SUSE-IU-2021:772-1: Security update of sles-15-sp3-chost-byos-v20211202

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Sat Dec 4 07:27:06 UTC 2021


SUSE Image Update Advisory: sles-15-sp3-chost-byos-v20211202
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2021:772-1
Image Tags        : sles-15-sp3-chost-byos-v20211202:20211202
Image Release     : 
Severity          : important
Type              : security
References        : 1014440 1065729 1065729 1085030 1085030 1089118 1094840 1133021
                        1152472 1152472 1152489 1152489 1154353 1156395 1156395 1157177
                        1167773 1172073 1172073 1173604 1173604 1176447 1176447 1176774
                        1176774 1176914 1176914 1176940 1178134 1178134 1180100 1180100
                        1180749 1181147 1181147 1184673 1184673 1185762 1185762 1186063
                        1186063 1186071 1186109 1186109 1187153 1187167 1187167 1187190
                        1187190 1187273 1187958 1188160 1188161 1188563 1188563 1188601
                        1188623 1188713 1188727 1188869 1189017 1189841 1189841 1189983
                        1189984 1190006 1190006 1190067 1190067 1190326 1190349 1190349
                        1190351 1190351 1190356 1190375 1190440 1190479 1190479 1190620
                        1190620 1190642 1190642 1190795 1190795 1190801 1190801 1190941
                        1190941 1190984 1191054 1191229 1191229 1191240 1191240 1191241
                        1191241 1191286 1191315 1191315 1191317 1191317 1191324 1191349
                        1191349 1191370 1191384 1191384 1191449 1191449 1191450 1191450
                        1191451 1191451 1191452 1191452 1191455 1191455 1191456 1191456
                        1191500 1191566 1191609 1191628 1191628 1191645 1191645 1191663
                        1191663 1191675 1191731 1191731 1191736 1191800 1191800 1191804
                        1191851 1191867 1191867 1191934 1191934 1191958 1191958 1191980
                        1192013 1192040 1192040 1192041 1192041 1192074 1192074 1192104
                        1192107 1192107 1192145 1192145 1192160 1192161 1192214 1192215
                        1192229 1192246 1192247 1192267 1192283 1192284 1192288 1192337
                        1192436 1192505 1192549 1192568 1192601 14571 CVE-2016-2124 CVE-2020-25717
                        CVE-2020-25717 CVE-2020-25718 CVE-2020-25719 CVE-2020-25721 CVE-2020-25722
                        CVE-2021-23192 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2021-33033
                        CVE-2021-33033 CVE-2021-34866 CVE-2021-34866 CVE-2021-3542 CVE-2021-3542
                        CVE-2021-3655 CVE-2021-3655 CVE-2021-3715 CVE-2021-3715 CVE-2021-37159
                        CVE-2021-3738 CVE-2021-3760 CVE-2021-3760 CVE-2021-3772 CVE-2021-3772
                        CVE-2021-3896 CVE-2021-3896 CVE-2021-41864 CVE-2021-41864 CVE-2021-42008
                        CVE-2021-42008 CVE-2021-42252 CVE-2021-42252 CVE-2021-42739 CVE-2021-42739
                        CVE-2021-43056 CVE-2021-43056 CVE-2021-43389 
-----------------------------------------------------------------

The container sles-15-sp3-chost-byos-v20211202 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3638-1
Released:    Tue Nov  9 15:15:38 2021
Summary:     Recommended update for samba
Type:        recommended
Severity:    important
References:  1188727,1189017,14571
This update for samba fixes the following issues:

Features added:

- Add Certificate Auto Enrollment Policy. (jsc#SLE-18456)

Bugs fixed:

- Fix wrong kvno exported to keytab after net ads changetrustpw due to replication delay. (bsc#1188727)
- Fix 'net rpc' authentication when using the machine account. (bsc#1189017)

Samba was updated to 4.13.10

* s3: smbd: Ensure POSIX default ACL is mapped into returned
  Windows ACL for directory handles; (bso#14708);
* Take a copy to make sure we don't reference free'd memory; (bso#14721);
* s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722);
* s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in
  change_file_owner_to_parent() error path; (bso#14736);
* samba-tool: Give better error information when the
  'domain backup restore' fails with a duplicate SID; (bso#14575);
* smbd: Correctly initialize close timestamp fields; (bso#14714);
* Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740);
* ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475);
* gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750);
* smbXsrv_{open,session,tcon}: Protect
  smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records; (bso#14752);
* samba-tool domain backup offline doesn't work against bind DLZ
  backend; (bso#14027);
* netcmd: Use next_free_rid() function to calculate a SID for
  restoring a backup; (bso#14669);

Samba was updated to 4.13.9:

* s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success; (bso#14696);
* Add documentation for dsdb_group_audit and dsdb_group_json_audit
  to 'log level', synchronise 'log level' in smb.conf with the code; (bso#14689);
* Fix smbd panic when two clients open same file; (bso#14672);
* Fix memory leak in the RPC server; (bso#14675);
* s3: smbd: Fix deferred renames; (bso#14679);
* s3-iremotewinspool: Set the per-request memory context; (bso#14675);
* rpc_server3: Fix a memleak for internal pipes; (bso#14675);
* third_party: Update socket_wrapper to version 1.3.2; (bso#11899);
* third_party: Update socket_wrapper to version 1.3.3; (bso#14639);
* idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid
  conflict; (bso#14663);
* Fix the build on OmniOS; (bso#14288);

Update to 4.13.7

* Release with dependency on ldb version 2.2.1.
- Fix wrong kvno exported to keytab after net ads changetrustpw due to replication delay (bsc#1188727)


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3647-1
Released:    Wed Nov 10 17:34:14 2021
Summary:     Security update for samba and ldb
Type:        security
Severity:    important
References:  1014440,1192214,1192215,1192246,1192247,1192283,1192284,1192505,CVE-2016-2124,CVE-2020-25717,CVE-2020-25718,CVE-2020-25719,CVE-2020-25721,CVE-2020-25722,CVE-2021-23192,CVE-2021-3738
This update for samba and ldb fixes the following issues:

- CVE-2020-25718: Fixed that an RODC can issue (forge) administrator tickets to other servers (bsc#1192246).
- CVE-2021-3738: Fixed crash in dsdb stack (bsc#1192215).
- CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440).
- CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284).
- CVE-2020-25719: Fixed AD DC Username based races when no PAC is given (bsc#1192247).
- CVE-2020-25722: Fixed AD DC UPN vs samAccountName not checked (top-level bug for AD DC validation issues) (bsc#1192283).
- CVE-2021-23192: Fixed dcerpc requests to don't check all fragments against the first auth_state (bsc#1192214).
- CVE-2020-25721: Fixed fill in the new HAS_SAM_NAME_AND_SID values (bsc#1192505).

