SUSE-IU-2022:29-1: Security update of suse-sles-15-sp2-chost-byos-v20220126-hvm-ssd-x86_64

sle-updates at lists.suse.com sle-updates at lists.suse.com
Fri Jan 28 07:28:58 UTC 2022


SUSE Image Update Advisory: suse-sles-15-sp2-chost-byos-v20220126-hvm-ssd-x86_64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2022:29-1
Image Tags        : suse-sles-15-sp2-chost-byos-v20220126-hvm-ssd-x86_64:20220126
Image Release     : 
Severity          : critical
Type              : security
References        : 1014440 1027496 1027519 1029961 1029961 1065729 1071559 1071995
                        1085030 1094840 1113013 1113225 1119963 1121268 1122417 1125886
                        1133021 1139944 1145676 1145802 1151927 1152489 1152489 1152489
                        1153275 1153953 1154353 1154353 1154355 1156395 1157177 1160242
                        1160414 1161276 1161907 1162581 1164565 1166780 1167773 1168104
                        1168994 1169263 1169514 1169614 1170269 1171479 1172073 1172863
                        1172973 1172974 1173411 1173604 1174320 1174504 1174504 1175626
                        1175656 1175892 1176242 1176536 1176544 1176545 1176546 1176548
                        1176558 1176559 1176940 1176940 1176956 1177315 1177315 1177315
                        1177315 1177440 1177460 1177751 1177789 1178236 1178270 1178490
                        1179211 1179424 1179426 1179427 1179599 1179960 1180064 1180125
                        1180125 1181148 1181507 1181710 1182057 1182057 1182653 1183085
                        1183374 1183534 1183540 1183858 1183897 1183905 1184209 1184454
                        1184673 1185232 1185232 1185261 1185261 1185441 1185441 1185464
                        1185464 1185464 1185464 1185588 1185621 1185621 1185726 1185762
                        1185768 1185902 1185961 1185961 1185961 1186004 1186063 1187071
                        1187153 1187167 1187190 1187196 1187260 1187260 1187273 1187338
                        1187541 1187654 1187668 1187696 1187696 1187993 1188160 1188161
                        1188401 1188563 1188601 1188623 1188713 1188727 1188921 1189126
                        1189158 1189241 1189287 1189769 1189792 1189803 1189841 1189874
                        1189983 1189984 1190006 1190067 1190325 1190326 1190349 1190351
                        1190356 1190375 1190440 1190479 1190523 1190552 1190620 1190642
                        1190795 1190795 1190941 1190984 1191200 1191229 1191241 1191252
                        1191260 1191271 1191286 1191315 1191317 1191324 1191349 1191363
                        1191370 1191384 1191449 1191450 1191451 1191452 1191455 1191456
                        1191480 1191500 1191504 1191563 1191566 1191609 1191628 1191675
                        1191690 1191690 1191731 1191736 1191790 1191793 1191800 1191804
                        1191851 1191876 1191922 1191934 1191958 1191958 1191961 1191980
                        1191987 1192040 1192041 1192045 1192107 1192145 1192146 1192161
                        1192214 1192229 1192248 1192267 1192267 1192273 1192284 1192328
                        1192337 1192436 1192489 1192507 1192511 1192549 1192554 1192557
                        1192559 1192569 1192606 1192688 1192717 1192718 1192740 1192745
                        1192750 1192753 1192781 1192802 1192845 1192847 1192849 1192877
                        1192896 1192906 1192918 1192946 1192969 1192987 1192990 1192998
                        1193002 1193042 1193169 1193170 1193181 1193255 1193306 1193318
                        1193349 1193436 1193440 1193442 1193480 1193481 1193512 1193521
                        1193660 1193669 1193711 1193727 1193767 1193845 1193901 1193927
                        1194001 1194087 1194094 1194162 1194251 1194302 1194362 1194474
                        1194476 1194477 1194478 1194479 1194480 1194516 1194517 1194529
                        1194593 1194888 1194985 CVE-2016-10228 CVE-2016-2124 CVE-2019-20838
                        CVE-2020-10713 CVE-2020-12762 CVE-2020-14155 CVE-2020-25717 CVE-2020-25717
                        CVE-2020-27820 CVE-2020-27825 CVE-2020-29361 CVE-2021-0941 CVE-2021-20322
                        CVE-2021-23192 CVE-2021-25219 CVE-2021-28702 CVE-2021-28704 CVE-2021-28705
                        CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 CVE-2021-28711
                        CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-31799
                        CVE-2021-31810 CVE-2021-31916 CVE-2021-32066 CVE-2021-33098 CVE-2021-3426
                        CVE-2021-34981 CVE-2021-3542 CVE-2021-3655 CVE-2021-3715 CVE-2021-37159
                        CVE-2021-3733 CVE-2021-3737 CVE-2021-3760 CVE-2021-37600 CVE-2021-3772
                        CVE-2021-3896 CVE-2021-4001 CVE-2021-4002 CVE-2021-4083 CVE-2021-4135
                        CVE-2021-4149 CVE-2021-41864 CVE-2021-4197 CVE-2021-42008 CVE-2021-4202
                        CVE-2021-42252 CVE-2021-42739 CVE-2021-42771 CVE-2021-43056 CVE-2021-43389
                        CVE-2021-43527 CVE-2021-43618 CVE-2021-43784 CVE-2021-43975 CVE-2021-43976
                        CVE-2021-44733 CVE-2021-45485 CVE-2021-45486 CVE-2021-45960 CVE-2021-46143
                        CVE-2022-0185 CVE-2022-0322 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824
                        CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 
-----------------------------------------------------------------

