SUSE-IU-2023:219-1: Security update of suse-sles-15-sp4-chost-byos-v20230410-x86_64-gen2

sle-security-updates at sle-security-updates at
Tue Apr 11 12:01:55 UTC 2023

SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230410-x86_64-gen2
Image Advisory ID : SUSE-IU-2023:219-1
Image Tags        : suse-sles-15-sp4-chost-byos-v20230410-x86_64-gen2:20230410
Image Release     : 
Severity          : critical
Type              : security
References        : 1166486 1176785 1177529 1178233 1185232 1185261 1185441 1185621
                        1187071 1187260 1193282 1193629 1197534 1197617 1198438 1198458
                        1198458 1199282 1199756 1200710 1201066 1201490 1202120 1202353
                        1202633 1202890 1203200 1203201 1203248 1203249 1203331 1203332
                        1203355 1203410 1203715 1203746 1204363 1204548 1204956 1204993
                        1205200 1205375 1205544 1205554 1205570 1205588 1205636 1205846
                        1206065 1206103 1206224 1206232 1206235 1206459 1206483 1206492
                        1206493 1206640 1206772 1206781 1206824 1206876 1206877 1206878
                        1206880 1206881 1206882 1206883 1206884 1206885 1206886 1206889
                        1206894 1206935 1206949 1207022 1207051 1207270 1207294 1207328
                        1207416 1207529 1207560 1207571 1207588 1207589 1207590 1207591
                        1207592 1207593 1207594 1207603 1207605 1207606 1207607 1207608
                        1207609 1207610 1207613 1207615 1207617 1207618 1207619 1207620
                        1207621 1207623 1207624 1207625 1207626 1207628 1207630 1207631
                        1207632 1207634 1207635 1207636 1207638 1207639 1207641 1207642
                        1207643 1207644 1207645 1207646 1207647 1207648 1207651 1207653
                        1207723 1207770 1207773 1207780 1207843 1207845 1207853 1207875
                        1207957 1207975 1207996 1208036 1208149 1208153 1208179 1208183
                        1208212 1208290 1208358 1208420 1208428 1208429 1208432 1208449
                        1208471 1208534 1208541 1208570 1208595 1208598 1208599 1208601
                        1208603 1208605 1208607 1208628 1208700 1208741 1208759 1208776
                        1208777 1208784 1208787 1208816 1208828 1208837 1208843 1208848
                        1208924 1208925 1208926 1208957 1208959 1208998 1209001 1209008
                        1209017 1209018 1209019 1209159 1209188 1209188 1209188 1209209
                        1209210 1209211 1209212 1209214 1209256 1209258 1209262 1209291
                        1209361 1209362 1209436 1209457 1209481 1209483 1209485 1209504
                        1209533 1209624 CVE-2022-23471 CVE-2022-28737 CVE-2022-29217
                        CVE-2022-32746 CVE-2022-3523 CVE-2022-36109 CVE-2022-36280 CVE-2022-38096
                        CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334 CVE-2022-4899
                        CVE-2023-0045 CVE-2023-0225 CVE-2023-0461 CVE-2023-0464 CVE-2023-0512
                        CVE-2023-0597 CVE-2023-0614 CVE-2023-0687 CVE-2023-0922 CVE-2023-1075
                        CVE-2023-1076 CVE-2023-1078 CVE-2023-1095 CVE-2023-1118 CVE-2023-1127
                        CVE-2023-1170 CVE-2023-1175 CVE-2023-22995 CVE-2023-22998 CVE-2023-23000
                        CVE-2023-23004 CVE-2023-23559 CVE-2023-23931 CVE-2023-24329 CVE-2023-25012
                        CVE-2023-26545 CVE-2023-27320 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535
                        CVE-2023-27536 CVE-2023-27538 CVE-2023-28328 CVE-2023-28486 CVE-2023-28487

The container suse-sles-15-sp4-chost-byos-v20230410-x86_64-gen2 was updated. The following patches have been included in this update:

Advisory ID: SUSE-SU-2022:2633-1
Released:    Wed Aug  3 10:33:50 2022
Summary:     Security update for mokutil
Type:        security
Severity:    moderate
References:  1198458
This update for mokutil fixes the following issues:

- Adds SBAT revocation support to mokutil. (bsc#1198458)

New options added (see manpage):

- mokutil --set-sbat-policy  (latest | previous | delete)
  to set the SBAT acceptance policy.

- mokutil --list-sbat-revocations

  To list the current SBAT revocations.

Advisory ID: SUSE-RU-2023:713-1
Released:    Mon Mar 13 10:25:04 2023
Summary:     Recommended update for suse-build-key
Type:        recommended
Severity:    moderate
This update for suse-build-key fixes the following issues:

This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise
15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch
to mid of 2023. (jsc#PED-2777)

- gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories).
- gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories).
- suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages.
- build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem:
  New RSA 4096 key for the SUSE registry, installed as
  suse-container-key-2023.pem and suse-container-key-2023.asc
- suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem:
  New PTF container signing key for space.

Advisory ID: SUSE-RU-2023:714-1
Released:    Mon Mar 13 10:53:25 2023
Summary:     Recommended update for rpm
Type:        recommended
Severity:    important
References:  1207294
This update for rpm fixes the following issues:

- Fix missing python(abi) for 3.XX versions (bsc#1207294)

Advisory ID: SUSE-SU-2023:722-1
Released:    Tue Mar 14 14:57:15 2023
Summary:     Security update for python-cryptography
Type:        security
Severity:    moderate
References:  1208036,CVE-2023-23931
This update for python-cryptography fixes the following issues:

  - CVE-2023-23931: Fixed memory corruption due to invalidly changed immutable object (bsc#1208036).

Advisory ID: SUSE-RU-2023:743-1
Released:    Wed Mar 15 11:18:23 2023
Summary:     Recommended update for gnutls
Type:        recommended
Severity:    moderate
References:  1209001
This update for gnutls fixes the following issues:

FIPS: Establish PBKDF2 additional requirements [bsc#1209001]

* Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N)
* Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1)
* Set the minimum iterations count to 1000 (SP 800-132 sec 5.2)
* Set the minimum passlen of 20 characters (SP SP800-132 sec 5)
* Add regression tests for the new PBKDF2 requirements.

Advisory ID: SUSE-RU-2023:776-1
Released:    Thu Mar 16 17:29:23 2023
Summary:     Recommended update for gcc12
Type:        recommended
Severity:    moderate
This update for gcc12 fixes the following issues:

This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products.

SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes

This update ship the GCC 12 compiler suite and its base libraries.

The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.

The new compilers for C, C++, and Fortran are provided in the SUSE Linux
Enterprise Module for Development Tools.

To use gcc12 compilers use:

- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.

For a full changelog with all new GCC12 features, check out

Advisory ID: SUSE-SU-2023:781-1
Released:    Thu Mar 16 19:07:00 2023
Summary:     Security update for vim
Type:        security
Severity:    important
References:  1207780,1208828,1208957,1208959,CVE-2023-0512,CVE-2023-1127,CVE-2023-1170,CVE-2023-1175
This update for vim fixes the following issues:

- CVE-2023-0512: Fixed a divide By Zero (bsc#1207780).
- CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957).
- CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959).
- CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828).

Updated to version 9.0 with patch level 1386.


Advisory ID: SUSE-RU-2023:782-1
Released:    Thu Mar 16 19:08:34 2023
Summary:     Recommended update for libgcrypt
Type:        recommended
Severity:    moderate
References:  1208924,1208925,1208926
This update for libgcrypt fixes the following issues:

- FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925]
- FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924]
- FIPS: PBKDF2: Added additional checks for the minimum key length,
  salt length, iteration count and passphrase length to the kdf
  FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926]

Advisory ID: SUSE-RU-2023:783-1
Released:    Thu Mar 16 19:09:03 2023
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1208998
This update for openssl-1_1 fixes the following issues:

FIPS: Service-level indicator changes [bsc#1208998]

* Add additional checks required by FIPS 140-3. Minimum values for
  PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for
  iteration count and 20 characters for password.

Advisory ID: SUSE-RU-2023:785-1
Released:    Thu Mar 16 19:34:43 2023
Summary:     Recommended update for grub2
Type:        recommended
Severity:    moderate
References:  1205200,1205554
This update for grub2 fixes the following issues:

- Remove zfs modules (bsc#1205554)
- Make grub.cfg invariant to efi and legacy platforms (bsc#1205200)

Advisory ID: SUSE-RU-2023:788-1
Released:    Thu Mar 16 19:37:59 2023
Summary:     Recommended update for libsolv, libzypp, zypper
Type:        recommended
Severity:    important
References:  1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949
This update for libsolv, libzypp, zypper fixes the following issues:


- Do not autouninstall SUSE PTF packages
- Ensure 'duplinvolvedmap_all' is reset when a solver is reused
- Fix 'keep installed' jobs not disabling 'best update' rules
- New '-P' and '-W' options for `testsolv`
- New introspection interface for weak dependencies similar to ruleinfos
- Ensure special case file dependencies are written correctly in the testcase writer
- Support better info about alternatives
- Support decision reason queries
- Support merging of related decisions
- Support stringification of multiple solvables
- Support stringification of ruleinfo, decisioninfo and decision reasons


