stop elemental-system-agent when the node is ready (#231) * Fix docker and gorelease jobs (#230) * operator: improve logging of the MachineRegistration controller * operator: move ServiceAccount creation to a separate func * operator: drop duplicated import * operator: enforce ServiceAccount's Secret link * operator: create ServiceAccounts before their Secrets * operator: unit-tests: add coverage for unauthenticatedResponse() (#217) * coverity: make patch status informational (#219) * tests: Add k8s 1.24 and default to rancher 2.6.9 (#220) * tests: use latest url for rancher charts (#218) * Elemental Operator: manage empty config in MachineRegistrations (#213) * Label other objects created by elemental-operator (#216) * Only read yaml files included in the given directories (#215) * Label secrets managed by elemental-operator (#212) * Allow custom config files for elemental-cli (#210) * Collect operator logs after running tests (#204) * Audit and update elemental-operator RBAC ClusterRole (#196) * Add config for e2e tests (#201) * Add OBS workflow to update elemental-operator package (#200) * Add vendor for obs integration (#198) * release: enhance release pipeline (#195) * operator: drop duplicated import of elemental APIs (#199) * Disable CGO under arm for register binaries + restore SBOM (#193) * Revert 'Add sbom to releases and attach to containers' (#191) * Add elemental GlobalRole for Rancher UI (#187) * Add reasons for conditions (#185) * lint: dont overshadow var (#172) - elemental-register needs lvm2 for running blkdeactivate. - Update to version 0.6.0+git20220923.ffdff84: * Add v0.6.0 changelog (#182) - Update to version 0.6.0+git20220923.f022acb: * unit-tests: add support to Secrets in registraion's OnChange() * operator: log the creation of a new registration token * operator: explicitly add Secrets to registration ServiceAccounts * operator: return error when the ServiceAccount has no secrets - Update to version 0.5.0+git20220922.17d9d21: * support command improvements (#173) - make elemental-support a sub-package - disable chart building, was not packaged - Update to version 0.5.0+git20220912.846c610: * Add sbom to releases and attach to containers (#160) * Use BCI Golang image to build image * register: fix CGO build in Dockerfile * register: build it with CGO (#169) * tests(registration): More unit tests (#167) * Rework client to accept a ClientInterface (#166) * tests(inventory): Add unit tests for inventory methods (#164) * register/operator: drop MachineInventory labels passed from the client * unit-tests: check default machine name * go mod tidy * operator: change default MachineInventory name * Add simple changelog (#158) - Update to version 0.5.0+git20220902.3d28c5d: * Configure custom smbios data (#157) - Update to version 0.4.4+git20220902.64f4703: * operator: ensure inventory.Labels is not nil before adding labels - Update to version 0.4.4+git20220901.75792d6: * Add extra labels with smbios data (#155) * Fix secretname for the apiService (#153) * unit-tests: add websocket coverage * operator: add unit-test for mergeInventoryLabels() * operator/register: drop unused code * operator/register: rework the registration protocol * websocket: add helper functions * register: set a timeout for retrieving the installation config * drop unused labels on bootstrap (#154) * Fix missing cosign and run command (#151) * Enable deploying operator replicas (#150) * register: take control of the registration process * bump github.com/rancher-sandbox/go-tpm * fix linter: cyclomatic complexity of ServeHTTP is 16 * operator: move websocket management logic out of the tpm package * minor: drop duplicated logging * operator/http: check websocket upgrade header in HTTP connections - Update to version 0.4.3+git20220831.7e58679: * Add image signing to push jobs (#148) * Add local plan to rancher-system-agent to stop elemental-system-agent (#146) - Update to version 0.4.3+git20220822.f0bd8f4: * log: report elemental installation completion * Fix e2e discovery tests (#138) - Update to version 0.4.3+git20220812.72971ff: * Backwards compatibility for smbios headers (#137) * Only decode some smbios data (#134) * Drop uneeded files and add extra label (#135) * Split header into 7Kb of data (#133) * Add auto labeler (#125) * Remove default value for flag and expand description (#126) * [chart] only add default-registry if specified (#128) * Store binary artifacts on PR/master (#127) * [tests] fix nginx deploy url (#129) * Bundle support bin with register (#124) - build elemental-operator without CGO_ENABLED (doesn't need tpm) - Update to version 0.4.2+git20220805.5b64a77: * Set the proper namespace (#117) - Update to version 0.4.2+git20220805.485ff21: * Add CAs to docker artifact (#120) - Update to version 0.4.2+git20220804.76f61f5: * Store all registration data on installation (#116) - Update to version 0.4.2+git20220803.6d730d3: * Set fixed hostname and make it persistent (#106) - Update to version 0.4.2+git20220803.f4ba471: * Add 'support' to 'make build' (#111) - Update to version 0.4.2+git20220803.10d3621: * Add a elemental-support binary (#109) - Update to version 0.4.2+git20220802.f243498: * Add missing register command to bootstrap (#104) * Couple of tests for config mapstructure (#102) - Update to version 0.4.2+git20220801.ea7884e: * Produce 2 binaries instead of one (#99) * Push master merges to elemental-operator-ci (#100) * operator: pass all the registration fields on unauthenticated query - Update to version 0.4.2+git20220801.846d313: * Add missing mapstructure annotations to config (#101) * operator: drop duplicated MachineInventory init code - Update to version 0.4.2+git20220729.6b52b44 - Bump to v0.4.2 - Update to version 0.4.1+git20220729.6b52b44: * Set a fixed name config for rke/k3s deployments (#97) - Update to version 0.4.1+git20220728.896efee: * mend * Drop unneeded code - Update to version 0.4.1+git20220728.38929d2: * Update elemental api resources for upgrades (#95) - Update to version 0.4.1+git20220728.b5c35b9: * operator: fix adding machineInventoryLabels after initial registration - Update to version 0.4.1+git20220727.68b87dd: * Drop setting a custom providerID (#91) - Update to version 0.4.0+git20220727.3241cfd: * Bump rancher version (#89) - Update to version 0.4.0+git20220722.ea618ea: * elemental-operator register: keep system CAs when passing a custom CA * elemental-operator register: add some more logging * add github.com/sanity-io/litter module * ensure all the structs include proper yaml labels * Add a target to setup a clean cluster (#79) * [register] Check for path error before doing anything (#80) * Make /oem/registration the default configuration dir (#81) * Add README to elemetal-operator helm chart (#56) * Store registration yaml in installed system (#71) * Fix 'make unit-tests' - Update to version 0.3.0+git20220722.f2ab68c: * [register] Check for path error before doing anything (#80) - Update to version 0.3.0+git20220722.cf20bc6: * Make /oem/registration the default configuration dir (#81) - Update to version 0.3.0+git20220722.9b9844b: * Add README to elemetal-operator helm chart (#56) - Update to version 0.3.0+git20220721.52c3cbb: * Store registration yaml in installed system (#71) - Remove elemental-operator.service, as this is now executed as part of the cloud-config shipped with elemental. See https://github.com/rancher/elemental/pull/178 - Update to version 0.3.0+git20220721.e15e76e: * Fix 'make unit-tests' * Do note fetch cloud-config on unauthenticated registartion calls (#67) * Change the default machine name to include the UUID - read config from /run/initramfs/live - Update to version 0.3.0+git20220720.90791e4: * Update MachineRegistration example - Update to version 0.3.0+git20220720.79d957e: * Adds support for cloud-config data in machine registration (#61) - Update to version 0.2.1+git20220719.489d40f: * review elemental installer env vars (#59) - Run elemental-operator.service after cos-setup-network.service is completely done. Add back a dependency with multi-user.target to ensure it is pulled by some target at boot. - Run elemental-operator.service after mutli-user.target to ensure it is executed after all boot services are ready - only run in live mode - Update to version 0.2.1+git20220718.3530dc5: * ensure install struct includes proper yaml labels (#57) - Update to version 0.2.1+git20220718.6e2f20f: * Pass debug flag to elemental client if requested (#58) - Update to version 0.2.1+git20220715.2381ebc: * Do not attempt to install in already installed systems (#55) * Some fixes for the release pipelines (#53) - Update to 0.2.0 - Update to version 0.1.1+git20220715.618d3c4: * Log the version, commit and commit date on start (#43) - Update to version 0.1.1+git20220715.bd811be: * Remove obsolete logic from former ros-installer (#45) - pass COMMITDATE to build - Update to version 0.1.1+git20220714.a05a2db: * elemental-operator register: enable local plans - Update to version 0.1.1+git20220714.602178c: * elemental-operator register: allow cacert passed as file or data (#44) * Makefile: fix make build-docker (#41) - On behalf of commit 62bac1d (#38) `elemental install` is called within the `elemental-operator register` command, so the unit file only needs to call `elemental-operator register` - drop elemental-installer and -chart subpackages - add elemental-operator.service file - build with TPM emulation - Update to version 0.1.1+git20220713.adfff7c: * Some register fixes (#40) * elemental-operator register: add elemental cli call (#38) * Fix building the operator/installer with emulatedTPM (#39) * Return a Config.Config in MachineInventory (#35) * Use cacert from rancher and use serverl-url from rancher (#36) - Update to version 0.1.1+git20220713.bcfe4d0: * Add test for chart values (#31) - Update to version 0.1.1+git20220712.14d4d95: * Share installation configuration structures (#24) * bump github.com/docker/distribution to 2.8.1 (#29) * Bump image-spec to 1.0.2 (#28) * Bump system-agent to 0.2.8 (#17) * update testhelpers * Update go.sum * [ci] Up the go version and restore the proper cache * Fix go.sum * [test] Remove focus * [lint] ignore generated files - Update to version 0.1.1+git20220707.39177e8: * Rename RancherOS to Elemental in installer logic * Merge elemental installer (#20) * renamed to elemental-operator and switched to system agent * Fix wrong key in example full reference * Rename rancheros->elemental in README * tests: Use helpers from testlib * tests: Add upgrades e2e test * ci: detect when deployments are already there * Update missing policy rule * Sort env to avoid updating same bundle - Update to version 0.1.1+git20220707.1d97f14: * Merge elemental installer (#20) * renamed to elemental-operator and switched to system agent * Fix wrong key in example full reference * Rename rancheros->elemental in README * tests: Use helpers from testlib * tests: Add upgrades e2e test * ci: detect when deployments are already there * Update missing policy rule * Sort env to avoid updating same bundle * Be sure to not push same env multiple times - Update to version 0.0.0+git20220707.0c6dcff: * Adapat Dockerfile and golreleaser to keep releasing and building elemental-operator as they used to * Update .github/workflows/unit-tests.yaml * Update Makefile - Update to version 0.0.0+git20220707.4b69306: * Adding installer unit tests * Add elemental-installer * Move main into a cmd/operator package - Update to version 0.0.0+git20220704.211ad46: * renamed to elemental-operator and switched to system agent * Fix wrong key in example full reference * Rename elemental->elemental in README * tests: Use helpers from testlib * tests: Add upgrades e2e test * ci: detect when deployments are already there * Update missing policy rule * Sort env to avoid updating same bundle * Be sure to not push same env multiple times * Update pkg/controllers/inventory/inventory.go - adapt machine-registration.yaml and create-cluster.yaml to system-agent - Update to version 0.1.0+git20220622.84e703a: * added registration command and support for using elemental as a cluster api infrastructure provider * wip * renamed to elemental-operator and switched to system agent - Update to version 0.1.0+git20220603.19a5e9e: * Fix wrong key in example full reference * Rename elemental->elemental in README - rename binary to elemental-operator - Update to version 0.1.0+git20220420.6e6aa51: - Update to version 0.1.0+git20220525.9e1d451: * rename pathes to 'elemental' * rename files to 'elemental' * rename directories to 'elemental' * tests: Use helpers from testlib * tests: Add upgrades e2e test * ci: detect when deployments are already there * Update missing policy rule * Sort env to avoid updating same bundle * Be sure to not push same env multiple times * Update pkg/controllers/inventory/inventory.go - renamed the api spec in the sample .yaml files - Update to version 0.1.0+git20220525.9e1d451: * rename pathes to 'elemental' * rename files to 'elemental' * rename directories to 'elemental' * tests: Use helpers from testlib * tests: Add upgrades e2e test * ci: detect when deployments are already there * Update missing policy rule * Sort env to avoid updating same bundle * Be sure to not push same env multiple times * Update pkg/controllers/inventory/inventory.go - Update to version 0.1.0+git20220420.6e6aa51: * tests: Use helpers from testlib * tests: Add upgrades e2e test * ci: detect when deployments are already there * Update missing policy rule * Sort env to avoid updating same bundle * Be sure to not push same env multiple times * Update pkg/controllers/inventory/inventory.go * Rework * Add events on errors * e2e-ci: add some missing check on errors - Update to version 0.1.0+git20220518.f916493: * rename to elemental-operator - update default kubernetesVersion to 1.22.7 - Update machine-registration.yaml * add hostname * put 'install' section below 'elemental' - Update to version 0.1.0+git20220420.6e6aa51: * tests: Use helpers from testlib * tests: Add upgrades e2e test * ci: detect when deployments are already there * Update missing policy rule * Sort env to avoid updating same bundle * Be sure to not push same env multiple times * Update pkg/controllers/inventory/inventory.go * Rework * Add events on errors - Update to version 0.1.0-alpha23+git20220408.cd4553f: * e2e-ci: add some missing check on errors * Bump ele-testhelpers version * e2e-ci: move some functions to ele-testhelpers * Update README * Do not make kube calls blocking * Test env metadata injection * Correctly annotate env vars from metadata * Adapt tests, add test cases * Respect upgradeContainerSpec from ManagedOSVersion * Do allocate the event recorder once in the syncer * Refactor out recorder boilerplate * Collect errors when syncing * Refactor out requeuer to not be blocking * Add test for event broadcasting * Set appropriate rules for broadcasting events * go gen * Record invalid specs back to the VersionChannel * Build general event interface from raw k8s into client * Add reconciler * Wrong obs workflow name :facepalm: * Add OBS workflow to trigger rpm build * Use operator image for wait and display hook * CLI fixups * Allow to specify a mountpath * Add requeue mechanism * Disable mounting SA token by default on sync pod * Implement Custom syncer * Lower the ticker for testing * Set the default update to 60m * Add sync-interval flag * Add owner reference on ManagedOSVersion * Bump rancher version used in tests * Don't watch over specific namespaces * Add make target to test local changes in kind * Enhance tests * Allow to set a bridge ip * Allow to selectively sync user-defined namespaces * Add MachineOSVersionChannel JSON tests * Implement JSON syncer logic * Very basic sync service logic * ManagedOSVersionChannel sync service * Add ManagedOSVersionChannel and skeleton for sync service - Initial version 0.1.0~alpha23 Changes in elemental-operator1.5-crds-helm: - Update to version 1.5.1: * Sanitize elemental-operator dependencies (#690) * Fix ManagedOSImage cloudConfig (#671) * Align DrainSpec to system-upgrade-controller defaults (#668) * Drain nodes by default on upgrade (#660) - Update to version 1.5.0: * Make snapshotter configurable (#651) * Make channel sync more robust (#638) * Test against k8s v1.27, rancher v2.8.2, and upgrade all test dependendencies (#628) * Add kubebuilder example and validation * Add TargetPlatform to SeedImageSpec * Add disable-boot-entry flag to reset command - Update to version 1.4.3 - Update to version 1.4.2 - Update to version 1.4.1 - Update to version 1.4.0+git20231128.a867d93: * Unify all chart files under .obs/charfile - Update to version 1.3.2+git20230824.c90c1c8: * Charts: sync OBS charts * Update .obs/chartfile/crds/Chart.yaml * Adapt tests and Makefile * Split chart into crds chart and operator chart - Update to version 0.5.0+git20220902.3d28c5d: * Configure custom smbios data (#157) - Update to version v0.4.4: * Fix secretname for the apiService (#153) * Enable deploying operator replicas (#150) - Update to version 0.4.3+git20220822.f0bd8f4: * log: report elemental installation completion * Fix e2e discovery tests (#138) - Update to version v0.4.3: * Remove default value for flag and expand description (#126) * [chart] only add default-registry if specified (#128) * Set the proper namespace (#117) - Bump to v0.4.2 - Bump to v0.4.1 - Update to version v0.4.0: * Add README to elemetal-operator helm chart (#56) - Update Chart.yaml to the right elemental-operator version - Update to elemental-operator v0.3.0 - Improve Makefile to get image tag from github - Update Makefile and build elemental-operator.tar - Bump version to 0.2.1 - Bump elemental-operator tag image to 0.2.1-10.1 - Bump elemental-operator tag image to 0.2.0-9.1 - Update _helmignore file - Update Makefile and fix build issues - Add _helmignore file - Update to version 0.1.1+git2022-07-13.adfff7c: * Use cacert from rancher and use serverl-url from rancher (#36) - Update image repository in values-overwrite.yaml - Initial commit for elemental-operator helm chart Changes in elemental-operator1.5-helm: - Update to version 1.5.1 - Update to version 1.5.0: * Enable ManagedOSImage updates (#658) * charts: backport changes from Rancher Marketplace chart (#652) * Test against k8s v1.27, rancher v2.8.2, and upgrade all test dependendencies (#628) * Fix default values in questions.yaml file * Unify all chart files under .obs/charfile * charts: fix annotations (#566) * Add slem4r images in channel (#544) * Charts: fix OBS build * Charts: sync OBS charts * Fixed a typo in the version string for elemental-teal-channel in helm chart (#495) - Update to version 1.4.3 - Update to version 1.4.2 * Fix default values in questions.yaml file - Update to version 1.4.1 - Update to version 1.4.0+git20231129.c7f1dc1: * Add slem4r images in channel (#544) - Update to version 1.4.0+git20231128.a867d93: * Unify all chart files under .obs/charfile * charts: fix annotations (#566) * Charts: fix OBS build - Update to version 1.3.2+git20230824.c90c1c8: * Charts: sync OBS charts * Fixed a typo in the version string for elemental-teal-channel in helm chart (#495) * Remove SLE Micro reference from elemental-operator images * Make SLE Micro version from image references dynamic (#480) * Adapt tests and Makefile * Split chart into crds chart and operator chart - Update to version 0.5.0+git20220902.3d28c5d: * Configure custom smbios data (#157) - Update to version v0.4.4: * Fix secretname for the apiService (#153) * Enable deploying operator replicas (#150) - Update to version 0.4.3+git20220822.f0bd8f4: * log: report elemental installation completion * Fix e2e discovery tests (#138) - Update to version v0.4.3: * Remove default value for flag and expand description (#126) * [chart] only add default-registry if specified (#128) * Set the proper namespace (#117) - Bump to v0.4.2 - Bump to v0.4.1 - Update to version v0.4.0: * Add README to elemetal-operator helm chart (#56) - Update Chart.yaml to the right elemental-operator version - Update to elemental-operator v0.3.0 - Improve Makefile to get image tag from github - Update Makefile and build elemental-operator.tar - Bump version to 0.2.1 - Bump elemental-operator tag image to 0.2.1-10.1 - Bump elemental-operator tag image to 0.2.0-9.1 - Update _helmignore file - Update Makefile and fix build issues - Add _helmignore file - Update to version 0.1.1+git2022-07-13.adfff7c: * Use cacert from rancher and use serverl-url from rancher (#36) - Update image repository in values-overwrite.yaml - Initial commit for elemental-operator helm chart Changes in elemental-rt-channel-image: - Adapt the Dockerfile to explicitly pull elemental-register (v1.4) instead of the newer 1.5 variant of it. - Fix RT URLs and use import channel.json file from previous build stage - Only build for x86_64 - Add SLE Micro RT v2.0.2 to channel Changes in elemental-rt-channel1.5-image: - Fix RT URLs and use import channel.json file from previous build stage - Only build for x86_64 - Add SLE Micro RT v2.0.2 to channel - Adapt channel to the new 'suse/sle-micro' images Changes in elemental-toolkit: - Update to version 1.1.5: * [v1.1.x] Move recovery hostname to cloud-config-defaults (#2047) - Update to version 1.1.4: * Add default rootfs settings * Install podman in example Dockerfiles (#1959) - Update to version 1.1.2: * Remove unused method * Update copyright year (2024) * Update workflow to trigger for go.mod * Bump moby at v25.0.1 * Bump docker at v23.0.8 * Bump go-git at v5.11.0 * Bump containerd at v1.7.12 Changes in operator-image1.5: - Update to version 1.5.1: * Repurpose v1.5.x branch for SLE Micro 5.5 - Update to version 1.5.0: * Micro rename (#684) * operator/Dockerfile: tag IMAGE_REPO with :latest - Update to version 1.4.3 - Update to version 1.4.2 - Update to version 1.4.1 - Adding a changes file Changes in seedimage-builder: - Update to version 1.4.3 Changes in seedimage-builder1.5: - Update to version 1.5.1: * Repurpose v1.5.x branch for SLE Micro 5.5 - Update to version 1.5.0: * Micro rename (#684) * seedimage: add tag to IMG_REPO * seedimage: switch labelprefix to com.suse.elemental * seedimage: Switch to toolbox for ALP * Add elemental-seedimage-hooks package (#592) * Add grub package to seedimage built in OBS (#568) * Build raw disk images in SeedImage (#557) - Update to version 1.4.3 - Update to version 1.4.2 - Update to version 1.4.1 - Adding changes file The following package changes have been done: - systemd-presets-branding-SLE-Micro-for-Rancher-20230814-150500.3.3.1 updated - elemental-register1.5-1.5.1-150500.1.3.1 added - elemental-support1.5-1.5.1-150500.1.3.1 added - elemental-updater-2.0.4-150500.4.3.1 updated - elemental-toolkit-1.1.5-150500.3.3.1 updated - elemental-2.0.4-150500.4.3.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.1 updated - elemental-register-1.4.3-150500.3.3.3 removed - elemental-support-1.4.3-150500.3.3.3 removed From sle-container-updates at lists.suse.com Sat May 25 07:01:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 May 2024 09:01:21 +0200 (CEST) Subject: SUSE-IU-2024:445-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20240525070121.C096BFBA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:445-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.2 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.2 Severity : important Type : security References : 1082216 1082233 1177529 1192145 1211592 1213638 1217408 1218560 1218562 1218917 1219104 1219126 1219169 1219170 1219264 1220342 1220569 1220761 1220901 1220915 1220935 1221042 1221044 1221080 1221084 1221088 1221162 1221299 1221612 1221617 1221632 1221645 1221791 1221825 1222011 1222051 1222247 1222266 1222294 1222307 1222357 1222368 1222379 1222416 1222422 1222424 1222427 1222428 1222430 1222431 1222435 1222437 1222445 1222449 1222482 1222503 1222520 1222536 1222549 1222550 1222557 1222559 1222585 1222586 1222596 1222609 1222610 1222613 1222615 1222618 1222624 1222630 1222632 1222660 1222662 1222664 1222666 1222669 1222671 1222677 1222678 1222680 1222703 1222704 1222706 1222709 1222710 1222720 1222721 1222724 1222726 1222727 1222764 1222772 1222773 1222776 1222781 1222784 1222785 1222787 1222790 1222791 1222792 1222796 1222798 1222801 1222812 1222824 1222829 1222832 1222836 1222838 1222866 1222867 1222869 1222876 1222878 1222879 1222881 1222883 1222888 1222894 1222901 1222968 1223012 1223014 1223016 1223024 1223030 1223033 1223034 1223035 1223036 1223037 1223041 1223042 1223051 1223052 1223056 1223057 1223058 1223060 1223061 1223065 1223066 1223067 1223068 1223076 1223078 1223111 1223115 1223118 1223187 1223189 1223190 1223191 1223196 1223197 1223198 1223275 1223323 1223369 1223380 1223473 1223474 1223475 1223477 1223478 1223479 1223481 1223482 1223484 1223487 1223490 1223496 1223498 1223499 1223501 1223502 1223503 1223505 1223509 1223511 1223512 1223513 1223516 1223517 1223518 1223519 1223520 1223522 1223523 1223525 1223539 1223574 1223595 1223598 1223634 1223643 1223644 1223645 1223646 1223648 1223655 1223657 1223660 1223661 1223663 1223664 1223668 1223686 1223693 1223705 1223714 1223735 1223745 1223784 1223785 1223790 1223816 1223821 1223822 1223824 1223827 1223834 1223875 1223876 1223877 1223878 1223879 1223894 1223921 1223922 1223923 1223924 1223929 1223931 1223932 1223934 1223941 1223948 1223949 1223950 1223951 1223952 1223953 1223956 1223957 1223960 1223962 1223963 1223964 CVE-2018-6798 CVE-2018-6913 CVE-2021-47047 CVE-2021-47181 CVE-2021-47182 CVE-2021-47183 CVE-2021-47184 CVE-2021-47185 CVE-2021-47187 CVE-2021-47188 CVE-2021-47189 CVE-2021-47191 CVE-2021-47192 CVE-2021-47193 CVE-2021-47194 CVE-2021-47195 CVE-2021-47196 CVE-2021-47197 CVE-2021-47198 CVE-2021-47199 CVE-2021-47200 CVE-2021-47201 CVE-2021-47202 CVE-2021-47203 CVE-2021-47204 CVE-2021-47205 CVE-2021-47206 CVE-2021-47207 CVE-2021-47209 CVE-2021-47210 CVE-2021-47211 CVE-2021-47212 CVE-2021-47214 CVE-2021-47215 CVE-2021-47216 CVE-2021-47217 CVE-2021-47218 CVE-2021-47219 CVE-2022-48631 CVE-2022-48632 CVE-2022-48634 CVE-2022-48636 CVE-2022-48637 CVE-2022-48638 CVE-2022-48639 CVE-2022-48640 CVE-2022-48642 CVE-2022-48644 CVE-2022-48646 CVE-2022-48647 CVE-2022-48648 CVE-2022-48650 CVE-2022-48651 CVE-2022-48652 CVE-2022-48653 CVE-2022-48654 CVE-2022-48655 CVE-2022-48656 CVE-2022-48657 CVE-2022-48658 CVE-2022-48659 CVE-2022-48660 CVE-2022-48662 CVE-2022-48663 CVE-2022-48667 CVE-2022-48668 CVE-2022-48671 CVE-2022-48672 CVE-2022-48673 CVE-2022-48675 CVE-2022-48686 CVE-2022-48687 CVE-2022-48688 CVE-2022-48690 CVE-2022-48692 CVE-2022-48693 CVE-2022-48694 CVE-2022-48695 CVE-2022-48697 CVE-2022-48698 CVE-2022-48700 CVE-2022-48701 CVE-2022-48702 CVE-2022-48703 CVE-2022-48704 CVE-2023-2860 CVE-2023-52488 CVE-2023-52503 CVE-2023-52561 CVE-2023-52585 CVE-2023-52589 CVE-2023-52590 CVE-2023-52591 CVE-2023-52593 CVE-2023-52614 CVE-2023-52616 CVE-2023-52620 CVE-2023-52627 CVE-2023-52635 CVE-2023-52636 CVE-2023-52645 CVE-2023-52652 CVE-2023-6270 CVE-2024-0639 CVE-2024-0841 CVE-2024-22099 CVE-2024-23307 CVE-2024-23848 CVE-2024-23850 CVE-2024-26601 CVE-2024-26610 CVE-2024-26656 CVE-2024-26660 CVE-2024-26671 CVE-2024-26673 CVE-2024-26675 CVE-2024-26680 CVE-2024-26681 CVE-2024-26684 CVE-2024-26685 CVE-2024-26687 CVE-2024-26688 CVE-2024-26689 CVE-2024-26696 CVE-2024-26697 CVE-2024-26702 CVE-2024-26704 CVE-2024-26718 CVE-2024-26722 CVE-2024-26727 CVE-2024-26733 CVE-2024-26736 CVE-2024-26737 CVE-2024-26739 CVE-2024-26743 CVE-2024-26744 CVE-2024-26745 CVE-2024-26747 CVE-2024-26749 CVE-2024-26751 CVE-2024-26754 CVE-2024-26760 CVE-2024-26763 CVE-2024-26764 CVE-2024-26766 CVE-2024-26769 CVE-2024-26771 CVE-2024-26772 CVE-2024-26773 CVE-2024-26776 CVE-2024-26779 CVE-2024-26783 CVE-2024-26787 CVE-2024-26790 CVE-2024-26792 CVE-2024-26793 CVE-2024-26798 CVE-2024-26805 CVE-2024-26807 CVE-2024-26816 CVE-2024-26817 CVE-2024-26820 CVE-2024-26825 CVE-2024-26830 CVE-2024-26833 CVE-2024-26836 CVE-2024-26843 CVE-2024-26848 CVE-2024-26852 CVE-2024-26853 CVE-2024-26855 CVE-2024-26856 CVE-2024-26857 CVE-2024-26861 CVE-2024-26862 CVE-2024-26866 CVE-2024-26872 CVE-2024-26875 CVE-2024-26878 CVE-2024-26879 CVE-2024-26881 CVE-2024-26882 CVE-2024-26883 CVE-2024-26884 CVE-2024-26885 CVE-2024-26891 CVE-2024-26893 CVE-2024-26895 CVE-2024-26896 CVE-2024-26897 CVE-2024-26898 CVE-2024-26901 CVE-2024-26903 CVE-2024-26917 CVE-2024-26927 CVE-2024-26948 CVE-2024-26950 CVE-2024-26951 CVE-2024-26955 CVE-2024-26956 CVE-2024-26960 CVE-2024-26965 CVE-2024-26966 CVE-2024-26969 CVE-2024-26970 CVE-2024-26972 CVE-2024-26981 CVE-2024-26982 CVE-2024-26993 CVE-2024-27013 CVE-2024-27014 CVE-2024-27030 CVE-2024-27038 CVE-2024-27039 CVE-2024-27041 CVE-2024-27043 CVE-2024-27046 CVE-2024-27056 CVE-2024-27062 CVE-2024-27389 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1659-1 Released: Wed May 15 11:29:35 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1177529,1192145,1211592,1217408,1218562,1218917,1219104,1219126,1219169,1219170,1219264,1220342,1220569,1220761,1220901,1220915,1220935,1221042,1221044,1221080,1221084,1221088,1221162,1221299,1221612,1221617,1221645,1221791,1221825,1222011,1222051,1222247,1222266,1222294,1222307,1222357,1222368,1222379,1222416,1222422,1222424,1222427,1222428,1222430,1222431,1222435,1222437,1222445,1222449,1222482,1222503,1222520,1222536,1222549,1222550,1222557,1222559,1222585,1222586,1222596,1222609,1222610,1222613,1222615,1222618,1222624,1222630,1222632,1222660,1222662,1222664,1222666,1222669,1222671,1222677,1222678,1222680,1222703,1222704,1222706,1222709,1222710,1222720,1222721,1222724,1222726,1222727,1222764,1222772,1222773,1222776,1222781,1222784,1222785,1222787,1222790,1222791,1222792,1222796,1222798,1222801,1222812,1222824,1222829,1222832,1222836,1222838,1222866,1222867,1222869,1222876,1222878,1222879,1222881,1222883,1222888,1222894,1222901,1222968,1223012,1223014,1223016,1223024,1 223030,1223033,1223034,1223035,1223036,1223037,1223041,1223042,1223051,1223052,1223056,1223057,1223058,1223060,1223061,1223065,1223066,1223067,1223068,1223076,1223078,1223111,1223115,1223118,1223187,1223189,1223190,1223191,1223196,1223197,1223198,1223275,1223323,1223369,1223380,1223473,1223474,1223475,1223477,1223478,1223479,1223481,1223482,1223484,1223487,1223490,1223496,1223498,1223499,1223501,1223502,1223503,1223505,1223509,1223511,1223512,1223513,1223516,1223517,1223518,1223519,1223520,1223522,1223523,1223525,1223539,1223574,1223595,1223598,1223634,1223643,1223644,1223645,1223646,1223648,1223655,1223657,1223660,1223661,1223663,1223664,1223668,1223686,1223693,1223705,1223714,1223735,1223745,1223784,1223785,1223790,1223816,1223821,1223822,1223824,1223827,1223834,1223875,1223876,1223877,1223878,1223879,1223894,1223921,1223922,1223923,1223924,1223929,1223931,1223932,1223934,1223941,1223948,1223949,1223950,1223951,1223952,1223953,1223956,1223957,1223960,1223962,1223963,1223964,CVE-20 21-47047,CVE-2021-47181,CVE-2021-47182,CVE-2021-47183,CVE-2021-47184,CVE-2021-47185,CVE-2021-47187,CVE-2021-47188,CVE-2021-47189,CVE-2021-47191,CVE-2021-47192,CVE-2021-47193,CVE-2021-47194,CVE-2021-47195,CVE-2021-47196,CVE-2021-47197,CVE-2021-47198,CVE-2021-47199,CVE-2021-47200,CVE-2021-47201,CVE-2021-47202,CVE-2021-47203,CVE-2021-47204,CVE-2021-47205,CVE-2021-47206,CVE-2021-47207,CVE-2021-47209,CVE-2021-47210,CVE-2021-47211,CVE-2021-47212,CVE-2021-47214,CVE-2021-47215,CVE-2021-47216,CVE-2021-47217,CVE-2021-47218,CVE-2021-47219,CVE-2022-48631,CVE-2022-48632,CVE-2022-48634,CVE-2022-48636,CVE-2022-48637,CVE-2022-48638,CVE-2022-48639,CVE-2022-48640,CVE-2022-48642,CVE-2022-48644,CVE-2022-48646,CVE-2022-48647,CVE-2022-48648,CVE-2022-48650,CVE-2022-48651,CVE-2022-48652,CVE-2022-48653,CVE-2022-48654,CVE-2022-48655,CVE-2022-48656,CVE-2022-48657,CVE-2022-48658,CVE-2022-48659,CVE-2022-48660,CVE-2022-48662,CVE-2022-48663,CVE-2022-48667,CVE-2022-48668,CVE-2022-48671,CVE-2022-48672,CVE-2022-4867 3,CVE-2022-48675,CVE-2022-48686,CVE-2022-48687,CVE-2022-48688,CVE-2022-48690,CVE-2022-48692,CVE-2022-48693,CVE-2022-48694,CVE-2022-48695,CVE-2022-48697,CVE-2022-48698,CVE-2022-48700,CVE-2022-48701,CVE-2022-48702,CVE-2022-48703,CVE-2022-48704,CVE-2023-2860,CVE-2023-52488,CVE-2023-52503,CVE-2023-52561,CVE-2023-52585,CVE-2023-52589,CVE-2023-52590,CVE-2023-52591,CVE-2023-52593,CVE-2023-52614,CVE-2023-52616,CVE-2023-52620,CVE-2023-52627,CVE-2023-52635,CVE-2023-52636,CVE-2023-52645,CVE-2023-52652,CVE-2023-6270,CVE-2024-0639,CVE-2024-0841,CVE-2024-22099,CVE-2024-23307,CVE-2024-23848,CVE-2024-23850,CVE-2024-26601,CVE-2024-26610,CVE-2024-26656,CVE-2024-26660,CVE-2024-26671,CVE-2024-26673,CVE-2024-26675,CVE-2024-26680,CVE-2024-26681,CVE-2024-26684,CVE-2024-26685,CVE-2024-26687,CVE-2024-26688,CVE-2024-26689,CVE-2024-26696,CVE-2024-26697,CVE-2024-26702,CVE-2024-26704,CVE-2024-26718,CVE-2024-26722,CVE-2024-26727,CVE-2024-26733,CVE-2024-26736,CVE-2024-26737,CVE-2024-26739,CVE-2024-26743,CVE-2024- 26744,CVE-2024-26745,CVE-2024-26747,CVE-2024-26749,CVE-2024-26751,CVE-2024-26754,CVE-2024-26760,CVE-2024-26763,CVE-2024-26764,CVE-2024-26766,CVE-2024-26769,CVE-2024-26771,CVE-2024-26772,CVE-2024-26773,CVE-2024-26776,CVE-2024-26779,CVE-2024-26783,CVE-2024-26787,CVE-2024-26790,CVE-2024-26792,CVE-2024-26793,CVE-2024-26798,CVE-2024-26805,CVE-2024-26807,CVE-2024-26816,CVE-2024-26817,CVE-2024-26820,CVE-2024-26825,CVE-2024-26830,CVE-2024-26833,CVE-2024-26836,CVE-2024-26843,CVE-2024-26848,CVE-2024-26852,CVE-2024-26853,CVE-2024-26855,CVE-2024-26856,CVE-2024-26857,CVE-2024-26861,CVE-2024-26862,CVE-2024-26866,CVE-2024-26872,CVE-2024-26875,CVE-2024-26878,CVE-2024-26879,CVE-2024-26881,CVE-2024-26882,CVE-2024-26883,CVE-2024-26884,CVE-2024-26885,CVE-2024-26891,CVE-2024-26893,CVE-2024-26895,CVE-2024-26896,CVE-2024-26897,CVE-2024-26898,CVE-2024-26901,CVE-2024-26903,CVE-2024-26917,CVE-2024-26927,CVE-2024-26948,CVE-2024-26950,CVE-2024-26951,CVE-2024-26955,CVE-2024-26956,CVE-2024-26960,CVE-2024-26965,C VE-2024-26966,CVE-2024-26969,CVE-2024-26970,CVE-2024-26972,CVE-2024-26981,CVE-2024-26982,CVE-2024-26993,CVE-2024-27013,CVE-2024-27014,CVE-2024-27030,CVE-2024-27038,CVE-2024-27039,CVE-2024-27041,CVE-2024-27043,CVE-2024-27046,CVE-2024-27056,CVE-2024-27062,CVE-2024-27389 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26760: Fixed scsi/target/pscsi bio_put() for error case (bsc#1222596). - CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705). - CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834). - CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists (bsc#1223822). - CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827). - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824). - CVE-2024-27041: Fixed drm/amd/display NULL checks for adev->dm.dc in amdgpu_dm_fini() (bsc#1223714). - CVE-2024-27039: Fixed clk/hisilicon/hi3559a an erroneous devm_kfree() (bsc#1223821). - CVE-2024-27038: Fixed clk_core_get NULL pointer dereference (bsc#1223816). - CVE-2024-27030: Fixed octeontx2-af to use separate handlers for interrupts (bsc#1223790). - CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735). - CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745). - CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693). - CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634). - CVE-2024-26970: Fixed clk/qcom/gcc-ipq6018 termination of frequency table arrays (bsc#1223644). - CVE-2024-26969: Fixed clk/qcom/gcc-ipq8074 termination of frequency table arrays (bsc#1223645). - CVE-2024-26966: Fixed clk/qcom/mmcc-apq8084 termination of frequency table arrays (bsc#1223646). - CVE-2024-26965: Fixed clk/qcom/mmcc-msm8974 termination of frequency table arrays (bsc#1223648). - CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and swapoff() (bsc#1223655). - CVE-2024-26951: Fixed wireguard/netlink check for dangling peer via is_dead instead of empty list (bsc#1223660). - CVE-2024-26950: Fixed wireguard/netlink to access device through ctx instead of peer (bsc#1223661). - CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664). - CVE-2024-26927: Fixed ASoC/SOF bounds checking to firmware data Smatch (bsc#1223525). - CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198). - CVE-2024-26896: Fixed wifi/wfx memory leak when starting AP (bsc#1223042). - CVE-2024-26893: Fixed firmware/arm_scmi for possible double free in SMC transport cleanup path (bsc#1223196). - CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches (bsc#1223190). - CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189). - CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035). - CVE-2024-26882: Fixed net/ip_tunnel to make sure to pull inner header in ip_tunnel_rcv() (bsc#1223034). - CVE-2024-26881: Fixed net/hns3 kernel crash when 1588 is received on HIP08 devices (bsc#1223041). - CVE-2024-26879: Fixed clk/meson by adding missing clocks to axg_clk_regmaps (bsc#1223066). - CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060). - CVE-2024-26866: Fixed spi/spi-fsl-lpspi by removing redundant spi_controller_put call (bsc#1223024). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-26861: Fixed wireguard/receive annotate data-race around receiving_counter.counter (bsc#1223076). - CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058). - CVE-2024-26856: Fixed use-after-free inside sparx5_del_mact_entry (bsc#1223052). - CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051). - CVE-2024-26853: Fixed igc returning frame twice in XDP_REDIRECT (bsc#1223061). - CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057). - CVE-2024-26848: Fixed afs endless loop in directory parsing (bsc#1223030). - CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for workstations (bsc#1222968). - CVE-2024-26830: Fixed i40e to not allow untrusted VF to remove administratively set MAC (bsc#1223012). - CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid integer overflow (bsc#1222812). - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624). - CVE-2024-26807: Fixed spi/cadence-qspi NULL pointer reference in runtime PM hooks (bsc#1222801). - CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink (bsc#1222630). - CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp (bsc#1222428). - CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a wrong zone index (bsc#1222615). - CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618). - CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (bsc#1222613). - CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma (bsc#1222610) - CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726). - CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721). - CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt (bsc#1222720). - CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in gtp_genl_dump_pdp() in gtp (bsc#1222632). - CVE-2024-26751: Fixed ARM/ep93xx terminator to gpiod_lookup_table (bsc#1222724). - CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449). - CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr (bsc#1222677). - CVE-2024-26737: Fixed selftests/bpf racing between bpf_timer_cancel_and_free and bpf_timer_cancel (bsc#1222557). - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585). - CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already gets read (bsc#1222536). - CVE-2024-26718: Fixed dm-crypt/dm-verity disable tasklets (bsc#1222416). - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422). - CVE-2024-26696: Fixed nilfs2 hang in nilfs_lookup_dirty_data_buffers() (bsc#1222549). - CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503). - CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435). - CVE-2024-26685: Fixed nilfs2 potential bug in end_buffer_async_write (bsc#1222437). - CVE-2024-26684: Fixed net/stmmac/xgmac handling of DPP safety error for DMA channels (bsc#1222445). - CVE-2024-26681: Fixed netdevsim to avoid potential loop in nsim_dev_trap_report_work() (bsc#1222431). - CVE-2024-26680: Fixed net/atlantic DMA mapping for PTP hwts ring (bsc#1222427). - CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379). - CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization (bsc#1222368). - CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357). - CVE-2024-26660: Fixed drm/amd/display bounds check for stream encoder creation (bsc#1222266). - CVE-2024-26656: Fixed drm/amdgpu use-after-free bug (bsc#1222307). - CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299). - CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342). - CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126). - CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104). - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169). - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264). - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686). - CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd (bsc#1223033). - CVE-2023-52636: Fixed libceph cursor init when preparing sparse read in msgr2 (bsc#1222247). - CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294). - CVE-2023-52627: Fixed iio:adc:ad7091r exports into IIO_AD7091R namespace (bsc#1222051). - CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous sets never used from userspace (bsc#1221825). - CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612). - CVE-2023-52614: Fixed PM/devfreq buffer overflow in trans_stat_show (bsc#1221617). - CVE-2023-52593: Fixed wifi/wfx possible NULL pointer dereference in wfx_set_mfp_ap() (bsc#1221042). - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044). - CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088). - CVE-2023-52589: Fixed media/rkisp1 IRQ disable race issue (bsc#1221084). - CVE-2023-52585: Fixed drm/amdgpu for possible NULL pointer dereference in amdgpu_ras_query_error_status_helper() (bsc#1221080). - CVE-2023-52561: Fixed arm64/dts/qcom/sdm845-db845c to mark cont splash memory region (bsc#1220935). - CVE-2023-52503: Fixed tee/amdtee use-after-free vulnerability in amdtee_close_session (bsc#1220915). - CVE-2023-52488: Fixed serial/sc16is7xx convert from _raw_ to _noinc_ regmap functions for FIFO (bsc#1221162). - CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505). - CVE-2022-48659: Fixed mm/slub to return errno if kmalloc() fails (bsc#1223498). - CVE-2022-48658: Fixed mm/slub to avoid a problem in flush_cpu_slab()/__free_slab() task context (bsc#1223496). - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513). - CVE-2022-48642: Fixed netfilter/nf_tables percpu memory leak at nf_tables_addchain() (bsc#1223478). - CVE-2022-48640: Fixed bonding for possible NULL pointer dereference in bond_rr_gen_slave_id (bsc#1223499). - CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475). - CVE-2021-47214: Fixed hugetlb/userfaultfd during restore reservation in hugetlb_mcopy_atomic_pte() (bsc#1222710). - CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878) - CVE-2021-47200: Fixed drm/prime for possible use-after-free in mmap within drm_gem_ttm_mmap() and drm_gem_ttm_mmap() (bsc#1222838). - CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832). - CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706). - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669). - CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664). - CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662). - CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660). The following non-security bugs were fixed: - ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter (stable-fixes). - ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC (stable-fixes). - ALSA: hda/realtek - Fix inactive headset mic jack (stable-fixes). - ALSA: hda/realtek: Add quirk for HP SnowWhite laptops (stable-fixes). - ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU (stable-fixes). - ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() (git-fixes). - ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support (stable-fixes). - ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support (stable-fixes). - ALSA: scarlett2: Add correct product series name to messages (stable-fixes). - ALSA: scarlett2: Add support for Clarett 8Pre USB (stable-fixes). - ALSA: scarlett2: Default mixer driver to enabled (stable-fixes). - ALSA: scarlett2: Move USB IDs out from device_info struct (stable-fixes). - ASoC: meson: axg-card: make links nonatomic (git-fixes). - ASoC: meson: axg-tdm-interface: manage formatters in trigger (git-fixes). - ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes). - ASoC: soc-core.c: Skip dummy codec when adding platforms (stable-fixes). - ASoC: tegra: Fix DSPK 16-bit playback (git-fixes). - ASoC: ti: davinci-mcasp: Fix race condition during probe (git-fixes). - Bluetooth: Add new quirk for broken read key length on ATS2851 (git-fixes). - Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes). - Bluetooth: Fix memory leak in hci_req_sync_complete() (git-fixes). - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() (stable-fixes). - Bluetooth: L2CAP: Fix not validating setsockopt user input (git-fixes). - Bluetooth: RFCOMM: Fix not validating setsockopt user input (git-fixes). - Bluetooth: SCO: Fix not validating setsockopt user input (git-fixes). - Bluetooth: add quirk for broken address properties (git-fixes). - Bluetooth: btintel: Fix null ptr deref in btintel_read_version (stable-fixes). - Bluetooth: btintel: Fixe build regression (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 (stable-fixes). - Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE (git-fixes). - Bluetooth: hci_event: set the conn encrypted before conn establishes (stable-fixes). - Bluetooth: hci_sock: Fix not validating setsockopt user input (git-fixes). - Bluetooth: qca: fix NULL-deref on non-serdev suspend (git-fixes). - Documentation: Add missing documentation for EXPORT_OP flags (stable-fixes). - HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (git-fixes). - HID: logitech-dj: allow mice to use all types of reports (git-fixes). - HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running (stable-fixes). - Input: synaptics-rmi4 - fail probing if memory allocation for 'phys' fails (stable-fixes). - NFC: trf7970a: disable all regulators on removal (git-fixes). - NFS: avoid spurious warning of lost lock that is being unlocked (bsc#1221791). - PCI/AER: Block runtime suspend when handling errors (git-fixes). - PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports (git-fixes). - PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports (git-fixes). - PCI/DPC: Quirk PIO log size for certain Intel Root Ports (git-fixes). - PCI/PM: Drain runtime-idle callbacks before driver removal (git-fixes). - PCI: Drop pci_device_remove() test of pci_dev->driver (git-fixes). - PCI: rpaphp: Error out on busy status from get-sensor-state (bsc#1223369 ltc#205888). - RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). - RDMA/cm: Print the old state when cm_destroy_id gets timeout (git-fixes). - RDMA/cm: add timeout to cm_destroy_id wait (git-fixes) - Reapply 'drm/qxl: simplify qxl_fence_wait' (stable-fixes). - Revert 'ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default' (stable-fixes). - Revert 'drm/qxl: simplify qxl_fence_wait' (git-fixes). - Revert 'ice: Fix ice VF reset during iavf initialization (jsc#PED-376).' (bsc#1223275) - Revert 'usb: cdc-wdm: close race between read and workqueue' (git-fixes). - Revert 'usb: phy: generic: Get the vbus supply' (git-fixes). - USB: UAS: return ENODEV when submit urbs fail with device not attached (stable-fixes). - USB: serial: add device ID for VeriFone adapter (stable-fixes). - USB: serial: cp210x: add ID for MGP Instruments PDS100 (stable-fixes). - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M (stable-fixes). - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB (stable-fixes). - USB: serial: option: add Fibocom FM135-GL variants (stable-fixes). - USB: serial: option: add Lonsung U8300/U9300 product (stable-fixes). - USB: serial: option: add MeiG Smart SLM320 product (stable-fixes). - USB: serial: option: add Rolling RW101-GL and RW135-GL support (stable-fixes). - USB: serial: option: add Telit FN920C04 rmnet compositions (stable-fixes). - USB: serial: option: add support for Fibocom FM650/FG650 (stable-fixes). - USB: serial: option: support Quectel EM060K sub-models (stable-fixes). - ahci: asm1064: asm1166: do not limit reported ports (git-fixes). - ahci: asm1064: correct count of reported ports (stable-fixes). - arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes) - arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes) - arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes) - arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes) - arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git-fixes) - arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes) - arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes) - arm64: hibernate: Fix level3 translation fault in swsusp_save() (git-fixes). - ax25: fix use-after-free bugs caused by ax25_ds_del_timer (git-fixes). - batman-adv: Avoid infinite loop trying to resize local TT (git-fixes). - bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes). - bcache: Remove dead references to cache_readaheads (git-fixes). - bcache: Remove unnecessary NULL point check in node allocations (git-fixes). - bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes). - bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes). - bcache: avoid oversize memory allocation by small stripe_size (git-fixes). - bcache: bset: Fix comment typos (git-fixes). - bcache: check return value from btree_node_alloc_replacement() (git-fixes). - bcache: fix NULL pointer reference in cached_dev_detach_finish (git-fixes). - bcache: fix error info in register_bcache() (git-fixes). - bcache: fixup bcache_dev_sectors_dirty_add() multithreaded CPU false sharing (git-fixes). - bcache: fixup btree_cache_wait list damage (git-fixes). - bcache: fixup init dirty data errors (git-fixes). - bcache: fixup lock c->root error (git-fixes). - bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes). - bcache: move calc_cached_dev_sectors to proper place on backing device detach (git-fixes). - bcache: move uapi header bcache.h to bcache code directory (git-fixes). - bcache: prevent potential division by zero error (git-fixes). - bcache: remove EXPERIMENTAL for Kconfig option 'Asynchronous device registration' (git-fixes). - bcache: remove redundant assignment to variable cur_idx (git-fixes). - bcache: remove the backing_dev_name field from struct cached_dev (git-fixes). - bcache: remove the cache_dev_name field from struct cache (git-fixes). - bcache: remove unnecessary flush_workqueue (git-fixes). - bcache: remove unused bch_mark_cache_readahead function def in stats.h (git-fixes). - bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes). - bcache: replace snprintf in show functions with sysfs_emit (git-fixes). - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes). - bcache: use bvec_kmap_local in bch_data_verify (git-fixes). - bcache: use bvec_kmap_local in bio_csum (git-fixes). - bcache: use default_groups in kobj_type (git-fixes). - bcache:: fix repeated words in comments (git-fixes). - ceph: stop copying to iter at EOF on sync reads (bsc#1223068). - ceph: switch to corrected encoding of max_xattr_size in mdsmap (bsc#1223067). - clk: Get runtime PM before walking tree during disable_unused (git-fixes). - clk: Initialize struct clk_core kref earlier (stable-fixes). - clk: Mark 'all_lists' as const (stable-fixes). - clk: Print an info line before disabling unused clocks (stable-fixes). - clk: Remove prepare_lock hold assertion in __clk_release() (git-fixes). - clk: remove extra empty line (stable-fixes). - comedi: vmk80xx: fix incomplete endpoint checking (git-fixes). - dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes). - dm cache: add cond_resched() to various workqueue loops (git-fixes). - dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes). - dm crypt: add cond_resched() to dmcrypt_write() (git-fixes). - dm crypt: avoid accessing uninitialized tasklet (git-fixes). - dm flakey: do not corrupt the zero page (git-fixes). - dm flakey: fix a bug with 32-bit highmem systems (git-fixes). - dm flakey: fix a crash with invalid table line (git-fixes). - dm flakey: fix logic when corrupting a bio (git-fixes). - dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes). - dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes). - dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes). - dm raid: fix false positive for requeue needed during reshape (git-fixes). - dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes). - dm stats: check for and propagate alloc_percpu failure (git-fixes). - dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes). - dm thin metadata: check fail_io before using data_sm (git-fixes). - dm thin: add cond_resched() to various workqueue loops (git-fixes). - dm thin: fix deadlock when swapping to thin device (bsc#1177529). - dm verity: do not perform FEC for failed readahead IO (git-fixes). - dm verity: fix error handling for check_at_most_once on FEC (git-fixes). - dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes). - dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes). - dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes). - dm-raid: fix lockdep waring in 'pers->hot_add_disk' (git-fixes). - dm-verity, dm-crypt: align 'struct bvec_iter' correctly (git-fixes). - dm-verity: align struct dm_verity_fec_io properly (git-fixes). - dm: add cond_resched() to dm_wq_work() (git-fixes). - dm: call the resume method on internal suspend (git-fixes). - dm: do not lock fs when the map is NULL during suspend or resume (git-fixes). - dm: do not lock fs when the map is NULL in process of resume (git-fixes). - dm: remove flush_scheduled_work() during local_exit() (git-fixes). - dm: send just one event on resize, not two (git-fixes). - dma: xilinx_dpdma: Fix locking (git-fixes). - dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (git-fixes). - dmaengine: owl: fix register access functions (git-fixes). - dmaengine: tegra186: Fix residual calculation (git-fixes). - docs: Document the FAN_FS_ERROR event (stable-fixes). - drm-print: add drm_dbg_driver to improve namespace symmetry (stable-fixes). - drm/amd/display: Do not recursively call manual trigger programming (stable-fixes). - drm/amd/display: Fix nanosec stat overflow (stable-fixes). - drm/amd/display: fix disable otg wa logic in DCN316 (stable-fixes). - drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 (stable-fixes). - drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 (stable-fixes). - drm/amdgpu: Fix leak when GPU memory allocation fails (stable-fixes). - drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes). - drm/amdgpu: always force full reset for SOC21 (stable-fixes). - drm/amdgpu: fix incorrect active rb bitmap for gfx11 (stable-fixes). - drm/amdgpu: fix incorrect number of active RBs for gfx11 (stable-fixes). - drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 (git-fixes). - drm/amdgpu: validate the parameters of bo mapping operations more clearly (git-fixes). - drm/amdkfd: Reset GPU on queue preemption failure (stable-fixes). - drm/ast: Fix soft lockup (git-fixes). - drm/client: Fully protect modes[] with dev->mode_config.mutex (stable-fixes). - drm/i915/cdclk: Fix CDCLK programming order when pipes are active (git-fixes). - drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes). - drm/i915: Disable port sync when bigjoiner is used (stable-fixes). - drm/msm/dp: fix typo in dp_display_handle_port_status_changed() (git-fixes). - drm/nouveau/nvkm: add a replacement for nvkm_notify (bsc#1223834) - drm/panel: ili9341: Respect deferred probe (git-fixes). - drm/panel: ili9341: Use predefined error codes (git-fixes). - drm/panel: visionox-rm69299: do not unregister DSI device (git-fixes). - drm/vc4: do not check if plane->state->fb == state->fb (stable-fixes). - drm/vmwgfx: Enable DMA mappings with SEV (git-fixes). - drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes). - drm/vmwgfx: Fix invalid reads in fence signaled events (git-fixes). - drm/vmwgfx: Sort primary plane formats by order of preference (git-fixes). - drm: nv04: Fix out of bounds access (git-fixes). - drm: panel-orientation-quirks: Add quirk for GPD Win Mini (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go (stable-fixes). - dump_stack: Do not get cpu_sync for panic CPU (bsc#1223574). - fbdev: fix incorrect address computation in deferred IO (git-fixes). - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 (stable-fixes). - fbmon: prevent division by zero in fb_videomode_from_videomode() (stable-fixes). - fix build warning - fuse: do not unhash root (bsc#1223951). - fuse: fix root lookup with nonzero generation (bsc#1223950). - hwmon: (amc6821) add of_match table (stable-fixes). - i2c: pxa: hide unused icr_bits[] variable (git-fixes). - i2c: smbus: fix NULL function pointer dereference (git-fixes). - i40e: Fix VF MAC filter removal (git-fixes). - idma64: Do not try to serve interrupts when device is powered off (git-fixes). - iio: accel: mxc4005: Interrupt handling fixes (git-fixes). - iio:imu: adis16475: Fix sync mode setting (git-fixes). - init/main.c: Fix potential static_command_line memory overflow (git-fixes). - iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter (git-fixes). - iommu/amd: Fix 'Guest Virtual APIC Table Root Pointer' configuration in IRTE (git-fixes). - iommu/amd: Fix domain flush size when syncing iotlb (git-fixes). - iommu/amd: Fix error handling for pdev_pri_ats_enable() (git-fixes). - iommu/arm-smmu-qcom: Limit the SMR groups to 128 (git-fixes). - iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any (git-fixes). - iommu/fsl: fix all kernel-doc warnings in fsl_pamu.c (git-fixes). - iommu/iova: Fix alloc iova overflows issue (git-fixes). - iommu/mediatek: Flush IOTLB completely only if domain has been attached (git-fixes). - iommu/rockchip: Fix unwind goto issue (git-fixes). - iommu/sprd: Release dma buffer to avoid memory leak (git-fixes). - iommu/vt-d: Allocate local memory for page request queue (git-fixes). - iommu/vt-d: Allow zero SAGAW if second-stage not supported (git-fixes). - iommu/vt-d: Fix error handling in sva enable/disable paths (git-fixes). - iommu: Fix error unwind in iommu_group_alloc() (git-fixes). - ipv6/addrconf: fix a potential refcount underflow for idev (git-fixes). - kABI: Adjust trace_iterator.wait_index (git-fixes). - kprobes: Fix double free of kretprobe_holder (bsc#1220901). - kprobes: Fix possible use-after-free issue on kprobe registration (git-fixes). - libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (git-fixes). - libnvdimm/region: Allow setting align attribute on regions without mappings (git-fixes). - livepatch: Fix missing newline character in klp_resolve_symbols() (bsc#1223539). - md/raid1: fix choose next idle in read_balance() (git-fixes). - md: Do not clear MD_CLOSING when the raid is about to stop (git-fixes). - md: do not clear MD_RECOVERY_FROZEN for new dm-raid until resume (git-fixes). - media: cec: core: remove length check of Timer Status (stable-fixes). - media: sta2x11: fix irq handler cast (stable-fixes). - mei: me: add arrow lake point H DID (stable-fixes). - mei: me: add arrow lake point S DID (stable-fixes). - mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes). - mm/vmscan: make sure wakeup_kswapd with managed zone (bsc#1223473). - mmc: sdhci-msm: pervent access to suspended controller (git-fixes). - mtd: diskonchip: work around ubsan link failure (stable-fixes). - nd_btt: Make BTT lanes preemptible (git-fixes). - net: bridge: vlan: fix memory leak in __allowed_ingress (git-fixes). - net: fix a memleak when uncloning an skb dst and its metadata (git-fixes). - net: fix skb leak in __skb_tstamp_tx() (git-fixes). - net: ipv6: ensure we call ipv6_mc_down() at most once (git-fixes). - net: mld: fix reference count leak in mld_{query | report}_work() (git-fixes). - net: stream: purge sk_error_queue in sk_stream_kill_queues() (git-fixes). - net: usb: ax88179_178a: avoid the interface always configured as random address (git-fixes). - net: usb: ax88179_178a: avoid writing the mac address before first reading (git-fixes). - net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes). - net: vlan: fix underflow for the real_dev refcnt (git-fixes). - netfilter: br_netfilter: Drop dst references before setting (git-fixes). - netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() (git-fixes). - netfilter: nft_ct: fix l3num expectations with inet pseudo family (git-fixes). - nfsd: use __fput_sync() to avoid delayed closing of files (bsc#1223380 bsc#1217408). - nilfs2: fix OOB in nilfs_set_de_type (git-fixes). - nilfs2: fix OOB in nilfs_set_de_type (git-fixes). - nouveau: fix function cast warning (git-fixes). - nouveau: fix instmem race condition around ptr stores (git-fixes). - nvdimm/namespace: drop nested variable in create_namespace_pmem() (git-fixes). - nvdimm: Allow overwrite in the presence of disabled dimms (git-fixes). - nvdimm: Fix badblocks clear off-by-one error (git-fixes). - nvdimm: Fix dereference after free in register_nvdimm_pmu() (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu() (git-fixes). - pci_iounmap(): Fix MMIO mapping leak (git-fixes). - phy: tegra: xusb: Add API to retrieve the port number of phy (stable-fixes). - pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs (stable-fixes). - platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet (stable-fixes). - powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191). - powerpc/pseries/iommu: LPAR panics when rebooted with a frozen PE (bsc#1222011 ltc#205900). - powerpc/rtas: define pr_fmt and convert printk call sites (bsc#1223369 ltc#205888). - powerpc/rtas: export rtas_error_rc() for reuse (bsc#1223369 ltc#205888). - powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191). - powerpc: Refactor verification of MSR_RI (bsc#1223191). - printk: Add this_cpu_in_panic() (bsc#1223574). - printk: Adjust mapping for 32bit seq macros (bsc#1223574). - printk: Avoid non-panic CPUs writing to ringbuffer (bsc#1223574). - printk: Disable passing console lock owner completely during panic() (bsc#1223574). - printk: Drop console_sem during panic (bsc#1223574). - printk: Rename abandon_console_lock_in_panic() to other_cpu_in_panic() (bsc#1223574). - printk: Use prb_first_seq() as base for 32bit seq macros (bsc#1223574). - printk: Wait for all reserved records with pr_flush() (bsc#1223574). - printk: nbcon: Relocate 32bit seq macros (bsc#1223574). - printk: ringbuffer: Clarify special lpos values (bsc#1223574). - printk: ringbuffer: Cleanup reader terminology (bsc#1223574). - printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() (bsc#1223574). - printk: ringbuffer: Improve prb_next_seq() performance (bsc#1223574). - printk: ringbuffer: Skip non-finalized records in panic (bsc#1223574). - pstore/zone: Add a null pointer check to the psz_kmsg_read (stable-fixes). - ring-buffer: Do not set shortest_full when full target is hit (git-fixes). - ring-buffer: Fix full_waiters_pending in poll (git-fixes). - ring-buffer: Fix resetting of shortest_full (git-fixes). - ring-buffer: Fix waking up ring buffer readers (git-fixes). - ring-buffer: Make wake once of ring_buffer_wait() more robust (git-fixes). - ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() (git-fixes). - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment (git-fixes). - s390/cio: Ensure the copied buf is NUL terminated (git-fixes bsc#1223875). - s390/decompressor: fix misaligned symbol build error (git-fixes bsc#1223785). - s390/mm: Fix clearing storage keys for huge pages (git-fixes bsc#1223877). - s390/mm: Fix storage key clearing for guest huge pages (git-fixes bsc#1223878). - s390/qeth: Fix kernel panic after setting hsuid (git-fixes bsc#1223879). - s390/scm: fix virtual vs physical address confusion (git-fixes bsc#1223784). - s390/vdso: Add CFI for RA register to asm macro vdso_func (git-fixes bsc#1223876). - s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223598). - s390/zcrypt: fix reference counting on zcrypt card objects (git-fixes bsc#1223595). - serial/pmac_zilog: Remove flawed mitigation for rx irq flood (git-fixes). - serial: core: Provide port lock wrappers (stable-fixes). - serial: core: fix kernel-doc for uart_port_unlock_irqrestore() (git-fixes). - serial: mxs-auart: add spinlock around changing cts state (git-fixes). - slimbus: qcom-ngd-ctrl: Add timeout for wait operation (git-fixes). - speakup: Avoid crash on very long word (git-fixes). - speakup: Fix 8bit characters from direct synth (git-fixes). - tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp (git-fixes). - thunderbolt: Avoid notify PM core about runtime PM resume (stable-fixes). - thunderbolt: Fix wake configurations after device unplug (stable-fixes). - tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string (git-fixes). - tracing/ring-buffer: Fix wait_on_pipe() race (git-fixes). - tracing: Have saved_cmdlines arrays all in one allocation (git-fixes). - tracing: Remove precision vsnprintf() check from print event (git-fixes). - tracing: Show size of requested perf buffer (git-fixes). - tracing: Use .flush() call to wake up readers (git-fixes). - usb: Disable USB3 LPM at shutdown (stable-fixes). - usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device (git-fixes). - usb: dwc2: host: Fix dereference issue in DDMA completion flow (git-fixes). - usb: gadget: composite: fix OS descriptors w_value logic (git-fixes). - usb: gadget: f_fs: Fix a race condition when processing setup packets (git-fixes). - usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error (stable-fixes). - usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic (git-fixes). - usb: ohci: Prevent missed ohci interrupts (git-fixes). - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined (stable-fixes). - usb: typec: tcpci: add generic tcpci fallback compatible (stable-fixes). - usb: typec: tcpm: Check for port partner validity before consuming it (git-fixes). - usb: typec: tcpm: unregister existing source caps before re-registration (bsc#1220569). - usb: typec: ucsi: Ack unsupported commands (stable-fixes). - usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset (stable-fixes). - usb: typec: ucsi: Fix connector check on init (git-fixes). - usb: udc: remove warning when queue disabled ep (stable-fixes). - vdpa/mlx5: Allow CVQ size changes (git-fixes). - virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal (bsc#1223949). - wifi: ath9k: fix LNA selection in ath_ant_try_scan() (stable-fixes). - wifi: iwlwifi: mvm: remove old PASN station when adding a new one (git-fixes). - wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd (git-fixes). - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (stable-fixes). - wifi: nl80211: do not free NULL coalescing rule (git-fixes). - x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git-fixes). - x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type (jsc#PED-7167 git-fixes). - x86/sev: Skip ROM range scans and validation for SEV-SNP guests (jsc#PED-7167 git-fixes). - x86/xen: Add some null pointer checking to smp.c (git-fixes). - x86/xen: add CPU dependencies for 32-bit build (git-fixes). - x86/xen: fix percpu vcpu_info allocation (git-fixes). - xen-netback: properly sync TX responses (git-fixes). - xen-netfront: Add missing skb_mark_for_recycle (git-fixes). - xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import (git-fixes). - xen/xenbus: document will_handle argument for xenbus_watch_path() (git-fixes). - xfrm6: fix inet6_dev refcount underflow problem (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1769-1 Released: Thu May 23 16:26:19 2024 Summary: Recommended update for SLE-Micro, SLE-Micro-base, SLE-Micro-kvm, SLE-Micro-rt, build-iso, build-iso-base, elemental, elemental-channel-image, elemental-channel1.5-image, elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, elemental-rt-channel-image, elemental-rt-channel1.5-image, elemental-toolkit, operator-image1.5, seedimage-builder, seedimage-builder1.5, systemd-presets-branding-SLE-Micro-for-Rancher Type: recommended Severity: important References: 1218560 This update for SLE-Micro, SLE-Micro-base, SLE-Micro-kvm, SLE-Micro-rt, build-iso, build-iso-base, elemental, elemental-channel-image, elemental-channel1.5-image, elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, elemental-rt-channel-image, elemental-rt-channel1.5-image, elemental-toolkit, operator-image1.5, seedimage-builder, seedimage-builder1.5, systemd-presets-branding-SLE-Micro-for-Rancher fixes the following issues: Changes in SLE-Micro: - Update to version 2.0.4: * [v2.0.x] Hostname backports (#1371) * Fix kvm and rt dockerfile arguments * Make sure no variables in /etc/os-release are duplicated * Fix endless reboot on FORCE upgrades (v2.0.x backport) (#1258) Changes in SLE-Micro-base: - Update to version 2.0.4: * [v2.0.x] Hostname backports (#1371) * Fix kvm and rt dockerfile arguments * Make sure no variables in /etc/os-release are duplicated - Update to version 2.0.3: * Fix endless reboot on FORCE upgrades (v2.0.x backport) (#1258) Changes in SLE-Micro-kvm: - Update to version 2.0.4: * [v2.0.x] Hostname backports (#1371) * Fix kvm and rt dockerfile arguments * Make sure no variables in /etc/os-release are duplicated - Update to version 2.0.3: * Fix endless reboot on FORCE upgrades (v2.0.x backport) (#1258) Changes in SLE-Micro-rt: - Update to version 2.0.4: * [v2.0.x] Hostname backports (#1371) * Fix kvm and rt dockerfile arguments * Make sure no variables in /etc/os-release are duplicated - Update to version 2.0.3: * Fix endless reboot on FORCE upgrades (v2.0.x backport) (#1258) Changes in build-iso: - Update to version 2.0.4: * Fix kvm and rt dockerfile arguments * Make sure no variables in /etc/os-release are duplicated - Update to version 2.0.3 Changes in build-iso-base: - Update to version 2.0.4: * Fix kvm and rt dockerfile arguments * Make sure no variables in /etc/os-release are duplicated - Update to version 2.0.3 Changes in elemental: - Update to version 2.0.4: * [v2.0.x] Hostname backports (#1371) * Fix kvm and rt dockerfile arguments * Make sure no variables in /etc/os-release are duplicated - Update to version 2.0.3: * Fix endless reboot on FORCE upgrades (v2.0.x backport) (#1258) Changes in elemental-channel-image: - Adapt Dockerfile to pull explicitly elemental-register instead of the newer 1.5 version of it - Add v2.0.2 image to channel Changes in elemental-channel1.5-image: - Add v2.0.2 image to channel - Remove `for Rancher` suffix - Channel adapted to 'suse/sle-micro' images Changes in elemental-operator1.5: - Update to version 1.5.1: * Repurpose v1.5.x branch for SLE Micro 5.5 * Micro rename (#684) * elemental-operator registration cleanups (#689) * Sanitize elemental-operator dependencies (#690) * github actions: add airgap script test * [Airgap] minor: fix debug message * [Airgap] add script tests * Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 * Bump docker/login-action from 3.0.0 to 3.1.0 * Bump docker/build-push-action from 5.2.0 to 5.3.0 * Add extension to seedimage url (#682) * registration: allow dots in machineInventory names * registration: decouple replacing data-labels from sanitizing strings * registration: move sanitize code in sanitizeString() * Fix ManagedOSImage cloudConfig (#671) * New name is elemental-rootfs * Use /run/elemental and elemental- services (#675) * Update github.com/golang/protobuf * Run make vendor * Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 * Bump docker/build-push-action from 5.1.0 to 5.2.0 * [Airgap] fix channel.json extraction (#669) * [Airgap] fix 'channel.image'/'channel.repository' value in 'next steps' (#665) * Align DrainSpec to system-upgrade-controller defaults (#668) * operator/Dockerfile: tag IMAGE_REPO with :latest * seedimage: add tag to IMG_REPO * Dockerfile: SLE_VERSION -> SLEMICRO_VERSION * operator: switch to toolbox for ALP * seedimage: switch labelprefix to com.suse.elemental * seedimage: Switch to toolbox for ALP * Drain nodes by default on upgrade (#660) * [Airgap] fix missing return code value * [Airgap] Use bash test syntax * [Airgap] make the script work with both legacy and newer charts * [Airgap] fix the airgap script - Update to version 1.5.0: * Enable ManagedOSImage updates (#658) * Review omitempty flag on API json converter * charts: backport changes from Rancher Marketplace chart (#652) * Make snapshotter configurable (#651) * [Airgap] fix the airgap script (#654) * Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 * [Airgap] add support to Hauler in the airgap script (#647) * Fix channel synchronization * Bump docker/metadata-action from 4.1.1 to 5.5.1 * Requeue reconcile loop for ongoing synchronizations * elemental-register: collect OS data for MachineInventories annotations (#642) * Bump go to 1.22 (#643) * Make channel sync more robust (#638) * Makefile/setup-full-cluster: build seedimage-builder image too (#639) * Makefile: fix commit date for local builds (#631) * Requeue after 1 second in case of failures * Recover on syncer pod creation failures * Bump docker/build-push-action from 3.2.0 to 5.1.0 * Bump docker/setup-buildx-action from 2.2.1 to 3.0.0 * Bump golangci/golangci-lint-action from 3 to 4 * Bump github/codeql-action from 2 to 3 * Update system-upgrade-controller test version (#630) * Add dev baseimage build (#619) * Test against k8s v1.27, rancher v2.8.2, and upgrade all test dependendencies (#628) * Use go 1.20 * Use rancher/yip v1.4.10 * Use go.mod ginkgo version * SeedImage builder arguments in wrong order * Use newer xorriso (#624) * Bump codecov/codecov-action from 3 to 4 * Bump docker/login-action from 2.1.0 to 3.0.0 * Bump actions/dependency-review-action from 2 to 4 * Update actions/labeler config * Make linter happy * Bump actions/labeler from 4 to 5 * README: drop legacy docs (#616) * Add dependabot config for actions * Bump github actions * Do not adopt machineinventories undergoing deletion/reset (#605) * Update seedimage build-disk command * Fix inversed reset options (#604) * Print system architecture (#603) * hostname: set the hostname on the newer location too * Charts/Makefile: fix default OS channel repo name (#594) * Add hostname to system-data * Add elemental-seedimage-hooks package (#592) * Restrict package arch to x86_64 and aarch64 * Update copyright year (2024) * Update copyright year (2024) * Change raw SeedImage deploy-command * Add target platform validation test * Add kubebuilder example and validation * Add TargetPlatform to SeedImageSpec * Fix default values in questions.yaml file * Bump golang.org/x/crypto to 0.17.0 * Add disable-boot-entry flag to reset command * Always pull channel image on channel sync * Fix channel sync bug * Avoid repeating package name in summary * Make summary start with a capital letter * Unify all chart files under .obs/charfile * Add warning if both device and device-selector set * Add grub package to seedimage built in OBS (#568) * Fix device-selector logic (#571) * Add missing questions.yaml file * Implement picking dynamic installation device (#561) * Build raw disk images in SeedImage (#557) * charts: fix annotations (#566) * ci: fix SeedImage builder used image * Bump github.com/docker/docker from 20.10.24+incompatible to 24.0.7+incompatible (#560) * Update google.golang.org/grpc to v1.56.3 * Keep old output-name * Add slem4r images in channel (#544) * Bring your own SeedImage builder (#542) - Update to version 1.4.3: * registration: allow dots in machineInventory names * registration: decouple replacing data-labels from sanitizing strings * registration: move sanitize code in sanitizeString() * V1.4.x fix channel synchronization (#683) * linter: fix copyright dates * Make linter happy - Update to version 1.4.2: * Fix inversed reset options (#604) * Add hostname to system-data * Fix default values in questions.yaml file - ExclusiveArch x86_64 and aarch64 (bsc#1218560) - Update to version 1.4.1 * Always pull channel image on channel sync * Fix channel sync bug * Avoid repeating package name in summary * Make summary start with a capital letter - Update to version 1.4.0+git20231129.c7f1dc1: * Add slem4r images in channel (#544) * Unify all chart files under .obs/charfile - Update to version 1.4.0+git20231127.55a37d4: * Add warning if both device and device-selector set * Fix device-selector logic (#571) * Implement picking dynamic installation device (#561) * Add missing questions.yaml file * charts: fix annotations (#566) * Make sure to not overlap with the already existing channel and use RT for tests * Remove use of images from quay.io * Prevent installing if previous CRDs are pending to be removed * elemental-airgap: allow to just create the channel (#548) * bump go to 1.20 or later * Bump dependencies (#540) * ci: bump k8s and Rancher Manager versions * Use helm/kind-action to install kind * ci: fix action versions used * Disable local plan for elemental-system-agent * Improve error management * Patch already existing versions on channel sync * Improve update events filtering to actually ignore status updates * Add some improvements * Run all syncers in a pod * Fix e2e workflow * elemental-airgap: fix skipping http/https URLs * Use the proper format for command arguments * Prevent recalling bootstrap.sh on 'systemctl restart elemental-system-agent' * elemental-airgap: fix automatic image channel name (#521) * register: add no-toolkit unit tests * register: add os.unmanaged inventory annotation * register: add no-toolkit option * make verify: stay on mockgen v0.2.0 (#523) * elemental-airgap: add support to OS images (#518) * Small refactor to centralize registration config checks * Ensure Elemental registration data includes the registration URL * Remove --debug flag from helm pull * Attempt to use charts from PR project in e2e tests * Publish OBS charts to gh-pages * elemental-airgap: allow to pass dev | staging | stable as argument * elemental-airgap: pick the operator chart as an argument * elemental-airgap: add script to help airgap deployment * Apply a regex on tags to match the same criteria as in OBS * Charts: fix OBS build * Publish all OBS repositories on PRs * Fix repository url * Charts: always use camelCase for values (#507) * Revert not-needed marker fix * Set default spec.config.elemental.reset block for MachineRegistration * Use elemental-register-reset service (#502) * Use OBS PR builds for the e2e tests * Build and publish charts for OBS/IBS artifacts in gh-pages - Update to version 1.3.2+git20230824.c90c1c8: * Disable service triggers on staging (#498) * Add CAPI cluster role to helm chart (#500) * Charts: sync OBS charts * tests: fix e2e workflow * tests: fix chart workflow * Makefile: add the REGISTRY_URL var * Charts: add registry templating for custom airgap * Charts: add README * Charts: enforce templating on the channel resource * Charts: update rancher annotations * Bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible (#442) * Fixed a typo in the version string for elemental-teal-channel in helm chart (#495) * Implement remote machines reset (#489) * Remove custom default config-dir on installation media * Remove SLE Micro reference from elemental-operator images * Include crds chart in OBS workflow * Update OBS workflow to the new project setup * Make SLE Micro version from image references dynamic (#480) * Recreate service account token secret if missing * Adds ca-certificates and ca-certificates-mozilla in operator image * Adapt .spec file to non-SUSE distributions (#482) * Improve re-registration (#479) * Do not make use of ServiceAccount.Secrets list * Fix elemental managed label value to match backup operator expectations * Make explicit elemental-operator image is under l3 support * Add CONTRIBUTING.md (#472) * Handle mkdir error * Create registration config directory if not exist * Persist registration state * Omit confusing debug message * Fix error formatting * Handle MsgUpdate response on client side * Remove unnecessary MsgUpdate payload. Rely on authentication data instead * Handle sendUpdate error * Do not terminate serveLoop on MsgUpdate * - Check protocol version before sending MsgUpdate - Use MsgUpdate to notify registration update only * Charts: add a new chart to host the pre-hook migration template * Charts: add template checking crds installation * Prevent registration update if MachineInventory is not found * Do not retry registration when on installed system and using randomized TPM seed * Do not retry registration when not on live system * Check for live registration config when no arguments passed * operator: copy cloud-config file not its link (#468) * Update README installation section (#465) * SeedImage: manage updates of builder Pod under deletion * SeedImage: add ResourcesNotCreatedYet Ready condition * SeedImage: reset download URL on Pod deletion * SeedImage: allow the controller full control on configmaps * SeedImage: isolate all the config map logic in a separate function * SeedImage: on retriggerBuild delete owned SeedImage resources * SeedImage: drop redundant set of retriggerBuild * The job was missing a templated name for the serviceaccount to be fully consistent * Update charts/crds/Chart.yaml * Update .obs/chartfile/crds/Chart.yaml * Add upgrade hook * Include channel as part of the installation * Adapt tests and Makefile * Split chart into crds chart and operator chart * websocket/trivial: messages: annotate version of introduction * register client: make linter happy * register client: annotate auth method used for registration * register client: rework getHostMacAddr() * register client: add 'mac' and 'sys-uuid' Plain Auth * register client: set TPM as default authentication method * operator: enable plain auth * operator: add plain auth * elemental api: add fields to support plain authentication * Bump rancher and k8s for e2e tests (#449) * OBS PR workflow: set the right project to disable images repo * Fix OBS PR workflow * goreleaser: fix releases CI (#444) * Chart: add logo and Rancher display-name annotation (#440) * Add channel hook-failed delete policy * Include display name field on ManagedOSVersions * Add ISO type in ManagedOSVersions * SeedImage: add to the github release workflow * Fix template * Include elemental-teal-channel by default on chart install * Merge default command and image in containersSpec * Add tests for containerized base ISO and utilities * Pull iso as a container * SeedImage extended API: drop debug log * SeedImage: extended api doesn't expect the iso name anymore * SeedImage: inject MachineRegistration and date in the built iso name * httpfy: allow to serve single file * SeedImage: pass whole SeedImage reference to fillBuildImagePod * SeedImage: add more seedimage_controller tests * Utils: generalize IsPodOwned func to IsObecjtOwned() and add tests * SeedImage: make the linter happy... * SeedImage: controller logic for the pod cleanup/retrigger * SeedImage: add image timeout and retrigger fields * httpfy: add timeout parameter * Use config map in seedimage pod (#423) * SeedImage: check OwnerReference in controller tests * SeedImage: retrieve MachineRegistration just once * SeedImage: set OwnerReferences * Add seedimage-builder into the OBS workflow * Feat: add CODEOWNERS * OBS: build ssl default certificates in SeedImage build image * Update default values file in OBS * SeedImage: set build image PullPolicy from the operator chart * unit-tests: cover MAC and Used Memory in labels test * unit-tests/trivial: move server.go test to the new server_test.go file * OBS: use SeedImage build image from OBS for the chart * Bump github.com/docker/docker from 20.10.22+incompatible to 20.10.24+incompatible (#410) * Update to go 1.19 (#408) * SeedImage: add Dockerfile for OBS build * httpfy: support automated building * Build elemental-operator image from scratch * Prevent a nil pointer dereference panic error * Fix event filters * Prevent retriggering a reconcile on ownership setup * Do not start error messages with capital letters * Extend unit tests for inventory and selector resources * Adapt unit tests to new condition states * Selector and inventory cleanup * Ensure optimistic locking is set on machine selectors * Adapt info and debug logging for the inventory and selector controllers * Read machine inventory only once on selector reconcile * Sets a validation process for Machine Inventory adoption * Enble cache for MachineInventorySelector resources * SeedImage: update OBS build recipes * SeedImage: busybox base64 decodes with -d only * SeedImage: pass the build image from the operator chart * SeedImage: build image for the builder pod * Add cloud-config support to seedImage (#399) * SeedImage: fix registration yaml name (#394) * operator: ensure elemental finalizers are removed if present (#393) * SeedImage: move sync status with running pod to new func * operator: allow seedimage download from the extended API * SeedImage: add DownloadToken in the Status * operator: return http 401 error on registration auth failure * operator: report error on unrecognized auth websocket connections * operator: drop build-image api (#389) * unit-tests: ensure resources cleanup (#390) * SeedImage: drop finalizer tests * SeedImage: check conditions and return early when needed * SeedImage: add more tests * Adapt tests to drop finalizers * Stop using finalizers if not extrictly needed * operator: add SeedImage CRD (#377) * Prevent MachineInventorySelector from being cached * Set object not found as a debug message * Update logs to not use info with custom depth * operator: use opensuse nginx to serve build-img ISO (#369) * Use variadic arguments in klog instead of slices * operator: register the host IP in MachineInventory annotations (#350) * Unify logging * operator: labels minor improvements (#363) * build-image API: add build job with single pod lifecycle (#362) * Turn MachineInventoryRef into LocalObjectReference (#359) * Remove branch filter on tag events (#361) * Update actions/download-artifact to v3.0.2 * Filter inventory list with a labelSelector and not with a labels map (#358) * Move system-data labels to templating * operator: let build-image API GET to return the image URL (#351) * register client: isolate TPM auth code (#346) * operator: fix label name (#348) * operator: fix MachineInventory search during registration (#342) * operator: always use software UUID as default machine name (#340) * Set default elemental-operator USER * operator: add support to old register clients (#338) * Lints * Update wharfie to 0.5.3 * register client: allow to register against lower version operators (#332) * Replace action engineerd/setup-kind (#328) * Copyright date-range 2022 - 2023 (#327) * Use go 1.18 * operator: expose build-image API (#315) * Fix node-labels regression * Do not store cpu info if not available (#321) * docs: add ref to the official docs in the chart readme (#316) * linter: fix go-header check (#319) * unit-tests: disable parallelization (#312) * Change tar-file layout in elemental-support * Add default config-dir value (#313) * Re-add config-dir install flag (#309) * Return registration errors to client (#301) * Properly sanitize extra system data (#307) * Improve unit tests (#308) * Derive TPM seed from system UUID (#297) * Add disable-boot-entry flag in install structure (#302) * Fetch commit and date from obsinfo file (#300) * operator: add back debug logs for logrus (registration) (#299) * [tpm] Set a random seed if emulated tpm seed is set to -1 (#282) * Include _helmignore file (#295) * Add OBS build repcipes into the repository (#294) * Drop legacy catalog for tests (#291) * Kubebuilder: fix MachineRegistration search during registration (#280) (#293) * Send full system data on registration (#276) * Bump rancher version in e2e tests (#290) * Set default syncTime when not provided (#289) * Remove invalid conditions from objects (#284) * operator: don't try to patch an empty MachineInventory (#274) * Backport minor fixes (#271) * Merge all main logic in one file (#270) * [controller_runtime] add registration protocol version (#266) * Kubebuilder: Remove unused code (#267) * [controller_runtime] operator/registration: switch to Kubebuilder client (#256) * Refactor ManagedOsImage e2e tests (#263) * Add a rate limiter to managedosversionchannel reconciler (#260) * Refactor MachineRegistration e2e tests (#253) * Drop requeuer, not needed anymore (#255) * Improve syncer (#252) * New syncer logic (#245) * Fix make verify (#248) * controller: add Secret name reference to the ServiceAccount (#247) * Kubebuilder: Add 'verify' workflow (#244) * Add remaining controllers (#232) * Kubebuilder: Add machine inventory selector controller (#224) * Kubebuilder: Add remaining API types (#225) * Kubebuilder: Add machine inventory controller (#221) * Kubebuilder: Add machine registration controller (#206) * Kubebuilder: Run new code and generate RBAC (#203) * Kubebuilder: Add make tasks for different tools (#194) * Add kubebuilder API definitions (#184) * Change yaml-marshalling of node-labels file (#287) * Remove yaml typo (#286) * Add helm labels and annotations to all crds (#281) * Set helm labels on CRDs (#277) * Change the helm chart oci reference to be aligned with other elemental images (#268) * Add version commands/flags for all binaries (#262) * Use custom names in upgrade objects (#254) * Several improvements to the support command (#258) * Also trigger Dev rebuild on tag push (#249) * Propagate inventory labels to node on bootstrap plan (#243) * Add codeql + escape user input before processing (#237) * Create dependency-review.yml (#236) * Bump golangci action (#234) * Stop elemental-system-agent when the node is ready (#231) * Fix docker and gorelease jobs (#230) * operator: improve logging of the MachineRegistration controller * operator: move ServiceAccount creation to a separate func * operator: drop duplicated import * operator: enforce ServiceAccount's Secret link * operator: create ServiceAccounts before their Secrets * operator: unit-tests: add coverage for unauthenticatedResponse() (#217) * coverity: make patch status informational (#219) * tests: Add k8s 1.24 and default to rancher 2.6.9 (#220) * tests: use latest url for rancher charts (#218) * Elemental Operator: manage empty config in MachineRegistrations (#213) * Label other objects created by elemental-operator (#216) * Only read yaml files included in the given directories (#215) * Label secrets managed by elemental-operator (#212) * Allow custom config files for elemental-cli (#210) * Collect operator logs after running tests (#204) * Audit and update elemental-operator RBAC ClusterRole (#196) * Add config for e2e tests (#201) * Add OBS workflow to update elemental-operator package (#200) * Add vendor for obs integration (#198) * release: enhance release pipeline (#195) * operator: drop duplicated import of elemental APIs (#199) * Disable CGO under arm for register binaries + restore SBOM (#193) * Revert 'Add sbom to releases and attach to containers' (#191) * Add elemental GlobalRole for Rancher UI (#187) * Add reasons for conditions (#185) * lint: dont overshadow var (#172) - elemental-register needs lvm2 for running blkdeactivate. - Update to version 0.6.0+git20220923.ffdff84: * Add v0.6.0 changelog (#182) - Update to version 0.6.0+git20220923.f022acb: * unit-tests: add support to Secrets in registraion's OnChange() * operator: log the creation of a new registration token * operator: explicitly add Secrets to registration ServiceAccounts * operator: return error when the ServiceAccount has no secrets - Update to version 0.5.0+git20220922.17d9d21: * support command improvements (#173) - make elemental-support a sub-package - disable chart building, was not packaged - Update to version 0.5.0+git20220912.846c610: * Add sbom to releases and attach to containers (#160) * Use BCI Golang image to build image * register: fix CGO build in Dockerfile * register: build it with CGO (#169) * tests(registration): More unit tests (#167) * Rework client to accept a ClientInterface (#166) * tests(inventory): Add unit tests for inventory methods (#164) * register/operator: drop MachineInventory labels passed from the client * unit-tests: check default machine name * go mod tidy * operator: change default MachineInventory name * Add simple changelog (#158) - Update to version 0.5.0+git20220902.3d28c5d: * Configure custom smbios data (#157) - Update to version 0.4.4+git20220902.64f4703: * operator: ensure inventory.Labels is not nil before adding labels - Update to version 0.4.4+git20220901.75792d6: * Add extra labels with smbios data (#155) * Fix secretname for the apiService (#153) * unit-tests: add websocket coverage * operator: add unit-test for mergeInventoryLabels() * operator/register: drop unused code * operator/register: rework the registration protocol * websocket: add helper functions * register: set a timeout for retrieving the installation config * drop unused labels on bootstrap (#154) * Fix missing cosign and run command (#151) * Enable deploying operator replicas (#150) * register: take control of the registration process * bump github.com/rancher-sandbox/go-tpm * fix linter: cyclomatic complexity of ServeHTTP is 16 * operator: move websocket management logic out of the tpm package * minor: drop duplicated logging * operator/http: check websocket upgrade header in HTTP connections - Update to version 0.4.3+git20220831.7e58679: * Add image signing to push jobs (#148) * Add local plan to rancher-system-agent to stop elemental-system-agent (#146) - Update to version 0.4.3+git20220822.f0bd8f4: * log: report elemental installation completion * Fix e2e discovery tests (#138) - Update to version 0.4.3+git20220812.72971ff: * Backwards compatibility for smbios headers (#137) * Only decode some smbios data (#134) * Drop uneeded files and add extra label (#135) * Split header into 7Kb of data (#133) * Add auto labeler (#125) * Remove default value for flag and expand description (#126) * [chart] only add default-registry if specified (#128) * Store binary artifacts on PR/master (#127) * [tests] fix nginx deploy url (#129) * Bundle support bin with register (#124) - build elemental-operator without CGO_ENABLED (doesn't need tpm) - Update to version 0.4.2+git20220805.5b64a77: * Set the proper namespace (#117) - Update to version 0.4.2+git20220805.485ff21: * Add CAs to docker artifact (#120) - Update to version 0.4.2+git20220804.76f61f5: * Store all registration data on installation (#116) - Update to version 0.4.2+git20220803.6d730d3: * Set fixed hostname and make it persistent (#106) - Update to version 0.4.2+git20220803.f4ba471: * Add 'support' to 'make build' (#111) - Update to version 0.4.2+git20220803.10d3621: * Add a elemental-support binary (#109) - Update to version 0.4.2+git20220802.f243498: * Add missing register command to bootstrap (#104) * Couple of tests for config mapstructure (#102) - Update to version 0.4.2+git20220801.ea7884e: * Produce 2 binaries instead of one (#99) * Push master merges to elemental-operator-ci (#100) * operator: pass all the registration fields on unauthenticated query - Update to version 0.4.2+git20220801.846d313: * Add missing mapstructure annotations to config (#101) * operator: drop duplicated MachineInventory init code - Update to version 0.4.2+git20220729.6b52b44 - Bump to v0.4.2 - Update to version 0.4.1+git20220729.6b52b44: * Set a fixed name config for rke/k3s deployments (#97) - Update to version 0.4.1+git20220728.896efee: * mend * Drop unneeded code - Update to version 0.4.1+git20220728.38929d2: * Update elemental api resources for upgrades (#95) - Update to version 0.4.1+git20220728.b5c35b9: * operator: fix adding machineInventoryLabels after initial registration - Update to version 0.4.1+git20220727.68b87dd: * Drop setting a custom providerID (#91) - Update to version 0.4.0+git20220727.3241cfd: * Bump rancher version (#89) - Update to version 0.4.0+git20220722.ea618ea: * elemental-operator register: keep system CAs when passing a custom CA * elemental-operator register: add some more logging * add github.com/sanity-io/litter module * ensure all the structs include proper yaml labels * Add a target to setup a clean cluster (#79) * [register] Check for path error before doing anything (#80) * Make /oem/registration the default configuration dir (#81) * Add README to elemetal-operator helm chart (#56) * Store registration yaml in installed system (#71) * Fix 'make unit-tests' - Update to version 0.3.0+git20220722.f2ab68c: * [register] Check for path error before doing anything (#80) - Update to version 0.3.0+git20220722.cf20bc6: * Make /oem/registration the default configuration dir (#81) - Update to version 0.3.0+git20220722.9b9844b: * Add README to elemetal-operator helm chart (#56) - Update to version 0.3.0+git20220721.52c3cbb: * Store registration yaml in installed system (#71) - Remove elemental-operator.service, as this is now executed as part of the cloud-config shipped with elemental. See https://github.com/rancher/elemental/pull/178 - Update to version 0.3.0+git20220721.e15e76e: * Fix 'make unit-tests' * Do note fetch cloud-config on unauthenticated registartion calls (#67) * Change the default machine name to include the UUID - read config from /run/initramfs/live - Update to version 0.3.0+git20220720.90791e4: * Update MachineRegistration example - Update to version 0.3.0+git20220720.79d957e: * Adds support for cloud-config data in machine registration (#61) - Update to version 0.2.1+git20220719.489d40f: * review elemental installer env vars (#59) - Run elemental-operator.service after cos-setup-network.service is completely done. Add back a dependency with multi-user.target to ensure it is pulled by some target at boot. - Run elemental-operator.service after mutli-user.target to ensure it is executed after all boot services are ready - only run in live mode - Update to version 0.2.1+git20220718.3530dc5: * ensure install struct includes proper yaml labels (#57) - Update to version 0.2.1+git20220718.6e2f20f: * Pass debug flag to elemental client if requested (#58) - Update to version 0.2.1+git20220715.2381ebc: * Do not attempt to install in already installed systems (#55) * Some fixes for the release pipelines (#53) - Update to 0.2.0 - Update to version 0.1.1+git20220715.618d3c4: * Log the version, commit and commit date on start (#43) - Update to version 0.1.1+git20220715.bd811be: * Remove obsolete logic from former ros-installer (#45) - pass COMMITDATE to build - Update to version 0.1.1+git20220714.a05a2db: * elemental-operator register: enable local plans - Update to version 0.1.1+git20220714.602178c: * elemental-operator register: allow cacert passed as file or data (#44) * Makefile: fix make build-docker (#41) - On behalf of commit 62bac1d (#38) `elemental install` is called within the `elemental-operator register` command, so the unit file only needs to call `elemental-operator register` - drop elemental-installer and -chart subpackages - add elemental-operator.service file - build with TPM emulation - Update to version 0.1.1+git20220713.adfff7c: * Some register fixes (#40) * elemental-operator register: add elemental cli call (#38) * Fix building the operator/installer with emulatedTPM (#39) * Return a Config.Config in MachineInventory (#35) * Use cacert from rancher and use serverl-url from rancher (#36) - Update to version 0.1.1+git20220713.bcfe4d0: * Add test for chart values (#31) - Update to version 0.1.1+git20220712.14d4d95: * Share installation configuration structures (#24) * bump github.com/docker/distribution to 2.8.1 (#29) * Bump image-spec to 1.0.2 (#28) * Bump system-agent to 0.2.8 (#17) * update testhelpers * Update go.sum * [ci] Up the go version and restore the proper cache * Fix go.sum * [test] Remove focus * [lint] ignore generated files - Update to version 0.1.1+git20220707.39177e8: * Rename RancherOS to Elemental in installer logic * Merge elemental installer (#20) * renamed to elemental-operator and switched to system agent * Fix wrong key in example full reference * Rename rancheros->elemental in README * tests: Use helpers from testlib * tests: Add upgrades e2e test * ci: detect when deployments are already there * Update missing policy rule * Sort env to avoid updating same bundle - Update to version 0.1.1+git20220707.1d97f14: * Merge elemental installer (#20) * renamed to elemental-operator and switched to system agent * Fix wrong key in example full reference * Rename rancheros->elemental in README * tests: Use helpers from testlib * tests: Add upgrades e2e test * ci: detect when deployments are already there * Update missing policy rule * Sort env to avoid updating same bundle * Be sure to not push same env multiple times - Update to version 0.0.0+git20220707.0c6dcff: * Adapat Dockerfile and golreleaser to keep releasing and building elemental-operator as they used to * Update .github/workflows/unit-tests.yaml * Update Makefile - Update to version 0.0.0+git20220707.4b69306: * Adding installer unit tests * Add elemental-installer * Move main into a cmd/operator package - Update to version 0.0.0+git20220704.211ad46: * renamed to elemental-operator and switched to system agent * Fix wrong key in example full reference * Rename elemental->elemental in README * tests: Use helpers from testlib * tests: Add upgrades e2e test * ci: detect when deployments are already there * Update missing policy rule * Sort env to avoid updating same bundle * Be sure to not push same env multiple times * Update pkg/controllers/inventory/inventory.go - adapt machine-registration.yaml and create-cluster.yaml to system-agent - Update to version 0.1.0+git20220622.84e703a: * added registration command and support for using elemental as a cluster api infrastructure provider * wip * renamed to elemental-operator and switched to system agent - Update to version 0.1.0+git20220603.19a5e9e: * Fix wrong key in example full reference * Rename elemental->elemental in README - rename binary to elemental-operator - Update to version 0.1.0+git20220420.6e6aa51: - Update to version 0.1.0+git20220525.9e1d451: * rename pathes to 'elemental' * rename files to 'elemental' * rename directories to 'elemental' * tests: Use helpers from testlib * tests: Add upgrades e2e test * ci: detect when deployments are already there * Update missing policy rule * Sort env to avoid updating same bundle * Be sure to not push same env multiple times * Update pkg/controllers/inventory/inventory.go - renamed the api spec in the sample .yaml files - Update to version 0.1.0+git20220525.9e1d451: * rename pathes to 'elemental' * rename files to 'elemental' * rename directories to 'elemental' * tests: Use helpers from testlib * tests: Add upgrades e2e test * ci: detect when deployments are already there * Update missing policy rule * Sort env to avoid updating same bundle * Be sure to not push same env multiple times * Update pkg/controllers/inventory/inventory.go - Update to version 0.1.0+git20220420.6e6aa51: * tests: Use helpers from testlib * tests: Add upgrades e2e test * ci: detect when deployments are already there * Update missing policy rule * Sort env to avoid updating same bundle * Be sure to not push same env multiple times * Update pkg/controllers/inventory/inventory.go * Rework * Add events on errors * e2e-ci: add some missing check on errors - Update to version 0.1.0+git20220518.f916493: * rename to elemental-operator - update default kubernetesVersion to 1.22.7 - Update machine-registration.yaml * add hostname * put 'install' section below 'elemental' - Update to version 0.1.0+git20220420.6e6aa51: * tests: Use helpers from testlib * tests: Add upgrades e2e test * ci: detect when deployments are already there * Update missing policy rule * Sort env to avoid updating same bundle * Be sure to not push same env multiple times * Update pkg/controllers/inventory/inventory.go * Rework * Add events on errors - Update to version 0.1.0-alpha23+git20220408.cd4553f: * e2e-ci: add some missing check on errors * Bump ele-testhelpers version * e2e-ci: move some functions to ele-testhelpers * Update README * Do not make kube calls blocking * Test env metadata injection * Correctly annotate env vars from metadata * Adapt tests, add test cases * Respect upgradeContainerSpec from ManagedOSVersion * Do allocate the event recorder once in the syncer * Refactor out recorder boilerplate * Collect errors when syncing * Refactor out requeuer to not be blocking * Add test for event broadcasting * Set appropriate rules for broadcasting events * go gen * Record invalid specs back to the VersionChannel * Build general event interface from raw k8s into client * Add reconciler * Wrong obs workflow name :facepalm: * Add OBS workflow to trigger rpm build * Use operator image for wait and display hook * CLI fixups * Allow to specify a mountpath * Add requeue mechanism * Disable mounting SA token by default on sync pod * Implement Custom syncer * Lower the ticker for testing * Set the default update to 60m * Add sync-interval flag * Add owner reference on ManagedOSVersion * Bump rancher version used in tests * Don't watch over specific namespaces * Add make target to test local changes in kind * Enhance tests * Allow to set a bridge ip * Allow to selectively sync user-defined namespaces * Add MachineOSVersionChannel JSON tests * Implement JSON syncer logic * Very basic sync service logic * ManagedOSVersionChannel sync service * Add ManagedOSVersionChannel and skeleton for sync service - Initial version 0.1.0~alpha23 Changes in elemental-operator1.5-crds-helm: - Update to version 1.5.1: * Sanitize elemental-operator dependencies (#690) * Fix ManagedOSImage cloudConfig (#671) * Align DrainSpec to system-upgrade-controller defaults (#668) * Drain nodes by default on upgrade (#660) - Update to version 1.5.0: * Make snapshotter configurable (#651) * Make channel sync more robust (#638) * Test against k8s v1.27, rancher v2.8.2, and upgrade all test dependendencies (#628) * Add kubebuilder example and validation * Add TargetPlatform to SeedImageSpec * Add disable-boot-entry flag to reset command - Update to version 1.4.3 - Update to version 1.4.2 - Update to version 1.4.1 - Update to version 1.4.0+git20231128.a867d93: * Unify all chart files under .obs/charfile - Update to version 1.3.2+git20230824.c90c1c8: * Charts: sync OBS charts * Update .obs/chartfile/crds/Chart.yaml * Adapt tests and Makefile * Split chart into crds chart and operator chart - Update to version 0.5.0+git20220902.3d28c5d: * Configure custom smbios data (#157) - Update to version v0.4.4: * Fix secretname for the apiService (#153) * Enable deploying operator replicas (#150) - Update to version 0.4.3+git20220822.f0bd8f4: * log: report elemental installation completion * Fix e2e discovery tests (#138) - Update to version v0.4.3: * Remove default value for flag and expand description (#126) * [chart] only add default-registry if specified (#128) * Set the proper namespace (#117) - Bump to v0.4.2 - Bump to v0.4.1 - Update to version v0.4.0: * Add README to elemetal-operator helm chart (#56) - Update Chart.yaml to the right elemental-operator version - Update to elemental-operator v0.3.0 - Improve Makefile to get image tag from github - Update Makefile and build elemental-operator.tar - Bump version to 0.2.1 - Bump elemental-operator tag image to 0.2.1-10.1 - Bump elemental-operator tag image to 0.2.0-9.1 - Update _helmignore file - Update Makefile and fix build issues - Add _helmignore file - Update to version 0.1.1+git2022-07-13.adfff7c: * Use cacert from rancher and use serverl-url from rancher (#36) - Update image repository in values-overwrite.yaml - Initial commit for elemental-operator helm chart Changes in elemental-operator1.5-helm: - Update to version 1.5.1 - Update to version 1.5.0: * Enable ManagedOSImage updates (#658) * charts: backport changes from Rancher Marketplace chart (#652) * Test against k8s v1.27, rancher v2.8.2, and upgrade all test dependendencies (#628) * Fix default values in questions.yaml file * Unify all chart files under .obs/charfile * charts: fix annotations (#566) * Add slem4r images in channel (#544) * Charts: fix OBS build * Charts: sync OBS charts * Fixed a typo in the version string for elemental-teal-channel in helm chart (#495) - Update to version 1.4.3 - Update to version 1.4.2 * Fix default values in questions.yaml file - Update to version 1.4.1 - Update to version 1.4.0+git20231129.c7f1dc1: * Add slem4r images in channel (#544) - Update to version 1.4.0+git20231128.a867d93: * Unify all chart files under .obs/charfile * charts: fix annotations (#566) * Charts: fix OBS build - Update to version 1.3.2+git20230824.c90c1c8: * Charts: sync OBS charts * Fixed a typo in the version string for elemental-teal-channel in helm chart (#495) * Remove SLE Micro reference from elemental-operator images * Make SLE Micro version from image references dynamic (#480) * Adapt tests and Makefile * Split chart into crds chart and operator chart - Update to version 0.5.0+git20220902.3d28c5d: * Configure custom smbios data (#157) - Update to version v0.4.4: * Fix secretname for the apiService (#153) * Enable deploying operator replicas (#150) - Update to version 0.4.3+git20220822.f0bd8f4: * log: report elemental installation completion * Fix e2e discovery tests (#138) - Update to version v0.4.3: * Remove default value for flag and expand description (#126) * [chart] only add default-registry if specified (#128) * Set the proper namespace (#117) - Bump to v0.4.2 - Bump to v0.4.1 - Update to version v0.4.0: * Add README to elemetal-operator helm chart (#56) - Update Chart.yaml to the right elemental-operator version - Update to elemental-operator v0.3.0 - Improve Makefile to get image tag from github - Update Makefile and build elemental-operator.tar - Bump version to 0.2.1 - Bump elemental-operator tag image to 0.2.1-10.1 - Bump elemental-operator tag image to 0.2.0-9.1 - Update _helmignore file - Update Makefile and fix build issues - Add _helmignore file - Update to version 0.1.1+git2022-07-13.adfff7c: * Use cacert from rancher and use serverl-url from rancher (#36) - Update image repository in values-overwrite.yaml - Initial commit for elemental-operator helm chart Changes in elemental-rt-channel-image: - Adapt the Dockerfile to explicitly pull elemental-register (v1.4) instead of the newer 1.5 variant of it. - Fix RT URLs and use import channel.json file from previous build stage - Only build for x86_64 - Add SLE Micro RT v2.0.2 to channel Changes in elemental-rt-channel1.5-image: - Fix RT URLs and use import channel.json file from previous build stage - Only build for x86_64 - Add SLE Micro RT v2.0.2 to channel - Adapt channel to the new 'suse/sle-micro' images Changes in elemental-toolkit: - Update to version 1.1.5: * [v1.1.x] Move recovery hostname to cloud-config-defaults (#2047) - Update to version 1.1.4: * Add default rootfs settings * Install podman in example Dockerfiles (#1959) - Update to version 1.1.2: * Remove unused method * Update copyright year (2024) * Update workflow to trigger for go.mod * Bump moby at v25.0.1 * Bump docker at v23.0.8 * Bump go-git at v5.11.0 * Bump containerd at v1.7.12 Changes in operator-image1.5: - Update to version 1.5.1: * Repurpose v1.5.x branch for SLE Micro 5.5 - Update to version 1.5.0: * Micro rename (#684) * operator/Dockerfile: tag IMAGE_REPO with :latest - Update to version 1.4.3 - Update to version 1.4.2 - Update to version 1.4.1 - Adding a changes file Changes in seedimage-builder: - Update to version 1.4.3 Changes in seedimage-builder1.5: - Update to version 1.5.1: * Repurpose v1.5.x branch for SLE Micro 5.5 - Update to version 1.5.0: * Micro rename (#684) * seedimage: add tag to IMG_REPO * seedimage: switch labelprefix to com.suse.elemental * seedimage: Switch to toolbox for ALP * Add elemental-seedimage-hooks package (#592) * Add grub package to seedimage built in OBS (#568) * Build raw disk images in SeedImage (#557) - Update to version 1.4.3 - Update to version 1.4.2 - Update to version 1.4.1 - Adding changes file The following package changes have been done: - perl-base-5.26.1-150300.17.17.1 updated - coreutils-8.32-150400.9.6.1 updated - systemd-presets-branding-SLE-Micro-for-Rancher-20230814-150500.3.3.1 updated - kernel-default-base-5.14.21-150500.55.62.2.150500.6.27.2 updated - elemental-register1.5-1.5.1-150500.1.3.1 added - elemental-support1.5-1.5.1-150500.1.3.1 added - elemental-updater-2.0.4-150500.4.3.1 updated - elemental-toolkit-1.1.5-150500.3.3.1 updated - elemental-2.0.4-150500.4.3.