The container suse-sles-15-sp2-chost-byos-v20220126-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:32-1
Released:    Tue Jan  8 13:03:20 2019
Summary:     Recommended update for librdkafka
Type:        recommended
Severity:    moderate
References:  1119963

This update ships librdkafka 0.11.6 to SUSE Linux Enterprise Server 15.

librdkafka is a C library implementation of the Apache Kafka protocol,
containing both Producer and Consumer support.


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2197-1
Released:    Thu Aug 22 14:35:12 2019
Summary:     Recommended update for shim
Type:        recommended
Severity:    moderate
References:  1145676,1145802
This update for shim fixes the following issues:

- Fixes an issue where shim-install crashed (bsc#1145802, bsc#1145676)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2629-1
Released:    Mon Sep 14 18:12:01 2020
Summary:     Security update for shim
Type:        security
Severity:    moderate
References:  1113225,1121268,1153953,1168104,1168994,1173411,1174320,1175626,1175656,CVE-2020-10713
This update for shim fixes the following issues:

This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by
disallowing binaries signed by the previous SUSE UEFI signing key from booting.

This update should only be installed after updates of grub2, the Linux kernel and (if used)
Xen from July / August 2020 are applied.


Changes:

Use vendor-dbx to block old SUSE/openSUSE signkeys (bsc#1168994)

+ Add dbx-cert.tar.xz which contains the certificates to block
  and a script, generate-vendor-dbx.sh, to generate
  vendor-dbx.bin
+ Add vendor-dbx.bin as the vendor dbx to block unwanted keys


- Update the path to grub-tpm.efi in shim-install (bsc#1174320)
- Only check EFI variable copying when Secure Boot is enabled (bsc#1173411)
- Use the full path of efibootmgr to avoid errors when invoking
  shim-install from packagekitd (bsc#1168104)
- shim-install: add check for btrfs is used as root file system to enable
  relative path lookup for file. (bsc#1153953) 
- shim-install: install MokManager to \EFI\boot to process the
  pending MOK request (bsc#1175626, bsc#1175656)


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2971-1
Released:    Tue Oct 20 16:41:36 2020
Summary:     Recommended update for shim-susesigned
Type:        recommended
Severity:    moderate
References:  1177315


This update contains changes needed for Common criteria certification.

shim:

* add a temporary shim loader EFI signed by SUSE that contains additional checks of Extended Key Usage for Codesigning (bsc#1177315)

The Common Criteria system role for 15-SP2 was adjusted:

* Configure alternative shim (bsc#1177315)
* Remove curve25519-sha256 at libssh.org as it doesn't work in fips mode
* doc: logrotate is started via timer


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3046-1
Released:    Tue Oct 27 14:41:21 2020
Summary:     Recommended update for shim-susesigned
Type:        recommended
Severity:    moderate
References:  1177315
This update for shim-susesigned fixes the following issues:

- Fix a buffer use-after-free at the end of the EKU verification in shim-susesigned (bsc#1177315)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1564-1
Released:    Tue May 11 13:29:55 2021
Summary:     Security update for shim
Type:        security
Severity:    important
References:  1177315,1182057,1185464
This update for shim fixes the following issues:

- Update to the unified shim binary for SBAT support (bsc#1182057)
  + Merged EKU codesign check (bsc#1177315)
- shim-install: Always assume 'removable' for Azure to avoid the endless reset loop (bsc#1185464).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1702-1
Released:    Tue May 25 09:53:56 2021
Summary:     Recommended update for shim
Type:        recommended
Severity:    moderate
References:  1185464,1185961
This update for shim fixes the following issues:

- shim-install: instead of assuming 'removable' for Azure, remove fallback.efi from \EFI\Boot and copy grub.efi/cfg to \EFI\Boot
  to make \EFI\Boot bootable and keep the boot option created by efibootmgr (bsc#1185464, bsc#1185961)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1882-1
Released:    Tue Jun  8 13:25:36 2021
Summary:     Recommended update for shim
Type:        recommended
Severity:    moderate
References:  1185464,1185961
This update for shim fixes the following issues:

- shim-install: remove the unexpected residual 'removable' label
  for Azure (bsc#1185464, bsc#1185961)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2465-1
Released:    Fri Jul 23 14:56:48 2021
Summary:     Recommended update for shim
Type:        recommended
Severity:    moderate
References:  1185232,1185261,1185441,1185621,1187071,1187260,1187696
This update for shim fixes the following issues:

Update to shim to 15.4-4.7.1, Version: 15.4, 'Thu Jul 15 2021'
Update the SLE signatures

Includes fixes for various bugs in MOK handling and booting
(bsc#1187696, bsc#1185261, bsc#1185441, bsc#1187071, bsc#1185621,
bsc#1185261, bsc#1185232, bsc#1185261, bsc#1187260, bsc#1185232)

Remove shim-install because the shim-install is updated in the RPM.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2974-1
Released:    Tue Sep  7 17:17:23 2021
Summary:     Recommended update for librdkafka
Type:        recommended
Severity:    important
References:  1189792
This update for librdkafka fixes the following issue:

- Fixed thread creation on SUSE Linux Enterprise Server 15 SP3. (bsc#1189792)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3224-1
Released:    Fri Sep 24 11:34:33 2021
Summary:     Recommended update for shim-susesigned
Type:        recommended
Severity:    moderate
References:  1177315,1177789,1182057,1184454,1185232,1185261,1185441,1185464,1185621,1185961,1187260,1187696
This update for shim-susesigned fixes the following issues:

Sync with Microsoft signed shim to Thu Jul 15 08:13:26 UTC 2021.

This update addresses the 'susesigned' shim component.

shim was updated to 15.4 (bsc#1182057)

- console: Move the countdown function to console.c 
- fallback: show a countdown menu before reset 
- MOK: Fix the missing vendor cert in MokListRT  
- mok: fix the mirroring of RT variables
- Add the license change statement for errlog.c and mok.c
- Remove a couple of incorrect license claims.
- MokManager: Use CompareMem on MokListNode.Type instead of CompareGuid
- Make EFI variable copying fatal only on secureboot enabled systems
- Remove call to TPM2 get_event_log
- tpm: Fix off-by-one error when calculating event size
- tpm: Define EFI_VARIABLE_DATA_TREE as packed
- tpm: Don't log duplicate identical events
- VLogError(): Avoid NULL pointer dereferences in (V)Sprint calls
- OpenSSL: always provide OBJ_create() with name strings.
- translate_slashes(): don't write to string literals
- Fix a use of strlen() instead of Strlen()
- shim: Update EFI_LOADED_IMAGE with the second stage loader file path
- tpm: Include information about PE/COFF images in the TPM Event Log
- Fix a broken tpm type
- All newly released openSUSE kernels enable kernel lockdown
  and signature verification, so there is no need to add the
  prompt anymore.
- Fix the NULL pointer dereference in AuthenticodeVerify()
- Remove the build ID to make the binary reproducible when building with AArch64 container
- Prevent the build id being added to the binary. That can cause issues with the signature
- Allocate MOK config table as BootServicesData to avoid the error message from linux kernel
- Handle ignore_db and user_insecure_mode correctly (bsc#1185441)
- Relax the maximum variable size check for u-boot
- Relax the check for import_mok_state() when Secure Boot is off
- Relax the check for the LoadOptions length
- Fix the size of rela* sections for AArch64
- Disable exporting vendor-dbx to MokListXRT
- Don't call QueryVariableInfo() on EFI 1.10 machines
- Avoid buffer overflow when copying the MOK config table
- Avoid deleting the mirrored RT variables
- Update to 15.3 for SBAT support (bsc#1182057)
- Generate vender-specific SBAT metadata
- Rename the SBAT variable and fix the self-check of SBAT
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
  vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
  the size of MokListXRT (bsc#1185261)
- shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist
- shim-install: instead of assuming 'removable' for Azure, remove
  fallback.efi from \EFI\Boot and copy grub.efi/cfg to \EFI\Boot
  to make \EFI\Boot bootable and keep the boot option created by
  efibootmgr (bsc#1185464, bsc#1185961)
- shim-install: always assume 'removable' for Azure to avoid the endless reset loop (bsc#1185464)
- shim-install: Support changing default shim efi binary in /usr/etc/default/shim and /etc/default/shim (bsc#1177315)
- Update dbx-cert.tar.xz and vendor-dbx.bin to block the following sign keys:
  + SLES-UEFI-SIGN-Certificate-2020-07.crt
  + openSUSE-UEFI-SIGN-Certificate-2020-07.crt

