SUSE-IU-2023:549-1: Security update of suse-sles-15-sp4-chost-byos-v20230803-hvm-ssd-x86_64

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Sun Aug 6 07:02:11 UTC 2023


SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230803-hvm-ssd-x86_64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2023:549-1
Image Tags        : suse-sles-15-sp4-chost-byos-v20230803-hvm-ssd-x86_64:20230803
Image Release     : 
Severity          : important
Type              : security
References        : 1065729 1065729 1089497 1150305 1152472 1152489 1157881 1160435
                        1171511 1172073 1186673 1187829 1189998 1191112 1191731 1193629
                        1193629 1194557 1194869 1194869 1195655 1195921 1198097 1199020
                        1200710 1201399 1201627 1201817 1202234 1202234 1203300 1203393
                        1203750 1203818 1203906 1205650 1205756 1205758 1205758 1205760
                        1205762 1205803 1206024 1206447 1206578 1206674 1206798 1207004
                        1207071 1207534 1207553 1207894 1208003 1208074 1208410 1208600
                        1208604 1208721 1208758 1208788 1209039 1209229 1209233 1209287
                        1209288 1209367 1209536 1209565 1209565 1209856 1209859 1209982
                        1210004 1210165 1210277 1210294 1210298 1210335 1210449 1210450
                        1210498 1210533 1210551 1210565 1210584 1210591 1210647 1210652
                        1210741 1210775 1210783 1210791 1210799 1210806 1210853 1210940
                        1210947 1210996 1210999 1211026 1211037 1211043 1211044 1211089
                        1211105 1211113 1211131 1211158 1211205 1211243 1211256 1211257
                        1211261 1211261 1211263 1211272 1211280 1211281 1211299 1211346
                        1211354 1211387 1211410 1211418 1211419 1211449 1211449 1211465
                        1211519 1211564 1211578 1211588 1211590 1211592 1211612 1211661
                        1211674 1211686 1211687 1211688 1211689 1211690 1211691 1211692
                        1211693 1211714 1211754 1211795 1211796 1211796 1211804 1211807
                        1211808 1211811 1211828 1211847 1211852 1211855 1211867 1211960
                        1212051 1212126 1212129 1212154 1212155 1212158 1212187 1212187
                        1212187 1212187 1212189 1212222 1212222 1212230 1212260 1212265
                        1212301 1212350 1212448 1212494 1212495 1212504 1212513 1212516
                        1212517 1212540 1212544 1212561 1212563 1212564 1212567 1212584
                        1212592 1212603 1212605 1212606 1212619 1212623 1212662 1212701
                        1212741 1212756 1212835 1212838 1212842 1212846 1212861 1212869
                        1212892 1212905 1213004 1213008 1213010 1213011 1213012 1213013
                        1213014 1213015 1213016 1213017 1213018 1213019 1213020 1213021
                        1213024 1213025 1213032 1213034 1213035 1213036 1213037 1213038
                        1213039 1213040 1213041 1213059 1213061 1213087 1213088 1213089
                        1213090 1213092 1213093 1213094 1213095 1213096 1213098 1213099
                        1213100 1213102 1213103 1213104 1213105 1213106 1213107 1213108
                        1213109 1213110 1213111 1213112 1213113 1213114 1213134 1213171
                        1213172 1213173 1213174 1213237 1213245 1213247 1213252 1213258
                        1213259 1213263 1213264 1213286 1213384 1213487 1213504 1213523
                        1213524 1213543 1213705 CVE-2007-4559 CVE-2022-2084 CVE-2022-2127
                        CVE-2022-4269 CVE-2022-4304 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886
                        CVE-2022-45887 CVE-2022-45919 CVE-2023-1077 CVE-2023-1079 CVE-2023-1249
                        CVE-2023-1380 CVE-2023-1382 CVE-2023-1786 CVE-2023-1829 CVE-2023-2002
                        CVE-2023-20593 CVE-2023-21102 CVE-2023-2124 CVE-2023-2156 CVE-2023-2162
                        CVE-2023-2269 CVE-2023-2426 CVE-2023-2483 CVE-2023-2513 CVE-2023-2602
                        CVE-2023-2603 CVE-2023-2609 CVE-2023-2610 CVE-2023-2828 CVE-2023-28410
                        CVE-2023-2911 CVE-2023-2953 CVE-2023-2985 CVE-2023-3006 CVE-2023-30456
                        CVE-2023-3090 CVE-2023-31084 CVE-2023-3111 CVE-2023-3117 CVE-2023-31248
                        CVE-2023-3141 CVE-2023-31436 CVE-2023-31484 CVE-2023-3161 CVE-2023-32001
                        CVE-2023-3212 CVE-2023-32233 CVE-2023-32681 CVE-2023-33288 CVE-2023-3357
                        CVE-2023-3358 CVE-2023-3389 CVE-2023-3390 CVE-2023-34241 CVE-2023-3446
                        CVE-2023-34966 CVE-2023-34967 CVE-2023-34968 CVE-2023-34969 CVE-2023-35001
                        CVE-2023-35788 CVE-2023-35823 CVE-2023-35828 CVE-2023-35829 CVE-2023-3812
                        CVE-2023-38408 
-----------------------------------------------------------------

The container suse-sles-15-sp4-chost-byos-v20230803-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2482-1
Released:    Mon Jun 12 07:19:53 2023
Summary:     Recommended update for systemd-rpm-macros
Type:        recommended
Severity:    moderate
References:  1211272
This update for systemd-rpm-macros fixes the following issues:

- Adjust functions so they are disabled when called from a chroot (bsc#1211272)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2484-1
Released:    Mon Jun 12 08:49:58 2023
Summary:     Security update for openldap2
Type:        security
Severity:    moderate
References:  1211795,CVE-2023-2953
This update for openldap2 fixes the following issues:

- CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2495-1
Released:    Tue Jun 13 15:05:27 2023
Summary:     Recommended update for libzypp
Type:        recommended
Severity:    important
References:  1211661,1212187
This update for libzypp fixes the following issues:

- Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187]
- Do not unconditionally release a medium if provideFile failed. [bsc#1211661]

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2517-1
Released:    Thu Jun 15 07:09:52 2023
Summary:     Security update for python3
Type:        security
Severity:    moderate
References:  1203750,1211158,CVE-2007-4559
This update for python3 fixes the following issues:

- CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750).

- Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2519-1
Released:    Thu Jun 15 08:25:19 2023
Summary:     Recommended update for supportutils
Type:        recommended
Severity:    moderate
References:  1203818
This update for supportutils fixes the following issues:

 - Added missed sanitation check on crash.txt (bsc#1203818)
 - Added check to _sanitize_file
 - Using variable for replement text in _sanitize_file

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2550-1
Released:    Mon Jun 19 17:51:21 2023
Summary:     Recommended update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings
Type:        recommended
Severity:    moderate
References:  1191112,1198097,1199020,1202234,1209565,1210591,1211354,1212187,1212189

This update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings ships the update stack to
the INSTALLER self-update channel.

yast2-pkg-bindings:

- Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565)

autoyast2:

- Selected products are not installed after resetting the package manager internally (bsc#1202234)

libyui:

- Prevent buffer overflow when drawing very wide labels in ncurses (bsc#1211354)
- Fixed loading icons from an absolute path (bsc#1210591)
- Fix for main window stacking order to avoid unintentional transparency (bsc#1199020, bsc#1191112)
- Force messages from .ui file through our translation mechanism (bsc#1198097)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2571-1
Released:    Wed Jun 21 13:26:09 2023
Summary:     Security update for Salt
Type:        security
Severity:    moderate
References:  1207071,1209233,1211612,1211754,1212516,1212517
This update for salt fixes the following issues:

salt:

- Update to Salt release version 3006.0 (jsc#PED-4361)
  * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html
- Add missing patch after rebase to fix collections Mapping issues
- Add python3-looseversion as new dependency for salt
- Add python3-packaging as new dependency for salt
- Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071)
- Avoid conflicts with Salt dependencies versions (bsc#1211612)
- Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754)
- Create new salt-tests subpackage containing Salt tests
- Drop conflictive patch dicarded from upstream
- Fix package build with old setuptools versions
- Fix SLS rendering error when Jinja macros are used
- Fix version detection and avoid building and testing failures
- Prevent deadlocks in salt-ssh executions
- Require python3-jmespath runtime dependency (bsc#1209233)
- Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517)
    
python-jmespath:
    
- Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt
  (no source changes)
    
python-ply:
    
- Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath
  (no source changes)
 
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2616-1
Released:    Thu Jun 22 16:47:50 2023
Summary:     Security update for cups
Type:        security
Severity:    important
References:  1212230,CVE-2023-34241
This update for cups fixes the following issues:

- CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2625-1
Released:    Fri Jun 23 17:16:11 2023
Summary:     Recommended update for gcc12
Type:        recommended
Severity:    moderate
References:  
This update for gcc12 fixes the following issues:

- Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204

  * includes regression and other bug fixes

- Speed up builds with --enable-link-serialization.

- Update embedded newlib to version 4.2.0

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2628-1
Released:    Fri Jun 23 21:43:22 2023
Summary:     Security update for cloud-init
Type:        security
Severity:    important
References:  1171511,1203393,1210277,1210652,CVE-2022-2084,CVE-2023-1786
This update for cloud-init fixes the following issues:

- CVE-2023-1786: Do not expose sensitive data gathered from the CSP. (bsc#1210277)
- CVE-2022-2084: Fixed a bug which caused logging schema failures can include password hashes. (bsc#1210652)
    
- Update to version 23.1

  + Support transactional-updates for SUSE based distros
  + Set ownership for new folders in Write Files Module
  + add OpenCloudOS and TencentOS support
  + lxd: Retry if the server isn't ready 
  + test: switch pycloudlib source to pypi 
  + test: Fix integration test deprecation message 
  + Recognize opensuse-microos, dev tooling fixes 
  + sources/azure: refactor imds handler into own module 
  + docs: deprecation generation support 
  + add function is_virtual to distro/FreeBSD
  + cc_ssh: support multiple hostcertificates 
  + Fix minor schema validation regression and fixup typing 
  + doc: Reword user data debug section 
  + cli: schema also validate vendordata*.
  + ci: sort and add checks for cla signers file 
  + Add 'ederst' as contributor
  + readme: add reference to packages dir 
  + docs: update downstream package list 
  + docs: add google search verification 
  + docs: fix 404 render use default notfound_urls_prefix in RTD conf
  + Fix OpenStack datasource detection on bare metal
  + docs: add themed RTD 404 page and pointer to readthedocs-hosted 
  + schema: fix gpt labels, use type string for GUID 
  + cc_disk_setup: code cleanup 
  + netplan: keep custom strict perms when 50-cloud-init.yaml exists
  + cloud-id: better handling of change in datasource files
  + Warn on empty network key 
  + Fix Vultr cloud_interfaces usage 
  + cc_puppet: Update puppet service name 
  + docs: Clarify networking docs 
  + lint: remove httpretty 
  + cc_set_passwords: Prevent traceback when restarting ssh 
  + tests: fix lp1912844 
  + tests: Skip ansible test on bionic 
  + Wait for NetworkManager 
  + docs: minor polishing 
  + CI: migrate integration-test to GH actions 
  + Fix permission of SSH host keys 
  + Fix default route rendering on v2 ipv6
  + doc: fix path in net_convert command 
  + docs: update net_convert docs
  + doc: fix dead link
  + cc_set_hostname: ignore /var/lib/cloud/data/set-hostname if it's empty
  + distros/rhel.py: _read_hostname() missing strip on 'hostname'
  + integration tests: add  IBM VPC support 
  + machine-id: set to uninitialized to trigger regeneration on clones
  + sources/azure: retry on connection error when fetching metdata 
  + Ensure ssh state accurately obtained 
  + bddeb: drop dh-systemd dependency on newer deb-based releases 
  + doc: fix `config formats` link in cloudsigma.rst 
  + Fix wrong subp syntax in cc_set_passwords.py 
  + docs: update the PR template link to readthedocs 
  + ci: switch unittests to gh actions
  + Add mount_default_fields for PhotonOS. 
  + sources/azure: minor refactor for metadata source detection logic
  + add 'CalvoM' as contributor 
  + ci: doc to gh actions 
  + lxd: handle 404 from missing devices route for LXD 4.0 
  + docs: Diataxis overhaul 
  + vultr: Fix issue regarding cache and region codes 
  + cc_set_passwords: Move ssh status checking later 
  + Improve Wireguard module idempotency 
  + network/netplan: add gateways as on-link when necessary 
  + tests: test_lxd assert features.networks.zones when present 
  + Use btrfs enquque when available (#1926) [Robert Schweikert]
  + sources/azure: fix device driver matching for net config (#1914)
  + BSD: fix duplicate macs in Ifconfig parser 
  + pycloudlib: add lunar support for integration tests 
  + nocloud: add support for dmi variable expansion for seedfrom URL
  + tools: read-version drop extra call to git describe --long
  + doc: improve cc_write_files doc
  + read-version: When insufficient tags, use cloudinit.version.get_version
  + mounts: document weird prefix in schema 
  + Ensure network ready before cloud-init service runs on RHEL
  + docs: add copy button to code blocks 
  + netplan: define features.NETPLAN_CONFIG_ROOT_READ_ONLY flag
  + azure: fix support for systems without az command installed 
  + Fix the distro.osfamily output problem in the openEuler system. 
  + pycloudlib: bump commit dropping azure api smoke test
  + net: netplan config root read-only as wifi config can contain creds
  + autoinstall: clarify docs for users
  + sources/azure: encode health report as utf-8 
  + Add back gateway4/6 deprecation to docs 
  + networkd: Add support for multiple [Route] sections 
  + doc: add qemu tutorial 
  + lint: fix tip-flake8 and tip-mypy 
  + Add support for setting uid when creating users on FreeBSD 
  + Fix exception in BSD networking code-path 
  + Append derivatives to is_rhel list in cloud.cfg.tmpl 
  + FreeBSD init: use cloudinit_enable as only rcvar 
  + feat: add support aliyun metadata security harden mode 
  + docs: uprate analyze to performance page
  + test: fix lxd preseed managed network config 
  + Add support for static IPv6 addresses for FreeBSD 
  + Make 3.12 failures not fail the build 
  + Docs: adding relative links 
  + Fix setup.py to align with PEP 440 versioning replacing trailing
  + Add 'nkukard' as contributor 
  + doc: add how to render new module doc 
  + doc: improve module creation explanation 
  + Add Support for IPv6 metadata to OpenStack 
  + add xiaoge1001 to .github-cla-signers
  + network: Deprecate gateway{4,6} keys in network config v2
  + VMware: Move Guest Customization transport from OVF to VMware
  + doc: home page links added
  + net: skip duplicate mac check for netvsc nic and its VF

This update for python-responses fixes the following issues:
  
- update to 0.21.0:
  * Add `threading.Lock()` to allow `responses` working with `threading` module.
  * Add `urllib3` `Retry` mechanism. See #135
  * Removed internal `_cookies_from_headers` function
  * Now `add`, `upsert`, `replace` methods return registered response.
    `remove` method returns list of removed responses.
  * Added null value support in `urlencoded_params_matcher` via `allow_blank` keyword argument
  * Added strict version of decorator. Now you can apply `@responses.activate(assert_all_requests_are_fired=True)`
    to your function to validate that all requests were executed in the wrapped function. See #183

  

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2632-1
Released:    Mon Jun 26 12:16:31 2023
Summary:     Recommended update for suseconnect-ng
Type:        recommended
Severity:    moderate
References:  1211588
This update for suseconnect-ng fixes the following issues:

- Update to version 1.1.0~git2.f42b4b2a060e:
- Keep keepalive timer states when replacing SUSEConnect (bsc#1211588)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2640-1
Released:    Mon Jun 26 15:09:10 2023
Summary:     Security update for vim
Type:        security
Severity:    moderate
References:  1210996,1211256,1211257,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610
This update for vim fixes the following issues:

- CVE-2023-2426: Fixed out-of-range pointer offset (bsc#1210996).
- CVE-2023-2609: Fixed NULL pointer dereference (bsc#1211256).
- CVE-2023-2610: Fixed integer overflow or wraparound (bsc#1211257).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2648-1
Released:    Tue Jun 27 09:52:35 2023
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1201627,1207534,CVE-2022-4304
This update for openssl-1_1 fixes the following issues:

- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
  The previous fix for this timing side channel turned out to cause a
  severe 2-3x performance regression in the typical use case (bsc#1207534).