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.1 updated - elemental-register-1.4.3-150500.3.3.3 removed - elemental-support-1.4.3-150500.3.3.3 removed From sle-container-updates at lists.suse.com Sat May 25 07:01:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 25 May 2024 09:01:23 +0200 (CEST) Subject: SUSE-IU-2024:446-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20240525070123.73CDAFBA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:446-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.3 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.3 Severity : important Type : security References : 1082216 1082233 1141539 1177529 1190576 1192145 1192837 1193629 1196869 1200313 1201308 1201489 1203906 1203935 1204614 1207361 1211592 1213573 1213638 1217408 1218560 1218562 1218917 1219104 1219126 1219141 1219169 1219170 1219264 1220342 1220492 1220569 1220761 1220901 1220915 1220935 1221042 1221044 1221080 1221084 1221088 1221162 1221299 1221612 1221617 1221632 1221645 1221791 1221825 1222011 1222051 1222247 1222266 1222294 1222307 1222357 1222368 1222379 1222416 1222422 1222424 1222427 1222428 1222430 1222431 1222435 1222437 1222445 1222449 1222482 1222503 1222520 1222536 1222549 1222550 1222557 1222559 1222585 1222586 1222596 1222609 1222610 1222613 1222615 1222618 1222624 1222630 1222632 1222660 1222662 1222664 1222666 1222669 1222671 1222677 1222678 1222680 1222703 1222704 1222706 1222709 1222710 1222720 1222721 1222724 1222726 1222727 1222764 1222772 1222773 1222776 1222781 1222784 1222785 1222787 1222790 1222791 1222792 1222796 1222798 1222801 1222812 1222824 1222829 1222832 1222836 1222838 1222866 1222867 1222869 1222876 1222878 1222879 1222881 1222883 1222888 1222894 1222901 1222968 1223012 1223014 1223016 1223024 1223030 1223033 1223034 1223035 1223036 1223037 1223041 1223042 1223051 1223052 1223056 1223057 1223058 1223060 1223061 1223065 1223066 1223067 1223068 1223076 1223078 1223111 1223115 1223118 1223187 1223189 1223190 1223191 1223196 1223197 1223198 1223275 1223323 1223369 1223380 1223473 1223474 1223475 1223477 1223478 1223479 1223481 1223482 1223484 1223487 1223490 1223496 1223498 1223499 1223501 1223502 1223503 1223505 1223509 1223511 1223512 1223513 1223516 1223517 1223518 1223519 1223520 1223522 1223523 1223525 1223536 1223539 1223574 1223595 1223598 1223634 1223640 1223643 1223644 1223645 1223646 1223648 1223655 1223657 1223660 1223661 1223663 1223664 1223668 1223686 1223693 1223705 1223714 1223735 1223745 1223784 1223785 1223790 1223816 1223821 1223822 1223824 1223827 1223834 1223875 1223876 1223877 1223878 1223879 1223894 1223921 1223922 1223923 1223924 1223929 1223931 1223932 1223934 1223941 1223948 1223949 1223950 1223951 1223952 1223953 1223956 1223957 1223960 1223962 1223963 1223964 CVE-2018-6798 CVE-2018-6913 CVE-2021-47047 CVE-2021-47181 CVE-2021-47182 CVE-2021-47183 CVE-2021-47184 CVE-2021-47185 CVE-2021-47187 CVE-2021-47188 CVE-2021-47189 CVE-2021-47191 CVE-2021-47192 CVE-2021-47193 CVE-2021-47194 CVE-2021-47195 CVE-2021-47196 CVE-2021-47197 CVE-2021-47198 CVE-2021-47199 CVE-2021-47200 CVE-2021-47201 CVE-2021-47202 CVE-2021-47203 CVE-2021-47204 CVE-2021-47205 CVE-2021-47206 CVE-2021-47207 CVE-2021-47209 CVE-2021-47210 CVE-2021-47211 CVE-2021-47212 CVE-2021-47214 CVE-2021-47215 CVE-2021-47216 CVE-2021-47217 CVE-2021-47218 CVE-2021-47219 CVE-2022-48631 CVE-2022-48632 CVE-2022-48634 CVE-2022-48636 CVE-2022-48637 CVE-2022-48638 CVE-2022-48639 CVE-2022-48640 CVE-2022-48642 CVE-2022-48644 CVE-2022-48646 CVE-2022-48647 CVE-2022-48648 CVE-2022-48650 CVE-2022-48651 CVE-2022-48652 CVE-2022-48653 CVE-2022-48654 CVE-2022-48655 CVE-2022-48656 CVE-2022-48657 CVE-2022-48658 CVE-2022-48659 CVE-2022-48660 CVE-2022-48662 CVE-2022-48663 CVE-2022-48667 CVE-2022-48668 CVE-2022-48671 CVE-2022-48672 CVE-2022-48673 CVE-2022-48675 CVE-2022-48686 CVE-2022-48687 CVE-2022-48688 CVE-2022-48690 CVE-2022-48692 CVE-2022-48693 CVE-2022-48694 CVE-2022-48695 CVE-2022-48697 CVE-2022-48698 CVE-2022-48700 CVE-2022-48701 CVE-2022-48702 CVE-2022-48703 CVE-2022-48704 CVE-2023-2860 CVE-2023-52488 CVE-2023-52503 CVE-2023-52561 CVE-2023-52585 CVE-2023-52589 CVE-2023-52590 CVE-2023-52591 CVE-2023-52593 CVE-2023-52614 CVE-2023-52616 CVE-2023-52620 CVE-2023-52627 CVE-2023-52635 CVE-2023-52636 CVE-2023-52645 CVE-2023-52652 CVE-2023-6270 CVE-2024-0639 CVE-2024-0841 CVE-2024-22099 CVE-2024-23307 CVE-2024-23848 CVE-2024-23850 CVE-2024-26601 CVE-2024-26610 CVE-2024-26656 CVE-2024-26660 CVE-2024-26671 CVE-2024-26673 CVE-2024-26675 CVE-2024-26680 CVE-2024-26681 CVE-2024-26684 CVE-2024-26685 CVE-2024-26687 CVE-2024-26688 CVE-2024-26689 CVE-2024-26696 CVE-2024-26697 CVE-2024-26702 CVE-2024-26704 CVE-2024-26718 CVE-2024-26722 CVE-2024-26727 CVE-2024-26733 CVE-2024-26736 CVE-2024-26737 CVE-2024-26739 CVE-2024-26743 CVE-2024-26744 CVE-2024-26745 CVE-2024-26747 CVE-2024-26749 CVE-2024-26751 CVE-2024-26754 CVE-2024-26760 CVE-2024-267600 CVE-2024-26763 CVE-2024-26764 CVE-2024-26766 CVE-2024-26769 CVE-2024-26771 CVE-2024-26772 CVE-2024-26773 CVE-2024-26776 CVE-2024-26779 CVE-2024-26783 CVE-2024-26787 CVE-2024-26790 CVE-2024-26792 CVE-2024-26793 CVE-2024-26798 CVE-2024-26805 CVE-2024-26807 CVE-2024-26816 CVE-2024-26817 CVE-2024-26820 CVE-2024-26825 CVE-2024-26830 CVE-2024-26833 CVE-2024-26836 CVE-2024-26843 CVE-2024-26848 CVE-2024-26852 CVE-2024-26853 CVE-2024-26855 CVE-2024-26856 CVE-2024-26857 CVE-2024-26861 CVE-2024-26862 CVE-2024-26866 CVE-2024-26872 CVE-2024-26875 CVE-2024-26878 CVE-2024-26879 CVE-2024-26881 CVE-2024-26882 CVE-2024-26883 CVE-2024-26884 CVE-2024-26885 CVE-2024-26891 CVE-2024-26893 CVE-2024-26895 CVE-2024-26896 CVE-2024-26897 CVE-2024-26898 CVE-2024-26901 CVE-2024-26903 CVE-2024-26917 CVE-2024-26927 CVE-2024-26948 CVE-2024-26950 CVE-2024-26951 CVE-2024-26955 CVE-2024-26956 CVE-2024-26960 CVE-2024-26965 CVE-2024-26966 CVE-2024-26969 CVE-2024-26970 CVE-2024-26972 CVE-2024-26981 CVE-2024-26982 CVE-2024-26993 CVE-2024-27013 CVE-2024-27014 CVE-2024-27030 CVE-2024-27038 CVE-2024-27039 CVE-2024-27041 CVE-2024-27043 CVE-2024-27046 CVE-2024-27056 CVE-2024-27062 CVE-2024-27389 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1663-1 Released: Wed May 15 21:08:37 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1141539,1177529,1190576,1192145,1192837,1193629,1196869,1200313,1201308,1201489,1203906,1203935,1204614,1207361,1211592,1213573,1217408,1218562,1218917,1219104,1219126,1219141,1219169,1219170,1219264,1220342,1220492,1220569,1220761,1220901,1220915,1220935,1221042,1221044,1221080,1221084,1221088,1221162,1221299,1221612,1221617,1221645,1221791,1221825,1222011,1222051,1222247,1222266,1222294,1222307,1222357,1222368,1222379,1222416,1222422,1222424,1222427,1222428,1222430,1222431,1222435,1222437,1222445,1222449,1222482,1222503,1222520,1222536,1222549,1222550,1222557,1222559,1222585,1222586,1222596,1222609,1222610,1222613,1222615,1222618,1222624,1222630,1222632,1222660,1222662,1222664,1222666,1222669,1222671,1222677,1222678,1222680,1222703,1222704,1222706,1222709,1222710,1222720,1222721,1222724,1222726,1222727,1222764,1222772,1222773,1222776,1222781,1222784,1222785,1222787,1222790,1222791,1222792,1222796,1222798,1222801,1222812,1222824,1222829,1222832,1222836,1222838,1222866,1 222867,1222869,1222876,1222878,1222879,1222881,1222883,1222888,1222894,1222901,1222968,1223012,1223014,1223016,1223024,1223030,1223033,1223034,1223035,1223036,1223037,1223041,1223042,1223051,1223052,1223056,1223057,1223058,1223060,1223061,1223065,1223066,1223067,1223068,1223076,1223078,1223111,1223115,1223118,1223187,1223189,1223190,1223191,1223196,1223197,1223198,1223275,1223323,1223369,1223380,1223473,1223474,1223475,1223477,1223478,1223479,1223481,1223482,1223484,1223487,1223490,1223496,1223498,1223499,1223501,1223502,1223503,1223505,1223509,1223511,1223512,1223513,1223516,1223517,1223518,1223519,1223520,1223522,1223523,1223525,1223536,1223539,1223574,1223595,1223598,1223634,1223640,1223643,1223644,1223645,1223646,1223648,1223655,1223657,1223660,1223661,1223663,1223664,1223668,1223686,1223693,1223705,1223714,1223735,1223745,1223784,1223785,1223790,1223816,1223821,1223822,1223824,1223827,1223834,1223875,1223876,1223877,1223878,1223879,1223894,1223921,1223922,1223923,1223924,122392 9,1223931,1223932,1223934,1223941,1223948,1223949,1223950,1223951,1223952,1223953,1223956,1223957,1223960,1223962,1223963,1223964,CVE-2021-47047,CVE-2021-47181,CVE-2021-47182,CVE-2021-47183,CVE-2021-47184,CVE-2021-47185,CVE-2021-47187,CVE-2021-47188,CVE-2021-47189,CVE-2021-47191,CVE-2021-47192,CVE-2021-47193,CVE-2021-47194,CVE-2021-47195,CVE-2021-47196,CVE-2021-47197,CVE-2021-47198,CVE-2021-47199,CVE-2021-47200,CVE-2021-47201,CVE-2021-47202,CVE-2021-47203,CVE-2021-47204,CVE-2021-47205,CVE-2021-47206,CVE-2021-47207,CVE-2021-47209,CVE-2021-47210,CVE-2021-47211,CVE-2021-47212,CVE-2021-47214,CVE-2021-47215,CVE-2021-47216,CVE-2021-47217,CVE-2021-47218,CVE-2021-47219,CVE-2022-48631,CVE-2022-48632,CVE-2022-48634,CVE-2022-48636,CVE-2022-48637,CVE-2022-48638,CVE-2022-48639,CVE-2022-48640,CVE-2022-48642,CVE-2022-48644,CVE-2022-48646,CVE-2022-48647,CVE-2022-48648,CVE-2022-48650,CVE-2022-48651,CVE-2022-48652,CVE-2022-48653,CVE-2022-48654,CVE-2022-48655,CVE-2022-48656,CVE-2022-48657,CVE-2022-486 58,CVE-2022-48659,CVE-2022-48660,CVE-2022-48662,CVE-2022-48663,CVE-2022-48667,CVE-2022-48668,CVE-2022-48671,CVE-2022-48672,CVE-2022-48673,CVE-2022-48675,CVE-2022-48686,CVE-2022-48687,CVE-2022-48688,CVE-2022-48690,CVE-2022-48692,CVE-2022-48693,CVE-2022-48694,CVE-2022-48695,CVE-2022-48697,CVE-2022-48698,CVE-2022-48700,CVE-2022-48701,CVE-2022-48702,CVE-2022-48703,CVE-2022-48704,CVE-2023-2860,CVE-2023-52488,CVE-2023-52503,CVE-2023-52561,CVE-2023-52585,CVE-2023-52589,CVE-2023-52590,CVE-2023-52591,CVE-2023-52593,CVE-2023-52614,CVE-2023-52616,CVE-2023-52620,CVE-2023-52627,CVE-2023-52635,CVE-2023-52636,CVE-2023-52645,CVE-2023-52652,CVE-2023-6270,CVE-2024-0639,CVE-2024-0841,CVE-2024-22099,CVE-2024-23307,CVE-2024-23848,CVE-2024-23850,CVE-2024-26601,CVE-2024-26610,CVE-2024-26656,CVE-2024-26660,CVE-2024-26671,CVE-2024-26673,CVE-2024-26675,CVE-2024-26680,CVE-2024-26681,CVE-2024-26684,CVE-2024-26685,CVE-2024-26687,CVE-2024-26688,CVE-2024-26689,CVE-2024-26696,CVE-2024-26697,CVE-2024-26702,CVE-2024 -26704,CVE-2024-26718,CVE-2024-26722,CVE-2024-26727,CVE-2024-26733,CVE-2024-26736,CVE-2024-26737,CVE-2024-26739,CVE-2024-26743,CVE-2024-26744,CVE-2024-26745,CVE-2024-26747,CVE-2024-26749,CVE-2024-26751,CVE-2024-26754,CVE-2024-26760,CVE-2024-267600,CVE-2024-26763,CVE-2024-26764,CVE-2024-26766,CVE-2024-26769,CVE-2024-26771,CVE-2024-26772,CVE-2024-26773,CVE-2024-26776,CVE-2024-26779,CVE-2024-26783,CVE-2024-26787,CVE-2024-26790,CVE-2024-26792,CVE-2024-26793,CVE-2024-26798,CVE-2024-26805,CVE-2024-26807,CVE-2024-26816,CVE-2024-26817,CVE-2024-26820,CVE-2024-26825,CVE-2024-26830,CVE-2024-26833,CVE-2024-26836,CVE-2024-26843,CVE-2024-26848,CVE-2024-26852,CVE-2024-26853,CVE-2024-26855,CVE-2024-26856,CVE-2024-26857,CVE-2024-26861,CVE-2024-26862,CVE-2024-26866,CVE-2024-26872,CVE-2024-26875,CVE-2024-26878,CVE-2024-26879,CVE-2024-26881,CVE-2024-26882,CVE-2024-26883,CVE-2024-26884,CVE-2024-26885,CVE-2024-26891,CVE-2024-26893,CVE-2024-26895,CVE-2024-26896,CVE-2024-26897,CVE-2024-26898,CVE-2024-26901 ,CVE-2024-26903,CVE-2024-26917,CVE-2024-26927,CVE-2024-26948,CVE-2024-26950,CVE-2024-26951,CVE-2024-26955,CVE-2024-26956,CVE-2024-26960,CVE-2024-26965,CVE-2024-26966,CVE-2024-26969,CVE-2024-26970,CVE-2024-26972,CVE-2024-26981,CVE-2024-26982,CVE-2024-26993,CVE-2024-27013,CVE-2024-27014,CVE-2024-27030,CVE-2024-27038,CVE-2024-27039,CVE-2024-27041,CVE-2024-27043,CVE-2024-27046,CVE-2024-27056,CVE-2024-27062,CVE-2024-27389 The SUSE Linux Enterprise 15 SP5 Real Time kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705). - CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834). - CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists (bsc#1223822). - CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827). - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824). - CVE-2024-27041: Fixed drm/amd/display NULL checks for adev->dm.dc in amdgpu_dm_fini() (bsc#1223714). - CVE-2024-27039: Fixed clk/hisilicon/hi3559a an erroneous devm_kfree() (bsc#1223821). - CVE-2024-27038: Fixed clk_core_get NULL pointer dereference (bsc#1223816). - CVE-2024-27030: Fixed octeontx2-af to use separate handlers for interrupts (bsc#1223790). - CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735). - CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745). - CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693). - CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634). - CVE-2024-26970: Fixed clk/qcom/gcc-ipq6018 termination of frequency table arrays (bsc#1223644). - CVE-2024-26969: Fixed clk/qcom/gcc-ipq8074 termination of frequency table arrays (bsc#1223645). - CVE-2024-26966: Fixed clk/qcom/mmcc-apq8084 termination of frequency table arrays (bsc#1223646). - CVE-2024-26965: Fixed clk/qcom/mmcc-msm8974 termination of frequency table arrays (bsc#1223648). - CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and swapoff() (bsc#1223655). - CVE-2024-26951: Fixed wireguard/netlink check for dangling peer via is_dead instead of empty list (bsc#1223660). - CVE-2024-26950: Fixed wireguard/netlink to access device through ctx instead of peer (bsc#1223661). - CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664). - CVE-2024-26927: Fixed ASoC/SOF bounds checking to firmware data Smatch (bsc#1223525). - CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198). - CVE-2024-26896: Fixed wifi/wfx memory leak when starting AP (bsc#1223042). - CVE-2024-26893: Fixed firmware/arm_scmi for possible double free in SMC transport cleanup path (bsc#1223196). - CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches (bsc#1223190). - CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189). - CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035). - CVE-2024-26882: Fixed net/ip_tunnel to make sure to pull inner header in ip_tunnel_rcv() (bsc#1223034). - CVE-2024-26881: Fixed net/hns3 kernel crash when 1588 is received on HIP08 devices (bsc#1223041). - CVE-2024-26879: Fixed clk/meson by adding missing clocks to axg_clk_regmaps (bsc#1223066). - CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060). - CVE-2024-26866: Fixed spi/spi-fsl-lpspi by removing redundant spi_controller_put call (bsc#1223024). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-26861: Fixed wireguard/receive annotate data-race around receiving_counter.counter (bsc#1223076). - CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058). - CVE-2024-26856: Fixed use-after-free inside sparx5_del_mact_entry (bsc#1223052). - CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051). - CVE-2024-26853: Fixed igc returning frame twice in XDP_REDIRECT (bsc#1223061). - CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057). - CVE-2024-26848: Fixed afs endless loop in directory parsing (bsc#1223030). - CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for workstations (bsc#1222968). - CVE-2024-26830: Fixed i40e to not allow untrusted VF to remove administratively set MAC (bsc#1223012). - CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid integer overflow (bsc#1222812). - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624). - CVE-2024-26807: Fixed spi/cadence-qspi NULL pointer reference in runtime PM hooks (bsc#1222801). - CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink (bsc#1222630). - CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp (bsc#1222428). - CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a wrong zone index (bsc#1222615). - CVE-2024-26779: Fixed a race condition on enabling fast-xmit in mac80211 (bsc#1222772). - CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618). - CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (bsc#1222613). - CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma (bsc#1222610) - CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726). - CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721). - CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt (bsc#1222720). - CVE-2024-26760: Fixed scsi/target/pscsi bio_put() for error case (bsc#1222596). - CVE-2024-267600: Fixed scsi/target/pscsi error case in bio_put() (bsc#1222596). - CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in gtp_genl_dump_pdp() in gtp (bsc#1222632). - CVE-2024-26751: Fixed ARM/ep93xx terminator to gpiod_lookup_table (bsc#1222724). - CVE-2024-26747: Fixed a NULL pointer issue with USB parent module's reference (bsc#1222609). - CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449). - CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr (bsc#1222677). - CVE-2024-26737: Fixed selftests/bpf racing between bpf_timer_cancel_and_free and bpf_timer_cancel (bsc#1222557). - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585). - CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already gets read (bsc#1222536). - CVE-2024-26718: Fixed dm-crypt/dm-verity disable tasklets (bsc#1222416). - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422). - CVE-2024-26696: Fixed nilfs2 hang in nilfs_lookup_dirty_data_buffers() (bsc#1222549). - CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503). - CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435). - CVE-2024-26685: Fixed nilfs2 potential bug in end_buffer_async_write (bsc#1222437). - CVE-2024-26684: Fixed net/stmmac/xgmac handling of DPP safety error for DMA channels (bsc#1222445). - CVE-2024-26681: Fixed netdevsim to avoid potential loop in nsim_dev_trap_report_work() (bsc#1222431). - CVE-2024-26680: Fixed net/atlantic DMA mapping for PTP hwts ring (bsc#1222427). - CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379). - CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization (bsc#1222368). - CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357). - CVE-2024-26660: Fixed drm/amd/display bounds check for stream encoder creation (bsc#1222266). - CVE-2024-26656: Fixed drm/amdgpu use-after-free bug (bsc#1222307). - CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299). - CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342). - CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126). - CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104). - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169). - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264). - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686). - CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd (bsc#1223033). - CVE-2023-52636: Fixed libceph cursor init when preparing sparse read in msgr2 (bsc#1222247). - CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294). - CVE-2023-52627: Fixed iio:adc:ad7091r exports into IIO_AD7091R namespace (bsc#1222051). - CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous sets never used from userspace (bsc#1221825). - CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612). - CVE-2023-52614: Fixed PM/devfreq buffer overflow in trans_stat_show (bsc#1221617). - CVE-2023-52593: Fixed wifi/wfx possible NULL pointer dereference in wfx_set_mfp_ap() (bsc#1221042). - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044). - CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088). - CVE-2023-52589: Fixed media/rkisp1 IRQ disable race issue (bsc#1221084). - CVE-2023-52585: Fixed drm/amdgpu for possible NULL pointer dereference in amdgpu_ras_query_error_status_helper() (bsc#1221080). - CVE-2023-52561: Fixed arm64/dts/qcom/sdm845-db845c to mark cont splash memory region (bsc#1220935). - CVE-2023-52503: Fixed tee/amdtee use-after-free vulnerability in amdtee_close_session (bsc#1220915). - CVE-2023-52488: Fixed serial/sc16is7xx convert from _raw_ to _noinc_ regmap functions for FIFO (bsc#1221162). - CVE-2022-48701: Fixed an out-of-bounds bug in __snd_usb_parse_audio_interface() (bsc#1223921). - CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505). - CVE-2022-48659: Fixed mm/slub to return errno if kmalloc() fails (bsc#1223498). - CVE-2022-48658: Fixed mm/slub to avoid a problem in flush_cpu_slab()/__free_slab() task context (bsc#1223496). - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513). - CVE-2022-48642: Fixed netfilter/nf_tables percpu memory leak at nf_tables_addchain() (bsc#1223478). - CVE-2022-48640: Fixed bonding for possible NULL pointer dereference in bond_rr_gen_slave_id (bsc#1223499). - CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475). - CVE-2021-47214: Fixed hugetlb/userfaultfd during restore reservation in hugetlb_mcopy_atomic_pte() (bsc#1222710). - CVE-2021-47211: Fixed a null pointer dereference on pointer cs_desc in usb-audio (bsc#1222869). - CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790). - CVE-2021-47205: Unregistered clocks/resets when unbinding in sunxi-ng (bsc#1222888). - CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878) - CVE-2021-47200: Fixed drm/prime for possible use-after-free in mmap within drm_gem_ttm_mmap() and drm_gem_ttm_mmap() (bsc#1222838). - CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832). - CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706). - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669). - CVE-2021-47184: Fixed NULL pointer dereference on VSI filter sync (bsc#1222666). - CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664). - CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662). - CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660). The following non-security bugs were fixed: - ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter (stable-fixes). - ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC (stable-fixes). - ALSA: hda/realtek - Fix inactive headset mic jack (stable-fixes). - ALSA: hda/realtek: Add quirk for HP SnowWhite laptops (stable-fixes). - ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU (stable-fixes). - ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() (git-fixes). - ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support (stable-fixes). - ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support (stable-fixes). - ALSA: scarlett2: Add correct product series name to messages (stable-fixes). - ALSA: scarlett2: Add support for Clarett 8Pre USB (stable-fixes). - ALSA: scarlett2: Default mixer driver to enabled (stable-fixes). - ALSA: scarlett2: Move USB IDs out from device_info struct (stable-fixes). - ASoC: meson: axg-card: make links nonatomic (git-fixes). - ASoC: meson: axg-tdm-interface: manage formatters in trigger (git-fixes). - ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes). - ASoC: soc-core.c: Skip dummy codec when adding platforms (stable-fixes). - ASoC: tegra: Fix DSPK 16-bit playback (git-fixes). - ASoC: ti: davinci-mcasp: Fix race condition during probe (git-fixes). - Bluetooth: Add new quirk for broken read key length on ATS2851 (git-fixes). - Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes). - Bluetooth: Fix memory leak in hci_req_sync_complete() (git-fixes). - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() (stable-fixes). - Bluetooth: L2CAP: Fix not validating setsockopt user input (git-fixes). - Bluetooth: RFCOMM: Fix not validating setsockopt user input (git-fixes). - Bluetooth: SCO: Fix not validating setsockopt user input (git-fixes). - Bluetooth: add quirk for broken address properties (git-fixes). - Bluetooth: btintel: Fix null ptr deref in btintel_read_version (stable-fixes). - Bluetooth: btintel: Fixe build regression (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 (stable-fixes). - Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE (git-fixes). - Bluetooth: hci_event: set the conn encrypted before conn establishes (stable-fixes). - Bluetooth: hci_sock: Fix not validating setsockopt user input (git-fixes). - Bluetooth: qca: fix NULL-deref on non-serdev suspend (git-fixes). - Documentation: Add missing documentation for EXPORT_OP flags (stable-fixes). - HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (git-fixes). - HID: logitech-dj: allow mice to use all types of reports (git-fixes). - HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running (stable-fixes). - Input: allocate keycode for Display refresh rate toggle (stable-fixes). - Input: synaptics-rmi4 - fail probing if memory allocation for 'phys' fails (stable-fixes). - NFC: trf7970a: disable all regulators on removal (git-fixes). - NFS: avoid spurious warning of lost lock that is being unlocked (bsc#1221791). - PCI/AER: Block runtime suspend when handling errors (git-fixes). - PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports (git-fixes). - PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports (git-fixes). - PCI/DPC: Quirk PIO log size for certain Intel Root Ports (git-fixes). - PCI/PM: Drain runtime-idle callbacks before driver removal (git-fixes). - PCI: Drop pci_device_remove() test of pci_dev->driver (git-fixes). - PCI: rpaphp: Error out on busy status from get-sensor-state (bsc#1223369 ltc#205888). - RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). - RDMA/cm: Print the old state when cm_destroy_id gets timeout (git-fixes). - RDMA/cm: add timeout to cm_destroy_id wait (git-fixes) - README.BRANCH: Correct email address for Petr Tesarik - README.BRANCH: Remove copy of branch name - Reapply 'drm/qxl: simplify qxl_fence_wait' (stable-fixes). - Revert 'ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default' (stable-fixes). - Revert 'drm/qxl: simplify qxl_fence_wait' (git-fixes). - Revert 'ice: Fix ice VF reset during iavf initialization (jsc#PED-376).' (bsc#1223275) - Revert 'usb: cdc-wdm: close race between read and workqueue' (git-fixes). - Revert 'usb: phy: generic: Get the vbus supply' (git-fixes). - USB: UAS: return ENODEV when submit urbs fail with device not attached (stable-fixes). - USB: serial: add device ID for VeriFone adapter (stable-fixes). - USB: serial: cp210x: add ID for MGP Instruments PDS100 (stable-fixes). - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M (stable-fixes). - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB (stable-fixes). - USB: serial: option: add Fibocom FM135-GL variants (stable-fixes). - USB: serial: option: add Lonsung U8300/U9300 product (stable-fixes). - USB: serial: option: add MeiG Smart SLM320 product (stable-fixes). - USB: serial: option: add Rolling RW101-GL and RW135-GL support (stable-fixes). - USB: serial: option: add Telit FN920C04 rmnet compositions (stable-fixes). - USB: serial: option: add support for Fibocom FM650/FG650 (stable-fixes). - USB: serial: option: support Quectel EM060K sub-models (stable-fixes). - ahci: asm1064: asm1166: do not limit reported ports (git-fixes). - ahci: asm1064: correct count of reported ports (stable-fixes). - arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes) - arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes) - arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes) - arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes) - arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git-fixes) - arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes) - arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes) - arm64: hibernate: Fix level3 translation fault in swsusp_save() (git-fixes). - ax25: fix use-after-free bugs caused by ax25_ds_del_timer (git-fixes). - batman-adv: Avoid infinite loop trying to resize local TT (git-fixes). - bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes). - bcache: Remove dead references to cache_readaheads (git-fixes). - bcache: Remove unnecessary NULL point check in node allocations (git-fixes). - bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes). - bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes). - bcache: avoid oversize memory allocation by small stripe_size (git-fixes). - bcache: bset: Fix comment typos (git-fixes). - bcache: check return value from btree_node_alloc_replacement() (git-fixes). - bcache: fix NULL pointer reference in cached_dev_detach_finish (git-fixes). - bcache: fix error info in register_bcache() (git-fixes). - bcache: fixup bcache_dev_sectors_dirty_add() multithreaded CPU false sharing (git-fixes). - bcache: fixup btree_cache_wait list damage (git-fixes). - bcache: fixup init dirty data errors (git-fixes). - bcache: fixup lock c->root error (git-fixes). - bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes). - bcache: move calc_cached_dev_sectors to proper place on backing device detach (git-fixes). - bcache: move uapi header bcache.h to bcache code directory (git-fixes). - bcache: prevent potential division by zero error (git-fixes). - bcache: remove EXPERIMENTAL for Kconfig option 'Asynchronous device registration' (git-fixes). - bcache: remove redundant assignment to variable cur_idx (git-fixes). - bcache: remove the backing_dev_name field from struct cached_dev (git-fixes). - bcache: remove the cache_dev_name field from struct cache (git-fixes). - bcache: remove unnecessary flush_workqueue (git-fixes). - bcache: remove unused bch_mark_cache_readahead function def in stats.h (git-fixes). - bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes). - bcache: replace snprintf in show functions with sysfs_emit (git-fixes). - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes). - bcache: use bvec_kmap_local in bch_data_verify (git-fixes). - bcache: use bvec_kmap_local in bio_csum (git-fixes). - bcache: use default_groups in kobj_type (git-fixes). - bcache:: fix repeated words in comments (git-fixes). - ceph: stop copying to iter at EOF on sync reads (bsc#1223068). - ceph: switch to corrected encoding of max_xattr_size in mdsmap (bsc#1223067). - clk: Get runtime PM before walking tree during disable_unused (git-fixes). - clk: Initialize struct clk_core kref earlier (stable-fixes). - clk: Mark 'all_lists' as const (stable-fixes). - clk: Print an info line before disabling unused clocks (stable-fixes). - clk: Remove prepare_lock hold assertion in __clk_release() (git-fixes). - clk: remove extra empty line (stable-fixes). - comedi: vmk80xx: fix incomplete endpoint checking (git-fixes). - dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes). - dm cache: add cond_resched() to various workqueue loops (git-fixes). - dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes). - dm crypt: add cond_resched() to dmcrypt_write() (git-fixes). - dm crypt: avoid accessing uninitialized tasklet (git-fixes). - dm flakey: do not corrupt the zero page (git-fixes). - dm flakey: fix a bug with 32-bit highmem systems (git-fixes). - dm flakey: fix a crash with invalid table line (git-fixes). - dm flakey: fix logic when corrupting a bio (git-fixes). - dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes). - dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes). - dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes). - dm raid: fix false positive for requeue needed during reshape (git-fixes). - dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes). - dm stats: check for and propagate alloc_percpu failure (git-fixes). - dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes). - dm thin metadata: check fail_io before using data_sm (git-fixes). - dm thin: add cond_resched() to various workqueue loops (git-fixes). - dm thin: fix deadlock when swapping to thin device (bsc#1177529). - dm verity: do not perform FEC for failed readahead IO (git-fixes). - dm verity: fix error handling for check_at_most_once on FEC (git-fixes). - dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes). - dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes). - dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes). - dm-raid: fix lockdep waring in 'pers->hot_add_disk' (git-fixes). - dm-verity, dm-crypt: align 'struct bvec_iter' correctly (git-fixes). - dm-verity: align struct dm_verity_fec_io properly (git-fixes). - dm: add cond_resched() to dm_wq_work() (git-fixes). - dm: call the resume method on internal suspend (git-fixes). - dm: do not lock fs when the map is NULL during suspend or resume (git-fixes). - dm: do not lock fs when the map is NULL in process of resume (git-fixes). - dm: remove flush_scheduled_work() during local_exit() (git-fixes). - dm: send just one event on resize, not two (git-fixes). - dma: xilinx_dpdma: Fix locking (git-fixes). - dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (git-fixes). - dmaengine: owl: fix register access functions (git-fixes). - dmaengine: tegra186: Fix residual calculation (git-fixes). - docs: Document the FAN_FS_ERROR event (stable-fixes). - drm-print: add drm_dbg_driver to improve namespace symmetry (stable-fixes). - drm/amd/display: Do not recursively call manual trigger programming (stable-fixes). - drm/amd/display: Fix nanosec stat overflow (stable-fixes). - drm/amd/display: fix disable otg wa logic in DCN316 (stable-fixes). - drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 (stable-fixes). - drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 (stable-fixes). - drm/amdgpu: Fix leak when GPU memory allocation fails (stable-fixes). - drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes). - drm/amdgpu: always force full reset for SOC21 (stable-fixes). - drm/amdgpu: fix incorrect active rb bitmap for gfx11 (stable-fixes). - drm/amdgpu: fix incorrect number of active RBs for gfx11 (stable-fixes). - drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 (git-fixes). - drm/amdgpu: validate the parameters of bo mapping operations more clearly (git-fixes). - drm/amdkfd: Reset GPU on queue preemption failure (stable-fixes). - drm/ast: Fix soft lockup (git-fixes). - drm/client: Fully protect modes[] with dev->mode_config.mutex (stable-fixes). - drm/i915/cdclk: Fix CDCLK programming order when pipes are active (git-fixes). - drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes). - drm/i915: Disable port sync when bigjoiner is used (stable-fixes). - drm/msm/dp: fix typo in dp_display_handle_port_status_changed() (git-fixes). - drm/nouveau/nvkm: add a replacement for nvkm_notify (bsc#1223834) - drm/panel: ili9341: Respect deferred probe (git-fixes). - drm/panel: ili9341: Use predefined error codes (git-fixes). - drm/panel: visionox-rm69299: do not unregister DSI device (git-fixes). - drm/vc4: do not check if plane->state->fb == state->fb (stable-fixes). - drm/vmwgfx: Enable DMA mappings with SEV (git-fixes). - drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes). - drm/vmwgfx: Fix invalid reads in fence signaled events (git-fixes). - drm/vmwgfx: Sort primary plane formats by order of preference (git-fixes). - drm: nv04: Fix out of bounds access (git-fixes). - drm: panel-orientation-quirks: Add quirk for GPD Win Mini (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go (stable-fixes). - dump_stack: Do not get cpu_sync for panic CPU (bsc#1223574). - fbdev: fix incorrect address computation in deferred IO (git-fixes). - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 (stable-fixes). - fbmon: prevent division by zero in fb_videomode_from_videomode() (stable-fixes). - fix build warning - fuse: do not unhash root (bsc#1223951). - fuse: fix root lookup with nonzero generation (bsc#1223950). - hwmon: (amc6821) add of_match table (stable-fixes). - i2c: pxa: hide unused icr_bits[] variable (git-fixes). - i2c: smbus: fix NULL function pointer dereference (git-fixes). - i40e: Fix VF MAC filter removal (git-fixes). - idma64: Do not try to serve interrupts when device is powered off (git-fixes). - iio: accel: mxc4005: Interrupt handling fixes (git-fixes). - iio:imu: adis16475: Fix sync mode setting (git-fixes). - init/main.c: Fix potential static_command_line memory overflow (git-fixes). - iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter (git-fixes). - iommu/amd: Do not block updates to GATag if guest mode is on (git-fixes). - iommu/amd: Fix 'Guest Virtual APIC Table Root Pointer' configuration in IRTE (git-fixes). - iommu/amd: Fix domain flush size when syncing iotlb (git-fixes). - iommu/amd: Fix error handling for pdev_pri_ats_enable() (git-fixes). - iommu/arm-smmu-qcom: Limit the SMR groups to 128 (git-fixes). - iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any (git-fixes). - iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982 (git-fixes). - iommu/fsl: fix all kernel-doc warnings in fsl_pamu.c (git-fixes). - iommu/iova: Fix alloc iova overflows issue (git-fixes). - iommu/mediatek: Flush IOTLB completely only if domain has been attached (git-fixes). - iommu/rockchip: Fix unwind goto issue (git-fixes). - iommu/sprd: Release dma buffer to avoid memory leak (git-fixes). - iommu/vt-d: Allocate local memory for page request queue (git-fixes). - iommu/vt-d: Allow zero SAGAW if second-stage not supported (git-fixes). - iommu/vt-d: Fix error handling in sva enable/disable paths (git-fixes). - iommu: Fix error unwind in iommu_group_alloc() (git-fixes). - ipv6/addrconf: fix a potential refcount underflow for idev (git-fixes). - kABI: Adjust trace_iterator.wait_index (git-fixes). - kprobes: Fix double free of kretprobe_holder (bsc#1220901). - kprobes: Fix possible use-after-free issue on kprobe registration (git-fixes). - libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (git-fixes). - libnvdimm/region: Allow setting align attribute on regions without mappings (git-fixes). - livepatch: Fix missing newline character in klp_resolve_symbols() (bsc#1223539). - md/raid1: fix choose next idle in read_balance() (git-fixes). - md: Do not clear MD_CLOSING when the raid is about to stop (git-fixes). - md: do not clear MD_RECOVERY_FROZEN for new dm-raid until resume (git-fixes). - media: cec: core: remove length check of Timer Status (stable-fixes). - media: sta2x11: fix irq handler cast (stable-fixes). - mei: me: add arrow lake point H DID (stable-fixes). - mei: me: add arrow lake point S DID (stable-fixes). - mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes). - mm/vmscan: make sure wakeup_kswapd with managed zone (bsc#1223473). - mmc: sdhci-msm: pervent access to suspended controller (git-fixes). - mtd: diskonchip: work around ubsan link failure (stable-fixes). - nd_btt: Make BTT lanes preemptible (git-fixes). - net: bridge: vlan: fix memory leak in __allowed_ingress (git-fixes). - net: fix a memleak when uncloning an skb dst and its metadata (git-fixes). - net: fix skb leak in __skb_tstamp_tx() (git-fixes). - net: ipv6: ensure we call ipv6_mc_down() at most once (git-fixes). - net: mld: fix reference count leak in mld_{query | report}_work() (git-fixes). - net: stream: purge sk_error_queue in sk_stream_kill_queues() (git-fixes). - net: usb: ax88179_178a: avoid the interface always configured as random address (git-fixes). - net: usb: ax88179_178a: avoid writing the mac address before first reading (git-fixes). - net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes). - net: vlan: fix underflow for the real_dev refcnt (git-fixes). - netfilter: br_netfilter: Drop dst references before setting (git-fixes). - netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() (git-fixes). - netfilter: nft_ct: fix l3num expectations with inet pseudo family (git-fixes). - nfsd: Fixed mount issue with KOTD (bsc#1223380 bsc#1217408 bsc#1223640). - nfsd: use __fput_sync() to avoid delayed closing of files (bsc#1223380 bsc#1217408). - nilfs2: fix OOB in nilfs_set_de_type (git-fixes). - nilfs2: fix OOB in nilfs_set_de_type (git-fixes). - nouveau: fix function cast warning (git-fixes). - nouveau: fix instmem race condition around ptr stores (git-fixes). - nvdimm/namespace: drop nested variable in create_namespace_pmem() (git-fixes). - nvdimm: Allow overwrite in the presence of disabled dimms (git-fixes). - nvdimm: Fix badblocks clear off-by-one error (git-fixes). - nvdimm: Fix dereference after free in register_nvdimm_pmu() (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu() (git-fixes). - pci_iounmap(): Fix MMIO mapping leak (git-fixes). - phy: tegra: xusb: Add API to retrieve the port number of phy (stable-fixes). - pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs (stable-fixes). - platform/x86: intel-vbtn: Update tablet mode switch at end of probe (git-fixes). - platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet (stable-fixes). - powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191). - powerpc/pseries/iommu: LPAR panics when rebooted with a frozen PE (bsc#1222011 ltc#205900). - powerpc/rtas: define pr_fmt and convert printk call sites (bsc#1223369 ltc#205888). - powerpc/rtas: export rtas_error_rc() for reuse (bsc#1223369 ltc#205888). - powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191). - powerpc: Refactor verification of MSR_RI (bsc#1223191). - printk: Add this_cpu_in_panic() (bsc#1223574). - printk: Adjust mapping for 32bit seq macros (bsc#1223574). - printk: Avoid non-panic CPUs writing to ringbuffer (bsc#1223574). - printk: Disable passing console lock owner completely during panic() (bsc#1223574). - printk: Drop console_sem during panic (bsc#1223574). - printk: Rename abandon_console_lock_in_panic() to other_cpu_in_panic() (bsc#1223574). - printk: Use prb_first_seq() as base for 32bit seq macros (bsc#1223574). - printk: Wait for all reserved records with pr_flush() (bsc#1223574). - printk: nbcon: Relocate 32bit seq macros (bsc#1223574). - printk: ringbuffer: Clarify special lpos values (bsc#1223574). - printk: ringbuffer: Cleanup reader terminology (bsc#1223574). - printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() (bsc#1223574). - printk: ringbuffer: Improve prb_next_seq() performance (bsc#1223574). - printk: ringbuffer: Skip non-finalized records in panic (bsc#1223574). - pstore/zone: Add a null pointer check to the psz_kmsg_read (stable-fixes). - ring-buffer: Do not set shortest_full when full target is hit (git-fixes). - ring-buffer: Fix full_waiters_pending in poll (git-fixes). - ring-buffer: Fix resetting of shortest_full (git-fixes). - ring-buffer: Fix waking up ring buffer readers (git-fixes). - ring-buffer: Make wake once of ring_buffer_wait() more robust (git-fixes). - ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() (git-fixes). - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment (git-fixes). - s390/cio: Ensure the copied buf is NUL terminated (git-fixes bsc#1223875). - s390/decompressor: fix misaligned symbol build error (git-fixes bsc#1223785). - s390/mm: Fix clearing storage keys for huge pages (git-fixes bsc#1223877). - s390/mm: Fix storage key clearing for guest huge pages (git-fixes bsc#1223878). - s390/qeth: Fix kernel panic after setting hsuid (git-fixes bsc#1223879). - s390/scm: fix virtual vs physical address confusion (git-fixes bsc#1223784). - s390/vdso: Add CFI for RA register to asm macro vdso_func (git-fixes bsc#1223876). - s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223598). - s390/zcrypt: fix reference counting on zcrypt card objects (git-fixes bsc#1223595). - s390: Fixed LPM of lpar failure with error HSCLA2CF in 19th loops (jsc#PED-542 git-fixes bsc#1213573 ltc#203238). - s390: Fixed kernel backtrack (bsc#1141539 git-fixes). - serial/pmac_zilog: Remove flawed mitigation for rx irq flood (git-fixes). - serial: core: Provide port lock wrappers (stable-fixes). - serial: core: fix kernel-doc for uart_port_unlock_irqrestore() (git-fixes). - serial: mxs-auart: add spinlock around changing cts state (git-fixes). - slimbus: qcom-ngd-ctrl: Add timeout for wait operation (git-fixes). - speakup: Avoid crash on very long word (git-fixes). - speakup: Fix 8bit characters from direct synth (git-fixes). - tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp (git-fixes). - thunderbolt: Avoid notify PM core about runtime PM resume (stable-fixes). - thunderbolt: Fix wake configurations after device unplug (stable-fixes). - tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string (git-fixes). - tracing/ring-buffer: Fix wait_on_pipe() race (git-fixes). - tracing: Have saved_cmdlines arrays all in one allocation (git-fixes). - tracing: Remove precision vsnprintf() check from print event (git-fixes). - tracing: Show size of requested perf buffer (git-fixes). - tracing: Use .flush() call to wake up readers (git-fixes). - usb: Disable USB3 LPM at shutdown (stable-fixes). - usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device (git-fixes). - usb: dwc2: host: Fix dereference issue in DDMA completion flow (git-fixes). - usb: gadget: composite: fix OS descriptors w_value logic (git-fixes). - usb: gadget: f_fs: Fix a race condition when processing setup packets (git-fixes). - usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error (stable-fixes). - usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic (git-fixes). - usb: ohci: Prevent missed ohci interrupts (git-fixes). - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined (stable-fixes). - usb: typec: tcpci: add generic tcpci fallback compatible (stable-fixes). - usb: typec: tcpm: Check for port partner validity before consuming it (git-fixes). - usb: typec: tcpm: unregister existing source caps before re-registration (bsc#1220569). - usb: typec: ucsi: Ack unsupported commands (stable-fixes). - usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset (stable-fixes). - usb: typec: ucsi: Fix connector check on init (git-fixes). - usb: udc: remove warning when queue disabled ep (stable-fixes). - vdpa/mlx5: Allow CVQ size changes (git-fixes). - virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal (bsc#1223949). - wifi: ath9k: fix LNA selection in ath_ant_try_scan() (stable-fixes). - wifi: iwlwifi: mvm: remove old PASN station when adding a new one (git-fixes). - wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd (git-fixes). - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (stable-fixes). - wifi: nl80211: do not free NULL coalescing rule (git-fixes). - x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git-fixes). - x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type (jsc#PED-7167 git-fixes). - x86/sev: Skip ROM range scans and validation for SEV-SNP guests (jsc#PED-7167 git-fixes). - x86/xen: Add some null pointer checking to smp.c (git-fixes). - x86/xen: add CPU dependencies for 32-bit build (git-fixes). - x86/xen: fix percpu vcpu_info allocation (git-fixes). - xen-netback: properly sync TX responses (git-fixes). - xen-netfront: Add missing skb_mark_for_recycle (git-fixes). - xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import (git-fixes). - xen/xenbus: document will_handle argument for xenbus_watch_path() (git-fixes). - xfrm6: fix inet6_dev refcount underflow problem (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1769-1 Released: Thu May 23 16:26:19 2024 Summary: Recommended update for SLE-Micro, SLE-Micro-base, SLE-Micro-kvm, SLE-Micro-rt, build-iso, build-iso-base, elemental, elemental-channel-image, elemental-channel1.5-image, elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, elemental-rt-channel-image, elemental-rt-channel1.5-image, elemental-toolkit, operator-image1.5, seedimage-builder, seedimage-builder1.5, systemd-presets-branding-SLE-Micro-for-Rancher Type: recommended Severity: important References: 1218560 This update for SLE-Micro, SLE-Micro-base, SLE-Micro-kvm, SLE-Micro-rt, build-iso, build-iso-base, elemental, elemental-channel-image, elemental-channel1.5-image, elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, elemental-rt-channel-image, elemental-rt-channel1.5-image, elemental-toolkit, operator-image1.5, seedimage-builder, seedimage-builder1.5, systemd-presets-branding-SLE-Micro-for-Rancher fixes the following issues: Changes in SLE-Micro: - Update to version 2.0.4: * [v2.0.x] Hostname backports (#1371) * Fix kvm and rt dockerfile arguments * Make sure no variables in /etc/os-release are duplicated * Fix endless reboot on FORCE upgrades (v2.0.x backport) (#1258) Changes in SLE-Micro-base: - Update to version 2.0.4: * [v2.0.x] Hostname backports (#1371) * Fix kvm and rt dockerfile arguments * Make sure no variables in /etc/os-release are duplicated - Update to version 2.0.3: * Fix endless reboot on FORCE upgrades (v2.0.x backport) (#1258) Changes in SLE-Micro-kvm: - Update to version 2.0.4: * [v2.0.x] Hostname backports (#1371) * Fix kvm and rt dockerfile arguments * Make sure no variables in /etc/os-release are duplicated - Update to version 2.0.3: * Fix endless reboot on FORCE upgrades (v2.0.x backport) (#1258) Changes in SLE-Micro-rt: - Update to version 2.0.4: * [v2.0.x] Hostname backports (#1371) * Fix kvm and rt dockerfile arguments * Make sure no variables in /etc/os-release are duplicated - Update to version 2.0.3: * Fix endless reboot on FORCE upgrades (v2.0.x backport) (#1258) Changes in build-iso: - Update to version 2.0.4: * Fix kvm and rt dockerfile arguments * Make sure no variables in /etc/os-release are duplicated - Update to version 2.0.3 Changes in build-iso-base: - Update to version 2.0.4: * Fix kvm and rt dockerfile arguments * Make sure no variables in /etc/os-release are duplicated - Update to version 2.0.3 Changes in elemental: - Update to version 2.0.4: * [v2.0.x] Hostname backports (#1371) * Fix kvm and rt dockerfile arguments * Make sure no variables in /etc/os-release are duplicated - Update to version 2.0.3: * Fix endless reboot on FORCE upgrades (v2.0.x backport) (#1258) Changes in elemental-channel-image: - Adapt Dockerfile to pull explicitly elemental-register instead of the newer 1.5 version of it - Add v2.0.2 image to channel Changes in elemental-channel1.5-image: - Add v2.0.2 image to channel - Remove `for Rancher` suffix - Channel adapted to 'suse/sle-micro' images Changes in elemental-operator1.5: - Update to version 1.5.1: * Repurpose v1.5.x branch for SLE Micro 5.5 * Micro rename (#684) * elemental-operator registration cleanups (#689) * Sanitize elemental-operator dependencies (#690) * github actions: add airgap script test * [Airgap] minor: fix debug message * [Airgap] add script tests * Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 * Bump docker/login-action from 3.0.0 to 3.1.0 * Bump docker/build-push-action from 5.2.0 to 5.3.0 * Add extension to seedimage url (#682) * registration: allow dots in machineInventory names * registration: decouple replacing data-labels from sanitizing strings * registration: move sanitize code in sanitizeString() * Fix ManagedOSImage cloudConfig (#671) * New name is elemental-rootfs * Use /run/elemental and elemental- services (#675) * Update github.com/golang/protobuf * Run make vendor * Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 * Bump docker/build-push-action from 5.1.0 to 5.2.0 * [Airgap] fix channel.json extraction (#669) * [Airgap] fix 'channel.image'/'channel.repository' value in 'next steps' (#665) * Align DrainSpec to system-upgrade-controller defaults (#668) * operator/Dockerfile: tag IMAGE_REPO with :latest * seedimage: add tag to IMG_REPO * Dockerfile: SLE_VERSION -> SLEMICRO_VERSION * operator: switch to toolbox for ALP * seedimage: switch labelprefix to com.suse.elemental * seedimage: Switch to toolbox for ALP * Drain nodes by default on upgrade (#660) * [Airgap] fix missing return code value * [Airgap] Use bash test syntax * [Airgap] make the script work with both legacy and newer charts * [Airgap] fix the airgap script - Update to version 1.5.0: * Enable ManagedOSImage updates (#658) * Review omitempty flag on API json converter * charts: backport changes from Rancher Marketplace chart (#652) * Make snapshotter configurable (#651) * [Airgap] fix the airgap script (#654) * Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 * [Airgap] add support to Hauler in the airgap script (#647) * Fix channel synchronization * Bump docker/metadata-action from 4.1.1 to 5.5.1 * Requeue reconcile loop for ongoing synchronizations * elemental-register: collect OS data for MachineInventories annotations (#642) * Bump go to 1.22 (#643) * Make channel sync more robust (#638) * Makefile/setup-full-cluster: build seedimage-builder image too (#639) * Makefile: fix commit date for local builds (#631) * Requeue after 1 second in case of failures * Recover on syncer pod creation failures * Bump docker/build-push-action from 3.2.0 to 5.1.0 * Bump docker/setup-buildx-action from 2.2.1 to 3.0.0 * Bump golangci/golangci-lint-action from 3 to 4 * Bump github/codeql-action from 2 to 3 * Update system-upgrade-controller test version (#630) * Add dev baseimage build (#619) * Test against k8s v1.27, rancher v2.8.2, and upgrade all test dependendencies (#628) * Use go 1.20 * Use rancher/yip v1.4.10 * Use go.mod ginkgo version * SeedImage builder arguments in wrong order * Use newer xorriso (#624) * Bump codecov/codecov-action from 3 to 4 * Bump docker/login-action from 2.1.0 to 3.0.0 * Bump actions/dependency-review-action from 2 to 4 * Update actions/labeler config * Make linter happy * Bump actions/labeler from 4 to 5 * README: drop legacy docs (#616) * Add dependabot config for actions * Bump github actions * Do not adopt machineinventories undergoing deletion/reset (#605) * Update seedimage build-disk command * Fix inversed reset options (#604) * Print system architecture (#603) * hostname: set the hostname on the newer location too * Charts/Makefile: fix default OS channel repo name (#594) * Add hostname to system-data * Add elemental-seedimage-hooks package (#592) * Restrict package arch to x86_64 and aarch64 * Update copyright year (2024) * Update copyright year (2024) * Change raw SeedImage deploy-command * Add target platform validation test * Add kubebuilder example and validation * Add TargetPlatform to SeedImageSpec * Fix default values in questions.yaml file * Bump golang.org/x/crypto to 0.17.0 * Add disable-boot-entry flag to reset command * Always pull channel image on channel sync * Fix channel sync bug * Avoid repeating package name in summary * Make summary start with a capital letter * Unify all chart files under .obs/charfile * Add warning if both device and device-selector set * Add grub package to seedimage built in OBS (#568) * Fix device-selector logic (#571) * Add missing questions.yaml file * Implement picking dynamic installation device (#561) * Build raw disk images in SeedImage (#557) * charts: fix annotations (#566) * ci: fix SeedImage builder used image * Bump github.com/docker/docker from 20.10.24+incompatible to 24.0.7+incompatible (#560) * Update google.golang.org/grpc to v1.56.3 * Keep old output-name * Add slem4r images in channel (#544) * Bring your own SeedImage builder (#542) - Update to version 1.4.3: * registration: allow dots in machineInventory names * registration: decouple replacing data-labels from sanitizing strings * registration: move sanitize code in sanitizeString() * V1.4.x fix channel synchronization (#683) * linter: fix copyright dates * Make linter happy - Update to version 1.4.2: * Fix inversed reset options (#604) * Add hostname to system-data * Fix default values in questions.yaml file - ExclusiveArch x86_64 and aarch64 (bsc#1218560) - Update to version 1.4.1 * Always pull channel image on channel sync * Fix channel sync bug * Avoid repeating package name in summary * Make summary start with a capital letter - Update to version 1.4.0+git20231129.c7f1dc1: * Add slem4r images in channel (#544) * Unify all chart files under .obs/charfile - Update to version 1.4.0+git20231127.55a37d4: * Add warning if both device and device-selector set * Fix device-selector logic (#571) * Implement picking dynamic installation device (#561) * Add missing questions.yaml file * charts: fix annotations (#566) * Make sure to not overlap with the already existing channel and use RT for tests * Remove use of images from quay.io * Prevent installing if previous CRDs are pending to be removed * elemental-airgap: allow to just create the channel (#548) * bump go to 1.20 or later * Bump dependencies (#540) * ci: bump k8s and Rancher Manager versions * Use helm/kind-action to install kind * ci: fix action versions used * Disable local plan for elemental-system-agent * Improve error management * Patch already existing versions on channel sync * Improve update events filtering to actually ignore status updates * Add some improvements * Run all syncers in a pod * Fix e2e workflow * elemental-airgap: fix skipping http/https URLs * Use the proper format for command arguments * Prevent recalling bootstrap.sh on 'systemctl restart elemental-system-agent' * elemental-airgap: fix automatic image channel name (#521) * register: add no-toolkit unit tests * register: add os.unmanaged inventory annotation * register: add no-toolkit option * make verify: stay on mockgen v0.2.0 (#523) * elemental-airgap: add support to OS images (#518) * Small refactor to centralize registration config checks * Ensure Elemental registration data includes the registration URL * Remove --debug flag from helm pull * Attempt to use charts from PR project in e2e tests * Publish OBS charts to gh-pages * elemental-airgap: allow to pass dev | staging | stable as argument * elemental-airgap: pick the operator chart as an argument * elemental-airgap: add script to help airgap deployment * Apply a regex on tags to match the same criteria as in OBS * Charts: fix OBS build * Publish all OBS repositories on PRs * Fix repository url * Charts: always use camelCase for values (#507) * Revert not-needed marker fix * Set default spec.config.elemental.reset block for MachineRegistration * Use elemental-register-reset service (#502) * Use OBS PR builds for the e2e tests * Build and publish charts for OBS/IBS artifacts in gh-pages - Update to version 1.3.2+git20230824.c90c1c8: * Disable service triggers on staging (#498) * Add CAPI cluster role to helm chart (#500) * Charts: sync OBS charts * tests: fix e2e workflow * tests: fix chart workflow * Makefile: add the REGISTRY_URL var * Charts: add registry templating for custom airgap * Charts: add README * Charts: enforce templating on the channel resource * Charts: update rancher annotations * Bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible (#442) * Fixed a typo in the version string for elemental-teal-channel in helm chart (#495) * Implement remote machines reset (#489) * Remove custom default config-dir on installation media * Remove SLE Micro reference from elemental-operator images * Include crds chart in OBS workflow * Update OBS workflow to the new project setup * Make SLE Micro version from image references dynamic (#480) * Recreate service account token secret if missing * Adds ca-certificates and ca-certificates-mozilla in operator image * Adapt .spec file to non-SUSE distributions (#482) * Improve re-registration (#479) * Do not make use of ServiceAccount.Secrets list * Fix elemental managed label value to match backup operator expectations * Make explicit elemental-operator image is under l3 support * Add CONTRIBUTING.md (#472) * Handle mkdir error * Create registration config directory if not exist * Persist registration state * Omit confusing debug message * Fix error formatting * Handle MsgUpdate response on client side * Remove unnecessary MsgUpdate payload. Rely on authentication data instead * Handle sendUpdate error * Do not terminate serveLoop on MsgUpdate * - Check protocol version before sending MsgUpdate - Use MsgUpdate to notify registration update only * Charts: add a new chart to host the pre-hook migration template * Charts: add template checking crds installation * Prevent registration update if MachineInventory is not found * Do not retry registration when on installed system and using randomized TPM seed * Do not retry registration when not on live system * Check for live registration config when no arguments passed * operator: copy cloud-config file not its link (#468) * Update README installation section (#465) * SeedImage: manage updates of builder Pod under deletion * SeedImage: add ResourcesNotCreatedYet Ready condition * SeedImage: reset download URL on Pod deletion * SeedImage: allow the controller full control on configmaps * SeedImage: isolate all the config map logic in a separate function * SeedImage: on retriggerBuild delete owned SeedImage resources * SeedImage: drop redundant set of retriggerBuild * The job was missing a templated name for the serviceaccount to be fully consistent * Update charts/crds/Chart.yaml * Update .obs/chartfile/crds/Chart.yaml * Add upgrade hook * Include channel as part of the installation * Adapt tests and Makefile * Split chart into crds chart and operator chart * websocket/trivial: messages: annotate version of introduction * register client: make linter happy * register client: annotate auth method used for registration * register client: rework getHostMacAddr() * register client: add 'mac' and 'sys-uuid' Plain Auth * register client: set TPM as default authentication method * operator: enable plain auth * operator: add plain auth * elemental api: add fields to support plain authentication * Bump rancher and k8s for e2e tests (#449) * OBS PR workflow: set the right project to disable images repo * Fix OBS PR workflow * goreleaser: fix releases CI (#444) * Chart: add logo and Rancher display-name annotation (#440) * Add channel hook-failed delete policy * Include display name field on ManagedOSVersions * Add ISO type in ManagedOSVersions * SeedImage: add to the github release workflow * Fix template * Include elemental-teal-channel by default on chart install * Merge default command and image in containersSpec * Add tests for containerized base ISO and utilities * Pull iso as a container * SeedImage extended API: drop debug log * SeedImage: extended api doesn't expect the iso name anymore * SeedImage: inject MachineRegistration and date in the built iso name * httpfy: allow to serve single file * SeedImage: pass whole SeedImage reference to fillBuildImagePod * SeedImage: add more seedimage_controller tests * Utils: generalize IsPodOwned func to IsObecjtOwned() and add tests * SeedImage: make the linter happy... * SeedImage: controller logic for the pod cleanup/retrigger * SeedImage: add image timeout and retrigger fields * httpfy: add timeout parameter * Use config map