- Avoid calling getsockopt when we know the info already.
  This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when
  accepting new socket connections (bsc#1178233)
- Avoid redirecting 'history.logfile=/dev/null' into the target
- Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956)
- Enhance yaml-cpp detection
- Improve download of optional files
- MultiCurl: Make sure to reset the progress function when falling back.
- Properly reset range requests (bsc#1204548)
- Removing a PTF without enabled repos should always fail (bsc#1203248)
  Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. 
  To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the
  installed PTF packages to theit latest version.
- Skip media.1/media download for http repo status calc.
  This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed.
  This optimisation only takes place if the repo does specify only downloading base urls.
- Use a dynamic fallback for BLKSIZE in downloads.
  When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed,
  relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar
  metric as the MirrorCache implementation on the server side.
- ProgressData: enforce reporting the INIT||END state (bsc#1206949)
- ps: fix service detection on newer Tumbleweed systems (bsc#1205636)


- Allow to (re)add a service with the same URL (bsc#1203715)
- Bump dependency requirement to libzypp-devel 17.31.7 or greater
- Explain outdatedness of repositories
- patterns: Avoid dispylaing superfluous @System entries (bsc#1205570)
- Provide `removeptf` command (bsc#1203249)
  A remove command which prefers replacing dependant packages to removing them as well.
  A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant
  packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the
  remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official
  update versions.
- Update man page and explain '.no_auto_prune' (bsc#1204956)

Advisory ID: SUSE-RU-2023:790-1
Released:    Fri Mar 17 05:20:00 2023
Summary:     Recommended update for kexec-tools
Type:        recommended
Severity:    important
References:  1203410
This update for kexec-tools fixes the following issues:

- Remove ram_top restriction (bsc#1203410)

Advisory ID: SUSE-SU-2023:794-1
Released:    Fri Mar 17 08:42:12 2023
Summary:     Security update for python-PyJWT
Type:        security
Severity:    critical
References:  1176785,1199282,1199756,CVE-2022-29217
This update for python-PyJWT fixes the following issues:

- CVE-2022-29217: Fixed Key confusion through non-blocklisted public key formats (bsc#1199756).

- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

- Update to 2.4.0 (bsc#1199756)
    - Explicit check the key for ECAlgorithm
    - Don't use implicit optionals
    - documentation fix: show correct scope 
    - fix: Update copyright information
    - Don't mutate options dictionary in .decode_complete()
    - Add support for Python 3.10
    - api_jwk: Add PyJWKSet.__getitem__
    - Update usage.rst
    - Docs: mention performance reasons for reusing RSAPrivateKey
      when encoding
    - Fixed typo in usage.rst
    - Add detached payload support for JWS encoding and decoding
    - Replace various string interpolations with f-strings by

Advisory ID: SUSE-SU-2023:795-1
Released:    Fri Mar 17 09:13:12 2023
Summary:     Security update for docker
Type:        security
Severity:    moderate
References:  1205375,1206065,CVE-2022-36109

This update for docker fixes the following issues:

Docker was updated to 20.10.23-ce.

See upstream changelog at

Docker was updated to 20.10.21-ce (bsc#1206065)

See upstream changelog at 

Security issues fixed:

- CVE-2022-36109: Fixed supplementary group permissions bypass (bsc#1205375)

- Fix wrong After: in docker.service, fixes bsc#1188447
- Add apparmor-parser as a Recommends to make sure that most users will end up
  with it installed even if they are primarily running SELinux.
- Allow to install container-selinux instead of apparmor-parser.
- Change to using systemd-sysusers

Advisory ID: SUSE-SU-2023:848-1
Released:    Tue Mar 21 13:28:38 2023
Summary:     Security update for xen
Type:        security
Severity:    important
References:  1209017,1209018,1209019,1209188,CVE-2022-42331,CVE-2022-42332,CVE-2022-42333,CVE-2022-42334
This update for xen fixes the following issues:

- CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017).
- CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018).
- CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019).

Advisory ID: SUSE-SU-2023:868-1
Released:    Wed Mar 22 09:41:01 2023
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1203355,1208471,CVE-2023-24329
This update for python3 fixes the following issues:

- CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471).

The following non-security bug was fixed:

- Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355).

Advisory ID: SUSE-SU-2023:1582-1
Released:    Mon Mar 27 10:31:52 2023
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538
This update for curl fixes the following issues:
- CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209).
- CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210).
- CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211).
- CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212).
- CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214).

Advisory ID: SUSE-RU-2023:1586-1
Released:    Mon Mar 27 13:02:52 2023
Summary:     Recommended update for nfs-utils
Type:        recommended
Severity:    moderate
References:  1200710,1203746,1206781,1207022,1207843
This update for nfs-utils fixes the following issues:

- Rename all drop-in options.conf files as 10-options.conf
  This makes it easier for other packages to over-ride with a drop-in with a later sequence number (bsc#1207843)
- Avoid modprobe errors when sysctl is not installed (bsc#1200710 bsc#1207022 bsc#1206781)
- Add '-S scope' option to rpc.nfsd to simplify fail-over cluster configuration (bsc#1203746)

Advisory ID: SUSE-SU-2023:1628-1
Released:    Tue Mar 28 12:28:51 2023
Summary:     Security update for containerd
Type:        security
Severity:    important
References:  1206235,CVE-2022-23471
This update for containerd fixes the following issues:

- CVE-2022-23471: Fixed host memory exhaustion through Terminal resize goroutine leak (bsc#1206235).

- Re-build containerd to use updated golang-packaging (jsc#1342).
- Update to containerd v1.6.16 for Docker v23.0.0-ce.

Advisory ID: SUSE-RU-2023:1636-1
Released:    Tue Mar 28 13:26:02 2023
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    moderate
References:  1207853
This update for suse-module-tools fixes the following issues:

- Update to version 15.4.16:
  * modprobe.conf: s390x: remove softdep on fbcon (bsc#1207853)

Advisory ID: SUSE-SU-2023:1665-1
Released:    Wed Mar 29 12:55:13 2023
Summary:     Security update for sudo
Type:        security
Severity:    moderate
References:  1203201,1206483,1206772,1208595,1209361,1209362,CVE-2023-27320,CVE-2023-28486,CVE-2023-28487
This update for sudo fixes the following issue:

Security issues:

- CVE-2023-28486: Fixed sudo does not escape control characters in log messages. (bsc#1209362)
- CVE-2023-28487: Fixed sudo does not escape control characters in sudoreplay output. (bsc#1209361)
- CVE-2023-27320: Fixed a potential security issue with a double free with per-command chroot sudoers rules (bsc#1208595).

Bug fixes:

- Fix a situation where 'sudo -U otheruser -l' would dereference a NULL pointer (bsc#1206483)
- If NOPASSWD is specified, don't ask for password if command is not found (bsc#1206772).
- Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201).

Advisory ID: SUSE-RU-2023:1670-1
Released:    Wed Mar 29 13:47:50 2023
Summary:     Recommended update for cpupower
Type:        recommended
Severity:    moderate
References:  1202890
This update for cpupower fixes the following issues:

- Replace error with a warning if perf is unavailable (bsc#1202890)

Advisory ID: SUSE-SU-2023:1688-1
Released:    Wed Mar 29 18:19:10 2023
Summary:     Security update for zstd
Type:        security
Severity:    moderate
References:  1209533,CVE-2022-4899
This update for zstd fixes the following issues:

- CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533).

Advisory ID: SUSE-SU-2023:1689-1
Released:    Wed Mar 29 18:34:08 2023
Summary:     Security update for ldb, samba
Type:        security
Severity:    important
References:  1201490,1207416,1207723,1207996,1209481,1209483,1209485,CVE-2022-32746,CVE-2023-0225,CVE-2023-0614,CVE-2023-0922
This update for ldb, samba fixes the following issues:

- CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module (bsc#1201490).
- CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485).


- CVE-2023-0922: Fixed cleartext password sending by AD DC admin tool (bso#15315) (bsc#1209481).
- CVE-2023-0225: Fixed deletion of AD DC 'dnsHostname' attribute by unprivileged authenticated users (bso#15276) (bsc#1209483).
- CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485).

The following non-security bug were fixed:

- Prevent use after free of messaging_ctdb_fde_ev structs (bso#15293) (bsc#1207416).
- Ship missing samba-winbind-libs-32bit package (bsc#1207996)
- Ship missing samba-libs to SLE Micro 5.3 (bsc#1207723)

Advisory ID: SUSE-RU-2023:1697-1
Released:    Thu Mar 30 11:37:19 2023
Summary:     Recommended update for bind
Type:        recommended
Severity:    moderate
This update for bind fixes the following issues:

- A constant stream of zone additions and deletions via rndc reconfig could cause increased memory consumption due to
delayed cleaning of view memory.
- The speed of the message digest algorithms (MD5, SHA-1, SHA-2) and of NSEC3 hashing has been improved.
- Building BIND 9 failed when the --enable-dnsrps switch for ./configure was used. (jsc#SLE-24600)
- Updated keyring and signature

Advisory ID: SUSE-SU-2023:1702-1
Released:    Thu Mar 30 15:23:23 2023
Summary:     Security update for shim
Type:        security
Severity:    important
References:  1185232,1185261,1185441,1185621,1187071,1187260,1193282,1198458,1201066,1202120,1205588,CVE-2022-28737
This update for shim fixes the following issues:

- Updated shim signature after shim 15.7 be signed back:
  signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458)

- Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to
  disable the NX compatibility flag when using post-process-pe because
  grub2 is not ready. (bsc#1205588)

- Enable the NX compatibility flag by default. (jsc#PED-127) 

Update to 15.7 (bsc#1198458) (jsc#PED-127):