Samba was updated to 4.13.13

* rodc_rwdc test flaps;(bso#14868).
* Backport bronze bit fixes, tests, and selftest improvements;
  (bso#14881).
* Provide a fix for MS CVE-2020-17049 in Samba [SECURITY]
  'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba
  with embedded Heimdal;(bso#14642).
* Python ldb.msg_diff() memory handling failure;(bso#14836).
* 'in' operator on ldb.Message is case sensitive;(bso#14845).
* Fix Samba support for UF_NO_AUTH_DATA_REQUIRED;(bso#14871).
* Allow special chars like '@' in samAccountName when generating
  the salt;(bso#14874).
* Fix transit path validation;(bso#12998).
* Prepare to operate with MIT krb5 >= 1.20;(bso#14870).
* rpcclient NetFileEnum and net rpc file both cause lock order
  violation: brlock.tdb, share_entries.tdb;(bso#14645).
* Python ldb.msg_diff() memory handling failure;(bso#14836).
* Release LDB 2.3.1 for Samba 4.14.9;(bso#14848).

Samba was updated to 4.13.12:

* Address a signifcant performance regression in database access
  in the AD DC since Samba 4.12;(bso#14806).
* Fix performance regression in lsa_LookupSids3/LookupNames4
  since Samba 4.9 by using an explicit database handle cache;
  (bso#14807).
* An unuthenticated user can crash the AD DC KDC by omitting the
  server name in a TGS-REQ;(bso#14817).
* Address flapping samba_tool_drs_showrepl test;(bso#14818).
* Address flapping dsdb_schema_attributes test;(bso#14819).
* An unuthenticated user can crash the AD DC KDC by omitting the
  server name in a TGS-REQ;(bso#14817).
* Fix CTDB flag/status update race conditions(bso#14784).

Samba was updated to 4.13.11:

* smbd: panic on force-close share during offload write; (bso#14769).
* Fix returned attributes on fake quota file handle and avoid
  hitting the VFS;(bso#14731).
* smbd: 'deadtime' parameter doesn't work anymore;(bso#14783).
* net conf list crashes when run as normal user;(bso#14787).
* Work around special SMB2 READ response behavior of NetApp Ontap
  7.3.7;(bso#14607).
* Start the SMB encryption as soon as possible;(bso#14793).
* Winbind should not start if the socket path for the privileged
  pipe is too long;(bso#14792).

ldb was updated to 2.2.2:

+ CVE-2020-25718: samba: An RODC can issue (forge) administrator tickets to other servers; (bsc#1192246); (bso#14558)
+ CVE-2021-3738: samba: crash in dsdb stack; (bsc#1192215);(bso#14848)

Release ldb 2.2.2

+ Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message;(bso#14845).
+ Fix memory handling in ldb.msg_diff Corrected python docstrings;(bso#14836)
+ Backport bronze bit fixes, tests, and selftest improvements; (bso#14881).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3655-1
Released:    Thu Nov 11 11:59:22 2021
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1065729,1085030,1152472,1152489,1156395,1172073,1173604,1176447,1176774,1176914,1178134,1180100,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191867,1191934,1191958,1192040,1192041,1192074,1192107,1192145,CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.

NOTE: This update was retracted due to a NFS regression.

The following security bugs were fixed:

- CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
- CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563).
- CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107).
- CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958).
- CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067).
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).
- CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063).
- CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled (bsc#1186109).
- CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349).
- CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation Vulnerability (bsc#1191645).
- CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479).
- CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317).
- CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315).

The following non-security bugs were fixed:

- ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect (git-fixes).
- ACPI: bgrt: Fix CFI violation (git-fixes).
- ACPI: fix NULL pointer dereference (git-fixes).
- ACPI: fix NULL pointer dereference (git-fixes).
- ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254 (git-fixes).
- ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
- ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes).
- ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop (git-fixes).
- ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s Gen2 (git-fixes).
- ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes).
- ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes).
- ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes).
- ALSA: hda: intel: Allow repeatedly probing on codec configuration errors (bsc#1190801).
- ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl (git-fixes).
- ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes).
- ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
- ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes).
- ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
- ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER (git-fixes).
- ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes).
- ASoC: Intel: bytcr_rt5640: Move 'Platform Clock' routes to the maps for the matching in-/output (git-fixes).
- ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes).
- ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types (git-fixes).
- ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types (git-fixes).
- ASoC: SOF: loader: release_firmware() on load failure to avoid batching (git-fixes).
- ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes).
- ASoC: dapm: use component prefix when checking widget names (git-fixes).
- ASoC: fsl_spdif: register platform component before registering cpu dai (git-fixes).
- ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
- Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
- Configure mpi3mr as currently unsupported (jsc#SLE-18120)
- HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes).
- HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
- HID: u2fzero: ignore incomplete packets without data (git-fixes).
- HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
- HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes).
- ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
- ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
- IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241).
- IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241).
- Input: snvs_pwrkey - add clk handling (git-fixes).
- Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
- KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395).
- KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395).
- KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936 git-fixes).
- KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
- KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395).
- KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395).
- KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
- NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes).
- NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes).
- NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628).
- PCI: Fix pci_host_bridge struct device release/free handling (git-fixes).
- PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes).
- PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails (git-fixes).
- PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (git-fixes).
- PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes).
- PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes).
- RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147).
- RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure (bsc#1181147).
- USB: cdc-acm: clean up probe error labels (git-fixes).
- USB: cdc-acm: fix minor-number release (git-fixes).
- USB: serial: option: add Quectel EC200S-CN module support (git-fixes).
- USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
- USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
- USB: serial: qcserial: add EM9191 QDL support (git-fixes).
- USB: xhci: dbc: fix tty registration race (git-fixes).
- acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
- acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
- ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes).
- ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes).
- audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes).
- bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456).
- blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456).
- blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452).
- block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
- bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (jsc#SLE-16649).
- bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes).
- bpf: Fix OOB read when printing XDP link fdinfo (git-fixes).
- bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
- bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes).
- can: dev: can_restart: fix use after free bug (git-fixes).
- can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
- can: peak_usb: fix use after free bugs (git-fixes).
- can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes).
- can: rcar_can: fix suspend/resume (git-fixes).
- can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes).
- can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes).
- cb710: avoid NULL pointer subtraction (git-fixes).
- ceph: fix handling of 'meta' errors (bsc#1192041).
- ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040).
- cfg80211: correct bridge/4addr mode check (git-fixes).
- cfg80211: fix management registrations locking (git-fixes).
- cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes).
- cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614 bsc#1176914 ltc#186394 git-fixes).
- drm/amd/display: Pass PCI deviceid into DC (git-fixes).
- drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes).
- drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
- drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read (git-fixes).
- drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: 	* context changes in intel_timeline_fini()
- drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes).
- drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes).
- drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes).
- drm/msm: Fix null pointer dereference on pointer edp (git-fixes).
- drm/nouveau/debugfs: fix file release memory leak (git-fixes).
- drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes).
- drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (git-fixes).
- drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472)
- drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
- drm/panfrost: Make sure MMU context lifetime is not bound to (bsc#1152472)
- drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes).
- e1000e: Drop patch to avoid regressions until real fix is available (bsc#1191663).
- e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
- e100: fix buffer overrun in e100_get_regs (git-fixes).
- e100: fix length calculation in e100_get_regs_len (git-fixes).
- e100: handle eeprom as little endian (git-fixes).
- ext4: fix reserved space counter leakage (bsc#1191450).
- ext4: report correct st_size for encrypted symlinks (bsc#1191449).
- fs, mm: fix race in unlinking swapfile (bsc#1191455).
- fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449).
- gpio: pca953x: Improve bias setting (git-fixes).
- hso: fix bailout in error case of probe (git-fixes).
- i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes).
- ice: fix getting UDP tunnel entry (jsc#SLE-12878).
- iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes).
- iio: adc: aspeed: set driver data when adc probe (git-fixes).
- iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
- iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
- iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
- iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes).
- iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes).
- ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241).
- ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241).
- isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes).
- isdn: mISDN: Fix sleeping function called from invalid context (git-fixes).
- iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15 (git-fixes).
- ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).
- kABI workaround for HD-audio probe retry changes (bsc#1190801).
- kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes).
- kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456).
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716).
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167).
- kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ('rpm: Abolish scritplet templating (bsc#1189841).')
- kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). 
- lan78xx: select CRC32 (git-fixes).
- libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes).
- mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes).
- mac80211: check return value of rhashtable_init (git-fixes).
- mei: me: add Ice Lake-N device id (git-fixes).
- mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes).
- mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes).
- mmc: vub300: fix control-message timeouts (git-fixes).
- net/mlx5: E-Switch, Fix double allocation of acl flow counter (jsc#SLE-15172).
- net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172).
- net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and LRO combined (jsc#SLE-15172).
- net/sched: ets: fix crash when flipping from 'strict' to 'quantum' (bsc#1176774).
- net: batman-adv: fix error handling (git-fixes).
- net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes).
- net: cdc_eem: fix tx fixup skb leak (git-fixes).
- net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