in seedimage pod (#423) * SeedImage: check OwnerReference in controller tests * SeedImage: retrieve MachineRegistration just once * SeedImage: set OwnerReferences * Add seedimage-builder into the OBS workflow * Feat: add CODEOWNERS * OBS: build ssl default certificates in SeedImage build image * Update default values file in OBS * SeedImage: set build image PullPolicy from the operator chart * unit-tests: cover MAC and Used Memory in labels test * unit-tests/trivial: move server.go test to the new server_test.go file * OBS: use SeedImage build image from OBS for the chart * Bump github.com/docker/docker from 20.10.22+incompatible to 20.10.24+incompatible (#410) * Update to go 1.19 (#408) * SeedImage: add Dockerfile for OBS build * httpfy: support automated building * Build elemental-operator image from scratch * Prevent a nil pointer dereference panic error * Fix event filters * Prevent retriggering a reconcile on ownership setup * Do not start error messages with capital letters * Extend unit tests for inventory and selector resources * Adapt unit tests to new condition states * Selector and inventory cleanup * Ensure optimistic locking is set on machine selectors * Adapt info and debug logging for the inventory and selector controllers * Read machine inventory only once on selector reconcile * Sets a validation process for Machine Inventory adoption * Enble cache for MachineInventorySelector resources * SeedImage: update OBS build recipes * SeedImage: busybox base64 decodes with -d only * SeedImage: pass the build image from the operator chart * SeedImage: build image for the builder pod * Add cloud-config support to seedImage (#399) * SeedImage: fix registration yaml name (#394) * operator: ensure elemental finalizers are removed if present (#393) * SeedImage: move sync status with running pod to new func * operator: allow seedimage download from the extended API * SeedImage: add DownloadToken in the Status * operator: return http 401 error on registration auth failure * operator: report error on unrecognized auth websocket connections * operator: drop build-image api (#389) * unit-tests: ensure resources cleanup (#390) * SeedImage: drop finalizer tests * SeedImage: check conditions and return early when needed * SeedImage: add more tests * Adapt tests to drop finalizers * Stop using finalizers if not extrictly needed * operator: add SeedImage CRD (#377) * Prevent MachineInventorySelector from being cached * Set object not found as a debug message * Update logs to not use info with custom depth * operator: use opensuse nginx to serve build-img ISO (#369) * Use variadic arguments in klog instead of slices * operator: register the host IP in MachineInventory annotations (#350) * Unify logging * operator: labels minor improvements (#363) * build-image API: add build job with single pod lifecycle (#362) * Turn MachineInventoryRef into LocalObjectReference (#359) * Remove branch filter on tag events (#361) * Update actions/download-artifact to v3.0.2 * Filter inventory list with a labelSelector and not with a labels map (#358) * Move system-data labels to templating * operator: let build-image API GET to return the image URL (#351) * register client: isolate TPM auth code (#346) * operator: fix label name (#348) * operator: fix MachineInventory search during registration (#342) * operator: always use software UUID as default machine name (#340) * Set default elemental-operator USER * operator: add support to old register clients (#338) * Lints * Update wharfie to 0.5.3 * register client: allow to register against lower version operators (#332) * Replace action engineerd/setup-kind (#328) * Copyright date-range 2022 - 2023 (#327) * Use go 1.18 * operator: expose build-image API (#315) * Fix node-labels regression * Do not store cpu info if not available (#321) * docs: add ref to the official docs in the chart readme (#316) * linter: fix go-header check (#319) * unit-tests: disable parallelization (#312) * Change tar-file layout in elemental-support * Add default config-dir value (#313) * Re-add config-dir install flag (#309) * Return registration errors to client (#301) * Properly sanitize extra system data (#307) * Improve unit tests (#308) * Derive TPM seed from system UUID (#297) * Add disable-boot-entry flag in install structure (#302) * Fetch commit and date from obsinfo file (#300) * operator: add back debug logs for logrus (registration) (#299) * [tpm] Set a random seed if emulated tpm seed is set to -1 (#282) * Include _helmignore file (#295) * Add OBS build repcipes into the repository (#294) * Drop legacy catalog for tests (#291) * Kubebuilder: fix MachineRegistration search during registration (#280) (#293) * Send full system data on registration (#276) * Bump rancher version in e2e tests (#290) * Set default syncTime when not provided (#289) * Remove invalid conditions from objects (#284) * operator: don't try to patch an empty MachineInventory (#274) * Backport minor fixes (#271) * Merge all main logic in one file (#270) * [controller_runtime] add registration protocol version (#266) * Kubebuilder: Remove unused code (#267) * [controller_runtime] operator/registration: switch to Kubebuilder client (#256) * Refactor ManagedOsImage e2e tests (#263) * Add a rate limiter to managedosversionchannel reconciler (#260) * Refactor MachineRegistration e2e tests (#253) * Drop requeuer, not needed anymore (#255) * Improve syncer (#252) * New syncer logic (#245) * Fix make verify (#248) * controller: add Secret name reference to the ServiceAccount (#247) * Kubebuilder: Add 'verify' workflow (#244) * Add remaining controllers (#232) * Kubebuilder: Add machine inventory selector controller (#224) * Kubebuilder: Add remaining API types (#225) * Kubebuilder: Add machine inventory controller (#221) * Kubebuilder: Add machine registration controller (#206) * Kubebuilder: Run new code and generate RBAC (#203) * Kubebuilder: Add make tasks for different tools (#194) * Add kubebuilder API definitions (#184) * Change yaml-marshalling of node-labels file (#287) * Remove yaml typo (#286) * Add helm labels and annotations to all crds (#281) * Set helm labels on CRDs (#277) * Change the helm chart oci reference to be aligned with other elemental images (#268) * Add version commands/flags for all binaries (#262) * Use custom names in upgrade objects (#254) * Several improvements to the support command (#258) * Also trigger Dev rebuild on tag push (#249) * Propagate inventory labels to node on bootstrap plan (#243) * Add codeql + escape user input before processing (#237) * Create dependency-review.yml (#236) * Bump golangci action (#234) * Stop elemental-system-agent when the node is ready (#231) * Fix docker and gorelease jobs (#230) * operator: improve logging of the MachineRegistration controller * operator: move ServiceAccount creation to a separate func * operator: drop duplicated import * operator: enforce ServiceAccount's Secret link * operator: create ServiceAccounts before their Secrets * operator: unit-tests: add coverage for unauthenticatedResponse() (#217) * coverity: make patch status informational (#219) * tests: Add k8s 1.24 and default to rancher 2.6.9 (#220) * tests: use latest url for rancher charts (#218) * Elemental Operator: manage empty config in MachineRegistrations (#213) * Label other objects created by elemental-operator (#216) * Only read yaml files included in the given directories (#215) * Label secrets managed by elemental-operator (#212) * Allow custom config files for elemental-cli (#210) * Collect operator logs after running tests (#204) * Audit and update elemental-operator RBAC ClusterRole (#196) * Add config for e2e tests (#201) * Add OBS workflow to update elemental-operator package (#200) * Add vendor for obs integration (#198) * release: enhance release pipeline (#195) * operator: drop duplicated import of elemental APIs (#199) * Disable CGO under arm for register binaries + restore SBOM (#193) * Revert 'Add sbom to releases and attach to containers' (#191) * Add elemental GlobalRole for Rancher UI (#187) * Add reasons for conditions (#185) * lint: dont overshadow var (#172) - elemental-register needs lvm2 for running blkdeactivate. - Update to version 0.6.0+git20220923.ffdff84: * Add v0.6.0 changelog (#182) - Update to version 0.6.0+git20220923.f022acb: * unit-tests: add support to Secrets in registraion's OnChange() * operator: log the creation of a new registration token * operator: explicitly add Secrets to registration ServiceAccounts * operator: return error when the ServiceAccount has no secrets - Update to version 0.5.0+git20220922.17d9d21: * support command improvements (#173) - make elemental-support a sub-package - disable chart building, was not packaged - Update to version 0.5.0+git20220912.846c610: * Add sbom to releases and attach to containers (#160) * Use BCI Golang image to build image * register: fix CGO build in Dockerfile * register: build it with CGO (#169) * tests(registration): More unit tests (#167) * Rework client to accept a ClientInterface (#166) * tests(inventory): Add unit tests for inventory methods (#164) * register/operator: drop MachineInventory labels passed from the client * unit-tests: check default machine name * go mod tidy * operator: change default MachineInventory name * Add simple changelog (#158) - Update to version 0.5.0+git20220902.3d28c5d: * Configure custom smbios data (#157) - Update to version 0.4.4+git20220902.64f4703: * operator: ensure inventory.Labels is not nil before adding labels - Update to version 0.4.4+git20220901.75792d6: * Add extra labels with smbios data (#155) * Fix secretname for the apiService (#153) * unit-tests: add websocket coverage * operator: add unit-test for mergeInventoryLabels() * operator/register: drop unused code * operator/register: rework the registration protocol * websocket: add helper functions * register: set a timeout for retrieving the installation config * drop unused labels on bootstrap (#154) * Fix missing cosign and run command (#151) * Enable deploying operator replicas (#150) * register: take control of the registration process * bump github.com/rancher-sandbox/go-tpm * fix linter: cyclomatic complexity of ServeHTTP is 16 * operator: move websocket management logic out of the tpm package * minor: drop duplicated logging * operator/http: check websocket upgrade header in HTTP connections - Update to version 0.4.3+git20220831.7e58679: * Add image signing to push jobs (#148) * Add local plan to rancher-system-agent to stop elemental-system-agent (#146) - Update to version 0.4.3+git20220822.f0bd8f4: * log: report elemental installation completion * Fix e2e discovery tests (#138) - Update to version 0.4.3+git20220812.72971ff: * Backwards compatibility for smbios headers (#137) * Only decode some smbios data (#134) * Drop uneeded files and add extra label (#135) * Split header into 7Kb of data (#133) * Add auto labeler (#125) * Remove default value for flag and expand description (#126) * [chart] only add default-registry if specified (#128) * Store binary artifacts on PR/master (#127) * [tests] fix nginx deploy url (#129) * Bundle support bin with register (#124) - build elemental-operator without CGO_ENABLED (doesn't need tpm) - Update to version 0.4.2+git20220805.5b64a77: * Set the proper namespace (#117) - Update to version 0.4.2+git20220805.485ff21: * Add CAs to docker artifact (#120) - Update to version 0.4.2+git20220804.76f61f5: * Store all registration data on installation (#116) - Update to version 0.4.2+git20220803.6d730d3: * Set fixed hostname and make it persistent (#106) - Update to version 0.4.2+git20220803.f4ba471: * Add 'support' to 'make build' (#111) - Update to version 0.4.2+git20220803.10d3621: * Add a elemental-support binary (#109) - Update to version 0.4.2+git20220802.f243498: * Add missing register command to bootstrap (#104) * Couple of tests for config mapstructure (#102) - Update to version 0.4.2+git20220801.ea7884e: * Produce 2 binaries instead of one (#99) * Push master merges to elemental-operator-ci (#100) * operator: pass all the registration fields on unauthenticated query - Update to version 0.4.2+git20220801.846d313: * Add missing mapstructure annotations to config (#101) * operator: drop duplicated MachineInventory init code - Update to version 0.4.2+git20220729.6b52b44 - Bump to v0.4.2 - Update to version 0.4.1+git20220729.6b52b44: * Set a fixed name config for rke/k3s deployments (#97) - Update to version 0.4.1+git20220728.896efee: * mend * Drop unneeded code - Update to version 0.4.1+git20220728.38929d2: * Update elemental api resources for upgrades (#95) - Update to version 0.4.1+git20220728.b5c35b9: * operator: fix adding machineInventoryLabels after initial registration - Update to version 0.4.1+git20220727.68b87dd: * Drop setting a custom providerID (#91) - Update to version 0.4.0+git20220727.3241cfd: * Bump rancher version (#89) - Update to version 0.4.0+git20220722.ea618ea: * elemental-operator register: keep system CAs when passing a custom CA * elemental-operator register: add some more logging * add github.com/sanity-io/litter module * ensure all the structs include proper yaml labels * Add a target to setup a clean cluster (#79) * [register] Check for path error before doing anything (#80) * Make /oem/registration the default configuration dir (#81) * Add README to elemetal-operator helm chart (#56) * Store registration yaml in installed system (#71) * Fix 'make unit-tests' - Update to version 0.3.0+git20220722.f2ab68c: * [register] Check for path error before doing anything (#80) - Update to version 0.3.0+git20220722.cf20bc6: * Make /oem/registration the default configuration dir (#81) - Update to version 0.3.0+git20220722.9b9844b: * Add README to elemetal-operator helm chart (#56) - Update to version 0.3.0+git20220721.52c3cbb: * Store registration yaml in installed system (#71) - Remove elemental-operator.service, as this is now executed as part of the cloud-config shipped with elemental. See https://github.com/rancher/elemental/pull/178 - Update to version 0.3.0+git20220721.e15e76e: * Fix 'make unit-tests' * Do note fetch cloud-config on unauthenticated registartion calls (#67) * Change the default machine name to include the UUID - read config from /run/initramfs/live - Update to version 0.3.0+git20220720.90791e4: * Update MachineRegistration example - Update to version 0.3.0+git20220720.79d957e: * Adds support for cloud-config data in machine registration (#61) - Update to version 0.2.1+git20220719.489d40f: * review elemental installer env vars (#59) - Run elemental-operator.service after cos-setup-network.service is completely done. Add back a dependency with multi-user.target to ensure it is pulled by some target at boot. - Run elemental-operator.service after mutli-user.target to ensure it is executed after all boot services are ready - only run in live mode - Update to version 0.2.1+git20220718.3530dc5: * ensure install struct includes proper yaml labels (#57) - Update to version 0.2.1+git20220718.6e2f20f: * Pass debug flag to elemental client if requested (#58) - Update to version 0.2.1+git20220715.2381ebc: * Do not attempt to install in already installed systems (#55) * Some fixes for the release pipelines (#53) - Update to 0.2.0 - Update to version 0.1.1+git20220715.618d3c4: * Log the version, commit and commit date on start (#43) - Update to version 0.1.1+git20220715.bd811be: * Remove obsolete logic from former ros-installer (#45) - pass COMMITDATE to build - Update to version 0.1.1+git20220714.a05a2db: * elemental-operator register: enable local plans - Update to version 0.1.1+git20220714.602178c: * elemental-operator register: allow cacert passed as file or data (#44) * Makefile: fix make build-docker (#41) - On behalf of commit 62bac1d (#38) `elemental install` is called within the `elemental-operator register` command, so the unit file only needs to call `elemental-operator register` - drop elemental-installer and -chart subpackages - add elemental-operator.service file - build with TPM emulation - Update to version 0.1.1+git20220713.adfff7c: * Some register fixes (#40) * elemental-operator register: add elemental cli call (#38) * Fix building the operator/installer with emulatedTPM (#39) * Return a Config.Config in MachineInventory (#35) * Use cacert from rancher and use serverl-url from rancher (#36) - Update to version 0.1.1+git20220713.bcfe4d0: * Add test for chart values (#31) - Update to version 0.1.1+git20220712.14d4d95: * Share installation configuration structures (#24) * bump github.com/docker/distribution to 2.8.1 (#29) * Bump image-spec to 1.0.2 (#28) * Bump system-agent to 0.2.8 (#17) * update testhelpers * Update go.sum * [ci] Up the go version and restore the proper cache * Fix go.sum * [test] Remove focus * [lint] ignore generated files - Update to version 0.1.1+git20220707.39177e8: * Rename RancherOS to Elemental in installer logic * Merge elemental installer (#20) * renamed to elemental-operator and switched to system agent * Fix wrong key in example full reference * Rename rancheros->elemental in README * tests: Use helpers from testlib * tests: Add upgrades e2e test * ci: detect when deployments are already there * Update missing policy rule * Sort env to avoid updating same bundle - Update to version 0.1.1+git20220707.1d97f14: * Merge elemental installer (#20) * renamed to elemental-operator and switched to system agent * Fix wrong key in example full reference * Rename rancheros->elemental in README * tests: Use helpers from testlib * tests: Add upgrades e2e test * ci: detect when deployments are already there * Update missing policy rule * Sort env to avoid updating same bundle * Be sure to not push same env multiple times - Update to version 0.0.0+git20220707.0c6dcff: * Adapat Dockerfile and golreleaser to keep releasing and building elemental-operator as they used to * Update .github/workflows/unit-tests.yaml * Update Makefile - Update to version 0.0.0+git20220707.4b69306: * Adding installer unit tests * Add elemental-installer * Move main into a cmd/operator package - Update to version 0.0.0+git20220704.211ad46: * renamed to elemental-operator and switched to system agent * Fix wrong key in example full reference * Rename elemental->elemental in README * tests: Use helpers from testlib * tests: Add upgrades e2e test * ci: detect when deployments are already there * Update missing policy rule * Sort env to avoid updating same bundle * Be sure to not push same env multiple times * Update pkg/controllers/inventory/inventory.go - adapt machine-registration.yaml and create-cluster.yaml to system-agent - Update to version 0.1.0+git20220622.84e703a: * added registration command and support for using elemental as a cluster api infrastructure provider * wip * renamed to elemental-operator and switched to system agent - Update to version 0.1.0+git20220603.19a5e9e: * Fix wrong key in example full reference * Rename elemental->elemental in README - rename binary to elemental-operator - Update to version 0.1.0+git20220420.6e6aa51: - Update to version 0.1.0+git20220525.9e1d451: * rename pathes to 'elemental' * rename files to 'elemental' * rename directories to 'elemental' * tests: Use helpers from testlib * tests: Add upgrades e2e test * ci: detect when deployments are already there * Update missing policy rule * Sort env to avoid updating same bundle * Be sure to not push same env multiple times * Update pkg/controllers/inventory/inventory.go - renamed the api spec in the sample .yaml files - Update to version 0.1.0+git20220525.9e1d451: * rename pathes to 'elemental' * rename files to 'elemental' * rename directories to 'elemental' * tests: Use helpers from testlib * tests: Add upgrades e2e test * ci: detect when deployments are already there * Update missing policy rule * Sort env to avoid updating same bundle * Be sure to not push same env multiple times * Update pkg/controllers/inventory/inventory.go - Update to version 0.1.0+git20220420.6e6aa51: * tests: Use helpers from testlib * tests: Add upgrades e2e test * ci: detect when deployments are already there * Update missing policy rule * Sort env to avoid updating same bundle * Be sure to not push same env multiple times * Update pkg/controllers/inventory/inventory.go * Rework * Add events on errors * e2e-ci: add some missing check on errors - Update to version 0.1.0+git20220518.f916493: * rename to elemental-operator - update default kubernetesVersion to 1.22.7 - Update machine-registration.yaml * add hostname * put 'install' section below 'elemental' - Update to version 0.1.0+git20220420.6e6aa51: * tests: Use helpers from testlib * tests: Add upgrades e2e test * ci: detect when deployments are already there * Update missing policy rule * Sort env to avoid updating same bundle * Be sure to not push same env multiple times * Update pkg/controllers/inventory/inventory.go * Rework * Add events on errors - Update to version 0.1.0-alpha23+git20220408.cd4553f: * e2e-ci: add some missing check on errors * Bump ele-testhelpers version * e2e-ci: move some functions to ele-testhelpers * Update README * Do not make kube calls blocking * Test env metadata injection * Correctly annotate env vars from metadata * Adapt tests, add test cases * Respect upgradeContainerSpec from ManagedOSVersion * Do allocate the event recorder once in the syncer * Refactor out recorder boilerplate * Collect errors when syncing * Refactor out requeuer to not be blocking * Add test for event broadcasting * Set appropriate rules for broadcasting events * go gen * Record invalid specs back to the VersionChannel * Build general event interface from raw k8s into client * Add reconciler * Wrong obs workflow name :facepalm: * Add OBS workflow to trigger rpm build * Use operator image for wait and display hook * CLI fixups * Allow to specify a mountpath * Add requeue mechanism * Disable mounting SA token by default on sync pod * Implement Custom syncer * Lower the ticker for testing * Set the default update to 60m * Add sync-interval flag * Add owner reference on ManagedOSVersion * Bump rancher version used in tests * Don't watch over specific namespaces * Add make target to test local changes in kind * Enhance tests * Allow to set a bridge ip * Allow to selectively sync user-defined namespaces * Add MachineOSVersionChannel JSON tests * Implement JSON syncer logic * Very basic sync service logic * ManagedOSVersionChannel sync service * Add ManagedOSVersionChannel and skeleton for sync service - Initial version 0.1.0~alpha23 Changes in elemental-operator1.5-crds-helm: - Update to version 1.5.1: * Sanitize elemental-operator dependencies (#690) * Fix ManagedOSImage cloudConfig (#671) * Align DrainSpec to system-upgrade-controller defaults (#668) * Drain nodes by default on upgrade (#660) - Update to version 1.5.0: * Make snapshotter configurable (#651) * Make channel sync more robust (#638) * Test against k8s v1.27, rancher v2.8.2, and upgrade all test dependendencies (#628) * Add kubebuilder example and validation * Add TargetPlatform to SeedImageSpec * Add disable-boot-entry flag to reset command - Update to version 1.4.3 - Update to version 1.4.2 - Update to version 1.4.1 - Update to version 1.4.0+git20231128.a867d93: * Unify all chart files under .obs/charfile - Update to version 1.3.2+git20230824.c90c1c8: * Charts: sync OBS charts * Update .obs/chartfile/crds/Chart.yaml * Adapt tests and Makefile * Split chart into crds chart and operator chart - Update to version 0.5.0+git20220902.3d28c5d: * Configure custom smbios data (#157) - Update to version v0.4.4: * Fix secretname for the apiService (#153) * Enable deploying operator replicas (#150) - Update to version 0.4.3+git20220822.f0bd8f4: * log: report elemental installation completion * Fix e2e discovery tests (#138) - Update to version v0.4.3: * Remove default value for flag and expand description (#126) * [chart] only add default-registry if specified (#128) * Set the proper namespace (#117) - Bump to v0.4.2 - Bump to v0.4.1 - Update to version v0.4.0: * Add README to elemetal-operator helm chart (#56) - Update Chart.yaml to the right elemental-operator version - Update to elemental-operator v0.3.0 - Improve Makefile to get image tag from github - Update Makefile and build elemental-operator.tar - Bump version to 0.2.1 - Bump elemental-operator tag image to 0.2.1-10.1 - Bump elemental-operator tag image to 0.2.0-9.1 - Update _helmignore file - Update Makefile and fix build issues - Add _helmignore file - Update to version 0.1.1+git2022-07-13.adfff7c: * Use cacert from rancher and use serverl-url from rancher (#36) - Update image repository in values-overwrite.yaml - Initial commit for elemental-operator helm chart Changes in elemental-operator1.5-helm: - Update to version 1.5.1 - Update to version 1.5.0: * Enable ManagedOSImage updates (#658) * charts: backport changes from Rancher Marketplace chart (#652) * Test against k8s v1.27, rancher v2.8.2, and upgrade all test dependendencies (#628) * Fix default values in questions.yaml file * Unify all chart files under .obs/charfile * charts: fix annotations (#566) * Add slem4r images in channel (#544) * Charts: fix OBS build * Charts: sync OBS charts * Fixed a typo in the version string for elemental-teal-channel in helm chart (#495) - Update to version 1.4.3 - Update to version 1.4.2 * Fix default values in questions.yaml file - Update to version 1.4.1 - Update to version 1.4.0+git20231129.c7f1dc1: * Add slem4r images in channel (#544) - Update to version 1.4.0+git20231128.a867d93: * Unify all chart files under .obs/charfile * charts: fix annotations (#566) * Charts: fix OBS build - Update to version 1.3.2+git20230824.c90c1c8: * Charts: sync OBS charts * Fixed a typo in the version string for elemental-teal-channel in helm chart (#495) * Remove SLE Micro reference from elemental-operator images * Make SLE Micro version from image references dynamic (#480) * Adapt tests and Makefile * Split chart into crds chart and operator chart - Update to version 0.5.0+git20220902.3d28c5d: * Configure custom smbios data (#157) - Update to version v0.4.4: * Fix secretname for the apiService (#153) * Enable deploying operator replicas (#150) - Update to version 0.4.3+git20220822.f0bd8f4: * log: report elemental installation completion * Fix e2e discovery tests (#138) - Update to version v0.4.3: * Remove default value for flag and expand description (#126) * [chart] only add default-registry if specified (#128) * Set the proper namespace (#117) - Bump to v0.4.2 - Bump to v0.4.1 - Update to version v0.4.0: * Add README to elemetal-operator helm chart (#56) - Update Chart.yaml to the right elemental-operator version - Update to elemental-operator v0.3.0 - Improve Makefile to get image tag from github - Update Makefile and build elemental-operator.tar - Bump version to 0.2.1 - Bump elemental-operator tag image to 0.2.1-10.1 - Bump elemental-operator tag image to 0.2.0-9.1 - Update _helmignore file - Update Makefile and fix build issues - Add _helmignore file - Update to version 0.1.1+git2022-07-13.adfff7c: * Use cacert from rancher and use serverl-url from rancher (#36) - Update image repository in values-overwrite.yaml - Initial commit for elemental-operator helm chart Changes in elemental-rt-channel-image: - Adapt the Dockerfile to explicitly pull elemental-register (v1.4) instead of the newer 1.5 variant of it. - Fix RT URLs and use import channel.json file from previous build stage - Only build for x86_64 - Add SLE Micro RT v2.0.2 to channel Changes in elemental-rt-channel1.5-image: - Fix RT URLs and use import channel.json file from previous build stage - Only build for x86_64 - Add SLE Micro RT v2.0.2 to channel - Adapt channel to the new 'suse/sle-micro' images Changes in elemental-toolkit: - Update to version 1.1.5: * [v1.1.x] Move recovery hostname to cloud-config-defaults (#2047) - Update to version 1.1.4: * Add default rootfs settings * Install podman in example Dockerfiles (#1959) - Update to version 1.1.2: * Remove unused method * Update copyright year (2024) * Update workflow to trigger for go.mod * Bump moby at v25.0.1 * Bump docker at v23.0.8 * Bump go-git at v5.11.0 * Bump containerd at v1.7.12 Changes in operator-image1.5: - Update to version 1.5.1: * Repurpose v1.5.x branch for SLE Micro 5.5 - Update to version 1.5.0: * Micro rename (#684) * operator/Dockerfile: tag IMAGE_REPO with :latest - Update to version 1.4.3 - Update to version 1.4.2 - Update to version 1.4.1 - Adding a changes file Changes in seedimage-builder: - Update to version 1.4.3 Changes in seedimage-builder1.5: - Update to version 1.5.1: * Repurpose v1.5.x branch for SLE Micro 5.5 - Update to version 1.5.0: * Micro rename (#684) * seedimage: add tag to IMG_REPO * seedimage: switch labelprefix to com.suse.elemental * seedimage: Switch to toolbox for ALP * Add elemental-seedimage-hooks package (#592) * Add grub package to seedimage built in OBS (#568) * Build raw disk images in SeedImage (#557) - Update to version 1.4.3 - Update to version 1.4.2 - Update to version 1.4.1 - Adding changes file The following package changes have been done: - perl-base-5.26.1-150300.17.17.1 updated - coreutils-8.32-150400.9.6.1 updated - systemd-presets-branding-SLE-Micro-for-Rancher-20230814-150500.3.3.1 updated - elemental-register1.5-1.5.1-150500.1.3.1 added - elemental-support1.5-1.5.1-150500.1.3.1 added - elemental-updater-2.0.4-150500.4.3.1 updated - elemental-toolkit-1.1.5-150500.3.3.1 updated - elemental-2.0.4-150500.4.3.1 updated - perl-5.26.1-150300.17.17.1 updated - kernel-rt-5.14.21-150500.13.52.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.2 updated - elemental-register-1.4.3-150500.3.3.3 removed - elemental-support-1.4.3-150500.3.3.3 removed From sle-container-updates at lists.suse.com Wed May 29 16:14:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 29 May 2024 18:14:01 +0200 (CEST) Subject: SUSE-CU-2024:2290-1: Security update of suse/manager/5.0/x86_64/server Message-ID: <20240529161401.4592EFBA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2290-1 Container Tags : suse/manager/5.0/x86_64/server:5.0.0-rc , suse/manager/5.0/x86_64/server:5.0.0-rc.4.56 , suse/manager/5.0/x86_64/server:latest Container Release : 4.56 Severity : important Type : security References : 1024309 1082216 1082233 1125306 1159006 1175678 1178882 1178882 1188500 1188881 1189495 1190225 1191175 1198101 1201684 1201685 1201692 1201694 1202647 1203476 1204468 1204472 1204473 1204475 1204480 1205588 1205855 1205916 1205916 1206549 1207246 1207248 1207922 1208067 1209333 1210382 1210392 1210628 1210631 1210632 1210634 1210635 1210636 1210637 1211259 1211604 1211605 1211606 1211607 1211649 1211679 1211721 1211888 1213470 1213470 1213473 1213474 1213475 1213479 1213481 1213482 1213638 1213945 1214076 1214790 1215098 1215099 1215100 1215101 1215102 1215103 1215520 1216339 1216374 1216850 1218171 1218482 1218686 1218903 1218905 1218907 1218908 1218909 1218911 1219001 1219460 1219662 1219912 1220279 1220763 1221184 1221361 1221385 1221386 1221407 1221525 1221632 1222086 1222155 1222547 1222842 1222979 1222979 1222983 1222983 1222984 1222986 1222986 1222987 1222987 1223694 CVE-2018-6798 CVE-2018-6913 CVE-2020-8277 CVE-2021-3521 CVE-2021-3672 CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21628 CVE-2022-28737 CVE-2022-34169 CVE-2022-39399 CVE-2022-4904 CVE-2023-21835 CVE-2023-21843 CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 CVE-2023-22006 CVE-2023-22025 CVE-2023-22036 CVE-2023-22041 CVE-2023-22044 CVE-2023-22045 CVE-2023-22049 CVE-2023-22081 CVE-2023-25193 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 CVE-2023-40546 CVE-2023-40547 CVE-2023-40548 CVE-2023-40549 CVE-2023-40550 CVE-2023-40551 CVE-2023-6152 CVE-2024-1313 CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 CVE-2024-20932 CVE-2024-20945 CVE-2024-20952 CVE-2024-21011 CVE-2024-21011 CVE-2024-21012 CVE-2024-21012 CVE-2024-21068 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094 CVE-2024-21094 CVE-2024-23672 CVE-2024-24549 CVE-2024-25629 CVE-2024-3651 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:314-1 Released: Tue Feb 4 14:13:27 2020 Summary: Recommended update for gssproxy Type: recommended Severity: moderate References: 1024309 This update for gssproxy fixes the following issues: - Fix paths in tests and replace python's f-string usage - Initial check-in of gssproxy is needed on the NFS server if krb5 is used for NFS authentication using an AD directory server. (bsc#1024309)(FATE#322526) - 'krb5' may need 'auth_to_local = RULE:[1:$1@$0]' on the 'realms' section when 'winbind' is used for nsswitch.conf. (bsc#1024309)(FATE#322526) Also ding-libs was updated from 0.6.0 to 0.6.1 (jsc#ECO-248): - libini now supports validators that check for well-formed INI files. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:521-1 Released: Thu Feb 27 18:08:56 2020 Summary: Recommended update for c-ares Type: recommended Severity: moderate References: 1125306,1159006 This update for c-ares fixes the following issues: c-ares version update to 1.15.0: * Add ares_init_options() configurability for path to resolv.conf file * Ability to exclude building of tools (adig, ahost, acountry) in CMake * Report ARES_ENOTFOUND for .onion domain names as per RFC7686 (bsc#1125306) * Apply the IPv6 server blacklist to all nameserver sources * Prevent changing name servers while queries are outstanding * ares_set_servers_csv() on failure should not leave channel in a bad state * getaddrinfo - avoid infinite loop in case of NXDOMAIN * ares_getenv - return NULL in all cases * implement ares_getaddrinfo - Fixed a regression in DNS results that contain both A and AAAA answers. - Add netcfg as the build requirement and runtime requirement. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3478-1 Released: Mon Nov 23 09:33:17 2020 Summary: Security update for c-ares Type: security Severity: moderate References: 1178882,CVE-2020-8277 This update for c-ares fixes the following issues: - Version update to 1.17.0 * CVE-2020-8277: Fixed a Denial of Service through DNS request (bsc#1178882) * For further details see https://c-ares.haxx.se/changelog.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3616-1 Released: Thu Dec 3 10:56:12 2020 Summary: Recommended update for c-ares Type: recommended Severity: moderate References: 1178882 - Fixed incomplete c-ares-devel dependencies introduced by the privous update (bsc#1178882). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2760-1 Released: Tue Aug 17 17:11:14 2021 Summary: Security update for c-ares Type: security Severity: important References: 1188881,CVE-2021-3672 This update for c-ares fixes the following issues: Version update to git snapshot 1.17.1+20200724: - CVE-2021-3672: fixed missing input validation on hostnames returned by DNS servers (bsc#1188881) - If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause crash - Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response - Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing - Use unbuffered /dev/urandom for random data to prevent early startup performance issues ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3022-1 Released: Mon Sep 13 10:48:16 2021 Summary: Recommended update for c-ares Type: recommended Severity: important References: 1190225 This update for c-ares fixes the following issue: - Allow '_' as part of DNS response. (bsc#1190225) - 'c-ares' 1.17.2 introduced response validation to prevent a security issue, however it was not listing '_' as a valid character for domain name responses which caused issues when a 'CNAME' referenced a 'SRV' record which contained underscores. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2660-1 Released: Wed Aug 3 21:06:01 2022 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1201684,1201685,1201692,1201694,CVE-2022-21540,CVE-2022-21541,CVE-2022-21549,CVE-2022-34169 This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.4+8 (July 2022 CPU) - CVE-2022-21540: Improve class compilation (bsc#1201694) - CVE-2022-21541: Enhance MethodHandle invocations (bsc#1201692) - CVE-2022-34169: Improve Xalan supports (bsc#1201684) - CVE-2022-21549: java.util.random does not correctly sample exponential or Gaussian distributions (bsc#1201685) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3822-1 Released: Mon Oct 31 23:53:38 2022 Summary: Recommended update for adcli Type: recommended Severity: moderate References: 1202647 This update for adcli fixes the following issues: - Remove errx() calls on error conditions to execute the cleanup function and delete the krb5 snippets created in /tmp (bsc#1202647) - Set umask before calling mkdtemp (bsc#1202647) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4079-1 Released: Fri Nov 18 15:36:28 2022 Summary: Security update for java-17-openjdk Type: security Severity: moderate References: 1203476,1204468,1204472,1204473,1204475,1204480,CVE-2022-21618,CVE-2022-21619,CVE-2022-21624,CVE-2022-21628,CVE-2022-39399 This update for java-17-openjdk fixes the following issues: - Update to jdk-17.0.5+8 (October 2022 CPU) - CVE-2022-39399: Improve HTTP/2 client usage(bsc#1204480) - CVE-2022-21628: Better HttpServer service (bsc#1204472) - CVE-2022-21624: Enhance icon presentations (bsc#1204475) - CVE-2022-21619: Improve NTLM support (bsc#1204473) - CVE-2022-21618: Wider MultiByte (bsc#1204468) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:297-1 Released: Tue Feb 7 13:17:47 2023 Summary: Recommended update for java-17-openjdk Type: recommended Severity: moderate References: 1205916 This update for java-17-openjdk fixes the following issues: - Modified patches: Revert fips patch to a version used with 17.0.4.0 (bsc#1205916) Apply nss-security-provider patch after the fips patch, thus rediff the hunk to changed context. - Fix jconsole.desktop icon ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:435-1 Released: Thu Feb 16 11:06:29 2023 Summary: Security update for java-17-openjdk Type: security Severity: moderate References: 1205916,1207246,1207248,CVE-2023-21835,CVE-2023-21843 This update for java-17-openjdk fixes the following issues: Updated to version jdk-17.0.6.0+10: - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246). - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). Bugfixes: - Avoid calling C_GetInfo() too early, before cryptoki is initialized (bsc#1205916). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:486-1 Released: Thu Feb 23 10:38:13 2023 Summary: Security update for c-ares Type: security Severity: important References: 1208067,CVE-2022-4904 This update for c-ares fixes the following issues: Updated to version 1.19.0: - CVE-2022-4904: Fixed missing string length check in config_sortlist() (bsc#1208067). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1632-1 Released: Tue Mar 28 12:53:57 2023 Summary: Recommended update for java-17-openjdk Type: recommended Severity: important References: 1206549 This update for java-17-openjdk fixes the following issues: - Remove the accessibility RPM sub-package because it causes problems (bsc#1206549) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2110-1 Released: Fri May 5 14:10:21 2023 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1209333,1210628,1210631,1210632,1210634,1210635,1210636,1210637,CVE-2023-21930,CVE-2023-21937,CVE-2023-21938,CVE-2023-21939,CVE-2023-21954,CVE-2023-21967,CVE-2023-21968 This update for java-17-openjdk fixes the following issues: Update to upstrem tag jdk-17.0.7+7 (April 2023 CPU) Security fixes: - CVE-2023-21930: Fixed AES support (bsc#1210628). - CVE-2023-21937: Fixed String platform support (bsc#1210631). - CVE-2023-21938: Fixed runtime support (bsc#1210632). - CVE-2023-21939: Fixed Swing platform support (bsc#1210634). - CVE-2023-21954: Fixed object reclamation process (bsc#1210635). - CVE-2023-21967: Fixed TLS session negotiation (bsc#1210636). - CVE-2023-21968: Fixed path handling (bsc#1210637). Other fixes: - Fixed socket setTrafficClass not working for IPv4 connections when IPv6 is enabled (bsc#1209333). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2313-1 Released: Tue May 30 09:29:25 2023 Summary: Security update for c-ares Type: security Severity: important References: 1211604,1211605,1211606,1211607,CVE-2023-31124,CVE-2023-31130,CVE-2023-31147,CVE-2023-32067 This update for c-ares fixes the following issues: Update to version 1.19.1: - CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604) - CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605) - CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) - CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - Fix uninitialized memory warning in test - ares_getaddrinfo() should allow a port of 0 - Fix memory leak in ares_send() on error - Fix comment style in ares_data.h - Fix typo in ares_init_options.3 - Sync ax_pthread.m4 with upstream - Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2340-1 Released: Thu Jun 1 09:46:52 2023 Summary: Recommended update for java-17-openjdk Type: recommended Severity: moderate References: 1210392,1211259 This update for java-17-openjdk fixes the following issues: - In SSLSessionImpl, interpret length of SNIServerName as an unsigned byte so that it can have length up to 255 rather than 127 (SG#65673, bsc#1210392) - Do not install separate nss.fips.cfg file, since there is now one in the tree and the install happens automatically - Enable system property file by default, without which the FIPS mode would never get enabled (bsc#1211259) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2825-1 Released: Fri Jul 14 11:21:46 2023 Summary: Recommended update for java-17-openjdk Type: recommended Severity: moderate References: 1211679 This update for java-17-openjdk fixes the following issues: - Bring back our nss.fips.cfg file, as the variable expansion in the upstream file does not work (bsc#1211679) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3023-1 Released: Fri Jul 28 21:59:48 2023 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1207922,1213473,1213474,1213475,1213479,1213481,1213482,CVE-2023-22006,CVE-2023-22036,CVE-2023-22041,CVE-2023-22044,CVE-2023-22045,CVE-2023-22049,CVE-2023-25193 This update for java-17-openjdk fixes the following issues: Updated to version jdk-17.0.8+7 (July 2023 CPU): - CVE-2023-22006: Fixed vulnerability in the network component (bsc#1213473). - CVE-2023-22036: Fixed vulnerability in the utility component (bsc#1213474). - CVE-2023-22041: Fixed vulnerability in the hotspot component (bsc#1213475). - CVE-2023-22044: Fixed vulnerability in the hotspot component (bsc#1213479). - CVE-2023-22045: Fixed vulnerability in the hotspot component (bsc#1213481). - CVE-2023-22049: Fixed vulnerability in the libraries component (bsc#1213482). - CVE-2023-25193: Fixed vulnerability in the embedded harfbuzz module (bsc#1207922). - JDK-8294323: Improve Shared Class Data - JDK-8296565: Enhanced archival support - JDK-8298676, JDK-8300891: Enhanced Look and Feel - JDK-8300285: Enhance TLS data handling - JDK-8300596: Enhance Jar Signature validation - JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1 - JDK-8302475: Enhance HTTP client file downloading - JDK-8302483: Enhance ZIP performance - JDK-8303376: Better launching of JDI - JDK-8304460: Improve array usages - JDK-8304468: Better array usages - JDK-8305312: Enhanced path handling - JDK-8308682: Enhance AES performance Bugfixes: - JDK-8178806: Better exception logging in crypto code - JDK-8201516: DebugNonSafepoints generates incorrect information - JDK-8224768: Test ActalisCA.java fails - JDK-8227060: Optimize safepoint cleanup subtask order - JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java fails with AssertionError - JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel - JDK-8244976: vmTestbase/nsk/jdi/Event/request/request001.java doesn' initialize eName - JDK-8245877: assert(_value != __null) failed: resolving NULL _value in JvmtiExport::post_compiled_method_load - JDK-8248001: javadoc generates invalid HTML pages whose ftp:// links are broken - JDK-8252990: Intrinsify Unsafe.storeStoreFence - JDK-8254711: Add java.security.Provider.getService JFR Event - JDK-8257856: Make ClassFileVersionsTest.java robust to JDK version updates - JDK-8261495: Shenandoah: reconsider update references memory ordering - JDK-8268288: jdk/jfr/api/consumer/streaming/ /TestOutOfProcessMigration.java fails with 'Error: ShouldNotReachHere()' - JDK-8268298: jdk/jfr/api/consumer/log/TestVerbosity.java fails: unexpected log message - JDK-8268582: javadoc throws NPE with --ignore-source-errors option - JDK-8269821: Remove is-queue-active check in inner loop of write_ref_array_pre_work - JDK-8270434: JDI+UT: Unexpected event in JDI tests - JDK-8270859: Post JEP 411 refactoring: client libs with maximum covering > 10K - JDK-8270869: G1ServiceThread may not terminate - JDK-8271519: java/awt/event/SequencedEvent/ /MultipleContextsFunctionalTest.java failed with 'Total [200] - Expected [400]' - JDK-8273909: vmTestbase/nsk/jdi/Event/request/request001 can still fail with 'ERROR: new event is not ThreadStartEvent' - JDK-8274243: Implement fast-path for ASCII-compatible CharsetEncoders on aarch64 - JDK-8274615: Support relaxed atomic add for linux-aarch64 - JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile - JDK-8275233: Incorrect line number reported in exception stack trace thrown from a lambda expression - JDK-8275287: Relax memory ordering constraints on updating instance class and array class counters - JDK-8275721: Name of UTC timezone in a locale changes depending on previous code - JDK-8275735: [linux] Remove deprecated Metrics api (kernel memory limit) - JDK-8276058: Some swing test fails on specific CI macos system - JDK-8277407: javax/swing/plaf/synth/SynthButtonUI/6276188/ /bug6276188.java fails to compile after JDK-8276058 - JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java - add 4357905 - JDK-8278146: G1: Rework VM_G1Concurrent VMOp to clearly identify it as pause - JDK-8278434: timeouts in test java/time/test/java/time/ /format/TestZoneTextPrinterParser.java - JDK-8278834: Error 'Cannot read field 'sym' because 'this.lvar[od]' is null' when compiling - JDK-8282077: PKCS11 provider C_sign() impl should handle CKR_BUFFER_TOO_SMALL error - JDK-8282201: Consider removal of expiry check in VerifyCACerts.java test - JDK-8282227: Locale information for nb is not working properly - JDK-8282704: runtime/Thread/StopAtExit.java may leak memory - JDK-8283057: Update GCC to version 11.2.0 for Oracle builds on Linux - JDK-8283062: Uninitialized warnings in libgtest with GCC 11.2 - JDK-8283520: JFR: Memory leak in dcmd_arena - JDK-8283566: G1: Improve G1BarrierSet::enqueue performance - JDK-8284331: Add sanity check for signal handler modification warning. - JDK-8285635: javax/swing/JRootPane/DefaultButtonTest.java failed with Default Button not pressed for L&F: com.sun.java.swing.plaf.motif.MotifLookAndFeel - JDK-8285987: executing shell scripts without #! fails on Alpine linux - JDK-8286191: misc tests fail due to JDK-8285987 - JDK-8286287: Reading file as UTF-16 causes Error which 'shouldn't happen' - JDK-8286331: jni_GetStringUTFChars() uses wrong heap allocator - JDK-8286346: 3-parameter version of AllocateHeap should not ignore AllocFailType - JDK-8286398: Address possibly lossy conversions in jdk.internal.le - JDK-8287007: [cgroups] Consistently use stringStream throughout parsing code - JDK-8287246: DSAKeyValue should check for missing params instead of relying on KeyFactory provider - JDK-8287541: Files.writeString fails to throw IOException for charset 'windows-1252' - JDK-8287854: Dangling reference in ClassVerifier::verify_class - JDK-8287876: The recently de-problemlisted TestTitledBorderLeak test is unstable - JDK-8287897: Augment src/jdk.internal.le/share/legal/jline.md with information on 4th party dependencies - JDK-8288589: Files.readString ignores encoding errors for UTF-16 - JDK-8289509: Improve test coverage for XPath Axes: descendant, descendant-or-self, following, following-sibling - JDK-8289735: UTIL_LOOKUP_PROGS fails on pathes with space - JDK-8289949: Improve test coverage for XPath: operators - JDK-8290822: C2: assert in PhaseIdealLoop::do_unroll() is subject to undefined behavior - JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067 - JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value - JDK-8291638: Keep-Alive timeout of 0 should close connection immediately - JDK-8292206: TestCgroupMetrics.java fails as getMemoryUsage() is lower than expected - JDK-8292301: [REDO v2] C2 crash when allocating array of size too large - JDK-8292407: Improve Weak CAS VarHandle/Unsafe tests resilience under spurious failures - JDK-8292713: Unsafe.allocateInstance should be intrinsified without UseUnalignedAccesses - JDK-8292755: Non-default method in interface leads to a stack overflow in JShell - JDK-8292990: Improve test coverage for XPath Axes: parent - JDK-8293295: Add type check asserts to java_lang_ref_Reference accessors - JDK-8293492: ShenandoahControlThread missing from hs-err log and thread dump - JDK-8293858: Change PKCS7 code to use default SecureRandom impl instead of SHA1PRNG - JDK-8293887: AArch64 build failure with GCC 12 due to maybe-uninitialized warning in libfdlibm k_rem_pio2.c - JDK-8294183: AArch64: Wrong macro check in SharedRuntime::generate_deopt_blob - JDK-8294281: Allow warnings to be disabled on a per-file basis - JDK-8294673: JFR: Add SecurityProviderService#threshold to TestActiveSettingEvent.java - JDK-8294717: (bf) DirectByteBuffer constructor will leak if allocating Deallocator or Cleaner fails with OOME - JDK-8294906: Memory leak in PKCS11 NSS TLS server - JDK-8295564: Norwegian Nynorsk Locale is missing formatting - JDK-8295974: jni_FatalError and Xcheck:jni warnings should print the native stack when there are no Java frames - JDK-8296084: javax/swing/JSpinner/4788637/bug4788637.java fails intermittently on a VM - JDK-8296318: use-def assert: special case undetected loops nested in infinite loops - JDK-8296343: CPVE thrown on missing content-length in OCSP response - JDK-8296412: Special case infinite loops with unmerged backedges in IdealLoopTree::check_safepts - JDK-8296545: C2 Blackholes should allow load optimizations - JDK-8296934: Write a test to verify whether Undecorated Frame can be iconified or not - JDK-8297000: [jib] Add more friendly warning for proxy issues - JDK-8297154: Improve safepoint cleanup logging - JDK-8297450: ScaledTextFieldBorderTest.java fails when run with -show parameter - JDK-8297587: Upgrade JLine to 3.22.0 - JDK-8297730: C2: Arraycopy intrinsic throws incorrect exception - JDK-8297955: LDAP CertStore should use LdapName and not String for DNs - JDK-8298488: [macos13] tools/jpackage tests failing with 'Exit code: 137' on macOS - JDK-8298887: On the latest macOS+XCode the Robot API may report wrong colors - JDK-8299179: ArrayFill with store on backedge needs to reduce length by 1 - JDK-8299259: C2: Div/Mod nodes without zero check could be split through iv phi of loop resulting in SIGFPE - JDK-8299544: Improve performance of CRC32C intrinsics (non-AVX-512) for small inputs - JDK-8299570: [JVMCI] Insufficient error handling when CodeBuffer is exhausted - JDK-8299959: C2: CmpU::Value must filter overflow computation against local sub computation - JDK-8300042: Improve CPU related JFR events descriptions - JDK-8300079: SIGSEGV in LibraryCallKit::inline_string_copy due to constant NULL src argument - JDK-8300823: UB: Compile::_phase_optimize_finished is initialized too late - JDK-8300939: sun/security/provider/certpath/OCSP/ /OCSPNoContentLength.java fails due to network errors - JDK-8301050: Detect Xen Virtualization on Linux aarch64 - JDK-8301119: Support for GB18030-2022 - JDK-8301123: Enable Symbol refcounting underflow checks in PRODUCT - JDK-8301190: [vectorapi] The typeChar of LaneType is incorrect when default locale is tr - JDK-8301216: ForkJoinPool invokeAll() ignores timeout - JDK-8301338: Identical branch conditions in CompileBroker::print_heapinfo - JDK-8301491: C2: java.lang.StringUTF16::indexOfChar intrinsic called with negative character argument - JDK-8301637: ThreadLocalRandom.current().doubles().parallel() contention - JDK-8301661: Enhance os::pd_print_cpu_info on macOS and Windows - JDK-8302151: BMPImageReader throws an exception reading BMP images - JDK-8302172: [JVMCI] HotSpotResolvedJavaMethodImpl.canBeInlined must respect ForceInline - JDK-8302320: AsyncGetCallTrace obtains too few frames in sanity test - JDK-8302491: NoClassDefFoundError omits the original cause of an error - JDK-8302508: Add timestamp to the output TraceCompilerThreads - JDK-8302594: use-after-free in Node::destruct - JDK-8302595: use-after-free related to GraphKit::clone_map - JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message - JDK-8302849: SurfaceManager might expose partially constructed object - JDK-8303069: Memory leak in CompilerOracle::parse_from_line - JDK-8303102: jcmd: ManagementAgent.status truncates the text longer than O_BUFLEN - JDK-8303130: Document required Accessibility permissions on macOS - JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return - JDK-8303433: Bump update version for OpenJDK: jdk-17.0.8 - JDK-8303440: The 'ZonedDateTime.parse' may not accept the 'UTC+XX' zone id - JDK-8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates - JDK-8303476: Add the runtime version in the release file of a JDK image - JDK-8303482: Update LCMS to 2.15 - JDK-8303508: Vector.lane() gets wrong value on x86 - JDK-8303511: C2: assert(get_ctrl(n) == cle_out) during unrolling - JDK-8303564: C2: 'Bad graph detected in build_loop_late' after a CMove is wrongly split thru phi - JDK-8303575: adjust Xen handling on Linux aarch64 - JDK-8303576: addIdentitiesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return - JDK-8303588: [JVMCI] make JVMCI source directories conform with standard layout - JDK-8303809: Dispose context in SPNEGO NegotiatorImpl - JDK-8303822: gtestMain should give more helpful output - JDK-8303861: Error handling step timeouts should never be blocked by OnError and others - JDK-8303937: Corrupted heap dumps due to missing retries for os::write() - JDK-8303949: gcc10 warning Linux ppc64le - note: the layout of aggregates containing vectors with 8-byte alignment has changed in GCC 5 - JDK-8304054: Linux: NullPointerException from FontConfiguration.getVersion in case no fonts are installed - JDK-8304063: tools/jpackage/share/AppLauncherEnvTest.java fails when checking LD_LIBRARY_PATH - JDK-8304134: jib bootstrapper fails to quote filename when checking download filetype - JDK-8304291: [AIX] Broken build after JDK-8301998 - JDK-8304295: harfbuzz build fails with GCC 7 after JDK-8301998 - JDK-8304350: Font.getStringBounds calculates wrong width for TextAttribute.TRACKING other than 0.0 - JDK-8304671: javac regression: Compilation with --release 8 fails on underscore in enum identifiers - JDK-8304683: Memory leak in WB_IsMethodCompatible - JDK-8304760: Add 2 Microsoft TLS roots - JDK-8304867: Explicitly disable dtrace for ppc builds - JDK-8304880: [PPC64] VerifyOops code in C1 doesn't work with ZGC - JDK-8305088: SIGSEGV in Method::is_method_handle_intrinsic - JDK-8305113: (tz) Update Timezone Data to 2023c - JDK-8305400: ISO 4217 Amendment 175 Update - JDK-8305403: Shenandoah evacuation workers may deadlock - JDK-8305481: gtest is_first_C_frame failing on ARM - JDK-8305690: [X86] Do not emit two REX prefixes in Assembler::prefix - JDK-8305711: Arm: C2 always enters slowpath for monitorexit - JDK-8305721: add `make compile-commands` artifacts to .gitignore - JDK-8305975: Add TWCA Global Root CA - JDK-8305993: Add handleSocketErrorWithMessage to extend nio Net.c exception message - JDK-8305994: Guarantee eventual async monitor deflation - JDK-8306072: Open source several AWT MouseInfo related tests - JDK-8306133: Open source few AWT Drag & Drop related tests - JDK-8306409: Open source AWT KeyBoardFocusManger, LightWeightComponent related tests - JDK-8306432: Open source several AWT Text Component related tests - JDK-8306466: Open source more AWT Drag & Drop related tests - JDK-8306489: Open source AWT List related tests - JDK-8306543: GHA: MSVC installation is failing - JDK-8306640: Open source several AWT TextArea related tests - JDK-8306652: Open source AWT MenuItem related tests - JDK-8306658: GHA: MSVC installation could be optional since it might already be pre-installed - JDK-8306664: GHA: Update MSVC version to latest stepping - JDK-8306681: Open source more AWT DnD related tests - JDK-8306683: Open source several clipboard and color AWT tests - JDK-8306752: Open source several container and component AWT tests - JDK-8306753: Open source several container AWT tests - JDK-8306755: Open source few Swing JComponent and AbstractButton tests - JDK-8306768: CodeCache Analytics reports wrong threshold - JDK-8306774: Make runtime/Monitor/ /GuaranteedAsyncDeflationIntervalTest.java more reliable - JDK-8306825: Monitor deflation might be accidentally disabled by zero intervals - JDK-8306850: Open source AWT Modal related tests - JDK-8306871: Open source more AWT Drag & Drop tests - JDK-8306883: Thread stacksize is reported with wrong units in os::create_thread logging - JDK-8306941: Open source several datatransfer and dnd AWT tests - JDK-8306943: Open source several dnd AWT tests - JDK-8306954: Open source five Focus related tests - JDK-8306955: Open source several JComboBox jtreg tests - JDK-8306976: UTIL_REQUIRE_SPECIAL warning on grep - JDK-8306996: Open source Swing MenuItem related tests - JDK-8307080: Open source some more JComboBox jtreg tests - JDK-8307128: Open source some drag and drop tests 4 - JDK-8307130: Open source few Swing JMenu tests - JDK-8307133: Open source some JTable jtreg tests - JDK-8307134: Add GTS root CAs - JDK-8307135: java/awt/dnd/NotReallySerializableTest/ /NotReallySerializableTest.java failed - JDK-8307331: Correctly update line maps when class redefine rewrites bytecodes - JDK-8307346: Add missing gc+phases logging for ObjectCount(AfterGC) JFR event collection code - JDK-8307347: serviceability/sa/ClhsdbDumpclass.java could leave files owned by root on macOS - JDK-8307378: Allow collectors to provide specific values for GC notifications' actions - JDK-8307381: Open Source JFrame, JIF related Swing Tests - JDK-8307425: Socket input stream read burns CPU cycles with back-to-back poll(0) calls - JDK-8307799: Newly added java/awt/dnd/MozillaDnDTest.java has invalid jtreg `@requires` clause - JDK-8308554: [17u] Fix commit of 8286191. vm.musl was not removed from ExternalEditorTest - JDK-8308880: [17u] micro bench ZoneStrings missed in backport of 8278434 - JDK-8308884: [17u/11u] Backout JDK-8297951 - JDK-8311467: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.8 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3649-1 Released: Mon Sep 18 15:45:04 2023 Summary: Recommended update for java-17-openjdk Type: recommended Severity: important References: This update for java-17-openjdk fixes the following issues: - Fix a regression where the validation would reject valid zip64 (zip with 64-bit offset extensions) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4289-1 Released: Tue Oct 31 09:15:08 2023 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1214790,1216339,1216374,CVE-2023-22025,CVE-2023-22081 This update for java-17-openjdk fixes the following issues: - Updated to JDK 17.0.9+9 (October 2023 CPU): - CVE-2023-22081: Fixed a partial denial of service issue that could be triggered via HTTPS (bsc#1216374). - CVE-2023-22025: Fixed a memory corruption issue in applications using AVX-512 (bsc#1216339). Please visit the Oracle Release Notes page for the full changelog: https://www.oracle.com/java/technologies/javase/17all-relnotes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:230-1 Released: Thu Jan 25 11:11:27 2024 Summary: Recommended update for adcli Type: recommended Severity: moderate References: 1214076 This update for adcli fixes the following issues: - Populate Samba's secrets database using offline domain join (bsc#1214076) - Write SID before secret to Samba's db (bsc#1214076) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:325-1 Released: Mon Feb 5 11:39:10 2024 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1218903,1218905,1218907,1218908,1218909,1218911,CVE-2024-20918,CVE-2024-20919,CVE-2024-20921,CVE-2024-20932,CVE-2024-20945,CVE-2024-20952 This update for java-17-openjdk fixes the following issues: Updated to version 17.0.10 (January 2024 CPU): - CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM due to a missing bounds check (bsc#1218907). - CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class file verifier (bsc#1218903). - CVE-2024-20921: Fixed an incorrect optimization in the Hotspot JVM that could lead to corruption of JVM memory (bsc#1218905). - CVE-2024-20932: Fixed an incorrect handling of ZIP files with duplicate entries (bsc#1218908). - CVE-2024-20945: Fixed a potential private key leak through debug logs (bsc#1218909). - CVE-2024-20952: Fixed an RSA padding issue and timing side-channel attack against TLS (bsc#1218911). Find the full release notes at: https://mail.openjdk.org/pipermail/jdk-updates-dev/2024-January/029089.