- Make SBAT variable payload introspectable
- Reference MokListRT instead of MokList
- Add a link to the test plan in the readme.
- [V3] Enable TDX measurement to RTMR register
- Discard load-options that start with a NUL
- Fixed load_cert_file bugs
- Add -malign-double to IA32 compiler flags
- pe: Fix image section entry-point validation
- make-archive: Build reproducible tarball
- mok: remove MokListTrusted from PCR 7

Other fixes:

- Support enhance shim measurement to TD RTMR. (jsc#PED-1273) 

- shim-install: ensure grub.cfg created is not overwritten after installing grub related files
- Add logic to shim.spec to only set sbat policy when efivarfs is writeable.  (bsc#1201066)
- Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120)
- Change the URL in SBAT section to mail:security at (bsc#1193282)

Update to 15.6 (bsc#1198458):

- MokManager: removed Locate graphic output protocol fail error message
- shim: implement SBAT verification for the shim_lock protocol
- post-process-pe: Fix a missing return code check
- Update github actions matrix to be more useful
- post-process-pe: Fix format string warnings on 32-bit platforms
- Allow MokListTrusted to be enabled by default
- Re-add ARM AArch64 support
- Use ASCII as fallback if Unicode Box Drawing characters fail
- make: don't treat cert.S specially
- shim: use SHIM_DEVEL_VERBOSE when built in devel mode
- Break out of the inner sbat loop if we find the entry.
- Support loading additional certificates
- Add support for NX (W^X) mitigations.
- Fix preserve_sbat_uefi_variable() logic
- SBAT Policy latest should be a one-shot
- pe: Fix a buffer overflow when SizeOfRawData > VirtualSize
- pe: Perform image verification earlier when loading grub
- Update advertised sbat generation number for shim
- Update SBAT generation requirements for 05/24/22
- Also avoid CVE-2022-28737 in verify_image() by @vathpela

Update to 15.5 (bsc#1198458):

- Broken ia32 relocs and an unimportant submodule change.
- mok: allocate MOK config table as BootServicesData
- Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260)
- Relax the check for import_mok_state()  (bsc#1185261)
- trivial changes
- shim: another attempt to fix load options handling
- Add tests for our load options parsing.
- arm/aa64: fix the size of .rela* sections
- mok: fix potential buffer overrun in import_mok_state
- mok: relax the maximum variable size check
- Don't unhook ExitBootServices when EBS protection is disabled
- fallback: find_boot_option() needs to return the index for the boot entry in optnum
- httpboot: Ignore case when checking HTTP headers
- Fallback allocation errors
- shim: avoid BOOTx64.EFI in message on other architectures
- str: remove duplicate parameter check
- fallback: add compile option FALLBACK_NONINTERACTIVE
- Test mok mirror
- Modify to help with readability.
- csv: detect end of csv file correctly
- Specify that the .sbat section is ASCII not UTF-8
- tests: add 'include-fixed' GCC directory to include directories
- pe: simplify generate_hash()
- Don't make shim abort when TPM log event fails (RHBZ #2002265)
- Fallback to default loader if parsed one does not exist
- fallback: Fix for BootOrder crash when index returned
- Better console checks
- docs: update SBAT UEFI variable name
- Don't parse load options if invoked from removable media path
- fallback: fix fallback not passing arguments of the first boot option
- shim: Don't stop forever at 'Secure Boot not enabled' notification
- Allocate mokvar table in runtime memory.
- Remove post-process-pe on 'make clean'
- pe: missing perror argument

- CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458)

- Add mokutil command to post script for setting sbat policy to latest mode
  when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created.

- Updated vendor dbx binary and script (bsc#1198458)

  - Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding
    SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
  - Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding
    openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
  - Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt
    and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment.
  - Updated script for generating a vendor-dbx.bin
    file which includes all .der for testing environment.

- avoid buffer overflow when copying data to the MOK config table (bsc#1185232)
- Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261)
- ignore the odd LoadOptions length (bsc#1185232)
- shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist
- relax the maximum variable size check for u-boot (bsc#1185621)
- handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071)

- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
  vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
  the size of MokListXRT (bsc#1185261) 
  + Also update in dbx-cert.tar.xz

Advisory ID: SUSE-SU-2023:1710-1
Released:    Fri Mar 31 13:21:39 2023
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1166486,1177529,1193629,1197534,1197617,1198438,1202353,1202633,1203200,1203331,1203332,1204363,1204993,1205544,1205846,1206103,1206224,1206232,1206459,1206492,1206493,1206640,1206824,1206876,1206877,1206878,1206880,1206881,1206882,1206883,1206884,1206885,1206886,1206889,1206894,1206935,1207051,1207270,1207328,1207529,1207560,1207588,1207589,1207590,1207591,1207592,1207593,1207594,1207603,1207605,1207606,1207607,1207608,1207609,1207610,1207613,1207615,1207617,1207618,1207619,1207620,1207621,1207623,1207624,1207625,1207626,1207628,1207630,1207631,1207632,1207634,1207635,1207636,1207638,1207639,1207641,1207642,1207643,1207644,1207645,1207646,1207647,1207648,1207651,1207653,1207770,1207773,1207845,1207875,1208149,1208153,1208179,1208183,1208212,1208290,1208420,1208428,1208429,1208449,1208534,1208541,1208570,1208598,1208599,1208601,1208603,1208605,1208607,1208628,1208700,1208741,1208759,1208776,1208777,1208784,1208787,1208816,1208837,1208843,1208848,1209008,1209159,1209188,1

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.

- CVE-2022-3523: Fixed a use after free related to device private page handling (bsc#1204363).
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
- CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).
- CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787).
- CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598).
- CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599).
- CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601).
- CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741).
- CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776).
- CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816).
- CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843).
- CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
- CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560).
- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).
- CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).

The following non-security bugs were fixed:

- [infiniband] READ is 'data destination', not source... (git-fixes)
- [xen] fix 'direction' argument of iov_iter_kvec() (git-fixes).
- acpi/x86: Add support for LPS0 callback handler (git-fixes).
- acpi: Do not build ACPICA with '-Os' (git-fixes).
- acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes).
- acpi: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224).
- acpi: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224).
- acpi: battery: Fix missing NUL-termination with large strings (git-fixes).
- acpi: resource: Add helper function acpi_dev_get_memory_resources() (git-fixes).
- acpi: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes).
- acpi: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224).
- acpi: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224).
- acpi: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224).
- acpi: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224).
- acpi: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224).
- acpi: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224).
- acpi: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224).
- acpi: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224).
- acpi: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224).
- acpi: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224).
- acpi: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224).
- acpica: Drop port I/O validation for some regions (git-fixes).
- acpica: nsrepair: handle cases without a return value correctly (git-fixes).
- add cherry-picked id for nouveau patch
- alsa: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes).
- alsa: hda/ca0132: minor fix for allocation size (git-fixes).
- alsa: hda/conexant: add a new hda codec SN6180 (git-fixes).
- alsa: hda/realtek - fixed wrong gpio assigned (git-fixes).
- alsa: hda/realtek: Add Positivo N14KP6-TG (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes).
- alsa: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (git-fixes).
- alsa: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes).
- alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
- alsa: hda: Do not unset preset when cleaning up codec (git-fixes).
- alsa: hda: Match only Intel devices with CONTROLLER_IN_GPU() (git-fixes).
- alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes).
- alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes).
- alsa: pci: lx6464es: fix a debug loop (git-fixes).
- applicom: Fix PCI device refcount leak in applicom_init() (git-fixes).
- arm64: Treat ESR_ELx as a 64-bit register (git-fixes)
- arm64: atomics: remove LL/SC trampolines (git-fixes)
- arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes)
- arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes)
- arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name (git-fixes).
- arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (git-fixes).
- arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (git-fixes).
- arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property (git-fixes).
- arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (git-fixes).
- arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names (git-fixes).
- arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes).
- arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes)
- arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes).
- arm64: dts: juno: Add missing MHU secure-irq (git-fixes)
- arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes).
- arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes).
- arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes).
- arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes).
- arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes).
- arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes).
- arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes).
- arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes).
- arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes).
- arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes).
- arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes).
- arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes).
- arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes).
- arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names (git-fixes).
- arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes).
- arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes).
- arm64: dts: qcom: pmk8350: Specify PBS register for PON (git-fixes).
- arm64: dts: qcom: pmk8350: Use the correct PON compatible (git-fixes).
- arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes).
- arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes).
- arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes).
- arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes).
- arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes).
- arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes).
- arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes).
- arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes).
- arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes).
- arm64: make is_ttbrX_addr() noinstr-safe (git-fixes)
- arm64: mm: kfence: only handle translation faults (git-fixes)
- arm: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes).
- arm: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes).
- arm: bcm2835_defconfig: Enable the framebuffer (git-fixes).
- arm: dts: am5748: keep usb4_tm disabled (git-fixes)
- arm: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (git-fixes).
- arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes).
- arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes).
- arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes)
- arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes).
- arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes)
- arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes).
- arm: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes).
- arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes).
- arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes)
- arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes)
- arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes).
- arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes).
- arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes)
- arm: omap: remove debug-leds driver (git-fixes)
- arm: remove some dead code (git-fixes)
- arm: renumber bits related to _TIF_WORK_MASK (git-fixes)
- arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes).
- arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes)
- arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes).
- asoc: Intel: boards: fix spelling in comments (git-fixes).
- asoc: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes).
- asoc: Intel: bytcht_es8316: move comment to the right place (git-fixes).
- asoc: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes).
- asoc: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes).
- asoc: adau7118: do not disable regulators on device unbind (git-fixes).
- asoc: codecs: Change bulk clock voting to optional voting in digital codecs (git-fixes).
- asoc: codecs: lpass: fix incorrect mclk rate (git-fixes).
- asoc: codecs: rx-macro: move clk provider to managed variants (git-fixes).
- asoc: codecs: rx-macro: move to individual clks from bulk (git-fixes).
- asoc: codecs: tx-macro: move clk provider to managed variants (git-fixes).
- asoc: codecs: tx-macro: move to individual clks from bulk (git-fixes).
- asoc: cs42l56: fix DT probe (git-fixes).
- asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes).
- asoc: fsl_sai: Update to modern clocking terminology (git-fixes).
- asoc: kirkwood: Iterate over array indexes instead of using pointer math (git-fixes).
- asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes).
- asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes).
- asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes).
- asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes).
- asoc: rsnd: fixup #endif position (git-fixes).
- asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes).
- asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes).
- asoc: soc-compress: Reposition and add pcm_mutex (git-fixes).
- asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes).
- asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes).
- asoc: topology: Return -ENOMEM on memory allocation failure (git-fixes).
- asoc: zl38060 add gpiolib dependency (git-fixes).
- asoc: zl38060: Remove spurious gpiolib select (git-fixes).
- ath9k: hif_usb: simplify if-if to if-else (git-fixes).
- ath9k: htc: clean up statistics macros (git-fixes).
- auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes).
- avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529).
- backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes).
- blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes).
- blk-mq: fix possible memleak when register 'hctx' failed (git-fixes).
- block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes).
- block/bfq-iosched.c: use 'false' rather than 'BLK_RW_ASYNC' (git-fixes).
- block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541).
- block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes).
- block: do not allow splitting of a REQ_NOWAIT bio (git-fixes).
- block: fix and cleanup bio_check_ro (git-fixes).
- block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes).
- block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes).
- bluetooth: L2CAP: Fix potential user-after-free (git-fixes).
- bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes).
- bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes).
- bluetooth: hci_sock: purge socket queues in the destruct() callback (git-fixes).
- bpf, perf: Use subprog name when reporting subprog ksymbol (git fixes).
- bpf, x64: Factor out emission of REX byte in more cases (git-fixes).
- bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers (git-fixes).
- bpf: Fix extable address check (git-fixes).
- bpf: Fix extable fixup offset (git-fixes).
- bpf: Skip task with pid=1 in send_signal_common() (git-fixes).
- can: j1939: do not wait 250 ms if the same addr was already claimed (git-fixes).
- ceph: flush cap releases when the session is flushed (bsc#1208428).
- ceph: update the time stamps and try to drop the suid/sgid (bsc#1209504).
- cifs: Check the lease context if we actually got a lease (bsc#1193629).
- cifs: Convert struct fealist away from 1-element array (bsc#1193629).
- cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes).
- cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes).
- cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629).
- cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629).
- cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes).
- cifs: Fix warning and UAF when destroy the MR list (git-fixes).
- cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629).
- cifs: Replace remaining 1-element arrays (bsc#1193629).
- cifs: Replace zero-length arrays with flexible-array members (bsc#1193629).
- cifs: Use kstrtobool() instead of strtobool() (bsc#1193629).
- cifs: do not try to use rdma offload on encrypted connections (bsc#1193629).
- cifs: fix mount on old smb servers (boo#1206935).
- cifs: get rid of dns resolve worker (bsc#1193629).
- cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629).
- cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git-fixes).
- cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629).
- cifs: match even the scope id for ipv6 addresses (bsc#1193629).
- cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629).
- cifs: prevent data race in smb2_reconnect() (bsc#1193629).
- cifs: print last update time for interface list (bsc#1193629).
- cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629).
- cifs: return a single-use cfid if we did not get a lease (bsc#1193629).
- cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629).
- cifs: split out smb3_use_rdma_offload() helper (bsc#1193629).
- cifs: update ip_addr for ses only for primary chan setup (bsc#1193629).
- cifs: use tcon allocation functions even for dummy tcon (git-fixes).
- cifs: use the least loaded channel for sending requests (bsc#1193629).
- clk: HI655X: select REGMAP instead of depending on it (git-fixes).
- clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes).
- clk: imx: avoid memory leak (git-fixes).
- clk: mxl: Add option to override gate clks (git-fixes).
- clk: mxl: Fix a clk entry by adding relevant flags (git-fixes).
- clk: mxl: Remove redundant spinlocks (git-fixes).
- clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git-fixes).
- clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes).
- clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes).
- clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git-fixes).
- clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes).
- clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes).
- clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes).
- clocksource: Suspend the watchdog temporarily when high read latency detected (git-fixes).
- comedi: use menuconfig for main Comedi menu (git-fixes).
- crypto: arm64 - Fix unused variable compilation warnings of (git-fixes)
- crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git-fixes).
- crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes).
- crypto: crypto4xx - Call dma_unmap_page when done (git-fixes).
- crypto: essiv - Handle EBUSY correctly (git-fixes).
- crypto: qat - fix out-of-bounds read (git-fixes).
- crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes).
- crypto: seqiv - Handle EBUSY correctly (git-fixes).
- crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes).
- crypto: xts - Handle EBUSY correctly (git-fixes).
- delete patches.suse/drm-i915-Don-t-use-BAR-mappings-for-ring-buffers-wit.patch Resulted in an Oops / hang at boot (bsc#1209436)
- dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes).
- dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes).
- dmaengine: dw-edma: Drop chancnt initialization (git-fixes).
- dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes).
- dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git-fixes).
- dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes).
- dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes).
- dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git-fixes).
- dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes).
- do not sign the vanilla kernel (bsc#1209008).
- docs/scripts/gdb: add necessary make scripts_gdb step (git-fixes).
- docs: Correct missing 'd_' prefix for dentry_operations member d_weak_revalidate (git-fixes).
- docs: ftrace: fix a issue with duplicated subtitle number (git-fixes).
- docs: gdbmacros: print newest record (git-fixes).
- documentation/hw-vuln: Document the interaction between IBRS and STIBP (git-fixes).
- documentation: simplify and clarify DCO contribution example language (git-fixes).
- driver core: fix potential null-ptr-deref in device_add() (git-fixes).
- driver core: fix resource leak in device_add() (git-fixes).
- driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git-fixes).
- drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes).
- drivers: base: transport_class: fix possible memory leak (git-fixes).
- drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes).
- drm/amd/display: Fail atomic_check early on normalize_zpos error (git-fixes).
- drm/amd/display: Fix potential null-deref in dm_resume (git-fixes).
- drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes).
- drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes).
- drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git-fixes).
- drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git-fixes).
- drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes).
- drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (git-fixes).
- drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (git-fixes).
- drm/bridge: lt8912b: Add hot plug detection (git-fixes).
- drm/bridge: lt9611: fix HPD reenablement (git-fixes).
- drm/bridge: lt9611: fix clock calculation (git-fixes).
- drm/bridge: lt9611: fix polarity programming (git-fixes).
- drm/bridge: lt9611: fix programming of video modes (git-fixes).
