SUSE-IU-2023:8-1: Security update of suse-sles-15-sp4-chost-byos-v20230111-x86_64-gen2

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Jan 24 08:02:38 UTC 2023


SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230111-x86_64-gen2
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2023:8-1
Image Tags        : suse-sles-15-sp4-chost-byos-v20230111-x86_64-gen2:20230111
Image Release     : 
Severity          : important
Type              : security
References        : 1065729 1144337 1156395 1164051 1175622 1177460 1179584 1184350
                        1188882 1189297 1190256 1191410 1193629 1194869 1195391 1196205
                        1199467 1200107 1200581 1200723 1202341 1203092 1203183 1203274
                        1203391 1203511 1203960 1204000 1204228 1204405 1204414 1204423
                        1204585 1204631 1204636 1204693 1204743 1204779 1204780 1204810
                        1204850 1204867 1205000 1205007 1205100 1205111 1205113 1205128
                        1205130 1205149 1205153 1205220 1205264 1205266 1205272 1205282
                        1205284 1205331 1205332 1205377 1205427 1205428 1205473 1205502
                        1205507 1205514 1205521 1205567 1205616 1205617 1205653 1205671
                        1205679 1205683 1205700 1205705 1205709 1205711 1205744 1205764
                        1205796 1205797 1205882 1205993 1206028 1206035 1206036 1206037
                        1206045 1206046 1206047 1206048 1206049 1206050 1206051 1206056
                        1206057 1206071 1206072 1206075 1206077 1206113 1206114 1206147
                        1206149 1206207 1206212 1206308 1206309 1206337 1206579 1206622
                        944832 CVE-2022-2602 CVE-2022-3176 CVE-2022-3491 CVE-2022-3520
                        CVE-2022-3566 CVE-2022-3567 CVE-2022-3591 CVE-2022-3635 CVE-2022-3643
                        CVE-2022-3705 CVE-2022-3707 CVE-2022-3903 CVE-2022-4095 CVE-2022-4129
                        CVE-2022-4139 CVE-2022-4141 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328
                        CVE-2022-42329 CVE-2022-42895 CVE-2022-42896 CVE-2022-4292 CVE-2022-4293
                        CVE-2022-43551 CVE-2022-43552 CVE-2022-4378 CVE-2022-43945 CVE-2022-4415
                        CVE-2022-45869 CVE-2022-45888 CVE-2022-45934 CVE-2022-46908 CVE-2022-47629
-----------------------------------------------------------------

The container suse-sles-15-sp4-chost-byos-v20230111-x86_64-gen2 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4585-1
Released:    Tue Dec 20 12:52:24 2022
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1065729,1156395,1164051,1184350,1189297,1190256,1193629,1194869,1202341,1203183,1203391,1203511,1203960,1204228,1204405,1204414,1204631,1204636,1204693,1204780,1204810,1204850,1205007,1205100,1205111,1205113,1205128,1205130,1205149,1205153,1205220,1205264,1205282,1205331,1205332,1205427,1205428,1205473,1205507,1205514,1205521,1205567,1205616,1205617,1205653,1205671,1205679,1205683,1205700,1205705,1205709,1205711,1205744,1205764,1205796,1205882,1205993,1206035,1206036,1206037,1206045,1206046,1206047,1206048,1206049,1206050,1206051,1206056,1206057,1206113,1206114,1206147,1206149,1206207,CVE-2022-2602,CVE-2022-3176,CVE-2022-3566,CVE-2022-3567,CVE-2022-3635,CVE-2022-3643,CVE-2022-3707,CVE-2022-3903,CVE-2022-4095,CVE-2022-4129,CVE-2022-4139,CVE-2022-41850,CVE-2022-41858,CVE-2022-42328,CVE-2022-42329,CVE-2022-42895,CVE-2022-42896,CVE-2022-4378,CVE-2022-43945,CVE-2022-45869,CVE-2022-45888,CVE-2022-45934
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

- CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
- CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114).
- CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113).
- CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113).
- CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631).
- CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960).
- CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
- CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
- CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
- CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220).
- CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which could cause a denial of service (bsc#1205882).
- CVE-2022-45888: Fixed a use-after-free during physical removal of a USB devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764).
- CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700).
- CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711)
- CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709).
- CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705).
- CVE-2022-3566: Fixed a race condition in the functions tcp_getsockopt/tcp_setsockopt. The manipulation leads to a race condition (bsc#1204405).
- CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228).
- CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391).
- CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780).

The following non-security bugs were fixed:

- ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (git-fixes).
- ACPI: HMAT: Fix initiator registration for single-initiator systems (git-fixes).
- ACPI: HMAT: remove unnecessary variable initialization (git-fixes).
- ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (git-fixes).
- ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (git-fixes).
- ALSA: dice: fix regression for Lexicon I-ONIX FW810S (git-fixes).
- ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes).
- ALSA: hda/hdmi - enable runtime pm for more AMD display audio (git-fixes).
- ALSA: hda/realtek: Add Positivo C6300 model quirk (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (git-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (bsc#1205100).
- ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (bsc#1205100).
- ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes).
- ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes).
- ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes).
- ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes).
- ALSA: usb-audio: Remove redundant workaround for Roland quirk (bsc#1205111).
- ALSA: usb-audio: Yet more regression for for the delayed card registration (bsc#1205111).
- ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue (git-fixes).
- ARM: at91: rm9200: fix usb device clock id (git-fixes).
- ARM: dts: am335x-pcm-953: Define fixed regulators in root node (git-fixes).
- ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (git-fixes).
- ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties (git-fixes).
- ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (git-fixes).
- ARM: dts: imx7: Fix NAND controller size-cells (git-fixes).
- ARM: mxs: fix memory leak in mxs_machine_init() (git-fixes).
- ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (git-fixes).
- ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (git-fixes).
- ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes).
- ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes).
- ASoC: codecs: jz4725b: fix capture selector naming (git-fixes).
- ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes).
- ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes).
- ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes).
- ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (git-fixes).
- ASoC: fsl_sai: use local device pointer (git-fixes).
- ASoC: max98373: Add checks for devm_kcalloc (git-fixes).
- ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (git-fixes).
- ASoC: ops: Fix bounds check for _sx controls (git-fixes).
- ASoC: rt1019: Fix the TDM settings (git-fixes).
- ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (git-fixes).
- ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes).
- ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes).
- ASoC: stm32: dfsdm: manage cb buffers cleanup (git-fixes).
- ASoC: tas2764: Fix set_tdm_slot in case of single slot (git-fixes).
- ASoC: tas2770: Fix set_tdm_slot in case of single slot (git-fixes).
- ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes).
- Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (git-fixes).
- Bluetooth: Fix not cleanup led when bt_init fails (git-fixes).
- Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (git-fixes).
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes).
- Decrease the number of SMB3 smbdirect client SGEs (bsc#1193629).
- Drivers: hv: Always reserve framebuffer region for Gen1 VMs (git-fixes).
- Drivers: hv: Fix syntax errors in comments (git-fixes).
- Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (git-fixes).
- Drivers: hv: fix repeated words in comments (git-fixes).
- Drivers: hv: remove duplicate word in a comment (git-fixes).
- Drivers: hv: vmbus: Accept hv_sock offers in isolated guests (git-fixes).
- Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
- Drivers: hv: vmbus: Do not wait for the ACPI device upon initialization (git-fixes).
- Drivers: hv: vmbus: Fix kernel-doc (git-fixes).
- Drivers: hv: vmbus: Optimize vmbus_on_event (git-fixes).
- Drivers: hv: vmbus: Release cpu lock in error case (git-fixes).
- Drivers: hv: vmbus: Use PCI_VENDOR_ID_MICROSOFT for better discoverability (git-fixes).
- Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
- Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).
- Drivers: hv: vmbus: fix typo in comment (git-fixes).
- Fix formatting of client smbdirect RDMA logging (bsc#1193629).
- HID: core: fix shift-out-of-bounds in hid_report_raw_event (git-fixes).
- HID: hid-lg4ff: Add check for empty lbuf (git-fixes).
- HID: hyperv: fix possible memory leak in mousevsc_probe() (git-fixes).
- HID: playstation: add initial DualSense Edge controller support (git-fixes).
- HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes).
- Handle variable number of SGEs in client smbdirect send (bsc#1193629).
- IB/hfi1: Correctly move list in sc_disable() (git-fixes)
- IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (git-fixes)
- Input: goodix - try resetting the controller when no config is set (git-fixes).
- Input: i8042 - fix leaking of platform device on module removal (git-fixes).
- Input: iforce - invert valid length check when fetching device IDs (git-fixes).
- Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() (git-fixes).
- Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] (git-fixes).
- Input: soc_button_array - add use_low_level_irq module parameter (git-fixes).
- Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (git-fixes).
- KVM: Move wiping of the kvm->vcpus array to common code (git-fixes).
- KVM: SEV: Mark nested locking of vcpu->lock (git-fixes).
- KVM: SVM: Disable SEV-ES support if MMIO caching is disable (git-fixes).
- KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported (git-fixes).
- KVM: SVM: adjust register allocation for __svm_vcpu_run() (git-fixes).
- KVM: SVM: move guest vmsave/vmload back to assembly (git-fixes).
- KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm (git-fixes).
- KVM: SVM: retrieve VMCB from assembly (git-fixes).
- KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL (git-fixes).
- KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (git-fixes).
- KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU (git-fixes).
- KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled (bsc#1205007).
- KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (git-fixes).
- KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1 (git-fixes).
- KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists (git-fixes).
- KVM: nVMX: Rename handle_vm{on,off}() to handle_vmx{on,off}() (git-fixes).
- KVM: s390: Add a routine for setting userspace CPU state (git-fixes jsc#PED-611).
- KVM: s390: Simplify SIGP Set Arch handling (git-fixes jsc#PED-611).
- KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes).
- KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes).
- KVM: x86/mmu: Fix wrong/misleading comments in TDP MMU fast zap (git-fixes).
- KVM: x86/mmu: WARN if old _or_ new SPTE is REMOVED in non-atomic path (git-fixes).
- KVM: x86/mmu: fix memoryleak in kvm_mmu_vendor_module_init() (git-fixes).
- KVM: x86/pmu: Fix and isolate TSX-specific performance event logic (git-fixes).
- KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog (git-fixes).
- KVM: x86/pmu: Use different raw event masks for AMD and Intel (git-fixes).
- KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (git-fixes).
- KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (git-fixes).
- KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (git-fixes).
- KVM: x86: Mask off reserved bits in CPUID.80000001H (git-fixes).
- KVM: x86: Mask off reserved bits in CPUID.80000006H (git-fixes).
- KVM: x86: Mask off reserved bits in CPUID.80000008H (git-fixes).
- KVM: x86: Mask off reserved bits in CPUID.8000001AH (git-fixes).
- KVM: x86: Report error when setting CPUID if Hyper-V allocation fails (git-fixes).
- KVM: x86: Retry page fault if MMU reload is pending and root has no sp (bsc#1205744).
- KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) (git-fixes).
- KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (git-fixes).
- KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (git-fixes).
- KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits (git-fixes).
- KVM: x86: avoid loading a vCPU after .vm_destroy was called (git-fixes).
- KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes).
- KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes).
- KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes).
- KVM: x86: emulator: update the emulation mode after rsm (git-fixes).
- KVM: x86: use a separate asm-offsets.c file (git-fixes).
- MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (git-fixes).
- NFC: nci: Bounds check struct nfc_target arrays (git-fixes).
- NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes).
- PCI: Move PCI_VENDOR_ID_MICROSOFT/PCI_DEVICE_ID_HYPERV_VIDEO definitions to pci_ids.h (git-fixes).
- PCI: hv: Add validation for untrusted Hyper-V values (git-fixes).
- PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (git-fixes).
- RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes)
- RDMA/cm: Use SLID in the work completion as the DLID in responder side (git-fixes)
- RDMA/cma: Use output interface for net_dev check (git-fixes)
- RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (git-fixes)
- RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes)
- RDMA/hfi1: Prevent use of lock before it is initialized (git-fixes)
- RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (git-fixes)
- RDMA/hns: Correct the type of variables participating in the shift operation (git-fixes)
- RDMA/hns: Disable local invalidate operation (git-fixes)
- RDMA/hns: Fix incorrect clearing of interrupt status register (git-fixes)
- RDMA/hns: Fix supported page size (git-fixes)
- RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (git-fixes)
- RDMA/hns: Remove magic number (git-fixes)
- RDMA/hns: Remove the num_cqc_timer variable (git-fixes)
- RDMA/hns: Remove the num_qpc_timer variable (git-fixes)
- RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes)
- RDMA/hns: Replace tab with space in the right-side comments (git-fixes)
- RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (git-fixes)
- RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (git-fixes)
- RDMA/irdma: Use s/g array in post send only when its valid (git-fixes)
- RDMA/mlx5: Set local port to one when accessing counters (git-fixes)
- RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (git-fixes)
- RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (git-fixes)
- RDMA/rtrs-srv: Fix modinfo output for stringify (git-fixes)
- RDMA/rxe: Limit the number of calls to each tasklet (git-fixes)
- RDMA/rxe: Remove useless pkt parameters (git-fixes)
- Reduce client smbdirect max receive segment size (bsc#1193629).
- SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297).
- SMB3: fix lease break timeout when multiple deferred close handles for the same file (bsc#1193629).
- USB: bcma: Make GPIO explicitly optional (git-fixes).
- USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes).
- USB: serial: option: add Sierra Wireless EM9191 (git-fixes).
- USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
- USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
- USB: serial: option: remove old LARA-R6 PID (git-fixes).
- arcnet: fix potential memory leak in com20020_probe() (git-fixes).
- arm64/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes).
- arm64: Add AMPERE1 to the Spectre-BHB affected list (git-fixes).
- arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (git-fixes)
- arm64: dts: imx8: correct clock order (git-fixes).
- arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes).
- arm64: dts: imx8mn: Fix NAND controller size-cells (git-fixes).
- arm64: dts: juno: Add thermal critical trip points (git-fixes).
- arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (git-fixes).
- arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (git-fixes).
- arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (git-fixes).
- arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (git-fixes).
- arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (git-fixes).
- arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (git-fixes).
- arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (git-fixes).
- arm64: dts: rockchip: add enable-strobe-pulldown to emmc phy on nanopi4 (git-fixes).
- arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (git-fixes).
- arm64: efi: Fix handling of misaligned runtime regions and drop warning (git-fixes).
- arm64: entry: avoid kprobe recursion (git-fixes).
- arm64: errata: Add Cortex-A55 to the repeat tlbi list (git-fixes). Enable CONFIG_ARM64_ERRATUM_2441007, too
- arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default
- arm64: fix rodata=full again (git-fixes)
- ata: libata-core: do not issue non-internal commands once EH is pending (git-fixes).
- ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (git-fixes).
- ata: libata-scsi: simplify __ata_scsi_queuecmd() (git-fixes).
- ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes).
- ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes).
- ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes).
- ata: libata-transport: fix error handling in ata_tport_add() (git-fixes).
- audit: fix undefined behavior in bit shift for AUDIT_BIT (git-fixes).
- blk-cgroup: fix missing put device in error path from blkg_conf_pref() (git-fixes).
- blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes).
- blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes).
- blk-mq: fix io hung due to missing commit_rqs (git-fixes).
- blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes).
- blktrace: Trace remapped requests correctly (git-fixes).
- block/rnbd-srv: Set keep_id to true after mutex_trylock (git-fixes).
- block: add bio_start_io_acct_time() to control start_time (git-fixes).
- block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (git-fixes).
- block: drop unused includes in <linux/genhd.h> (git-fixes).
- bridge: switchdev: Fix memory leaks when changing VLAN protocol (git-fixes).
- btrfs: check if root is readonly while setting security xattr (bsc#1206147).
- btrfs: do not allow compression on nodatacow files (bsc#1206149).
- btrfs: export a helper for compression hard check (bsc#1206149).
- btrfs: fix processing of delayed data refs during backref walking (bsc#1206056).
- btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057).
- btrfs: prevent subvol with swapfile from being deleted (bsc#1206035).
- btrfs: send: always use the rbtree based inode ref management infrastructure (bsc#1206036).
- btrfs: send: fix failures when processing inodes with no links (bsc#1206036).
- btrfs: send: fix send failure of a subcase of orphan inodes (bsc#1206036).
- btrfs: send: fix sending link commands for existing file paths (bsc#1206036).
- btrfs: send: introduce recorded_ref_alloc and recorded_ref_free (bsc#1206036).
- btrfs: send: refactor arguments of get_inode_info() (bsc#1206036).
- btrfs: send: remove unused found_type parameter to lookup_dir_item_inode() (bsc#1206036).
- btrfs: send: remove unused type parameter to iterate_inode_ref_t (bsc#1206036).
- btrfs: send: use boolean types for current inode status (bsc#1206036).
- bus: sunxi-rsb: Remove the shutdown callback (git-fixes).
- bus: sunxi-rsb: Support atomic transfers (git-fixes).
- ca8210: Fix crash by zero initializing data (git-fixes).
- can: af_can: fix NULL pointer dereference in can_rx_register() (git-fixes).
- can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes).
- can: etas_es58x: es58x_init_netdev(): free netdev when register_candev() (git-fixes).
- can: j1939: j1939_send_one(): fix missing CAN header initialization (git-fixes).
- can: m_can: Add check for devm_clk_get (git-fixes).
- can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods (git-fixes).
- can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes).
- capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (git-fixes).
- capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes).
- ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1206050).
- ceph: avoid putting the realm twice when decoding snaps fails (bsc#1206051).
- ceph: do not update snapshot context when there is no new snapshot (bsc#1206047).
- ceph: fix inode reference leakage in ceph_get_snapdir() (bsc#1206048).
- ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (bsc#1206049).
- ceph: properly handle statfs on multifs setups (bsc#1206045).
- ceph: switch netfs read ops to use rreq->inode instead of rreq->mapping->host (bsc#1206046).
- char: tpm: Protect tpm_pm_suspend with locks (git-fixes).
- cifs: Add constructor/destructors for tcon->cfid (bsc#1193629).
- cifs: Add helper function to check smb1+ server (bsc#1193629).
- cifs: Do not access tcon->cfids->cfid directly from is_path_accessible (bsc#1193629).
- cifs: Do not use tcon->cfid directly, use the cfid we get from open_cached_dir (bsc#1193629).
- cifs: Fix connections leak when tlink setup failed (git-fixes).
- cifs: Fix memory leak on the deferred close (bsc#1193629).
- cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1193629).
- cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (bsc#1193629).
- cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (bsc#1193629).
- cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1193629).
- cifs: Fix wrong return value checking when GETFLAGS (git-fixes).
- cifs: Fix xid leak in cifs_copy_file_range() (bsc#1193629).
- cifs: Fix xid leak in cifs_create() (bsc#1193629).
- cifs: Fix xid leak in cifs_flock() (bsc#1193629).
- cifs: Fix xid leak in cifs_get_file_info_unix() (bsc#1193629).
- cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1193629).
- cifs: Make tcon contain a wrapper structure cached_fids instead of cached_fid (bsc#1193629).
- cifs: Move cached-dir functions into a separate file (bsc#1193629).
- cifs: Replace a couple of one-element arrays with flexible-array members (bsc#1193629).
- cifs: Use after free in debug code (git-fixes).
- cifs: Use help macro to get the header preamble size (bsc#1193629).
- cifs: Use help macro to get the mid header size (bsc#1193629).
- cifs: add check for returning value of SMB2_close_init (git-fixes).
- cifs: add check for returning value of SMB2_set_info_init (git-fixes).
- cifs: add missing spinlock around tcon refcount (bsc#1193629).
- cifs: alloc_mid function should be marked as static (bsc#1193629).
- cifs: always initialize struct msghdr smb_msg completely (bsc#1193629).
- cifs: always iterate smb sessions using primary channel (bsc#1193629).
- cifs: avoid deadlocks while updating iface (bsc#1193629).
- cifs: avoid unnecessary iteration of tcp sessions (bsc#1193629).
- cifs: avoid use of global locks for high contention data (bsc#1193629).
- cifs: cache the dirents for entries in a cached directory (bsc#1193629).
- cifs: change iface_list from array to sorted linked list (bsc#1193629).
- cifs: destage dirty pages before re-reading them for cache=none (bsc#1193629).
- cifs: do not send down the destination address to sendmsg for a SOCK_STREAM (bsc#1193629).
- cifs: drop the lease for cached directories on rmdir or rename (bsc#1193629).
- cifs: during reconnect, update interface if necessary (bsc#1193629).
- cifs: enable caching of directories for which a lease is held (bsc#1193629).
- cifs: find and use the dentry for cached non-root directories also (bsc#1193629).
- cifs: fix double-fault crash during ntlmssp (bsc#1193629).
- cifs: fix lock length calculation (bsc#1193629).
- cifs: fix memory leaks in session setup (bsc#1193629).
- cifs: fix missing unlock in cifs_file_copychunk_range() (git-fixes).
- cifs: fix race condition with delayed threads (bsc#1193629).
- cifs: fix skipping to incorrect offset in emit_cached_dirents (bsc#1193629).
- cifs: fix small mempool leak in SMB2_negotiate() (bsc#1193629).
- cifs: fix static checker warning (bsc#1193629).
- cifs: fix uninitialised var in smb2_compound_op() (bsc#1193629).
- cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1193629).
- cifs: fix use-after-free on the link name (bsc#1193629).
- cifs: fix wrong unlock before return from cifs_tree_connect() (bsc#1193629).
- cifs: improve handlecaching (bsc#1193629).
- cifs: improve symlink handling for smb2+ (bsc#1193629).
- cifs: lease key is uninitialized in smb1 paths (bsc#1193629).
- cifs: lease key is uninitialized in two additional functions when smb1 (bsc#1193629).
- cifs: list_for_each() -> list_for_each_entry() (bsc#1193629).
- cifs: misc: fix spelling typo in comment (bsc#1193629).
- cifs: move from strlcpy with unused retval to strscpy (bsc#1193629).
- cifs: periodically query network interfaces from server (bsc#1193629).
- cifs: populate empty hostnames for extra channels (bsc#1193629).
- cifs: prevent copying past input buffer boundaries (bsc#1193629).
- cifs: remove 'cifs_' prefix from init/destroy mids functions (bsc#1193629).
- cifs: remove initialization value (bsc#1193629).
- cifs: remove minor build warning (bsc#1193629).
- cifs: remove redundant initialization to variable mnt_sign_enabled (bsc#1193629).
- cifs: remove remaining build warnings (bsc#1193629).
- cifs: remove some camelCase and also some static build warnings (bsc#1193629).
- cifs: remove unnecessary (void*) conversions (bsc#1193629).
- cifs: remove unnecessary locking of chan_lock while freeing session (bsc#1193629).
- cifs: remove unnecessary type castings (bsc#1193629).
- cifs: remove unused server parameter from calc_smb_size() (bsc#1193629).
- cifs: remove useless DeleteMidQEntry() (bsc#1193629).
- cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1193629).
- cifs: replace kfree() with kfree_sensitive() for sensitive data (bsc#1193629).
- cifs: return correct error in ->calc_signature() (bsc#1193629).
- cifs: return errors during session setup during reconnects (bsc#1193629).
- cifs: revalidate mapping when doing direct writes (bsc#1193629).
- cifs: secmech: use shash_desc directly, remove sdesc (bsc#1193629).
- cifs: set rc to -ENOENT if we can not get a dentry for the cached dir (bsc#1193629).
- cifs: skip extra NULL byte in filenames (bsc#1193629).
- cifs: store a pointer to a fid in the cfid structure instead of the struct (bsc#1193629).
- cifs: truncate the inode and mapping when we simulate fcollapse (bsc#1193629).
- cifs: update cifs_ses::ip_addr after failover (bsc#1193629).
- cifs: update internal module number (bsc#1193629).
- cifs: use ALIGN() and round_up() macros (bsc#1193629).
- cifs: use LIST_HEAD() and list_move() to simplify code (bsc#1193629).
- cifs: when a channel is not found for server, log its connection id (bsc#1193629).
- cifs: when insecure legacy is disabled shrink amount of SMB1 code (bsc#1193629).
- clocksource/drivers/hyperv: add data structure for reference TSC MSR (git-fixes).
- cpufreq: intel_pstate: Handle no_turbo in frequency invariance (jsc#PED-849).
- cpufreq: intel_pstate: Support Sapphire Rapids OOB mode (jsc#PED-849).
- cpuidle: intel_idle: Drop redundant backslash at line end (jsc#PED-1936).
- dm btree remove: fix use after free in rebalance_children() (git-fixes).
- dm crypt: make printing of the key constant-time (git-fixes).
- dm era: commit metadata in postsuspend after worker stops (git-fixes).
- dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes).
- dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes).
- dm raid: fix accesses beyond end of raid member array (git-fixes).
- dm stats: add cond_resched when looping over entries (git-fixes).
- dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes).
- dm: fix double accounting of flush with data (git-fixes).
- dm: interlock pending dm_io and dm_wait_for_bios_completion (git-fixes).
- dm: properly fix redundant bio-based IO accounting (git-fixes).
- dm: remove unnecessary assignment statement in alloc_dev() (git-fixes).
- dm: return early from dm_pr_call() if DM device is suspended (git-fixes).
- dm: revert partial fix for redundant bio-based IO accounting (git-fixes).
- dma-buf: fix racing conflict of dma_heap_add() (git-fixes).
- dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes).
- dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes).
- dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all (git-fixes).
- dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes).
- dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes).
- dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes).
- dmaengine: at_hdmac: Fix concurrency over descriptor (git-fixes).
- dmaengine: at_hdmac: Fix concurrency over the active list (git-fixes).
- dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all() (git-fixes).
- dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware (git-fixes).
- dmaengine: at_hdmac: Fix impossible condition (git-fixes).
- dmaengine: at_hdmac: Fix premature completion of desc in issue_pending (git-fixes).
- dmaengine: at_hdmac: Free the memset buf without holding the chan lock (git-fixes).
- dmaengine: at_hdmac: Protect atchan->status with the channel lock (git-fixes).
- dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending (git-fixes).
- dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes).
- dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes).
- dmaengine: ti: k3-udma-glue: fix memory leak when register device fail (git-fixes).
- docs, kprobes: Fix the wrong location of Kprobes (git-fixes).
- docs/core-api: expand Fedora instructions for GCC plugins (git-fixes).
- drm/amd/display: Add HUBP surface flip interrupt handler (git-fixes).
- drm/amdgpu: disable BACO on special BEIGE_GOBY card (git-fixes).
- drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() (git-fixes).
- drm/amdkfd: Migrate in CPU page fault use current mm (git-fixes).
- drm/amdkfd: avoid recursive lock in migrations back to RAM (git-fixes).
- drm/amdkfd: handle CPU fault on COW mapping (git-fixes).
- drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes).
- drm/hyperv: Add ratelimit on error message (git-fixes).
- drm/hyperv: Do not overwrite dirt_needed value set by host (git-fixes).
- drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes).
- drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes).
- drm/i915/sdvo: Setup DDC fully before output init (git-fixes).
- drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes).
- drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (git-fixes).
- drm/msm/hdmi: fix IRQ lifetime (git-fixes).
- drm/panel: simple: set bpc field for logic technologies displays (git-fixes).
- drm/rockchip: dsi: Force synchronous probe (git-fixes).
- drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes).
- drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (git-fixes).
- drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes).
- dt-bindings: power: gpcv2: add power-domains property (git-fixes).
- e1000e: Fix TX dispatch condition (git-fixes).
- e100: Fix possible use after free in e100_xmit_prepare (git-fixes).
- efi/tpm: Pass correct address to memblock_reserve (git-fixes).
- efi: random: Use 'ACPI reclaim' memory for random seed (git-fixes).
- efi: random: reduce seed size to 32 bytes (git-fixes).
- firmware: arm_scmi: Make Rx chan_setup fail on memory errors (git-fixes).
- firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes).
- firmware: coreboot: Register bus in module init (git-fixes).
- fm10k: Fix error handling in fm10k_init_module() (git-fixes).
- ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes).
- ftrace: Fix the possible incorrect kernel message (git-fixes).
- ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
- ftrace: Optimize the allocation for mcount entries (git-fixes).
- fuse: add file_modified() to fallocate (bsc#1205332).
- fuse: fix readdir cache race (bsc#1205331).
- gpio: amd8111: Fix PCI device reference count leak (git-fixes).
- hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes).
- hv_netvsc: Fix potential dereference of NULL pointer (git-fixes).
- hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850).
- hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes).
- hv_sock: Add validation for untrusted Hyper-V values (git-fixes).
- hv_sock: Check hv_pkt_iter_first_raw()'s return value (git-fixes).
- hv_sock: Copy packets sent by Hyper-V out of the ring buffer (git-fixes).
- hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes).
- hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes).
- hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes).
- hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes).
- hwmon: (ina3221) Fix shunt sum critical calculation (git-fixes).
- hwmon: (ltc2947) fix temperature scaling (git-fixes).
- i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes).
- i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set (git-fixes).
- i2c: npcm7xx: Fix error handling in npcm_i2c_init() (git-fixes).
- i2c: piix4: Fix adapter not be removed in piix4_remove() (git-fixes).
- i2c: tegra: Allocate DMA memory for DMA engine (git-fixes).
- i2c: xiic: Add platform module alias (git-fixes).
- ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes).
- ieee802154: cc2520: Fix error return code in cc2520_hw_init() (git-fixes).
- iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes).
- iio: adc: mp2629: fix potential array out of bound access (git-fixes).
- iio: adc: mp2629: fix wrong comparison of channel (git-fixes).
- iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes).
- iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes).
- iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes).
- iio: light: apds9960: fix wrong register for gesture gain (git-fixes).
- iio: light: rpr0521: add missing Kconfig dependencies (git-fixes).
- iio: ms5611: Simplify IO callback parameters (git-fixes).
- iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes).
- iio: pressure: ms5611: fixed value compensation bug (git-fixes).
- iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes).
- init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash (git-fixes).
- intel_idle: Add AlderLake support (jsc#PED-824).
- intel_idle: Fix SPR C6 optimization (jsc#PED-824 jsc#PED-1936).
- intel_idle: Fix the 'preferred_cstates' module parameter (jsc#PED-824 jsc#PED-1936).
- intel_idle: make SPR C1 and C1E be independent (jsc#PED-1936).
- io-wq: Remove duplicate code in io_workqueue_create() (bnc#1205113).
- io-wq: do not retry task_work creation failure on fatal conditions (bnc#1205113).
- io-wq: ensure we exit if thread group is exiting (git-fixes).
- io-wq: exclusively gate signal based exit on get_signal() return (git-fixes).
- io-wq: fix cancellation on create-worker failure (bnc#1205113).
- io-wq: fix silly logic error in io_task_work_match() (bnc#1205113).
- io_uring: correct __must_hold annotation (git-fixes).
- io_uring: drop ctx->uring_lock before acquiring sqd->lock (git-fixes).
- io_uring: ensure IORING_REGISTER_IOWQ_MAX_WORKERS works with SQPOLL (git-fixes).
- io_uring: fix io_timeout_remove locking (git-fixes).
- io_uring: fix missing mb() before waitqueue_active (git-fixes).
- io_uring: fix missing sigmask restore in io_cqring_wait() (git-fixes).
- io_uring: fix possible poll event lost in multi shot mode (git-fixes).
- io_uring: pin SQPOLL data before unlocking ring lock (git-fixes).
- ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
- kABI: Fix kABI after 'KVM: x86/pmu: Use different raw event masks for AMD and Intel' (git-fixes).
- kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693).
- kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes).
- mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes).
- mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes).
- mac80211: radiotap: Use BIT() instead of shifts (git-fixes).
- mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (git-fixes).
- macsec: Fix invalid error code set (git-fixes).
- macsec: add missing attribute validation for offload (git-fixes).
- macsec: clear encryption keys from the stack after setting up offload (git-fixes).
- macsec: delete new rxsc when offload fails (git-fixes).
- macsec: fix detection of RXSCs when toggling offloading (git-fixes).
- macsec: fix secy->n_rx_sc accounting (git-fixes).
- md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes).
- md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (git-fixes).
- md: Replace snprintf with scnprintf (git-fixes, bsc#1164051).
- media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes).
- media: dvb-frontends/drxk: initialize err to 0 (git-fixes).
- media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes).
- media: rkisp1: Do not pass the quantization to rkisp1_csm_config() (git-fixes).
- media: rkisp1: Initialize color space on resizer sink and source pads (git-fixes).
- media: rkisp1: Use correct macro for gradient registers (git-fixes).
- media: rkisp1: Zero v4l2_subdev_format fields in when validating links (git-fixes).
- media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes).
- media: v4l: subdev: Fail graciously when getting try data for NULL state (git-fixes).
- misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes).
- mmc: core: Fix ambiguous TRIM and DISCARD arg (git-fixes).
- mmc: core: properly select voltage range without power cycle (git-fixes).
- mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes).
- mmc: mmc_test: Fix removal of debugfs file (git-fixes).
- mmc: sdhci-brcmstb: Enable Clock Gating to save power (git-fixes).
- mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
- mmc: sdhci-brcmstb: Re-organize flags (git-fixes).
- mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check (git-fixes).
- mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA (git-fixes).
- mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
- mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes).
- mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes).
- mmc: sdhci-sprd: Fix no reset data and command after voltage switch (git-fixes).
- mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
- mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
- mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
- mtd: parsers: bcm47xxpart: Fix halfblock reads (git-fixes).
- mtd: parsers: bcm47xxpart: print correct offset on read error (git-fixes).
- mtd: spi-nor: intel-spi: Disable write protection only if asked (git-fixes).
- nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes).
- net/smc: Avoid overwriting the copies of clcsock callback functions (git-fixes).
- net/smc: Fix an error code in smc_lgr_create() (git-fixes).
- net/smc: Fix possible access to freed memory in link clear (git-fixes).
- net/smc: Fix possible leaked pernet namespace in smc_init() (git-fixes).
- net/smc: Fix slab-out-of-bounds issue in fallback (git-fixes).
- net/smc: Fix sock leak when release after smc_shutdown() (git-fixes).
- net/smc: Forward wakeup to smc socket waitqueue after fallback (git-fixes).
- net/smc: Only save the original clcsock callback functions (git-fixes).
- net/smc: Send directly when TCP_CORK is cleared (git-fixes).
- net/smc: kABI workarounds for struct smc_link (git-fixes).
- net/smc: kABI workarounds for struct smc_sock (git-fixes).
- net/smc: send directly on setting TCP_NODELAY (git-fixes).
- net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes).
- net: ethernet: nixge: fix NULL dereference (git-fixes).
- net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes).
- net: ethernet: ti: am65-cpsw: fix error handling in am65_cpsw_nuss_probe() (git-fixes).
- net: hyperv: remove use of bpf_op_t (git-fixes).
- net: mdio: fix unbalanced fwnode reference count in mdio_device_release() (git-fixes).
- net: mdiobus: fix unbalanced node reference count (git-fixes).
- net: phy: fix null-ptr-deref while probe() failed (git-fixes).
- net: phy: marvell: add sleep time after enabling the loopback bit (git-fixes).
- net: phy: mscc: macsec: clear encryption keys when freeing a flow (git-fixes).
- net: smsc95xx: add support for Microchip EVB-LAN8670-USB (git-fixes).
- net: stmmac: work around sporadic tx issue on link-up (git-fixes).
- net: thunderbolt: Fix error handling in tbnet_init() (git-fixes).
- net: thunderbolt: fix memory leak in tbnet_open() (git-fixes).
- net: thunderx: Fix the ACPI memory leak (git-fixes).
- net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes).
- net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type (git-fixes).
- net: wwan: iosm: fix kernel test robot reported error (git-fixes).