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:948-1 Released: Wed Mar 20 15:36:58 2024 Summary: Recommended update for java-17-openjdk Type: recommended Severity: moderate References: 1219662 This update for java-17-openjdk fixes the following issues: - Recommend mozilla-nss-sysinit in order to have available the /etc/pki/nssdb directory and its content, required in fips mode (bsc#1219662). - Do not install our crafted nss.fips.cfg file, but use the one that the build produces with our fips.patch applied. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1136-1 Released: Mon Apr 8 11:30:15 2024 Summary: Security update for c-ares Type: security Severity: moderate References: 1220279,CVE-2024-25629 This update for c-ares fixes the following issues: - CVE-2024-25629: Fixed out of bounds read in ares__read_line() (bsc#1220279). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1341-1 Released: Thu Apr 18 15:29:45 2024 Summary: Recommended update for tftp Type: recommended Severity: moderate References: 1215520 This update for tftp fixes the following issue: - Allow enabling the service via `systemctl enable tftp` to create the tftp.socket symlink (bsc#1215520) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1344-1 Released: Thu Apr 18 18:50:37 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1175678,1218171,1221525,1222086 This update for libzypp, zypper fixes the following issues: - Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398) - Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086) - TmpFile: Don't call chmod if makeSibling failed - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add default stripe minimum - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config - version 17.32.0 - ProblemSolution::skipsPatchesOnly overload to handout the patches - Show active dry-run/download-only at the commit propmpt - Add --skip-not-applicable-patches option - Fix printing detailed solver problem description - Fix bash-completion to work with right adjusted numbers in the 1st column too - Set libzypp shutdown request signal on Ctrl+C - In the detailed view show all baseurls not just the first one (bsc#1218171) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1345-1 Released: Thu Apr 18 19:15:51 2024 Summary: Security update for tomcat Type: security Severity: important References: 1221385,1221386,CVE-2024-23672,CVE-2024-24549 This update for tomcat fixes the following issues: - CVE-2024-24549: Fixed denial of service during header validation for HTTP/2 stream (bsc#1221386) - CVE-2024-23672: Fixed denial of service due to malicious WebSocket client keeping connection open (bsc#1221385) Other fixes: - Update to Tomcat 9.0.87 * Catalina + Fix: Minor performance improvement for building filter chains. Based on ideas from #702 by Luke Miao. (remm) + Fix: Align error handling for Writer and OutputStream. Ensure use of either once the response has been recycled triggers a NullPointerException provided that discardFacades is configured with the default value of true. (markt) + Fix: 68692: The standard thread pool implementations that are configured using the Executor element now implement ExecutorService for better support NIO2. (remm) + Fix: 68495: When restoring a saved POST request after a successful FORM authentication, ensure that neither the URI, the query string nor the protocol are corrupted when restoring the request body. (markt) + Fix: 68721: Workaround a possible cause of duplicate class definitions when using ClassFileTransformers and the transformation of a class also triggers the loading of the same class. (markt) + Fix: The rewrite valve should not do a rewrite if the output is identical to the input. (remm) + Update: Add a new valveSkip (or VS) rule flag to the rewrite valve to allow skipping over the next valve in the Catalina pipeline. (remm) + Fix: Correct JPMS and OSGi meta-data for tomcat-enbed-core.jar by removing reference to org.apache.catalina.ssi package that is no longer included in the JAR. Based on pull request #684 by Jendrik Johannes. (markt) + Fix: Fix ServiceBindingPropertySource so that trailing \r\n sequences are correctly removed from files containing property values when configured to do so. Bug identified by Coverity Scan. (markt) + Add: Add improvements to the CSRF prevention filter including the ability to skip adding nonces for resource name and subtree URL patterns. (schultz) + Fix: Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. (remm) + Fix: 68089: Further improve the performance of request attribute access for ApplicationHttpRequest and ApplicationRequest. (markt) + Fix: 68559: Allow asynchronous error handling to write to the response after an error during asynchronous processing. (markt) * Coyote + Fix: Improve the HTTP/2 stream prioritisation process. If a stream uses all of the connection windows and still has content to write, it will now be added to the backlog immediately rather than waiting until the write attempt for the remaining content. (markt) + Fix: Make asynchronous error handling more robust. Ensure that once a connection is marked to be closed, further asynchronous processing cannot change that. (markt) + Fix: Make asynchronous error handling more robust. Ensure that once the call to AsyncListener.onError() has returned to the container, only container threads can access the AsyncContext. This protects against various race conditions that woudl otherwise occur if application threads continued to access the AsyncContext. + Fix: Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. In particular, most of the HTTP/2 debug logging has been changed to trace level. (remm) + Fix: Add support for user provided SSLContext instances configured on SSLHostConfigCertificate instances. Based on pull request #673 provided by Hakan Alt??nda??. (markt) + Fix: Improve the Tomcat Native shutdown process to reduce the likelihood of a JVM crash during Tomcat shutdown. (markt) + Fix: Partial fix for 68558: Cache the result of converting to String for request URI, HTTP header names and the request Content-Type value to improve performance by reducing repeated byte[] to String conversions. (markt) + Fix: Improve error reporting to HTTP/2 clients for header processing errors by reporting problems at the end of the frame where the error was detected rather than at the end of the headers. (markt) + Fix: Remove the remaining reference to a stream once the stream has been recycled. This makes the stream eligible for garbage collection earlier and thereby improves scalability. (markt) * Jasper + Add: Add support for specifying Java 22 (with the value 22) as the compiler source and/or compiler target for JSP compilation. If used with an Eclipse JDT compiler version that does not support these values, a warning will be logged and the default will used. (markt) + Fix: 68546: Generate optimal size and types for JSP imports maps, as suggested by John Engebretson. (remm) + Fix: Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. (remm) * Cluster + Fix: Avoid updating request count stats on async. (remm) * WebSocket + Fix: Correct a regression in the fix for 66508 that could cause an UpgradeProcessor leak in some circumstances. (markt) + Fix: Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. (remm) + Fix: Ensure that WebSocket connection closure completes if the connection is closed when the server side has used the proprietary suspend/resume feature to suspend the connection. (markt) * Web applications + Add: Add support for responses in JSON format from the examples application RequestHeaderExample. (schultz) * Other + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Update: Update Checkstyle to 10.13.0. (markt) + Update: Update JSign to 6.0. (markt) + Update: Add strings for debug level messages. (remm) + Update: Update Tomcat Native to 1.3.0. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1368-1 Released: Mon Apr 22 11:06:29 2024 Summary: Security update for shim Type: security Severity: important References: 1198101,1205588,1205855,1210382,1213945,1215098,1215099,1215100,1215101,1215102,1215103,1219460,CVE-2022-28737,CVE-2023-40546,CVE-2023-40547,CVE-2023-40548,CVE-2023-40549,CVE-2023-40550,CVE-2023-40551 This update for shim fixes the following issues: - Update shim-install to set the TPM2 SRK algorithm (bsc#1213945) - Limit the requirement of fde-tpm-helper-macros to the distro with suse_version 1600 and above (bsc#1219460) Update to version 15.8: Security issues fixed: - mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546) - avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547) - Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548) - Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549) - pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550) - pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551) The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now. - Generate dbx during build so we don't include binary files in sources - Don't require grub so shim can still be used with systemd-boot - Update shim-install to fix boot failure of ext4 root file system on RAID10 (bsc#1205855) - Adopt the macros from fde-tpm-helper-macros to update the signature in the sealed key after a bootloader upgrade - Update shim-install to amend full disk encryption support - Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector - Use the long name to specify the grub2 key protector - cryptodisk: support TPM authorized policies - Do not use tpm_record_pcrs unless the command is in command.lst - Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to enable the NX compatibility flag when using post-process-pe after discussed with grub2 experts in mail. It's useful for further development and testing. (bsc#1205588) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1439-1 Released: Thu Apr 25 23:41:12 2024 Summary: Security update for python-idna Type: security Severity: moderate References: 1222842,CVE-2024-3651 This update for python-idna fixes the following issues: - CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1458-1 Released: Mon Apr 29 07:47:34 2024 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1220763 This update for vim fixes the following issues: - Fix segmentation fault after updating to version 9.1.0111-150500.20.9.1 (bsc#1220763) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1498-1 Released: Mon May 6 09:42:11 2024 Summary: Security update for java-11-openjdk Type: security Severity: low References: 1213470,1222979,1222983,1222984,1222986,1222987,CVE-2024-21011,CVE-2024-21012,CVE-2024-21068,CVE-2024-21085,CVE-2024-21094 This update for java-11-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979) - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987) - CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983) - CVE-2024-21085: Fixed denial of service due to Pack200 excessive memory allocation (JDK-8322114,bsc#1222984) - CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with 'Exceeded _node_regs array' (JDK-8317507,JDK-8325348,bsc#1222986) Other fixes: - Upgrade to upstream tag jdk-11.0.23+9 (April 2024 CPU) * Security fixes + JDK-8318340: Improve RSA key implementations * Other changes + JDK-6928542: Chinese characters in RTF are not decoded + JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/ /bug4517214.java fails on MacOS + JDK-7148092: [macosx] When Alt+down arrow key is pressed, the combobox popup does not appear. + JDK-8054022: HttpURLConnection timeouts with Expect: 100-Continue and no chunking + JDK-8054572: [macosx] JComboBox paints the border incorrectly + JDK-8058176: [mlvm] tests should not allow code cache exhaustion + JDK-8067651: LevelTransitionTest.java, fix trivial methods levels logic + JDK-8068225: nsk/jdi/EventQueue/remove_l/remove_l005 intermittently times out + JDK-8156889: ListKeychainStore.sh fails in some virtualized environments + JDK-8166275: vm/mlvm/meth/stress/compiler/deoptimize keeps timeouting + JDK-8166554: Avoid compilation blocking in OverloadCompileQueueTest.java + JDK-8169475: WheelModifier.java fails by timeout + JDK-8180266: Convert sun/security/provider/KeyStore/DKSTest.sh to Java Jtreg Test + JDK-8186610: move ModuleUtils to top-level testlibrary + JDK-8192864: defmeth tests can hide failures + JDK-8193543: Regression automated test '/open/test/jdk/java/ /awt/TrayIcon/SystemTrayInstance/SystemTrayInstanceTest.java' fails + JDK-8198668: MemoryPoolMBean/isUsageThresholdExceeded/ /isexceeded001/TestDescription.java still failing + JDK-8202282: [TESTBUG] appcds TestCommon .makeCommandLineForAppCDS() can be removed + JDK-8202790: DnD test DisposeFrameOnDragTest.java does not clean up + JDK-8202931: [macos] java/awt/Choice/ChoicePopupLocation/ /ChoicePopupLocation.java fails + JDK-8207211: [TESTBUG] Remove excessive output from CDS/AppCDS tests + JDK-8207214: Broken links in JDK API serialized-form page + JDK-8207855: Make applications/jcstress invoke tests in batches + JDK-8208243: vmTestbase/gc/lock/jni/jnilock002/ /TestDescription.java fails in jdk/hs nightly + JDK-8208278: [mlvm] [TESTBUG] vm.mlvm.mixed.stress.java .findDeadlock.INDIFY_Test Deadlocked threads are not always detected + JDK-8208623: [TESTBUG] runtime/LoadClass/LongBCP.java fails in AUFS file system + JDK-8208699: remove unneeded imports from runtime tests + JDK-8208704: runtime/appcds/MultiReleaseJars.java timed out often in hs-tier7 testing + JDK-8208705: [TESTBUG] The -Xlog:cds,cds+hashtables vm option is not always required for appcds tests + JDK-8209549: remove VMPropsExt from TEST.ROOT + JDK-8209595: MonitorVmStartTerminate.java timed out + JDK-8209946: [TESTBUG] CDS tests should use '@run driver' + JDK-8211438: [Testbug] runtime/XCheckJniJsig/XCheckJSig.java looks for libjsig in wrong location + JDK-8211978: Move testlibrary/jdk/testlibrary/ /SimpleSSLContext.java and testkeys to network testlibrary + JDK-8213622: Windows VS2013 build failure - ''snprintf': identifier not found' + JDK-8213926: WB_EnqueueInitializerForCompilation requests compilation for NULL + JDK-8213927: G1 ignores AlwaysPreTouch when UseTransparentHugePages is enabled + JDK-8214908: add ctw tests for jdk.jfr and jdk.management.jfr modules + JDK-8214915: CtwRunner misses export for jdk.internal.access + JDK-8216408: XMLStreamWriter setDefaultNamespace(null) throws NullPointerException + JDK-8217475: Unexpected StackOverflowError in 'process reaper' thread + JDK-8218754: JDK-8068225 regression in JDIBreakpointTest + JDK-8219475: javap man page needs to be updated + JDK-8219585: [TESTBUG] sun/management/jmxremote/bootstrap/ /JMXInterfaceBindingTest.java passes trivially when it shouldn't + JDK-8219612: [TESTBUG] compiler.codecache.stress.Helper .TestCaseImpl can't be defined in different runtime package as its nest host + JDK-8225471: Test utility jdk.test.lib.util.FileUtils .areAllMountPointsAccessible needs to tolerate duplicates + JDK-8226706: (se) Reduce the number of outer loop iterations on Windows in java/nio/channels/Selector/RacyDeregister.java + JDK-8226905: unproblem list applications/ctw/modules/* tests on windows + JDK-8226910: make it possible to use jtreg's -match via run-test framework + JDK-8227438: [TESTLIB] Determine if file exists by Files.exists in function FileUtils.deleteFileIfExistsWithRetry + JDK-8231585: java/lang/management/ThreadMXBean/ /MaxDepthForThreadInfoTest.java fails with java.lang.NullPointerException + JDK-8232839: JDI AfterThreadDeathTest.java failed due to 'FAILED: Did not get expected IllegalThreadStateException on a StepRequest.enable()' + JDK-8233453: MLVM deoptimize stress test timed out + JDK-8234309: LFGarbageCollectedTest.java fails with parse Exception + JDK-8237222: [macos] java/awt/Focus/UnaccessibleChoice/ /AccessibleChoiceTest.java fails + JDK-8237777: 'Dumping core ...' is shown despite claiming that '# No core dump will be written.' + JDK-8237834: com/sun/jndi/ldap/LdapDnsProviderTest.java failing with LDAP response read timeout + JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel + JDK-8239801: [macos] java/awt/Focus/UnaccessibleChoice/ /AccessibleChoiceTest.java fails + JDK-8244679: JVM/TI GetCurrentContendedMonitor/contmon001 failed due to '(IsSameObject#3) unexpected monitor object: 0x000000562336DBA8' + JDK-8246222: Rename javac test T6395981.java to be more informative + JDK-8247818: GCC 10 warning stringop-overflow with symbol code + JDK-8249087: Always initialize _body[0..1] in Symbol constructor + JDK-8251349: Add TestCaseImpl to OverloadCompileQueueTest.java's build dependencies + JDK-8251904: vmTestbase/nsk/sysdict/vm/stress/btree/btree010/ /btree010.java fails with ClassNotFoundException: nsk.sysdict.share.BTree0LLRLRLRRLR + JDK-8253543: sanity/client/SwingSet/src/ /ButtonDemoScreenshotTest.java failed with 'AssertionError: All pixels are not black' + JDK-8253739: java/awt/image/MultiResolutionImage/ /MultiResolutionImageObserverTest.java fails + JDK-8253820: Save test images and dumps with timestamps from client sanity suite + JDK-8255277: randomDelay in DrainDeadlockT and LoggingDeadlock do not randomly delay + JDK-8255546: Missing coverage for javax.smartcardio.CardPermission and ResponseAPDU + JDK-8255743: Relax SIGFPE match in in runtime/ErrorHandling/SecondaryErrorTest.java + JDK-8257505: nsk/share/test/StressOptions stressTime is scaled in getter but not when printed + JDK-8259801: Enable XML Signature secure validation mode by default + JDK-8264135: UnsafeGetStableArrayElement should account for different JIT implementation details + JDK-8265349: vmTestbase/../stress/compiler/deoptimize/ /Test.java fails with OOME due to CodeCache exhaustion. + JDK-8269025: jsig/Testjsig.java doesn't check exit code + JDK-8269077: TestSystemGC uses 'require vm.gc.G1' for large pages subtest + JDK-8271094: runtime/duplAttributes/DuplAttributesTest.java doesn't check exit code + JDK-8271224: runtime/EnclosingMethodAttr/EnclMethodAttr.java doesn't check exit code + JDK-8271828: mark hotspot runtime/classFileParserBug tests which ignore external VM flags + JDK-8271829: mark hotspot runtime/Throwable tests which ignore external VM flags + JDK-8271890: mark hotspot runtime/Dictionary tests which ignore external VM flags + JDK-8272291: mark hotspot runtime/logging tests which ignore external VM flags + JDK-8272335: runtime/cds/appcds/MoveJDKTest.java doesn't check exit codes + JDK-8272551: mark hotspot runtime/modules tests which ignore external VM flags + JDK-8272552: mark hotspot runtime/cds tests which ignore external VM flags + JDK-8273803: Zero: Handle 'zero' variant in CommandLineOptionTest.java + JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java fails in Windows 11 + JDK-8274621: NullPointerException because listenAddress[0] is null + JDK-8276796: gc/TestSystemGC.java large pages subtest fails with ZGC + JDK-8280007: Enable Neoverse N1 optimizations for Arm Neoverse V1 & N2 + JDK-8281149: (fs) java/nio/file/FileStore/Basic.java fails with java.lang.RuntimeException: values differ by more than 1GB + JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/ /ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from problemlist. + JDK-8281717: Cover logout method for several LoginModule + JDK-8282665: [REDO] ByteBufferTest.java: replace endless recursion with RuntimeException in void ck(double x, double y) + JDK-8284090: com/sun/security/auth/module/AllPlatforms.java fails to compile + JDK-8285756: clean up use of bad arguments for `@clean` in langtools tests + JDK-8285785: CheckCleanerBound test fails with PasswordCallback object is not released + JDK-8285867: Convert applet manual tests SelectionVisible.java to Frame and automate + JDK-8286846: test/jdk/javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java fails on mac aarch64 + JDK-8286969: Add a new test library API to execute kinit in SecurityTools.java + JDK-8287113: JFR: Periodic task thread uses period for method sampling events + JDK-8289511: Improve test coverage for XPath Axes: child + JDK-8289764: gc/lock tests failed with 'OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects' + JDK-8289948: Improve test coverage for XPath functions: Node Set Functions + JDK-8290399: [macos] Aqua LAF does not fire an action event if combo box menu is displayed + JDK-8290909: MemoryPoolMBean/isUsageThresholdExceeded tests failed with 'isUsageThresholdExceeded() returned false, and is still false, while threshold = MMMMMMM and used peak = NNNNNNN' + JDK-8292182: [TESTLIB] Enhance JAXPPolicyManager to setup required permissions for jtreg version 7 jar + JDK-8292946: GC lock/jni/jnilock001 test failed 'assert(gch->gc_cause() == GCCause::_scavenge_alot || !gch->incremental_collection_failed()) failed: Twice in a row' + JDK-8293819: sun/util/logging/PlatformLoggerTest.java failed with 'RuntimeException: Retrieved backing PlatformLogger level null is not the expected CONFIG' + JDK-8294158: HTML formatting for PassFailJFrame instructions + JDK-8294254: [macOS] javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java failure + JDK-8294402: Add diagnostic logging to VMProps.checkDockerSupport + JDK-8294535: Add screen capture functionality to PassFailJFrame + JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails intermittently on a VM + JDK-8296384: [TESTBUG] sun/security/provider/SecureRandom/ /AbstractDrbg/SpecTest.java intermittently timeout + JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java failed: ExceptionInInitializerError: target class not found + JDK-8300269: The selected item in an editable JComboBox with titled border is not visible in Aqua LAF + JDK-8300727: java/awt/List/ListGarbageCollectionTest/ /AwtListGarbageCollectionTest.java failed with 'List wasn't garbage collected' + JDK-8301310: The SendRawSysexMessage test may cause a JVM crash + JDK-8301377: adjust timeout for JLI GetObjectSizeIntrinsicsTest.java subtest again + JDK-8301846: Invalid TargetDataLine after screen lock when using JFileChooser or COM library + JDK-8302017: Allocate BadPaddingException only if it will be thrown + JDK-8302109: Trivial fixes to btree tests + JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/TestAMEnotNPE.java + JDK-8302607: increase timeout for ContinuousCallSiteTargetChange.java + JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM + JDK-8304314: StackWalkTest.java fails after CODETOOLS-7903373 + JDK-8304725: AsyncGetCallTrace can cause SIGBUS on M1 + JDK-8305502: adjust timeouts in three more M&M tests + JDK-8305505: NPE in javazic compiler + JDK-8305972: Update XML Security for Java to 3.0.2 + JDK-8306072: Open source several AWT MouseInfo related tests + JDK-8306076: Open source AWT misc tests + JDK-8306409: Open source AWT KeyBoardFocusManger, LightWeightComponent related tests + JDK-8306640: Open source several AWT TextArea related tests + JDK-8306652: Open source AWT MenuItem related tests + JDK-8306681: Open source more AWT DnD related tests + JDK-8306683: Open source several clipboard and color AWT tests + JDK-8306752: Open source several container and component AWT tests + JDK-8306753: Open source several container AWT tests + JDK-8306755: Open source few Swing JComponent and AbstractButton tests + JDK-8306812: Open source several AWT Miscellaneous tests + JDK-8306871: Open source more AWT Drag & Drop tests + JDK-8306996: Open source Swing MenuItem related tests + JDK-8307123: Fix deprecation warnings in DPrinter + JDK-8307130: Open source few Swing JMenu tests + JDK-8307299: Move more DnD tests to open + JDK-8307311: Timeouts on one macOS 12.6.1 host of two Swing JTableHeader tests + JDK-8307381: Open Source JFrame, JIF related Swing Tests + JDK-8307683: Loop Predication should not hoist range checks with trap on success projection by negating their condition + JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC while allocating + JDK-8308116: jdk.test.lib.compiler.InMemoryJavaCompiler .compile does not close files + JDK-8308223: failure handler missed jcmd.vm.info command + JDK-8308232: nsk/jdb tests don't pass -verbose flag to the debuggee + JDK-8308245: Add -proc:full to describe current default annotation processing policy + JDK-8308336: Test java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java failed: java.net.BindException: Address already in use + JDK-8309104: [JVMCI] compiler/unsafe/ /UnsafeGetStableArrayElement test asserts wrong values with Graal + JDK-8309119: [17u/11u] Redo JDK-8297951: C2: Create skeleton predicates for all If nodes in loop predication + JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/ /agentthr001/TestDescription.java crashing due to empty while loop + JDK-8309778: java/nio/file/Files/CopyAndMove.java fails when using second test directory + JDK-8309870: Using -proc:full should be considered requesting explicit annotation processing + JDK-8310106: sun.security.ssl.SSLHandshake .getHandshakeProducer() incorrectly checks handshakeConsumers + JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/ /bug6889007.java fails + JDK-8310551: vmTestbase/nsk/jdb/interrupt/interrupt001/ /interrupt001.java timed out due to missing prompt + JDK-8310807: java/nio/channels/DatagramChannel/Connect.java timed out + JDK-8311081: KeytoolReaderP12Test.java fail on localized Windows platform + JDK-8311511: Improve description of NativeLibrary JFR event + JDK-8311585: Add JRadioButtonMenuItem to bug8031573.java + JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 + JDK-8313082: Enable CreateCoredumpOnCrash for testing in makefiles + JDK-8313164: src/java.desktop/windows/native/libawt/windows/ /awt_Robot.cpp GetRGBPixels adjust releasing of resources + JDK-8313252: Java_sun_awt_windows_ThemeReader_paintBackground release resources in early returns + JDK-8313643: Update HarfBuzz to 8.2.2 + JDK-8313816: Accessing jmethodID might lead to spurious crashes + JDK-8314144: gc/g1/ihop/TestIHOPStatic.java fails due to extra concurrent mark with -Xcomp + JDK-8314164: java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fails intermittently in timeout + JDK-8314883: Java_java_util_prefs_FileSystemPreferences_lockFile0 write result errno in missing case + JDK-8315034: File.mkdirs() occasionally fails to create folders on Windows shared folder + JDK-8315042: NPE in PKCS7.parseOldSignedData + JDK-8315415: OutputAnalyzer.shouldMatchByLine() fails in some cases + JDK-8315499: build using devkit on Linux ppc64le RHEL puts path to devkit into libsplashscreen + JDK-8315594: Open source few headless Swing misc tests + JDK-8315600: Open source few more headless Swing misc tests + JDK-8315602: Open source swing security manager test + JDK-8315606: Open source few swing text/html tests + JDK-8315611: Open source swing text/html and tree test + JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should run with -Xbatch + JDK-8315731: Open source several Swing Text related tests + JDK-8315761: Open source few swing JList and JMenuBar tests + JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/ /bug4654927.java: component must be showing on the screen to determine its location + JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use createTestJvm + JDK-8316028: Update FreeType to 2.13.2 + JDK-8316030: Update Libpng to 1.6.40 + JDK-8316106: Open source few swing JInternalFrame and JMenuBar tests + JDK-8316461: Fix: make test outputs TEST SUCCESS after unsuccessful exit + JDK-8316947: Write a test to check textArea triggers MouseEntered/MouseExited events properly + JDK-8317307: test/jdk/com/sun/jndi/ldap/ /LdapPoolTimeoutTest.java fails with ConnectException: Connection timed out: no further information + JDK-8317327: Remove JT_JAVA dead code in jib-profiles.js + JDK-8318154: Improve stability of WheelModifier.java test + JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows + JDK-8318468: compiler/tiered/LevelTransitionTest.java fails with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1 + JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java + JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni tests + JDK-8318608: Enable parallelism in vmTestbase/nsk/stress/threads tests + JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with 'transport error 202: bind failed: Address already in use' + JDK-8318889: C2: add bailout after assert Bad graph detected in build_loop_late + JDK-8318951: Additional negative value check in JPEG decoding + JDK-8318955: Add ReleaseIntArrayElements in Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to early return + JDK-8318971: Better Error Handling for Jar Tool When Processing Non-existent Files + JDK-8318983: Fix comment typo in PKCS12Passwd.java + JDK-8319124: Update XML Security for Java to 3.0.3 + JDK-8319456: jdk/jfr/event/gc/collection/ /TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker Initiated GC' not in the valid causes + JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh + JDK-8320001: javac crashes while adding type annotations to the return type of a constructor + JDK-8320208: Update Public Suffix List to b5bf572 + JDK-8320363: ppc64 TypeEntries::type_unknown logic looks wrong, missed optimization opportunity + JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly + JDK-8320798: Console read line with zero out should zero out underlying buffer + JDK-8320884: Bump update version for OpenJDK: jdk-11.0.23 + JDK-8320937: support latest VS2022 MSC_VER in abstract_vm_version.cpp + JDK-8321151: JDK-8294427 breaks Windows L&F on all older Windows versions + JDK-8321215: Incorrect x86 instruction encoding for VSIB addressing mode + JDK-8321408: Add Certainly roots R1 and E1 + JDK-8321480: ISO 4217 Amendment 176 Update + JDK-8322178: Error. can't find jdk.testlibrary .SimpleSSLContext in test directory or libraries + JDK-8322417: Console read line with zero out should zero out when throwing exception + JDK-8322725: (tz) Update Timezone Data to 2023d + JDK-8322750: Test 'api/java_awt/interactive/ /SystemTrayTests.html' failed because A blue ball icon is added outside of the system tray + JDK-8322752: [11u] GetStackTraceAndRetransformTest.java is failing assert + JDK-8322772: Clean up code after JDK-8322417 + JDK-8323008: filter out harmful -std* flags added by autoconf from CXX + JDK-8323243: JNI invocation of an abstract instance method corrupts the stack + JDK-8323515: Create test alias 'all' for all test roots + JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/ /platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed + JDK-8324184: Windows VS2010 build failed with 'error C2275: 'int64_t'' + JDK-8324307: [11u] hotspot fails to build with GCC 12 and newer (non-static data member initializers) + JDK-8324347: Enable 'maybe-uninitialized' warning for FreeType 2.13.1 + JDK-8324659: GHA: Generic jtreg errors are not reported + JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing + JDK-8325150: (tz) Update Timezone Data to 2024a + JDK-8326109: GCC 13 reports maybe-uninitialized warnings for jni.cpp with dtrace enabled + JDK-8326503: [11u] java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fail because of package org.junit.jupiter.api does not exist + JDK-8327391: Add SipHash attribution file + JDK-8329837: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.23 - Removed the possibility to use the system timezone-java (bsc#1213470) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1499-1 Released: Mon May 6 09:44:56 2024 Summary: Security update for java-17-openjdk Type: security Severity: low References: 1213470,1222979,1222983,1222986,1222987,CVE-2024-21011,CVE-2024-21012,CVE-2024-21068,CVE-2024-21094 This update for java-17-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979) - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987) - CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983) - CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with 'Exceeded _node_regs array' (JDK-8317507,JDK-8325348,bsc#1222986) Other fixes: - Update to upstream tag jdk-17.0.11+9 (April 2024 CPU) * Security fixes + JDK-8318340: Improve RSA key implementations * Other changes + JDK-6928542: Chinese characters in RTF are not decoded + JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/ /bug4517214.java fails on MacOS + JDK-7148092: [macosx] When Alt+down arrow key is pressed, the combobox popup does not appear. + JDK-7167356: (javac) investigate failing tests in JavacParserTest + JDK-8054022: HttpURLConnection timeouts with Expect: 100-Continue and no chunking + JDK-8054572: [macosx] JComboBox paints the border incorrectly + JDK-8169475: WheelModifier.java fails by timeout + JDK-8205076: [17u] Inet6AddressImpl.c: `lookupIfLocalHost` accesses `int InetAddress.preferIPv6Address` as a boolean + JDK-8209595: MonitorVmStartTerminate.java timed out + JDK-8210410: Refactor java.util.Currency:i18n shell tests to plain java tests + JDK-8261404: Class.getReflectionFactory() is not thread-safe + JDK-8261837: SIGSEGV in ciVirtualCallTypeData::translate_from + JDK-8263256: Test java/net/Inet6Address/serialize/ /Inet6AddressSerializationTest.java fails due to dynamic reconfigurations of network interface during test + JDK-8269258: java/net/httpclient/ManyRequestsLegacy.java failed with connection timeout + JDK-8271118: C2: StressGCM should have higher priority than frequency-based policy + JDK-8271616: oddPart in MutableBigInteger::mutableModInverse contains info on final result + JDK-8272811: Document the effects of building with _GNU_SOURCE in os_posix.hpp + JDK-8272853: improve `JavadocTester.runTests` + JDK-8273454: C2: Transform (-a)*(-b) into a*b + JDK-8274060: C2: Incorrect computation after JDK-8273454 + JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java fails in Windows 11 + JDK-8274621: NullPointerException because listenAddress[0] is null + JDK-8274632: Possible pointer overflow in PretouchTask chunk claiming + JDK-8274634: Use String.equals instead of String.compareTo in java.desktop + JDK-8276125: RunThese24H.java SIGSEGV in JfrThreadGroup::thread_group_id + JDK-8278028: [test-library] Warnings cleanup of the test library + JDK-8278312: Update SimpleSSLContext keystore to use SANs for localhost IP addresses + JDK-8278363: Create extented container test groups + JDK-8280241: (aio) AsynchronousSocketChannel init fails in IPv6 only Windows env + JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/ /ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from problemlist. + JDK-8281543: Remove unused code/headerfile dtraceAttacher.hpp + JDK-8281585: Remove unused imports under test/lib and jtreg/gc + JDK-8283400: [macos] a11y : Screen magnifier does not reflect JRadioButton value change + JDK-8283626: AArch64: Set relocInfo::offset_unit to 4 + JDK-8283994: Make Xerces DatatypeException stackless + JDK-8286312: Stop mixing signed and unsigned types in bit operations + JDK-8286846: test/jdk/javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java fails on mac aarch64 + JDK-8287832: jdk/jfr/event/runtime/TestActiveSettingEvent.java failed with 'Expected two batches of Active Setting events' + JDK-8288663: JFR: Disabling the JfrThreadSampler commits only a partially disabled state + JDK-8288846: misc tests fail 'assert(ms < 1000) failed: Un-interruptable sleep, short time use only' + JDK-8289764: gc/lock tests failed with 'OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects' + JDK-8290041: ModuleDescriptor.hashCode is inconsistent + JDK-8290203: ProblemList vmTestbase/nsk/jvmti/scenarios/ /capability/CM03/cm03t001/TestDescription.java on linux-all + JDK-8290399: [macos] Aqua LAF does not fire an action event if combo box menu is displayed + JDK-8292458: Atomic operations on scoped enums don't build with clang + JDK-8292946: GC lock/jni/jnilock001 test failed 'assert(gch->gc_cause() == GCCause::_scavenge_alot || !gch->incremental_collection_failed()) failed: Twice in a row' + JDK-8293117: Add atomic bitset functions + JDK-8293547: Add relaxed add_and_fetch for macos aarch64 atomics + JDK-8294158: HTML formatting for PassFailJFrame instructions + JDK-8294254: [macOS] javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java failure + JDK-8294535: Add screen capture functionality to PassFailJFrame + JDK-8295068: SSLEngine throws NPE parsing CertificateRequests + JDK-8295124: Atomic::add to pointer type may return wrong value + JDK-8295274: HelidonAppTest.java fails 'assert(event->should_commit()) failed: invariant' from compiled frame' + JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts + JDK-8297968: Crash in PrintOptoAssembly + JDK-8298087: XML Schema Validation reports an required attribute twice via ErrorHandler + JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java failed: ExceptionInInitializerError: target class not found + JDK-8300269: The selected item in an editable JComboBox with titled border is not visible in Aqua LAF + JDK-8301306: java/net/httpclient/* fail with -Xcomp + JDK-8301310: The SendRawSysexMessage test may cause a JVM crash + JDK-8301787: java/net/httpclient/SpecialHeadersTest failing after JDK-8301306 + JDK-8301846: Invalid TargetDataLine after screen lock when using JFileChooser or COM library + JDK-8302017: Allocate BadPaddingException only if it will be thrown + JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/ /TestAMEnotNPE.java + JDK-8303605: Memory leaks in Metaspace gtests + JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM + JDK-8304696: Duplicate class names in dynamicArchive tests can lead to test failure + JDK-8305356: Fix ignored bad CompileCommands in tests + JDK-8305900: Use loopback IP addresses in security policy files of httpclient tests + JDK-8305906: HttpClient may use incorrect key when finding pooled HTTP/2 connection for IPv6 address + JDK-8305962: update jcstress to 0.16 + JDK-8305972: Update XML Security for Java to 3.0.2 + JDK-8306014: Update javax.net.ssl TLS tests to use SSLContextTemplate or SSLEngineTemplate + JDK-8306408: Fix the format of several tables in building.md + JDK-8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock + JDK-8307926: Support byte-sized atomic bitset operations + JDK-8307955: Prefer to PTRACE_GETREGSET instead of PTRACE_GETREGS in method 'ps_proc.c::process_get_lwp_regs' + JDK-8307990: jspawnhelper must close its writing side of a pipe before reading from it + JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC while allocating + JDK-8308245: Add -proc:full to describe current default annotation processing policy + JDK-8308336: Test java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java failed: java.net.BindException: Address already in use + JDK-8309302: java/net/Socket/Timeouts.java fails with AssertionError on test temporal post condition + JDK-8309305: sun/security/ssl/SSLSocketImpl/ /BlockedAsyncClose.java fails with jtreg test timeout + JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/ /agentthr001/TestDescription.java crashing due to empty while loop + JDK-8309733: [macOS, Accessibility] VoiceOver: Incorrect announcements of JRadioButton + JDK-8309870: Using -proc:full should be considered requesting explicit annotation processing + JDK-8310106: sun.security.ssl.SSLHandshake .getHandshakeProducer() incorrectly checks handshakeConsumers + JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/ /bug6889007.java fails + JDK-8310380: Handle problems in core-related tests on macOS when codesign tool does not work + JDK-8310631: test/jdk/sun/nio/cs/TestCharsetMapping.java is spuriously passing + JDK-8310807: java/nio/channels/DatagramChannel/Connect.java timed out + JDK-8310838: Correct range notations in MethodTypeDesc specification + JDK-8310844: [AArch64] C1 compilation fails because monitor offset in OSR buffer is too large for immediate + JDK-8310923: Refactor Currency tests to use JUnit + JDK-8311081: KeytoolReaderP12Test.java fail on localized Windows platform + JDK-8311160: [macOS, Accessibility] VoiceOver: No announcements on JRadioButtonMenuItem and JCheckBoxMenuItem + JDK-8311581: Remove obsolete code and comments in TestLVT.java + JDK-8311645: Memory leak in jspawnhelper spawnChild after JDK-8307990 + JDK-8311986: Disable runtime/os/TestTracePageSizes.java for ShenandoahGC + JDK-8312428: PKCS11 tests fail with NSS 3.91 + JDK-8312434: SPECjvm2008/xml.transform with CDS fails with 'can't seal package nu.xom' + JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 + JDK-8313082: Enable CreateCoredumpOnCrash for testing in makefiles + JDK-8313206: PKCS11 tests silently skip execution + JDK-8313575: Refactor PKCS11Test tests + JDK-8313621: test/jdk/jdk/internal/math/FloatingDecimal/ /TestFloatingDecimal should use RandomFactory + JDK-8313643: Update HarfBuzz to 8.2.2 + JDK-8313816: Accessing jmethodID might lead to spurious crashes + JDK-8314164: java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fails intermittently in timeout + JDK-8314220: Configurable InlineCacheBuffer size + JDK-8314830: runtime/ErrorHandling/ tests ignore external VM flags + JDK-8315034: File.mkdirs() occasionally fails to create folders on Windows shared folder + JDK-8315042: NPE in PKCS7.parseOldSignedData + JDK-8315594: Open source few headless Swing misc tests + JDK-8315600: Open source few more headless Swing misc tests + JDK-8315602: Open source swing security manager test + JDK-8315611: Open source swing text/html and tree test + JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should run with -Xbatch + JDK-8315731: Open source several Swing Text related tests + JDK-8315761: Open source few swing JList and JMenuBar tests + JDK-8315920: C2: 'control input must dominate current control' assert failure + JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/ /bug4654927.java: component must be showing on the screen to determine its location + JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use createTestJvm + JDK-8316028: Update FreeType to 2.13.2 + JDK-8316030: Update Libpng to 1.6.40 + JDK-8316106: Open source few swing JInternalFrame and JMenuBar tests + JDK-8316304: (fs) Add support for BasicFileAttributes .creationTime() for Linux + JDK-8316392: compiler/interpreter/ /TestVerifyStackAfterDeopt.java failed with SIGBUS in PcDescContainer::find_pc_desc_internal + JDK-8316414: C2: large byte array clone triggers 'failed: malformed control flow' assertion failure on linux-x86 + JDK-8316415: Parallelize sun/security/rsa/SignedObjectChain.java subtests + JDK-8316418: containers/docker/TestMemoryWithCgroupV1.java get OOM killed with Parallel GC + JDK-8316445: Mark com/sun/management/HotSpotDiagnosticMXBean/ /CheckOrigin.java as vm.flagless + JDK-8316679: C2 SuperWord: wrong result, load should not be moved before store if not comparable + JDK-8316693: Simplify at-requires checkDockerSupport() + JDK-8316929: Shenandoah: Shenandoah degenerated GC and full GC need to cleanup old OopMapCache entries + JDK-8316947: Write a test to check textArea triggers MouseEntered/MouseExited events properly + JDK-8317039: Enable specifying the JDK used to run jtreg + JDK-8317144: Exclude sun/security/pkcs11/sslecc/ /ClientJSSEServerJSSE.java on Linux ppc64le + JDK-8317307: test/jdk/com/sun/jndi/ldap/ /LdapPoolTimeoutTest.java fails with ConnectException: Connection timed out: no further information + JDK-8317603: Improve exception messages thrown by sun.nio.ch.Net native methods (win) + JDK-8317771: [macos14] Expand/collapse a JTree using keyboard freezes the application in macOS 14 Sonoma + JDK-8317807: JAVA_FLAGS removed from jtreg running in JDK-8317039 + JDK-8317960: [17u] Excessive CPU usage on AbstractQueuedSynchronized.isEnqueued + JDK-8318154: Improve stability of WheelModifier.java test + JDK-8318183: C2: VM may crash after hitting node limit + JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows + JDK-8318468: compiler/tiered/LevelTransitionTest.java fails with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1 + JDK-8318490: Increase timeout for JDK tests that are close to the limit when run with libgraal + JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java + JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni tests + JDK-8318608: Enable parallelism in vmTestbase/nsk/stress/threads tests + JDK-8318689: jtreg is confused when folder name is the same as the test name + JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with 'transport error 202: bind failed: Address already in use' + JDK-8318951: Additional negative value check in JPEG decoding + JDK-8318955: Add ReleaseIntArrayElements in Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to early return + JDK-8318957: Enhance agentlib:jdwp help output by info about allow option + JDK-8318961: increase javacserver connection timeout values and max retry attempts + JDK-8318971: Better Error Handling for Jar Tool When Processing Non-existent Files + JDK-8318983: Fix comment typo in PKCS12Passwd.java + JDK-8319124: Update XML Security for Java to 3.0.3 + JDK-8319213: Compatibility.java reads both stdout and stderr of JdkUtils + JDK-8319436: Proxy.newProxyInstance throws NPE if loader is null and interface not visible from class loader + JDK-8319456: jdk/jfr/event/gc/collection/ /TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker Initiated GC' not in the valid causes + JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh + JDK-8319922: libCreationTimeHelper.so fails to link in JDK 21 + JDK-8319961: JvmtiEnvBase doesn't zero _ext_event_callbacks + JDK-8320001: javac crashes while adding type annotations to the return type of a constructor + JDK-8320168: handle setsocktopt return values + JDK-8320208: Update Public Suffix List to b5bf572 + JDK-8320300: Adjust hs_err output in malloc/mmap error cases + JDK-8320363: ppc64 TypeEntries::type_unknown logic looks wrong, missed optimization opportunity + JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly + JDK-8320798: Console read line with zero out should zero out underlying buffer + JDK-8320885: Bump update version for OpenJDK: jdk-17.0.11 + JDK-8320921: GHA: Parallelize hotspot_compiler test jobs + JDK-8320937: support latest VS2022 MSC_VER in abstract_vm_version.cpp + JDK-8321151: JDK-8294427 breaks Windows L&F on all older Windows versions + JDK-8321215: Incorrect x86 instruction encoding for VSIB addressing mode + JDK-8321408: Add Certainly roots R1 and E1 + JDK-8321480: ISO 4217 Amendment 176 Update + JDK-8321599: Data loss in AVX3 Base64 decoding + JDK-8321815: Shenandoah: gc state should be synchronized to java threads only once per safepoint + JDK-8321972: test runtime/Unsafe/InternalErrorTest.java timeout on linux-riscv64 platform + JDK-8322098: os::Linux::print_system_memory_info enhance the THP output with /sys/kernel/mm/transparent_hugepage/hpage_pmd_size + JDK-8322321: Add man page doc for -XX:+VerifySharedSpaces + JDK-8322417: Console read line with zero out should zero out when throwing exception + JDK-8322583: RISC-V: Enable fast class initialization checks + JDK-8322725: (tz) Update Timezone Data to 2023d + JDK-8322750: Test 'api/java_awt/interactive/ /SystemTrayTests.html' failed because A blue ball icon is added outside of the system tray + JDK-8322772: Clean up code after JDK-8322417 + JDK-8322783: prioritize /etc/os-release over /etc/SuSE-release in hs_err/info output + JDK-8322968: [17u] Amend Atomics gtest with 1-byte tests + JDK-8323008: filter out harmful -std* flags added by autoconf from CXX + JDK-8323021: Shenandoah: Encountered reference count always attributed to first worker thread + JDK-8323086: Shenandoah: Heap could be corrupted by oom during evacuation + JDK-8323243: JNI invocation of an abstract instance method corrupts the stack + JDK-8323331: fix typo hpage_pdm_size + JDK-8323428: Shenandoah: Unused memory in regions compacted during a full GC should be mangled + JDK-8323515: Create test alias 'all' for all test roots + JDK-8323637: Capture hotspot replay files in GHA + JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed + JDK-8323806: [17u] VS2017 build fails with warning after 8293117. + JDK-8324184: Windows VS2010 build failed with 'error C2275: 'int64_t'' + JDK-8324280: RISC-V: Incorrect implementation in VM_Version::parse_satp_mode + JDK-8324347: Enable 'maybe-uninitialized' warning for FreeType 2.13.1 + JDK-8324514: ClassLoaderData::print_on should print address of class loader + JDK-8324647: Invalid test group of lib-test after JDK-8323515 + JDK-8324659: GHA: Generic jtreg errors are not reported + JDK-8324937: GHA: Avoid multiple test suites per job + JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing + JDK-8325150: (tz) Update Timezone Data to 2024a + JDK-8325585: Remove no longer necessary calls to set/unset-in-asgct flag in JDK 17 + JDK-8326000: Remove obsolete comments for class sun.security.ssl.SunJSSE + JDK-8327036: [macosx-aarch64] SIGBUS in MarkActivationClosure::do_code_blob reached from Unsafe_CopySwapMemory0 + JDK-8327391: Add SipHash attribution file + JDK-8329836: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.11 - Removed the possibility to use the system timezone-java (bsc#1213470). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1529-1 Released: Mon May 6 11:52:10 2024 Summary: Recommended update for salt Type: recommended Severity: moderate References: 1211649,1211888,1216850,1218482,1219001 This update for salt fixes the following issues: - Convert oscap output to UTF-8 - Make Salt compatible with Python 3.11 - Ignore non-ascii chars in oscap output (bsc#1219001) - Fix detected issues in Salt tests when running on VMs - Make importing seco.range thread safe (bsc#1211649) - Fix problematic tests and allow smooth tests executions on containers - Discover Ansible playbook files as '*.yml' or '*.yaml' files (bsc#1211888) - Provide user(salt)/group(salt) capabilities for RPM 4.19 - Extend dependencies for python3-salt-testsuiteand python3-salt packages - Improve Salt and testsuite packages multibuild - Enable multibuilld and create test flavor - Prevent exceptions with fileserver.update when called via state (bsc#1218482) - Improve pip target override condition with VENV_PIP_TARGET environment variable (bsc#1216850) - Fixed KeyError in logs when running a state that fails ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1530-1 Released: Mon May 6 11:52:34 2024 Summary: Security update for grafana and mybatis Type: security Severity: moderate References: 1219912,1222155,CVE-2023-6152,CVE-2024-1313 This update for grafana and mybatis fixes the following issues: grafana was updated to version 9.5.18: - Grafana now requires Go 1.20 - Security issues fixed: * CVE-2024-1313: Require same organisation when deleting snapshots (bsc#1222155) * CVE-2023-6152: Add email verification when updating user email (bsc#1219912) - Other non-security related changes: * Version 9.5.17: + [FEATURE] Alerting: Backport use Alertmanager API v2 * Version 9.5.16: + [BUGFIX] Annotations: Split cleanup into separate queries and deletes to avoid deadlocks on MySQL * Version 9.5.15: + [FEATURE] Alerting: Attempt to retry retryable errors * Version 9.5.14: + [BUGFIX] Alerting: Fix state manager to not keep datasource_uid and ref_id labels in state after Error + [BUGFIX] Transformations: Config overrides being lost when config from query transform is applied + [BUGFIX] LDAP: Fix enable users on successfull login * Version 9.5.13: + [BUGFIX] BrowseDashboards: Only remember the most recent expanded folder + [BUGFIX] Licensing: Pass func to update env variables when starting plugin * Version 9.5.12: + [FEATURE] Azure: Add support for Workload Identity authentication * Version 9.5.9: + [FEATURE] SSE: Fix DSNode to not panic when response has empty response + [FEATURE] Prometheus: Handle the response with different field key order + [BUGFIX] LDAP: Fix user disabling mybatis: - `apache-commons-ognl` is now a non-optional dependency - Fixed building with log4j v1 and v2 dependencies ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1531-1 Released: Mon May 6 11:54:10 2024 Summary: Recommended update for golang-github-prometheus-alertmanager, golang-github-prometheus-node_exporter Type: recommended Severity: moderate References: This update for golang-github-prometheus-alertmanager, golang-github-prometheus-node_exporter fixes the following issues: - update to 1.7.0 (jsc#PED-7893, jsc#PED-7928): * [FEATURE] Add ZFS freebsd per dataset stats #2753 * [FEATURE] Add cpu vulnerabilities reporting from sysfs #2721 * [ENHANCEMENT] Parallelize stat calls in Linux filesystem collector #1772 * [ENHANCEMENT] Add missing linkspeeds to ethtool collector #2711 * [ENHANCEMENT] Add CPU MHz as the value for node_cpu_info metric #2778 * [ENHANCEMENT] Improve qdisc collector performance #2779 * [ENHANCEMENT] Add include and exclude filter for hwmon collector #2699 * [ENHANCEMENT] Optionally fetch ARP stats via rtnetlink instead of procfs #2777 * [BUFFIX] Fix ZFS arcstats on FreeBSD 14.0+ 2754 * [BUGFIX] Fallback to 32-bit stats in netdev #2757 * [BUGFIX] Close btrfs.FS handle after use #2780 * [BUGFIX] Move RO status before error return #2807 * [BUFFIX] Fix promhttp_metric_handler_errors_total being always active #2808 * [BUGFIX] Fix nfsd v4 index miss #2824 - update to 1.6.1: (no source code changes in this release) - BuildRequire go1.20 - update to 1.6.0: * [CHANGE] Fix cpustat when some cpus are offline #2318 * [CHANGE] Remove metrics of offline CPUs in CPU collector #2605 * [CHANGE] Deprecate ntp collector #2603 * [CHANGE] Remove bcache `cache_readaheads_totals` metrics #2583 * [CHANGE] Deprecate supervisord collector #2685 * [FEATURE] Enable uname collector on NetBSD #2559 * [FEATURE] NetBSD support for the meminfo collector #2570 * [FEATURE] NetBSD support for CPU collector #2626 * [FEATURE] Add FreeBSD collector for netisr subsystem #2668 * [FEATURE] Add softirqs collector #2669 * [ENHANCEMENT] Add suspended as a `node_zfs_zpool_state` #2449 * [ENHANCEMENT] Add administrative state of Linux network interfaces #2515 * [ENHANCEMENT] Log current value of GOMAXPROCS #2537 * [ENHANCEMENT] Add profiler options for perf collector #2542 * [ENHANCEMENT] Allow root path as metrics path #2590 * [ENHANCEMENT] Add cpu frequency governor metrics #2569 * [ENHANCEMENT] Add new landing page #2622 * [ENHANCEMENT] Reduce privileges needed for btrfs device stats #2634 * [ENHANCEMENT] Add ZFS `memory_available_bytes` #2687 * [ENHANCEMENT] Use `SCSI_IDENT_SERIAL` as serial in diskstats #2612 * [ENHANCEMENT] Read missing from netlink netclass attributes from sysfs #2669 * [BUGFIX] perf: fixes for automatically detecting the correct tracefs mountpoints #2553 * [BUGFIX] Fix `thermal_zone` collector noise @2554 * [BUGFIX] Fix a problem fetching the user wire count on FreeBSD 2584 * [BUGFIX] interrupts: Fix fields on linux aarch64 #2631 * [BUGFIX] Remove metrics of offline CPUs in CPU collector #2605 * [BUGFIX] Fix OpenBSD filesystem collector string parsing #2637 * [BUGFIX] Fix bad reporting of `node_cpu_seconds_total` in OpenBSD #2663 - change go_modules archive in _service to use obscpio file ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:1542-1 Released: Tue May 7 10:58:08 2024 Summary: Optional update for python-cheroot Type: optional Severity: low References: 1223694 This update for python-cheroot and python-tempora fixes the following issues: - Use update-alternatives for cheroot and tempora binaries (bsc#1223694) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1557-1 Released: Wed May 8 11:42:34 2024 Summary: Security update for rpm Type: security Severity: moderate References: 1189495,1191175,1218686,CVE-2021-3521 This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175) Other fixes: - accept more signature subpackets marked as critical (bsc#1218686) - backport limit support for the autopatch macro (bsc#1189495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1602-1 Released: Fri May 10 15:00:11 2024 Summary: Recommended update for salt Type: recommended Severity: important References: This update for salt fixes the following issues: - Make 'man' a recommended package instead of required to fix installation issues with SLE Micro ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) The following package changes have been done: - cracklib-dict-small-2.9.11-150600.1.90 updated - libldap-data-2.4.46-150600.23.21 updated - glibc-2.38-150600.12.1 updated - libzstd1-1.5.5-150600.1.3 updated - libuuid1-2.39.3-150600.2.1 updated - libsmartcols1-2.39.3-150600.2.1 updated - libsepol2-3.5-150600.1.49 updated - libsasl2-3-2.1.28-150600.5.3 updated - libpcre2-8-0-10.42-150600.1.26 updated - libnghttp2-14-1.40.0-150600.23.2 updated - liblzma5-5.4.1-150600.1.2 updated - liblz4-1-1.9.4-150600.1.4 updated - libgpg-error0-1.47-150600.1.3 updated - libfa1-1.14.1-150600.1.3 updated - libcom_err2-1.47.0-150600.2.26 updated - libblkid1-2.39.3-150600.2.1 updated - libselinux1-3.5-150600.1.46 updated - libglib-2_0-0-2.78.3-150600.2.2 updated - libgcrypt20-1.10.3-150600.1.23 updated - libfdisk1-2.39.3-150600.2.1 updated - libmount1-2.39.3-150600.2.1 updated - libgmodule-2_0-0-2.78.3-150600.2.2 updated - adcli-0.8.2-150400.17.6.1 added - stringtree-json-2.0.9-0.150600.12.4 updated - libabsl2401_0_0-20240116.1-150600.17.7 updated - libgobject-2_0-0-2.78.3-150600.2.2 updated - libopenssl3-3.1.4-150600.3.6 updated - libaugeas0-1.14.1-150600.1.3 updated - libudev1-254.10-150600.2.3 updated - libsystemd0-254.10-150600.2.3 updated - libprotobuf-lite25_1_0-25.1-150600.14.3 updated - libzck1-1.1.16-150600.9.3 updated - libopenssl-3-fips-provider-3.1.4-150600.3.6 updated - libldap-2_4-2-2.4.46-150600.23.21 updated - krb5-1.20.1-150600.9.2 updated - patterns-base-fips-20200124-150600.30.1 updated - perl-base-5.26.1-150300.17.17.