- net: hns3: check queue id range before using (jsc#SLE-14777).
- net: hso: add failure handler for add_net_device (git-fixes).
- net: hso: fix NULL-deref on disconnect regression (git-fixes).
- net: hso: fix null-ptr-deref during tty device unregistration (git-fixes).
- net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
- net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
- net: lan78xx: fix division by zero in send path (git-fixes).
- net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800).
- net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes).
- netfilter: Drop fragmented ndisc packets assembled in netfilter (git-fixes).
- netfilter: conntrack: collect all entries in one cycle (bsc#1173604).
- netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value (bsc#1176447).
- nfc: fix error handling of nfc_proto_register() (git-fixes).
- nfc: port100: fix using -ERRNO as command type mask (git-fixes).
- nvme-fc: avoid race between time out and tear down (bsc#1185762).
- nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
- nvme-fc: update hardware queues before using them (bsc#1185762).
- nvme-pci: Fix abort command id (git-fixes).
- nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
- nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
- nvme-pci: refactor nvme_unmap_data (bsc#1191934).
- nvme-pci: refactor nvme_unmap_data (bsc#1191934).
- nvme: add command id quirk for apple controllers (git-fixes).
- ocfs2: fix data corruption after conversion from inline format (bsc#1190795).
- pata_legacy: fix a couple uninitialized variable bugs (git-fixes).
- phy: mdio: fix memory leak (git-fixes).
- platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes).
- platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes (git-fixes).
- platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes).
- platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes).
- powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847 git-fixes).
- powerpc/64s: Fix stf mitigation patching w/strict RWX & hash (jsc#SLE-13847 git-fixes).
- powerpc/64s: Remove irq mask workaround in accumulate_stolen_time() (jsc#SLE-9246 git-fixes).
- powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
- powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
- powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
- powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
- powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable code in tests (jsc#SLE-13847 git-fixes).
- powerpc/lib/code-patching: Make instr_is_branch_to_addr() static (jsc#SLE-13847 git-fixes).
- powerpc/lib: Fix emulate_step() std test (bsc#1065729).
- powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes).
- powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2 (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Set numa node before updating mask (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847 git-fixes).
- powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes).
- powerpc: Do not dereference code as 'struct ppc_inst' (uprobe, code-patching, feature-fixups) (jsc#SLE-13847 git-fixes).
- powerpc: Do not use 'struct ppc_inst' to reference instruction location (jsc#SLE-13847 git-fixes).
- powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes).
- ptp_pch: Load module automatically if ID matches (git-fixes).
- ptp_pch: Restore dependency on PCI (git-fixes).
- regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes).
- rpm: fix kmp install path
- rpm: use _rpmmacrodir (boo#1191384)
- scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867 ltc#194757).
- scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim (git-fixes).
- scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145).
- scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145).
- scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145).
- scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145).
- scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349).
- scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
- scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145).
- scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
- scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145).
- scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120).
- scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120).
- scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120).
- scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120).
- scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120).
- scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120).
- scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120).
- scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120).
- scsi: mpi3mr: Add support for device add/remove event handling (jsc#SLE-18120).
- scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120).
- scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120).
- scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120).
- scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120).
- scsi: mpi3mr: Add support for timestamp sync with firmware (jsc#SLE-18120).
- scsi: mpi3mr: Additional event handling (jsc#SLE-18120).
- scsi: mpi3mr: Allow certain commands during pci-remove hook (jsc#SLE-18120).
- scsi: mpi3mr: Base driver code (jsc#SLE-18120).
- scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120).
- scsi: mpi3mr: Create operational request and reply queue pair (jsc#SLE-18120).
- scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes).
- scsi: mpi3mr: Fix missing unlock on error (git-fixes).
- scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives (jsc#SLE-18120).
- scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120).
- scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120).
- scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120).
- scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120).
- scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18120).
- scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI (jsc#SLE-18120).
- scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O timeout (jsc#SLE-18120).
- scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
- scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
- scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
- scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
- scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
- scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941).
- scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941).
- scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941).
- scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941).
- scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
- scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
- scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
- scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
- scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
- scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
- scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
- scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
- scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941).
- scsi: qla2xxx: Fix port type info (bsc#1190941).
- scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
- scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
- scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
- scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941).
- scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
- scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
- scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941).
- scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
- scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941).
- scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
- scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941).
- scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
- scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
- scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
- scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
- scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
- scsi: target: Fix the pgr/alua_support_store functions (git-fixes).
- sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351).
- soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes).
- spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes).
- tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729).
- usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes).
- usb: hso: fix error handling code of hso_create_net_device (git-fixes).
- usb: hso: remove the bailout parameter (git-fixes).
- usb: musb: dsps: Fix the probe error path (git-fixes).
- video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes).
- virtio: write back F_VERSION_1 before validate (git-fixes).
- watchdog: orion: use 0 for unset heartbeat (git-fixes).
- x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
- x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489).
- x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0] (bsc#1178134).
- xen: fix setting of max_pfn in shared_info (git-fixes).
- xen: reset legacy rtc flag for PV domU (git-fixes).
- xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006). 
- xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006).
- xfs: fix I_DONTCACHE (bsc#1192074).
- xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642).
- xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006).
- xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
- xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes).
- xhci: Fix command ring pointer corruption while aborting a command (git-fixes).
- xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
- xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3662-1
Released:    Mon Nov 15 19:13:54 2021
Summary:     Security update for samba
Type:        security
Severity:    important
References:  1192601,CVE-2020-25717
This update for samba fixes the following issues:

- Fix regression introduced by CVE-2020-25717 patches, winbindd
  does not start when 'allow trusted domains' is off; (bso#14899);

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3663-1
Released:    Mon Nov 15 19:14:32 2021
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    moderate
References:  1191804
This update for suse-module-tools fixes the following issues:

- Update to version 15.3.14:
  * more fixes for updates under secure boot
  * cert-script: Deal with existing $cert.delete file (bsc#1191804).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3675-1
Released:    Tue Nov 16 17:47:44 2021
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1065729,1085030,1089118,1094840,1133021,1152472,1152489,1154353,1156395,1157177,1167773,1172073,1173604,1176447,1176774,1176914,1176940,1178134,1180100,1180749,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1188601,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191851,1191867,1191934,1191958,1191980,1192040,1192041,1192074,1192107,1192145,1192229,1192267,1192288,1192549,CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-37159,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056,CVE-2021-43389


The following security bugs were fixed:

- CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063).
- CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563).
- CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349).
- CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067).
- CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
- CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958).
- CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled (bsc#1186109).
- CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation Vulnerability (bsc#1191645).
- CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601).
- CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317).
- CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315).
- CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479).
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).
- CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107).
- CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).

The following non-security bugs were fixed:

- acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
- ACPI: bgrt: Fix CFI violation (git-fixes).
- ACPI: fix NULL pointer dereference (git-fixes).
- ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect (git-fixes).
- Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
- ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes).
- ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254 (git-fixes).
- ALSA: hda: intel: Allow repeatedly probing on codec configuration errors (bsc#1190801).
- ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
- ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes).
- ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).
- ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop (git-fixes).
- ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s Gen2 (git-fixes).
- ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14 (git-fixes).
- ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes).
- ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes).
- ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes).
- ALSA: hda: Use position buffer for SKL+ again (git-fixes).
- ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl (git-fixes).
- ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes).
- ALSA: ua101: fix division by zero at probe (git-fixes).
- ALSA: uapi: Fix a C++ style comment in asound.h (git-fixes).
- ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
- ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes).
- ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes).
- ASoC: cs42l42: Correct some register default values (git-fixes).
- ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (git-fixes).
- ASoC: cs42l42: Do not set defaults for volatile registers (git-fixes).
- ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
- ASoC: dapm: use component prefix when checking widget names (git-fixes).
- ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes).
- ASoC: fsl_spdif: register platform component before registering cpu dai (git-fixes).
- ASoC: Intel: bytcr_rt5640: Move 'Platform Clock' routes to the maps for the matching in-/output (git-fixes).
- ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER (git-fixes).
- ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes).
- ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes).
- ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes).
- ASoC: rockchip: Use generic dmaengine code (git-fixes).
- ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types (git-fixes).
- ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types (git-fixes).
- ASoC: SOF: loader: release_firmware() on load failure to avoid batching (git-fixes).
- ASoC: SOF: topology: do not power down primary core during topology removal (git-fixes).
- ASoC: topology: Fix stub for snd_soc_tplg_component_remove() (git-fixes).
- ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
- ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes).
- ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes).
- ata: sata_mv: Fix the error handling of mv_chip_id() (git-fixes).
- ath10k: fix control-message timeout (git-fixes).
- ath10k: fix division by zero in send path (git-fixes).
- ath10k: fix max antenna gain unit (git-fixes).
- ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes).
- ath10k: sdio: Add missing BH locking around napi_schdule() (git-fixes).
- ath6kl: fix control-message timeout (git-fixes).
- ath6kl: fix division by zero in send path (git-fixes).
- ath9k: Fix potential interrupt storm on queue reset (git-fixes).
- audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes).
- b43: fix a lower bounds test (git-fixes).
- b43legacy: fix a lower bounds test (git-fixes).
- bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456).
- blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456).
- blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452).
- block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
- Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes).
- Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes).
- bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes).
- bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (jsc#SLE-16649).
- bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes).
- bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
- bpf: Fix OOB read when printing XDP link fdinfo (git-fixes).
- bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes).
- can: dev: can_restart: fix use after free bug (git-fixes).
- can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
- can: peak_usb: fix use after free bugs (git-fixes).
- can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes).
- can: rcar_can: fix suspend/resume (git-fixes).
- can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes).
- can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes).
- cb710: avoid NULL pointer subtraction (git-fixes).
- ceph: fix handling of 'meta' errors (bsc#1192041).
- ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040).
- cfg80211: correct bridge/4addr mode check (git-fixes).
- cfg80211: fix management registrations locking (git-fixes).
- cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes).
- Configure mpi3mr as currently unsupported (jsc#SLE-18120)
- cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614 bsc#1176914 ltc#186394 git-fixes).
- driver core: add a min_align_mask field to struct device_dma_parameters (bsc#1191851).
- drm/amd/display: Pass PCI deviceid into DC (git-fixes).
- drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes).
- drm/amdgpu/display: add quirk handling for stutter mode (git-fixes).
- drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
- drm/amdgpu: fix warning for overflow check (git-fixes).
- drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits (git-fixes).
- drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read (git-fixes).
- drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: 	* context changes in intel_timeline_fini()
- drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes).
- drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes).
- drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes).
- drm/msm: Fix null pointer dereference on pointer edp (git-fixes).
- drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes).
- drm/msm: potential error pointer dereference in init() (git-fixes).
- drm/msm: uninitialized variable in msm_gem_import() (git-fixes).
- drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472)
- drm/nouveau/debugfs: fix file release memory leak (git-fixes).
- drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes).
- drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (git-fixes).
- drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
- drm/panfrost: Make sure MMU context lifetime is not bound to (bsc#1152472)
- drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes).
- drm/sun4i: Fix macros in sun8i_csc.h (git-fixes).
- drm/ttm: stop calling tt_swapin in vm_access (git-fixes).
- drm/v3d: fix wait for TMU write combiner flush (git-fixes).
- e1000e: Drop patch to avoid regressions until real fix is available (bsc#1191663).
- e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
- e100: fix buffer overrun in e100_get_regs (git-fixes).
- e100: fix length calculation in e100_get_regs_len (git-fixes).
- e100: handle eeprom as little endian (git-fixes).
- EDAC/amd64: Set proper family type for Family 19h Models 20h-2Fh (bsc#1192288).
- ext4: fix reserved space counter leakage (bsc#1191450).
- ext4: report correct st_size for encrypted symlinks (bsc#1191449).
- firmware/psci: fix application of sizeof to pointer (git-fixes).
- fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449).
- fs, mm: fix race in unlinking swapfile (bsc#1191455).
- ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267).
- genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489).
- gpio: pca953x: Improve bias setting (git-fixes).