- drm/bridge: lt9611: fix sleep mode setup (git-fixes).
- drm/bridge: lt9611: pass a pointer to the of node (git-fixes).
- drm/bridge: megachips: Fix error handling in i2c_register_driver() (git-fixes).
- drm/connector: print max_requested_bpc in state debugfs (git-fixes).
- drm/edid: fix AVI infoframe aspect ratio handling (git-fixes).
- drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes).
- drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes).
- drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes).
- drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes).
- drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git-fixes).
- drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (git-fixes).
- drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes).
- drm/i915: Fix VBT DSI DVO port handling (git-fixes).
- drm/i915: Initialize the obj flags for shmem objects (git-fixes).
- drm/mediatek: Clean dangling pointer on bind error path (git-fixes).
- drm/mediatek: Drop unbalanced obj unref (git-fixes).
- drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes).
- drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git-fixes).
- drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes).
- drm/meson: fix 1px pink line on GXM when scaling video overlay (git-fixes).
- drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes).
- drm/msm/a5xx: fix context faults during ring switch (git-fixes).
- drm/msm/a5xx: fix highest bank bit for a530 (git-fixes).
- drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (git-fixes).
- drm/msm/a5xx: fix the emptyness check in the preempt code (git-fixes).
- drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes).
- drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes).
- drm/msm/dpu: Add check for cstate (git-fixes).
- drm/msm/dpu: Add check for pstates (git-fixes).
- drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes).
- drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes).
- drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes).
- drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes).
- drm/msm/dsi: Add missing check for alloc_ordered_workqueue (git-fixes).
- drm/msm/gem: Add check for kmalloc (git-fixes).
- drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes).
- drm/msm/mdp5: Add check for kzalloc (git-fixes).
- drm/msm: Fix potential invalid ptr free (git-fixes).
- drm/msm: clean event_thread->worker in case of an error (git-fixes).
- drm/msm: use strscpy instead of strncpy (git-fixes).
- drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git-fixes).
- drm/nouveau/kms/nv50-: remove unused functions (git-fixes).
- drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes).
- drm/omap: dsi: Fix excessive stack usage (git-fixes).
- drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes).
- drm/panfrost: Do not sync rpm suspension after mmu flushing (git-fixes).
- drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes).
- drm/radeon: free iio for atombios when driver shutdown (git-fixes).
- drm/shmem-helper: Remove another errant put in error path (git-fixes).
- drm/sun4i: fix missing component unbind on bind errors (git-fixes).
- drm/tiny: ili9486: Do not assume 8-bit only SPI controllers (git-fixes).
- drm/vc4: dpi: Add option for inverting pixel clock and output enable (git-fixes).
- drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes).
- drm/vc4: hdmi: Correct interlaced timings again (git-fixes).
- drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes).
- drm/vc4: hvs: Set AXI panic modes (git-fixes).
- drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes).
- drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes).
- drm/vkms: Fix memory leak in vkms_init() (git-fixes).
- drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes).
- drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git-fixes).
- drm: amd: display: Fix memory leakage (git-fixes).
- drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 (git-fixes).
- drm: tidss: Fix pixel format definition (git-fixes).
- dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes).
- dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes).
- dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes).
- dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git-fixes).
- dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git-fixes).
- dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes).
- dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes).
- eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes).
- efi: Accept version 2 of memory attributes table (git-fixes).
- exit: Add and use make_task_dead (bsc#1207328).
- exit: Allow oops_limit to be disabled (bsc#1207328).
- exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328).
- exit: Move force_uaccess back into do_exit (bsc#1207328).
- exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328).
- exit: Put an upper limit on how often we can oops (bsc#1207328).
- exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328).
- exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328).
- ext4,f2fs: fix readahead of verity data (bsc#1207648).
- ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619).
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
- ext4: add helper to check quota inums (bsc#1207618).
- ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617).
- ext4: add missing validation of fast-commit record lengths (bsc#1207626).
- ext4: allocate extended attribute value in vmalloc area (bsc#1207635).
- ext4: avoid crash when inline data creation follows DIO write (bsc#1206883).
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634).
- ext4: continue to expand file system when the target size does not reach (bsc#1206882).
- ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592).
- ext4: correct max_inline_xattr_value_size computing (bsc#1206878).
- ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878).
- ext4: disable fast-commit of encrypted dir operations (bsc#1207623).
- ext4: do not allow journal inode to have encrypt flag (bsc#1207621).
- ext4: do not increase iversion counter for ea_inodes (bsc#1207605).
- ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603).
- ext4: do not set up encryption key during jbd2 transaction (bsc#1207624).
- ext4: drop ineligible txn start stop APIs (bsc#1207588).
- ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606).
- ext4: factor out ext4_fc_get_tl() (bsc#1207615).
- ext4: fast commit may miss file actions (bsc#1207591).
- ext4: fast commit may not fallback for ineligible commit (bsc#1207590).
- ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886).
- ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881).
- ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620).
- ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594).
- ext4: fix deadlock due to mbcache entry corruption (bsc#1207653).
- ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631).
- ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608).
- ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630).
- ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593).
- ext4: fix extent status tree race in writeback error recovery path (bsc#1206877).
- ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636).
- ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894).
- ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625).
- ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609).
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628).
- ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611).
- ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612).
- ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616).
- ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637).
- ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627).
- ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890).
- ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893).
- ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888).
- ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622).
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- ext4: goto right label 'failed_mount3a' (bsc#1207610).
- ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629).
- ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633).
- ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614).
- ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602).
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- ext4: place buffer head allocation before handle start (bsc#1207607).
- ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889).
- ext4: simplify updating of fast commit stats (bsc#1207589).
- ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613).
- ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876).
- fbdev: omapfb: cleanup inconsistent indentation (git-fixes).
- fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes).
- firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (git-fixes).
- firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes).
- firmware: coreboot: framebuffer: Ignore reserved pixel color bits (git-fixes).
- firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git-fixes).
- firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes).
- firmware: xilinx: do not make a sleepable memory allocation from an atomic context (git-fixes).
- fix page corruption caused by racy check in __free_pages (bsc#1208149).
- fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258).
- fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632).
- fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429).
- fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759).
- genirq: Provide new interfaces for affinity hints (bsc#1208153).
- gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes).
- gpio: vf610: connect GPIO label to dev name (git-fixes).
- gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes).
- gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes).
- hid: Add Mapping for System Microphone Mute (git-fixes).
- hid: asus: use spinlock to protect concurrent accesses (git-fixes).
- hid: asus: use spinlock to safely schedule workers (git-fixes).
- hid: bigben: use spinlock to protect concurrent accesses (git-fixes).
- hid: bigben: use spinlock to safely schedule workers (git-fixes).
- hid: bigben_probe(): validate report count (git-fixes).
- hid: bigben_worker() remove unneeded check on report_field (git-fixes).
- hid: core: Fix deadloop in hid_apply_multiplier (git-fixes).
- hid: elecom: add support for TrackBall 056E:011C (git-fixes).
- hid: logitech-hidpp: Do not restart communication if not necessary (git-fixes).
- hid: multitouch: Add quirks for flipped axes (git-fixes).
- hid: retain initial quirks set up when creating HID devices (git-fixes).
- hv: fix comment typo in vmbus_channel/low_latency (git-fixes).
- hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes).
- hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes).
- hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: (adt7475) Display smoothing attributes in correct order (git-fixes).
- hwmon: (adt7475) Fix masking of hysteresis registers (git-fixes).
- hwmon: (coretemp) Simplify platform device handling (git-fixes).
- hwmon: (ftsteutates) Fix scaling of measurements (git-fixes).
- hwmon: (ina3221) return prober error code (git-fixes).
- hwmon: (k10temp): Add support for new family 17h and 19h models (bsc#1208848).
- hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes).
- hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes).
- hwmon: (ucd90320) Add minimum delay between bus accesses (git-fixes).
- hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (git-fixes).
- hwmon: tmp512: drop of_match_ptr for ID table (git-fixes).
- i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes).
- i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes).
- i2c: mxs: suppress probe-deferral error message (git-fixes).
- i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes).
- ib/hfi1: Assign npages earlier (git-fixes)
- ib/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes)
- ib/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes)
- ib/hfi1: Restore allocated resources on failed copyout (git-fixes)
- ib/hfi1: Update RMT size calculation (git-fixes)
- ib/ipoib: Fix legacy IPoIB due to wrong number of queues (git-fixes)
- iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (git-fixes).
- iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (git-fixes).
- iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes).
- input: ads7846 - always set last command to PWRDOWN (git-fixes).
- input: ads7846 - do not check penirq immediately for 7845 (git-fixes).
- input: ads7846 - do not report pressure for ads7845 (git-fixes).
- input: iqs269a - configure device with a single block write (git-fixes).
- input: iqs269a - drop unused device node references (git-fixes).
- input: iqs269a - increase interrupt handler return delay (git-fixes).
- input: iqs626a - drop unused device node references (git-fixes).
- interconnect: exynos: fix node leak in probe PM QoS error path (git-fixes).
- interconnect: fix mem leak when freeing nodes (git-fixes).
- interconnect: qcom: osm-l3: fix icc_onecell_data allocation (git-fixes).
- iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes).
- ipmi:ssif: Add a timer between request retries (bsc#1206459).
- ipmi:ssif: Remove rtc_us_timer (bsc#1206459).
- ipmi:ssif: resend_msg() cannot fail (bsc#1206459).
- ipmi_ssif: Rename idle state and check (bsc#1206459).
- irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes)
- iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes)
- jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590).
- jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646).
- jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641).
- jbd2: fix potential buffer head reference count leak (bsc#1207644).
- jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645).
- jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643).
- kABI workaround for hid quirks (git-fixes).
- kABI: pci: Reduce warnings on possible RW1C corruption (kabi).
- kABI: pci: dwc: Add dw_pcie_ops.host_deinit() callback (kabi).
- kabi fix for nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes).
- kabi fix for: NFSv3: handle out-of-order write replies (bsc#1205544).
- kabi fix for: nfs: Further optimisations for 'ls -l' (git-fixes).
- kabi fix for: nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes).
- kabi fix for: nfsv4.1 query for fs_location attr on a new file system (Never, kabi).
- kasan: no need to unset panic_on_warn in end_report() (bsc#1207328).
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead.
- keys: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes).
- leds: led-class: Add missing put_device() to led_put() (git-fixes).
- leds: led-core: Fix refcount leak in of_led_get() (git-fixes).
- lib/mpi: Fix buffer overrun when SG is too long (git-fixes).
- lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git-fixes).
- locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270).
- locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270).
- locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270).
- locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270).
- locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270).
- locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270).
- locking/rwsem: Make handoff bit handling more consistent (bsc#1207270).
- locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270).
- locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270).
- locking: Add missing __sched attributes (bsc#1207270).
- makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647).
- mbcache: Fixup kABI of mb_cache_entry (bsc#1207653).
- md/bitmap: Fix bitmap chunk size overflow issues (git-fixes).
- md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes).
- md: fix a crash in mempool_free (git-fixes).
- media: coda: Add check for dcoda_iram_alloc (git-fixes).
- media: coda: Add check for kmalloc (git-fixes).
- media: i2c: imx219: Fix binning for RAW8 capture (git-fixes).
- media: i2c: imx219: Split common registers from mode tables (git-fixes).
- media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes).
- media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes).