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.17.3 updated - shared-mime-info-2.4-150600.1.3 updated - login_defs-4.8.1-150600.15.45 updated - libcrack2-2.9.11-150600.1.90 updated - cracklib-2.9.11-150600.1.90 updated - sed-4.9-150600.1.4 updated - libcurl4-8.6.0-150600.2.2 updated - sles-release-15.6-150600.37.2 updated - libgio-2_0-0-2.78.3-150600.2.2 updated - glib2-tools-2.78.3-150600.2.2 updated - libpxbackend-1_0-0.5.3-150600.2.1 updated - libproxy1-0.5.3-150600.2.2 updated - gpg2-2.4.4-150600.1.4 updated - libgpgme11-1.23.0-150600.1.41 updated - libzypp-17.32.4-150600.1.2 updated - shadow-4.8.1-150600.15.45 updated - zypper-1.14.71-150600.8.2 updated - util-linux-2.39.3-150600.2.1 updated - augeas-1.14.1-150600.1.3 updated - curl-8.6.0-150600.2.2 updated - openssl-3-3.1.4-150600.3.6 updated - concurrent-1.3.4-277.150600.277.4 updated - timezone-2024a-150600.89.2 updated - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - libkmod2-29-150600.11.4 updated - pam-config-1.1-150600.14.3 updated - systemd-presets-branding-SLE-15.1-150600.33.1 updated - systemd-254.10-150600.2.3 updated - coreutils-8.32-150400.9.6.1 updated - augeas-lenses-1.14.1-150600.1.3 updated - girepository-1_0-1.78.1-150600.2.3 updated - libgirepository-1_0-1-1.78.1-150600.2.3 updated - glibc-locale-base-2.38-150600.12.1 updated - golang-github-prometheus-node_exporter-1.7.0-150100.3.29.1 updated - grafana-formula-0.10.1-150600.1.1 updated - iputils-20221126-150500.1.1 added - jose4j-0.9.5-150600.1.2 updated - libarchive13-3.7.2-150600.1.7 updated - libargon2-1-20190702-150600.1.4 updated - libavahi-common3-0.8-150600.13.4 added - libbasicobjects0-0.1.1-3.3.1 added - libburn4-1.5.6-150600.1.6 updated - libcares2-1.19.1-150000.3.26.1 added - libcollection4-0.7.0-3.3.1 added - libdevmapper1_03-2.03.22_1.02.196-150600.1.3 updated - libdhash1-0.5.0-3.3.1 added - libgraphite2-3-1.3.14-150600.1.5 updated - libipa_hbac0-2.9.3-150600.1.6 added - libjpeg8-8.2.2-150600.22.5 updated - liblcms2-2-2.15-150600.1.5 updated - libnettle8-3.9.1-150600.1.46 updated - libnscd1-2.0.2-3.21 added - libpath_utils1-0.2.1-3.3.1 added - libpng16-16-1.6.40-150600.1.3 updated - libpq5-16.2-150600.14.11 updated - libprotobuf-c1-1.5.0-150600.1.4 updated - libref_array1-0.1.5-3.3.1 added - libsgutils2-1_48-2-1.48+10.1532339-150600.1.3 updated - libsss_idmap0-2.9.3-150600.1.6 added - libsss_nss_idmap0-2.9.3-150600.1.6 added - libtalloc2-2.4.1-150600.1.3 added - libtdb1-1.4.9-150600.1.4 added - libtextstyle0-0.21.1-150600.1.7 updated - lsof-4.99.0-150600.1.15 updated - openslp-2.0.0-150600.19.5 updated - openssh-common-9.6p1-150600.4.2 updated - release-notes-susemanager-5.0.0~rc-150600.13.2 updated - selinux-tools-3.5-150600.1.46 updated - simple-xml-2.6.2-0.150600.10.4 updated - sitemesh-2.1-0.150600.8.64 updated - skelcd-EULA-suse-manager-server-container-2024.05.03.1-150600.1.1 updated - snmp-mibs-5.9.4-150600.22.4 updated - sudo-1.9.15p5-150600.1.2 updated - susemanager-schema-utility-5.0.7-150600.1.12 updated - util-linux-systemd-2.39.3-150600.2.1 updated - uyuni-config-modules-5.0.7-150600.1.1 updated - vim-data-common-9.1.0330-150500.20.12.1 updated - woodstox-4.4.2-150600.1.96 updated - xz-5.4.1-150600.1.2 updated - yast2-logs-4.6.8-150600.1.1 updated - zstd-1.5.5-150600.1.3 updated - suseconnect-ng-1.9.0-150600.1.1 updated - mtools-4.0.43-150600.1.6 updated - libyui16-4.5.3-150500.3.5.4 updated - libyui-ncurses16-4.5.3-150500.3.5.4 updated - glibc-locale-2.38-150600.12.1 updated - libavahi-client3-0.8-150600.13.4 added - libdevmapper-event1_03-2.03.22_1.02.196-150600.1.3 updated - mokutil-0.5.0-150600.8.3 updated - ipmitool-1.8.18.238.gb7adc1d-150600.8.3 updated - perl-5.26.1-150300.17.17.1 updated - cyrus-sasl-2.1.28-150600.5.3 updated - libfido2-1-1.13.0-150600.10.3 updated - libisoburn1-1.5.6-150600.1.6 updated - libopenssl1_1-1.1.1w-150600.3.10 updated - libcryptsetup12-2.7.0-150600.1.4 updated - libipset13-7.21-150600.1.3 updated - libhogweed6-3.9.1-150600.1.46 updated - postgresql-16-150600.15.24 updated - postgresql16-16.2-150600.14.11 added - libini_config5-1.3.1-3.3.1 added - sg3_utils-1.48+10.1532339-150600.1.3 updated - libtevent0-0.15.0-150600.1.3 added - libsss_certmap0-2.9.3-150600.1.6 added - gettext-runtime-0.21.1-150600.1.7 updated - bind-utils-9.18.24-150600.1.5 updated - tftp-5.2-150000.5.6.2 updated - glibc-devel-2.38-150600.12.1 updated - openssh-fips-9.6p1-150600.4.2 updated - susemanager-docs_en-5.0-150600.3.1 updated - policycoreutils-3.5-150600.1.50 updated - redstone-xmlrpc-1.1_20071120-0.150600.9.4 updated - susemanager-branding-oss-5.0.4-150600.1.2 updated - spacewalk-java-lib-5.0.7-150600.1.13 updated - uyuni-reportdb-schema-5.0.5-150600.1.12 updated - kmod-29-150600.11.4 updated - less-643-150600.1.37 updated - reprepro-5.4.0-150600.1.7 updated - libsuseconnect-1.9.0-150600.1.1 updated - libyui-ncurses-pkg16-4.5.3-150500.3.5.11 updated - device-mapper-2.03.22_1.02.196-150600.1.3 updated - shim-15.8-150300.4.20.2 updated - yast2-core-4.6.0-150600.1.7 updated - vim-9.1.0330-150500.20.12.1 updated - libsnmp40-5.9.4-150600.22.4 updated - apache2-prefork-2.4.58-150600.3.2 updated - cyrus-sasl-gssapi-2.1.28-150600.5.3 added - cyrus-sasl-digestmd5-2.1.28-150600.5.3 updated - openssh-server-9.6p1-150600.4.2 updated - openssh-clients-9.6p1-150600.4.2 updated - xorriso-1.5.6-150600.1.6 updated - ipset-7.21-150600.1.3 updated - libgnutls30-3.8.3-150600.2.15 updated - wicked-0.6.74-150600.9.2 updated - wicked-service-0.6.74-150600.9.2 updated - libharfbuzz0-8.3.0-150600.1.3 updated - fontconfig-2.14.2-150600.1.3 updated - libfontconfig1-2.14.2-150600.1.3 updated - postgresql-server-16-150600.15.24 updated - postgresql16-server-16.2-150600.14.11 added - libldb2-2.8.0-150600.1.4 added - gettext-tools-0.21.1-150600.1.7 updated - postfix-3.8.4-150600.1.5 updated - libcreaterepo_c0-0.16.0-150600.12.4 updated - susemanager-docs_en-pdf-5.0-150600.3.1 updated - susemanager-schema-5.0.7-150600.1.12 updated - susemanager-sync-data-5.0.4-150600.1.1 updated - udev-254.10-150600.2.3 updated - rsync-3.2.7-150600.1.5 updated - openslp-server-2.0.0-150600.19.5 updated - suseconnect-ruby-bindings-1.9.0-150600.1.1 updated - yast2-pkg-bindings-4.6.5-150600.1.3 updated - perl-SNMP-5.9.4-150600.22.4 updated - net-snmp-5.9.4-150600.22.4 updated - apache2-2.4.58-150600.3.2 updated - openssh-9.6p1-150600.4.2 updated - grub2-2.12-150600.6.12 updated - grub2-i386-pc-2.12-150600.6.12 updated - python3-uyuni-common-libs-5.0.3-150600.1.41.1 updated - python3-rpm-4.14.3-150400.59.16.1 updated - python3-idna-2.6-150000.3.3.1 updated - python3-M2Crypto-0.38.0-150600.17.3 updated - libvirt-libs-10.0.0-150600.6.2 updated - rsyslog-8.2306.0-150600.10.6 updated - postgresql16-contrib-16.2-150600.14.11 added - postgresql-contrib-16-150600.15.24 updated - sssd-ldap-2.9.3-150600.1.6 added - sssd-2.9.3-150600.1.6 added - sssd-krb5-common-2.9.3-150600.1.6 added - samba-client-libs-4.19.5+git.342.57620c4f7e-150600.1.30 added - createrepo_c-0.16.0-150600.12.4 updated - libnm0-1.44.2-150600.1.7 updated - java-17-openjdk-headless-17.0.11.0-150400.3.42.1 added - java-11-openjdk-headless-11.0.23.0-150000.3.113.1 updated - libstorage-ng1-4.5.201-150600.1.3 updated - grub2-x86_64-efi-2.12-150600.6.12 updated - python3-tempora-1.8-150200.3.3.1 updated - inter-server-sync-0.3.3-150600.1.2 updated - spacewalk-backend-sql-postgresql-5.0.6-150600.3.42.13 updated - uyuni-setup-reportdb-5.0.3-150600.1.2 updated - sssd-krb5-2.9.3-150600.1.6 added - sssd-dbus-2.9.3-150600.1.6 added - python3-sssd-config-2.9.3-150600.1.6 added - sssd-ad-2.9.3-150600.1.6 added - typelib-1_0-NM-1_0-1.44.2-150600.1.7 updated - tomcat-servlet-4_0-api-9.0.87-150200.65.1 updated - tomcat-el-3_0-api-9.0.87-150200.65.1 updated - geronimo-stax-1_0-api-1.2-150200.15.8.1 updated - geronimo-jta-1_1-api-1.2-150200.15.8.1 updated - geronimo-annotation-1_0-api-1.2-150200.15.8.1 updated - apache-commons-daemon-1.3.4-150200.11.14.1 updated - libstorage-ng-ruby-4.5.201-150600.1.3 updated - java-17-openjdk-17.0.11.0-150400.3.42.1 added - java-11-openjdk-11.0.23.0-150000.3.113.1 updated - spacewalk-base-minimal-5.0.7-150600.1.13 updated - spacewalk-config-5.0.3-150600.1.1 updated - spacecmd-5.0.6-150600.3.116.1 updated - rpm-build-4.14.3-150400.59.16.1 updated - sssd-tools-2.9.3-150600.1.6 added - sssd-ipa-2.9.3-150600.1.6 added - tomcat-jsp-2_3-api-9.0.87-150200.65.1 updated - byte-buddy-dep-1.11.12-150600.1.6 updated - xmlpull-api-1.1.3.1-150600.1.3 updated - tomcat-taglibs-standard-1_2_5-1.2.5-150600.1.93 updated - quartz-2.3.0-150600.1.96 updated - protobuf-java-25.1-150600.14.3 updated - prometheus-jmx_exporter-0.3.1-150600.1.4 updated - prometheus-client-java-0.3.0-150600.1.92 updated - picocontainer-1.3.7-150600.1.4 updated - mvel2-2.2.6.Final-150600.1.94 updated - lucene-2.4.1-150600.1.96 updated - kie-soup-7.17.0.Final-150600.1.87 updated - kie-api-7.17.0-150600.1.86 updated - jpa-api-2.2.2-150600.1.7 updated - java-saml-2.4.0-150600.1.3 updated - ical4j-3.0.18-150600.1.82 updated - hibernate-commons-annotations-5.0.4-150600.1.93 updated - ehcache-2.10.1-150600.1.97 updated - dwr-3.0.2-0.150600.10.4 updated - drools-7.17.0-150600.1.83 updated - spacewalk-base-minimal-config-5.0.7-150600.1.13 updated - yast2-4.6.8-150600.1.1 updated - tomcat-lib-9.0.87-150200.65.1 updated - apache-commons-pool2-2.4.2-150200.11.8.1 updated - byte-buddy-1.11.12-150600.1.6 updated - reflections-0.9.10-150600.1.3 updated - pgjdbc-ng-0.8.7-150600.1.89 updated - mybatis-3.5.6-150200.5.6.1 updated - prometheus-jmx_exporter-tomcat-0.3.1-150600.1.4 updated - optaplanner-7.17.0-150600.1.84 updated - apache-commons-dbcp-2.1.1-150200.10.8.1 updated - hibernate-types-2.16.2-150600.1.4 updated - simple-core-3.1.3-0.150600.8.4 updated - xmlsec-2.0.7-150600.1.88 updated - statistics-1.0.2-150600.1.91 updated - spark-core-2.9.3-150600.1.122 updated - jade4j-1.2.7-150600.2.2 updated - tomcat-9.0.87-150200.65.1 updated - spacewalk-search-5.0.2-150600.1.3 updated - subscription-matcher-0.37-150600.1.2 updated - spark-template-jade-2.7.1-150600.1.4 updated - jakarta-commons-validator-1.1.4-21.150600.19.107 updated - salt-netapi-client-0.21.0-150600.1.4 updated - spacewalk-backend-5.0.6-150600.3.42.13 updated - python3-spacewalk-client-tools-5.0.5-150600.3.89.8 updated - spacewalk-client-tools-5.0.5-150600.3.89.8 updated - spacewalk-base-5.0.7-150600.1.13 updated - spacewalk-java-postgresql-5.0.7-150600.1.13 updated - spacewalk-branding-5.0.2-150600.1.2 updated - hibernate5-core-5.3.25-150600.1.79 updated - struts-1.2.9-162.150600.33.4 updated - python3-salt-3006.0-150500.4.35.1 updated - salt-3006.0-150500.4.35.1 updated - fence-agents-4.13.1+git.1704296072.32469f29-150600.1.3 updated - spacewalk-backend-sql-5.0.6-150600.3.42.13 updated - python3-spacewalk-certs-tools-5.0.4-150600.1.1 updated - spacewalk-certs-tools-5.0.4-150600.1.1 updated - mgr-push-5.0.2-150600.1.28.1 updated - python3-mgr-push-5.0.2-150600.1.28.1 updated - spacewalk-admin-5.0.6-150600.1.1 updated - spacewalk-reports-5.0.2-150600.1.1 updated - spacewalk-html-5.0.7-150600.1.13 updated - hibernate5-ehcache-5.3.25-150600.1.79 updated - hibernate5-c3p0-5.3.25-150600.1.79 updated - salt-master-3006.0-150500.4.35.1 updated - spacewalk-backend-server-5.0.6-150600.3.42.13 updated - susemanager-sls-5.0.7-150600.1.1 updated - spacewalk-java-config-5.0.7-150600.1.13 updated - salt-api-3006.0-150500.4.35.1 updated - spacewalk-backend-xmlrpc-5.0.6-150600.3.42.13 updated - spacewalk-backend-xml-export-libs-5.0.6-150600.3.42.13 updated - spacewalk-backend-package-push-server-5.0.6-150600.3.42.13 updated - spacewalk-backend-iss-5.0.6-150600.3.42.13 updated - spacewalk-backend-applet-5.0.6-150600.3.42.13 updated - spacewalk-backend-app-5.0.6-150600.3.42.13 updated - spacewalk-taskomatic-5.0.7-150600.1.13 updated - spacewalk-java-5.0.7-150600.1.13 updated - spacewalk-backend-iss-export-5.0.6-150600.3.42.13 updated - patterns-suma_retail-5.0-150600.4.2 updated - spacewalk-common-5.0.2-150600.1.2 updated - susemanager-tools-5.0.6-150600.1.1 updated - spacewalk-backend-tools-5.0.6-150600.3.42.13 updated - spacewalk-postgresql-5.0.2-150600.1.2 updated - susemanager-5.0.6-150600.1.1 updated - patterns-suma_server-5.0-150600.4.2 updated - container:suse-manager-5.0-init-5.0.0-rc-5.0.0-rc-4.59 added - container:suse-manager-5.0-init-5.0.0-beta2-5.0.0-beta2-3.74 removed - jcommon-1.0.16-0.150600.9.3 removed - libnewt0_52-0.52.20-150000.7.2.3 removed - libslang2-2.3.1a-150000.5.2.3 removed - newt-0.52.20-150000.7.2.3 removed - postgresql14-14.11-150600.14.3 removed - postgresql14-contrib-14.11-150600.14.3 removed - postgresql14-server-14.11-150600.14.3 removed - python3-newt-0.52.20-150000.7.2.3 removed - spacewalk-backend-config-files-5.0.5-150600.3.41.7 removed - spacewalk-backend-config-files-common-5.0.5-150600.3.41.7 removed - spacewalk-backend-config-files-tool-5.0.5-150600.3.41.7 removed From sle-container-updates at lists.suse.com Thu May 30 07:01:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 May 2024 09:01:18 +0200 (CEST) Subject: SUSE-IU-2024:458-1: Security update of suse-sles-15-sp5-chost-byos-v20240529-hvm-ssd-x86_64 Message-ID: <20240530070118.917EFF788@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20240529-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:458-1 Image Tags : suse-sles-15-sp5-chost-byos-v20240529-hvm-ssd-x86_64:20240529 Image Release : Severity : important Type : security References : 1082216 1082233 1177529 1189495 1191175 1191410 1192145 1205604 1210617 1211592 1213638 1217408 1218562 1218609 1218686 1218917 1218926 1219104 1219108 1219126 1219169 1219170 1219264 1220117 1220342 1220569 1220679 1220761 1220901 1220915 1220935 1221042 1221044 1221080 1221084 1221088 1221162 1221299 1221612 1221617 1221632 1221645 1221791 1221825 1222011 1222051 1222228 1222247 1222266 1222294 1222307 1222357 1222368 1222379 1222416 1222422 1222424 1222427 1222428 1222430 1222431 1222435 1222437 1222445 1222449 1222482 1222503 1222520 1222536 1222548 1222549 1222550 1222557 1222559 1222585 1222586 1222596 1222609 1222610 1222613 1222615 1222618 1222624 1222630 1222632 1222660 1222662 1222664 1222666 1222669 1222671 1222677 1222678 1222680 1222703 1222704 1222706 1222709 1222710 1222720 1222721 1222724 1222726 1222727 1222764 1222772 1222773 1222776 1222781 1222784 1222785 1222787 1222790 1222791 1222792 1222796 1222798 1222801 1222812 1222824 1222829 1222832 1222836 1222838 1222849 1222866 1222867 1222869 1222876 1222878 1222879 1222881 1222883 1222888 1222894 1222901 1222968 1223012 1223014 1223016 1223024 1223030 1223033 1223034 1223035 1223036 1223037 1223041 1223042 1223051 1223052 1223056 1223057 1223058 1223060 1223061 1223065 1223066 1223067 1223068 1223076 1223078 1223107 1223111 1223115 1223118 1223187 1223189 1223190 1223191 1223196 1223197 1223198 1223275 1223323 1223369 1223380 1223473 1223474 1223475 1223477 1223478 1223479 1223481 1223482 1223484 1223487 1223490 1223496 1223498 1223499 1223501 1223502 1223503 1223505 1223509 1223511 1223512 1223513 1223516 1223517 1223518 1223519 1223520 1223522 1223523 1223525 1223539 1223574 1223595 1223596 1223598 1223605 1223634 1223643 1223644 1223645 1223646 1223648 1223655 1223657 1223660 1223661 1223663 1223664 1223668 1223686 1223687 1223689 1223690 1223693 1223705 1223714 1223735 1223745 1223784 1223785 1223790 1223816 1223821 1223822 1223824 1223827 1223834 1223858 1223875 1223876 1223877 1223878 1223879 1223894 1223921 1223922 1223923 1223924 1223929 1223931 1223932 1223934 1223941 1223948 1223949 1223950 1223951 1223952 1223953 1223956 1223957 1223960 1223962 1223963 1223964 1224044 1224100 1224169 1224340 CVE-2018-6798 CVE-2018-6913 CVE-2021-3521 CVE-2021-47047 CVE-2021-47181 CVE-2021-47182 CVE-2021-47183 CVE-2021-47184 CVE-2021-47185 CVE-2021-47187 CVE-2021-47188 CVE-2021-47189 CVE-2021-47191 CVE-2021-47192 CVE-2021-47193 CVE-2021-47194 CVE-2021-47195 CVE-2021-47196 CVE-2021-47197 CVE-2021-47198 CVE-2021-47199 CVE-2021-47200 CVE-2021-47201 CVE-2021-47202 CVE-2021-47203 CVE-2021-47204 CVE-2021-47205 CVE-2021-47206 CVE-2021-47207 CVE-2021-47209 CVE-2021-47210 CVE-2021-47211 CVE-2021-47212 CVE-2021-47214 CVE-2021-47215 CVE-2021-47216 CVE-2021-47217 CVE-2021-47218 CVE-2021-47219 CVE-2022-48631 CVE-2022-48632 CVE-2022-48634 CVE-2022-48636 CVE-2022-48637 CVE-2022-48638 CVE-2022-48639 CVE-2022-48640 CVE-2022-48642 CVE-2022-48644 CVE-2022-48646 CVE-2022-48647 CVE-2022-48648 CVE-2022-48650 CVE-2022-48651 CVE-2022-48652 CVE-2022-48653 CVE-2022-48654 CVE-2022-48655 CVE-2022-48656 CVE-2022-48657 CVE-2022-48658 CVE-2022-48659 CVE-2022-48660 CVE-2022-48662 CVE-2022-48663 CVE-2022-48667 CVE-2022-48668 CVE-2022-48671 CVE-2022-48672 CVE-2022-48673 CVE-2022-48675 CVE-2022-48686 CVE-2022-48687 CVE-2022-48688 CVE-2022-48690 CVE-2022-48692 CVE-2022-48693 CVE-2022-48694 CVE-2022-48695 CVE-2022-48697 CVE-2022-48698 CVE-2022-48700 CVE-2022-48701 CVE-2022-48702 CVE-2022-48703 CVE-2022-48704 CVE-2023-2860 CVE-2023-30608 CVE-2023-52488 CVE-2023-52503 CVE-2023-52561 CVE-2023-52585 CVE-2023-52589 CVE-2023-52590 CVE-2023-52591 CVE-2023-52593 CVE-2023-52614 CVE-2023-52616 CVE-2023-52620 CVE-2023-52627 CVE-2023-52635 CVE-2023-52636 CVE-2023-52645 CVE-2023-52652 CVE-2023-6270 CVE-2024-0639 CVE-2024-0841 CVE-2024-22099 CVE-2024-23307 CVE-2024-23848 CVE-2024-23850 CVE-2024-2511 CVE-2024-26601 CVE-2024-26610 CVE-2024-26656 CVE-2024-26660 CVE-2024-26671 CVE-2024-26673 CVE-2024-26675 CVE-2024-26680 CVE-2024-26681 CVE-2024-26684 CVE-2024-26685 CVE-2024-26687 CVE-2024-26688 CVE-2024-26689 CVE-2024-26696 CVE-2024-26697 CVE-2024-26702 CVE-2024-26704 CVE-2024-26718 CVE-2024-26722 CVE-2024-26727 CVE-2024-26733 CVE-2024-26736 CVE-2024-26737 CVE-2024-26739 CVE-2024-26743 CVE-2024-26744 CVE-2024-26745 CVE-2024-26747 CVE-2024-26749 CVE-2024-26751 CVE-2024-26754 CVE-2024-26760 CVE-2024-26763 CVE-2024-26764 CVE-2024-26766 CVE-2024-26769 CVE-2024-26771 CVE-2024-26772 CVE-2024-26773 CVE-2024-26776 CVE-2024-26779 CVE-2024-26783 CVE-2024-26787 CVE-2024-26790 CVE-2024-26792 CVE-2024-26793 CVE-2024-26798 CVE-2024-26805 CVE-2024-26807 CVE-2024-26816 CVE-2024-26817 CVE-2024-26820 CVE-2024-26825 CVE-2024-26830 CVE-2024-26833 CVE-2024-26836 CVE-2024-26843 CVE-2024-26848 CVE-2024-26852 CVE-2024-26853 CVE-2024-26855 CVE-2024-26856 CVE-2024-26857 CVE-2024-26861 CVE-2024-26862 CVE-2024-26866 CVE-2024-26872 CVE-2024-26875 CVE-2024-26878 CVE-2024-26879 CVE-2024-26881 CVE-2024-26882 CVE-2024-26883 CVE-2024-26884 CVE-2024-26885 CVE-2024-26891 CVE-2024-26893 CVE-2024-26895 CVE-2024-26896 CVE-2024-26897 CVE-2024-26898 CVE-2024-26901 CVE-2024-26903 CVE-2024-26917 CVE-2024-26927 CVE-2024-26948 CVE-2024-26950 CVE-2024-26951 CVE-2024-26955 CVE-2024-26956 CVE-2024-26960 CVE-2024-26965 CVE-2024-26966 CVE-2024-26969 CVE-2024-26970 CVE-2024-26972 CVE-2024-26981 CVE-2024-26982 CVE-2024-26993 CVE-2024-27013 CVE-2024-27014 CVE-2024-27030 CVE-2024-27038 CVE-2024-27039 CVE-2024-27041 CVE-2024-27043 CVE-2024-27046 CVE-2024-27056 CVE-2024-27062 CVE-2024-27389 CVE-2024-29038 CVE-2024-29039 CVE-2024-29040 CVE-2024-32487 CVE-2024-34397 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20240529-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1557-1 Released: Wed May 8 11:42:34 2024 Summary: Security update for rpm Type: security Severity: moderate References: 1189495,1191175,1218686,CVE-2021-3521 This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175) Other fixes: - accept more signature subpackets marked as critical (bsc#1218686) - backport limit support for the autopatch macro (bsc#1189495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1566-1 Released: Thu May 9 12:33:21 2024 Summary: Recommended update for catatonit Type: recommended Severity: moderate References: This update for catatonit fixes the following issues: - Update to catatonit v0.2.0 - Change license to GPL-2.0-or-later ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1598-1 Released: Fri May 10 11:50:36 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1635-1 Released: Tue May 14 11:36:51 2024 Summary: Security update for tpm2-0-tss Type: security Severity: moderate References: 1223690,CVE-2024-29040 This update for tpm2-0-tss fixes the following issues: - CVE-2024-29040: Fixed quote data validation by Fapi_VerifyQuote (bsc#1223690). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1636-1 Released: Tue May 14 11:37:24 2024 Summary: Security update for tpm2.0-tools Type: security Severity: moderate References: 1223687,1223689,CVE-2024-29038,CVE-2024-29039 This update for tpm2.0-tools fixes the following issues: - CVE-2024-29038: Fixed arbitrary quote data validation by tpm2_checkquote (bsc#1223687). - CVE-2024-29039: Fixed pcr selection value to be compared with the attest (bsc#1223689). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1637-1 Released: Tue May 14 14:22:14 2024 Summary: Recommended update for google-cloud SDK Type: recommended Severity: moderate References: 1210617,CVE-2023-30608 This update for google-cloud SDK fixes the following issues: - Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697) - Bellow 5 binaries Obsolete the python3.6 counterpart: python311-google-resumable-media python311-google-api-core python311-google-cloud-storage python311-google-cloud-core python311-googleapis-common-protos - Regular python311 updates (without Obsoletes): python-google-auth python-grpcio python-sqlparse - New python311 packages: libcrc32c python-google-cloud-appengine-logging python-google-cloud-artifact-registry python-google-cloud-audit-log python-google-cloud-build python-google-cloud-compute python-google-cloud-dns python-google-cloud-domains python-google-cloud-iam python-google-cloud-kms-inventory python-google-cloud-kms python-google-cloud-logging python-google-cloud-run python-google-cloud-secret-manager python-google-cloud-service-directory python-google-cloud-spanner python-google-cloud-vpc-access python-google-crc32c python-grpc-google-iam-v1 python-grpcio-status python-proto-plus In python-sqlparse this security issue was fixed: CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (bsc#1210617) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1659-1 Released: Wed May 15 11:29:35 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1177529,1192145,1211592,1217408,1218562,1218917,1219104,1219126,1219169,1219170,1219264,1220342,1220569,1220761,1220901,1220915,1220935,1221042,1221044,1221080,1221084,1221088,1221162,1221299,1221612,1221617,1221645,1221791,1221825,1222011,1222051,1222247,1222266,1222294,1222307,1222357,1222368,1222379,1222416,1222422,1222424,1222427,1222428,1222430,1222431,1222435,1222437,1222445,1222449,1222482,1222503,1222520,1222536,1222549,1222550,1222557,1222559,1222585,1222586,1222596,1222609,1222610,1222613,1222615,1222618,1222624,1222630,1222632,1222660,1222662,1222664,1222666,1222669,1222671,1222677,1222678,1222680,1222703,1222704,1222706,1222709,1222710,1222720,1222721,1222724,1222726,1222727,1222764,1222772,1222773,1222776,1222781,1222784,1222785,1222787,1222790,1222791,1222792,1222796,1222798,1222801,1222812,1222824,1222829,1222832,1222836,1222838,1222866,1222867,1222869,1222876,1222878,1222879,1222881,1222883,1222888,1222894,1222901,1222968,1223012,1223014,1223016,1223024,1 223030,1223033,1223034,1223035,1223036,1223037,1223041,1223042,1223051,1223052,1223056,1223057,1223058,1223060,1223061,1223065,1223066,1223067,1223068,1223076,1223078,1223111,1223115,1223118,1223187,1223189,1223190,1223191,1223196,1223197,1223198,1223275,1223323,1223369,1223380,1223473,1223474,1223475,1223477,1223478,1223479,1223481,1223482,1223484,1223487,1223490,1223496,1223498,1223499,1223501,1223502,1223503,1223505,1223509,1223511,1223512,1223513,1223516,1223517,1223518,1223519,1223520,1223522,1223523,1223525,1223539,1223574,1223595,1223598,1223634,1223643,1223644,1223645,1223646,1223648,1223655,1223657,1223660,1223661,1223663,1223664,1223668,1223686,1223693,1223705,1223714,1223735,1223745,1223784,1223785,1223790,1223816,1223821,1223822,1223824,1223827,1223834,1223875,1223876,1223877,1223878,1223879,1223894,1223921,1223922,1223923,1223924,1223929,1223931,1223932,1223934,1223941,1223948,1223949,1223950,1223951,1223952,1223953,1223956,1223957,1223960,1223962,1223963,1223964,CVE-20 21-47047,CVE-2021-47181,CVE-2021-47182,CVE-2021-47183,CVE-2021-47184,CVE-2021-47185,CVE-2021-47187,CVE-2021-47188,CVE-2021-47189,CVE-2021-47191,CVE-2021-47192,CVE-2021-47193,CVE-2021-47194,CVE-2021-47195,CVE-2021-47196,CVE-2021-47197,CVE-2021-47198,CVE-2021-47199,CVE-2021-47200,CVE-2021-47201,CVE-2021-47202,CVE-2021-47203,CVE-2021-47204,CVE-2021-47205,CVE-2021-47206,CVE-2021-47207,CVE-2021-47209,CVE-2021-47210,CVE-2021-47211,CVE-2021-47212,CVE-2021-47214,CVE-2021-47215,CVE-2021-47216,CVE-2021-47217,CVE-2021-47218,CVE-2021-47219,CVE-2022-48631,CVE-2022-48632,CVE-2022-48634,CVE-2022-48636,CVE-2022-48637,CVE-2022-48638,CVE-2022-48639,CVE-2022-48640,CVE-2022-48642,CVE-2022-48644,CVE-2022-48646,CVE-2022-48647,CVE-2022-48648,CVE-2022-48650,CVE-2022-48651,CVE-2022-48652,CVE-2022-48653,CVE-2022-48654,CVE-2022-48655,CVE-2022-48656,CVE-2022-48657,CVE-2022-48658,CVE-2022-48659,CVE-2022-48660,CVE-2022-48662,CVE-2022-48663,CVE-2022-48667,CVE-2022-48668,CVE-2022-48671,CVE-2022-48672,CVE-2022-4867 3,CVE-2022-48675,CVE-2022-48686,CVE-2022-48687,CVE-2022-48688,CVE-2022-48690,CVE-2022-48692,CVE-2022-48693,CVE-2022-48694,CVE-2022-48695,CVE-2022-48697,CVE-2022-48698,CVE-2022-48700,CVE-2022-48701,CVE-2022-48702,CVE-2022-48703,CVE-2022-48704,CVE-2023-2860,CVE-2023-52488,CVE-2023-52503,CVE-2023-52561,CVE-2023-52585,CVE-2023-52589,CVE-2023-52590,CVE-2023-52591,CVE-2023-52593,CVE-2023-52614,CVE-2023-52616,CVE-2023-52620,CVE-2023-52627,CVE-2023-52635,CVE-2023-52636,CVE-2023-52645,CVE-2023-52652,CVE-2023-6270,CVE-2024-0639,CVE-2024-0841,CVE-2024-22099,CVE-2024-23307,CVE-2024-23848,CVE-2024-23850,CVE-2024-26601,CVE-2024-26610,CVE-2024-26656,CVE-2024-26660,CVE-2024-26671,CVE-2024-26673,CVE-2024-26675,CVE-2024-26680,CVE-2024-26681,CVE-2024-26684,CVE-2024-26685,CVE-2024-26687,CVE-2024-26688,CVE-2024-26689,CVE-2024-26696,CVE-2024-26697,CVE-2024-26702,CVE-2024-26704,CVE-2024-26718,CVE-2024-26722,CVE-2024-26727,CVE-2024-26733,CVE-2024-26736,CVE-2024-26737,CVE-2024-26739,CVE-2024-26743,CVE-2024- 26744,CVE-2024-26745,CVE-2024-26747,CVE-2024-26749,CVE-2024-26751,CVE-2024-26754,CVE-2024-26760,CVE-2024-26763,CVE-2024-26764,CVE-2024-26766,CVE-2024-26769,CVE-2024-26771,CVE-2024-26772,CVE-2024-26773,CVE-2024-26776,CVE-2024-26779,CVE-2024-26783,CVE-2024-26787,CVE-2024-26790,CVE-2024-26792,CVE-2024-26793,CVE-2024-26798,CVE-2024-26805,CVE-2024-26807,CVE-2024-26816,CVE-2024-26817,CVE-2024-26820,CVE-2024-26825,CVE-2024-26830,CVE-2024-26833,CVE-2024-26836,CVE-2024-26843,CVE-2024-26848,CVE-2024-26852,CVE-2024-26853,CVE-2024-26855,CVE-2024-26856,CVE-2024-26857,CVE-2024-26861,CVE-2024-26862,CVE-2024-26866,CVE-2024-26872,CVE-2024-26875,CVE-2024-26878,CVE-2024-26879,CVE-2024-26881,CVE-2024-26882,CVE-2024-26883,CVE-2024-26884,CVE-2024-26885,CVE-2024-26891,CVE-2024-26893,CVE-2024-26895,CVE-2024-26896,CVE-2024-26897,CVE-2024-26898,CVE-2024-26901,CVE-2024-26903,CVE-2024-26917,CVE-2024-26927,CVE-2024-26948,CVE-2024-26950,CVE-2024-26951,CVE-2024-26955,CVE-2024-26956,CVE-2024-26960,CVE-2024-26965,C VE-2024-26966,CVE-2024-26969,CVE-2024-26970,CVE-2024-26972,CVE-2024-26981,CVE-2024-26982,CVE-2024-26993,CVE-2024-27013,CVE-2024-27014,CVE-2024-27030,CVE-2024-27038,CVE-2024-27039,CVE-2024-27041,CVE-2024-27043,CVE-2024-27046,CVE-2024-27056,CVE-2024-27062,CVE-2024-27389 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26760: Fixed scsi/target/pscsi bio_put() for error case (bsc#1222596). - CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705). - CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834). - CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists (bsc#1223822). - CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827). - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824). - CVE-2024-27041: Fixed drm/amd/display NULL checks for adev->dm.dc in amdgpu_dm_fini() (bsc#1223714). - CVE-2024-27039: Fixed clk/hisilicon/hi3559a an erroneous devm_kfree() (bsc#1223821). - CVE-2024-27038: Fixed clk_core_get NULL pointer dereference (bsc#1223816). - CVE-2024-27030: Fixed octeontx2-af to use separate handlers for interrupts (bsc#1223790). - CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735). - CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745). - CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693). - CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634). - CVE-2024-26970: Fixed clk/qcom/gcc-ipq6018 termination of frequency table arrays (bsc#1223644). - CVE-2024-26969: Fixed clk/qcom/gcc-ipq8074 termination of frequency table arrays (bsc#1223645). - CVE-2024-26966: Fixed clk/qcom/mmcc-apq8084 termination of frequency table arrays (bsc#1223646). - CVE-2024-26965: Fixed clk/qcom/mmcc-msm8974 termination of frequency table arrays (bsc#1223648). - CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and swapoff() (bsc#1223655). - CVE-2024-26951: Fixed wireguard/netlink check for dangling peer via is_dead instead of empty list (bsc#1223660). - CVE-2024-26950: Fixed wireguard/netlink to access device through ctx instead of peer (bsc#1223661). - CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664). - CVE-2024-26927: Fixed ASoC/SOF bounds checking to firmware data Smatch (bsc#1223525). - CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198). - CVE-2024-26896: Fixed wifi/wfx memory leak when starting AP (bsc#1223042). - CVE-2024-26893: Fixed firmware/arm_scmi for possible double free in SMC transport cleanup path (bsc#1223196). - CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches (bsc#1223190). - CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189). - CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035). - CVE-2024-26882: Fixed net/ip_tunnel to make sure to pull inner header in ip_tunnel_rcv() (bsc#1223034). - CVE-2024-26881: Fixed net/hns3 kernel crash when 1588 is received on HIP08 devices (bsc#1223041). - CVE-2024-26879: Fixed clk/meson by adding missing clocks to axg_clk_regmaps (bsc#1223066). - CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060). - CVE-2024-26866: Fixed spi/spi-fsl-lpspi by removing redundant spi_controller_put call (bsc#1223024). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-26861: Fixed wireguard/receive annotate data-race around receiving_counter.counter (bsc#1223076). - CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058). - CVE-2024-26856: Fixed use-after-free inside sparx5_del_mact_entry (bsc#1223052). - CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051). - CVE-2024-26853: Fixed igc returning frame twice in XDP_REDIRECT (bsc#1223061). - CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057). - CVE-2024-26848: Fixed afs endless loop in directory parsing (bsc#1223030). - CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for workstations (bsc#1222968). - CVE-2024-26830: Fixed i40e to not allow untrusted VF to remove administratively set MAC (bsc#1223012). - CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid integer overflow (bsc#1222812). - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624). - CVE-2024-26807: Fixed spi/cadence-qspi NULL pointer reference in runtime PM hooks (bsc#1222801). - CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink (bsc#1222630). - CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp (bsc#1222428). - CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a wrong zone index (bsc#1222615). - CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618). - CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (bsc#1222613). - CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma (bsc#1222610) - CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726). - CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721). - CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt (bsc#1222720). - CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in gtp_genl_dump_pdp() in gtp (bsc#1222632). - CVE-2024-26751: Fixed ARM/ep93xx terminator to gpiod_lookup_table (bsc#1222724). - CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449). - CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr (bsc#1222677). - CVE-2024-26737: Fixed selftests/bpf racing between bpf_timer_cancel_and_free and bpf_timer_cancel (bsc#1222557). - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585). - CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already gets read (bsc#1222536). - CVE-2024-26718: Fixed dm-crypt/dm-verity disable tasklets (bsc#1222416). - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422). - CVE-2024-26696: Fixed nilfs2 hang in nilfs_lookup_dirty_data_buffers() (bsc#1222549). - CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503). - CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435). - CVE-2024-26685: Fixed nilfs2 potential bug in end_buffer_async_write (bsc#1222437). - CVE-2024-26684: Fixed net/stmmac/xgmac handling of DPP safety error for DMA channels (bsc#1222445). - CVE-2024-26681: Fixed netdevsim to avoid potential loop in nsim_dev_trap_report_work() (bsc#1222431). - CVE-2024-26680: Fixed net/atlantic DMA mapping for PTP hwts ring (bsc#1222427). - CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379). - CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization (bsc#1222368). - CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357). - CVE-2024-26660: Fixed drm/amd/display bounds check for stream encoder creation (bsc#1222266). - CVE-2024-26656: Fixed drm/amdgpu use-after-free bug (bsc#1222307). - CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299). - CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342). - CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126). - CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104). - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169). - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264). - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686). - CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd (bsc#1223033). - CVE-2023-52636: Fixed libceph cursor init when preparing sparse read in msgr2 (bsc#1222247). - CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294). - CVE-2023-52627: Fixed iio:adc:ad7091r exports into IIO_AD7091R namespace (bsc#1222051). - CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous sets never used from userspace (bsc#1221825). - CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612). - CVE-2023-52614: Fixed PM/devfreq buffer overflow in trans_stat_show (bsc#1221617). - CVE-2023-52593: Fixed wifi/wfx possible NULL pointer dereference in wfx_set_mfp_ap() (bsc#1221042). - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044). - CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088). - CVE-2023-52589: Fixed media/rkisp1 IRQ disable race issue (bsc#1221084). - CVE-2023-52585: Fixed drm/amdgpu for possible NULL pointer dereference in amdgpu_ras_query_error_status_helper() (bsc#1221080). - CVE-2023-52561: Fixed arm64/dts/qcom/sdm845-db845c to mark cont splash memory region (bsc#1220935). - CVE-2023-52503: Fixed tee/amdtee use-after-free vulnerability in amdtee_close_session (bsc#1220915). - CVE-2023-52488: Fixed serial/sc16is7xx convert from _raw_ to _noinc_ regmap functions for FIFO (bsc#1221162). - CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505). - CVE-2022-48659: Fixed mm/slub to return errno if kmalloc() fails (bsc#1223498). - CVE-2022-48658: Fixed mm/slub to avoid a problem in flush_cpu_slab()/__free_slab() task context (bsc#1223496). - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513). - CVE-2022-48642: Fixed netfilter/nf_tables percpu memory leak at nf_tables_addchain() (bsc#1223478). - CVE-2022-48640: Fixed bonding for possible NULL pointer dereference in bond_rr_gen_slave_id (bsc#1223499). - CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475). - CVE-2021-47214: Fixed hugetlb/userfaultfd during restore reservation in hugetlb_mcopy_atomic_pte() (bsc#1222710). - CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878) - CVE-2021-47200: Fixed drm/prime for possible use-after-free in mmap within drm_gem_ttm_mmap() and drm_gem_ttm_mmap() (bsc#1222838). - CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832). - CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706). - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669). - CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664). - CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662). - CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660). The following non-security bugs were fixed: - ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter (stable-fixes). - ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC (stable-fixes). - ALSA: hda/realtek - Fix inactive headset mic jack (stable-fixes). - ALSA: hda/realtek: Add quirk for HP SnowWhite laptops (stable-fixes). - ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU (stable-fixes). - ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() (git-fixes). - ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support (stable-fixes). - ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support (stable-fixes). - ALSA: scarlett2: Add correct product series name to messages (stable-fixes). - ALSA: scarlett2: Add support for Clarett 8Pre USB (stable-fixes). - ALSA: scarlett2: Default mixer driver to enabled (stable-fixes). - ALSA: scarlett2: Move USB IDs out from device_info struct (stable-fixes). - ASoC: meson: axg-card: make links nonatomic (git-fixes). - ASoC: meson: axg-tdm-interface: manage formatters in trigger (git-fixes). - ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes). - ASoC: soc-core.c: Skip dummy codec when adding platforms (stable-fixes). - ASoC: tegra: Fix DSPK 16-bit playback (git-fixes). - ASoC: ti: davinci-mcasp: Fix race condition during probe (git-fixes). - Bluetooth: Add new quirk for broken read key length on ATS2851 (git-fixes). - Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes). - Bluetooth: Fix memory leak in hci_req_sync_complete() (git-fixes). - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() (stable-fixes). - Bluetooth: L2CAP: Fix not validating setsockopt user input (git-fixes). - Bluetooth: RFCOMM: Fix not validating setsockopt user input (git-fixes). - Bluetooth: SCO: Fix not validating setsockopt user input (git-fixes). - Bluetooth: add quirk for broken address properties (git-fixes). - Bluetooth: btintel: Fix null ptr deref in btintel_read_version (stable-fixes). - Bluetooth: btintel: Fixe build regression (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 (stable-fixes). - Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE (git-fixes). - Bluetooth: hci_event: set the conn encrypted before conn establishes (stable-fixes). - Bluetooth: hci_sock: Fix not validating setsockopt user input (git-fixes). - Bluetooth: qca: fix NULL-deref on non-serdev suspend (git-fixes). - Documentation: Add missing documentation for EXPORT_OP flags (stable-fixes). - HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (git-fixes). - HID: logitech-dj: allow mice to use all types of reports (git-fixes). - HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running (stable-fixes). - Input: synaptics-rmi4 - fail probing if memory allocation for 'phys' fails (stable-fixes). - NFC: trf7970a: disable all regulators on removal (git-fixes). - NFS: avoid spurious warning of lost lock that is being unlocked (bsc#1221791). - PCI/AER: Block runtime suspend when handling errors (git-fixes). - PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports (git-fixes). - PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports (git-fixes). - PCI/DPC: Quirk PIO log size for certain Intel Root Ports (git-fixes). - PCI/PM: Drain runtime-idle callbacks before driver removal (git-fixes). - PCI: Drop pci_device_remove() test of pci_dev->driver (git-fixes). - PCI: rpaphp: Error out on busy status from get-sensor-state (bsc#1223369 ltc#205888). - RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). - RDMA/cm: Print the old state when cm_destroy_id gets timeout (git-fixes). - RDMA/cm: add timeout to cm_destroy_id wait (git-fixes) - Reapply 'drm/qxl: simplify qxl_fence_wait' (stable-fixes). - Revert 'ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default' (stable-fixes). - Revert 'drm/qxl: simplify qxl_fence_wait' (git-fixes). - Revert 'ice: Fix ice VF reset during iavf initialization (jsc#PED-376).' (bsc#1223275) - Revert 'usb: cdc-wdm: close race between read and workqueue' (git-fixes). - Revert 'usb: phy: generic: Get the vbus supply' (git-fixes). - USB: UAS: return ENODEV when submit urbs fail with device not attached (stable-fixes). - USB: serial: add device ID for VeriFone adapter (stable-fixes). - USB: serial: cp210x: add ID for MGP Instruments PDS100 (stable-fixes). - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M (stable-fixes). - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB (stable-fixes). - USB: serial: option: add Fibocom FM135-GL variants (stable-fixes). - USB: serial: option: add Lonsung U8300/U9300 product (stable-fixes). - USB: serial: option: add MeiG Smart SLM320 product (stable-fixes). - USB: serial: option: add Rolling RW101-GL and RW135-GL support (stable-fixes). - USB: serial: option: add Telit FN920C04 rmnet compositions (stable-fixes). - USB: serial: option: add support for Fibocom FM650/FG650 (stable-fixes). - USB: serial: option: support Quectel EM060K sub-models (stable-fixes). - ahci: asm1064: asm1166: do not limit reported ports (git-fixes). - ahci: asm1064: correct count of reported ports (stable-fixes). - arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes) - arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes) - arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes) - arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes) - arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git-fixes) - arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes) - arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes) - arm64: hibernate: Fix level3 translation fault in swsusp_save() (git-fixes). - ax25: fix use-after-free bugs caused by ax25_ds_del_timer (git-fixes). - batman-adv: Avoid infinite loop trying to resize local TT (git-fixes). - bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes). - bcache: Remove dead references to cache_readaheads (git-fixes). - bcache: Remove unnecessary NULL point check in node allocations (git-fixes). - bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes). - bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes). - bcache: avoid oversize memory allocation by small stripe_size (git-fixes). - bcache: bset: Fix comment typos (git-fixes). - bcache: check return value from btree_node_alloc_replacement() (git-fixes). - bcache: fix NULL pointer reference in cached_dev_detach_finish (git-fixes). - bcache: fix error info in register_bcache() (git-fixes). - bcache: fixup bcache_dev_sectors_dirty_add() multithreaded CPU false sharing (git-fixes). - bcache: fixup btree_cache_wait list damage (git-fixes). - bcache: fixup init dirty data errors (git-fixes). - bcache: fixup lock c->root error (git-fixes). - bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes). - bcache: move calc_cached_dev_sectors to proper place on backing device detach (git-fixes). - bcache: move uapi header bcache.h to bcache code directory (git-fixes). - bcache: prevent potential division by zero error (git-fixes). - bcache: remove EXPERIMENTAL for Kconfig option 'Asynchronous device registration' (git-fixes). - bcache: remove redundant assignment to variable cur_idx (git-fixes). - bcache: remove the backing_dev_name field from struct cached_dev (git-fixes). - bcache: remove the cache_dev_name field from struct cache (git-fixes). - bcache: remove unnecessary flush_workqueue (git-fixes). - bcache: remove unused bch_mark_cache_readahead function def in stats.h (git-fixes). - bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes). - bcache: replace snprintf in show functions with sysfs_emit (git-fixes). - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes). - bcache: use bvec_kmap_local in bch_data_verify (git-fixes). - bcache: use bvec_kmap_local in bio_csum (git-fixes). - bcache: use default_groups in kobj_type (git-fixes). - bcache:: fix repeated words in comments (git-fixes). - ceph: stop copying to iter at EOF on sync reads (bsc#1223068). - ceph: switch to corrected encoding of max_xattr_size in mdsmap (bsc#1223067). - clk: Get runtime PM before walking tree during disable_unused (git-fixes). - clk: Initialize struct clk_core kref earlier (stable-fixes). - clk: Mark 'all_lists' as const (stable-fixes). - clk: Print an info line before disabling unused clocks (stable-fixes). - clk: Remove prepare_lock hold assertion in __clk_release() (git-fixes). - clk: remove extra empty line (stable-fixes). - comedi: vmk80xx: fix incomplete endpoint checking (git-fixes). - dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes). - dm cache: add cond_resched() to various workqueue loops (git-fixes). - dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes). - dm crypt: add cond_resched() to dmcrypt_write() (git-fixes). - dm crypt: avoid accessing uninitialized tasklet (git-fixes). - dm flakey: do not corrupt the zero page (git-fixes). - dm flakey: fix a bug with 32-bit highmem systems (git-fixes). - dm flakey: fix a crash with invalid table line (git-fixes). - dm flakey: fix logic when corrupting a bio (git-fixes). - dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes). - dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes). - dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes). - dm raid: fix false positive for requeue needed during reshape (git-fixes). - dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes). - dm stats: check for and propagate alloc_percpu failure (git-fixes). - dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes). - dm thin metadata: check fail_io before using data_sm (git-fixes). - dm thin: add cond_resched() to various workqueue loops (git-fixes). - dm thin: fix deadlock when swapping to thin device (bsc#1177529). - dm verity: do not perform FEC for failed readahead IO (git-fixes). - dm verity: fix error handling for check_at_most_once on FEC (git-fixes). - dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes). - dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes). - dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes). - dm-raid: fix lockdep waring in 'pers->hot_add_disk' (git-fixes). - dm-verity, dm-crypt: align 'struct bvec_iter' correctly (git-fixes). - dm-verity: align struct dm_verity_fec_io properly (git-fixes). - dm: add cond_resched() to dm_wq_work() (git-fixes). - dm: call the resume method on internal suspend (git-fixes). - dm: do not lock fs when the map is NULL during suspend or resume (git-fixes). - dm: do not lock fs when the map is NULL in process of resume (git-fixes). - dm: remove flush_scheduled_work() during local_exit() (git-fixes). - dm: send just one event on resize, not two (git-fixes). - dma: xilinx_dpdma: Fix locking (git-fixes). - dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (git-fixes). - dmaengine: owl: fix register access functions (git-fixes). - dmaengine: tegra186: Fix residual calculation (git-fixes). - docs: Document the FAN_FS_ERROR event (stable-fixes). - drm-print: add drm_dbg_driver to improve namespace symmetry (stable-fixes). - drm/amd/display: Do not recursively call manual trigger programming (stable-fixes). - drm/amd/display: Fix nanosec stat overflow (stable-fixes). - drm/amd/display: fix disable otg wa logic in DCN316 (stable-fixes). - drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 (stable-fixes). - drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 (stable-fixes). - drm/amdgpu: Fix leak when GPU memory allocation fails (stable-fixes). - drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes). - drm/amdgpu: always force full reset for SOC21 (stable-fixes). - drm/amdgpu: fix incorrect active rb bitmap for gfx11 (stable-fixes). - drm/amdgpu: fix incorrect number of active RBs for gfx11 (stable-fixes). - drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 (git-fixes). - drm/amdgpu: validate the parameters of bo mapping operations more clearly (git-fixes). - drm/amdkfd: Reset GPU on queue preemption failure (stable-fixes). - drm/ast: Fix soft lockup (git-fixes). - drm/client: Fully protect modes[] with dev->mode_config.mutex (stable-fixes). - drm/i915/cdclk: Fix CDCLK programming order when pipes are active (git-fixes). - drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes). - drm/i915: Disable port sync when bigjoiner is used (stable-fixes). - drm/msm/dp: fix typo in dp_display_handle_port_status_changed() (git-fixes). - drm/nouveau/nvkm: add a replacement for nvkm_notify (bsc#1223834) - drm/panel: ili9341: Respect deferred probe (git-fixes). - drm/panel: ili9341: Use predefined error codes (git-fixes). - drm/panel: visionox-rm69299: do not unregister DSI device (git-fixes). - drm/vc4: do not check if plane->state->fb == state->fb (stable-fixes). - drm/vmwgfx: Enable DMA mappings with SEV (git-fixes). - drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes). - drm/vmwgfx: Fix invalid reads in fence signaled events (git-fixes). - drm/vmwgfx: Sort primary plane formats by order of preference (git-fixes). - drm: nv04: Fix out of bounds access (git-fixes). - drm: panel-orientation-quirks: Add quirk for GPD Win Mini (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go (stable-fixes). - dump_stack: Do not get cpu_sync for panic CPU (bsc#1223574). - fbdev: fix incorrect address computation in deferred IO (git-fixes). - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 (stable-fixes). - fbmon: prevent division by zero in fb_videomode_from_videomode() (stable-fixes). - fix build warning - fuse: do not unhash root (bsc#1223951). - fuse: fix root lookup with nonzero generation (bsc#1223950). - hwmon: (amc6821) add of_match table (stable-fixes). - i2c: pxa: hide unused icr_bits[] variable (git-fixes). - i2c: smbus: fix NULL function pointer dereference (git-fixes). - i40e: Fix VF MAC filter removal (git-fixes). - idma64: Do not try to serve interrupts when device is powered off (git-fixes). - iio: accel: mxc4005: Interrupt handling fixes (git-fixes). - iio:imu: adis16475: Fix sync mode setting (git-fixes). - init/main.c: Fix potential static_command_line memory overflow (git-fixes). - iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter (git-fixes). - iommu/amd: Fix 'Guest Virtual APIC Table Root Pointer' configuration in IRTE (git-fixes). - iommu/amd: Fix domain flush size when syncing iotlb (git-fixes). - iommu/amd: Fix error handling for pdev_pri_ats_enable() (git-fixes). - iommu/arm-smmu-qcom: Limit the SMR groups to 128 (git-fixes). - iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any (git-fixes). - iommu/fsl: fix all kernel-doc warnings in fsl_pamu.c (git-fixes). - iommu/iova: Fix alloc iova overflows issue (git-fixes). - iommu/mediatek: Flush IOTLB completely only if domain has been attached (git-fixes). - iommu/rockchip: Fix unwind goto issue (git-fixes). - iommu/sprd: Release dma buffer to avoid memory leak (git-fixes). - iommu/vt-d: Allocate local memory for page request queue (git-fixes). - iommu/vt-d: Allow zero SAGAW if second-stage not supported (git-fixes). - iommu/vt-d: Fix error handling in sva enable/disable paths (git-fixes). - iommu: Fix error unwind in iommu_group_alloc() (git-fixes). - ipv6/addrconf: fix a potential refcount underflow for idev (git-fixes). - kABI: Adjust trace_iterator.wait_index (git-fixes). - kprobes: Fix double free of kretprobe_holder (bsc#1220901). - kprobes: Fix possible use-after-free issue on kprobe registration (git-fixes). - libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (git-fixes). - libnvdimm/region: Allow setting align attribute on regions without mappings (git-fixes). - livepatch: Fix missing newline character in klp_resolve_symbols() (bsc#1223539). - md/raid1: fix choose next idle in read_balance() (git-fixes). - md: Do not clear MD_CLOSING when the raid is about to stop (git-fixes). - md: do not clear MD_RECOVERY_FROZEN for new dm-raid until resume (git-fixes). - media: cec: core: remove length check of Timer Status (stable-fixes). - media: sta2x11: fix irq handler cast (stable-fixes). - mei: me: add arrow lake point H DID (stable-fixes). - mei: me: add arrow lake point S DID (stable-fixes). - mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes). - mm/vmscan: make sure wakeup_kswapd with managed zone (bsc#1223473). - mmc: sdhci-msm: pervent access to suspended controller (git-fixes). - mtd: diskonchip: work around ubsan link failure (stable-fixes). - nd_btt: Make BTT lanes preemptible (git-fixes). - net: bridge: vlan: fix memory leak in __allowed_ingress (git-fixes). - net: fix a memleak when uncloning an skb dst and its metadata (git-fixes). - net: fix skb leak in __skb_tstamp_tx() (git-fixes). - net: ipv6: ensure we call ipv6_mc_down() at most once (git-fixes). - net: mld: fix reference count leak in mld_{query | report}_work() (git-fixes). - net: stream: purge sk_error_queue in sk_stream_kill_queues() (git-fixes). - net: usb: ax88179_178a: avoid the interface always configured as random address (git-fixes). - net: usb: ax88179_178a: avoid writing the mac address before first reading (git-fixes). - net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes). - net: vlan: fix underflow for the real_dev refcnt (git-fixes). - netfilter: br_netfilter: Drop dst references before setting (git-fixes). - netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() (git-fixes). - netfilter: nft_ct: fix l3num expectations with inet pseudo family (git-fixes). - nfsd: use __fput_sync() to avoid delayed closing of files (bsc#1223380 bsc#1217408). - nilfs2: fix OOB in nilfs_set_de_type (git-fixes). - nilfs2: fix OOB in nilfs_set_de_type (git-fixes). - nouveau: fix function cast warning (git-fixes). - nouveau: fix instmem race condition around ptr stores (git-fixes). - nvdimm/namespace: drop nested variable in create_namespace_pmem() (git-fixes). - nvdimm: Allow overwrite in the presence of disabled dimms (git-fixes). - nvdimm: Fix badblocks clear off-by-one error (git-fixes). - nvdimm: Fix dereference after free in register_nvdimm_pmu() (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu() (git-fixes). - pci_iounmap(): Fix MMIO mapping leak (git-fixes). - phy: tegra: xusb: Add API to retrieve the port number of phy (stable-fixes). - pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs (stable-fixes). - platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet (stable-fixes). - powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191). - powerpc/pseries/iommu: LPAR panics when rebooted with a frozen PE (bsc#1222011 ltc#205900). - powerpc/rtas: define pr_fmt and convert printk call sites (bsc#1223369 ltc#205888). - powerpc/rtas: export rtas_error_rc() for reuse (bsc#1223369 ltc#205888). - powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191). - powerpc: Refactor verification of MSR_RI (bsc#1223191). - printk: Add this_cpu_in_panic() (bsc#1223574). - printk: Adjust mapping for 32bit seq macros (bsc#1223574). - printk: Avoid non-panic CPUs writing to ringbuffer (bsc#1223574). - printk: Disable passing console lock owner completely during panic() (bsc#1223574). - printk: Drop console_sem during panic (bsc#1223574). - printk: Rename abandon_console_lock_in_panic() to other_cpu_in_panic() (bsc#1223574). - printk: Use prb_first_seq() as base for 32bit seq macros (bsc#1223574). - printk: Wait for all reserved records with pr_flush() (bsc#1223574). - printk: nbcon: Relocate 32bit seq macros (bsc#1223574). - printk: ringbuffer: Clarify special lpos values (bsc#1223574). - printk: ringbuffer: Cleanup reader terminology (bsc#1223574). - printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() (bsc#1223574). - printk: ringbuffer: Improve prb_next_seq() performance (bsc#1223574). - printk: ringbuffer: Skip non-finalized records in panic (bsc#1223574). - pstore/zone: Add a null pointer check to the psz_kmsg_read (stable-fixes). - ring-buffer: Do not set shortest_full when full target is hit (git-fixes). - ring-buffer: Fix full_waiters_pending in poll (git-fixes). - ring-buffer: Fix resetting of shortest_full (git-fixes). - ring-buffer: Fix waking up ring buffer readers (git-fixes). - ring-buffer: Make wake once of ring_buffer_wait() more robust (git-fixes). - ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() (git-fixes). - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment (git-fixes). - s390/cio: Ensure the copied buf is NUL terminated (git-fixes bsc#1223875). - s390/decompressor: fix misaligned symbol build error (git-fixes bsc#1223785). - s390/mm: Fix clearing storage keys for huge pages (git-fixes bsc#1223877). - s390/mm: Fix storage key clearing for guest huge pages (git-fixes bsc#1223878). - s390/qeth: Fix kernel panic after setting hsuid (git-fixes bsc#1223879). - s390/scm: fix virtual vs physical address confusion (git-fixes bsc#1223784). - s390/vdso: Add CFI for RA register to asm macro vdso_func (git-fixes bsc#1223876). - s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223598). - s390/zcrypt: fix reference counting on zcrypt card objects (git-fixes bsc#1223595). - serial/pmac_zilog: Remove flawed mitigation for rx irq flood (git-fixes). - serial: core: Provide port lock wrappers (stable-fixes). - serial: core: fix kernel-doc for uart_port_unlock_irqrestore() (git-fixes). - serial: mxs-auart: add spinlock around changing cts state (git-fixes). - slimbus: qcom-ngd-ctrl: Add timeout for wait operation (git-fixes). - speakup: Avoid crash on very long word (git-fixes). - speakup: Fix 8bit characters from direct synth (git-fixes). - tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp (git-fixes). - thunderbolt: Avoid notify PM core about runtime PM resume (stable-fixes). - thunderbolt: Fix wake configurations after device unplug (stable-fixes). - tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string (git-fixes). - tracing/ring-buffer: Fix wait_on_pipe() race (git-fixes). - tracing: Have saved_cmdlines arrays all in one allocation (git-fixes). - tracing: Remove precision vsnprintf() check from print event (git-fixes). - tracing: Show size of requested perf buffer (git-fixes). - tracing: Use .flush() call to wake up readers (git-fixes). - usb: Disable USB3 LPM at shutdown (stable-fixes). - usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device (git-fixes). - usb: dwc2: host: Fix dereference issue in DDMA completion flow (git-fixes). - usb: gadget: composite: fix OS descriptors w_value logic (git-fixes). - usb: gadget: f_fs: Fix a race condition when processing setup packets (git-fixes). - usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error (stable-fixes). - usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic (git-fixes). - usb: ohci: Prevent missed ohci interrupts (git-fixes). - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined (stable-fixes). - usb: typec: tcpci: add generic tcpci fallback compatible (stable-fixes). - usb: typec: tcpm: Check for port partner validity before consuming it (git-fixes). - usb: typec: tcpm: unregister existing source caps before re-registration (bsc#1220569). - usb: typec: ucsi: Ack unsupported commands (stable-fixes). - usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset (stable-fixes). - usb: typec: ucsi: Fix connector check on init (git-fixes). - usb: udc: remove warning when queue disabled ep (stable-fixes). - vdpa/mlx5: Allow CVQ size changes (git-fixes). - virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal (bsc#1223949). - wifi: ath9k: fix LNA selection in ath_ant_try_scan() (stable-fixes). - wifi: iwlwifi: mvm: remove old PASN station when adding a new one (git-fixes). - wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd (git-fixes). - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (stable-fixes). - wifi: nl80211: do not free NULL coalescing rule (git-fixes). - x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git-fixes). - x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type (jsc#PED-7167 git-fixes). - x86/sev: Skip ROM range scans and validation for SEV-SNP guests (jsc#PED-7167 git-fixes). - x86/xen: Add some null pointer checking to smp.c (git-fixes). - x86/xen: add CPU dependencies for 32-bit build (git-fixes). - x86/xen: fix percpu vcpu_info allocation (git-fixes). - xen-netback: properly sync TX responses (git-fixes). - xen-netfront: Add missing skb_mark_for_recycle (git-fixes). - xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import (git-fixes). - xen/xenbus: document will_handle argument for xenbus_watch_path() (git-fixes). - xfrm6: fix inet6_dev refcount underflow problem (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1778-1 Released: Fri May 24 17:40:50 2024 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable sysctl-logger (jsc#PED-5024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1787-1 Released: Mon May 27 15:22:56 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1223858,1224169,1224340 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. This update fixes a regression with kerberized nfs4 shares in the previous update (bsc#1223858). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1796-1 Released: Tue May 28 14:52:51 2024 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1191410,1222228 This update for kdump fixes the following issues: - Return success from pre, post, preun and postun scriplets (bsc#1222228, bsc#1191410) - Differentiate between uninstall and upgrade in postun/prerun (bsc#1191410) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1799-1 Released: Tue May 28 15:45:23 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1220679,1223107 This update for suseconnect-ng fixes the following issue: - Version update * Fix certificate import for Yast when using a registration proxy with self-signed SSL certificate (bsc#1223107) * Allow '--rollback' flag to run on readonly filesystem (bsc#1220679) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1810-1 Released: Wed May 29 08:58:01 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1218609,1220117,1223605 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) - lscpu: Add more ARM cores (bsc#1223605) - Document that chcpu -g is not supported on IBM z/VM (bsc#1218609) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1828-1 Released: Wed May 29 10:44:54 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1205604,1218926,1219108,1224100 This update for wicked fixes the following issues: - client: fix ifreload to pull UP ports/links again when the config of their master/lower changed (bsc#1224100) - Update to version 0.6.75: - cleanup: fix ni_fsm_state_t enum-int-mismatch warnings - cleanup: fix overflow warnings in a socket testcase on i586 - ifcheck: report new and deleted configs as changed (bsc#1218926) - man: improve ARP configuration options in the wicked-config.5 - bond: add ports when master is UP to avoid port MTU revert (bsc#1219108) - cleanup: fix interface dependencies and shutdown order (bsc#1205604) - Remove port arrays from bond,team,bridge,ovs-bridge (redundant) and consistently use config and state info attached to the port interface as in rtnetlink(7). - Cleanup ifcfg parsing, schema configuration and service properties - Migrate ports in xml config and policies already applied in nanny - Remove 'missed config' generation from finite state machine, which is completed while parsing the config or while xml config migration. - Issue a warning when 'lower' interface (e.g. eth0) config is missed while parsing config depending on it (e.g. eth0.42 vlan). - Resolve ovs master to the effective bridge in config and wickedd - Implement netif-check-state require checks using system relations from wickedd/kernel instead of config relations for ifdown and add linkDown and deleteDevice checks to all master and lower references. - Add a `wicked --dry-run ???` option to show the system/config interface hierarchies as notice with +/- marked interfaces to setup and/or shutdown. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1830-1 Released: Wed May 29 14:08:50 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044). The following package changes have been done: - catatonit-0.2.0-150500.3.3.1 updated - coreutils-8.32-150400.9.6.1 updated - e2fsprogs-1.46.4-150400.3.6.2 updated - kdump-1.0.2+git47.g28549ab-150500.3.6.1 updated - kernel-default-5.14.21-150500.55.65.1 updated - less-590-150400.3.9.1 updated - libblkid1-2.37.4-150500.9.11.1 updated - libcom_err2-1.46.4-150400.3.6.2 updated - libext2fs2-1.46.4-150400.3.6.2 updated - libfdisk1-2.37.4-150500.9.11.1 updated - libglib-2_0-0-2.70.5-150400.3.11.1 updated - libmount1-2.37.4-150500.9.11.1 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libprotobuf-lite25_1_0-25.1-150400.9.6.1 updated - libsmartcols1-2.37.4-150500.9.11.1 updated - libtss2-esys0-3.1.0-150400.3.6.1 updated - libtss2-fapi1-3.1.0-150400.3.6.1 updated - libtss2-mu0-3.1.0-150400.3.6.1 updated - libtss2-rc0-3.1.0-150400.3.6.1 updated - libtss2-sys1-3.1.0-150400.3.6.1 updated - libtss2-tctildr0-3.1.0-150400.3.6.1 updated - libuuid1-2.37.4-150500.9.11.1 updated - openssl-1_1-1.1.1l-150500.17.28.2 updated - perl-base-5.26.1-150300.17.17.1 updated - perl-5.26.1-150300.17.17.1 updated - rpm-ndb-4.14.3-150400.59.16.1 updated - suseconnect-ng-1.9.0-150500.3.21.2 updated - systemd-presets-branding-SLE-15.1-150100.20.14.1 updated - tpm2.0-tools-5.2-150400.6.3.1 updated - util-linux-systemd-2.37.4-150500.9.11.1 updated - util-linux-2.37.4-150500.9.11.1 updated - wicked-service-0.6.75-150500.3.26.1 updated - wicked-0.6.75-150500.3.26.1 updated From sle-container-updates at lists.suse.com Thu May 30 07:01:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 30 May 2024 09:01:31 +0200 (CEST) Subject: SUSE-IU-2024:459-1: Security update of sles-15-sp5-chost-byos-v20240529-arm64 Message-ID: <20240530070131.31D6FF788@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20240529-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:459-1 Image Tags : sles-15-sp5-chost-byos-v20240529-arm64:20240529 Image Release : Severity : important Type : security References : 1082216 1082233 1177529 1189495 1191175 1191410 1192145 1205604 1210617 1211592 1213638 1217408 1218562 1218609 1218686 1218917 1218926 1219104 1219108 1219126 1219169 1219170 1219264 1220117 1220342 1220569 1220679 1220761 1220901 1220915 1220935 1221042 1221044 1221080 1221084 1221088 1221162 1221299 1221612 1221617 1221632 1221645 1221791 1221825 1222011 1222051 1222228 1222247 1222266 1222294 1222307 1222357 1222368 1222379 1222416 1222422 1222424 1222427 1222428 1222430 1222431 1222435 1222437 1222445 1222449 1222482 1222503 1222520 1222536 1222548 1222549 1222550 1222557 1222559 1222585 1222586 1222596 1222609 1222610 1222613 1222615 1222618 1222624 1222630 1222632 1222660 1222662 1222664 1222666 1222669 1222671 1222677 1222678 1222680 1222703 1222704 1222706 1222709 1222710 1222720 1222721 1222724 1222726 1222727 1222764 1222772 1222773 1222776 1222781 1222784 1222785 1222787 1222790 1222791 1222792 1222796 1222798 1222801 1222812 1222824 1222829 1222832 1222836 1222838 1222849 1222866 1222867 1222869 1222876 1222878 1222879 1222881 1222883 1222888 1222894 1222901 1222968 1223012 1223014 1223016 1223024 1223030 1223033 1223034 1223035 1223036 1223037 1223041 1223042 1223051 1223052 1223056 1223057 1223058 1223060 1223061 1223065 1223066 1223067 1223068 1223076 1223078 1223107 1223111 1223115 1223118 1223187 1223189 1223190 1223191 1223196 1223197 1223198 1223275 1223323 1223369 1223380 1223473 1223474 1223475 1223477 1223478 1223479 1223481 1223482 1223484 1223487 1223490 1223496 1223498 1223499 1223501 1223502 1223503 1223505 1223509 1223511 1223512 1223513 1223516 1223517 1223518 1223519 1223520 1223522 1223523 1223525 1223539 1223574 1223595 1223596 1223598 1223605 1223634 1223643 1223644 1223645 1223646 1223648 1223655 1223657 1223660 1223661 1223663 1223664 1223668 1223686 1223687 1223689 1223690 1223693 1223705 1223714 1223735 1223745 1223784 1223785 1223790 1223816 1223821 1223822 1223824 1223827 1223834 1223858 1223875 1223876 1223877 1223878 1223879 1223894 1223921 1223922 1223923 1223924 1223929 1223931 1223932 1223934 1223941 1223948 1223949 1223950 1223951 1223952 1223953 1223956 1223957 1223960 1223962 1223963 1223964 1224044 1224100 1224169 1224340 CVE-2018-6798 CVE-2018-6913 CVE-2021-3521 CVE-2021-47047 CVE-2021-47181 CVE-2021-47182 CVE-2021-47183 CVE-2021-47184 CVE-2021-47185 CVE-2021-47187 CVE-2021-47188 CVE-2021-47189 CVE-2021-47191 CVE-2021-47192 CVE-2021-47193 CVE-2021-47194 CVE-2021-47195 CVE-2021-47196 CVE-2021-47197 CVE-2021-47198 CVE-2021-47199 CVE-2021-47200 CVE-2021-47201 CVE-2021-47202 CVE-2021-47203 CVE-2021-47204 CVE-2021-47205 CVE-2021-47206 CVE-2021-47207 CVE-2021-47209 CVE-2021-47210 CVE-2021-47211 CVE-2021-47212 CVE-2021-47214 CVE-2021-47215 CVE-2021-47216 CVE-2021-47217 CVE-2021-47218 CVE-2021-47219 CVE-2022-48631 CVE-2022-48632 CVE-2022-48634 CVE-2022-48636 CVE-2022-48637 CVE-2022-48638 CVE-2022-48639 CVE-2022-48640 CVE-2022-48642 CVE-2022-48644 CVE-2022-48646 CVE-2022-48647 CVE-2022-48648 CVE-2022-48650 CVE-2022-48651 CVE-2022-48652 CVE-2022-48653 CVE-2022-48654 CVE-2022-48655 CVE-2022-48656 CVE-2022-48657 CVE-2022-48658 CVE-2022-48659 CVE-2022-48660 CVE-2022-48662 CVE-2022-48663 CVE-2022-48667 CVE-2022-48668 CVE-2022-48671 CVE-2022-48672 CVE-2022-48673 CVE-2022-48675 CVE-2022-48686 CVE-2022-48687 CVE-2022-48688 CVE-2022-48690 CVE-2022-48692 CVE-2022-48693 CVE-2022-48694 CVE-2022-48695 CVE-2022-48697 CVE-2022-48698 CVE-2022-48700 CVE-2022-48701 CVE-2022-48702 CVE-2022-48703 CVE-2022-48704 CVE-2023-2860 CVE-2023-30608 CVE-2023-52488 CVE-2023-52503 CVE-2023-52561 CVE-2023-52585 CVE-2023-52589 CVE-2023-52590 CVE-2023-52591 CVE-2023-52593 CVE-2023-52614 CVE-2023-52616 CVE-2023-52620 CVE-2023-52627 CVE-2023-52635 CVE-2023-52636 CVE-2023-52645 CVE-2023-52652 CVE-2023-6270 CVE-2024-0639 CVE-2024-0841 CVE-2024-22099 CVE-2024-23307 CVE-2024-23848 CVE-2024-23850 CVE-2024-2511 CVE-2024-26601 CVE-2024-26610 CVE-2024-26656 CVE-2024-26660 CVE-2024-26671 CVE-2024-26673 CVE-2024-26675 CVE-2024-26680 CVE-2024-26681 CVE-2024-26684 CVE-2024-26685 CVE-2024-26687 CVE-2024-26688 CVE-2024-26689 CVE-2024-26696 CVE-2024-26697 CVE-2024-26702 CVE-2024-26704 CVE-2024-26718 CVE-2024-26722 CVE-2024-26727 CVE-2024-26733 CVE-2024-26736 CVE-2024-26737 CVE-2024-26739 CVE-2024-26743 CVE-2024-26744 CVE-2024-26745 CVE-2024-26747 CVE-2024-26749 CVE-2024-26751 CVE-2024-26754 CVE-2024-26760 CVE-2024-26763 CVE-2024-26764 CVE-2024-26766 CVE-2024-26769 CVE-2024-26771 CVE-2024-26772 CVE-2024-26773 CVE-2024-26776 CVE-2024-26779 CVE-2024-26783 CVE-2024-26787 CVE-2024-26790 CVE-2024-26792 CVE-2024-26793 CVE-2024-26798 CVE-2024-26805 CVE-2024-26807 CVE-2024-26816 CVE-2024-26817 CVE-2024-26820 CVE-2024-26825 CVE-2024-26830 CVE-2024-26833 CVE-2024-26836 CVE-2024-26843 CVE-2024-26848 CVE-2024-26852 CVE-2024-26853 CVE-2024-26855 CVE-2024-26856 CVE-2024-26857 CVE-2024-26861 CVE-2024-26862 CVE-2024-26866 CVE-2024-26872 CVE-2024-26875 CVE-2024-26878 CVE-2024-26879 CVE-2024-26881 CVE-2024-26882 CVE-2024-26883 CVE-2024-26884 CVE-2024-26885 CVE-2024-26891 CVE-2024-26893 CVE-2024-26895 CVE-2024-26896 CVE-2024-26897 CVE-2024-26898 CVE-2024-26901 CVE-2024-26903 CVE-2024-26917 CVE-2024-26927 CVE-2024-26948 CVE-2024-26950 CVE-2024-26951 CVE-2024-26955 CVE-2024-26956 CVE-2024-26960 CVE-2024-26965 CVE-2024-26966 CVE-2024-26969 CVE-2024-26970 CVE-2024-26972 CVE-2024-26981 CVE-2024-26982 CVE-2024-26993 CVE-2024-27013 CVE-2024-27014 CVE-2024-27030 CVE-2024-27038 CVE-2024-27039 CVE-2024-27041 CVE-2024-27043 CVE-2024-27046 CVE-2024-27056 CVE-2024-27062 CVE-2024-27389 CVE-2024-29038 CVE-2024-29039 CVE-2024-29040 CVE-2024-32487 CVE-2024-34397 ----------------------------------------------------------------- The container sles-15-sp5-chost-byos-v20240529-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1557-1 Released: Wed May 8 11:42:34 2024 Summary: Security update for rpm Type: security Severity: moderate References: 1189495,1191175,1218686,CVE-2021-3521 This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175) Other fixes: - accept more signature subpackets marked as critical (bsc#1218686) - backport limit support for the autopatch macro (bsc#1189495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1566-1 Released: Thu May 9 12:33:21 2024 Summary: Recommended update for catatonit Type: recommended Severity: moderate References: This update for catatonit fixes the following issues: - Update to catatonit v0.2.0 - Change license to GPL-2.0-or-later ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1598-1 Released: Fri May 10 11:50:36 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1635-1 Released: Tue May 14 11:36:51 2024 Summary: Security update for tpm2-0-tss Type: security Severity: moderate References: 1223690,CVE-2024-29040 This update for tpm2-0-tss fixes the following issues: - CVE-2024-29040: Fixed quote data validation by Fapi_VerifyQuote (bsc#1223690). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1636-1 Released: Tue May 14 11:37:24 2024 Summary: Security update for tpm2.0-tools Type: security Severity: moderate References: 1223687,1223689,CVE-2024-29038,CVE-2024-29039 This update for tpm2.0-tools fixes the following issues: - CVE-2024-29038: Fixed arbitrary quote data validation by tpm2_checkquote (bsc#1223687). - CVE-2024-29039: Fixed pcr selection value to be compared with the attest (bsc#1223689). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1637-1 Released: Tue May 14 14:22:14 2024 Summary: Recommended update for google-cloud SDK Type: recommended Severity: moderate References: 1210617,CVE-2023-30608 This update for google-cloud SDK fixes the following issues: - Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697) - Bellow 5 binaries Obsolete the python3.6 counterpart: python311-google-resumable-media python311-google-api-core python311-google-cloud-storage python311-google-cloud-core python311-googleapis-common-protos - Regular python311 updates (without Obsoletes): python-google-auth python-grpcio python-sqlparse - New python311 packages: libcrc32c python-google-cloud-appengine-logging python-google-cloud-artifact-registry python-google-cloud-audit-log python-google-cloud-build python-google-cloud-compute python-google-cloud-dns python-google-cloud-domains python-google-cloud-iam python-google-cloud-kms-inventory python-google-cloud-kms python-google-cloud-logging python-google-cloud-run python-google-cloud-secret-manager python-google-cloud-service-directory python-google-cloud-spanner python-google-cloud-vpc-access python-google-crc32c python-grpc-google-iam-v1 python-grpcio-status python-proto-plus In python-sqlparse this security issue was fixed: CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (bsc#1210617) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1659-1 Released: Wed May 15 11:29:35 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1177529,1192145,1211592,1217408,1218562,1218917,1219104,1219126,1219169,1219170,1219264,1220342,1220569,1220761,1220901,1220915,1220935,1221042,1221044,1221080,1221084,1221088,1221162,1221299,1221612,1221617,1221645,1221791,1221825,1222011,1222051,1222247,1222266,1222294,1222307,1222357,1222368,1222379,1222416,1222422,1222424,1222427,1222428,1222430,1222431,1222435,1222437,1222445,1222449,1222482,1222503,1222520,1222536,1222549,1222550,1222557,1222559,1222585,1222586,1222596,1222609,1222610,1222613,1222615,1222618,1222624,1222630,1222632,1222660,1222662,1222664,1222666,1222669,1222671,1222677,1222678,1222680,1222703,1222704,1222706,1222709,1222710,1222720,1222721,1222724,1222726,1222727,1222764,1222772,1222773,1222776,1222781,1222784,1222785,1222787,1222790,1222791,1222792,1222796,1222798,1222801,1222812,1222824,1222829,1222832,1222836,1222838,1222866,1222867,1222869,1222876,1222878,1222879,1222881,1222883,1222888,1222894,1222901,1222968,1223012,1223014,1223016,1223024,1 223030,1223033,1223034,1223035,1223036,1223037,1223041,1223042,1223051,1223052,1223056,1223057,1223058,1223060,1223061,1223065,1223066,1223067,1223068,1223076,1223078,1223111,1223115,1223118,1223187,1223189,1223190,1223191,1223196,1223197,1223198,1223275,1223323,1223369,1223380,1223473,1223474,1223475,1223477,1223478,1223479,1223481,1223482,1223484,1223487,1223490,1223496,1223498,1223499,1223501,1223502,1223503,1223505,1223509,1223511,1223512,1223513,1223516,1223517,1223518,1223519,1223520,1223522,1223523,1223525,1223539,1223574,1223595,1223598,1223634,1223643,1223644,1223645,1223646,1223648,1223655,1223657,1223660,1223661,1223663,1223664,1223668,1223686,1223693,1223705,1223714,1223735,1223745,1223784,1223785,1223790,1223816,1223821,1223822,1223824,1223827,1223834,1223875,1223876,1223877,1223878,1223879,1223894,1223921,1223922,1223923,1223924,1223929,1223931,1223932,1223934,1223941,1223948,1223949,1223950,1223951,1223952,1223953,1223956,1223957,1223960,1223962,1223963,1223964,CVE-20 21-47047,CVE-2021-47181,CVE-2021-47182,CVE-2021-47183,CVE-2021-47184,CVE-2021-47185,CVE-2021-47187,CVE-2021-47188,CVE-2021-47189,CVE-2021-47191,CVE-2021-47192,CVE-2021-47193,CVE-2021-47194,CVE-2021-47195,CVE-2021-47196,CVE-2021-47197,CVE-2021-47198,CVE-2021-47199,CVE-2021-47200,CVE-2021-47201,CVE-2021-47202,CVE-2021-47203,CVE-2021-47204,CVE-2021-47205,CVE-2021-47206,CVE-2021-47207,CVE-2021-47209,CVE-2021-47210,CVE-2021-47211,CVE-2021-47212,CVE-2021-47214,CVE-2021-47215,CVE-2021-47216,CVE-2021-47217,CVE-2021-47218,CVE-2021-47219,CVE-2022-48631,CVE-2022-48632,CVE-2022-48634,CVE-2022-48636,CVE-2022-48637,CVE-2022-48638,CVE-2022-48639,CVE-2022-48640,CVE-2022-48642,CVE-2022-48644,CVE-2022-48646,CVE-2022-48647,CVE-2022-48648,CVE-2022-48650,CVE-2022-48651,CVE-2022-48652,CVE-2022-48653,CVE-2022-48654,CVE-2022-48655,CVE-2022-48656,CVE-2022-48657,CVE-2022-48658,CVE-2022-48659,CVE-2022-48660,CVE-2022-48662,CVE-2022-48663,CVE-2022-48667,CVE-2022-48668,CVE-2022-48671,CVE-2022-48672,CVE-2022-4867 3,CVE-2022-48675,CVE-2022-48686,CVE-2022-48687,CVE-2022-48688,CVE-2022-48690,CVE-2022-48692,CVE-2022-48693,CVE-2022-48694,CVE-2022-48695,CVE-2022-48697,CVE-2022-48698,CVE-2022-48700,CVE-2022-48701,CVE-2022-48702,CVE-2022-48703,CVE-2022-48704,CVE-2023-2860,CVE-2023-52488,CVE-2023-52503,CVE-2023-52561,CVE-2023-52585,CVE-2023-52589,CVE-2023-52590,CVE-2023-52591,CVE-2023-52593,CVE-2023-52614,CVE-2023-52616,CVE-2023-52620,CVE-2023-52627,CVE-2023-52635,CVE-2023-52636,CVE-2023-52645,CVE-2023-52652,CVE-2023-6270,CVE-2024-0639,CVE-2024-0841,CVE-2024-22099,CVE-2024-23307,CVE-2024-23848,CVE-2024-23850,CVE-2024-26601,CVE-2024-26610,CVE-2024-26656,CVE-2024-26660,CVE-2024-26671,CVE-2024-26673,CVE-2024-26675,CVE-2024-26680,CVE-2024-26681,CVE-2024-26684,CVE-2024-26685,CVE-2024-26687,CVE-2024-26688,CVE-2024-26689,CVE-2024-26696,CVE-2024-26697,CVE-2024-26702,CVE-2024-26704,CVE-2024-26718,CVE-2024-26722,CVE-2024-26727,CVE-2024-26733,CVE-2024-26736,CVE-2024-26737,CVE-2024-26739,CVE-2024-26743,CVE-2024- 26744,CVE-2024-26745,CVE-2024-26747,CVE-2024-26749,CVE-2024-26751,CVE-2024-26754,CVE-2024-26760,CVE-2024-26763,CVE-2024-26764,CVE-2024-26766,CVE-2024-26769,CVE-2024-26771,CVE-2024-26772,CVE-2024-26773,CVE-2024-26776,CVE-2024-26779,CVE-2024-26783,CVE-2024-26787,CVE-2024-26790,CVE-2024-26792,CVE-2024-26793,CVE-2024-26798,CVE-2024-26805,CVE-2024-26807,CVE-2024-26816,CVE-2024-26817,CVE-2024-26820,CVE-2024-26825,CVE-2024-26830,CVE-2024-26833,CVE-2024-26836,CVE-2024-26843,CVE-2024-26848,CVE-2024-26852,CVE-2024-26853,CVE-2024-26855,CVE-2024-26856,CVE-2024-26857,CVE-2024-26861,CVE-2024-26862,CVE-2024-26866,CVE-2024-26872,CVE-2024-26875,CVE-2024-26878,CVE-2024-26879,CVE-2024-26881,CVE-2024-26882,CVE-2024-26883,CVE-2024-26884,CVE-2024-26885,CVE-2024-26891,CVE-2024-26893,CVE-2024-26895,CVE-2024-26896,CVE-2024-26897,CVE-2024-26898,CVE-2024-26901,CVE-2024-26903,CVE-2024-26917,CVE-2024-26927,CVE-2024-26948,CVE-2024-26950,CVE-2024-26951,CVE-2024-26955,CVE-2024-26956,CVE-2024-26960,CVE-2024-26965,C VE-2024-26966,CVE-2024-26969,CVE-2024-26970,CVE-2024-26972,CVE-2024-26981,CVE-2024-26982,CVE-2024-26993,CVE-2024-27013,CVE-2024-27014,CVE-2024-27030,CVE-2024-27038,CVE-2024-27039,CVE-2024-27041,CVE-2024-27043,CVE-2024-27046,CVE-2024-27056,CVE-2024-27062,CVE-2024-27389 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26760: Fixed scsi/target/pscsi bio_put() for error case (bsc#1222596). - CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705). - CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834). - CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists (bsc#1223822). - CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827). - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824). - CVE-2024-27041: Fixed drm/amd/display NULL checks for adev->dm.dc in amdgpu_dm_fini() (bsc#1223714). - CVE-2024-27039: Fixed clk/hisilicon/hi3559a an erroneous devm_kfree() (bsc#1223821). - CVE-2024-27038: Fixed clk_core_get NULL pointer dereference (bsc#1223816). - CVE-2024-27030: Fixed octeontx2-af to use separate handlers for interrupts (bsc#1223790). - CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735). - CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745). - CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693). - CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634). - CVE-2024-26970: Fixed clk/qcom/gcc-ipq6018 termination of frequency table arrays (bsc#1223644). - CVE-2024-26969: Fixed clk/qcom/gcc-ipq8074 termination of frequency table arrays (bsc#1223645). - CVE-2024-26966: Fixed clk/qcom/mmcc-apq8084 termination of frequency table arrays (bsc#1223646). - CVE-2024-26965: Fixed clk/qcom/mmcc-msm8974 termination of frequency table arrays (bsc#1223648). - CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and swapoff() (bsc#1223655). - CVE-2024-26951: Fixed wireguard/netlink check for dangling peer via is_dead instead of empty list (bsc#1223660). - CVE-2024-26950: Fixed wireguard/netlink to access device through ctx instead of peer (bsc#1223661). - CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664). - CVE-2024-26927: Fixed ASoC/SOF bounds checking to firmware data Smatch (bsc#1223525). - CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198). - CVE-2024-26896: Fixed wifi/wfx memory leak when starting AP (bsc#1223042). - CVE-2024-26893: Fixed firmware/arm_scmi for possible double free in SMC transport cleanup path (bsc#1223196). - CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches (bsc#1223190). - CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189). - CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035). - CVE-2024-26882: Fixed net/ip_tunnel to make sure to pull inner header in ip_tunnel_rcv() (bsc#1223034). - CVE-2024-26881: Fixed net/hns3 kernel crash when 1588 is received on HIP08 devices (bsc#1223041). - CVE-2024-26879: Fixed clk/meson by adding missing clocks to axg_clk_regmaps (bsc#1223066). - CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060). - CVE-2024-26866: Fixed spi/spi-fsl-lpspi by removing redundant spi_controller_put call (bsc#1223024). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-26861: Fixed wireguard/receive annotate data-race around receiving_counter.counter (bsc#1223076). - CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058). - CVE-2024-26856: Fixed use-after-free inside sparx5_del_mact_entry (bsc#1223052). - CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051). - CVE-2024-26853: Fixed igc returning frame twice in XDP_REDIRECT (bsc#1223061). - CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057). - CVE-2024-26848: Fixed afs endless loop in directory parsing (bsc#1223030). - CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for workstations (bsc#1222968). - CVE-2024-26830: Fixed i40e to not allow untrusted VF to remove administratively set MAC (bsc#1223012). - CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid integer overflow (bsc#1222812). - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624). - CVE-2024-26807: Fixed spi/cadence-qspi NULL pointer reference in runtime PM hooks (bsc#1222801). - CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink (bsc#1222630). - CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp (bsc#1222428). - CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a wrong zone index (bsc#1222615). - CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618). - CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (bsc#1222613). - CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma (bsc#1222610) - CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726). - CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721). - CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt (bsc#1222720). - CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in gtp_genl_dump_pdp() in gtp (bsc#1222632). - CVE-2024-26751: Fixed ARM/ep93xx terminator to gpiod_lookup_table (bsc#1222724). - CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449). - CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr (bsc#1222677). - CVE-2024-26737: Fixed selftests/bpf racing between bpf_timer_cancel_and_free and bpf_timer_cancel (bsc#1222557). - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585). - CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already gets read (bsc#1222536). - CVE-2024-26718: Fixed dm-crypt/dm-verity disable tasklets (bsc#1222416). - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422). - CVE-2024-26696: Fixed nilfs2 hang in nilfs_lookup_dirty_data_buffers() (bsc#1222549). - CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503). - CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435). - CVE-2024-26685: Fixed nilfs2 potential bug in end_buffer_async_write (bsc#1222437). - CVE-2024-26684: Fixed net/stmmac/xgmac handling of DPP safety error for DMA channels (bsc#1222445). - CVE-2024-26681: Fixed netdevsim to avoid potential loop in nsim_dev_trap_report_work() (bsc#1222431). - CVE-2024-26680: Fixed net/atlantic DMA mapping for PTP hwts ring (bsc#1222427). - CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379). - CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization (bsc#1222368). - CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357). - CVE-2024-26660: Fixed drm/amd/display bounds check for stream encoder creation (bsc#1222266). - CVE-2024-26656: Fixed drm/amdgpu use-after-free bug (bsc#1222307). - CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299). - CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342). - CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126). - CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104). - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169). - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264). - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686). - CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd (bsc#1223033). - CVE-2023-52636: Fixed libceph cursor init when preparing sparse read in msgr2 (bsc#1222247). - CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294). - CVE-2023-52627: Fixed iio:adc:ad7091r exports into IIO_AD7091R namespace (bsc#1222051). - CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous sets never used from userspace (bsc#1221825). - CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612). - CVE-2023-52614: Fixed PM/devfreq buffer overflow in trans_stat_show (bsc#1221617). - CVE-2023-52593: Fixed wifi/wfx possible NULL pointer dereference in wfx_set_mfp_ap() (bsc#1221042). - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044). - CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088). - CVE-2023-52589: Fixed media/rkisp1 IRQ disable race issue (bsc#1221084). - CVE-2023-52585: Fixed drm/amdgpu for possible NULL pointer dereference in amdgpu_ras_query_error_status_helper() (bsc#1221080). - CVE-2023-52561: Fixed arm64/dts/qcom/sdm845-db845c to mark cont splash memory region (bsc#1220935). - CVE-2023-52503: Fixed tee/amdtee use-after-free vulnerability in amdtee_close_session (bsc#1220915). - CVE-2023-52488: Fixed serial/sc16is7xx convert from _raw_ to _noinc_ regmap functions for FIFO (bsc#1221162). - CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505). - CVE-2022-48659: Fixed mm/slub to return errno if kmalloc() fails (bsc#1223498). - CVE-2022-48658: Fixed mm/slub to avoid a problem in flush_cpu_slab()/__free_slab() task context (bsc#1223496). - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513). - CVE-2022-48642: Fixed netfilter/nf_tables percpu memory leak at nf_tables_addchain() (bsc#1223478). - CVE-2022-48640: Fixed bonding for possible NULL pointer dereference in bond_rr_gen_slave_id (bsc#1223499). - CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475). - CVE-2021-47214: Fixed hugetlb/userfaultfd during restore reservation in hugetlb_mcopy_atomic_pte() (bsc#1222710). - CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878) - CVE-2021-47200: Fixed drm/prime for possible use-after-free in mmap within drm_gem_ttm_mmap() and drm_gem_ttm_mmap() (bsc#1222838). - CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832). - CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706). - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669). - CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664). - CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662). - CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660). The following non-security bugs were fixed: - ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter (stable-fixes). - ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC (stable-fixes). - ALSA: hda/realtek - Fix inactive headset mic jack (stable-fixes). - ALSA: hda/realtek: Add quirk for HP SnowWhite laptops (stable-fixes). - ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU (stable-fixes). - ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() (git-fixes). - ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support (stable-fixes). - ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support (stable-fixes). - ALSA: scarlett2: Add correct product series name to messages (stable-fixes). - ALSA: scarlett2: Add support for Clarett 8Pre USB (stable-fixes). - ALSA: scarlett2: Default mixer driver to enabled (stable-fixes). - ALSA: scarlett2: Move USB IDs out from device_info struct (stable-fixes). - ASoC: meson: axg-card: make links nonatomic (git-fixes). - ASoC: meson: axg-tdm-interface: manage formatters in trigger (git-fixes). - ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes). - ASoC: soc-core.c: Skip dummy codec when adding platforms (stable-fixes). - ASoC: tegra: Fix DSPK 16-bit playback (git-fixes). - ASoC: ti: davinci-mcasp: Fix race condition during probe (git-fixes). - Bluetooth: Add new quirk for broken read key length on ATS2851 (git-fixes). - Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes). - Bluetooth: Fix memory leak in hci_req_sync_complete() (git-fixes). - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() (stable-fixes). - Bluetooth: L2CAP: Fix not validating setsockopt user input (git-fixes). - Bluetooth: RFCOMM: Fix not validating setsockopt user input (git-fixes). - Bluetooth: SCO: Fix not validating setsockopt user input (git-fixes). - Bluetooth: add quirk for broken address properties (git-fixes). - Bluetooth: btintel: Fix null ptr deref in btintel_read_version (stable-fixes). - Bluetooth: btintel: Fixe build regression (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 (stable-fixes). - Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE (git-fixes). - Bluetooth: hci_event: set the conn encrypted before conn establishes (stable-fixes). - Bluetooth: hci_sock: Fix not validating setsockopt user input (git-fixes). - Bluetooth: qca: fix NULL-deref on non-serdev suspend (git-fixes). - Documentation: Add missing documentation for EXPORT_OP flags (stable-fixes). - HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (git-fixes). - HID: logitech-dj: allow mice to use all types of reports (git-fixes). - HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running (stable-fixes). - Input: synaptics-rmi4 - fail probing if memory allocation for 'phys' fails (stable-fixes). - NFC: trf7970a: disable all regulators on removal (git-fixes). - NFS: avoid spurious warning of lost lock that is being unlocked (bsc#1221791). - PCI/AER: Block runtime suspend when handling errors (git-fixes). - PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports (git-fixes). - PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports (git-fixes). - PCI/DPC: Quirk PIO log size for certain Intel Root Ports (git-fixes). - PCI/PM: Drain runtime-idle callbacks before driver removal (git-fixes). - PCI: Drop pci_device_remove() test of pci_dev->driver (git-fixes). - PCI: rpaphp: Error out on busy status from get-sensor-state (bsc#1223369 ltc#205888). - RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). - RDMA/cm: Print the old state when cm_destroy_id gets timeout (git-fixes). - RDMA/cm: add timeout to cm_destroy_id wait (git-fixes) - Reapply 'drm/qxl: simplify qxl_fence_wait' (stable-fixes). - Revert 'ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default' (stable-fixes). - Revert 'drm/qxl: simplify qxl_fence_wait' (git-fixes). - Revert 'ice: Fix ice VF reset during iavf initialization (jsc#PED-376).' (bsc#1223275) - Revert 'usb: cdc-wdm: close race between read and workqueue' (git-fixes). - Revert 'usb: phy: generic: Get the vbus supply' (git-fixes). - USB: UAS: return ENODEV when submit urbs fail with device not attached (stable-fixes). - USB: serial: add device ID for VeriFone adapter (stable-fixes). - USB: serial: cp210x: add ID for MGP Instruments PDS100 (stable-fixes). - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M (stable-fixes). - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB (stable-fixes). - USB: serial: option: add Fibocom FM135-GL variants (stable-fixes). - USB: serial: option: add Lonsung U8300/U9300 product (stable-fixes). - USB: serial: option: add MeiG Smart SLM320 product (stable-fixes). - USB: serial: option: add Rolling RW101-GL and RW135-GL support (stable-fixes). - USB: serial: option: add Telit FN920C04 rmnet compositions (stable-fixes). - USB: serial: option: add support for Fibocom FM650/FG650 (stable-fixes). - USB: serial: option: support Quectel EM060K sub-models (stable-fixes). - ahci: asm1064: asm1166: do not limit reported ports (git-fixes). - ahci: asm1064: correct count of reported ports (stable-fixes). - arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes) - arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes) - arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes) - arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes) - arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git-fixes) - arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes) - arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes) - arm64: hibernate: Fix level3 translation fault in swsusp_save() (git-fixes). - ax25: fix use-after-free bugs caused by ax25_ds_del_timer (git-fixes). - batman-adv: Avoid infinite loop trying to resize local TT (git-fixes). - bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes). - bcache: Remove dead references to cache_readaheads (git-fixes). - bcache: Remove unnecessary NULL point check in node allocations (git-fixes). - bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes). - bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes). - bcache: avoid oversize memory allocation by small stripe_size (git-fixes). - bcache: bset: Fix comment typos (git-fixes). - bcache: check return value from btree_node_alloc_replacement() (git-fixes). - bcache: fix NULL pointer reference in cached_dev_detach_finish (git-fixes). - bcache: fix error info in register_bcache() (git-fixes). - bcache: fixup bcache_dev_sectors_dirty_add() multithreaded CPU false sharing (git-fixes). - bcache: fixup btree_cache_wait list damage (git-fixes). - bcache: fixup init dirty data errors (git-fixes). - bcache: fixup lock c->root error (git-fixes). - bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes). - bcache: move calc_cached_dev_sectors to proper place on backing device detach (git-fixes). - bcache: move uapi header bcache.h to bcache code directory (git-fixes). - bcache: prevent potential division by zero error (git-fixes). - bcache: remove EXPERIMENTAL for Kconfig option 'Asynchronous device registration' (git-fixes). - bcache: remove redundant assignment to variable cur_idx (git-fixes). - bcache: remove the backing_dev_name field from struct cached_dev (git-fixes). - bcache: remove the cache_dev_name field from struct cache (git-fixes). - bcache: remove unnecessary flush_workqueue (git-fixes). - bcache: remove unused bch_mark_cache_readahead function def in stats.h (git-fixes). - bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes). - bcache: replace snprintf in show functions with sysfs_emit (git-fixes). - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes). - bcache: use bvec_kmap_local in bch_data_verify (git-fixes). - bcache: use bvec_kmap_local in bio_csum (git-fixes). - bcache: use default_groups in kobj_type (git-fixes). - bcache:: fix repeated words in comments (git-fixes). - ceph: stop copying to iter at EOF on sync reads (bsc#1223068). - ceph: switch to corrected encoding of max_xattr_size in mdsmap (bsc#1223067). - clk: Get runtime PM before walking tree during disable_unused (git-fixes). - clk: Initialize struct clk_core kref earlier (stable-fixes). - clk: Mark 'all_lists' as const (stable-fixes). - clk: Print an info line before disabling unused clocks (stable-fixes). - clk: Remove prepare_lock hold assertion in __clk_release() (git-fixes). - clk: remove extra empty line (stable-fixes). - comedi: vmk80xx: fix incomplete endpoint checking (git-fixes). - dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes). - dm cache: add cond_resched() to various workqueue loops (git-fixes). - dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes). - dm crypt: add cond_resched() to dmcrypt_write() (git-fixes). - dm crypt: avoid accessing uninitialized tasklet (git-fixes). - dm flakey: do not corrupt the zero page (git-fixes). - dm flakey: fix a bug with 32-bit highmem systems (git-fixes). - dm flakey: fix a crash with invalid table line (git-fixes). - dm flakey: fix logic when corrupting a bio (git-fixes). - dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes). - dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes). - dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes). - dm raid: fix false positive for requeue needed during reshape (git-fixes). - dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes). - dm stats: check for and propagate alloc_percpu failure (git-fixes). - dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes). - dm thin metadata: check fail_io before using data_sm (git-fixes). - dm thin: add cond_resched() to various workqueue loops (git-fixes). - dm thin: fix deadlock when swapping to thin device (bsc#1177529). - dm verity: do not perform FEC for failed readahead IO (git-fixes). - dm verity: fix error handling for check_at_most_once on FEC (git-fixes). - dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes). - dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes). - dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes). - dm-raid: fix lockdep waring in 'pers->hot_add_disk' (git-fixes). - dm-verity, dm-crypt: align 'struct bvec_iter' correctly (git-fixes). - dm-verity: align struct dm_verity_fec_io properly (git-fixes). - dm: add cond_resched() to dm_wq_work() (git-fixes). - dm: call the resume method on internal suspend (git-fixes). - dm: do not lock fs when the map is NULL during suspend or resume (git-fixes). - dm: do not lock fs when the map is NULL in process of resume (git-fixes). - dm: remove flush_scheduled_work() during local_exit() (git-fixes). - dm: send just one event on resize, not two (git-fixes). - dma: xilinx_dpdma: Fix locking (git-fixes). - dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (git-fixes). - dmaengine: owl: fix register access functions (git-fixes). - dmaengine: tegra186: Fix residual calculation (git-fixes). - docs: Document the FAN_FS_ERROR event (stable-fixes). - drm-print: add drm_dbg_driver to improve namespace symmetry (stable-fixes). - drm/amd/display: Do not recursively call manual trigger programming (stable-fixes). - drm/amd/display: Fix nanosec stat overflow (stable-fixes). - drm/amd/display: fix disable otg wa logic in DCN316 (stable-fixes). - drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 (stable-fixes). - drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 (stable-fixes). - drm/amdgpu: Fix leak when GPU memory allocation fails (stable-fixes). - drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes). - drm/amdgpu: always force full reset for SOC21 (stable-fixes). - drm/amdgpu: fix incorrect active rb bitmap for gfx11 (stable-fixes). - drm/amdgpu: fix incorrect number of active RBs for gfx11 (stable-fixes). - drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 (git-fixes). - drm/amdgpu: validate the parameters of bo mapping operations more clearly (git-fixes). - drm/amdkfd: Reset GPU on queue preemption failure (stable-fixes). - drm/ast: Fix soft lockup (git-fixes). - drm/client: Fully protect modes[] with dev->mode_config.mutex (stable-fixes). - drm/i915/cdclk: Fix CDCLK programming order when pipes are active (git-fixes). - drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes). - drm/i915: Disable port sync when bigjoiner is used (stable-fixes). - drm/msm/dp: fix typo in dp_display_handle_port_status_changed() (git-fixes). - drm/nouveau/nvkm: add a replacement for nvkm_notify (bsc#1223834) - drm/panel: ili9341: Respect deferred probe (git-fixes). - drm/panel: ili9341: Use predefined error codes (git-fixes). - drm/panel: visionox-rm69299: do not unregister DSI device (git-fixes). - drm/vc4: do not check if plane->state->fb == state->fb (stable-fixes). - drm/vmwgfx: Enable DMA mappings with SEV (git-fixes). - drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes). - drm/vmwgfx: Fix invalid reads in fence signaled events (git-fixes). - drm/vmwgfx: Sort primary plane formats by order of preference (git-fixes). - drm: nv04: Fix out of bounds access (git-fixes). - drm: panel-orientation-quirks: Add quirk for GPD Win Mini (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go (stable-fixes). - dump_stack: Do not get cpu_sync for panic CPU (bsc#1223574). - fbdev: fix incorrect address computation in deferred IO (git-fixes). - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 (stable-fixes). - fbmon: prevent division by zero in fb_videomode_from_videomode() (stable-fixes). - fix build warning - fuse: do not unhash root (bsc#1223951). - fuse: fix root lookup with nonzero generation (bsc#1223950). - hwmon: (amc6821) add of_match table (stable-fixes). - i2c: pxa: hide unused icr_bits[] variable (git-fixes). - i2c: smbus: fix NULL function pointer dereference (git-fixes). - i40e: Fix VF MAC filter removal (git-fixes). - idma64: Do not try to serve interrupts when device is powered off (git-fixes). - iio: accel: mxc4005: Interrupt handling fixes (git-fixes). - iio:imu: adis16475: Fix sync mode setting (git-fixes). - init/main.c: Fix potential static_command_line memory overflow (git-fixes). - iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter (git-fixes). - iommu/amd: Fix 'Guest Virtual APIC Table Root Pointer' configuration in IRTE (git-fixes). - iommu/amd: Fix domain flush size when syncing iotlb (git-fixes). - iommu/amd: Fix error handling for pdev_pri_ats_enable() (git-fixes). - iommu/arm-smmu-qcom: Limit the SMR groups to 128 (git-fixes). - iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any (git-fixes). - iommu/fsl: fix all kernel-doc warnings in fsl_pamu.c (git-fixes). - iommu/iova: Fix alloc iova overflows issue (git-fixes). - iommu/mediatek: Flush IOTLB completely only if domain has been attached (git-fixes). - iommu/rockchip: Fix unwind goto issue (git-fixes). - iommu/sprd: Release dma buffer to avoid memory leak (git-fixes). - iommu/vt-d: Allocate local memory for page request queue (git-fixes). - iommu/vt-d: Allow zero SAGAW if second-stage not supported (git-fixes). - iommu/vt-d: Fix error handling in sva enable/disable paths (git-fixes). - iommu: Fix error unwind in iommu_group_alloc() (git-fixes). - ipv6/addrconf: fix a potential refcount underflow for idev (git-fixes). - kABI: Adjust trace_iterator.wait_index (git-fixes). - kprobes: Fix double free of kretprobe_holder (bsc#1220901). - kprobes: Fix possible use-after-free issue on kprobe registration (git-fixes). - libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (git-fixes). - libnvdimm/region: Allow setting align attribute on regions without mappings (git-fixes). - livepatch: Fix missing newline character in klp_resolve_symbols() (bsc#1223539). - md/raid1: fix choose next idle in read_balance() (git-fixes). - md: Do not clear MD_CLOSING when the raid is about to stop (git-fixes). - md: do not clear MD_RECOVERY_FROZEN for new dm-raid until resume (git-fixes). - media: cec: core: remove length check of Timer Status (stable-fixes). - media: sta2x11: fix irq handler cast (stable-fixes). - mei: me: add arrow lake point H DID (stable-fixes). - mei: me: add arrow lake point S DID (stable-fixes). - mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes). - mm/vmscan: make sure wakeup_kswapd with managed zone (bsc#1223473). - mmc: sdhci-msm: pervent access to suspended controller (git-fixes). - mtd: diskonchip: work around ubsan link failure (stable-fixes). - nd_btt: Make BTT lanes preemptible (git-fixes). - net: bridge: vlan: fix memory leak in __allowed_ingress (git-fixes). - net: fix a memleak when uncloning an skb dst and its metadata (git-fixes). - net: fix skb leak in __skb_tstamp_tx() (git-fixes). - net: ipv6: ensure we call ipv6_mc_down() at most once (git-fixes). - net: mld: fix reference count leak in mld_{query | report}_work() (git-fixes). - net: stream: purge sk_error_queue in sk_stream_kill_queues() (git-fixes). - net: usb: ax88179_178a: avoid the interface always configured as random address (git-fixes). - net: usb: ax88179_178a: avoid writing the mac address before first reading (git-fixes). - net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes). - net: vlan: fix underflow for the real_dev refcnt (git-fixes). - netfilter: br_netfilter: Drop dst references before setting (git-fixes). - netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() (git-fixes). - netfilter: nft_ct: fix l3num expectations with inet pseudo family (git-fixes). - nfsd: use __fput_sync() to avoid delayed closing of files (bsc#1223380 bsc#1217408). - nilfs2: fix OOB in nilfs_set_de_type (git-fixes). - nilfs2: fix OOB in nilfs_set_de_type (git-fixes). - nouveau: fix function cast warning (git-fixes). - nouveau: fix instmem race condition around ptr stores (git-fixes). - nvdimm/namespace: drop nested variable in create_namespace_pmem() (git-fixes). - nvdimm: Allow overwrite in the presence of disabled dimms (git-fixes). - nvdimm: Fix badblocks clear off-by-one error (git-fixes). - nvdimm: Fix dereference after free in register_nvdimm_pmu() (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu() (git-fixes). - pci_iounmap(): Fix MMIO mapping leak (git-fixes). - phy: tegra: xusb: Add API to retrieve the port number of phy (stable-fixes). - pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs (stable-fixes). - platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet (stable-fixes). - powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191). - powerpc/pseries/iommu: LPAR panics when rebooted with a frozen PE (bsc#1222011 ltc#205900). - powerpc/rtas: define pr_fmt and convert printk call sites (bsc#1223369 ltc#205888). - powerpc/rtas: export rtas_error_rc() for reuse (bsc#1223369 ltc#205888). - powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191). - powerpc: Refactor verification of MSR_RI (bsc#1223191). - printk: Add this_cpu_in_panic() (bsc#1223574). - printk: Adjust mapping for 32bit seq macros (bsc#1223574). - printk: Avoid non-panic CPUs writing to ringbuffer (bsc#1223574). - printk: Disable passing console lock owner completely during panic() (bsc#1223574). - printk: Drop console_sem during panic (bsc#1223574). - printk: Rename abandon_console_lock_in_panic() to other_cpu_in_panic() (bsc#1223574). - printk: Use prb_first_seq() as base for 32bit seq macros (bsc#1223574). - printk: Wait for all reserved records with pr_flush() (bsc#1223574). - printk: nbcon: Relocate 32bit seq macros (bsc#1223574). - printk: ringbuffer: Clarify special lpos values (bsc#1223574). - printk: ringbuffer: Cleanup reader terminology (bsc#1223574). - printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() (bsc#1223574). - printk: ringbuffer: Improve prb_next_seq() performance (bsc#1223574). - printk: ringbuffer: Skip non-finalized records in panic (bsc#1223574). - pstore/zone: Add a null pointer check to the psz_kmsg_read (stable-fixes). - ring-buffer: Do not set shortest_full when full target is hit (git-fixes). - ring-buffer: Fix full_waiters_pending in poll (git-fixes). - ring-buffer: Fix resetting of shortest_full (git-fixes). - ring-buffer: Fix waking up ring buffer readers (git-fixes). - ring-buffer: Make wake once of ring_buffer_wait() more robust (git-fixes). - ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() (git-fixes). - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment (git-fixes). - s390/cio: Ensure the copied buf is NUL terminated (git-fixes bsc#1223875). - s390/decompressor: fix misaligned symbol build error (git-fixes bsc#1223785). - s390/mm: Fix clearing storage keys for huge pages (git-fixes bsc#1223877). - s390/mm: Fix storage key clearing for guest huge pages (git-fixes bsc#1223878). - s390/qeth: Fix kernel panic after setting hsuid (git-fixes bsc#1223879). - s390/scm: fix virtual vs physical address confusion (git-fixes bsc#1223784). - s390/vdso: Add CFI for RA register to asm macro vdso_func (git-fixes bsc#1223876). - s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223598). - s390/zcrypt: fix reference counting on zcrypt card objects (git-fixes bsc#1223595). - serial/pmac_zilog: Remove flawed mitigation for rx irq flood (git-fixes). - serial: core: Provide port lock wrappers (stable-fixes). - serial: core: fix kernel-doc for uart_port_unlock_irqrestore() (git-fixes). - serial: mxs-auart: add spinlock around changing cts state (git-fixes). - slimbus: qcom-ngd-ctrl: Add timeout for wait operation (git-fixes). - speakup: Avoid crash on very long word (git-fixes). - speakup: Fix 8bit characters from direct synth (git-fixes). - tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp (git-fixes). - thunderbolt: Avoid notify PM core about runtime PM resume (stable-fixes). - thunderbolt: Fix wake configurations after device unplug (stable-fixes). - tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string (git-fixes). - tracing/ring-buffer: Fix wait_on_pipe() race (git-fixes). - tracing: Have saved_cmdlines arrays all in one allocation (git-fixes). - tracing: Remove precision vsnprintf() check from print event (git-fixes). - tracing: Show size of requested perf buffer (git-fixes). - tracing: Use .flush() call to wake up readers (git-fixes). - usb: Disable USB3 LPM at shutdown (stable-fixes). - usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device (git-fixes). - usb: dwc2: host: Fix dereference issue in DDMA completion flow (git-fixes). - usb: gadget: composite: fix OS descriptors w_value logic (git-fixes). - usb: gadget: f_fs: Fix a race condition when processing setup packets (git-fixes). - usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error (stable-fixes). - usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic (git-fixes). - usb: ohci: Prevent missed ohci interrupts (git-fixes). - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined (stable-fixes). - usb: typec: tcpci: add generic tcpci fallback compatible (stable-fixes). - usb: typec: tcpm: Check for port partner validity before consuming it (git-fixes). - usb: typec: tcpm: unregister existing source caps before re-registration (bsc#1220569). - usb: typec: ucsi: Ack unsupported commands (stable-fixes). - usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset (stable-fixes). - usb: typec: ucsi: Fix connector check on init (git-fixes). - usb: udc: remove warning when queue disabled ep (stable-fixes). - vdpa/mlx5: Allow CVQ size changes (git-fixes). - virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal (bsc#1223949). - wifi: ath9k: fix LNA selection in ath_ant_try_scan() (stable-fixes). - wifi: iwlwifi: mvm: remove old PASN station when adding a new one (git-fixes). - wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd (git-fixes). - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (stable-fixes). - wifi: nl80211: do not free NULL coalescing rule (git-fixes). - x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git-fixes). - x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type (jsc#PED-7167 git-fixes). - x86/sev: Skip ROM range scans and validation for SEV-SNP guests (jsc#PED-7167 git-fixes). - x86/xen: Add some null pointer checking to smp.c (git-fixes). - x86/xen: add CPU dependencies for 32-bit build (git-fixes). - x86/xen: fix percpu vcpu_info allocation (git-fixes). - xen-netback: properly sync TX responses (git-fixes). - xen-netfront: Add missing skb_mark_for_recycle (git-fixes). - xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import (git-fixes). - xen/xenbus: document will_handle argument for xenbus_watch_path() (git-fixes). - xfrm6: fix inet6_dev refcount underflow problem (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1778-1 Released: Fri May 24 17:40:50 2024 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable sysctl-logger (jsc#PED-5024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1787-1 Released: Mon May 27 15:22:56 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1223858,1224169,1224340 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. This update fixes a regression with kerberized nfs4 shares in the previous update (bsc#1223858). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1796-1 Released: Tue May 28 14:52:51 2024 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1191410,1222228 This update for kdump fixes the following issues: - Return success from pre, post, preun and postun scriplets (bsc#1222228, bsc#1191410) - Differentiate between uninstall and upgrade in postun/prerun (bsc#1191410) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1799-1 Released: Tue May 28 15:45:23 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1220679,1223107 This update for suseconnect-ng fixes the following issue: - Version update * Fix certificate import for Yast when using a registration proxy with self-signed SSL certificate (bsc#1223107) * Allow '--rollback' flag to run on readonly filesystem (bsc#1220679) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1810-1 Released: Wed May 29 08:58:01 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1218609,1220117,1223605 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) - lscpu: Add more ARM cores (bsc#1223605) - Document that chcpu -g is not supported on IBM z/VM (bsc#1218609) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1828-1 Released: Wed May 29 10:44:54 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1205604,1218926,1219108,1224100 This update for wicked fixes the following issues: - client: fix ifreload to pull UP ports/links again when the config of their master/lower changed (bsc#1224100) - Update to version 0.6.75: - cleanup: fix ni_fsm_state_t enum-int-mismatch warnings - cleanup: fix overflow warnings in a socket testcase on i586 - ifcheck: report new and deleted configs as changed (bsc#1218926) - man: improve ARP configuration options in the wicked-config.5 - bond: add ports when master is UP to avoid port MTU revert (bsc#1219108) - cleanup: fix interface dependencies and shutdown order (bsc#1205604) - Remove port arrays from bond,team,bridge,ovs-bridge (redundant) and consistently use config and state info attached to the port interface as in rtnetlink(7). - Cleanup ifcfg parsing, schema configuration and service properties - Migrate ports in xml config and policies already applied in nanny - Remove 'missed config' generation from finite state machine, which is completed while parsing the config or while xml config migration. - Issue a warning when 'lower' interface (e.g. eth0) config is missed while parsing config depending on it (e.g. eth0.42 vlan). - Resolve ovs master to the effective bridge in config and wickedd - Implement netif-check-state require checks using system relations from wickedd/kernel instead of config relations for ifdown and add linkDown and deleteDevice checks to all master and lower references. - Add a `wicked --dry-run ???` option to show the system/config interface hierarchies as notice with +/- marked interfaces to setup and/or shutdown. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1830-1 Released: Wed May 29 14:08:50 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044). The following package changes have been done: - catatonit-0.2.0-150500.3.3.1 updated - coreutils-8.32-150400.9.6.1 updated - e2fsprogs-1.46.4-150400.3.6.2 updated - kdump-1.0.2+git47.g28549ab-150500.3.6.1 updated - kernel-default-5.14.21-150500.55.65.1 updated - less-590-150400.3.9.1 updated - libblkid1-2.37.4-150500.9.11.1 updated - libcom_err2-1.46.4-150400.3.6.2 updated - libext2fs2-1.46.4-150400.3.6.2 updated - libfdisk1-2.37.4-150500.9.11.1 updated - libglib-2_0-0-2.70.5-150400.3.11.1 updated - libmount1-2.37.4-150500.9.11.1 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libprotobuf-lite25_1_0-25.1-150400.9.6.1 updated - libsmartcols1-2.37.4-150500.9.11.1 updated - libtss2-esys0-3.1.0-150400.3.6.1 updated - libtss2-fapi1-3.1.0-150400.3.6.1 updated - libtss2-mu0-3.1.0-150400.3.6.1 updated - libtss2-rc0-3.1.0-150400.3.6.1 updated - libtss2-sys1-3.1.0-150400.3.6.1 updated - libtss2-tctildr0-3.1.0-150400.3.6.1 updated - libuuid1-2.37.4-150500.9.11.1 updated - openssl-1_1-1.1.1l-150500.17.28.2 updated - perl-base-5.26.1-150300.17.17.1 updated - perl-5.26.1-150300.17.17.1 updated - rpm-ndb-4.14.3-150400.59.16.1 updated - suseconnect-ng-1.9.0-150500.3.21.2 updated - systemd-presets-branding-SLE-15.1-150100.20.14.1 updated - tpm2.0-tools-5.2-150400.6.3.1 updated - util-linux-systemd-2.37.4-150500.9.11.1 updated - util-linux-2.37.4-150500.9.11.1 updated - wicked-service-0.6.75-150500.3.26.1 updated - wicked-0.6.75-150500.3.26.1 updated From sle-container-updates at lists.suse.com Fri May 31 07:01:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 31 May 2024 09:01:21 +0200 (CEST) Subject: SUSE-IU-2024:465-1: Security update of suse-sles-15-sp5-chost-byos-v20240529-x86_64-gen2 Message-ID: <20240531070121.6C766F788@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20240529-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:465-1 Image Tags : suse-sles-15-sp5-chost-byos-v20240529-x86_64-gen2:20240529 Image Release : Severity : important Type : security References : 1082216 1082233 1177529 1189495 1191175 1191410 1192145 1205604 1210617 1211592 1213638 1217408 1218562 1218609 1218686 1218917 1218926 1219104 1219108 1219126 1219169 1219170 1219264 1220117 1220342 1220569 1220679 1220761 1220901 1220915 1220935 1221042 1221044 1221080 1221084 1221088 1221162 1221299 1221612 1221617 1221632 1221645 1221791 1221825 1222011 1222051 1222228 1222247 1222266 1222294 1222307 1222357 1222368 1222379 1222416 1222422 1222424 1222427 1222428 1222430 1222431 1222435 1222437 1222445 1222449 1222482 1222503 1222520 1222536 1222548 1222549 1222550 1222557 1222559 1222585 1222586 1222596 1222609 1222610 1222613 1222615 1222618 1222624 1222630 1222632 1222660 1222662 1222664 1222666 1222669 1222671 1222677 1222678 1222680 1222703 1222704 1222706 1222709 1222710 1222720 1222721 1222724 1222726 1222727 1222764 1222772 1222773 1222776 1222781 1222784 1222785 1222787 1222790 1222791 1222792 1222796 1222798 1222801 1222812 1222824 1222829 1222832 1222836 1222838 1222849 1222866 1222867 1222869 1222876 1222878 1222879 1222881 1222883 1222888 1222894 1222901 1222968 1223012 1223014 1223016 1223024 1223030 1223033 1223034 1223035 1223036 1223037 1223041 1223042 1223051 1223052 1223056 1223057 1223058 1223060 1223061 1223065 1223066 1223067 1223068 1223076 1223078 1223107 1223111 1223115 1223118 1223187 1223189 1223190 1223191 1223196 1223197 1223198 1223275 1223323 1223369 1223380 1223473 1223474 1223475 1223477 1223478 1223479 1223481 1223482 1223484 1223487 1223490 1223496 1223498 1223499 1223501 1223502 1223503 1223505 1223509 1223511 1223512 1223513 1223516 1223517 1223518 1223519 1223520 1223522 1223523 1223525 1223539 1223574 1223595 1223596 1223598 1223605 1223634 1223643 1223644 1223645 1223646 1223648 1223655 1223657 1223660 1223661 1223663 1223664 1223668 1223686 1223687 1223689 1223690 1223693 1223705 1223714 1223735 1223745 1223784 1223785 1223790 1223816 1223821 1223822 1223824 1223827 1223834 1223858 1223875 1223876 1223877 1223878 1223879 1223894 1223921 1223922 1223923 1223924 1223929 1223931 1223932 1223934 1223941 1223948 1223949 1223950 1223951 1223952 1223953 1223956 1223957 1223960 1223962 1223963 1223964 1224044 1224100 1224169 1224340 CVE-2018-6798 CVE-2018-6913 CVE-2021-3521 CVE-2021-47047 CVE-2021-47181 CVE-2021-47182 CVE-2021-47183 CVE-2021-47184 CVE-2021-47185 CVE-2021-47187 CVE-2021-47188 CVE-2021-47189 CVE-2021-47191 CVE-2021-47192 CVE-2021-47193 CVE-2021-47194 CVE-2021-47195 CVE-2021-47196 CVE-2021-47197 CVE-2021-47198 CVE-2021-47199 CVE-2021-47200 CVE-2021-47201 CVE-2021-47202 CVE-2021-47203 CVE-2021-47204 CVE-2021-47205 CVE-2021-47206 CVE-2021-47207 CVE-2021-47209 CVE-2021-47210 CVE-2021-47211 CVE-2021-47212 CVE-2021-47214 CVE-2021-47215 CVE-2021-47216 CVE-2021-47217 CVE-2021-47218 CVE-2021-47219 CVE-2022-48631 CVE-2022-48632 CVE-2022-48634 CVE-2022-48636 CVE-2022-48637 CVE-2022-48638 CVE-2022-48639 CVE-2022-48640 CVE-2022-48642 CVE-2022-48644 CVE-2022-48646 CVE-2022-48647 CVE-2022-48648 CVE-2022-48650 CVE-2022-48651 CVE-2022-48652 CVE-2022-48653 CVE-2022-48654 CVE-2022-48655 CVE-2022-48656 CVE-2022-48657 CVE-2022-48658 CVE-2022-48659 CVE-2022-48660 CVE-2022-48662 CVE-2022-48663 CVE-2022-48667 CVE-2022-48668 CVE-2022-48671 CVE-2022-48672 CVE-2022-48673 CVE-2022-48675 CVE-2022-48686 CVE-2022-48687 CVE-2022-48688 CVE-2022-48690 CVE-2022-48692 CVE-2022-48693 CVE-2022-48694 CVE-2022-48695 CVE-2022-48697 CVE-2022-48698 CVE-2022-48700 CVE-2022-48701 CVE-2022-48702 CVE-2022-48703 CVE-2022-48704 CVE-2023-2860 CVE-2023-30608 CVE-2023-52488 CVE-2023-52503 CVE-2023-52561 CVE-2023-52585 CVE-2023-52589 CVE-2023-52590 CVE-2023-52591 CVE-2023-52593 CVE-2023-52614 CVE-2023-52616 CVE-2023-52620 CVE-2023-52627 CVE-2023-52635 CVE-2023-52636 CVE-2023-52645 CVE-2023-52652 CVE-2023-6270 CVE-2024-0639 CVE-2024-0841 CVE-2024-22099 CVE-2024-23307 CVE-2024-23848 CVE-2024-23850 CVE-2024-2511 CVE-2024-26601 CVE-2024-26610 CVE-2024-26656 CVE-2024-26660 CVE-2024-26671 CVE-2024-26673 CVE-2024-26675 CVE-2024-26680 CVE-2024-26681 CVE-2024-26684 CVE-2024-26685 CVE-2024-26687 CVE-2024-26688 CVE-2024-26689 CVE-2024-26696 CVE-2024-26697 CVE-2024-26702 CVE-2024-26704 CVE-2024-26718 CVE-2024-26722 CVE-2024-26727 CVE-2024-26733 CVE-2024-26736 CVE-2024-26737 CVE-2024-26739 CVE-2024-26743 CVE-2024-26744 CVE-2024-26745 CVE-2024-26747 CVE-2024-26749 CVE-2024-26751 CVE-2024-26754 CVE-2024-26760 CVE-2024-26763 CVE-2024-26764 CVE-2024-26766 CVE-2024-26769 CVE-2024-26771 CVE-2024-26772 CVE-2024-26773 CVE-2024-26776 CVE-2024-26779 CVE-2024-26783 CVE-2024-26787 CVE-2024-26790 CVE-2024-26792 CVE-2024-26793 CVE-2024-26798 CVE-2024-26805 CVE-2024-26807 CVE-2024-26816 CVE-2024-26817 CVE-2024-26820 CVE-2024-26825 CVE-2024-26830 CVE-2024-26833 CVE-2024-26836 CVE-2024-26843 CVE-2024-26848 CVE-2024-26852 CVE-2024-26853 CVE-2024-26855 CVE-2024-26856 CVE-2024-26857 CVE-2024-26861 CVE-2024-26862 CVE-2024-26866 CVE-2024-26872 CVE-2024-26875 CVE-2024-26878 CVE-2024-26879 CVE-2024-26881 CVE-2024-26882 CVE-2024-26883 CVE-2024-26884 CVE-2024-26885 CVE-2024-26891 CVE-2024-26893 CVE-2024-26895 CVE-2024-26896 CVE-2024-26897 CVE-2024-26898 CVE-2024-26901 CVE-2024-26903 CVE-2024-26917 CVE-2024-26927 CVE-2024-26948 CVE-2024-26950 CVE-2024-26951 CVE-2024-26955 CVE-2024-26956 CVE-2024-26960 CVE-2024-26965 CVE-2024-26966 CVE-2024-26969 CVE-2024-26970 CVE-2024-26972 CVE-2024-26981 CVE-2024-26982 CVE-2024-26993 CVE-2024-27013 CVE-2024-27014 CVE-2024-27030 CVE-2024-27038 CVE-2024-27039 CVE-2024-27041 CVE-2024-27043 CVE-2024-27046 CVE-2024-27056 CVE-2024-27062 CVE-2024-27389 CVE-2024-29038 CVE-2024-29039 CVE-2024-29040 CVE-2024-32487 CVE-2024-34397 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20240529-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1557-1 Released: Wed May 8 11:42:34 2024 Summary: Security update for rpm Type: security Severity: moderate References: 1189495,1191175,1218686,CVE-2021-3521 This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175) Other fixes: - accept more signature subpackets marked as critical (bsc#1218686) - backport limit support for the autopatch macro (bsc#1189495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1566-1 Released: Thu May 9 12:33:21 2024 Summary: Recommended update for catatonit Type: recommended Severity: moderate References: This update for catatonit fixes the following issues: - Update to catatonit v0.2.0 - Change license to GPL-2.0-or-later ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1598-1 Released: Fri May 10 11:50:36 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1635-1 Released: Tue May 14 11:36:51 2024 Summary: Security update for tpm2-0-tss Type: security Severity: moderate References: 1223690,CVE-2024-29040 This update for tpm2-0-tss fixes the following issues: - CVE-2024-29040: Fixed quote data validation by Fapi_VerifyQuote (bsc#1223690). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1636-1 Released: Tue May 14 11:37:24 2024 Summary: Security update for tpm2.0-tools Type: security Severity: moderate References: 1223687,1223689,CVE-2024-29038,CVE-2024-29039 This update for tpm2.0-tools fixes the following issues: - CVE-2024-29038: Fixed arbitrary quote data validation by tpm2_checkquote (bsc#1223687). - CVE-2024-29039: Fixed pcr selection value to be compared with the attest (bsc#1223689). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1637-1 Released: Tue May 14 14:22:14 2024 Summary: Recommended update for google-cloud SDK Type: recommended Severity: moderate References: 1210617,CVE-2023-30608 This update for google-cloud SDK fixes the following issues: - Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697) - Bellow 5 binaries Obsolete the python3.6 counterpart: python311-google-resumable-media python311-google-api-core python311-google-cloud-storage python311-google-cloud-core python311-googleapis-common-protos - Regular python311 updates (without Obsoletes): python-google-auth python-grpcio python-sqlparse - New python311 packages: libcrc32c python-google-cloud-appengine-logging python-google-cloud-artifact-registry python-google-cloud-audit-log python-google-cloud-build python-google-cloud-compute python-google-cloud-dns python-google-cloud-domains python-google-cloud-iam python-google-cloud-kms-inventory python-google-cloud-kms python-google-cloud-logging python-google-cloud-run python-google-cloud-secret-manager python-google-cloud-service-directory python-google-cloud-spanner python-google-cloud-vpc-access python-google-crc32c python-grpc-google-iam-v1 python-grpcio-status python-proto-plus In python-sqlparse this security issue was fixed: CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (bsc#1210617) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1659-1 Released: Wed May 15 11:29:35 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1177529,1192145,1211592,1217408,1218562,1218917,1219104,1219126,1219169,1219170,1219264,1220342,1220569,1220761,1220901,1220915,1220935,1221042,1221044,1221080,1221084,1221088,1221162,1221299,1221612,1221617,1221645,1221791,1221825,1222011,1222051,1222247,1222266,1222294,1222307,1222357,1222368,1222379,1222416,1222422,1222424,1222427,1222428,1222430,1222431,1222435,1222437,1222445,1222449,1222482,1222503,1222520,1222536,1222549,1222550,1222557,1222559,1222585,1222586,1222596,1222609,1222610,1222613,1222615,1222618,1222624,1222630,1222632,1222660,1222662,1222664,1222666,1222669,1222671,1222677,1222678,1222680,1222703,1222704,1222706,1222709,1222710,1222720,1222721,1222724,1222726,1222727,1222764,1222772,1222773,1222776,1222781,1222784,1222785,1222787,1222790,1222791,1222792,1222796,1222798,1222801,1222812,1222824,1222829,1222832,1222836,1222838,1222866,1222867,1222869,1222876,1222878,1222879,1222881,1222883,1222888,1222894,1222901,1222968,1223012,1223014,1223016,1223024,1 223030,1223033,1223034,1223035,1223036,1223037,1223041,1223042,1223051,1223052,1223056,1223057,1223058,1223060,1223061,1223065,1223066,1223067,1223068,1223076,1223078,1223111,1223115,1223118,1223187,1223189,1223190,1223191,1223196,1223197,1223198,1223275,1223323,1223369,1223380,1223473,1223474,1223475,1223477,1223478,1223479,1223481,1223482,1223484,1223487,1223490,1223496,1223498,1223499,1223501,1223502,1223503,1223505,1223509,1223511,1223512,1223513,1223516,1223517,1223518,1223519,1223520,1223522,1223523,1223525,1223539,1223574,1223595,1223598,1223634,1223643,1223644,1223645,1223646,1223648,1223655,1223657,1223660,1223661,1223663,1223664,1223668,1223686,1223693,1223705,1223714,1223735,1223745,1223784,1223785,1223790,1223816,1223821,1223822,1223824,1223827,1223834,1223875,1223876,1223877,1223878,1223879,1223894,1223921,1223922,1223923,1223924,1223929,1223931,1223932,1223934,1223941,1223948,1223949,1223950,1223951,1223952,1223953,1223956,1223957,1223960,1223962,1223963,1223964,CVE-20 21-47047,CVE-2021-47181,CVE-2021-47182,CVE-2021-47183,CVE-2021-47184,CVE-2021-47185,CVE-2021-47187,CVE-2021-47188,CVE-2021-47189,CVE-2021-47191,CVE-2021-47192,CVE-2021-47193,CVE-2021-47194,CVE-2021-47195,CVE-2021-47196,CVE-2021-47197,CVE-2021-47198,CVE-2021-47199,CVE-2021-47200,CVE-2021-47201,CVE-2021-47202,CVE-2021-47203,CVE-2021-47204,CVE-2021-47205,CVE-2021-47206,CVE-2021-47207,CVE-2021-47209,CVE-2021-47210,CVE-2021-47211,CVE-2021-47212,CVE-2021-47214,CVE-2021-47215,CVE-2021-47216,CVE-2021-47217,CVE-2021-47218,CVE-2021-47219,CVE-2022-48631,CVE-2022-48632,CVE-2022-48634,CVE-2022-48636,CVE-2022-48637,CVE-2022-48638,CVE-2022-48639,CVE-2022-48640,CVE-2022-48642,CVE-2022-48644,CVE-2022-48646,CVE-2022-48647,CVE-2022-48648,CVE-2022-48650,CVE-2022-48651,CVE-2022-48652,CVE-2022-48653,CVE-2022-48654,CVE-2022-48655,CVE-2022-48656,CVE-2022-48657,CVE-2022-48658,CVE-2022-48659,CVE-2022-48660,CVE-2022-48662,CVE-2022-48663,CVE-2022-48667,CVE-2022-48668,CVE-2022-48671,CVE-2022-48672,CVE-2022-4867 3,CVE-2022-48675,CVE-2022-48686,CVE-2022-48687,CVE-2022-48688,CVE-2022-48690,CVE-2022-48692,CVE-2022-48693,CVE-2022-48694,CVE-2022-48695,CVE-2022-48697,CVE-2022-48698,CVE-2022-48700,CVE-2022-48701,CVE-2022-48702,CVE-2022-48703,CVE-2022-48704,CVE-2023-2860,CVE-2023-52488,CVE-2023-52503,CVE-2023-52561,CVE-2023-52585,CVE-2023-52589,CVE-2023-52590,CVE-2023-52591,CVE-2023-52593,CVE-2023-52614,CVE-2023-52616,CVE-2023-52620,CVE-2023-52627,CVE-2023-52635,CVE-2023-52636,CVE-2023-52645,CVE-2023-52652,CVE-2023-6270,CVE-2024-0639,CVE-2024-0841,CVE-2024-22099,CVE-2024-23307,CVE-2024-23848,CVE-2024-23850,CVE-2024-26601,CVE-2024-26610,CVE-2024-26656,CVE-2024-26660,CVE-2024-26671,CVE-2024-26673,CVE-2024-26675,CVE-2024-26680,CVE-2024-26681,CVE-2024-26684,CVE-2024-26685,CVE-2024-26687,CVE-2024-26688,CVE-2024-26689,CVE-2024-26696,CVE-2024-26697,CVE-2024-26702,CVE-2024-26704,CVE-2024-26718,CVE-2024-26722,CVE-2024-26727,CVE-2024-26733,CVE-2024-26736,CVE-2024-26737,CVE-2024-26739,CVE-2024-26743,CVE-2024- 26744,CVE-2024-26745,CVE-2024-26747,CVE-2024-26749,CVE-2024-26751,CVE-2024-26754,CVE-2024-26760,CVE-2024-26763,CVE-2024-26764,CVE-2024-26766,CVE-2024-26769,CVE-2024-26771,CVE-2024-26772,CVE-2024-26773,CVE-2024-26776,CVE-2024-26779,CVE-2024-26783,CVE-2024-26787,CVE-2024-26790,CVE-2024-26792,CVE-2024-26793,CVE-2024-26798,CVE-2024-26805,CVE-2024-26807,CVE-2024-26816,CVE-2024-26817,CVE-2024-26820,CVE-2024-26825,CVE-2024-26830,CVE-2024-26833,CVE-2024-26836,CVE-2024-26843,CVE-2024-26848,CVE-2024-26852,CVE-2024-26853,CVE-2024-26855,CVE-2024-26856,CVE-2024-26857,CVE-2024-26861,CVE-2024-26862,CVE-2024-26866,CVE-2024-26872,CVE-2024-26875,CVE-2024-26878,CVE-2024-26879,CVE-2024-26881,CVE-2024-26882,CVE-2024-26883,CVE-2024-26884,CVE-2024-26885,CVE-2024-26891,CVE-2024-26893,CVE-2024-26895,CVE-2024-26896,CVE-2024-26897,CVE-2024-26898,CVE-2024-26901,CVE-2024-26903,CVE-2024-26917,CVE-2024-26927,CVE-2024-26948,CVE-2024-26950,CVE-2024-26951,CVE-2024-26955,CVE-2024-26956,CVE-2024-26960,CVE-2024-26965,C VE-2024-26966,CVE-2024-26969,CVE-2024-26970,CVE-2024-26972,CVE-2024-26981,CVE-2024-26982,CVE-2024-26993,CVE-2024-27013,CVE-2024-27014,CVE-2024-27030,CVE-2024-27038,CVE-2024-27039,CVE-2024-27041,CVE-2024-27043,CVE-2024-27046,CVE-2024-27056,CVE-2024-27062,CVE-2024-27389 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26760: Fixed scsi/target/pscsi bio_put() for error case (bsc#1222596). - CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705). - CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834). - CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists (bsc#1223822). - CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827). - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824). - CVE-2024-27041: Fixed drm/amd/display NULL checks for adev->dm.dc in amdgpu_dm_fini() (bsc#1223714). - CVE-2024-27039: Fixed clk/hisilicon/hi3559a an erroneous devm_kfree() (bsc#1223821). - CVE-2024-27038: Fixed clk_core_get NULL pointer dereference (bsc#1223816). - CVE-2024-27030: Fixed octeontx2-af to use separate handlers for interrupts (bsc#1223790). - CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735). - CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745). - CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693). - CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634). - CVE-2024-26970: Fixed clk/qcom/gcc-ipq6018 termination of frequency table arrays (bsc#1223644). - CVE-2024-26969: Fixed clk/qcom/gcc-ipq8074 termination of frequency table arrays (bsc#1223645). - CVE-2024-26966: Fixed clk/qcom/mmcc-apq8084 termination of frequency table arrays (bsc#1223646). - CVE-2024-26965: Fixed clk/qcom/mmcc-msm8974 termination of frequency table arrays (bsc#1223648). - CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and swapoff() (bsc#1223655). - CVE-2024-26951: Fixed wireguard/netlink check for dangling peer via is_dead instead of empty list (bsc#1223660). - CVE-2024-26950: Fixed wireguard/netlink to access device through ctx instead of peer (bsc#1223661). - CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664). - CVE-2024-26927: Fixed ASoC/SOF bounds checking to firmware data Smatch (bsc#1223525). - CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198). - CVE-2024-26896: Fixed wifi/wfx memory leak when starting AP (bsc#1223042). - CVE-2024-26893: Fixed firmware/arm_scmi for possible double free in SMC transport cleanup path (bsc#1223196). - CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches (bsc#1223190). - CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189). - CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035). - CVE-2024-26882: Fixed net/ip_tunnel to make sure to pull inner header in ip_tunnel_rcv() (bsc#1223034). - CVE-2024-26881: Fixed net/hns3 kernel crash when 1588 is received on HIP08 devices (bsc#1223041). - CVE-2024-26879: Fixed clk/meson by adding missing clocks to axg_clk_regmaps (bsc#1223066). - CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060). - CVE-2024-26866: Fixed spi/spi-fsl-lpspi by removing redundant spi_controller_put call (bsc#1223024). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-26861: Fixed wireguard/receive annotate data-race around receiving_counter.counter (bsc#1223076). - CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058). - CVE-2024-26856: Fixed use-after-free inside sparx5_del_mact_entry (bsc#1223052). - CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051). - CVE-2024-26853: Fixed igc returning frame twice in XDP_REDIRECT (bsc#1223061). - CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057). - CVE-2024-26848: Fixed afs endless loop in directory parsing (bsc#1223030). - CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for workstations (bsc#1222968). - CVE-2024-26830: Fixed i40e to not allow untrusted VF to remove administratively set MAC (bsc#1223012). - CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid integer overflow (bsc#1222812). - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624). - CVE-2024-26807: Fixed spi/cadence-qspi NULL pointer reference in runtime PM hooks (bsc#1222801). - CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink (bsc#1222630). - CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp (bsc#1222428). - CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a wrong zone index (bsc#1222615). - CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618). - CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (bsc#1222613). - CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma (bsc#1222610) - CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726). - CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721). - CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt (bsc#1222720). - CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in gtp_genl_dump_pdp() in gtp (bsc#1222632). - CVE-2024-26751: Fixed ARM/ep93xx terminator to gpiod_lookup_table (bsc#1222724). - CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449). - CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr (bsc#1222677). - CVE-2024-26737: Fixed selftests/bpf racing between bpf_timer_cancel_and_free and bpf_timer_cancel (bsc#1222557). - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585). - CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already gets read (bsc#1222536). - CVE-2024-26718: Fixed dm-crypt/dm-verity disable tasklets (bsc#1222416). - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422). - CVE-2024-26696: Fixed nilfs2 hang in nilfs_lookup_dirty_data_buffers() (bsc#1222549). - CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503). - CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435). - CVE-2024-26685: Fixed nilfs2 potential bug in end_buffer_async_write (bsc#1222437). - CVE-2024-26684: Fixed net/stmmac/xgmac handling of DPP safety error for DMA channels (bsc#1222445). - CVE-2024-26681: Fixed netdevsim to avoid potential loop in nsim_dev_trap_report_work() (bsc#1222431). - CVE-2024-26680: Fixed net/atlantic DMA mapping for PTP hwts ring (bsc#1222427). - CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379). - CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization (bsc#1222368). - CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357). - CVE-2024-26660: Fixed drm/amd/display bounds check for stream encoder creation (bsc#1222266). - CVE-2024-26656: Fixed drm/amdgpu use-after-free bug (bsc#1222307). - CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299). - CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342). - CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126). - CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104). - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169). - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264). - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686). - CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd (bsc#1223033). - CVE-2023-52636: Fixed libceph cursor init when preparing sparse read in msgr2 (bsc#1222247). - CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294). - CVE-2023-52627: Fixed iio:adc:ad7091r exports into IIO_AD7091R namespace (bsc#1222051). - CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous sets never used from userspace (bsc#1221825). - CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612). - CVE-2023-52614: Fixed PM/devfreq buffer overflow in trans_stat_show (bsc#1221617). - CVE-2023-52593: Fixed wifi/wfx possible NULL pointer dereference in wfx_set_mfp_ap() (bsc#1221042). - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044). - CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088). - CVE-2023-52589: Fixed media/rkisp1 IRQ disable race issue (bsc#1221084). - CVE-2023-52585: Fixed drm/amdgpu for possible NULL pointer dereference in amdgpu_ras_query_error_status_helper() (bsc#1221080). - CVE-2023-52561: Fixed arm64/dts/qcom/sdm845-db845c to mark cont splash memory region (bsc#1220935). - CVE-2023-52503: Fixed tee/amdtee use-after-free vulnerability in amdtee_close_session (bsc#1220915). - CVE-2023-52488: Fixed serial/sc16is7xx convert from _raw_ to _noinc_ regmap functions for FIFO (bsc#1221162). - CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505). - CVE-2022-48659: Fixed mm/slub to return errno if kmalloc() fails (bsc#1223498). - CVE-2022-48658: Fixed mm/slub to avoid a problem in flush_cpu_slab()/__free_slab() task context (bsc#1223496). - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513). - CVE-2022-48642: Fixed netfilter/nf_tables percpu memory leak at nf_tables_addchain() (bsc#1223478). - CVE-2022-48640: Fixed bonding for possible NULL pointer dereference in bond_rr_gen_slave_id (bsc#1223499). - CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475). - CVE-2021-47214: Fixed hugetlb/userfaultfd during restore reservation in hugetlb_mcopy_atomic_pte() (bsc#1222710). - CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878) - CVE-2021-47200: Fixed drm/prime for possible use-after-free in mmap within drm_gem_ttm_mmap() and drm_gem_ttm_mmap() (bsc#1222838). - CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832). - CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706). - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669). - CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664). - CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662). - CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660). The following non-security bugs were fixed: - ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter (stable-fixes). - ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC (stable-fixes). - ALSA: hda/realtek - Fix inactive headset mic jack (stable-fixes). - ALSA: hda/realtek: Add quirk for HP SnowWhite laptops (stable-fixes). - ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU (stable-fixes). - ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() (git-fixes). - ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support (stable-fixes). - ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support (stable-fixes). - ALSA: scarlett2: Add correct product series name to messages (stable-fixes). - ALSA: scarlett2: Add support for Clarett 8Pre USB (stable-fixes). - ALSA: scarlett2: Default mixer driver to enabled (stable-fixes). - ALSA: scarlett2: Move USB IDs out from device_info struct (stable-fixes). - ASoC: meson: axg-card: make links nonatomic (git-fixes). - ASoC: meson: axg-tdm-interface: manage formatters in trigger (git-fixes). - ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes). - ASoC: soc-core.c: Skip dummy codec when adding platforms (stable-fixes). - ASoC: tegra: Fix DSPK 16-bit playback (git-fixes). - ASoC: ti: davinci-mcasp: Fix race condition during probe (git-fixes). - Bluetooth: Add new quirk for broken read key length on ATS2851 (git-fixes). - Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes). - Bluetooth: Fix memory leak in hci_req_sync_complete() (git-fixes). - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() (stable-fixes). - Bluetooth: L2CAP: Fix not validating setsockopt user input (git-fixes). - Bluetooth: RFCOMM: Fix not validating setsockopt user input (git-fixes). - Bluetooth: SCO: Fix not validating setsockopt user input (git-fixes). - Bluetooth: add quirk for broken address properties (git-fixes). - Bluetooth: btintel: Fix null ptr deref in btintel_read_version (stable-fixes). - Bluetooth: btintel: Fixe build regression (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 (stable-fixes). - Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE (git-fixes). - Bluetooth: hci_event: set the conn encrypted before conn establishes (stable-fixes). - Bluetooth: hci_sock: Fix not validating setsockopt user input (git-fixes). - Bluetooth: qca: fix NULL-deref on non-serdev suspend (git-fixes). - Documentation: Add missing documentation for EXPORT_OP flags (stable-fixes). - HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (git-fixes). - HID: logitech-dj: allow mice to use all types of reports (git-fixes). - HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running (stable-fixes). - Input: synaptics-rmi4 - fail probing if memory allocation for 'phys' fails (stable-fixes). - NFC: trf7970a: disable all regulators on removal (git-fixes). - NFS: avoid spurious warning of lost lock that is being unlocked (bsc#1221791). - PCI/AER: Block runtime suspend when handling errors (git-fixes). - PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports (git-fixes). - PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports (git-fixes). - PCI/DPC: Quirk PIO log size for certain Intel Root Ports (git-fixes). - PCI/PM: Drain runtime-idle callbacks before driver removal (git-fixes). - PCI: Drop pci_device_remove() test of pci_dev->driver (git-fixes). - PCI: rpaphp: Error out on busy status from get-sensor-state (bsc#1223369 ltc#205888). - RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). - RDMA/cm: Print the old state when cm_destroy_id gets timeout (git-fixes). - RDMA/cm: add timeout to cm_destroy_id wait (git-fixes) - Reapply 'drm/qxl: simplify qxl_fence_wait' (stable-fixes). - Revert 'ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default' (stable-fixes). - Revert 'drm/qxl: simplify qxl_fence_wait' (git-fixes). - Revert 'ice: Fix ice VF reset during iavf initialization (jsc#PED-376).' (bsc#1223275) - Revert 'usb: cdc-wdm: close race between read and workqueue' (git-fixes). - Revert 'usb: phy: generic: Get the vbus supply' (git-fixes). - USB: UAS: return ENODEV when submit urbs fail with device not attached (stable-fixes). - USB: serial: add device ID for VeriFone adapter (stable-fixes). - USB: serial: cp210x: add ID for MGP Instruments PDS100 (stable-fixes). - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M (stable-fixes). - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB (stable-fixes). - USB: serial: option: add Fibocom FM135-GL variants (stable-fixes). - USB: serial: option: add Lonsung U8300/U9300 product (stable-fixes). - USB: serial: option: add MeiG Smart SLM320 product (stable-fixes). - USB: serial: option: add Rolling RW101-GL and RW135-GL support (stable-fixes). - USB: serial: option: add Telit FN920C04 rmnet compositions (stable-fixes). - USB: serial: option: add support for Fibocom FM650/FG650 (stable-fixes). - USB: serial: option: support Quectel EM060K sub-models (stable-fixes). - ahci: asm1064: asm1166: do not limit reported ports (git-fixes). - ahci: asm1064: correct count of reported ports (stable-fixes). - arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes) - arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes) - arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes) - arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes) - arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git-fixes) - arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes) - arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes) - arm64: hibernate: Fix level3 translation fault in swsusp_save() (git-fixes). - ax25: fix use-after-free bugs caused by ax25_ds_del_timer (git-fixes). - batman-adv: Avoid infinite loop trying to resize local TT (git-fixes). - bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes). - bcache: Remove dead references to cache_readaheads (git-fixes). - bcache: Remove unnecessary NULL point check in node allocations (git-fixes). - bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes). - bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes). - bcache: avoid oversize memory allocation by small stripe_size (git-fixes). - bcache: bset: Fix comment typos (git-fixes). - bcache: check return value from btree_node_alloc_replacement() (git-fixes). - bcache: fix NULL pointer reference in cached_dev_detach_finish (git-fixes). - bcache: fix error info in register_bcache() (git-fixes). - bcache: fixup bcache_dev_sectors_dirty_add() multithreaded CPU false sharing (git-fixes). - bcache: fixup btree_cache_wait list damage (git-fixes). - bcache: fixup init dirty data errors (git-fixes). - bcache: fixup lock c->root error (git-fixes). - bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes). - bcache: move calc_cached_dev_sectors to proper place on backing device detach (git-fixes). - bcache: move uapi header bcache.h to bcache code directory (git-fixes). - bcache: prevent potential division by zero error (git-fixes). - bcache: remove EXPERIMENTAL for Kconfig option 'Asynchronous device registration' (git-fixes). - bcache: remove redundant assignment to variable cur_idx (git-fixes). - bcache: remove the backing_dev_name field from struct cached_dev (git-fixes). - bcache: remove the cache_dev_name field from struct cache (git-fixes). - bcache: remove unnecessary flush_workqueue (git-fixes). - bcache: remove unused bch_mark_cache_readahead function def in stats.h (git-fixes). - bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes). - bcache: replace snprintf in show functions with sysfs_emit (git-fixes). - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes). - bcache: use bvec_kmap_local in bch_data_verify (git-fixes). - bcache: use bvec_kmap_local in bio_csum (git-fixes). - bcache: use default_groups in kobj_type (git-fixes). - bcache:: fix repeated words in comments (git-fixes). - ceph: stop copying to iter at EOF on sync reads (bsc#1223068). - ceph: switch to corrected encoding of max_xattr_size in mdsmap (bsc#1223067). - clk: Get runtime PM before walking tree during disable_unused (git-fixes). - clk: Initialize struct clk_core kref earlier (stable-fixes). - clk: Mark 'all_lists' as const (stable-fixes). - clk: Print an info line before disabling unused clocks (stable-fixes). - clk: Remove prepare_lock hold assertion in __clk_release() (git-fixes). - clk: remove extra empty line (stable-fixes). - comedi: vmk80xx: fix incomplete endpoint checking (git-fixes). - dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes). - dm cache: add cond_resched() to various workqueue loops (git-fixes). - dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes). - dm crypt: add cond_resched() to dmcrypt_write() (git-fixes). - dm crypt: avoid accessing uninitialized tasklet (git-fixes). - dm flakey: do not corrupt the zero page (git-fixes). - dm flakey: fix a bug with 32-bit highmem systems (git-fixes). - dm flakey: fix a crash with invalid table line (git-fixes). - dm flakey: fix logic when corrupting a bio (git-fixes). - dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes). - dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes). - dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes). - dm raid: fix false positive for requeue needed during reshape (git-fixes). - dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes). - dm stats: check for and propagate alloc_percpu failure (git-fixes). - dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes). - dm thin metadata: check fail_io before using data_sm (git-fixes). - dm thin: add cond_resched() to various workqueue loops (git-fixes). - dm thin: fix deadlock when swapping to thin device (bsc#1177529). - dm verity: do not perform FEC for failed readahead IO (git-fixes). - dm verity: fix error handling for check_at_most_once on FEC (git-fixes). - dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes). - dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes). - dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes). - dm-raid: fix lockdep waring in 'pers->hot_add_disk' (git-fixes). - dm-verity, dm-crypt: align 'struct bvec_iter' correctly (git-fixes). - dm-verity: align struct dm_verity_fec_io properly (git-fixes). - dm: add cond_resched() to dm_wq_work() (git-fixes). - dm: call the resume method on internal suspend (git-fixes). - dm: do not lock fs when the map is NULL during suspend or resume (git-fixes). - dm: do not lock fs when the map is NULL in process of resume (git-fixes). - dm: remove flush_scheduled_work() during local_exit() (git-fixes). - dm: send just one event on resize, not two (git-fixes). - dma: xilinx_dpdma: Fix locking (git-fixes). - dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (git-fixes). - dmaengine: owl: fix register access functions (git-fixes). - dmaengine: tegra186: Fix residual calculation (git-fixes). - docs: Document the FAN_FS_ERROR event (stable-fixes). - drm-print: add drm_dbg_driver to improve namespace symmetry (stable-fixes). - drm/amd/display: Do not recursively call manual trigger programming (stable-fixes). - drm/amd/display: Fix nanosec stat overflow (stable-fixes). - drm/amd/display: fix disable otg wa logic in DCN316 (stable-fixes). - drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 (stable-fixes). - drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 (stable-fixes). - drm/amdgpu: Fix leak when GPU memory allocation fails (stable-fixes). - drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes). - drm/amdgpu: always force full reset for SOC21 (stable-fixes). - drm/amdgpu: fix incorrect active rb bitmap for gfx11 (stable-fixes). - drm/amdgpu: fix incorrect number of active RBs for gfx11 (stable-fixes). - drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 (git-fixes). - drm/amdgpu: validate the parameters of bo mapping operations more clearly (git-fixes). - drm/amdkfd: Reset GPU on queue preemption failure (stable-fixes). - drm/ast: Fix soft lockup (git-fixes). - drm/client: Fully protect modes[] with dev->mode_config.mutex (stable-fixes). - drm/i915/cdclk: Fix CDCLK programming order when pipes are active (git-fixes). - drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes). - drm/i915: Disable port sync when bigjoiner is used (stable-fixes). - drm/msm/dp: fix typo in dp_display_handle_port_status_changed() (git-fixes). - drm/nouveau/nvkm: add a replacement for nvkm_notify (bsc#1223834) - drm/panel: ili9341: Respect deferred probe (git-fixes). - drm/panel: ili9341: Use predefined error codes (git-fixes). - drm/panel: visionox-rm69299: do not unregister DSI device (git-fixes). - drm/vc4: do not check if plane->state->fb == state->fb (stable-fixes). - drm/vmwgfx: Enable DMA mappings with SEV (git-fixes). - drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes). - drm/vmwgfx: Fix invalid reads in fence signaled events (git-fixes). - drm/vmwgfx: Sort primary plane formats by order of preference (git-fixes). - drm: nv04: Fix out of bounds access (git-fixes). - drm: panel-orientation-quirks: Add quirk for GPD Win Mini (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go (stable-fixes). - dump_stack: Do not get cpu_sync for panic CPU (bsc#1223574). - fbdev: fix incorrect address computation in deferred IO (git-fixes). - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 (stable-fixes). - fbmon: prevent division by zero in fb_videomode_from_videomode() (stable-fixes). - fix build warning - fuse: do not unhash root (bsc#1223951). - fuse: fix root lookup with nonzero generation (bsc#1223950). - hwmon: (amc6821) add of_match table (stable-fixes). - i2c: pxa: hide unused icr_bits[] variable (git-fixes). - i2c: smbus: fix NULL function pointer dereference (git-fixes). - i40e: Fix VF MAC filter removal (git-fixes). - idma64: Do not try to serve interrupts when device is powered off (git-fixes). - iio: accel: mxc4005: Interrupt handling fixes (git-fixes). - iio:imu: adis16475: Fix sync mode setting (git-fixes). - init/main.c: Fix potential static_command_line memory overflow (git-fixes). - iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter (git-fixes). - iommu/amd: Fix 'Guest Virtual APIC Table Root Pointer' configuration in IRTE (git-fixes). - iommu/amd: Fix domain flush size when syncing iotlb (git-fixes). - iommu/amd: Fix error handling for pdev_pri_ats_enable() (git-fixes). - iommu/arm-smmu-qcom: Limit the SMR groups to 128 (git-fixes). - iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any (git-fixes). - iommu/fsl: fix all kernel-doc warnings in fsl_pamu.c (git-fixes). - iommu/iova: Fix alloc iova overflows issue (git-fixes). - iommu/mediatek: Flush IOTLB completely only if domain has been attached (git-fixes). - iommu/rockchip: Fix unwind goto issue (git-fixes). - iommu/sprd: Release dma buffer to avoid memory leak (git-fixes). - iommu/vt-d: Allocate local memory for page request queue (git-fixes). - iommu/vt-d: Allow zero SAGAW if second-stage not supported (git-fixes). - iommu/vt-d: Fix error handling in sva enable/disable paths (git-fixes). - iommu: Fix error unwind in iommu_group_alloc() (git-fixes). - ipv6/addrconf: fix a potential refcount underflow for idev (git-fixes). - kABI: Adjust trace_iterator.wait_index (git-fixes). - kprobes: Fix double free of kretprobe_holder (bsc#1220901). - kprobes: Fix possible use-after-free issue on kprobe registration (git-fixes). - libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (git-fixes). - libnvdimm/region: Allow setting align attribute on regions without mappings (git-fixes). - livepatch: Fix missing newline character in klp_resolve_symbols() (bsc#1223539). - md/raid1: fix choose next idle in read_balance() (git-fixes). - md: Do not clear MD_CLOSING when the raid is about to stop (git-fixes). - md: do not clear MD_RECOVERY_FROZEN for new dm-raid until resume (git-fixes). - media: cec: core: remove length check of Timer Status (stable-fixes). - media: sta2x11: fix irq handler cast (stable-fixes). - mei: me: add arrow lake point H DID (stable-fixes). - mei: me: add arrow lake point S DID (stable-fixes). - mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes). - mm/vmscan: make sure wakeup_kswapd with managed zone (bsc#1223473). - mmc: sdhci-msm: pervent access to suspended controller (git-fixes). - mtd: diskonchip: work around ubsan link failure (stable-fixes). - nd_btt: Make BTT lanes preemptible (git-fixes). - net: bridge: vlan: fix memory leak in __allowed_ingress (git-fixes). - net: fix a memleak when uncloning an skb dst and its metadata (git-fixes). - net: fix skb leak in __skb_tstamp_tx() (git-fixes). - net: ipv6: ensure we call ipv6_mc_down() at most once (git-fixes). - net: mld: fix reference count leak in mld_{query | report}_work() (git-fixes). - net: stream: purge sk_error_queue in sk_stream_kill_queues() (git-fixes). - net: usb: ax88179_178a: avoid the interface always configured as random address (git-fixes). - net: usb: ax88179_178a: avoid writing the mac address before first reading (git-fixes). - net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes). - net: vlan: fix underflow for the real_dev refcnt (git-fixes). - netfilter: br_netfilter: Drop dst references before setting (git-fixes). - netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() (git-fixes). - netfilter: nft_ct: fix l3num expectations with inet pseudo family (git-fixes). - nfsd: use __fput_sync() to avoid delayed closing of files (bsc#1223380 bsc#1217408). - nilfs2: fix OOB in nilfs_set_de_type (git-fixes). - nilfs2: fix OOB in nilfs_set_de_type (git-fixes). - nouveau: fix function cast warning (git-fixes). - nouveau: fix instmem race condition around ptr stores (git-fixes). - nvdimm/namespace: drop nested variable in create_namespace_pmem() (git-fixes). - nvdimm: Allow overwrite in the presence of disabled dimms (git-fixes). - nvdimm: Fix badblocks clear off-by-one error (git-fixes). - nvdimm: Fix dereference after free in register_nvdimm_pmu() (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu() (git-fixes). - pci_iounmap(): Fix MMIO mapping leak (git-fixes). - phy: tegra: xusb: Add API to retrieve the port number of phy (stable-fixes). - pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs (stable-fixes). - platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet (stable-fixes). - powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191). - powerpc/pseries/iommu: LPAR panics when rebooted with a frozen PE (bsc#1222011 ltc#205900). - powerpc/rtas: define pr_fmt and convert printk call sites (bsc#1223369 ltc#205888). - powerpc/rtas: export rtas_error_rc() for reuse (bsc#1223369 ltc#205888). - powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191). - powerpc: Refactor verification of MSR_RI (bsc#1223191). - printk: Add this_cpu_in_panic() (bsc#1223574). - printk: Adjust mapping for 32bit seq macros (bsc#1223574). - printk: Avoid non-panic CPUs writing to ringbuffer (bsc#1223574). - printk: Disable passing console lock owner completely during panic() (bsc#1223574). - printk: Drop console_sem during panic (bsc#1223574). - printk: Rename abandon_console_lock_in_panic() to other_cpu_in_panic() (bsc#1223574). - printk: Use prb_first_seq() as base for 32bit seq macros (bsc#1223574). - printk: Wait for all reserved records with pr_flush() (bsc#1223574). - printk: nbcon: Relocate 32bit seq macros (bsc#1223574). - printk: ringbuffer: Clarify special lpos values (bsc#1223574). - printk: ringbuffer: Cleanup reader terminology (bsc#1223574). - printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() (bsc#1223574). - printk: ringbuffer: Improve prb_next_seq() performance (bsc#1223574). - printk: ringbuffer: Skip non-finalized records in panic (bsc#1223574). - pstore/zone: Add a null pointer check to the psz_kmsg_read (stable-fixes). - ring-buffer: Do not set shortest_full when full target is hit (git-fixes). - ring-buffer: Fix full_waiters_pending in poll (git-fixes). - ring-buffer: Fix resetting of shortest_full (git-fixes). - ring-buffer: Fix waking up ring buffer readers (git-fixes). - ring-buffer: Make wake once of ring_buffer_wait() more robust (git-fixes). - ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() (git-fixes). - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment (git-fixes). - s390/cio: Ensure the copied buf is NUL terminated (git-fixes bsc#1223875). - s390/decompressor: fix misaligned symbol build error (git-fixes bsc#1223785). - s390/mm: Fix clearing storage keys for huge pages (git-fixes bsc#1223877). - s390/mm: Fix storage key clearing for guest huge pages (git-fixes bsc#1223878). - s390/qeth: Fix kernel panic after setting hsuid (git-fixes bsc#1223879). - s390/scm: fix virtual vs physical address confusion (git-fixes bsc#1223784). - s390/vdso: Add CFI for RA register to asm macro vdso_func (git-fixes bsc#1223876). - s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223598). - s390/zcrypt: fix reference counting on zcrypt card objects (git-fixes bsc#1223595). - serial/pmac_zilog: Remove flawed mitigation for rx irq flood (git-fixes). - serial: core: Provide port lock wrappers (stable-fixes). - serial: core: fix kernel-doc for uart_port_unlock_irqrestore() (git-fixes). - serial: mxs-auart: add spinlock around changing cts state (git-fixes). - slimbus: qcom-ngd-ctrl: Add timeout for wait operation (git-fixes). - speakup: Avoid crash on very long word (git-fixes). - speakup: Fix 8bit characters from direct synth (git-fixes). - tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp (git-fixes). - thunderbolt: Avoid notify PM core about runtime PM resume (stable-fixes). - thunderbolt: Fix wake configurations after device unplug (stable-fixes). - tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string (git-fixes). - tracing/ring-buffer: Fix wait_on_pipe() race (git-fixes). - tracing: Have saved_cmdlines arrays all in one allocation (git-fixes). - tracing: Remove precision vsnprintf() check from print event (git-fixes). - tracing: Show size of requested perf buffer (git-fixes). - tracing: Use .flush() call to wake up readers (git-fixes). - usb: Disable USB3 LPM at shutdown (stable-fixes). - usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device (git-fixes). - usb: dwc2: host: Fix dereference issue in DDMA completion flow (git-fixes). - usb: gadget: composite: fix OS descriptors w_value logic (git-fixes). - usb: gadget: f_fs: Fix a race condition when processing setup packets (git-fixes). - usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error (stable-fixes). - usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic (git-fixes). - usb: ohci: Prevent missed ohci interrupts (git-fixes). - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined (stable-fixes). - usb: typec: tcpci: add generic tcpci fallback compatible (stable-fixes). - usb: typec: tcpm: Check for port partner validity before consuming it (git-fixes). - usb: typec: tcpm: unregister existing source caps before re-registration (bsc#1220569). - usb: typec: ucsi: Ack unsupported commands (stable-fixes). - usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset (stable-fixes). - usb: typec: ucsi: Fix connector check on init (git-fixes). - usb: udc: remove warning when queue disabled ep (stable-fixes). - vdpa/mlx5: Allow CVQ size changes (git-fixes). - virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal (bsc#1223949). - wifi: ath9k: fix LNA selection in ath_ant_try_scan() (stable-fixes). - wifi: iwlwifi: mvm: remove old PASN station when adding a new one (git-fixes). - wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd (git-fixes). - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (stable-fixes). - wifi: nl80211: do not free NULL coalescing rule (git-fixes). - x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git-fixes). - x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type (jsc#PED-7167 git-fixes). - x86/sev: Skip ROM range scans and validation for SEV-SNP guests (jsc#PED-7167 git-fixes). - x86/xen: Add some null pointer checking to smp.c (git-fixes). - x86/xen: add CPU dependencies for 32-bit build (git-fixes). - x86/xen: fix percpu vcpu_info allocation (git-fixes). - xen-netback: properly sync TX responses (git-fixes). - xen-netfront: Add missing skb_mark_for_recycle (git-fixes). - xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import (git-fixes). - xen/xenbus: document will_handle argument for xenbus_watch_path() (git-fixes). - xfrm6: fix inet6_dev refcount underflow problem (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1778-1 Released: Fri May 24 17:40:50 2024 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable sysctl-logger (jsc#PED-5024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1787-1 Released: Mon May 27 15:22:56 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1223858,1224169,1224340 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. This update fixes a regression with kerberized nfs4 shares in the previous update (bsc#1223858). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1796-1 Released: Tue May 28 14:52:51 2024 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1191410,1222228 This update for kdump fixes the following issues: - Return success from pre, post, preun and postun scriplets (bsc#1222228, bsc#1191410) - Differentiate between uninstall and upgrade in postun/prerun (bsc#1191410) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1799-1 Released: Tue May 28 15:45:23 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1220679,1223107 This update for suseconnect-ng fixes the following issue: - Version update * Fix certificate import for Yast when using a registration proxy with self-signed SSL certificate (bsc#1223107) * Allow '--rollback' flag to run on readonly filesystem (bsc#1220679) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1810-1 Released: Wed May 29 08:58:01 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1218609,1220117,1223605 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) - lscpu: Add more ARM cores (bsc#1223605) - Document that chcpu -g is not supported on IBM z/VM (bsc#1218609) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1828-1 Released: Wed May 29 10:44:54 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1205604,1218926,1219108,1224100 This update for wicked fixes the following issues: - client: fix ifreload to pull UP ports/links again when the config of their master/lower changed (bsc#1224100) - Update to version 0.6.75: - cleanup: fix ni_fsm_state_t enum-int-mismatch warnings - cleanup: fix overflow warnings in a socket testcase on i586 - ifcheck: report new and deleted configs as changed (bsc#1218926) - man: improve ARP configuration options in the wicked-config.5 - bond: add ports when master is UP to avoid port MTU revert (bsc#1219108) - cleanup: fix interface dependencies and shutdown order (bsc#1205604) - Remove port arrays from bond,team,bridge,ovs-bridge (redundant) and consistently use config and state info attached to the port interface as in rtnetlink(7). - Cleanup ifcfg parsing, schema configuration and service properties - Migrate ports in xml config and policies already applied in nanny - Remove 'missed config' generation from finite state machine, which is completed while parsing the config or while xml config migration. - Issue a warning when 'lower' interface (e.g. eth0) config is missed while parsing config depending on it (e.g. eth0.42 vlan). - Resolve ovs master to the effective bridge in config and wickedd - Implement netif-check-state require checks using system relations from wickedd/kernel instead of config relations for ifdown and add linkDown and deleteDevice checks to all master and lower references. - Add a `wicked --dry-run ???` option to show the system/config interface hierarchies as notice with +/- marked interfaces to setup and/or shutdown. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1830-1 Released: Wed May 29 14:08:50 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044). The following package changes have been done: - catatonit-0.2.0-150500.3.3.1 updated - coreutils-8.32-150400.9.6.1 updated - e2fsprogs-1.46.4-150400.3.6.2 updated - kdump-1.0.2+git47.g28549ab-150500.3.6.1 updated - kernel-default-5.14.21-150500.55.65.1 updated - less-590-150400.3.9.1 updated - libblkid1-2.37.4-150500.9.11.1 updated - libcom_err2-1.46.4-150400.3.6.2 updated - libext2fs2-1.46.4-150400.3.6.2 updated - libfdisk1-2.37.4-150500.9.11.1 updated - libglib-2_0-0-2.70.5-150400.3.11.1 updated - libmount1-2.37.4-150500.9.11.1 updated - libopenssl1_1-1.1.1l-150500.17.28.2 updated - libprotobuf-lite25_1_0-25.1-150400.9.6.1 updated - libsmartcols1-2.37.4-150500.9.11.1 updated - libtss2-esys0-3.1.0-150400.3.6.1 updated - libtss2-fapi1-3.1.0-150400.3.6.1 updated - libtss2-mu0-3.1.0-150400.3.6.1 updated - libtss2-rc0-3.1.0-150400.3.6.1 updated - libtss2-sys1-3.1.0-150400.3.6.1 updated - libtss2-tctildr0-3.1.0-150400.3.6.1 updated - libuuid1-2.37.4-150500.9.11.1 updated - openssl-1_1-1.1.1l-150500.17.28.2 updated - perl-base-5.26.1-150300.17.17.1 updated - perl-5.26.1-150300.17.17.1 updated - rpm-ndb-4.14.3-150400.59.16.1 updated - suseconnect-ng-1.9.0-150500.3.21.2 updated - systemd-presets-branding-SLE-15.1-150100.20.14.1 updated - tpm2.0-tools-5.2-150400.6.3.1 updated - util-linux-systemd-2.37.4-150500.9.11.1 updated - util-linux-2.37.4-150500.9.11.1 updated - wicked-service-0.6.75-150500.3.26.1 updated - wicked-0.6.75-150500.3.26.1 updated