- nfc/nci: fix race with opening and closing (git-fixes).
- nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes).
- nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes).
- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes).
- nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes).
- nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes).
- nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes).
- nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (git-fixes).
- nilfs2: fix deadlock in nilfs_count_free_blocks() (git-fixes).
- nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (git-fixes).
- nilfs2: fix use-after-free bug of ns_writer on remount (git-fixes).
- nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (git-fixes).
- panic, kexec: make __crash_kexec() NMI safe (git-fixes).
- parport_pc: Avoid FIFO port location truncation (git-fixes).
- phy: ralink: mt7621-pci: add sentinel to quirks table (git-fixes).
- phy: stm32: fix an error code in probe (git-fixes).
- pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes).
- pinctrl: intel: Save and restore pins in 'direct IRQ' mode (git-fixes).
- pinctrl: rockchip: list all pins in a possible mux route for PX30 (git-fixes).
- pinctrl: single: Fix potential division by zero (git-fixes).
- platform/surface: aggregator: Do not check for repeated unsequenced packets (git-fixes).
- platform/x86/intel/pmt: Sapphire Rapids PMT errata fix (jsc#PED-2684 bsc#1205683).
- platform/x86/intel: hid: add quirk to support Surface Go 3 (git-fixes).
- platform/x86/intel: pmc: Do not unconditionally attach Intel PMC when virtualized (git-fixes).
- platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (git-fixes).
- platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (git-fixes).
- platform/x86: hp-wmi: Ignore Smart Experience App event (git-fixes).
- platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes).
- platform/x86: ideapad-laptop: Disable touchpad_switch (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 (git-fixes).
- powerpc/64: Fix build failure with allyesconfig in book3s_64_entry.S (bsc#1194869).
- powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395).
- powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395).
- powerpc/pseries/vas: Declare pseries_vas_fault_thread_fn() as static (bsc#1194869).
- proc: avoid integer type confusion in get_proc_long (git-fixes).
- proc: proc_skip_spaces() shouldn't think it is working on C strings (git-fixes).
- rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
- regulator: core: fix UAF in destroy_regulator() (git-fixes).
- regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes).
- regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes).
- ring-buffer: Include dropped pages in counting dirty patches (git-fixes).
- ring_buffer: Do not deactivate non-existant pages (git-fixes).
- s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205427 LTC#200502).
- s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (bsc#1205427 LTC#200502).
- s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501).
- s390: fix nospec table alignments (git-fixes).
- sched: Clear ttwu_pending after enqueue_task() (git fixes (sched/core)).
- sched: Disable sched domain debugfs creation on ppc64 unless sched_verbose is specified (bnc#1205653).
- scripts/faddr2line: Fix regression in name resolution on ppc64le (git-fixes).
- scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729).
- scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395).
- scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (git-fixes).
- scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes).
- scsi: qedf: Populate sysfs attributes for vport (git-fixes).
- scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes).
- scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
- scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes).
- scsi: storvsc: Fix typo in comment (git-fixes).
- scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
- scsi: storvsc: remove an extraneous 'to' in a comment (git-fixes).
- scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes).
- selftests/intel_pstate: fix build for ARCH=x86_64 (git-fixes).
- selftests: mptcp: fix mibit vs mbit mix up (git-fixes).
- selftests: mptcp: make sendfile selftest work (git-fixes).
- selftests: mptcp: more stable simult_flows tests (git-fixes).
- selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload (git-fixes).
- serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() (git-fixes).
- serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes).
- serial: 8250: Flush DMA Rx on RLSI (git-fixes).
- serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes).
- serial: 8250: omap: Flush PM QOS work on remove (git-fixes).
- serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes).
- serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes).
- serial: imx: Add missing .thaw_noirq hook (git-fixes).
- siox: fix possible memory leak in siox_device_add() (git-fixes).
- slimbus: stream: correct presence rate frequencies (git-fixes).
- smb2: small refactor in smb2_check_message() (bsc#1193629).
- smb3: Move the flush out of smb2_copychunk_range() into its callers (bsc#1193629).
- smb3: add dynamic trace points for tree disconnect (bsc#1193629).
- smb3: add trace point for SMB2_set_eof (bsc#1193629).
- smb3: allow deferred close timeout to be configurable (bsc#1193629).
- smb3: check xattr value length earlier (bsc#1193629).
- smb3: clarify multichannel warning (bsc#1193629).
- smb3: do not log confusing message when server returns no network interfaces (bsc#1193629).
- smb3: fix empty netname context on secondary channels (bsc#1193629).
- smb3: fix oops in calculating shash_setkey (bsc#1193629).
- smb3: fix temporary data corruption in collapse range (bsc#1193629).
- smb3: fix temporary data corruption in insert range (bsc#1193629).
- smb3: improve SMB3 change notification support (bsc#1193629).
- smb3: interface count displayed incorrectly (bsc#1193629).
- smb3: missing inode locks in punch hole (bsc#1193629).
- smb3: missing inode locks in zero range (bsc#1193629).
- smb3: must initialize two ACL struct fields to zero (bsc#1193629).
- smb3: remove unneeded null check in cifs_readdir (bsc#1193629).
- smb3: rename encryption/decryption TFMs (bsc#1193629).
- smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait (bsc#1193629).
- smb3: use netname when available on secondary channels (bsc#1193629).
- smb3: workaround negprot bug in some Samba servers (bsc#1193629).
- soc: imx8m: Enable OCOTP clock before reading the register (git-fixes).
- soundwire: intel: Initialize clock stop timeout (bsc#1205507).
- soundwire: qcom: check for outanding writes before doing a read (git-fixes).
- soundwire: qcom: reinit broadcast completion (git-fixes).
- speakup: fix a segfault caused by switching consoles (git-fixes).
- spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() (git-fixes).
- spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes).
- spi: stm32: Print summary 'callbacks suppressed' message (git-fixes).
- spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (git-fixes).
- spi: tegra210-quad: Fix duplicate resource error (git-fixes).
- thunderbolt: Add DP OUT resource when DP tunnel is discovered (git-fixes).
- tools: hv: Remove an extraneous 'the' (git-fixes).
- tools: hv: kvp: remove unnecessary (void*) conversions (git-fixes).
- tools: iio: iio_generic_buffer: Fix read size (git-fixes).
- tracing/ring-buffer: Have polling block on watermark (git-fixes).
- tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() (git-fixes).
- tracing: Fix memory leak in tracing_read_pipe() (git-fixes).
- tracing: Fix wild-memory-access in register_synth_event() (git-fixes).
- tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (git-fixes).
- tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() (git-fixes).
- tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() (git-fixes).
- tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (git-fixes).
- tty: serial: fsl_lpuart: do not break the on-going transfer when global reset (git-fixes).
- usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
- usb: cdns3: host: fix endless superspeed hub port reset (git-fixes).
- usb: cdnsp: Fix issue with Clear Feature Halt Endpoint (git-fixes).
- usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 (git-fixes).
- usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
- usb: dwc3: exynos: Fix remove() function (git-fixes).
- usb: dwc3: gadget: Clear ep descriptor last (git-fixes).
- usb: dwc3: gadget: Return -ESHUTDOWN on ep disable (git-fixes).
- usb: dwc3: gadget: conditionally remove requests (git-fixes).
- usb: smsc: use eth_hw_addr_set() (git-fixes).
- usb: typec: mux: Enter safe mode only when pins need to be reconfigured (git-fixes).
- usb: xhci-mtk: check boundary before check tt (git-fixes).
- usb: xhci-mtk: update fs bus bandwidth by bw_budget_table (git-fixes).
- usbnet: smsc95xx: Do not reset PHY behind PHY driver's back (git-fixes).
- v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI'
- video/fbdev/stifb: Implement the stifb_fillrect() function (git-fixes).
- virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes).
- vmxnet3: correctly report encapsulated LRO packet (git-fixes).
- vmxnet3: use correct intrConf reference when using extended queues (git-fixes).
- wifi: airo: do not assign -1 to unsigned char (git-fixes).
- wifi: ath11k: Fix QCN9074 firmware boot on x86 (git-fixes).
- wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() (git-fixes).
- wifi: cfg80211: do not allow multi-BSSID in S1G (git-fixes).
- wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes).
- wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes).
- wifi: cfg80211: silence a sparse RCU warning (git-fixes).
- wifi: mac80211: Fix ack frame idr leak when mesh has no route (git-fixes).
- wifi: mac80211: fix memory free error when registering wiphy fail (git-fixes).
- wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (git-fixes).
- wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes).
- wifi: wext: use flex array destination for memcpy() (git-fixes).
- wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute (git-fixes).
- wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute (git-fixes).
- wifi: wilc1000: validate number of channels (git-fixes).
- wifi: wilc1000: validate pairwise and authentication suite offsets (git-fixes).
- x86/Xen: streamline (and fix) PV CPU enumeration (git-fixes).
- x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037).
- x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
- x86/entry: Work around Clang __bdos() bug (git-fixes).
- x86/extable: Extend extable functionality (git-fixes).
- x86/fpu: Drop fpregs lock before inheriting FPU permissions (bnc#1205282).
- x86/futex: Remove .fixup usage (git-fixes).
- x86/hyperv: Disable hardlockup detector by default in Hyper-V guests (git-fixes).
- x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (git-fixes).
- x86/hyperv: Update 'struct hv_enlightened_vmcs' definition (git-fixes).
- x86/hyperv: fix invalid writes to MSRs during root partition kexec (git-fixes).
- x86/kexec: Fix double-free of elf header buffer (bsc#1205567).
- x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264).
- x86/uaccess: Implement macros for CMPXCHG on user addresses (git-fixes).
- xen/gntdev: Accommodate VMA splitting (git-fixes).
- xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes).
- xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes).
- xfs: convert XLOG_FORCED_SHUTDOWN() to xlog_is_shutdown() (git-fixes).
- xfs: fix perag reference leak on iteration race with growfs (git-fixes).
- xfs: fix xfs_ifree() error handling to not leak perag ref (git-fixes).
- xfs: reserve quota for dir expansion when linking/unlinking files (bsc#1205616).
- xfs: reserve quota for target dir expansion when renaming files (bsc#1205679).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4597-1
Released:    Wed Dec 21 10:13:11 2022
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1206308,1206309,CVE-2022-43551,CVE-2022-43552
This update for curl fixes the following issues:

- CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).
- CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308).

-----------------------------------------------------------------
Advisory ID: SUSE-feature-2022:4601-1
Released:    Wed Dec 21 12:23:59 2022
Summary:     Feature update for GNOME 41
Type:        feature
Severity:    moderate
References:  1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832
This update for GNOME 41 fixes the following issues:

atkmm1_6:

- Version update from 2.28.1 to 2.28.3 (jsc#PED-2235):
  * Meson build: Avoid unnecessary configuration warnings
  * Meson build: Perl is not required by new versions of mm-common
  * Meson build: Require meson >= 0.55.0
  * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson.
  * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build
  * Support building with Visual Studio 2022

eog:

- Version update from 41.1 to 41.2 (jsc#PED-2235):
  * eog-window: use correct type for display_profile
  * Fix discovery of Evince for multi-page images

evince:

- Version update 41.3 to 41.4 (jsc#PED-2235):
  * shell: Fix failures when thumbnail extraction takes too long
  * Fix build with meson 0.60.0 and newer

evolution:
    
- Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235)
    
evolution-data-center:

- Version update from 3.42.4 to 3.42.5 (jsc#PED-2235):
  * Google OAuth out-of-band (oob) flow will be deprecated

folks:

- Version update 0.15.3 to 0.15.5 (jsc#PED-2235):
  * vapi: Add missing generic type argument
  * Fix docs build against newer eds version
  * Fix build against newer eds version
  * Remove volatile keyword from tests

gcr:

- Version update 3.41.0 to 3.41.1 (jsc#PED-2235):
  * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands
  * Add gi-docgen dependency which is needed by the docs
  * Fix build with meson 0.60.0 and newer
  * Fix build without systemd 
  * Several CI fixes

geocode-glib:

- Version update from 3.26.2 to 3.26.4 (jsc#PED-2235):
   * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port
   * Add support for libsoup 3.x

gjs:

- Version update from 1.70.1 to 1.70.2 (jsc#PED-2235):
  * Build and compatibility fixes backported from the development branch
  * Reverse order of running-from-source checks
- Require xorg-x11-Xvfb for proper package build (bsc#1203274)


glib2:

- Version update from 2.70.4 to 2.70.5 (jsc#PED-2235):
  * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555
  * Split gtk-docs from -devel package, these are not needed during building projects using glib2


gnome-control-center:

- Fix the size of logo icon in About system (bsc#1200581)
- Version update from 41.4 to 41.7 (jsc#PED-2235):
  * Cellular: Remove duplicate line from .desktop
  * Info: Allow changing 'Device Name' by pressing 'Enter'
  * Info: Remove trailing space after CPU name
  * Keyboard: Fix crash resetting all keyboard shortcuts
  * Keyboard: Fix leaks
  * Network: Fix saving passwords for non-wifi connections
  * Network: Fix critical when opening VPN details page
  * Wacom: Fix leaks

gnome-desktop:

- Version update from 41.2 to 41.8 (jsc#PED-2235):
  * Version increase but no actual changes

gnome-music:

- Version update from 41.0 to 41.1 (jsc#PED-2235):
  * Ensure the correct album is played
  * Fix build with meson 0.61.0 and newer
  * Fix crash on empty selection
  * Fix incorrect playlist import
  * Fix time displayed in RTL languages
  * Improve async queue work
  * Make random shuffle actually random
  * Make shuffle random
  * Speed increase on first startup on larger collections
  * Time is reversed in RTL

gnome-remote-desktop:

- Version update from 41.2 to 41.3 (jsc#PED-2235):
  * Add Icelandic translation

gnome-session:

- Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867)
- Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882)
  
gnome-shell:

- Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832)
- Version update from 41.4 to 41.9 (jsc#PED-2235):
  * Allow extension updates with only Extension Manager installed
  * Allow more intermediate icon sizes in app grid
  * Disable workspace switching while in search.
  * Do not create systemd scope for D-Bus activated apps
  * Fix calendar to correctly align world clocks header in RTL
  * Fix drag placeholder position in dash in RTL locales
  * Fix edge case where windows stay dimmed after a modal is closed
  * Fix feedback when turning on a11y features by keyboard
  * Fix focus tracking in magnifier on wayland
  * Fix fractional timezone offsets in world clock
  * Fix glitches in overview transition
  * Fix logging in with realmd
  * Fix memory leak
  * Fix opening device settings for enterprise WPA networks
  * Fix programatically set scrollview fade
  * Fix regression in ibus support
  * Fix unresponsive top bar in overview when in fullscreen
  * Handle monitor changes during startup animation
  * Hide overview after 'Show Details' from app context menu
  * Improve Belgian on-screen keyboard layout
  * Improve CSS shadow appearance
  * Make sure startup animation completes
  * Misc. bug fixes and cleanups
  * Only close messages via delete key if they can be closed
  * Respect IM hint for candidates list in on-screen keyboard
    
gnome-software:

- Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832)
- Version update from 41.4 to 41.5 (jsc#PED-2235):
  * Added several appstream-related fixed
  * Disable scroll-by-mouse-wheel on featured carousel
  * Ensure details page shows app provided on command line


gnome-terminal:

- Version update from 3.42.2 to 3.42.3 (jsc#PED-2235):
  * Fix build with meson 0.61.0 and newer
  * window: Use a normal menu for the popup menu

gnome-user-docs:

- Version update from 41.1 to 41.5 (jsc#PED-2235):
  * Added missing icon for network-wired-symbolic

gspell:

- Version update from 1.8.4 to 1.10.0 (jsc#PED-2235):
  * Build: distribute more files in tarballs
  * Documentation improvements

gtkmm3:

- Version update from 3.24.5 to 3.24.6 (jsc#PED-2235):
  * Build with Meson: MSVC build: Support Visual Studio 2022
  * Check if Perl is required for building documentation
  * Don't use deprecated python3.path() and execute (..., gui_app...)
  * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler
  * Object::_release_c_instance(): Unref orphan managed widgets
  * SizeGroup demo: Set active items in the combo boxs, so something is shown
  * Specify 'check' option in run_command()

gtk-vnc:

- Version update from 1.3.0 to 1.3.1 (jsc#PED-2235):
  * Add 'check' arg to meson run_command()
  * Fix invalid use of subprojects with meson
  * Support ZRLE encoding for zero size alpha cursors

gupnp-av:

- Version update from 0.12.11 to 0.14.1 (jsc#PED-2235):
  * Add utility function to format GDateTime to the iso variant DIDL expects
  * Allow to be used as a subproject
  * Drop autotools
  * Fix stripping @refID
  * Fix unsetting subtitleFileType
  * Make Feature derivable again
  * Obsolete code removal.
  * Port to modern GObject
  * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead.
  * Switch to meson build system, following upstream
- Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library
- Conflict with the wrongly provided libgupnp-av-1_0-2
  
gvfs:

- Version update from 1.48.1 to 1.48.2 (jsc#PED-2235):
  * sftp: Adapt on new OpenSSH password prompts
  * smb: Rework anonymous handling to avoid EINVAL
  * smb: Ignore EINVAL for kerberos/ccache login

libgsf:

- Version update from 1.14.48 to 1.14.50 (jsc#PED-2235):
  * Fix error handling problem when writing ole files
  * Fix problems with non-western text in OLE properties
  * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available

libmediaart:

- Version update from 1.9.5 to 1.9.6 (jsc#PED-2235):
  * build: Add introspection/vapi/tests options
  * build: Use library() to optionally build a static library

libnma:

- Version update from 1.8.32 to 1.8.40 (jsc#PED-2235):
  * Ad-Hoc networks now default to using WPA2 instead of WEP
  * Add possibility of building libnma-gtk4 library with Gtk4 support
  * Do not allow setting empty 802.1x domain for EAP TLS
  * Fixed keyboard accelerator for certificate chooser
  * Fixed libnma-gtk4 version of mobile-wizard
  * Include OWE wireless security option
  * The GtkBuilder files for Gtk4 are now included in the release tarball
  * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status
- New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel
- Split out documentation files in own docs sub-package

libnotify:

- Version update from 0.7.10 to 0.7.12 (jsc#PED-2235):
  * Delete unused notifynotification.xml
  * Fix potential build errors with old glib version we require
  * docs/notify-send: Add --transient option to manpage
  * notification: Bookend calling NotifyActionCallback with temporary reference
  * notification: Include sender-pid hint by default if not provided
  * notify-send: Add debug message about server not supporting persistence
  * notify-send: Add explicit option to create transient notifications
  * notify-send: Add support for boolean hints
  * notify-send: Move server capabilities check to a separate function
  * notify-send: Support passing any hint value, by parsing variant strings

libpeas:

- Version update from 1.30.0 to 1.32.0 (jsc#PED-2235):
  * Icon licenses have been corrected
  * Parallel build system operation fixes
  * Use gi-docgen for documentation
  * Various build warnings squashed
  * Various GIR data that should not have been exported was removed
- Stop packaging the demo files/sub-package

librsvg:

- Version update from 2.52.6 to 2.52.9 (jsc#PED-2235):
  * Catch circular references when rendering patterns
  * Fix regressions when computing element geometries
  * Fix regression outputting all text as paths

libsecret:

- Version update from 0.20.4 to 0.20.5 (jsc#PED-2235):
  * Add bash-completion for secret-tool
  * Add locking capabilities to secret tool
  * Add support for TPM2 based secret storage
  * Create default collection after DBus.Error.UnknownObject
  * Detect local storage in snaps in the same way as flatpaks
  * Drop autotools-based build
  * GI annotation and documentation fixes
  * Port documentation to gi-docgen
  * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask
  * secret-file-backend: Avoid closing the same file descriptor twice

mutter:

- Version update from 41.5 to 41.9 (jsc#PED-2235):
  * Fix '--replace option'
  * Fix missing root window properties after XWayland start
  * Fix night light without GAMMA_LUT property
  * KMS: Survive missing GAMMA_LUT property
  * wayland: Fix rotation transform
  * Misc. bug fixes

nautilus:

- Version update from 41.2 to 41.5(jsc#PED-2235):
  * Drag-and-drop bugfixes
  * HighContrast style fixes

orca:

- Version update from 41.1 to 41.3 (jsc#PED-2235):
  * Add more event-flood detection and handling for improved performance
  * Fix bug causing accessing preferences to fail for Esperanto
  * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over
  * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant)
  * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x

python-cairo:

- Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo

python-gobject:

- Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584)
  
- Version update from 3.42.0 to 3.42.2 (jsc#PED-2235):
  * Add a workaround for a PyPy 3.9+ bug when threads are used
  * Do not error out for unknown scopes
  * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases
  * Fix a crash/refcounting error in case marshaling a hash table fails
  * Fix crashes when marshaling zero terminated arrays for certain item types
  * Implement DynamicImporter.find_spec() to silence deprecation warning
  * Make the test suite pass again with PyPy
  * Some test/CI fixes
  * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4
  * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4
  * interface: Fix leak when overriding GInterfaceInfo
  * setup.py: look up pycairo headers without importing the module

trackers-python:

- Allow system calls used by gstreamer (bsc#1196205)
- Version update from 3.2.2 to 3.2.1 (jsc#PED-2235):
  * Backport seccomp rules for rseq and mbind syscalls

vala:

- Version update from 0.54.6 to 0.54.8 (jsc#PED-2235):
  * Add missing TraverseVisitor.visit_data_type()
  * Add support for 'copy_/free_function' metadata for compact classes
  * Catch and throw possible inner error of lock statements
  * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore
  * Don't count instance-parameter when checking for backwards closure reference
  * Fix a few binding errors
  * Free empty stack list for code contexts
  * Handle duplicated and unnamed symbols.
  * Improve UI parsing and handling of nested objects and properties
  * Make sure to drop our 'trap' jump target in case of an error
  * Move dynamic property errors to semantic analyzer pass
  * Require lvalue access of delegate target/destroy 'fields'
  * Show source location when reporting deprecations
  * Transform assignment of an array element as needed
  * manual: Update from wiki.gnome.org
  * parser: Improve handling of nullable VarType in with-statement
  * parser: Reduce the source reference of main block method to its beginning

xdg-desktop-portal-gnome:

- Version update from 0.54.6 to 0.54.8 (jsc#PED-2235):
  * Properly bind property in Lockdown portal

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4618-1
Released:    Fri Dec 23 13:02:31 2022
Summary:     Recommended update for catatonit
Type:        recommended
Severity:    moderate
References:  
This update for catatonit fixes the following issues:

Update to catatonit v0.1.7:

- This release adds the ability for catatonit to be used as the only
  process in a pause container, by passing the -P flag (in this mode no
  subprocess is spawned and thus no signal forwarding is done). 

Update to catatonit v0.1.6:

- which fixes a few bugs -- mainly ones related to socket activation
  or features somewhat adjacent to socket activation (such as passing
  file descriptors).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4628-1
Released:    Wed Dec 28 09:23:13 2022
Summary:     Security update for sqlite3
Type:        security
Severity:    moderate
References:  1206337,CVE-2022-46908
This update for sqlite3 fixes the following issues:

- CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, 
  when relying on --safe for execution of an untrusted CLI script (bsc#1206337).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4629-1
Released:    Wed Dec 28 09:24:07 2022
Summary:     Security update for systemd
Type:        security
Severity:    important
References:  1200723,1205000,CVE-2022-4415
This update for systemd fixes the following issues:

- CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).

Bug fixes:

- Support by-path devlink for multipath nvme block devices (bsc#1200723).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4631-1
Released:    Wed Dec 28 09:29:15 2022
Summary:     Security update for vim
Type:        security
Severity:    important
References:  1204779,1205797,1206028,1206071,1206072,1206075,1206077,CVE-2022-3491,CVE-2022-3520,CVE-2022-3591,CVE-2022-3705,CVE-2022-4141,CVE-2022-4292,CVE-2022-4293
This update for vim fixes the following issues:

Updated to version 9.0.1040:

- CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028).
- CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071).
- CVE-2022-3591: vim: Use After Free (bsc#1206072).
- CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075).
- CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077).
- CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797).
- CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:25-1
Released:    Thu Jan  5 09:51:41 2023
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

Version update from 2022f to 2022g (bsc#1177460):

- In the Mexican state of Chihuahua:
  * The border strip near the US will change to agree with nearby US locations on 2022-11-30.
  * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules,
    like El Paso, TX.
  * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX.
  * A new Zone America/Ciudad_Juarez splits from America/Ojinaga.
- Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving
  time becomes standard time.
- Changes for pre-1996 northern Canada
- Update to past DST transition in Colombia (1993), Singapore (1981)
- 'timegm' is now supported by default

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:37-1
Released:    Fri Jan  6 15:35:49 2023
Summary:     Security update for ca-certificates-mozilla
Type:        security
Severity:    important
References:  1206212,1206622
This update for ca-certificates-mozilla fixes the following issues:

- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
  Removed CAs:
  - Global Chambersign Root
  - EC-ACC
  - Network Solutions Certificate Authority
  - Staat der Nederlanden EV Root CA
  - SwissSign Platinum CA - G2
  Added CAs:
  - DIGITALSIGN GLOBAL ROOT ECDSA CA
  - DIGITALSIGN GLOBAL ROOT RSA CA
  - Security Communication ECC RootCA1
  - Security Communication RootCA3
  Changed trust:
  - TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022'
  and it is not clear how many certs were issued for SSL middleware by TrustCor:
  - TrustCor RootCert CA-1
  - TrustCor RootCert CA-2
  - TrustCor ECA-1

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:41-1
Released:    Mon Jan  9 10:23:07 2023
Summary:     Recommended update for kdump
Type:        recommended
Severity:    important
References:  1144337,1191410,1204000,1204743
This update for kdump fixes the following issues:

- Make the kdump-save.service reboot after kdump-save is finished (bsc#1204000)
- Fix renaming of qeth interfaces (bsc#1204743, bsc#1144337)
- Rebuild initrd image after migration on ppc64 architecture (bsc#1191410)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:45-1
Released:    Mon Jan  9 10:32:26 2023
Summary:     Recommended update for libxml2
Type:        recommended
Severity:    moderate
References:  1204585
This update for libxml2 fixes the following issues:

- Add W3C conformance tests to the testsuite (bsc#1204585):
  * Added file xmlts20080827.tar.gz 

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:48-1
Released:    Mon Jan  9 10:37:54 2023
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    moderate
References:  1199467
This update for libtirpc fixes the following issues:

- Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:50-1
Released:    Mon Jan  9 10:42:21 2023
Summary:     Recommended update for shadow
Type:        recommended
Severity:    moderate
References:  1205502
This update for shadow fixes the following issues:

- Fix issue with user id field that cannot be interpreted (bsc#1205502)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:51-1
Released:    Mon Jan  9 10:42:58 2023
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    moderate
References:  1195391,1200107,1203092,1204423
This update for suse-module-tools fixes the following issues:

- 80-hotplug-cpu-mem.rules: Restrict udev rule for Hotplug physical CPU to x86_64 architecture (bsc#1204423)
- driver-check.sh, unblacklist: Convert `egrep` to `grep -E` (bsc#1203092)
- driver-check.sh: Avoid false positive error messages (bsc#1200107)
- kernel-scriptlets: Don't pass flags to weak-modules2 (bsc#1195391)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:52-1
Released:    Mon Jan  9 10:43:57 2023
Summary:     Recommended update for xfsprogs
Type:        recommended
Severity:    moderate
References:  1205266,1205272,1205284,1205377
This update for xfsprogs fixes the following issues:

- mkfs: don't trample the gid set in the protofile (bsc#1205266)
- mkfs: prevent corruption of passed-in suboption string values (bsc#1205377)
- mkfs: terminate getsubopt arrays properly (bsc#1205284)
- xfs_repair: ignore empty xattr leaf blocks (bsc#1205272)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:56-1
Released:    Mon Jan  9 11:13:43 2023
Summary:     Security update for libksba
Type:        security
Severity:    moderate
References:  1206579,CVE-2022-47629
This update for libksba fixes the following issues:

- CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL
  signature parser (bsc#1206579).


The following package changes have been done:

- ca-certificates-mozilla-2.60-150200.27.1 updated
- catatonit-0.1.7-150300.10.3.1 updated
- curl-7.79.1-150400.5.12.1 updated
- kdump-1.0.2+git18.g615d6ab-150400.3.8.1 updated
- kernel-default-5.14.21-150400.24.38.1 updated
- libcurl4-7.79.1-150400.5.12.1 updated
- libglib-2_0-0-2.70.5-150400.3.3.1 updated
- libksba8-1.3.5-150000.4.6.1 updated
- libsqlite3-0-3.39.3-150000.3.20.1 updated
- libsystemd0-249.12-150400.8.16.1 updated
- libtirpc-netconfig-1.2.6-150300.3.17.1 updated
- libtirpc3-1.2.6-150300.3.17.1 updated
- libudev1-249.12-150400.8.16.1 updated
- libxml2-2-2.9.14-150400.5.13.1 updated
- login_defs-4.8.1-150400.10.3.1 updated
- shadow-4.8.1-150400.10.3.1 updated
- suse-module-tools-15.4.15-150400.3.5.1 updated
- systemd-sysvinit-249.12-150400.8.16.1 updated
- systemd-249.12-150400.8.16.1 updated
- timezone-2022g-150000.75.18.1 updated
- udev-249.12-150400.8.16.1 updated
- vim-data-common-9.0.1040-150000.5.31.1 updated
- vim-9.0.1040-150000.5.31.1 updated
- xfsprogs-5.13.0-150400.3.3.1 updated


More information about the sle-security-updates mailing list