- Update further expiring certificates that affect the testsuite (bsc#1201627).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2649-1
Released:    Tue Jun 27 10:01:13 2023
Summary:     Recommended update for hwdata
Type:        recommended
Severity:    moderate
References:  
This update for hwdata fixes the following issues:

- update to 0.371:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2653-1
Released:    Tue Jun 27 12:08:18 2023
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1065729,1172073,1191731,1193629,1195655,1195921,1203906,1205650,1205756,1205758,1205760,1205762,1205803,1206024,1206578,1207553,1208604,1208758,1209287,1209288,1209856,1209982,1210165,1210294,1210449,1210450,1210498,1210533,1210551,1210647,1210741,1210775,1210783,1210791,1210806,1210940,1210947,1211037,1211043,1211044,1211089,1211105,1211113,1211131,1211205,1211263,1211280,1211281,1211449,1211465,1211519,1211564,1211590,1211592,1211686,1211687,1211688,1211689,1211690,1211691,1211692,1211693,1211714,1211796,1211804,1211807,1211808,1211847,1211855,1211960,CVE-2022-4269,CVE-2022-45884,CVE-2022-45885,CVE-2022-45886,CVE-2022-45887,CVE-2022-45919,CVE-2023-1079,CVE-2023-1380,CVE-2023-1382,CVE-2023-2002,CVE-2023-2124,CVE-2023-2156,CVE-2023-2162,CVE-2023-2269,CVE-2023-2483,CVE-2023-2513,CVE-2023-28410,CVE-2023-3006,CVE-2023-30456,CVE-2023-31084,CVE-2023-31436,CVE-2023-32233,CVE-2023-33288

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

- CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263).
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855).
- CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806).
- CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940).
- CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294).
- CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024).
- CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043).
- CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287).
- CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
- CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037).
- CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).


The following non-security bugs were fixed:

- 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes).
- ACPI: EC: Fix oops when removing custom query handlers (git-fixes).
- ACPI: bus: Ensure that notify handlers are not running after removal (git-fixes).
- ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes).
- ACPI: tables: Add support for NBFT (bsc#1195921).
- ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes).
- ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git-fixes).
- ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes).
- ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes).
- ALSA: firewire-digi00x: prevent potential use after free (git-fixes).
- ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes).
- ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes).
- ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes).
- ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes).
- ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes).
- ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes).
- ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes).
- ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes).
- ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes).
- ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes).
- ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes).
- ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes).
- ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes).
- ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes).
- ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes).
- ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes).
- ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes).
- ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes).
- ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes).
- ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes).
- ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes).
- ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes).
- ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes).
- Bluetooth: L2CAP: fix 'bad unlock balance' in l2cap_disconnect_rsp (git-fixes).
- Bluetooth: btintel: Add LE States quirk support (git-fixes).
- Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes).
- HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes).
- HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes).
- HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280).
- HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes).
- HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes).
- HID: wacom: Set a default resolution for older tablets (git-fixes).
- HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes).
- HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes).
- HID: wacom: generic: Set battery quirk only when we see battery data (git-fixes).
- IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes)
- IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes)
- IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes)
- Input: xpad - add constants for GIP interface numbers (git-fixes).
- KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes).
- KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes)
- KVM: Disallow user memslot with size that exceeds 'unsigned long' (git-fixes)
- KVM: Do not create VM debugfs files outside of the VM directory (git-fixes)
- KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes)
- KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes).
- KVM: Prevent module exit until all VMs are freed (git-fixes)
- KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes).
- KVM: SVM: Fix benign 'bool vs. int' comparison in svm_set_cr0() (git-fixes).
- KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes).
- KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes).
- KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes).
- KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes).
- KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git-fixes).
- KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes).
- KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes).
- KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes).
- KVM: arm64: Do not arm a hrtimer for an already pending timer (git-fixes)
- KVM: arm64: Do not return from void function (git-fixes)
- KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes)
- KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes)
- KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes)
- KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes)
- KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes)
- KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes)
- KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes)
- KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes)
- KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes)
- KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes)
- KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes)
- KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes)
- KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes)
- KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes)
- KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes).
- KVM: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes).
- KVM: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes).
- KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes).
- KVM: nVMX: Inject #GP, not #UD, if 'generic' VMXON CR0/CR4 check fails (git-fixes).
- KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes).
- KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes).
- KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes).
- KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes).
- KVM: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes).
- KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes).
- KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes).
- KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes).
- KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes).
- KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes).
- KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes).
- KVM: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes).
- KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes).
- KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes).
- KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes).
- KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes).
- KVM: x86: Protect the unused bits in MSR exiting flags (git-fixes).
- KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes).
- KVM: x86: Report deprecated x87 features in supported CPUID (git-fixes).
- KVM: x86: do not set st->preempted when going back to user space (git-fixes).
- KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes).
- KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes).
- PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes).
- PM: hibernate: Do not get block device exclusively in test_resume mode (git-fixes).
- PM: hibernate: Turn snapshot_test into global variable (git-fixes).
- PM: hibernate: fix load_image_and_restore() error path (git-fixes).
- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)
- RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes)
- RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes)
- RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes)
- RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes)
- RDMA/efa: Fix unsupported page sizes in device (git-fixes)
- RDMA/hns: Fix base address table allocation (git-fixes)
- RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes)
- RDMA/hns: Modify the value of long message loopback slice (git-fixes)
- RDMA/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383).
- RDMA/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383).
- RDMA/irdma: Fix Local Invalidate fencing (git-fixes)
- RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383).
- RDMA/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383).
- RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383).
- RDMA/irdma: Prevent QP use after free (git-fixes)
- RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383).
- RDMA/irdma: Remove excess error variables (jsc#SLE-18383).
- RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022).
- RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022).
- RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255).
- RDMA/mlx5: Fix flow counter query via DEVX (git-fixes)
- RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes)
- RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes)
- RDMA/siw: Fix potential page_array out of range access (git-fixes)
- RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes)
- RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes)
- Revert 'KVM: set owner of cpu and vm file operations' (git-fixes)
- SMB3.1.1: add new tree connect ShareFlags (bsc#1193629).
- SMB3: Add missing locks to protect deferred close file list (git-fixes).
- SMB3: Close all deferred handles of inode in case of handle lease break (bsc#1193629).
- SMB3: Close deferred file handles in case of handle lease break (bsc#1193629).
- SMB3: drop reference to cfile before sending oplock break (bsc#1193629).
- SMB3: force unmount was failing to close deferred close files (bsc#1193629).
- SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775).
- USB / dwc3: Fix a checkpatch warning in core.c (git-fixes).
- USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes).
- USB: core: Add routines for endpoint checks in old drivers (git-fixes).
- USB: sisusbvga: Add endpoint checks (git-fixes).
- USB: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes).
- apparmor: add a kernel label to use on kernel objects (bsc#1211113).
- arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes).
- arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes).
- arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes).
- arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes).
- arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes) Enable workaround and fix kABI breakage.
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes).
- asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes).
- ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes).
- ata: pata_octeon_cf: drop kernel-doc notation (git-fixes).
- block: add a bdev_max_zone_append_sectors helper (git-fixes).
- bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes).
- bnxt: Do not read past the end of test names (jsc#SLE-18978).
- bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978).
- bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978).
- bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978).
- bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978).
- bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978).
- bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978).
- bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978).
- bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978).
- bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978).
- can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes).
- can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes).
- can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes).
- can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes).
- can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes).
- can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes).
- can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes).
- can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes).
- cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes).
- ceph: force updating the msg pointer in non-split case (bsc#1211804).
- cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906).
- cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650).
- cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650).
- cgroup: Make cgroup_get_from_id() prettier (bsc#1205650).
- cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650).
- cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup  id (bsc#1205650).
- cgroup: reduce dependency on cgroup_mutex (bsc#1205650).
- cifs: Avoid a cast in add_lease_context() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes).
- cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758).
- cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629).
- cifs: fix potential race when tree connecting ipc (bsc#1208758).
- cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758).
- cifs: fix sharing of DFS connections (bsc#1208758).
- cifs: fix smb1 mount regression (bsc#1193629).
- cifs: mapchars mount option ignored (bsc#1193629).
- cifs: missing lock when updating session status (bsc#1193629).
- cifs: print smb3_fs_context::source when mounting (bsc#1193629).
- cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758).
- cifs: protect session status check in smb2_reconnect() (bsc#1208758).
- cifs: release leases for deferred close handles when freezing (bsc#1193629).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes).
- clk: qcom: regmap: add PHY clock source implementation (git-fixes).
- clk: tegra20: fix gcc-7 constant overflow warning (git-fixes).
- configfs: fix possible memory leak in configfs_create_dir() (git-fixes).
- crypto: acomp - define max size for destination (jsc#PED-3692)
- crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692)
- crypto: qat - Fix unsigned function returning negative (jsc#PED-3692)
- crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692)
- crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692)
- crypto: qat - abstract PFVF receive logic (jsc#PED-3692)
- crypto: qat - abstract PFVF send function (jsc#PED-3692)
- crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692)
- crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692)
- crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692)
- crypto: qat - add backlog mechanism (jsc#PED-3692)
- crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692)
- crypto: qat - add check to validate firmware images (jsc#PED-3692)
- crypto: qat - add limit to linked list parsing (jsc#PED-3692)
- crypto: qat - add misc workqueue (jsc#PED-3692)
- crypto: qat - add missing restarting event notification in (jsc#PED-3692)
- crypto: qat - add param check for DH (jsc#PED-3692)
- crypto: qat - add param check for RSA (jsc#PED-3692)
- crypto: qat - add pfvf_ops (jsc#PED-3692)
- crypto: qat - add resubmit logic for decompression (jsc#PED-3692)
- crypto: qat - add support for 401xx devices (jsc#PED-3692)
- crypto: qat - add support for compression for 4xxx (jsc#PED-3692)
- crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692)
- crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692)
- crypto: qat - change PFVF ACK behaviour (jsc#PED-3692)
- crypto: qat - change behaviour of (jsc#PED-3692)
- crypto: qat - change bufferlist logic interface (jsc#PED-3692)
- crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692)
- crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692)
- crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692)
- crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692)
- crypto: qat - do not rely on min version (jsc#PED-3692)
- crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692)
- crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692)
- crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692)
- crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692)
- crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692)
- crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692)
- crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692)
- crypto: qat - extend buffer list interface (jsc#PED-3692)
- crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692)
- crypto: qat - extract send and wait from (jsc#PED-3692)
- crypto: qat - fix DMA transfer direction (jsc#PED-3692)
- crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692)
- crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692)
- crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692)
- crypto: qat - fix a typo in a comment (jsc#PED-3692)
- crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692)
- crypto: qat - fix definition of ring reset results (jsc#PED-3692)
- crypto: qat - fix error return code in adf_probe (jsc#PED-3692)
- crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692)
- crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692)
- crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692)
- crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692)
- crypto: qat - fix wording and formatting in code comment (jsc#PED-3692)
- crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692)
- crypto: qat - free irq in case of failure (jsc#PED-3692)
- crypto: qat - free irqs only if allocated (jsc#PED-3692)
- crypto: qat - generalize crypto request buffers (jsc#PED-3692)
- crypto: qat - get compression extended capabilities (jsc#PED-3692)
- crypto: qat - handle retries due to collisions in (jsc#PED-3692)
- crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692)
- crypto: qat - improve logging of PFVF messages (jsc#PED-3692)
- crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692)
- crypto: qat - introduce support for PFVF block messages (jsc#PED-3692)
- crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692)
- crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692)
- crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692)
- crypto: qat - make PFVF message construction direction (jsc#PED-3692)
- crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692)
- crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692)
- crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692)
- crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692)
- crypto: qat - move pfvf collision detection values (jsc#PED-3692)
- crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692)
- crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692)
- crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692)
- crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692)
- crypto: qat - re-enable registration of algorithms (jsc#PED-3692)
- crypto: qat - refactor PF top half for PFVF (jsc#PED-3692)
- crypto: qat - refactor pfvf version request messages (jsc#PED-3692)
- crypto: qat - refactor submission logic (jsc#PED-3692)
- crypto: qat - relocate PFVF PF related logic (jsc#PED-3692)
- crypto: qat - relocate PFVF VF related logic (jsc#PED-3692)
- crypto: qat - relocate PFVF disabled function (jsc#PED-3692)
- crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692)
- crypto: qat - relocate backlog related structures (jsc#PED-3692)
- crypto: qat - relocate bufferlist logic (jsc#PED-3692)
- crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692)
- crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692)
- crypto: qat - remove empty sriov_configure() (jsc#PED-3692)
- crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692)
- crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692)
- crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692)
- crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692)
- crypto: qat - remove unneeded assignment (jsc#PED-3692)
- crypto: qat - remove unneeded braces (jsc#PED-3692)
- crypto: qat - remove unneeded packed attribute (jsc#PED-3692)
- crypto: qat - remove unused PFVF stubs (jsc#PED-3692)
- crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692)
- crypto: qat - rename bufferlist functions (jsc#PED-3692)
- crypto: qat - rename pfvf collision constants (jsc#PED-3692)
- crypto: qat - reorganize PFVF code (jsc#PED-3692)
- crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692)
- crypto: qat - replace deprecated MSI API (jsc#PED-3692)
- crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692)
- crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692)
- crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692)
- crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692)
- crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692)
- crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692)
- crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692)
- crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692)
- crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692)
- crypto: qat - simplify adf_enable_aer() (jsc#PED-3692)
- crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692)
- crypto: qat - split PFVF message decoding from handling (jsc#PED-3692)
- crypto: qat - stop using iommu_present() (jsc#PED-3692)
- crypto: qat - store the PFVF protocol version of the (jsc#PED-3692)
- crypto: qat - store the ring-to-service mapping (jsc#PED-3692)
- crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692)
- crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692)
- crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692)
- crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692)
- crypto: qat - use hweight for bit counting (jsc#PED-3692)
- crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692)
- crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692)
- crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692)
- crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes).
- cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992).
- debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes).
- dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes).
- dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes).
- dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes).
- dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes).
- dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes).
- dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes).
- dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes).
- dmaengine: mv_xor_v2: Fix an error code (git-fixes).
- do not reuse connection if share marked as isolated (bsc#1193629).
- docs: networking: fix x25-iface.rst heading & index order (git-fixes).
- drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes).
- drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes).
- drm-hyperv: Add a bug reference to two existing changes (bsc#1211281).
- drm/amd/display: Fix hang when skipping modeset (git-fixes).
- drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes).
- drm/amd/display: fix flickering caused by S/G mode (git-fixes).
- drm/amd: Fix an out of bounds error in BIOS parser (git-fixes).
- drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes).
- drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes).
- drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes).
- drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes).
- drm/displayid: add displayid_get_header() and check bounds better (git-fixes).
- drm/exynos: fix g2d_open/close helper function definitions (git-fixes).
- drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes).
- drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes).
- drm/i915/dg2: Support 4k at 30 on HDMI (git-fixes).
- drm/i915/dp: prevent potential div-by-zero (git-fixes).
- drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes).
- drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes).
- drm/msm/dp: unregister audio driver during unbind (git-fixes).
- drm/msm/dpu: Add INTF_5 interrupts (git-fixes).
- drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes).
- drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes).
- drm/sched: Remove redundant check (git-fixes).
- drm/tegra: Avoid potential 32-bit integer overflow (git-fixes).
- drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes).
- drm/ttm: optimize pool allocations a bit v2 (git-fixes).
- dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes).
- dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes).
- dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes).
- dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes).
- dt-bindings: usb: snps,dwc3: Fix 'snps,hsphy_interface' type (git-fixes).
- f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes).
- fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes).
- fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes).
- fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes).
- fbdev: udlfb: Fix endpoint check (git-fixes).
- firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes).
- firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes).
- fuse: always revalidate rename target dentry (bsc#1211808).
- fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807).
- futex: Resend potentially swallowed owner death notification (git-fixes).
- google/gve:fix repeated words in comments (bsc#1211519).
- gpio: mockup: Fix mode of debugfs files (git-fixes).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Cache link_speed value from device (git-fixes).
- gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519).
- gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
- gve: Remove the code of clearing PBA bit (git-fixes).
- gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes).
- gve: enhance no queue page list detection (bsc#1211519).
- i2c: omap: Fix standard mode false ACK readings (git-fixes).
- i2c: tegra: Fix PEC support for SMBUS block read (git-fixes).
- i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378).
- i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378).
- i40e: Fix DMA mappings leak (jsc#SLE-18378).
- i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378).
- i40e: Fix VF set max MTU size (jsc#SLE-18378).
- i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378).
- i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378).
- i40e: Fix calculating the number of queue pairs (jsc#SLE-18378).
- i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378).
- i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378).
- i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378).
- i40e: Fix for VF MAC address 0 (jsc#SLE-18378).
- i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378).
- i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378).
- i40e: Fix kernel crash during module removal (jsc#SLE-18378).
- i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378).
- i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378).
- i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378).
- i40e: Refactor tc mqprio checks (jsc#SLE-18378).
- i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378).
- i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378).
- i40e: fix flow director packet filter programming (jsc#SLE-18378).
- i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378).
- i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378).
- iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385).
- iavf: Detach device during reset task (jsc#SLE-18385).
- iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385).
- iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385).
- iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385).
- iavf: Fix a crash during reset task (jsc#SLE-18385).
- iavf: Fix bad page state (jsc#SLE-18385).
- iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385).
- iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385).
- iavf: Fix max_rate limiting (jsc#SLE-18385).
- iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385).
- iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385).
- iavf: fix hang on reboot with ice (jsc#SLE-18385).
- iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385).
- iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385).
- ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375).
- ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375).
- igb: Add lock to avoid data race (jsc#SLE-18379).
- igb: Enable SR-IOV after reinit (jsc#SLE-18379).
- igb: Initialize mailbox message for VF reset (jsc#SLE-18379).
- igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379).
- igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379).
- igbvf: Regard vf reset nack as success (jsc#SLE-18379).
- igc: Add checking for basetime less than zero (jsc#SLE-18377).
- igc: Add ndo_tx_timeout support (jsc#SLE-18377).
- igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377).
- igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377).
- igc: Lift TAPRIO schedule restriction (jsc#SLE-18377).
- igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377).
- igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377).
- igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377).
- igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377).
- igc: fix the validation logic for taprio's gate list (jsc#SLE-18377).
- igc: read before write to SRRCTL register (jsc#SLE-18377).
- igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377).
- igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377).
- iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes).
- iio: adc: ad7192: Change 'shorted' channels to differential (git-fixes).
- iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes).
- iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes).
- iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes).
- iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes).
- iio: imu: inv_icm42600: fix timestamp reset (git-fixes).
- iio: light: vcnl4035: fixed chip ID check (git-fixes).
- intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553).
- ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384).
- ixgbe: Enable setting RSS table to default values (jsc#SLE-18384).
- ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384).
- ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384).
- ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384).
- ixgbe: fix pci device refcount leak (jsc#SLE-18384).
- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384).
- kABI workaround for btbcm.c (git-fixes).
- kABI workaround for mt76_poll_msec() (git-fixes).
- kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest  (git-fixes)
- kabi/severities: added Microsoft mana symbold (bsc#1210551)
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- kernel-source: Remove unused macro variant_symbols
- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731).
- kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes).
- leds: Fix reference to led_set_brightness() in doc (git-fixes).
- leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes).
- leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes).
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes).
- mailbox: zynqmp: Fix IPI isr handling (git-fixes).
- mailbox: zynqmp: Fix typo in IPI documentation (git-fixes).
- mce: fix set_mce_nospec to always unmap the whole page (git-fixes).
- media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes).
- media: netup_unidvb: fix use-after-free at del_timer() (git-fixes).
- media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes).
- media: radio-shark: Add endpoint checks (git-fixes).
- media: rcar_fdp1: Fix the correct variable assignments (git-fixes).
- media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
- memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449).
- mfd: dln2: Fix memory leak in dln2_probe() (git-fixes).
- mfd: tqmx86: Correct board names for TQMxE39x (git-fixes).
- mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes).
- misc: fastrpc: reject new invocations during device removal (git-fixes).
- misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes).
- mmc: sdhci-esdhc-imx: make 'no-mmc-hs400' works (git-fixes).
- mmc: vub300: fix invalid response handling (git-fixes).
- mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes).
- mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes).
- mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes).
- mtd: rawnand: marvell: ensure timing values are written (git-fixes).
- net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes).
- net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).
- net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes).
- net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982).
- net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022).
- net: mana: Add support for jumbo frame (bsc#1210551).
- net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551).
- net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022).
- net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022).
- net: mana: Enable RX path to handle various MTU sizes (bsc#1210551).
- net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022).
- net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes).
- net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022).
- net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022).
- net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022).
- net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022).
- net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551).
- net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551).
- net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022).
- net: mana: Use napi_build_skb in RX path (bsc#1210551).
- net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes).
- net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564).
- net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes).
- net: qrtr: correct types of trace event parameters (git-fixes).
- net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes).
- net: tun: avoid disabling NAPI twice (git-fixes).
- net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes).
- net: tun: stop NAPI when detaching queues (git-fixes).
- net: tun: unlink NAPI from device on destruction (git-fixes).
- net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes).
- net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes).
- nilfs2: do not write dirty data after degenerating to read-only (git-fixes).
- nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes).
- nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes).
- nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes).
- nvme-multipath: fix hang when disk goes live over reconnect (git-fixes).
- nvme-pci: add quirks for Samsung X5 SSDs (git-fixes).
- nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes).
- nvme-pci: clear the prp2 field when not used (git-fixes).
- nvme-pci: disable write zeroes on various Kingston SSD (git-fixes).
- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes).
- nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes).
- nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes).
- nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes).
- nvme-tcp: fix bogus request completion when failing to send AER (git-fixes).
- nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes).
- nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes).
- nvme: also return I/O command effects from nvme_command_effects (git-fixes).
- nvme: check for duplicate identifiers earlier (git-fixes).
- nvme: cleanup __nvme_check_ids (git-fixes).
- nvme: fix discard support without oncs (git-fixes).
- nvme: fix interpretation of DMRSL (git-fixes).
- nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes).
- nvme: fix passthrough csi check (git-fixes).
- nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes).
- nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes).
- nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes).
- nvme: set non-mdts limits in nvme_scan_work (git-fixes).
- nvmet-tcp: add bounds check on Transfer Tag (git-fixes).
- nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes).
- nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes).
- nvmet: fix mar and mor off-by-one errors (git-fixes).
- nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes).
- nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes).
- nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes).
- nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes).
- phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes).
- phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes).
- pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes).
- pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes).
- platform/x86: hp-wmi: Support touchpad on/off (git-fixes).
- platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes).
- platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes).
- power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes).
- power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes).
- power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes).
- power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes).
- power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes).
- power: supply: bq27xxx: expose battery data when CI=1 (git-fixes).
- power: supply: leds: Fix blink to LED on transition (git-fixes).
- power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes).
- powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes).
- powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729).
- powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729).
- pstore: Revert pmsg_lock back to a normal mutex (git-fixes).
- purgatory: fix disabling debug info (git-fixes).
- pwm: meson: Fix axg ao mux parents (git-fixes).
- pwm: meson: Fix g12a ao clk81 name (git-fixes).
- qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001).
- qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001).
- qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001).
- qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001).
- qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001).
- r8152: fix flow control issue of RTL8156A (git-fixes).
- r8152: fix the poor throughput for 2.5G devices (git-fixes).
- r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes).
- regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes).
- regulator: mt6359: add read check for PMIC MT6359 (git-fixes).
- regulator: pca9450: Fix BUCK2 enable_mask (git-fixes).
- remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes).
- ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes).
- ring-buffer: Fix kernel-doc (git-fixes).
- ring-buffer: Sync IRQ works before buffer destruction (git-fixes).
- rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB
- rtmutex: Ensure that the top waiter is always woken up (git-fixes).
- s390/ap: fix crash on older machines based on QCI info missing (bsc#1210947)
- s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686).
- s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687).
- s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes).
- s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688).
- s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689).
- s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690).
- s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691).
- s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692).
- s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693).
- s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes).
- s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes).
- s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714).
- s390x: Fixed hard lockups while running stress-ng and LPAR hangs (bsc#1195655 ltc#195733).
- scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes).
- scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes).
- scsi: libsas: Add sas_ata_device_link_abort() (git-fixes).
- scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes).
- scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847).
- scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847).
- scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847).
- scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847).
- scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847).
- scsi: lpfc: Update congestion warning notification period (bsc#1211847).
- scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847).
- scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes).
- scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes).
- scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes).
- scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960).
- scsi: qla2xxx: Fix hang in task management (bsc#1211960).
- scsi: qla2xxx: Fix mem access after free (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd failure (bsc#1211960).
- scsi: qla2xxx: Multi-que support for TMF (bsc#1211960).
- scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960).
- scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960).
- scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960).
- scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960).
- scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960).
- scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes).
- scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes).
- selftests mount: Fix mount_setattr_test builds failed (git-fixes).
- selftests/resctrl: Allow ->setup() to return errors (git-fixes).
- selftests/resctrl: Check for return value after write_schemata() (git-fixes).
- selftests/resctrl: Extend CPU vendor detection (git-fixes).
- selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes).
- selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes).
- selftests/sgx: Add 'test_encl.elf' to TEST_FILES (git-fixes).
- selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes).
- selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes).
- selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes).
- selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes).
- selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes).
- selftests: xsk: Disable IPv6 on VETH1 (git-fixes).
- selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes).
- selinux: do not use make's grouped targets feature yet (git-fixes).
- serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes).
- serial: 8250_bcm7271: balance clk_enable calls (git-fixes).
- serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes).
- serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes).
- serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes).
- serial: Add support for Advantech PCI-1611U card (git-fixes).
- serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes).
- serial: qcom-geni: fix enabling deactivated interrupt (git-fixes).
- serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes).
- sfc: Change VF mac via PF as first preference if available (git-fixes).
- sfc: Fix module EEPROM reporting for QSFP modules (git-fixes).
- sfc: Fix use-after-free due to selftest_work (git-fixes).
- sfc: correctly advertise tunneled IPv6 segmentation (git-fixes).
- sfc: ef10: do not overwrite offload features at NIC reset (git-fixes).
- sfc: fix TX channel offset when using legacy interrupts (git-fixes).
- sfc: fix considering that all channels have TX queues (git-fixes).
- sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes).
- sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes).
- sfc: include vport_id in filter spec hash and equal() (git-fixes).
- smb3: display debug information better for encryption (bsc#1193629).
- smb3: fix problem remounting a share after shutdown (bsc#1193629).
- smb3: improve parallel reads of large files (bsc#1193629).
- smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629).
- smb3: move some common open context structs to smbfs_common (bsc#1193629).
- soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes).
- soundwire: qcom: gracefully handle too many ports in DT (git-fixes).
- spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes).
- spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes).
- struct ci_hdrc: hide new member at end (git-fixes).
- supported.conf: mark mana_ib supported
- swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes).
- thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165).
- thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165).
- tools/virtio: compile with -pthread (git-fixes).
- tools/virtio: fix the vringh test for virtio ring changes (git-fixes).
- tools/virtio: fix virtio_test execution (git-fixes).
- tools/virtio: initialize spinlocks in vring_test.c (git-fixes).
- tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes).
- tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes).
- tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes).
- tracing: Fix permissions for the buffer_percent file (git-fixes).
- tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes).
- usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes).
- usb: chipidea: core: fix possible concurrent when switch role (git-fixes).
- usb: dwc3: Align DWC3_EP_* flag macros (git-fixes).
- usb: dwc3: Fix a repeated word checkpatch warning (git-fixes).
- usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes).
- usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes).
- usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes).
- usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes).
- usb: dwc3: gadget: Delay issuing End Transfer (git-fixes).
- usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes).
- usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes).
- usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes).
- usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes).
- usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes).
- usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes).
- usb: gadget: u_ether: Fix host MAC address case (git-fixes).
- usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes).
- usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes).
- usb: typec: tcpm: fix multiple times discover svids error (git-fixes).
- usb: usbfs: Enforce page requirements for mmap (git-fixes).
- usb: usbfs: Use consistent mmap functions (git-fixes).
- usrmerge: Remove usrmerge compatibility symlink in buildroot (boo#1211796).
- vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes).
- vdpa: fix use-after-free on vp_vdpa_remove (git-fixes).
- vhost/net: Clear the pending messages when the backend is removed (git-fixes).
- virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes).
- virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes).
- virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes).
- virtio_net: split free_unused_bufs() (git-fixes).
- virtio_net: suppress cpu stall when free_unused_bufs (git-fixes).
- watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes).
- watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes).
- wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes).
- wifi: ath: Silence memcpy run-time false positive warning (git-fixes).
- wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes).
- wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes).
- wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes).
- wifi: iwlwifi: fw: fix DBGI dump (git-fixes).
- wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes).
- wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes).
- wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes).
- wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes).
- wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes).
- wifi: mac80211: fix min center freq offset tracing (git-fixes).
- wifi: mt76: add flexible polling wait-interval support (git-fixes).
- wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes).
- wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes).
- wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes).
- wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes).
- workqueue: Fix hung time report of worker pools (bsc#1211044).
- workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044).
- workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044).
- workqueue: Warn when a new worker could not be created (bsc#1211044).
- workqueue: Warn when a rescuer could not be created (bsc#1211044).
- x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes).
- x86/MCE/AMD: Use an u64 for bank_map (git-fixes).
- x86/alternative: Make debug-alternative selective (bsc#1206578).
- x86/alternative: Report missing return thunk details (git-fixes).
- x86/alternative: Support relocations in alternatives (bsc#1206578).
- x86/amd: Use IBPB for firmware calls (git-fixes).
- x86/boot: Skip realmode init code when running as Xen PV guest  (git-fixes).
- x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes).
- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes).
- x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes).
- x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes).
- x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes).
- x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes).
- x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes).
- x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205).
- x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes).
- x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes).
- x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes).
- x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes).
- x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578).
- x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch
- x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes).
- x86/microcode/AMD: Fix mixed steppings support (git-fixes).
- x86/microcode/AMD: Track patch allocation size explicitly (git-fixes).
- x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes).
- x86/microcode: Add explicit CPU vendor dependency (git-fixes).
- x86/microcode: Adjust late loading result reporting message (git-fixes).
- x86/microcode: Rip out the OLD_INTERFACE (git-fixes).
- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes).
- x86/mm: Use proper mask when setting PUD mapping (git-fixes).
- x86/nospec: Unwreck the RSB stuffing (git-fixes).
- x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes).
- x86/pat: Fix x86_has_pat_wp() (git-fixes).
- x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes).
- x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes).
- x86/resctrl: Fix min_cbm_bits for AMD (git-fixes).
- x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes).
- x86/signal: Fix the value returned by strict_sas_size() (git-fixes).
- x86/speculation/mmio: Print SMT warning (git-fixes).
- x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes).
- x86/static_call: Serialize __static_call_fixup() properly (git-fixes).
- x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes).
- x86/topology: Fix duplicated core ID within a package (git-fixes).
- x86/topology: Fix multiple packages shown on a single-package system (git-fixes).
- x86/tsx: Add a feature bit for TSX control MSR support (git-fixes).
- x86: Fix return value of __setup handlers (git-fixes).
- x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (git-fixes).
- xen/netback: do not do grant copy across page boundary (git-fixes).
- xen/netback: use same error messages for same errors (git-fixes).
- xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes).
- xhci: Fix incorrect tracking of free space on transfer rings (git-fixes).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2658-1
Released:    Tue Jun 27 14:46:15 2023
Summary:     Recommended update for containerd, docker, runc
Type:        recommended
Severity:    moderate
References:  1207004,1208074,1210298,1211578
This update for containerd, docker, runc fixes the following issues:

- Update to containerd v1.6.21 (bsc#1211578)
- Update to Docker 23.0.6-ce (bsc#1211578)
- Update to runc v1.1.7
- Require a minimum Go version explicitly (bsc#1210298)
- Re-unify packaging for SLE-12 and SLE-15
- Fix build on SLE-12 by switching back to libbtrfs-devel headers
- Allow man pages to be built without internet access in OBS
- Add apparmor-parser as a Recommends to make sure that most users will end up with it installed   
  even if they are primarily running SELinux
- Fix syntax of boolean dependency
- Allow to install container-selinux instead of apparmor-parser
- Change to using systemd-sysusers
- Update runc.keyring to upstream version
- Fix the inability to use `/dev/null` when inside a container (bsc#1207004)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2667-1
Released:    Wed Jun 28 09:14:31 2023
Summary:     Security update for bind
Type:        security
Severity:    important
References:  1212544,1212567,CVE-2023-2828,CVE-2023-2911
This update for bind fixes the following issues:

Update to release 9.16.42

Security Fixes:

* The overmem cleaning process has been improved, to prevent the
  cache from significantly exceeding the configured
  max-cache-size limit. (CVE-2023-2828)
* A query that prioritizes stale data over lookup triggers a
  fetch to refresh the stale data in cache. If the fetch is
  aborted for exceeding the recursion quota, it was possible for
  named to enter an infinite callback loop and crash due to stack
  overflow. This has been fixed. (CVE-2023-2911)

Bug Fixes:

* Previously, it was possible for a delegation from cache to be
  returned to the client after the stale-answer-client-timeout
  duration. This has been fixed.  [bsc#1212544, bsc#1212567, jsc#SLE-24600]

Update to release 9.16.41

Bug Fixes:

* When removing delegations from an opt-out range,
  empty-non-terminal NSEC3 records generated by those delegations
  were not cleaned up. This has been fixed.  [jsc#SLE-24600]

Update to release 9.16.40

Bug Fixes:

* Logfiles using timestamp-style suffixes were not always
  correctly removed when the number of files exceeded the limit
  set by versions. This has been fixed for configurations which
  do not explicitly specify a directory path as part of the file
  argument in the channel specification.
* Performance of DNSSEC validation in zones with many DNSKEY
  records has been improved.

Update to release 9.16.39

Feature Changes:

* libuv support for receiving multiple UDP messages in a single
  recvmmsg() system call has been tweaked several times between
  libuv versions 1.35.0 and 1.40.0; the current recommended libuv
  version is 1.40.0 or higher. New rules are now in effect for
  running with a different version of libuv than the one used at
  compilation time. These rules may trigger a fatal error at
  startup:
  - Building against or running with libuv versions 1.35.0 and
    1.36.0 is now a fatal error.
  - Running with libuv version higher than 1.34.2 is now a
    fatal error when named is built against libuv version
    1.34.2 or lower.
  - Running with libuv version higher than 1.39.0 is now a
    fatal error when named is built against libuv version
    1.37.0, 1.38.0, 1.38.1, or 1.39.0.

* This prevents the use of libuv versions that may trigger an
  assertion failure when receiving multiple UDP messages in a
  single system call.

Bug Fixes:

* named could crash with an assertion failure when adding a new
  zone into the configuration file for a name which was already
  configured as a member zone for a catalog zone. This has been
  fixed.
* When named starts up, it sends a query for the DNSSEC key for
  each configured trust anchor to determine whether the key has
  changed. In some unusual cases, the query might depend on a
  zone for which the server is itself authoritative, and would
  have failed if it were sent before the zone was fully loaded.
  This has now been fixed by delaying the key queries until all
  zones have finished loading. [jsc#SLE-24600]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2742-1
Released:    Fri Jun 30 11:40:59 2023
Summary:     Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper
Type:        recommended
Severity:    moderate
References:  1202234,1209565,1211261,1212187,1212222
This update for yast2-pkg-bindings fixes the following issues:

libzypp was updated to version 17.31.14 (22):

- Curl: trim all custom headers (bsc#1212187)
  HTTP/2 RFC 9113 forbids fields ending with a space. So we make
  sure all custom headers are trimmed. This also includes headers
  returned by URL-Resolver plugins.
- build: honor libproxy.pc's includedir (bsc#1212222)

zypper was updated to version 1.14.61:

- targetos: Add an error note if XPath:/product/register/target
  is not defined in /etc/products.d/baseproduct (bsc#1211261)
- targetos: Update help and man page (bsc#1211261)

yast2-pkg-bindings, autoyast:

- Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565)
- Selected products are not installed after resetting the package manager internally (bsc#1202234)

yast2-update:

- Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2761-1
Released:    Mon Jul  3 15:16:44 2023
Summary:     Recommended update for libjansson
Type:        recommended
Severity:    moderate
References:  1201817
This update for libjansson fixes the following issues:

- Update to 2.14 (bsc#1201817):
  * New Features:
    + Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the
      corresponding `nocheck` functions.
    + Add jansson_version_str() and jansson_version_cmp() for runtime version checking
    + Add json_object_update_new(), json_object_update_existing_new()
      and json_object_update_missing_new() functions
    + Add json_object_update_recursive()
    + Add `json_pack()` format specifiers s*, o* and O* for values
      that can be omitted if null 
    + Add `json_error_code()` to retrieve numeric error codes
    + Enable thread safety for `json_dump()` on all systems.
      Enable thread safe `json_decref()` and `json_incref()` for
      modern compilers 
    + Add `json_sprintf()` and `json_vsprintf()` 
  * Fixes:
    + Handle `sprintf` corner cases.
    + Add infinite loop check in json_deep_copy()
    + Enhance JANSSON_ATTRS macro to support earlier C standard(C89)
    + Update version detection for sphinx-build
    + Fix error message in `json_pack()` for NULL object 
    + Avoid invalid memory read in `json_pack()` 
    + Call va_end after va_copy in `json_vsprintf()` 
    + Improve handling of formats with '?' and '*' in `json_pack()`
    + Remove inappropriate `jsonp_free()` which caused
      segmentation fault in error handling 
    + Fix incorrect report of success from `json_dump_file()` when
      an error is returned by `fclose()` 
    + Make json_equal() const-correct 
    + Fix incomplete stealing of references by `json_pack()` 
- Use GitHub as source URLs: Release hasn't been uploaded to digip.org.
- Add check section.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2765-1
Released:    Mon Jul  3 20:28:14 2023
Summary:     Security update for libcap
Type:        security
Severity:    moderate
References:  1211418,1211419,CVE-2023-2602,CVE-2023-2603
This update for libcap fixes the following issues:

- CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418).
- CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2767-1
Released:    Mon Jul  3 21:22:32 2023
Summary:     Recommended update for dracut
Type:        recommended
Severity:    moderate
References:  1212662
This update for dracut fixes the following issues:

- Update to version 055+suse.344.g3d5cd8fb
- Continue parsing if ldd prints 'cannot execute binary file' (bsc#1212662)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2772-1
Released:    Tue Jul  4 09:54:23 2023
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1211261,1212187,1212222
This update for libzypp, zypper fixes the following issues:

libzypp was updated to version 17.31.14 (22):

- Curl: trim all custom headers (bsc#1212187)
  HTTP/2 RFC 9113 forbids fields ending with a space. So we make
  sure all custom headers are trimmed. This also includes headers
  returned by URL-Resolver plugins.
- build: honor libproxy.pc's includedir (bsc#1212222)

zypper was updated to version 1.14.61:

- targetos: Add an error note if XPath:/product/register/target
  is not defined in /etc/products.d/baseproduct (bsc#1211261)
- targetos: Update help and man page (bsc#1211261)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2800-1
Released:    Mon Jul 10 07:35:22 2023
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1212623
This update for openssl-1_1 fixes the following issues:

- Check the OCSP RESPONSE in openssl s_client command and terminate
  connection if a revoked certificate is found. [bsc#1212623]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2811-1
Released:    Wed Jul 12 11:56:18 2023
Summary:     Recommended update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt
Type:        recommended
Severity:    moderate
References:  
This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues:

This update provides a feature update to the FIDO2 stack.

Changes in libfido2:

- Version 1.13.0 (2023-02-20)

    * New API calls:

      + fido_assert_empty_allow_list;
      + fido_cred_empty_exclude_list.

    * fido2-token: fix issue when listing large blobs.

- Version 1.12.0 (2022-09-22)

  * Support for COSE_ES384.
  * Improved support for FIDO 2.1 authenticators.

  * New API calls:

    + es384_pk_free;
    + es384_pk_from_EC_KEY;
    + es384_pk_from_EVP_PKEY;
    + es384_pk_from_ptr;
    + es384_pk_new;
    + es384_pk_to_EVP_PKEY;
    + fido_cbor_info_certs_len;
    + fido_cbor_info_certs_name_ptr;
    + fido_cbor_info_certs_value_ptr;
    + fido_cbor_info_maxrpid_minpinlen;
    + fido_cbor_info_minpinlen;
    + fido_cbor_info_new_pin_required;
    + fido_cbor_info_rk_remaining;
    + fido_cbor_info_uv_attempts;
    + fido_cbor_info_uv_modality.

   * Documentation and reliability fixes.

- Version 1.11.0 (2022-05-03)

  * Experimental PCSC support; enable with -DUSE_PCSC.
  * Improved OpenSSL 3.0 compatibility.
  * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs.
  * winhello: advertise 'uv' instead of 'clientPin'.
  * winhello: support hmac-secret in fido_dev_get_assert().
  * New API calls:

    + fido_cbor_info_maxlargeblob.

  * Documentation and reliability fixes.
  * Separate build and regress targets.

- Version 1.10.0 (2022-01-17)

  * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480.
  * New API calls:

     - fido_dev_info_set;
     - fido_dev_io_handle;
     - fido_dev_new_with_info;
     - fido_dev_open_with_info.
  * Cygwin and NetBSD build fixes.
  * Documentation and reliability fixes.
  * Support for TPM 2.0 attestation of COSE_ES256 credentials.

- Version 1.9.0 (2021-10-27)

  * Enabled NFC support on Linux.
  * Support for FIDO 2.1 'minPinLength' extension.
  * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation.
  * Support for TPM 2.0 attestation.
  * Support for device timeouts; see fido_dev_set_timeout().
  * New API calls:

       - es256_pk_from_EVP_PKEY;
       - fido_cred_attstmt_len;
       - fido_cred_attstmt_ptr;
       - fido_cred_pin_minlen;
       - fido_cred_set_attstmt;
       - fido_cred_set_pin_minlen;
       - fido_dev_set_pin_minlen_rpid;
       - fido_dev_set_timeout;
       - rs256_pk_from_EVP_PKEY.

  * Reliability and portability fixes.
  * Better handling of HID devices without identification strings; gh#381.

- Update to version 1.8.0:

	* Better support for FIDO 2.1 authenticators.
	* Support for attestation format 'none'.
	* New API calls:

		- fido_assert_set_clientdata;
		- fido_cbor_info_algorithm_cose;
		- fido_cbor_info_algorithm_count;
		- fido_cbor_info_algorithm_type;
		- fido_cbor_info_transports_len;
		- fido_cbor_info_transports_ptr;
		- fido_cred_set_clientdata;
		- fido_cred_set_id;
		- fido_credman_set_dev_rk;
		- fido_dev_is_winhello.

	* fido2-token: new -Sc option to update a resident credential.
	* Documentation and reliability fixes.
	* HID access serialisation on Linux.

- Update to version 1.7.0:

  * hid_win: detect devices with vendor or product IDs > 0x7fff
  * Support for FIDO 2.1 authenticator configuration.
  * Support for FIDO 2.1 UV token permissions.
  * Support for FIDO 2.1 'credBlobs' and 'largeBlobs' extensions.
  * New API calls
  * New fido_init flag to disable fido_dev_open’s U2F fallback
  * Experimental NFC support on Linux.

- Enabled hidapi again, issues related to hidapi are fixed upstream

- Update to version 1.6.0:

  * Documentation and reliability fixes.