- media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes).
- media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes).
- media: m5mols: fix off-by-one loop termination error (git-fixes).
- media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes).
- media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes).
- media: ov5640: Fix analogue gain control (git-fixes).
- media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes).
- media: platform: ti: Add missing check for devm_regulator_get (git-fixes).
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes).
- media: rc: gpio-ir-recv: add remove function (git-fixes).
- media: saa7134: Use video_unregister_device for radio_dev (git-fixes).
- media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes).
- media: usb: siano: Fix use after free bugs caused by do_submit_urb (git-fixes).
- media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS (git-fixes).
- media: uvcvideo: Check controls flags before accessing them (git-fixes).
- media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible() (git-fixes).
- media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL (git-fixes).
- media: uvcvideo: Fix memory leak of object map on error exit path (git-fixes).
- media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes).
- media: uvcvideo: Handle cameras with invalid descriptors (git-fixes).
- media: uvcvideo: Handle errors from calls to usb_string (git-fixes).
- media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (git-fixes).
- media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes).
- media: uvcvideo: Silence memcpy() run-time false positive warnings (git-fixes).
- media: uvcvideo: Use control names from framework (git-fixes).
- media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes).
- media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git-fixes).
- media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes).
- mei: bus-fixup:upon error print return values of send and receive (git-fixes).
- mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (git-fixes).
- mfd: cs5535: Do not build on UML (git-fixes).
- mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git-fixes).
- misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes).
- misc: enclosure: Fix doc for enclosure_find() (git-fixes).
- mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262).
- mmc: jz4740: Work around bug on JZ4760(B) (git-fixes).
- mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes).
- mmc: sdhci_am654: lower power-on failed message severity (git-fixes).
- mmc: sdio: fix possible resource leaks in some error paths (git-fixes).
- move upstreamed i915 and media fixes into sorted section
- mt76: mt7915: fix polling firmware-own status (git-fixes).
- mtd: dataflash: remove duplicate SPI ID table (git-fixes).
- mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes).
- mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes).
- mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes).
- mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes).
- mtd: spi-nor: core: fix implicit declaration warning (git-fixes).
- mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes).
- mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes).
- net/rose: Fix to not accept on connected socket (git-fixes).
- net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git-fixes).
- net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes).
- net/x25: Fix to not accept on connected socket (git-fixes).
- net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes).
- net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153).
- net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875).
- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
- net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git-fixes).
- net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git-fixes).
- nfc: change order inside nfc_se_io error path (git-fixes).
- nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (git-fixes).
- nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes).
- nfc: pn533: initialize struct pn533_out_arg properly (git-fixes).
- nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes).
- nfcv3: handle out-of-order write replies (bsc#1205544).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes).
- nfs: Avoid writeback threads getting stuck in mempool_alloc() (git-fixes).
- nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes).
- nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git-fixes).
- nfs: Further optimisations for 'ls -l' (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup() (git-fixes).
- nfs: nfsiod should not block forever in mempool_alloc() (git-fixes).
- nfs: nfsiod should not block forever in mempool_alloc() (git-fixes).
- nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes).
- nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes).
- nfsd: Finish converting the NFSv2 GETACL result encoder (git-fixes).
- nfsd: Finish converting the NFSv3 GETACL result encoder (git-fixes).
- nfsd: Fix a memory leak in an error handling path (git-fixes).
- nfsd: Fix handling of oversized nfsv4 COMPOUND requests (git-fixes).
- nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes).
- nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes).
- nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes).
- nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes).
- nfsd: fix use-after-free on source server when doing inter-server copy (git-fixes).
- nfsd: pass range end to vfs_fsync_range() instead of count (git-fixes).
- nfsv4 expose nfs_parse_server_name function (git-fixes).
- nfsv4 handle port presence in fs_location server string (git-fixes).
- nfsv4 only print the label when its queried (git-fixes).
- nfsv4 remove zero number of fs_locations entries error check (git-fixes).
- nfsv4 store server support for fs_location attribute (git-fixes).
- nfsv4.1 query for fs_location attr on a new file system (git-fixes).
- nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes).
- nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes).
- nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes).
- nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes).
- nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes).
- nfsv4/pnfs: Always return layout stats on layout return for flexfiles (git-fixes).
- nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes).
- nfsv4: Add an fattr allocation to _nfs4_discover_trunking() (git-fixes).
- nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes).
- nfsv4: Fix a potential state reclaim deadlock (git-fixes).
- nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes).
- nfsv4: Protect the state recovery thread against direct reclaim (git-fixes).
- nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes).
- nvdimm: disable namespace on error (bsc#1166486).
- nvme-auth: check chap ctrl_key once constructed (bsc#1202633).
- nvme-auth: clear sensitive info right after authentication completes (bsc#1202633).
- nvme-auth: convert dhchap_auth_list to an array (bsc#1202633).
- nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633).
- nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633).
- nvme-auth: do not override ctrl keys before validation (bsc#1202633).
- nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633).
- nvme-auth: do not use NVMe status codes (bsc#1202633).
- nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633).
- nvme-auth: fix smatch warning complaints (bsc#1202633).
- nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633).
- nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633).
- nvme-auth: mark nvme_auth_wq static (bsc#1202633).
- nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633).
- nvme-auth: remove redundant auth_work flush (bsc#1202633).
- nvme-auth: remove redundant buffer deallocations (bsc#1202633).
- nvme-auth: remove redundant deallocations (bsc#1202633).
- nvme-auth: remove redundant if statement (bsc#1202633).
- nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633).
- nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633).
- nvme-auth: rename authentication work elements (bsc#1202633).
- nvme-auth: use workqueue dedicated to authentication (bsc#1202633).
- nvme-fabrics: show well known discovery name (bsc#1200054).
- objtool: Add a missing comma to avoid string concatenation (bsc#1207328).
- ocfs2: Fix data corruption after failed write (bsc#1208542).
- ocfs2: clear dinode links count in case of error (bsc#1207650).
- ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649).
- ocfs2: fix crash when mount with quota enabled (bsc#1207640).
- ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652).
- ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651).
- ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770).
- ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768).
- ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771).
- panic: Consolidate open-coded panic_on_warn checks (bsc#1207328).
- panic: Introduce warn_limit (bsc#1207328).
- panic: unset panic_on_warn inside panic() (bsc#1207328).
- pci/iov: Enlarge virtfn sysfs name buffer (git-fixes).
- pci/pm: Always disable PTM for all devices during suspend (git-fixes).
- pci/pm: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes).
- pci/pm: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte X299 (git-fixes).
- pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes).
- pci/ptm: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes).
- pci: Add ACS quirk for Wangxun NICs (git-fixes).
- pci: Add SolidRun vendor ID (git-fixes).
- pci: Align extra resources for hotplug bridges properly (git-fixes).
- pci: Avoid FLR for AMD FCH AHCI adapters (git-fixes).
- pci: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (git-fixes).
- pci: Fix dropping valid root bus resources with .end = zero (git-fixes).
- pci: Reduce warnings on possible RW1C corruption (git-fixes).
- pci: Take other bus devices into account when distributing resources (git-fixes).
- pci: Unify delay handling for reset and resume (git-fixes).
- pci: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (git-fixes).
- pci: aardvark: Fix link training (git-fixes).
- pci: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes).
- pci: hotplug: Allow marking devices as disconnected during bind/unbind (git-fixes).
- pci: mediatek-gen3: Assert resets to ensure expected init state (git-fixes).
- pci: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (git-fixes).
- pci: qcom: Fix host-init error handling (git-fixes).
- pci: qcom: Fix pipe clock imbalance (git-fixes).
- pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes).
- pci: xgene: Revert 'PCI: xgene: Use inbound resources for setup' (git-fixes).
- perf/amd/ibs: Use interrupt regs ip for stack unwinding (git fixes).
- perf/core: Call LSM hook after copying perf_event_attr (git fixes).
- perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (git fixes).
- perf/core: Inherit event_caps (git fixes).
- perf/x86/amd: fix potential integer overflow on shift of a int (git fixes).
- perf/x86/intel/ds: Fix precise store latency handling (git fixes).
- perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (git fixes).
- perf/x86/intel/pt: Fix sampling using single range output (git fixes).
- perf/x86/intel/pt: Relax address filter validation (git fixes).
- perf/x86/intel/uncore: Add Emerald Rapids (git fixes).
- perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (git fixes).
- perf/x86/intel/uncore: Generalize IIO topology support (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Make set_mapping() procedure void (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Update sysfs-devices-mapping file (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes (git fixes).
- perf/x86/intel: Add Emerald Rapids (git fixes).
- perf/x86/intel: Do not extend the pseudo-encoding to GP counters (git fixes).
- perf/x86/intel: Fix PEBS data source encoding for ADL (git fixes).
- perf/x86/intel: Fix PEBS memory access info encoding for ADL (git fixes).
- perf/x86/intel: Fix event constraints for ICL (git fixes).
- perf/x86/intel: Fix pebs event constraints for ADL (git fixes).
- perf/x86/intel: Fix pebs event constraints for ICL (git fixes).
- perf/x86/intel: Fix pebs event constraints for SPR (git fixes).
- perf/x86/lbr: Enable the branch type for the Arch LBR by default (git fixes).
- perf/x86/msr: Add Emerald Rapids (git fixes).
- perf/x86/rapl: Add support for Intel AlderLake-N (git fixes).
- perf/x86/rapl: Treat Tigerlake like Icelake (git fixes).
- perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (git fixes).
- perf/x86/rapl: fix AMD event handling (git fixes).
- perf/x86/uncore: Add Raptor Lake uncore support (git fixes).
- perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Add new Alder Lake and Raptor Lake support (git fixes).
- perf/x86/uncore: Add new Raptor Lake S support (git fixes).
- perf/x86/uncore: Clean up uncore_pci_ids (git fixes).
- perf/x86/uncore: Do not WARN_ON_ONCE() for a broken discovery table (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Ignore broken units in discovery table (bsc#1206824, bsc#1206493, bsc#1206492).
- perf: Always wake the parent event (git fixes).
- perf: Fix possible memleak in pmu_dev_alloc() (git fixes).
- phy: rockchip-typec: Fix unsigned comparison with less than zero (git-fixes).
- phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes).
- pinctrl: aspeed: Fix confusing types in return value (git-fixes).
- pinctrl: at91: use devm_kasprintf() to avoid potential leaks (git-fixes).
- pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git-fixes).
- pinctrl: mediatek: Fix the drive register definition of some Pins (git-fixes).
- pinctrl: mediatek: Initialize variable *buf to zero (git-fixes).
- pinctrl: mediatek: fix coding style (git-fixes).
- pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git-fixes).
- pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git-fixes).
- pinctrl: single: fix potential NULL dereference (git-fixes).
- pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes).
- platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420).
- platform/x86: amd-pmc: Correct usage of SMU version (git-fixes).
- platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes).
- platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git-fixes).
- platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git-fixes).
- platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes).
- platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes).
- platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git-fixes).
- powercap: fix possible name leak in powercap_register_zone() (git-fixes).
- powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612).
- printf: fix errname.c list (git-fixes).
- prlimit: do_prlimit needs to have a speculation check (bsc#1209256).
- pwm: stm32-lp: fix the check on arr and cmp registers update (git-fixes).
- qede: avoid uninitialized entries in coal_entry array (bsc#1205846).
- qede: fix interrupt coalescing configuration (bsc#1205846).
- quota: Check next/prev free block number after reading from quota file (bsc#1206640).
- quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639).
- rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159).
- rdma/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes)
- rdma/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes)
- rdma/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes)
- rdma/irdma: Cap MSIX used to online CPUs + 1 (git-fixes)
- rdma/irdma: Fix potential NULL-ptr-dereference (git-fixes)
- rdma/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes)
- rdma/siw: Fix user page pinning accounting (git-fixes)
- rdma/usnic: use iommu_map_atomic() under spin_lock() (git-fixes)
- refresh patches.suse/NFSv3-handle-out-of-order-write-replies  (bsc#1209457).
- regulator: Flag uncontrollable regulators as always_on (git-fixes).
- regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (git-fixes).
- regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (git-fixes).
- regulator: max77802: Bounds check regulator id against opmode (git-fixes).
- regulator: s5m8767: Bounds check id indexing into arrays (git-fixes).
- remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes).
- remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes).
- replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments.
- require suse-kernel-rpm-scriptlets at all times. The kernel packages call scriptlets for each stage, add the dependency to make it clear to libzypp that the scriptlets are required. There is no special dependency for posttrans, these scriptlets run when transactions are resolved. The plain dependency has to be used to support posttrans.
- revert 'HID: logitech-hidpp: add a module parameter to keep firmware gestures' (git-fixes).
- revert 'char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol' (git-fixes).
- revert 'crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete' (git-fixes).
- revert 'usb: dwc3: qcom: Keep power domain on to retain controller status' (git-fixes).
- rpm/ Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user at localhost:/tmp> perl '$HOME/' -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link:
- rpm/ Fix output difference when / is in location While previous attempt to fix in 6d651362c38 'rpm/ Deal with {pre,post}fixed / in location' breaks the infinite loop, it does not properly address the issue. Having prefixed and/or postfixed forward slash still result in different output. This commit changes the script to use the Perl core module File::Spec for proper path manipulation to give consistent output.
- rpm/ Remove SLE11 cruft
- rtc: allow rtc_read_alarm without read_alarm callback (git-fixes).
- rtc: pm8xxx: fix set-alarm race (git-fixes).
- rtc: sun6i: Always export the internal oscillator (git-fixes).
- runrpc allow for unspecified transport time in rpc_clnt_add_xprt (git-fixes).
- s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes).
- s390/kexec: fix ipl report address for kdump (bsc#1207529).
- scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607).
- scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607).
- scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607).
- scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607).
- scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607).
- scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534).
- scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607).
- scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607).
- scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607).
- scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607).
- scsi: lpfc: Update lpfc version to (bsc#1208607).
- scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103).
- scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570).
- scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570).
- scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570).
- scsi: qla2xxx: Fix erroneous link down (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570).
- scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570).
- scsi: qla2xxx: Fix printk() format string (bsc#1208570).
- scsi: qla2xxx: Fix stalled login (bsc#1208570).
- scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570).
- scsi: qla2xxx: Relocate/rename vp map (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (bsc#1208570).
- scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570).
- scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570).
- scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570).
- scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570).
- scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570).
- scsi: qla2xxx: Update version to (bsc#1208570).
- scsi: qla2xxx: Update version to (bsc#1208570).
- scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1208570).
- scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570).
- scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570).
- scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570).
- scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (git-fixes).
- sefltests: netdevsim: wait for devlink instance after netns removal (git-fixes).
- selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git-fixes).
- selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103).
- selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103).
- selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232).
- selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232).
- selftests/powerpc: Move perror closer to its use (bsc#1206232).
- selftests: forwarding: lib: quote the sysctl values (git-fixes).
- selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes).
- selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes).
- selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes).
- selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes).
- serial: 8250_em: Fix UART port type (git-fixes).
- serial: 8250_fsl: fix handle_irq locking (git-fixes).
- serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes).
- serial: qcom-geni: fix console shutdown hang (git-fixes).
- serial: sc16is7xx: setup GPIO controller later in probe (git-fixes).
- serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes).
- signal/seccomp: Refactor seccomp signal and coredump generation (git-fixes).
- signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes).
- signal/x86: In emulate_vsyscall force a signal instead of calling do_exit (git-fixes).
- signal: Implement force_fatal_sig (git-fixes).
- smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629).
- soundwire: cadence: Do not overflow the command FIFOs (git-fixes).
- spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes).
- spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes).
- spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes).
- spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git-fixes).
- spi: tegra210-quad: Fix validate combined sequence (git-fixes).
- staging: emxx_udc: Add checks for dma_alloc_coherent() (git-fixes).
- staging: mt7621-dts: change palmbus address to lower case (git-fixes).
- struct uvc_device move flush_status new member to end (git-fixes).
- sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes).
- sunrpc: Fix null-ptr-deref when xps sysfs alloc failed (git-fixes).
- sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git-fixes).
- sunrpc: Fix socket waits for write buffer space (git-fixes).
- sunrpc: Return true/false (not 1/0) from bool functions (git-fixes).
- supported.conf: Remove duplicate entry.
- sysctl: add a new register_sysctl_init() interface (bsc#1207328).
- thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes).
- thermal/drivers/tsens: Add compat string for the qcom,msm8960 (git-fixes).
- thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes).
- thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes).
- thermal/drivers/tsens: fix slope values for msm8939 (git-fixes).
- thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes).
- thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git-fixes).
- thermal: intel: Fix unsigned comparison with less than zero (git-fixes).
- thermal: intel: intel_pch: Add support for Wellsburg PCH (git-fixes).
- thermal: intel: powerclamp: Fix cur_state for multi package system (git-fixes).
- thermal: intel: quark_dts: fix error pointer dereference (git-fixes).
- tools/iio/iio_utils:fix memory leak (git-fixes).
- tpm/eventlog: Do not abort tpm_read_log on faulty ACPI address (git-fixes).
- trace_events_hist: add check for return value of 'create_hist_field' (git-fixes).
- tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes).
- tracing: Make sure trace_printk() can output as soon as it can be used (git-fixes).
- tty: fix out-of-bounds access in tty_driver_lookup_tty() (git-fixes).
- tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git-fixes).
- tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes).
- tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git-fixes).
- tty: serial: fsl_lpuart: disable the CTS when send break signal (git-fixes).
- tty: serial: imx: Handle RS485 DE signal active high (git-fixes).
- tty: serial: imx: disable Ageing Timer interrupt request irq (git-fixes).
- tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git-fixes).
- ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328).
- update internal module version number for cifs.ko (bsc#1193629).
- update suse/hid-bigben_probe-validate-report-count (bsc#1208605).
- usb: core: Do not hold device lock while reading the 'descriptors' sysfs file (git-fixes).
- usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes).
- usb: dwc3: core: Host wake up support from system suspend (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes).
- usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes).
- usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes).
- usb: dwc3: qcom: Keep power domain on to retain controller status (git-fixes).
- usb: dwc3: qcom: clean up icc init (git-fixes).
- usb: dwc3: qcom: clean up suspend callbacks (git-fixes).
- usb: dwc3: qcom: fix gadget-only builds (git-fixes).
- usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes).
- usb: dwc3: qcom: fix wakeup implementation (git-fixes).
- usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes).
- usb: dwc3: qcom: suppress unused-variable warning (git-fixes).
- usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes).
- usb: ene_usb6250: Allocate enough memory for full object (git-fixes).
- usb: gadget: configfs: Restrict symlink creation is UDC already binded (git-fixes).
- usb: gadget: configfs: remove using list iterator after loop body as a ptr (git-fixes).
- usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link() (git-fixes).
- usb: gadget: configfs: use to_usb_function_instance() in cfg (un)link func (git-fixes).
- usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes).
- usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes).
- usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (git-fixes).
- usb: max-3421: Fix setting of I/O pins (git-fixes).
- usb: musb: Add and use inline function musb_otg_state_string (git-fixes).
- usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes).
- usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes).
- usb: musb: remove schedule work called after flush (git-fixes).
- usb: serial: option: add support for VW/Skoda 'Carstick LTE' (git-fixes).
- usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes).
- usb: typec: intel_pmc_mux: Do not leak the ACPI device reference count (git-fixes).
- usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources() (git-fixes).
- usb: uvc: Enumerate valid values for color matching (git-fixes).
- vc_screen: do not clobber return value in vcs_read (git-fixes).
- vc_screen: modify vcs_size() handling in vcs_read() (git-fixes).
- vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes).
- vfio/type1: prevent underflow of locked_vm via exec() (git-fixes).
- vfio/type1: restore locked_vm (git-fixes).
- vfio/type1: track locked_vm per dma (git-fixes).
- vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642).
- vfs: filename_create(): fix incorrect intent (bsc#1197534).
- virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449).
- virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449).
- virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449).
- virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449).
- virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449).
- virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449).
- vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes).
- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
- watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (bsc#1197617).
- watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210) Also enable module in aarch64 default configuration.
- watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes).
- watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes).
- watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes).
- watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes).
- wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes).
- wifi: ath11k: allow system suspend to survive ath11k (git-fixes).
- wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes).
- wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() (git-fixes).
- wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (git-fixes).
- wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes).
- wifi: ath9k: use proper statements in conditionals (git-fixes).
- wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (git-fixes).
- wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (git-fixes).
- wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git-fixes).
- wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes).
- wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes).
- wifi: cfg80211: Fix use after free for wext (git-fixes).
- wifi: cfg80211: Partial revert 'wifi: cfg80211: Fix use after free for wext' (git-fixes).
- wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes).
- wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: iwl3945: Add missing check for create_singlethread_workqueue (git-fixes).
- wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git-fixes).
- wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes).
- wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes).
- wifi: mt7601u: fix an integer underflow (git-fixes).
- wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup (git-fixes).
- wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes).
- wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git-fixes).
- wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes).
- wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes).
- wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes).
- wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes).
- wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (git-fixes).
- wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes).
- wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtw89: Add missing check for alloc_workqueue (git-fixes).
- wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes).
- wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- writeback: avoid use-after-free after removing device (bsc#1207638).
- x86/64/mm: Map all kernel memory into trampoline_pgd (git-fixes).
- x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes).
- x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848).
- x86/asm: Fix an assembler warning with current binutils (git-fixes).
- x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes).
- x86/cpu: Add CPU model numbers for Meteor Lake (git fixes).
- x86/cpu: Add Raptor Lake to Intel family (git fixes).
- x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (git fixes).
- x86/cpu: Add new Raptor Lake CPU model number (git fixes).
- x86/cpu: Add several Intel server CPU model numbers (git fixes).
- x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (git fixes).
- x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes).
- x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes).
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes).
- x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes).
- x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes).
- x86/perf/zhaoxin: Add stepping check for ZXC (git fixes).
- x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes).
- x86/perf: Default set FREEZE_ON_SMI for all (git fixes).
- x86/sgx: Fix free page accounting (git-fixes).
- x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes).
- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes).
- x86: acpi: cstate: Optimize C3 entry on AMD CPUs (git-fixes).
- x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- xen-netfront: Fix NULL sring after live migration (git-fixes).
- xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes).
- xen/arm: Fix race in RB-tree based P2M accounting (git-fixes)
- xen/netback: do some code cleanup (git-fixes).
- xen/netback: fix build warning (git-fixes).
- xen/netfront: destroy queues before real_num_tx_queues is zeroed (git-fixes).
- xen/platform-pci: add missing free_irq() in error path (git-fixes).
- xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git-fixes).
- xfs: estimate post-merge refcounts correctly (bsc#1208183).
- xfs: hoist refcount record merge predicates (bsc#1208183).