- gve: Avoid freeing NULL pointer (git-fixes).
- gve: Correct available tx qpl check (git-fixes).
- gve: fix gve_get_stats() (git-fixes).
- gve: Properly handle errors in gve_assign_qpl (bsc#1176940).
- gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1176940).
- HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes).
- HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
- HID: u2fzero: ignore incomplete packets without data (git-fixes).
- HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
- HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes).
- hso: fix bailout in error case of probe (git-fixes).
- hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes).
- hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes).
- hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (git-fixes).
- hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes).
- i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes).
- i40e: Fix ATR queue selection (git-fixes).
- i40e: fix endless loop under rtnl (git-fixes).
- i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes).
- iavf: fix double unlock of crit_lock (git-fixes).
- ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes).
- ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177).
- ice: fix getting UDP tunnel entry (jsc#SLE-12878).
- ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
- iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes).
- iio: adc: aspeed: set driver data when adc probe (git-fixes).
- iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
- iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
- iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
- iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes).
- iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes).
- Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980).
- Input: snvs_pwrkey - add clk handling (git-fixes).
- Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
- ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773).
- ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241).
- IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241).
- isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes).
- isdn: mISDN: Fix sleeping function called from invalid context (git-fixes).
- iwlwifi: mvm: fix some kerneldoc issues (git-fixes).
- iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15 (git-fixes).
- ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).
- kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456).
- kABI: Fix kABI after 36950f2da1ea (bsc#1191851).
- kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes).
- kABI workaround for HD-audio probe retry changes (bsc#1190801).
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167).
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716).
- kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ('rpm: Abolish scritplet templating (bsc#1189841).')
- kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). 
- KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936 git-fixes).
- KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395).
- KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395).
- KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
- KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395).
- KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395).
- KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
- KVM: s390: extend kvm_s390_shadow_fault to return entry pointer (bsc#1133021).
- KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021).
- KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021).
- KVM: s390: VSIE: correctly handle MVPG when in VSIE (bsc#1133021).
- lan78xx: select CRC32 (git-fixes).
- libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes).
- libertas: Fix possible memory leak in probe and disconnect (git-fixes).
- libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes).
- mac80211: check return value of rhashtable_init (git-fixes).
- mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- media: cx23885: Fix snd_card_free call on null card pointer (git-fixes).
- media: cxd2880-spi: Fix a null pointer dereference on error handling path (git-fixes).
- media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (git-fixes).
- media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes).
- media: em28xx: add missing em28xx_close_extension (git-fixes).
- media: em28xx: Do not use ops->suspend if it is NULL (git-fixes).
- media: i2c: ths8200 needs V4L2_ASYNC (git-fixes).
- media: ite-cir: IR receiver stop working after receive overflow (git-fixes).
- media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes).
- media: mxl111sf: change mutex_init() location (git-fixes).
- media: radio-wl1273: Avoid card name truncation (git-fixes).
- media: si470x: Avoid card name truncation (git-fixes).
- media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (git-fixes).
- media: TDA1997x: handle short reads of hdmi info frame (git-fixes).
- media: tm6000: Avoid card name truncation (git-fixes).
- media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes).
- media: v4l2-ioctl: S_CTRL output the right value (git-fixes).
- mei: me: add Ice Lake-N device id (git-fixes).
- memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (git-fixes).
- memstick: avoid out-of-range warning (git-fixes).
- memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (git-fixes).
- mlx5: count all link events (git-fixes).
- mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes).
- mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes).
- mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes).
- mmc: mxs-mmc: disable regulator on error and in the remove function (git-fixes).
- mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (git-fixes).
- mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (git-fixes).
- mmc: vub300: fix control-message timeouts (git-fixes).
- mt76: mt7615: fix endianness warning in mt7615_mac_write_txwi (git-fixes).
- mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes).
- mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req() (git-fixes).
- mt76: mt7915: fix possible infinite loop release semaphore (git-fixes).
- mt76: mt7915: fix sta_rec_wtbl tag len (git-fixes).
- mwifiex: fix division by zero in fw download path (git-fixes).
- mwifiex: Send DELBA requests according to spec (git-fixes).
- net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353).
- net: batman-adv: fix error handling (git-fixes).
- net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (git-fixes).
- net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes).
- net: cdc_eem: fix tx fixup skb leak (git-fixes).
- net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
- netfilter: conntrack: collect all entries in one cycle (bsc#1173604).
- netfilter: Drop fragmented ndisc packets assembled in netfilter (git-fixes).
- netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value (bsc#1176447).
- net: hns3: check queue id range before using (jsc#SLE-14777).
- net: hns3: fix vf reset workqueue cannot exit (bsc#1154353).
- net: hso: add failure handler for add_net_device (git-fixes).
- net: hso: fix NULL-deref on disconnect regression (git-fixes).
- net: hso: fix null-ptr-deref during tty device unregistration (git-fixes).
- net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
- net: lan78xx: fix division by zero in send path (git-fixes).
- net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800).
- net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes).
- net/mlx4_en: Resolve bad operstate value (git-fixes).
- net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172).
- net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
- net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and LRO combined (jsc#SLE-15172).
- net/mlx5: E-Switch, Fix double allocation of acl flow counter (jsc#SLE-15172).
- net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464).
- net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes).
- net/sched: ets: fix crash when flipping from 'strict' to 'quantum' (bsc#1176774).
- net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes).
- NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes).
- NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes).
- nfc: fix error handling of nfc_proto_register() (git-fixes).
- nfc: port100: fix using -ERRNO as command type mask (git-fixes).
- nfs: dir_cookie is a pointer to the cookie in older kernels, not the cookie itself. (bsc#1191628 bsc#1192549).
- NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628).
- nvme: add command id quirk for apple controllers (git-fixes).
- nvme-fc: avoid race between time out and tear down (bsc#1185762).
- nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
- nvme-fc: update hardware queues before using them (bsc#1185762).
- nvme-pci: Fix abort command id (git-fixes).
- nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
- nvme-pci: refactor nvme_unmap_data (bsc#1191934).
- nvme-pci: set min_align_mask (bsc#1191851).
- ocfs2: fix data corruption after conversion from inline format (bsc#1190795).
- pata_legacy: fix a couple uninitialized variable bugs (git-fixes).
- PCI: Fix pci_host_bridge struct device release/free handling (git-fixes).
- phy: mdio: fix memory leak (git-fixes).
- platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes).
- platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes (git-fixes).
- platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes).
- platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes).
- platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes).
- PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes).
- PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails (git-fixes).
- PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (git-fixes).
- PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes).
- PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes).
- PM: sleep: Do not let 'syscore' devices runtime-suspend during system transitions (git-fixes).
- powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847 git-fixes).