  * New API calls:

    + fido_cred_authdata_raw_len;
    + fido_cred_authdata_raw_ptr;
    + fido_cred_sigcount;
    + fido_dev_get_uv_retry_count;
    + fido_dev_supports_credman.
  * Hardened Windows build.
  * Native FreeBSD and NetBSD support.
  * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect.

- Create a udev subpackage and ship the udev rule.

Changes in python-fido2:

- update to 0.9.3:

  * Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ
  * Support the latest Windows webauthn.h API (included in Windows 11).
  * Add product name and serial number to HidDescriptors.
  * Remove the need for the uhid-freebsd dependency on FreeBSD.

- Update to version 0.9.1

  * Add new CTAP error codes and improve handling of unknown codes.
  * Client: API changes to better support extensions.
  * Client.make_credential now returns a AuthenticatorAttestationResponse,
    which holds the AttestationObject and ClientData, as well as any
    client extension results for the credential.
  * Client.get_assertion now returns an AssertionSelection object,
    which is used to select between multiple assertions
  * Renames: The CTAP1 and CTAP2 classes have been renamed to
    Ctap1 and Ctap2, respectively.
  * ClientPin: The ClientPin API has been restructured to support
    multiple PIN protocols, UV tokens, and token permissions.
  * CTAP 2.1 PRE: Several new features have been added for CTAP 2.1
  * HID: The platform specific HID code has been revamped

- Version 0.8.1 (released 2019-11-25)

  * Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified.

- Version 0.8.0 (released 2019-11-25)

  * New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced.
  * CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request.
  * Fido2Client:

    - make_credential/get_assertion now take WebAuthn options objects.
    - timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event.

  * Fido2Server:

    - ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes.
    - RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional.
    - Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values.
    - Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers.
    - Fido2Server.timeout is now in ms and of type int.

  * Support native WebAuthn API on Windows through WindowsClient.

- Version 0.7.2 (released 2019-10-24)

  * Support for the TPM attestation format.
  * Allow passing custom challenges to register/authenticate in Fido2Server.
  * Bugfix: CTAP2 CANCEL command response handling fixed.
  * Bugfix: Fido2Client fix handling of empty allow_list.
  * Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail.

- Version 0.7.1 (released 2019-09-20)

  * Enforce canonical CBOR on Authenticator responses by default.
  * PCSC: Support extended APDUs.
  * Server: Verify that UP flag is set.
  * U2FFido2Server: Implement AppID exclusion extension.
  * U2FFido2Server: Allow custom U2F facet verification.
  * Bugfix: U2FFido2Server.authenticate_complete now returns the result.

- Version 0.7.0 (released 2019-06-17)

  * Add support for NFC devices using PCSC.
  * Add support for the hmac-secret Authenticator extension.
  * Honor max credential ID length and number of credentials to Authenticator.
  * Add close() method to CTAP devices to explicitly release their resources.

- Version 0.6.0 (released 2019-05-10)

  * Don't fail if CTAP2 Info contains unknown fields.
  * Replace cbor loads/dumps functions with encode/decode/decode_from.
  * Server: Add support for AuthenticatorAttachment.
  * Server: Add support for more key algorithms.
  * Client: Expose CTAP2 Info object as Fido2Client.info. 

Changes in yubikey-manager:

- Update to version 4.0.9 (released 2022-06-17)

  * Dependency: Add support for python-fido2 1.x
  * Fix: Drop stated support for Click 6 as features from 7 are being used.

- Update to version 4.0.8 (released 2022-01-31)

  * Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential.
  * Bugfix: Fix issue with displaying a Steam credential when it is the only account.
  * Bugfix: Prevent installation of files in site-packages root.
  * Bugfix: Fix cleanup logic in PIV for protected management key.
  * Add support for token identifier when programming slot-based HOTP.
  * Add support for programming NDEF in text mode.
  * Dependency: Add support for Cryptography ⇐ 38.

- version update to 4.0.7

  ** Bugfix release: Fix broken naming for 'YubiKey 4', and a small OATH issue with
      touch Steam credentials.

- version 4.0.6 (released 2021-09-08)

   ** Improve handling of YubiKey device reboots.
   ** More consistently mask PIN/password input in prompts.
   ** Support switching mode over CCID for YubiKey Edge.
   ** Run pkill from PATH instead of fixed location.

- version 4.0.5 (released 2021-07-16)

   ** Bugfix: Fix PIV feature detection for some YubiKey NEO versions.
   ** Bugfix: Fix argument short form for --period when adding TOTP credentials.
   ** Bugfix: More strict validation for some arguments, resulting in better error messages.
   ** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required.
   ** Bugfix: Fix prompting for access code in the otp settings command (now uses '-A -').

- Update to version 4.0.3

  * Add support for fido reset over NFC.
  * Bugfix: The --touch argument to piv change-management-key was
    ignored.
  * Bugfix: Don’t prompt for password when importing PIV key/cert
    if file is invalid.
  * Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO.
  * Bugfix: Detect PKCS#12 format when outer sequence uses
    indefinite length.
  * Dependency: Add support for Click 8.

- Update to version 4.0.2

  * Update device names
  * Add read_info output to the --diagnose command, and show
    exception types.
  * Bugfix: Fix read_info for YubiKey Plus.
  * Add support for YK5-based FIPS YubiKeys.
  * Bugfix: Fix OTP device enumeration on Win32.
  * Drop reliance on libusb and libykpersonalize.
  * Support the 'fido' and 'otp' subcommands over NFC
  * New 'ykman --diagnose' command to aid in troubleshooting.
  * New 'ykman apdu' command for sending raw APDUs over the smart
    card interface.
  * New 'yubikit' package added for custom development and advanced
    scripting.
  * OpenPGP: Add support for KDF enabled YubiKeys.
  * Static password: Add support for FR, IT, UK and BEPO keyboard
    layouts.

- Update to 3.1.1

  * Add support for YubiKey 5C NFC
  * OpenPGP: set-touch now performs compatibility checks before prompting for PIN
  * OpenPGP: Improve error messages and documentation for set-touch
  * PIV: read-object command no longer adds a trailing newline
  * CLI: Hint at missing permissions when opening a device fails
  * Linux: Improve error handling when pcscd is not running
  * Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this!
  * Bugfix: set-touch now accepts the cached-fixed option
  * Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing
  * Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate
  * Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate
  * Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception

- Version 3.1.0 (released 2019-08-20)

  * Add support for YubiKey 5Ci
  * OpenPGP: the info command now prints OpenPGP specification version as well
  * OpenPGP: Update support for attestation to match OpenPGP v3.4
  * PIV: Use UTC time for self-signed certificates
  * OTP: Static password now supports the Norman keyboard layout

- Version 3.0.0 (released 2019-06-24)

  * Add support for new YubiKey Preview and lightning form factor
  * FIDO: Support for credential management
  * OpenPGP: Support for OpenPGP attestation, cardholder certificates and
    cached touch policies
  * OTP: Add flag for using numeric keypad when sending digits 

- Version 2.1.1 (released 2019-05-28)

  * OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud
  * Don’t automatically select the U2F applet on YubiKey NEO, it might be
    blocked by the OS
  * ChalResp: Always pad challenge correctly
  * Bugfix: Don’t crash with older versions of cryptography
  * Bugfix: Password was always prompted in OATH command, even if sent as
    argument

Changes in yubikey-manager-qt:

- update to 1.2.5:

  * Compatibility update for ykman 5.0.1.
  * Update to Python 3.11.
  * Update product images.

- Update to version 1.2.4 (released 2021-10-26)

  * Update device names and images.
  * PIV: Fix import of certificate.

- Update to version 1.2.3

  * Improved error handling when using Security Key Series devices.
  * PIV: Fix generation of certificate in slot 9c.

- Update to version 1.2.2

  * Fix detection of YubiKey Plus
  * Compatibility update for yubikey-manager 4.0
  * Bugfix: Device caching with multiple devices
  * Drop dependencies on libusb and libykpers.
  * Add additional product names and images

- update to 1.1.5

  * Add support for YubiKey 5C NFC

- Update to version 1.1.4

 * OTP: Add option to upload YubiOTP credential to YubiCloud
 * Linux: Show hint about pcscd service if opening device fails
 * Bugfix: Signal handling now compatible with Python 3.8

- Version 1.1.3 (released 2019-08-20)

  * Add suppport for YubiKey 5Ci
  * PIV: Use UTC time for self-signed certificates

- Version 1.1.2 (released 2019-06-24)

  * Add support for new YubiKey Preview
  * PIV: The popup for the management key now have a 'Use default' option
  * Windows: Fix issue with importing PIV certificates
  * Bugfix: generate static password now works correctly 

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2820-1
Released:    Thu Jul 13 11:20:27 2023
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1065729,1152472,1152489,1160435,1187829,1189998,1194869,1205758,1208410,1208600,1209039,1209367,1210335,1211299,1211346,1211387,1211410,1211449,1211796,1211852,1212051,1212129,1212154,1212155,1212158,1212265,1212350,1212448,1212494,1212495,1212504,1212513,1212540,1212561,1212563,1212564,1212584,1212592,1212603,1212605,1212606,1212619,1212701,1212741,1212835,1212838,1212842,1212861,1212869,1212892,CVE-2023-1077,CVE-2023-1249,CVE-2023-1829,CVE-2023-21102,CVE-2023-3090,CVE-2023-3111,CVE-2023-3141,CVE-2023-3161,CVE-2023-3212,CVE-2023-3357,CVE-2023-3358,CVE-2023-3389,CVE-2023-35788,CVE-2023-35823,CVE-2023-35828,CVE-2023-35829

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838).
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
- CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265).
- CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
- CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605).
- CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
- CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
- CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495).
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
- CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
- CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
- CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155).
- CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).

The following non-security bugs were fixed:

- Drop dvb-core fix patch due to a bug (bsc#1205758).
- Enable kernel modules bttv bt878 and snd-bt878 (jsc#PED-3931).
- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- Fix usrmerge error (boo#1211796).
- Generalize kernel-doc build requirements.
- Get module prefix from kmod (bsc#1212835).
- Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes).
- Revert 'mtd: rawnand: arasan: Prevent an unsupported configuration' (git-fixes).
- Revert 'net: phy: dp83867: perform soft reset and retain established link' (git-fixes).
- Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes).
- Update the Mellanox/Nvidia mlx5_core driver (jsc#SLE-19253).
- acpi: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes).
- affs: initialize fsdata in affs_truncate() (git-fixes).
- alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes).
- alsa: hda/realtek: Add 'Intel Reference board' and 'NUC 13' SSID in the ALC256 (git-fixes).
- alsa: hda/realtek: Add Lenovo P3 Tower platform (git-fixes).
- alsa: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes).
- alsa: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo NS50AU (git-fixes).
- alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes).
- alsa: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes).
- alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes).
- alsa: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes).
- alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes).
- alsa: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes).
- alsa: oss: avoid missing-prototype warnings (git-fixes).
- alsa: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes).
- alsa: usb-audio: Fix broken resume due to UAC3 power state (git-fixes).
- amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes).
- arm64: Add missing Set/Way CMO encodings (git-fixes).
- arm64: Always load shadow stack pointer directly from the task struct (git-fixes)
- arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes)
- arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes)
- arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes).
- arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes).
- arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes)
- arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes).
- arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes).
- arm: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes)
- arm: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes).
- arm: dts: vexpress: add missing cache properties (git-fixes).
- asoc: codecs: wsa881x: do not set can_multi_write flag (git-fixes).
- asoc: dwc: limit the number of overrun messages (git-fixes).
- asoc: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes).
- asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes).
- asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes).
- asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes).
- asoc: mediatek: mt8173: Fix irq error path (git-fixes).
- asoc: nau8824: Add quirk to active-high jack-detect (git-fixes).
- asoc: simple-card: Add missing of_node_put() in case of error (git-fixes).
- asoc: soc-pcm: test if a BE can be prepared (git-fixes).
- asoc: ssm2602: Add workaround for playback distortions (git-fixes).
- ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes).
- batman-adv: Broken sync while rescheduling delayed work (git-fixes).
- binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039 CVE-2023-1249).
- bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes).
- bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes).
- bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes).
- bluetooth: hci_qca: fix debugfs registration (git-fixes).
- bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes).
- bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes).
- bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes).
- bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes).
- bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes)
- bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes)
- bpf, arm64: Feed byte-offset into bpf line info (git-fixes)
- bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes)
- bpf: Add extra path pointer check to d_path helper (git-fixes).
- bpf: Fix UAF in task local storage (bsc#1212564).
- btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() (bsc#1212051 CVE-2023-3111).
- bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes).
- bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes).
- can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes).
- can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes).
- can: j1939: change j1939_netdev_lock type to mutex (git-fixes).
- can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes).
- can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes).
- can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes).
- can: length: fix bitstuffing count (git-fixes).
- can: length: fix description of the RRS field (git-fixes).
- can: length: make header self contained (git-fixes).
- ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540).
- cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563).
- cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561).
- cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563).
- clk: Fix memory leak in devm_clk_notifier_register() (git-fixes).
- clk: cdce925: check return value of kasprintf() (git-fixes).
- clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes).
- clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes).
- clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes).
- clk: keystone: sci-clk: check return value of kasprintf() (git-fixes).
- clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes).
- clk: si5341: check return value of {devm_}kasprintf() (git-fixes).
- clk: si5341: free unused memory on probe failure (git-fixes).
- clk: si5341: return error if one synth clock registration fails (git-fixes).
- clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes).
- clk: ti: clkctrl: check return value of kasprintf() (git-fixes).
- clk: vc5: check memory returned by kasprintf() (git-fixes).
- clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes).
- crypto: marvell/cesa - Fix type mismatch warning (git-fixes).
- crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes).
- dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes).
- dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes).
- dmaengine: pl330: rename _start to prevent build error (git-fixes).
- drivers: meson: secure-pwrc: always enable DMA domain (git-fixes).
- drm/amd/display: Add logging for display MALL refresh setting (git-fixes).
- drm/amd/display: Add minimal pipe split transition state (git-fixes).
- drm/amd/display: Add wrapper to call planes and stream update (git-fixes).
- drm/amd/display: Explicitly specify update type per plane info change (git-fixes).
- drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes).
- drm/amd/display: Use dc_update_planes_and_stream (git-fixes).
- drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes).
- drm/amd/display: edp do not add non-edid timings (git-fixes).
- drm/amd/display: fix the system hang while disable PSR (git-fixes).
- drm/amd/pm: Fix power context allocation in SMU13 (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes).
- drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes).
- drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes).
- drm/amdgpu: release gpu full access after 'amdgpu_device_ip_late_init' (git-fixes).
- drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes).
- drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes).
- drm/ast: Fix ARM compatibility (git-fixes).
- drm/bridge: tc358768: always enable HS video mode (git-fixes).
- drm/bridge: tc358768: fix PLL parameters computation (git-fixes).
- drm/bridge: tc358768: fix PLL target frequency (git-fixes).
- drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes).
- drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes).
- drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes).
- drm/exynos: vidi: fix a wrong error return (git-fixes).
- drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes).
- drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes).
- drm/i915/selftests: Add some missing error propagation (git-fixes).
- drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes).
- drm/i915/selftests: Stop using kthread_stop() (git-fixes).
- drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes).
- drm/i915: Use 18 fast wake AUX sync len (git-fixes).
- drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes).
- drm/msm/dp: Free resources after unregistering them (git-fixes).
- drm/msm/dpu: correct MERGE_3D length (git-fixes).
- drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes).
- drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes).
- drm/msm: Be more shouty if per-process pgtables are not working (git-fixes).
- drm/msm: Set max segment size earlier (git-fixes).
- drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes).
- drm/nouveau: add nv_encoder pointer check for NULL (git-fixes).
- drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes).
- drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes).
- drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes).
- drm/radeon: fix possible division-by-zero errors (git-fixes).
- drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes).
- drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes).
- drm/vram-helper: fix function names in vram helper doc (git-fixes).
- drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-fixes).
- drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes).
- dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes).
- eeprom: at24: also select REGMAP (git-fixes).
- elf: correct note name comment (git-fixes).
- ext4: unconditionally enable the i_version counter (bsc#1211299).
- extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes).
- extcon: Fix kernel doc of property fields to avoid warnings (git-fixes).
- extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes).
- extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes).
- extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes).
- extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes).
- fbcon: Fix null-ptr-deref in soft_cursor (git-fixes).
- fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472) Backporting changes: 	* replace refcount_read() with atomic_read()
- fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489)
- fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387).
- fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes).
- fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes).
- fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes).
- firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes).
- firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes).
- fs/jfs: fix shift exponent db_agl2size negative (git-fixes).
- fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes).
- fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes).
- fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes).
- fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes).
- fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes).
- gfs2: Do not deref jdesc in evict (bsc#1212265 CVE-2023-3212).
- hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes).
- hfs/hfsplus: use WARN_ON for sanity check (git-fixes).
- hfs: Fix OOB Write in hfs_asc2mac (git-fixes).
- hfs: fix OOB Read in __hfs_brec_find (git-fixes).
- hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes).
- hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes).
- hid: amd_sfh: Add missing check for dma_alloc_coherent (bsc#1212605 CVE-2023-3357).
- hid: google: add jewel USB id (git-fixes).
- hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes).
- hid: wacom: Add error check to wacom_parse_and_register() (git-fixes).
- hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes).
- hwrng: imx-rngc - fix the timeout for init and self check (git-fixes).
- hwrng: st - keep clock enabled while hwrng is registered (git-fixes).
- i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes).
- i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes).
- i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes).
- i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes).
- iavf: remove mask from iavf_irq_enable_queues() (git-fixes).
- ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes)
- ib/isert: Fix dead lock in ib_isert (git-fixes)
- ib/isert: Fix incorrect release of isert connection (git-fixes)
- ib/isert: Fix possible list corruption in CMA handler (git-fixes)
- ib/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes)
- ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes)
- ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604).
- ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes).
- ice: Do not double unplug aux on peer initiated reset (git-fixes).
- ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes).
- ice: Fix DSCP PFC TLV creation (git-fixes).
- ice: Fix XDP memory leak when NIC is brought up and down (git-fixes).
- ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes).
- ice: Fix memory corruption in VF driver (git-fixes).
- ice: Ignore EEXIST when setting promisc mode (git-fixes).
- ice: Prevent set_channel from changing queues while RDMA active (git-fixes).
- ice: Reset FDIR counter in FDIR init stage (git-fixes).
- ice: add profile conflict check for AVF FDIR (git-fixes).
- ice: block LAN in case of VF to VF offload (git-fixes).
- ice: config netdev tc before setting queues number (git-fixes).
- ice: copy last block omitted in ice_get_module_eeprom() (git-fixes).
- ice: ethtool: Prohibit improper channel config for DCB (git-fixes).
- ice: ethtool: advertise 1000M speeds properly (git-fixes).
- ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes).
- ice: fix wrong fallback logic for FDIR (git-fixes).
- ice: handle E822 generic device ID in PLDM header (git-fixes).
- ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes).
- ice: use bitmap_free instead of devm_kfree (git-fixes).
- ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes).
- ieee802154: hwsim: Fix possible memory leaks (git-fixes).
- ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253).
- igb: fix bit_shift to be in [1..8] range (git-fixes).
- igb: fix nvm.ops.read() error handling (git-fixes).
- igc: Clean the TX buffer and TX descriptor ring (git-fixes).
- igc: Fix possible system crash when loading module (git-fixes).
- iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes).
- iio: accel: fxls8962af: fixup buffer scan element type (git-fixes).
- iio: adc: ad7192: Fix internal/external clock selection (git-fixes).
- iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes).
- init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448).
- init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448).
- init: Provide arch_cpu_finalize_init() (bsc#1212448).
- init: Remove check_bugs() leftovers (bsc#1212448).
- input: adxl34x - do not hardcode interrupt trigger type (git-fixes).
- input: drv260x - fix typo in register value define (git-fixes).
- input: drv260x - remove unused .reg_defaults (git-fixes).
- input: drv260x - sleep between polling GO bit (git-fixes).
- input: fix open count when closing inhibited device (git-fixes).
- input: psmouse - fix OOB access in Elantech protocol (git-fixes).
- input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes).
- input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes).
- integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes).
- io_uring: hold uring mutex around poll removal (bsc#1212838 CVE-2023-3389).
- ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842 CVE-2023-3090).
- irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes).
- irqchip/ftintc010: Mark all function static (git-fixes).
- irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes).
- jfs: Fix fortify moan in symlink (git-fixes).
- kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi
- kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base.
- kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).
- kprobe: reverse kp->flags when arm_kprobe failed (git-fixes).
- kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes).
- kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes).
- kprobes: Forbid probing on trampoline and BPF code areas (git-fixes).
- kprobes: Prohibit probes in gate area (git-fixes).
- kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes).
- kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes).
- kvm: arm64: Do not hypercall before EL2 init (git-fixes)
- kvm: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes)
- kvm: arm64: Save PSTATE early on exit (git-fixes)
- kvm: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes)
- lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852).
- lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852).
- lpfc: Clean up SLI-4 CQE status handling (bsc#1211852).
- lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852).
- lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852).
- lpfc: Enhance congestion statistics collection (bsc#1211852).
- lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346).
- lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852).
- lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852).
- mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes).
- mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes).
- mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes).
- media: cec: core: do not set last_initiator if tx in progress (git-fixes).
- media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes).
- media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes).
- media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes).
- media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes).
- media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes).
- media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes).
- media: dvb_ca_en50221: fix a size write bug (git-fixes).
- media: dvb_demux: fix a bug for the continuity counter (git-fixes).
- media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes).
- media: netup_unidvb: fix irq init by register it at the end of probe (git-fixes).
- memory: brcmstb_dpfe: fix testing array offset after use (git-fixes).
- meson saradc: fix clock divider mask length (git-fixes).
- mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes).
- mfd: pm8008: Fix module autoloading (git-fixes).
- mfd: rt5033: Drop rt5033-battery sub-device (git-fixes).
- mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes).
- mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes).
- mfd: stmpe: Only disable the regulators if they are enabled (git-fixes).
- misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes).
- misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes).
- misc: pci_endpoint_test: Re-init completion for every test (git-fixes).
- mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253).
- mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes).
- mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410).
- mm: Move mm_cachep initialization to mm_init() (bsc#1212448).
- mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410).
- mmc: bcm2835: fix deferred probing (git-fixes).
- mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes).
- mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes).
- mmc: mmci: stm32: fix max busy timeout calculation (git-fixes).
- mmc: mtk-sd: fix deferred probing (git-fixes).
- mmc: mvsdio: fix deferred probing (git-fixes).
- mmc: omap: fix deferred probing (git-fixes).
- mmc: omap_hsmmc: fix deferred probing (git-fixes).
- mmc: owl: fix deferred probing (git-fixes).
- mmc: sdhci-acpi: fix deferred probing (git-fixes).
- mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes).
- mmc: sdhci-spear: fix deferred probing (git-fixes).
- mmc: sh_mmcif: fix deferred probing (git-fixes).
- mmc: sunxi: fix deferred probing (git-fixes).
- mmc: usdhi60rol0: fix deferred probing (git-fixes).
- mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes).
- net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253).
- net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253).
- net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253).
- net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253).
- net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253).
- net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253).
- net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253).
- net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253).
- net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253).
- net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253).
- net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253).
- net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253).
- net/mlx5: Do not use already freed action pointer (jsc#SLE-19253).
- net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253).
- net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253).
- net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253).
- net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253).
- net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253).
- net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253).
- net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253).
- net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253).
- net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253).
- net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253).
- net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253).
- net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253).
- net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253).
- net/mlx5: Fix steering rules cleanup (jsc#SLE-19253).
- net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253).
- net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253).
- net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253).
- net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253).
- net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253).
- net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253).
- net/mlx5: SF, Drain health before removing device (jsc#SLE-19253).
- net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253).
- net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253).
- net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253).
- net/mlx5: add IFC bits for bypassing port select flow table (git-fixes)
- net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253).
- net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253).
- net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253).
- net/mlx5: fs, fail conflicting actions (jsc#SLE-19253).
- net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253).
- net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253).
- net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253).
- net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253).
- net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253).
- net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253).
- net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253).
- net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253).
- net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253).
- net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253).
- net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253).
- net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253).
- net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253).
- net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253).
- net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253).
- net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253).
- net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253).
- net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253).
- net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253).
- net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253).
- net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253).
- net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253).
- net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253).
- net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253).
- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253).
- net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253).
- net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253).
- net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253).
- net/net_failover: fix txq exceeding warning (git-fixes).
- net/sched: fix initialization order when updating chain 0 head (git-fixes).
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-fixes).
- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes).
- net/sched: tcindex: Do not use perfect hashing (bsc#1210335 CVE-2023-1829).
- net: ena: Account for the number of processed bytes in XDP (git-fixes).
- net: ena: Do not register memory info on XDP exchange (git-fixes).
- net: ena: Fix rx_copybreak value update (git-fixes).
- net: ena: Fix toeplitz initial hash value (git-fixes).
- net: ena: Set default value for RX interrupt moderation (git-fixes).
- net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes).
- net: ena: Use bitmask to indicate packet redirection (git-fixes).
- net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes).
- net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes).
- net: hns3: fix reset delay time to avoid configuration timeout (git-fixes).
- net: hns3: fix sending pfc frames after reset issue (git-fixes).
- net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes).
- net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253).
- net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes).
- net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes).
- nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes).
- nfp: only report pause frame configuration for physical device (git-fixes).
- nilfs2: fix buffer corruption due to concurrent device reads (git-fixes).
- nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes).
- nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-fixes).
- nouveau: fix client work fence deletion race (git-fixes).
- nvme-core: fix dev_pm_qos memleak (git-fixes).
- nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes).
- nvme-core: fix memory leak in dhchap_secret_store (git-fixes).
- nvme-pci: add quirk for missing secondary temperature thresholds (git-fixes).
- nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes).
- ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes).
- ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes).
- ocfs2: fix non-auto defrag path not working issue (git-fixes).
- octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes).
- octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes).
- octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes).
- octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-fixes).
- pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes).
- pci: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes).
- pci: Release resource invalidated by coalescing (git-fixes).
- pci: cadence: Fix Gen2 Link Retraining process (git-fixes).
- pci: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes).
- pci: ftpci100: Release the clock resources (git-fixes).
- pci: pciehp: Cancel bringup sequence if card is not present (git-fixes).
- pci: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes).
- pci: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes).
- pci: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes).
- pci: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes).
- pci: rockchip: Set address alignment for endpoint mode (git-fixes).
- pci: rockchip: Use u32 variable to access 32-bit registers (git-fixes).
- pci: rockchip: Write PCI Device ID to correct register (git-fixes).
- pci: vmd: Reset VMD config register between soft reboots (git-fixes).
- pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes).
- pinctrl: cherryview: Return correct value if pin in push-pull mode (git-fixes).
- pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes).
- pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-fixes).
- platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes).
- platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes).
- platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes).
- platform/x86: think-lmi: Correct NVME password handling (git-fixes).
- platform/x86: think-lmi: Correct System password interface (git-fixes).
- platform/x86: think-lmi: mutex protection around multiple WMI calls (git-fixes).
- platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes).
- pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes).
- power: supply: Fix logic checking if system is running from battery (git-fixes).
- power: supply: Ratelimit no data debug output (git-fixes).
- power: supply: ab8500: Fix external_power_changed race (git-fixes).
- power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes).
- power: supply: sc27xx: Fix external_power_changed race (git-fixes).
- powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869).
- powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729).
- powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662).
- powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701).
- powerpc/purgatory: remove PGO flags (bsc#1194869).
- powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869).
- powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662).
- powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662).
- pstore/ram: Add check for kstrdup (git-fixes).
- qed/qede: Fix scheduling while atomic (git-fixes).
- radeon: avoid double free in ci_dpm_init() (git-fixes).
- rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes).
- rdma/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes)
- rdma/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes)
- rdma/bnxt_re: Fix to remove an unnecessary log (git-fixes)
- rdma/bnxt_re: Fix to remove unnecessary return labels (git-fixes)
- rdma/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes)
- rdma/bnxt_re: Remove unnecessary checks (git-fixes)
- rdma/bnxt_re: Return directly without goto jumps (git-fixes)
- rdma/bnxt_re: Use unique names while registering interrupts (git-fixes)
- rdma/bnxt_re: wraparound mbox producer index (git-fixes)
- rdma/cma: Always set static rate to 0 for RoCE (git-fixes)
- rdma/hns: Fix hns_roce_table_get return value (git-fixes)
- rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes)
- rdma/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes)
- rdma/mlx5: Fix affinity assignment (git-fixes)
- rdma/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes)
- rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253).
- rdma/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes)
- rdma/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes)
- rdma/rtrs: Fix rxe_dealloc_pd warning (git-fixes)
- rdma/rtrs: Fix the last iu->buf leak in err path (git-fixes)
- rdma/rxe: Fix packet length checks (git-fixes)
- rdma/rxe: Fix ref count error in check_rkey() (git-fixes)
- rdma/rxe: Fix rxe_cq_post (git-fixes)
- rdma/rxe: Fix the error 'trying to register non-static key in rxe_cleanup_task' (git-fixes)
- rdma/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes)
- rdma/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes)
- rdma/rxe: Remove the unused variable obj (git-fixes)
- rdma/rxe: Removed unused name from rxe_task struct (git-fixes)
- rdma/uverbs: Restrict usage of privileged QKEYs (git-fixes)
- rdma/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes)
- regmap: Account for register length when chunking (git-fixes).
- regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes).
- regulator: Fix error checking for debugfs_create_dir (git-fixes).
- regulator: core: Fix more error checking for debugfs_create_dir() (git-fixes).
- regulator: core: Streamline debugfs operations (git-fixes).
- regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes).
- regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes).
- reiserfs: Add missing calls to reiserfs_security_free() (git-fixes).
- reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes).
- revert 'squashfs: harden sanity check in squashfs_read_xattr_id_table' (git-fixes).
- rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE.
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git-fixes).
- s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592).
- s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892).
- s390/pkey: zeroize key blobs (git-fixes bsc#1212619).
- sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077)
- scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-fixes).
- scsi: stex: Fix gcc 13 warnings (git-fixes).
- selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes).
- serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes).
- serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes).
- serial: 8250: omap: Fix freeing of resources on failed register (git-fixes).
- serial: 8250_omap: Use force_suspend and resume for system suspend (git-fixes).
- serial: atmel: do not enable IRQs prematurely (git-fixes).
- serial: lantiq: add missing interrupt ack (git-fixes).
- sfc: disable RXFCS and RXALL features by default (git-fixes).
- signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861).
- soc/fsl/qe: fix usb.c build errors (git-fixes).
- soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes).
- soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes).
- spi: dw: Round of n_bytes to power of 2 (git-fixes).
- spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes).
- spi: lpspi: disable lpspi module irq in DMA mode (git-fixes).
- spi: qup: Request DMA before enabling clocks (git-fixes).
- spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes).
- spi: tegra210-quad: Fix combined sequence (bsc#1212584)
- spi: tegra210-quad: Fix iterator outside loop (git-fixes).
- spi: tegra210-quad: Multi-cs support (bsc#1212584)
- squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes).
- staging: octeon: delete my name from TODO contact (git-fixes).
- sunrpc: Clean up svc_deferred_class trace events (git-fixes).
- supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931)
- test_firmware: Use kstrtobool() instead of strtobool() (git-fixes).
- test_firmware: fix the memory leak of the allocated firmware buffer (git-fixes).
- test_firmware: prevent race conditions by a correct implementation of locking (git-fixes).
- test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes).
- thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes).
- thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes).
- tls: Skip tls_append_frag on zero copy size (git-fixes).
- tools: bpftool: Remove invalid \' json escape (git-fixes).
- tpm, tpm_tis: Request threaded interrupt handler (git-fixes).
- tracing/histograms: Allow variables to have some modifiers (git-fixes).
- tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes).
- tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git-fixes).
- tracing: Have event format check not flag %p* on __get_dynamic_array() (git-fixes, bsc#1212350).
- tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-fixes).
- tracing: Update print fmt check to handle new __get_sockaddr() macro (git-fixes, bsc#1212350).
- tty: serial: imx: fix rs485 rx after tx (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes).
- usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes).
- usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes).
- usb: dwc3: fix use-after-free on core driver unbind (git-fixes).
- usb: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes).
- usb: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes).
- usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes).
- usb: dwc3: qcom: Fix potential memory leak (git-fixes).
- usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes).
- usb: dwc3: qcom: fix NULL-deref on suspend (git-fixes).
- usb: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes).
- usb: gadget: udc: fix NULL dereference in remove() (git-fixes).
- usb: hide unused usbfs_notify_suspend/resume functions (git-fixes).
- usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes).
- usb: serial: option: add Quectel EM061KGL series (git-fixes).
- usb: typec: ucsi: Fix command cancellation (git-fixes).
- usb: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes).
- usrmerge: Adjust module path in the kernel sources (bsc#1212835).
- usrmerge: Compatibility with earlier rpm (boo#1211796)
- vdpa/mlx5: Directly assign memory key (jsc#SLE-19253).
- vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253).
- vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253).
- vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253).
- vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253).
- w1: fix loop in w1_fini() (git-fixes).
- w1: w1_therm: fix locking behavior in convert_t (git-fixes).
- watchdog: menz069_wdt: fix watchdog initialisation (git-fixes).
- wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes).
- wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: convert msecs to jiffies where needed (git-fixes).
- wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes).
- wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes).
- wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes).
- wifi: b43: fix incorrect __packed annotation (git-fixes).
- wifi: cfg80211: fix locking in regulatory disconnect (git-fixes).
- wifi: cfg80211: fix locking in sched scan stop work (git-fixes).
- wifi: cfg80211: rewrite merging of inherited elements (git-fixes).
- wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes).
- wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes).
- wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes).
- wifi: mac80211: simplify chanctx allocation (git-fixes).
- wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes).
- wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes).
- wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes).
- wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git-fixes).
- wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git-fixes).
- wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes).
- wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git-fixes).
- wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes).
- writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes).
- x86/build: Avoid relocation information in final vmlinux (bsc#1187829).
- x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- x86/fpu: Mark init functions __init (bsc#1212448).
- x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448).
- x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448).
- x86/init: Initialize signal frame size late (bsc#1212448).
- x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes).
- x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes).
- x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter (git-fixes).
- x86/microcode: Print previous version of microcode after reload (git-fixes).
- x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes).
- x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes).
- x86/mm: Initialize text poking earlier (bsc#1212448).
- x86/mm: Use mm_alloc() in poking_init() (bsc#1212448).
- x86/mm: fix poking_init() for Xen PV guests (git-fixes).
- x86/sgx: Fix race between reclaimer and page fault handler (git-fixes).
- x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes).
- x86/xen: fix secondary processor fpu initialization (bsc#1212869).
- xfs: fix rm_offset flag handling in rmap keys (git-fixes).
- xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2827-1
Released:    Fri Jul 14 11:27:42 2023
Summary:     Recommended update for libxml2
Type:        recommended
Severity:    moderate
References:  
This update for libxml2 fixes the following issues:

- Build also for modern python version (jsc#PED-68)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2847-1
Released:    Mon Jul 17 08:40:42 2023
Summary:     Recommended update for audit
Type:        recommended
Severity:    moderate
References:  1210004
This update for audit fixes the following issues:

- Check for AF_UNIX unnamed sockets (bsc#1210004)
- Enable livepatching on main library on x86_64

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2855-1
Released:    Mon Jul 17 16:35:21 2023
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1212260
This update for openldap2 fixes the following issues:

- libldap2 crashes on ldap_sasl_bind_s (bsc#1212260)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2866-1
Released:    Tue Jul 18 11:09:03 2023
Summary:     Security update for python-requests
Type:        security
Severity:    moderate
References:  1211674,CVE-2023-32681
This update for python-requests fixes the following issues:

- CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2877-1
Released:    Wed Jul 19 09:43:42 2023
Summary:     Security update for dbus-1
Type:        security
Severity:    moderate
References:  1212126,CVE-2023-34969
This update for dbus-1 fixes the following issues:

- CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2882-1
Released:    Wed Jul 19 11:49:39 2023
Summary:     Security update for perl
Type:        security
Severity:    important
References:  1210999,CVE-2023-31484
This update for perl fixes the following issues:


  - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2885-1
Released:    Wed Jul 19 16:58:43 2023
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1208721,1209229,1211828
This update for glibc fixes the following issues:

- getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235)
- Exclude static archives from preparation for live patching (bsc#1208721)
- resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2891-1
Released:    Wed Jul 19 21:14:33 2023
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1213237,CVE-2023-32001
This update for curl fixes the following issues:

- CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2893-1
Released:    Thu Jul 20 06:44:05 2023
Summary:     Recommended update for wicked
Type:        recommended
Severity:    moderate
References:  1194557,1203300,1206447,1206674,1206798,1211026
This update for wicked fixes the following issues:

- Update to version 0.6.73
- Fix arp notify loop and burst sending (boo#1212806)
- Allow verify/notify counter and interval configuration
- Handle ENOBUFS sending errors (bsc#1203300)
- Improve environment variable handling
- Refactor firmware extension definition
- Enable, disable and revert cli commands
- Fix memory leaks, add array/list utils
- Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026)
- Cleanup /var/run leftovers in extension scripts (bsc#1194557)
- Output formatting improvements and Unicode support
- bond: workaround 6.1 kernel enslave regression (bsc#1206674)
  - Add `wicked firmware` command to improve `ibft`,`nbft`,`redfish`
  firmware extension and interface handling.
- Improve error handling in netif firmware discovery
  extension execution and extension definition overrides in
  the wicked-config.
- Fix use-after-free in debug mode (bsc#1206447)
- Replace transitional `%usrmerged` macro with regular
  version check (bsc#1206798)
- Improve to show `no-carrier` in ifstatus output
- Cleanup inclusions and update uapi header to 6.0
- Link mode nwords cleanup and new advertise mode names
- Enable raw-ip support for wwan-qmi interfaces (jsc#PED-90)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2918-1
Released:    Thu Jul 20 12:00:17 2023
Summary:     Recommended update for gpgme
Type:        recommended
Severity:    moderate
References:  1089497
This update for gpgme fixes the following issues:

gpgme:

- Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497)
    
libassuan:

- Version upgrade to 2.5.5 in LTSS to address gpgme new requirements

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2922-1
Released:    Thu Jul 20 18:34:03 2023
Summary:     Recommended update for libfido2
Type:        recommended
Severity:    moderate
References:  
This update for libfido2 fixes the following issues:

- Use openssl 1.1 still on SUSE Linux Enterprise 15 to avoid pulling unneeded
  openssl-3 dependency. (jsc#PED-4521)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2930-1
Released:    Fri Jul 21 10:09:57 2023
Summary:     Security update for samba
Type:        security
Severity:    important
References:  1213171,1213172,1213173,1213174,1213384,CVE-2022-2127,CVE-2023-34966,CVE-2023-34967,CVE-2023-34968
This update for samba fixes the following issues:

  - CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174).
  - CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173).
  - CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172).
  - CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171).


  Bugfixes:

  - Fixed trust relationship failure (bsc#1213384).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2945-1
Released:    Mon Jul 24 09:37:30 2023
Summary:     Security update for openssh
Type:        security
Severity:    important
References:  1186673,1209536,1213004,1213008,1213504,CVE-2023-38408
This update for openssh fixes the following issues:

- CVE-2023-38408: Fixed a condition where specific libaries loaded via
  ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code
  execution via a forwarded agent socket if those libraries were present on the
  victim's system and if the agent was forwarded to an attacker-controlled
  system. [bsc#1213504, CVE-2023-38408]

- Close the right filedescriptor and also close fdh in read_hmac to avoid file
  descriptor leaks. [bsc#1209536]

- Attempts to mitigate instances of secrets lingering in memory after a session
  exits. [bsc#1186673, bsc#1213004, bsc#1213008]

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2962-1
Released:    Tue Jul 25 09:34:53 2023
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1213487,CVE-2023-3446
This update for openssl-1_1 fixes the following issues:

- CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2994-1
Released:    Thu Jul 27 06:45:29 2023
Summary:     Recommended update for nfs-utils
Type:        recommended
Severity:    moderate
References:  1157881,1200710,1209859
This update for nfs-utils fixes the following issues:

- SLE15-SP5 and earlier don't use /usr/lib/modprobe.d (bsc#1200710)
- Avoid unhelpful warnings (bsc#1157881)
- Fix rpc.nfsd man pages (bsc#1209859)
- Allow scope to be set in sysconfig: NFSD_SCOPE

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3118-1
Released:    Wed Aug  2 05:57:56 2023
Summary:     Recommended update for hwinfo
Type:        recommended
Severity:    moderate
References:  1212756
This update for hwinfo fixes the following issues:

- Avoid linking problems with libsamba (bsc#1212756)
- Update to version 21.85

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3170-1
Released:    Thu Aug  3 08:02:27 2023
Summary:     Recommended update for perl-Bootloader
Type:        recommended
Severity:    moderate
References:  1201399,1208003,1210799
This update for perl-Bootloader fixes the following issues:

- Use signed grub EFI binary when updating grub in default EFI location (bsc#1210799)                                                                                                                                                                           
- UEFI: update also default location, if it is controlled by SUSE (bsc#1210799, bsc#1201399)                                                                                                                                                                    
- Use `fw_platform_size` to distinguish between 32 bit and 64 bit UEFI platforms (bsc#1208003)                                                                                                                                                                  
- Add basic support for systemd-boot  

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3171-1
Released:    Thu Aug  3 08:33:37 2023
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1150305,1193629,1194869,1207894,1208788,1210565,1210584,1210853,1211243,1211811,1211867,1212301,1212846,1212905,1213010,1213011,1213012,1213013,1213014,1213015,1213016,1213017,1213018,1213019,1213020,1213021,1213024,1213025,1213032,1213034,1213035,1213036,1213037,1213038,1213039,1213040,1213041,1213059,1213061,1213087,1213088,1213089,1213090,1213092,1213093,1213094,1213095,1213096,1213098,1213099,1213100,1213102,1213103,1213104,1213105,1213106,1213107,1213108,1213109,1213110,1213111,1213112,1213113,1213114,1213134,1213245,1213247,1213252,1213258,1213259,1213263,1213264,1213286,1213523,1213524,1213543,1213705,CVE-2023-20593,CVE-2023-2985,CVE-2023-3117,CVE-2023-31248,CVE-2023-3390,CVE-2023-35001,CVE-2023-3812

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
- CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).


The following non-security bugs were fixed:

- ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes).
- ALSA: fireface: make read-only const array for model names static (git-fixes).
- ALSA: hda/realtek - remove 3k pull low procedure (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes).
- ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (git-fixes).
- ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes).
- ALSA: hda/realtek: Amend G634 quirk to enable rear speakers (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes).
- ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes).
- ALSA: hda/realtek: Whitespace fix (git-fixes).
- ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes).
- ALSA: oxfw: make read-only const array models static (git-fixes).
- ALSA: pcm: Fix potential data race at PCM memory allocation helpers (git-fixes).
- ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes).
- ASoC: codecs: wcd934x: fix resource leaks on component remove (git-fixes).
- ASoC: codecs: wcd938x: fix codec initialisation race (git-fixes).
- ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes).
- ASoC: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes).
- ASoC: codecs: wcd938x: fix soundwire initialisation race (git-fixes).
- ASoC: tegra: Fix ADX byte map (git-fixes).
- ASoC: tegra: Fix AMX byte map (git-fixes).
- Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes).
- Documentation: ABI: sysfs-class-net-qmi: pass_through contact update (git-fixes).
- Documentation: bonding: fix the doc of peer_notif_delay (git-fixes).
- Documentation: timers: hrtimers: Make hybrid union historical (git-fixes).
- Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758)
- Fix documentation of panic_on_warn (git-fixes).
- IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes)
- PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes).
- RDMA/rxe: Fix access checks in rxe_check_bind_mw (git-fixes)
- Revert 'arm64: dts: zynqmp: Add address-cells property to interrupt (git-fixes)
- Revert 'drm/amd/display: edp do not add non-edid timings' (git-fixes).
- USB: dwc2: Fix some error handling paths (git-fixes).
- USB: dwc2: platform: Improve error reporting for problems during .remove() (git-fixes).
- USB: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes).
- USB: gadget: udc: core: Prevent soft_connect_store() race (git-fixes).
- USB: serial: option: add LARA-R6 01B PIDs (git-fixes).
- Update config and supported.conf files due to renaming.
- apparmor: fix missing error check for rhashtable_insert_fast (git-fixes).
- arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes)
- arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-fixes)
- arm64: vdso: Pass (void *) to virt_to_page() (git-fixes)
- arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
- can: bcm: Fix UAF in bcm_proc_show() (git-fixes).
- cifs: add a warning when the in-flight count goes negative (bsc#1193629).
- cifs: address unused variable warning (bsc#1193629).
- cifs: do all necessary checks for credits within or before locking (bsc#1193629).
- cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).
- cifs: fix max_credits implementation (bsc#1193629).
- cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629).
- cifs: fix session state check in smb2_find_smb_ses (bsc#1193629).
- cifs: fix session state transition to avoid use-after-free issue (bsc#1193629).
- cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).
- cifs: fix status checks in cifs_tree_connect (bsc#1193629).
- cifs: log session id when a matching ses is not found (bsc#1193629).
- cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629).
- cifs: prevent use-after-free by freeing the cfile later (bsc#1193629).
- cifs: print all credit counters in DebugData (bsc#1193629).
- cifs: print client_guid in DebugData (bsc#1193629).
- cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629).
- cifs: print nosharesock value while dumping mount options (bsc#1193629).
- clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs (git-fixes).
- clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks (git-fixes).
- codel: fix kernel-doc notation warnings (git-fixes).
- crypto: kpp - Add helper to set reqsize (git-fixes).
- crypto: qat - Use helper to set reqsize (git-fixes).
- devlink: fix kernel-doc notation warnings (git-fixes).
- docs: networking: Update codeaurora references for rmnet (git-fixes).
- drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes).
- drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes).
- drm/amdgpu: Validate VM ioctl flags (git-fixes).
- drm/amdgpu: avoid restore process run into dead loop (git-fixes).
- drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git-fixes).
- drm/atomic: Allow vblank-enabled + self-refresh 'disable' (git-fixes).
- drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes).
- drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-fixes).
- drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes).
- drm/client: Fix memory leak in drm_client_target_cloned (git-fixes).
- drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times (git-fixes).
- drm/i915: Fix one wrong caching mode enum usage (git-fixes).
- drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes).
- drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes).
- drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git-fixes).
- drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes).
- drm/ttm: Do not leak a resource on swapout move error (git-fixes).
- dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in 'compatible' conditional schema (git-fixes).
- ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020).
- ext4: add EA_INODE checking to ext4_iget() (bsc#1213106).
- ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088).
- ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109).
- ext4: add strict range checks while freeing blocks (bsc#1213089).
- ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).
- ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018).
- ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090).
- ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103).
- ext4: disallow ea_inodes with extended attributes (bsc#1213108).
- ext4: fail ext4_iget if special inode unallocated (bsc#1213010).
- ext4: fix WARNING in ext4_update_inline_data (bsc#1213012).
- ext4: fix WARNING in mb_find_extent (bsc#1213099).
- ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111).
- ext4: fix data races when using cached status extents (bsc#1213102).
- ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105).
- ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015).
- ext4: fix lockdep warning when enabling MMP (bsc#1213100).
- ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096).
- ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021).
- ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098).
- ext4: improve error handling from ext4_dirhash() (bsc#1213104).
- ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017).
- ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011).
- ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019).
- ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087).
- ext4: refuse to create ea block when umounted (bsc#1213093).
- ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107).
- ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110).
- ext4: update s_journal_inum if it changes after journal replay (bsc#1213094).
- ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092).
- ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013).
- fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes).
- fbdev: imxfb: warn about invalid left/right margin (git-fixes).
- fuse: ioctl: translate ENOSYS in outarg (bsc#1213524).
- fuse: revalidate: do not invalidate if interrupted (bsc#1213523).
- hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861).
- hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861).
- hvcs: Synchronize hotplug remove with port free (bsc#1213134 ltc#202861).
- hvcs: Use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861).
- hvcs: Use driver groups to manage driver attributes (bsc#1213134 ltc#202861).
- hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861).
- hwmon: (adm1275) Allow setting sample averaging (git-fixes).
- hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 (git-fixes).
- i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes).
- i2c: xiic: Do not try to handle more interrupt events after error (git-fixes).
- inotify: Avoid reporting event with invalid wd (bsc#1213025).
- jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095).
- jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014).
- kABI: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243).
- kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers
- kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined (git-fixes).
- leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git-fixes).
- media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes).
- media: cec: i2c: ch7322: also select REGMAP (git-fixes).
- media: i2c: Correct format propagation for st-mipid02 (git-fixes).
- media: usb: Check az6007_read() return value (git-fixes).
- media: usb: siano: Fix warning due to null work_func_t function pointer (git-fixes).
- media: venus: helpers: Fix ALIGN() of non power of two (git-fixes).
- media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes).
- memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
- mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes).
- mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used (git-fixes).
- net: mana: Add support for vlan tagging (bsc#1212301).
- net: phy: prevent stale pointer dereference in phy_init() (git-fixes).
- ntb: amd: Fix error handling in amd_ntb_pci_driver_init() (git-fixes).
- ntb: idt: Fix error handling in idt_pci_driver_init() (git-fixes).
- ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (git-fixes).
- ntb: ntb_tool: Add check for devm_kcalloc (git-fixes).
- ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes).
- nvme-multipath: support io stats on the mpath device (bsc#1210565).
- nvme: introduce nvme_start_request (bsc#1210565).
- ocfs2: Switch to security_inode_init_security() (git-fixes).
- ocfs2: check new file size on fallocate call (git-fixes).
- ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes).
- opp: Fix use-after-free in lazy_opp_tables after probe deferral (git-fixes).
- phy: Revert 'phy: Remove SOC_EXYNOS4212 dep. from PHY_EXYNOS4X12_USB' (git-fixes).
- phy: tegra: xusb: Clear the driver reference in usb-phy dev (git-fixes).
- phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes).
- pie: fix kernel-doc notation warning (git-fixes).
- pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes).
- pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes).
- pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes).
- powerpc/64: Only WARN if __pa()/__va() called with bad addresses (bsc#1194869).
- powerpc/64s: Fix VAS mm use after free (bsc#1194869).
- powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869).
- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869).
- powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (bsc#1194869).
- powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare() (bsc#1194869).
- powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes).
- powerpc/mm: Switch obsolete dssall to .long (bsc#1194869).
- powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869).
- powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869).
- powerpc/prom_init: Fix kernel config grep (bsc#1194869).
- powerpc/secvar: fix refcount leak in format_show() (bsc#1194869).
- powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869).
- powerpc: clean vdso32 and vdso64 directories (bsc#1194869).
- powerpc: define get_cycles macro for arch-override (bsc#1194869).
- powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869).
- pwm: ab8500: Fix error code in probe() (git-fixes).
- pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes).
- pwm: sysfs: Do not apply state to already disabled PWMs (git-fixes).
- rpm/check-for-config-changes: ignore also RISCV_ISA_* and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS_*.
- rsi: remove kernel-doc comment marker (git-fixes).
- s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259).
- s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258).
- s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263).
- s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252).
- s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 (git-fixes bsc#1213264).
- s390: discard .interp section (git-fixes bsc#1213247).
- sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes)
- sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes)
- security: keys: Modify mismatched function name (git-fixes).
- selftests: mptcp: depend on SYN_COOKIES (git-fixes).
- selftests: mptcp: sockopt: return error if wrong mark (git-fixes).
- selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes).
- selftests: tc: add 'ct' action kconfig dep (git-fixes).
- selftests: tc: add ConnTrack procfs kconfig (git-fixes).
- selftests: tc: set timeout to 15 minutes (git-fixes).
- signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869).
- signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) (bsc#1194869).
- smb3: do not reserve too many oplock credits (bsc#1193629).
- smb3: missing null check in SMB2_change_notify (bsc#1193629).
- smb: client: fix broken file attrs with nodfs mounts (bsc#1193629).
- smb: client: fix missed ses refcounting (git-fixes).
- smb: client: fix parsing of source mount option (bsc#1193629).
- smb: client: fix shared DFS root mounts with different prefixes (bsc#1193629).
- smb: client: fix warning in CIFSFindFirst() (bsc#1193629).
- smb: client: fix warning in CIFSFindNext() (bsc#1193629).
- smb: client: fix warning in cifs_match_super() (bsc#1193629).
- smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629).
- smb: client: fix warning in generic_ip_connect() (bsc#1193629).
- smb: client: improve DFS mount check (bsc#1193629).
- smb: client: remove redundant pointer 'server' (bsc#1193629).
- smb: delete an unnecessary statement (bsc#1193629).
- smb: move client and server files to common directory fs/smb (bsc#1193629).
- smb: remove obsolete comment (bsc#1193629).
- soundwire: qcom: fix storing port config out-of-bounds (git-fixes).
- spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-fixes).
- spi: bcm63xx: fix max prepend length (git-fixes).
- tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes).
- tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes).
- ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
- ubi: ensure that VID header offset + VID header size <= alloc, size (bsc#1210584).
- udf: Avoid double brelse() in udf_rename() (bsc#1213032).
- udf: Define EFSCORRUPTED error code (bsc#1213038).
- udf: Detect system inodes linked into directory hierarchy (bsc#1213114).
- udf: Discard preallocation before extending file with a hole (bsc#1213036).
- udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035).
- udf: Do not bother merging very long extents (bsc#1213040).
- udf: Do not update file length for failed writes to inline files (bsc#1213041).
- udf: Fix error handling in udf_new_inode() (bsc#1213112).
- udf: Fix extending file within last block (bsc#1213037).
- udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034).
- udf: Preserve link count of system files (bsc#1213113).
- udf: Truncate added extents on failed expansion (bsc#1213039).
- wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes).
- wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes).
- wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes).
- wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes).
- wl3501_cs: use eth_hw_addr_set() (git-fixes).
- writeback: fix call of incorrect macro (bsc#1213024).
- x86: Fix .brk attribute in linker script (git-fixes).
- xfs: AIL needs asynchronous CIL forcing (bsc#1211811).
- xfs: CIL work is serialised, not pipelined (bsc#1211811).
- xfs: XLOG_STATE_IOERROR must die (bsc#1211811).
- xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811).
- xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811).
- xfs: clean up the rtbitmap fsmap backend (git-fixes).
- xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes).
- xfs: do not reverse order of items in bulk AIL insertion (git-fixes).
- xfs: do not run shutdown callbacks on active iclogs (bsc#1211811).
- xfs: drop async cache flushes from CIL commits (bsc#1211811).
- xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811).
- xfs: fix getfsmap reporting past the last rt extent (git-fixes).
- xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes).
- xfs: fix interval filtering in multi-step fsmap queries (git-fixes).
- xfs: fix logdev fsmap query result filtering (git-fixes).
- xfs: fix off-by-one error when the last rt extent is in use (git-fixes).
- xfs: fix uninitialized variable access (git-fixes).
- xfs: make fsmap backend function key parameters const (git-fixes).
- xfs: make the record pointer passed to query_range functions const (git-fixes).
- xfs: move the CIL workqueue to the CIL (bsc#1211811).
- xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811).
- xfs: order CIL checkpoint start records (bsc#1211811).
- xfs: pass a CIL context to xlog_write() (bsc#1211811).
- xfs: pass explicit mount pointer to rtalloc query functions (git-fixes).
- xfs: rework xlog_state_do_callback() (bsc#1211811).
- xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811).
- xfs: separate out log shutdown callback processing (bsc#1211811).
- xfs: wait iclog complete before tearing down AIL (bsc#1211811).
- xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes).
- xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes).
- xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes).


The following package changes have been done:

- audit-3.0.6-150400.4.10.1 updated
- bind-utils-9.16.42-150400.5.27.1 updated
- cloud-init-config-suse-23.1-150100.8.63.5 updated
- cloud-init-23.1-150100.8.63.5 updated
- containerd-ctr-1.6.21-150000.93.1 updated
- containerd-1.6.21-150000.93.1 updated
- cups-config-2.2.7-150000.3.46.1 updated
- curl-8.0.1-150400.5.26.1 updated
- dbus-1-1.12.2-150400.18.8.1 updated
- docker-23.0.6_ce-150000.178.1 updated
- dracut-055+suse.344.g3d5cd8fb-150400.3.25.1 updated
- glibc-locale-base-2.31-150300.52.2 updated
- glibc-locale-2.31-150300.52.2 updated
- glibc-2.31-150300.52.2 updated
- hwdata-0.371-150000.3.62.1 updated
- hwinfo-21.85-150400.3.12.1 updated
- kernel-default-5.14.21-150400.24.74.1 updated
- libassuan0-2.5.5-150000.4.5.2 updated
- libaudit1-3.0.6-150400.4.10.1 updated
- libauparse0-3.0.6-150400.4.10.1 updated
- libcap2-2.63-150400.3.3.1 updated
- libcups2-2.2.7-150000.3.46.1 updated
- libcurl4-8.0.1-150400.5.26.1 updated
- libdbus-1-3-1.12.2-150400.18.8.1 updated
- libfido2-1-1.13.0-150400.5.6.1 updated
- libgcc_s1-12.3.0+git1204-150000.1.10.1 updated
- libhidapi-hidraw0-0.10.1-1.6 added
- libjansson4-2.14-150000.3.3.1 updated
- libldap-2_4-2-2.4.46-150200.14.17.1 updated
- libldap-data-2.4.46-150200.14.17.1 updated
- libopenssl1_1-1.1.1l-150400.7.48.1 updated
- libprotobuf-lite20-3.9.2-150200.4.21.1 updated
- libpython3_6m1_0-3.6.15-150300.10.48.1 updated
- libsolv-tools-0.7.24-150400.3.8.1 updated
- libstdc++6-12.3.0+git1204-150000.1.10.1 updated
- libxml2-2-2.9.14-150400.5.19.1 updated
- libzck1-1.1.16-150400.3.4.1 updated
- libzypp-17.31.14-150400.3.35.1 updated
- nfs-client-2.1.1-150100.10.37.1 updated
- openssh-clients-8.4p1-150300.3.22.1 updated
- openssh-common-8.4p1-150300.3.22.1 updated
- openssh-server-8.4p1-150300.3.22.1 updated
- openssh-8.4p1-150300.3.22.1 updated
- openssl-1_1-1.1.1l-150400.7.48.1 updated
- perl-Bootloader-0.944-150400.3.6.1 updated
- perl-base-5.26.1-150300.17.14.1 updated
- perl-5.26.1-150300.17.14.1 updated
- python3-base-3.6.15-150300.10.48.1 updated
- python3-bind-9.16.42-150400.5.27.1 updated
- python3-ply-3.10-150000.3.3.4 updated
- python3-requests-2.24.0-150300.3.3.1 updated
- python3-3.6.15-150300.10.48.1 updated
- runc-1.1.7-150000.46.1 updated
- samba-client-libs-4.15.13+git.663.9c654e06cdb-150400.3.28.1 updated
- samba-libs-4.15.13+git.663.9c654e06cdb-150400.3.28.1 updated
- supportutils-3.1.21-150300.7.35.18.1 updated
- suseconnect-ng-1.1.0~git2.f42b4b2a060e-150400.3.13.1 updated
- system-group-audit-3.0.6-150400.4.10.1 updated
- systemd-rpm-macros-13-150000.7.33.1 updated
- vim-data-common-9.0.1572-150000.5.46.1 updated
- vim-9.0.1572-150000.5.46.1 updated
- wicked-service-0.6.73-150400.3.8.1 updated
- wicked-0.6.73-150400.3.8.1 updated
- zypper-1.14.61-150400.3.24.1 updated
- libfido2-udev-1.5.0-1.30 removed
- xxd-9.0.1443-150000.5.43.1 removed


More information about the sle-security-updates mailing list