Advisory ID: SUSE-SU-2023:1717-1
Released:    Fri Mar 31 15:18:35 2023
Summary:     Security update for grub2
Type:        security
Severity:    moderate
References:  1209188

This update of grub2 fixes the following issues:

- rebuild the package with the new secure boot key (bsc#1209188).

Advisory ID: SUSE-SU-2023:1718-1
Released:    Fri Mar 31 15:47:34 2023
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1207571,1207957,1207975,1208358,CVE-2023-0687
This update for glibc fixes the following issues:

Security issue fixed:

- CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975)

Other issues fixed:

- Fix avx2 strncmp offset compare condition check (bsc#1208358)
- elf: Allow dlopen of filter object to work (bsc#1207571)
- powerpc: Fix unrecognized instruction errors with recent GCC
- x86: Cache computation for AMD architecture (bsc#1207957)

Advisory ID: SUSE-SU-2023:1745-1
Released:    Tue Apr  4 09:05:23 2023
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1209624,CVE-2023-0464
This update for openssl-1_1 fixes the following issues:

- CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624).

Advisory ID: SUSE-RU-2023:1753-1
Released:    Tue Apr  4 11:55:00 2023
Summary:     Recommended update for systemd-presets-common-SUSE
Type:        recommended
Severity:    moderate
This update for systemd-presets-common-SUSE fixes the following issue:

- Enable systemd-pstore.service by default (jsc#PED-2663)

Advisory ID: SUSE-RU-2023:1779-1
Released:    Thu Apr  6 08:16:58 2023
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1208432
This update for systemd fixes the following issues:

- Fix return non-zero value when disabling SysVinit service (bsc#1208432)
- Drop build requirement on libpci, it's not no longer needed
- Move systemd-boot and all components managing (secure) UEFI boot into udev
  sub-package, so they aren't installed in systemd based containers

The following package changes have been done:

- bind-utils-9.16.38-150400.5.20.2 updated
- containerd-ctr-1.6.16-150000.82.2 updated
- containerd-1.6.16-150000.82.2 updated
- cpupower-5.14-150400.3.3.1 updated
- curl-7.79.1-150400.5.18.1 updated
- docker-20.10.23_ce-150000.175.1 updated
- glibc-locale-base-2.31-150300.46.1 updated
- glibc-locale-2.31-150300.46.1 updated
- glibc-2.31-150300.46.1 updated
- grub2-i386-pc-2.06-150400.11.25.1 updated
- grub2-x86_64-efi-2.06-150400.11.25.1 updated
- grub2-2.06-150400.11.25.1 updated
- kernel-default-5.14.21-150400.24.55.3 updated
- kexec-tools-2.0.20-150400.16.3.1 updated
- libcpupower0-5.14-150400.3.3.1 updated
- libcurl4-7.79.1-150400.5.18.1 updated
- libgcc_s1-12.2.1+git416-150000.1.7.1 updated
- libgcrypt20-1.9.4-150400.6.8.1 updated
- libgnutls30-3.7.3-150400.4.35.1 updated
- libldb2-2.4.4-150400.4.11.1 updated
- libopenssl1_1-1.1.1l-150400.7.31.2 updated
- libpython3_6m1_0-3.6.15-150300.10.45.1 updated
- libsolv-tools-0.7.23-150400.3.3.1 updated
- libstdc++6-12.2.1+git416-150000.1.7.1 updated
- libsystemd0-249.16-150400.8.25.7 updated
- libudev1-249.16-150400.8.25.7 updated
- libzstd1-1.5.0-150400.3.3.1 updated
- libzypp-17.31.8-150400.3.14.1 updated
- mokutil-0.5.0-150400.3.3.1 added
- nfs-client-2.1.1-150100.10.32.1 updated
- openssl-1_1-1.1.1l-150400.7.31.2 updated
- python3-PyJWT-2.4.0-150200.3.6.2 updated
- python3-base-3.6.15-150300.10.45.1 updated
- python3-bind-9.16.38-150400.5.20.2 updated
- python3-cryptography-3.3.2-150400.16.6.1 updated
- python3-3.6.15-150300.10.45.1 updated
- rpm-ndb-4.14.3-150300.55.1 updated
- samba-client-libs-4.15.13+git.636.53d93c5b9d6-150400.3.23.1 updated
- samba-libs-4.15.13+git.636.53d93c5b9d6-150400.3.23.1 updated
- shim-15.7-150300.4.11.1 updated
- sudo-1.9.9-150400.4.26.1 updated
- suse-build-key-12.0-150000.8.31.1 updated
- suse-module-tools-15.4.16-150400.3.8.1 updated
- systemd-presets-common-SUSE-15-150100.8.20.1 updated
- systemd-sysvinit-249.16-150400.8.25.7 updated
- systemd-249.16-150400.8.25.7 updated
- udev-249.16-150400.8.25.7 updated
- vim-data-common-9.0.1386-150000.5.37.1 updated
- vim-9.0.1386-150000.5.37.1 updated
- xen-libs-4.16.3_06-150400.4.25.1 updated
- zstd-1.5.0-150400.3.3.1 updated
- zypper-1.14.59-150400.3.12.2 updated
- dracut-mkinitrd-deprecated-055+suse.331.g05b9ccb7-150400.3.16.1 removed
- python3-ecdsa-0.13.3-3.7.1 removed

More information about the sle-security-updates mailing list