- powerpc/64s: Fix stf mitigation patching w/strict RWX & hash (jsc#SLE-13847 git-fixes).
- powerpc/64s: Remove irq mask workaround in accumulate_stolen_time() (jsc#SLE-9246 git-fixes).
- powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
- powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
- powerpc: Do not dereference code as 'struct ppc_inst' (uprobe, code-patching, feature-fixups) (jsc#SLE-13847 git-fixes).
- powerpc: Do not use 'struct ppc_inst' to reference instruction location (jsc#SLE-13847 git-fixes).
- powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable code in tests (jsc#SLE-13847 git-fixes).
- powerpc/lib/code-patching: Make instr_is_branch_to_addr() static (jsc#SLE-13847 git-fixes).
- powerpc/lib: Fix emulate_step() std test (bsc#1065729).
- powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes).
- powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2 (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Set numa node before updating mask (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847 git-fixes).
- powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes).
- pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes).
- ptp_pch: Load module automatically if ID matches (git-fixes).
- ptp_pch: Restore dependency on PCI (git-fixes).
- qed: Fix missing error code in qed_slowpath_start() (git-fixes).
- qed: Handle management FW error (git-fixes).
- qed: rdma - do not wait for resources under hw error recovery flow (git-fixes).
- RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147).
- RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure (bsc#1181147).
- regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes).
- regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (git-fixes).
- regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (git-fixes).
- rpm: fix kmp install path
- rpm: use _rpmmacrodir (boo#1191384)
- rsi: fix control-message timeout (git-fixes).
- rsi: Fix module dev_oper_mode parameter description (git-fixes).
- rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes).
- rtl8187: fix control-message timeouts (git-fixes).
- scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867 ltc#194757).
- scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim (git-fixes).
- scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145).
- scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145).
- scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145).
- scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145).
- scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349).
- scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
- scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145).
- scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
- scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145).
- scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120).
- scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120).
- scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120).
- scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120).
- scsi: mpi3mr: Additional event handling (jsc#SLE-18120).
- scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120).
- scsi: mpi3mr: Add support for device add/remove event handling (jsc#SLE-18120).
- scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120).
- scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120).
- scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120).
- scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120).
- scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120).
- scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120).
- scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120).
- scsi: mpi3mr: Add support for timestamp sync with firmware (jsc#SLE-18120).
- scsi: mpi3mr: Allow certain commands during pci-remove hook (jsc#SLE-18120).
- scsi: mpi3mr: Base driver code (jsc#SLE-18120).
- scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120).
- scsi: mpi3mr: Create operational request and reply queue pair (jsc#SLE-18120).
- scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes).
- scsi: mpi3mr: Fix missing unlock on error (git-fixes).
- scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives (jsc#SLE-18120).
- scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120).
- scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120).
- scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120).
- scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120).
- scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18120).
- scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI (jsc#SLE-18120).
- scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O timeout (jsc#SLE-18120).
- scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
- scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
- scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
- scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
- scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
- scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941).
- scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941).
- scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941).
- scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941).
- scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
- scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941).
- scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
- scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
- scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
- scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
- scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
- scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
- scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
- scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
- scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
- scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941).
- scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
- scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
- scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
- scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
- scsi: qla2xxx: Fix port type info (bsc#1190941).
- scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
- scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
- scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
- scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941).
- scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
- scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
- scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941).
- scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
- scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941).
- scsi: target: Fix the pgr/alua_support_store functions (git-fixes).
- sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351).
- soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes).
- spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes).
- swiotlb: add a IO_TLB_SIZE define (bsc#1191851).
- swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851).
- swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single (bsc#1191851).
- swiotlb: factor out an io_tlb_offset helper (bsc#1191851).
- swiotlb: factor out a nr_slots helper (bsc#1191851).
- swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851).
- swiotlb: respect min_align_mask (bsc#1191851).
- swiotlb: Split size parameter to map/unmap APIs (bsc#1191851).
- tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes).
- tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729).
- Update patch reference for AMDGPU fix (bsc#1180749)
- USB: cdc-acm: clean up probe error labels (git-fixes).
- USB: cdc-acm: fix minor-number release (git-fixes).
- usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes).
- usb: hso: fix error handling code of hso_create_net_device (git-fixes).
- usb: hso: remove the bailout parameter (git-fixes).
- usb: musb: dsps: Fix the probe error path (git-fixes).
- usbnet: fix error return code in usbnet_probe() (git-fixes).
- usbnet: sanity check for maxpacket (git-fixes).
- USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
- USB: serial: option: add Quectel EC200S-CN module support (git-fixes).
- USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
- USB: serial: qcserial: add EM9191 QDL support (git-fixes).
- USB: xhci: dbc: fix tty registration race (git-fixes).
- video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes).
- virtio-gpu: fix possible memory allocation failure (git-fixes).
- virtio: write back F_VERSION_1 before validate (git-fixes).
- watchdog: orion: use 0 for unset heartbeat (git-fixes).
- wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes).
- wcn36xx: add proper DMA memory barriers in rx path (git-fixes).
- wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes).
- x86/ioapic: Force affinity setup before startup (bsc#1152489).
- x86/msi: Force affinity setup before startup (bsc#1152489).
- x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (bsc#1152489).
- x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489).
- x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0] (bsc#1178134).
- xen: fix setting of max_pfn in shared_info (git-fixes).
- xen: reset legacy rtc flag for PV domU (git-fixes).
- xfs: do not allow log writes if the data device is readonly (bsc#1192229).
- xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006).
- xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006). 
- xfs: fix I_DONTCACHE (bsc#1192074).
- xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642).
- xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006).
- xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
- xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes).
- xhci: Fix command ring pointer corruption while aborting a command (git-fixes).
- xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3782-1
Released:    Tue Nov 23 23:49:03 2021
Summary:     Recommended update for dracut
Type:        recommended
Severity:    moderate
References:  1187190,1188713,1190326
This update for dracut fixes the following issues:

- Fixed multipath devices that always default to bfq scheduler (bsc#1188713)
- Fixed unbootable system when testing kernel 5.14 (bsc#1190326)
- Add support for the new iscsiadm 'no-wait' (-W) command (bsc#1187190)
- Add iscsid.service requirements (bsc#1187190)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3786-1
Released:    Wed Nov 24 05:59:13 2021
Summary:     Recommended update for rpm-config-SUSE
Type:        recommended
Severity:    important
References:  1192160
This update for rpm-config-SUSE fixes the following issues:

- Add support for the kernel xz-compressed firmware files (bsc#1192160)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3787-1
Released:    Wed Nov 24 06:00:10 2021
Summary:     Recommended update for xfsprogs
Type:        recommended
Severity:    moderate
References:  1189983,1189984,1191500,1191566,1191675
This update for xfsprogs fixes the following issues:

- Make libhandle1 an explicit dependency in the xfsprogs-devel package (bsc#1191566)
- Remove deprecated barrier/nobarrier mount options from manual pages section 5 (bsc#1191675)
- xfs_io: include support for label command (bsc#1191500)
- xfs_quota: state command to report all three (-ugp) grace times separately (bsc#1189983)
- xfs_admin: add support for external log devices (bsc#1189984)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3790-1
Released:    Wed Nov 24 06:10:31 2021
Summary:     Recommended update for open-iscsi
Type:        recommended
Severity:    moderate
References:  1187190,1187958,1188869,1191054,1192013,1192568
This update for open-iscsi fixes the following issues:

- Ensure executables are not moved from /sbin to /usr/sbin in SLE (bsc#1192013)(bsc#1191054)
- iscsi-init.service default dependencies can cause the boot to hang so they have been removed (bsc#1187190)
- IPv6 offload iSCSI lun needs to be exposed during installation (bsc#1187958)
- iscsid needs to use the new prctl(PR_SET_IO_FLUSHER) system call (bsc#1188869)
- The iscsi-init.service unit can run too early, when root is read-only, causing it to fail (bsc#1192568)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3792-1
Released:    Wed Nov 24 06:12:09 2021
Summary:     Recommended update for kmod
Type:        recommended
Severity:    moderate
References:  1192104
This update for kmod fixes the following issues:

- Enable ZSTD compression (bsc#1192104)(jsc#SLE-21256)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3799-1
Released:    Wed Nov 24 18:07:54 2021
Summary:     Recommended update for gcc11
Type:        recommended
Severity:    moderate
References:  1187153,1187273,1188623
This update for gcc11 fixes the following issues:

The additional GNU compiler collection GCC 11 is provided:

To select these compilers install the packages:

- gcc11
- gcc-c++11
- and others with 11 prefix.

to select them for building:

- CC='gcc-11'
- CXX='g++-11'

The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3808-1
Released:    Fri Nov 26 00:30:54 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1186071,1190440,1190984,1192161
This update for systemd fixes the following issues:

- Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798)
- Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984)
- Support detection for ARM64 Hyper-V guests (bsc#1186071)
- Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440)
- Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694)
- Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3838-1
Released:    Wed Dec  1 16:07:54 2021
Summary:     Security update for ruby2.5
Type:        security
Severity:    important
References:  1188160,1188161,1190375,CVE-2021-31799,CVE-2021-31810,CVE-2021-32066
This update for ruby2.5 fixes the following issues:

- CVE-2021-31799: Fixed Command injection vulnerability in RDoc (bsc#1190375).
- CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161).
- CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP (bsc#1188160).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3870-1
Released:    Thu Dec  2 07:11:50 2021
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1190356,1191286,1191324,1191370,1191609,1192337,1192436
This update for libzypp, zypper fixes the following issues:

libzypp:

- Check log writer before accessing it (bsc#1192337)
- Zypper should keep cached files if transaction is aborted (bsc#1190356)
- Require a minimum number of mirrors for multicurl (bsc#1191609)
- Fixed slowdowns when rlimit is too high by using procfs to detect niumber of 
  open file descriptors (bsc#1191324)
- Fixed zypper incomplete messages when using non English localization (bsc#1191370)
- RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286)
- Disable logger in the child process after fork (bsc#1192436)

zypper:

- Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418)


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3872-1
Released:    Thu Dec  2 07:25:55 2021
Summary:     Recommended update for cracklib
Type:        recommended
Severity:    moderate
References:  1191736
This update for cracklib fixes the following issues:

- Enable build time tests (bsc#1191736)


The following package changes have been done:

- apparmor-abstractions-2.13.6-3.3.1 added
- cracklib-dict-small-2.9.7-11.6.1 updated
- cracklib-2.9.7-11.6.1 updated
- dracut-049.1+suse.216.gf705637b-3.45.1 updated
- kernel-default-5.3.18-59.34.1 updated
- kmod-29-4.12.1 updated
- libcrack2-2.9.7-11.6.1 updated
- libdcerpc-binding0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated
- libdcerpc0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated
- libgcc_s1-11.2.1+git610-1.3.9 updated
- libkmod2-29-4.12.1 updated
- libldb2-2.2.2-3.3.1 updated
- libndr-krb5pac0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated
- libndr-nbt0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated
- libndr-standard0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated
- libndr1-4.13.13+git.531.903f5c0ccdc-3.17.1 updated
- libnetapi0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated
- libopeniscsiusr0_2_0-2.1.5-32.12.1 updated
- libruby2_5-2_5-2.5.9-4.20.1 updated
- libsamba-credentials0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated
- libsamba-errors0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated
- libsamba-hostconfig0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated
- libsamba-passdb0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated
- libsamba-util0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated
- libsamdb0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated
- libsmbconf0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated
- libsmbldap2-4.13.13+git.531.903f5c0ccdc-3.17.1 updated
- libstdc++6-11.2.1+git610-1.3.9 updated
- libsystemd0-246.16-7.21.1 updated
- libtevent-util0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated
- libudev1-246.16-7.21.1 updated
- libwbclient0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated
- libzypp-17.28.8-20.1 updated
- open-iscsi-2.1.5-32.12.1 updated
- python3-ldb-2.2.2-3.3.1 updated
- rpm-config-SUSE-1-5.6.1 updated
- ruby2.5-stdlib-2.5.9-4.20.1 updated
- ruby2.5-2.5.9-4.20.1 updated
- samba-libs-python3-4.13.13+git.531.903f5c0ccdc-3.17.1 updated
- samba-libs-4.13.13+git.531.903f5c0ccdc-3.17.1 updated
- suse-module-tools-15.3.14-3.14.1 updated
- systemd-sysvinit-246.16-7.21.1 updated
- systemd-246.16-7.21.1 updated
- udev-246.16-7.21.1 updated
- xfsprogs-4.15.0-4.52.1 updated
- zypper-1.14.50-21.1 updated


More information about the sle-security-updates mailing list