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3510-1
Released:    Tue Oct 26 11:22:15 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    important
References:  1191987
This update for pam fixes the following issues:

- Fixed a bad directive file which resulted in
  the 'securetty' file to be installed as 'macros.pam'.
  (bsc#1191987)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3515-1
Released:    Tue Oct 26 13:48:04 2021
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    important
References:  1191200,1191260,1191480,1191804,1191922
This update for suse-module-tools fixes the following issues:


Update to version 15.2.15:

- Fix bad exit status in openQA. (bsc#1191922)
- Deal with existing certificates that should be de-enrolled. (bsc#1191804)
- Ignore kernel keyring for kernel certificates. (bsc#1191480)
- Print 'mokutil' output in verbose mode.
- Skip certificate scriptlet on non-UEFI systems. (bsc#1191260)
- Don't pass existing files to weak-modules2. (bsc#1191200)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3523-1
Released:    Tue Oct 26 15:40:13 2021
Summary:     Security update for util-linux
Type:        security
Severity:    moderate
References:  1122417,1125886,1178236,1188921,CVE-2021-37600
This update for util-linux fixes the following issues:

Update to version 2.33.2 to provide seamless update from SLE12 SP5 to SLE15 SP2:

- CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c (bsc#1188921).
- agetty: Fix 8-bit processing in get_logname() (bsc#1125886).
- mount: Fix 'mount' output for net file systems (bsc#1122417).
- ipcs: Avoid overflows (bsc#1178236)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3529-1
Released:    Wed Oct 27 09:23:32 2021
Summary:     Security update for pcre
Type:        security
Severity:    moderate
References:  1172973,1172974,CVE-2019-20838,CVE-2020-14155
This update for pcre fixes the following issues:

Update pcre to version 8.45:

- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3538-1
Released:    Wed Oct 27 10:40:32 2021
Summary:     Recommended update for iproute2
Type:        recommended
Severity:    moderate
References:  1160242
This update for iproute2 fixes the following issues:

- Follow-up fixes backported from upstream. (bsc#1160242)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3545-1
Released:    Wed Oct 27 14:46:39 2021
Summary:     Recommended update for less
Type:        recommended
Severity:    low
References:  1190552
This update for less fixes the following issues:

- Add missing runtime dependency on package 'which', that is used by
  lessopen.sh (bsc#1190552)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3567-1
Released:    Wed Oct 27 22:14:01 2021
Summary:     Recommended update for apparmor
Type:        recommended
Severity:    moderate
References:  1191690
This update for apparmor fixes the following issues:

- Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3581-1
Released:    Fri Oct 29 16:09:23 2021
Summary:     Recommended update for SUSEConnect
Type:        recommended
Severity:    important
References:  
This update for SUSEConnect contains the following fix:

- Update to 0.3.32:
  - Allow --regcode and --instance-data attributes at the same time. (jsc#PCT-164)
  - Document that 'debug' can also get set in the config file
  - --status will also print the subscription name

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3617-1
Released:    Thu Nov  4 21:00:19 2021
Summary:     Recommended update for samba
Type:        recommended
Severity:    moderate
References:  1188727
This update for samba fixes the following issues:

- Fix wrong 'kvno' exported to keytab after 'net ads changetrustpw' due to replication delay. (bsc#1188727)
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3650-1
Released:    Wed Nov 10 17:36:06 2021
Summary:     Security update for samba
Type:        security
Severity:    important
References:  1014440,1192214,1192284,CVE-2016-2124,CVE-2020-25717,CVE-2021-23192
This update for samba fixes the following issues:

- CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440).
- CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284).
- CVE-2021-23192: Fixed dcerpc requests to don't check all fragments against the first auth_state (bsc#1192214).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3754-1
Released:    Fri Nov 19 18:41:20 2021
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1065729,1085030,1152489,1154353,1156395,1157177,1167773,1172073,1173604,1176940,1184673,1185762,1186063,1187167,1188563,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190941,1191229,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191731,1191800,1191934,1191958,1192040,1192041,1192107,1192145,1192267,1192549,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

- CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
- CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563).
- CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107).
- CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958).
- CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067).
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).
- CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063).
- CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349).
- CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479).
- CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317).
- CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315).

The following non-security bugs were fixed:

- ACPI: bgrt: Fix CFI violation (git-fixes).
- ACPI: fix NULL pointer dereference (git-fixes).
- ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
- ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes).
- ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes).
- ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes).
- ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes).
- ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
- ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes).
- ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
- ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
- Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
- HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes).
- HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
- HID: u2fzero: ignore incomplete packets without data (git-fixes).
- HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
- HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes).
- ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
- IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241).
- Input: snvs_pwrkey - add clk handling (git-fixes).
- Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
- KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395).
- KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395).
- KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
- KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395).
- KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395).
- KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
- NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes).
- NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes).
- NFS: dir_cookie is a pointer to the cookie in older kernels, not the cookie itself (bsc#1191628 bsc#1192549).
- NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628).
- PCI: Fix pci_host_bridge struct device release/free handling (git-fixes).
- USB: cdc-acm: clean up probe error labels (git-fixes).
- USB: cdc-acm: fix minor-number release (git-fixes).
- USB: serial: option: add Quectel EC200S-CN module support (git-fixes).
- USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
- USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
- USB: serial: qcserial: add EM9191 QDL support (git-fixes).
- USB: xhci: dbc: fix tty registration race (git-fixes).
- acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
- ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes).
- ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes).
- audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes).
- bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456).
- blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456).
- blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452).
- block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
- bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes).
- bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes).
- bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
- bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes).
- can: dev: can_restart: fix use after free bug (git-fixes).
- can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
- can: peak_usb: fix use after free bugs (git-fixes).
- can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes).
- can: rcar_can: fix suspend/resume (git-fixes).
- can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes).
- can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes).
- cb710: avoid NULL pointer subtraction (git-fixes).
- ceph: fix handling of 'meta' errors (bsc#1192041).
- ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040).
- cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes).
- drm/amd/display: Pass PCI deviceid into DC (git-fixes).
- drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
- drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes).
- drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes).
- drm/msm: Fix null pointer dereference on pointer edp (git-fixes).
- drm/nouveau/debugfs: fix file release memory leak (git-fixes).
- drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
- e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
- e100: fix buffer overrun in e100_get_regs (git-fixes).
- e100: fix length calculation in e100_get_regs_len (git-fixes).
- e100: handle eeprom as little endian (git-fixes).
- ext4: fix reserved space counter leakage (bsc#1191450).
- ext4: report correct st_size for encrypted symlinks (bsc#1191449).
- fs, mm: fix race in unlinking swapfile (bsc#1191455).
- fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449).
- ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267).
- gpio: pca953x: Improve bias setting (git-fixes).
- gve: Avoid freeing NULL pointer (git-fixes).
- gve: Correct available tx qpl check (git-fixes).
- gve: Properly handle errors in gve_assign_qpl (bsc#1176940).
- gve: fix gve_get_stats() (git-fixes).
- gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1176940).
- hso: fix bailout in error case of probe (git-fixes).
- i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes).
- i40e: Fix ATR queue selection (git-fixes).
- i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes).
- i40e: fix endless loop under rtnl (git-fixes).
- iavf: fix double unlock of crit_lock (git-fixes).
- ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177).
- iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes).
- iio: adc: aspeed: set driver data when adc probe (git-fixes).
- iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
- iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
- iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
- iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes).
- iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes).
- ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773).
- ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241).
- isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes).
- isdn: mISDN: Fix sleeping function called from invalid context (git-fixes).
- ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).
- kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456).
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167).
- kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ('rpm: Abolish scritplet templating (bsc#1189841).')
- kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
- lan78xx: select CRC32 (git-fixes).
- libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes).
- mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes).
- mac80211: check return value of rhashtable_init (git-fixes).
- mei: me: add Ice Lake-N device id (git-fixes).
- mlx5: count all link events (git-fixes).
- mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes).
- mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes).
- mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes).
- mmc: vub300: fix control-message timeouts (git-fixes).
- net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353).
- net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes).
- net/mlx4_en: Resolve bad operstate value (git-fixes).
- net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes).
- net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464).
- net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
- net: batman-adv: fix error handling (git-fixes).
- net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (git-fixes).
- net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes).
- net: cdc_eem: fix tx fixup skb leak (git-fixes).
- net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
- net: hns3: fix vf reset workqueue cannot exit (bsc#1154353).
- net: hso: add failure handler for add_net_device (git-fixes).
- net: hso: fix NULL-deref on disconnect regression (git-fixes).
- net: hso: fix null-ptr-deref during tty device unregistration (git-fixes).
- net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
- net: lan78xx: fix division by zero in send path (git-fixes).
- net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800).
- net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes).
- netfilter: conntrack: collect all entries in one cycle (bsc#1173604).
- nfc: fix error handling of nfc_proto_register() (git-fixes).
- nfc: port100: fix using -ERRNO as command type mask (git-fixes).
- nvme-fc: avoid race between time out and tear down (bsc#1185762).
- nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
- nvme-fc: update hardware queues before using them (bsc#1185762).
- nvme-pci: Fix abort command id (git-fixes).
- nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
- nvme-pci: refactor nvme_unmap_data (bsc#1191934).
- nvme: add command id quirk for apple controllers (git-fixes).
- ocfs2: fix data corruption after conversion from inline format (bsc#1190795).
- pata_legacy: fix a couple uninitialized variable bugs (git-fixes).
- phy: mdio: fix memory leak (git-fixes).
- platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes).
- platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes).
- powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
- powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
- powerpc/lib: Fix emulate_step() std test (bsc#1065729).
- powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes).
- powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes).
- pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes).
- ptp_pch: Load module automatically if ID matches (git-fixes).
- ptp_pch: Restore dependency on PCI (git-fixes).
- qed: Fix missing error code in qed_slowpath_start() (git-fixes).
- qed: Handle management FW error (git-fixes).
- qed: rdma - do not wait for resources under hw error recovery flow (git-fixes).
- regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes).
- rpm: fix kmp install path
- rpm: use _rpmmacrodir (boo#1191384)
- scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145).
- scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145).
- scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145).
- scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145).
- scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349).
- scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
- scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145).
- scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
- scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145).
- scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
- scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
- scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
- scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
- scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
- scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941).
- scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941).
- scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941).
- scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941).
- scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
- scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
- scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
- scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
- scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
- scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
- scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
- scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
- scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941).
- scsi: qla2xxx: Fix port type info (bsc#1190941).
- scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
- scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
- scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
- scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941).
- scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
- scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
- scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941).
- scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
- scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941).
- scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
- scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941).
- scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
- scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
- scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
- scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
- scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
- sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351).
- soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes).
- spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes).
- tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729).
- usb: hso: fix error handling code of hso_create_net_device (git-fixes).
- usb: hso: remove the bailout parameter (git-fixes).
- usb: musb: dsps: Fix the probe error path (git-fixes).
- video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes).
- virtio: write back F_VERSION_1 before validate (git-fixes).
- watchdog: orion: use 0 for unset heartbeat (git-fixes).
- x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (bsc#1152489).
- x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489).
- xen: fix setting of max_pfn in shared_info (git-fixes).
- xen: reset legacy rtc flag for PV domU (git-fixes).
- xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006).
- xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006).
- xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642).
- xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006).
- xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
- xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes).
- xhci: Fix command ring pointer corruption while aborting a command (git-fixes).
- xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
- xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3773-1
Released:    Tue Nov 23 15:49:30 2021
Summary:     Security update for bind
Type:        security
Severity:    important
References:  1192146,CVE-2021-25219
This update for bind fixes the following issues:

- CVE-2021-25219: Fixed lame cache that could have been abused to severely degrade resolver performance (bsc#1192146).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3782-1
Released:    Tue Nov 23 23:49:03 2021
Summary:     Recommended update for dracut
Type:        recommended
Severity:    moderate
References:  1187190,1188713,1190326
This update for dracut fixes the following issues:

- Fixed multipath devices that always default to bfq scheduler (bsc#1188713)
- Fixed unbootable system when testing kernel 5.14 (bsc#1190326)
- Add support for the new iscsiadm 'no-wait' (-W) command (bsc#1187190)
- Add iscsid.service requirements (bsc#1187190)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3787-1
Released:    Wed Nov 24 06:00:10 2021
Summary:     Recommended update for xfsprogs
Type:        recommended
Severity:    moderate
References:  1189983,1189984,1191500,1191566,1191675
This update for xfsprogs fixes the following issues:

- Make libhandle1 an explicit dependency in the xfsprogs-devel package (bsc#1191566)
- Remove deprecated barrier/nobarrier mount options from manual pages section 5 (bsc#1191675)
- xfs_io: include support for label command (bsc#1191500)
- xfs_quota: state command to report all three (-ugp) grace times separately (bsc#1189983)
- xfs_admin: add support for external log devices (bsc#1189984)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3799-1
Released:    Wed Nov 24 18:07:54 2021
Summary:     Recommended update for gcc11
Type:        recommended
Severity:    moderate
References:  1187153,1187273,1188623
This update for gcc11 fixes the following issues:

The additional GNU compiler collection GCC 11 is provided:

To select these compilers install the packages:

- gcc11
- gcc-c++11
- and others with 11 prefix.

to select them for building:

- CC='gcc-11'
- CXX='g++-11'

The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3809-1
Released:    Fri Nov 26 00:31:59 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1189803,1190325,1190440,1190984,1191252,1192161
This update for systemd fixes the following issues:

- Add timestamp to D-Bus events to improve traceability (jsc#SLE-21862, jsc#SLE-18102, jsc#SLE-18103)
- Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161)
- shutdown: Reduce log level of unmounts (bsc#1191252)
- pid1: make use of new 'prohibit_ipc' logging flag in PID 1 (bsc#1189803)
- core: rework how we connect to the bus (bsc#1190325)
- mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984)
- virt: detect Amazon EC2 Nitro instance (bsc#1190440)
- Several fixes for umount
- busctl: use usec granularity for the timestamp printed by the busctl monitor command
- fix unitialized fields in MountPoint in dm_list_get()
- shutdown: explicitly set a log target
- mount-util: add mount_option_mangle()
- dissect: automatically mark partitions read-only that have a read-only file system
- build-sys: require proper libmount version
- systemd-shutdown: use log_set_prohibit_ipc(true)
- rationalize interface for opening/closing logging
- pid1: when we can't log to journal, remember our fallback log target
- log: remove LOG_TARGET_SAFE pseudo log target
- log: add brief comment for log_set_open_when_needed() and log_set_always_reopen_console()
- log: add new 'prohibit_ipc' flag to logging system
- log: make log_set_upgrade_syslog_to_journal() take effect immediately
- dbus: split up bus_done() into seperate functions
- machine-id-setup: generate machine-id from DMI product ID on Amazon EC2
- virt: if we detect Xen by DMI, trust that over CPUID

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3830-1
Released:    Wed Dec  1 13:45:46 2021
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1027496,1183085,CVE-2016-10228

This update for glibc fixes the following issues:


- libio: do not attempt to free wide buffers of legacy streams (bsc#1183085) 
- CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3838-1
Released:    Wed Dec  1 16:07:54 2021
Summary:     Security update for ruby2.5
Type:        security
Severity:    important
References:  1188160,1188161,1190375,CVE-2021-31799,CVE-2021-31810,CVE-2021-32066
This update for ruby2.5 fixes the following issues:

- CVE-2021-31799: Fixed Command injection vulnerability in RDoc (bsc#1190375).
- CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161).
- CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP (bsc#1188160).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3870-1
Released:    Thu Dec  2 07:11:50 2021
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1190356,1191286,1191324,1191370,1191609,1192337,1192436
This update for libzypp, zypper fixes the following issues:

libzypp:

- Check log writer before accessing it (bsc#1192337)
- Zypper should keep cached files if transaction is aborted (bsc#1190356)
- Require a minimum number of mirrors for multicurl (bsc#1191609)
- Fixed slowdowns when rlimit is too high by using procfs to detect niumber of 
  open file descriptors (bsc#1191324)
- Fixed zypper incomplete messages when using non English localization (bsc#1191370)
- RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286)
- Disable logger in the child process after fork (bsc#1192436)

zypper:

- Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418)


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3872-1
Released:    Thu Dec  2 07:25:55 2021
Summary:     Recommended update for cracklib
Type:        recommended
Severity:    moderate
References:  1191736
This update for cracklib fixes the following issues:

- Enable build time tests (bsc#1191736)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3883-1
Released:    Thu Dec  2 11:47:07 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

Update timezone to 2021e (bsc#1177460)

- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3888-1
Released:    Fri Dec  3 09:47:42 2021
Summary:     Security update for xen
Type:        security
Severity:    moderate
References:  1027519,1191363,1192554,1192557,1192559,CVE-2021-28702,CVE-2021-28704,CVE-2021-28705,CVE-2021-28706,CVE-2021-28707,CVE-2021-28708,CVE-2021-28709
This update for xen fixes the following issues:

- CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly (XSA-386) (bsc#1191363).
- CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557).
- CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559).
- CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554).

- Update to Xen 4.13.4 bug fix release (bsc#1027519).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3891-1
Released:    Fri Dec  3 10:21:49 2021
Summary:     Recommended update for keyutils
Type:        recommended
Severity:    moderate
References:  1029961,1113013,1187654
This update for keyutils fixes the following issues:

- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)

keyutils was updated to 1.6.3 (jsc#SLE-20016):

* Revert the change notifications that were using /dev/watch_queue.
* Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE).
* Allow 'keyctl supports' to retrieve raw capability data.
* Allow 'keyctl id' to turn a symbolic key ID into a numeric ID.
* Allow 'keyctl new_session' to name the keyring.
* Allow 'keyctl add/padd/etc.' to take hex-encoded data.
* Add 'keyctl watch*' to expose kernel change notifications on keys.
* Add caps for namespacing and notifications.
* Set a default TTL on keys that upcall for name resolution.
* Explicitly clear memory after it's held sensitive information.
* Various manual page fixes.
* Fix C++-related errors.
* Add support for keyctl_move().
* Add support for keyctl_capabilities().
* Make key=val list optional for various public-key ops.
* Fix system call signature for KEYCTL_PKEY_QUERY.
* Fix 'keyctl pkey_query' argument passing.
* Use keyctl_read_alloc() in dump_key_tree_aux().
* Various manual page fixes. 

Updated to 1.6:

* Apply various specfile cleanups from Fedora.
* request-key: Provide a command line option to suppress helper execution.
* request-key: Find least-wildcard match rather than first match.
* Remove the dependency on MIT Kerberos.
* Fix some error messages
* keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes.
* Fix doc and comment typos.
* Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20).
* Add pkg-config support for finding libkeyutils.
* upstream isn't offering PGP signatures for the source tarballs anymore

Updated to 1.5.11 (bsc#1113013)

* Add keyring restriction support.
* Add KDF support to the Diffie-Helman function.
* DNS: Add support for AFS config files and SRV records
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3899-1
Released:    Fri Dec  3 11:27:41 2021
Summary:     Security update for aaa_base
Type:        security
Severity:    moderate
References:  1162581,1174504,1191563,1192248
This update for aaa_base fixes the following issues:

- Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504).
- Add $HOME/.local/bin to PATH, if it exists (bsc#1192248).
- Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563).
- Support xz compressed kernel (bsc#1162581)   

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3933-1
Released:    Mon Dec  6 11:35:17 2021
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1094840,1133021,1152489,1169263,1170269,1188601,1190523,1190795,1191790,1191851,1191958,1191961,1191980,1192045,1192229,1192273,1192328,1192718,1192740,1192745,1192750,1192753,1192781,1192802,1192896,1192906,1192918,CVE-2021-0941,CVE-2021-20322,CVE-2021-31916,CVE-2021-34981,CVE-2021-37159,CVE-2021-43389


The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

- Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573)

  You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0)

- CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045).
- CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781).
- CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790)
- CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails  (bsc#1191961).
- CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
- CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601).

The following non-security bugs were fixed:

- ABI: sysfs-kernel-slab: Document some stats (git-fixes).
- ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes).
- ALSA: ua101: fix division by zero at probe (git-fixes).
- ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes).
- ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (git-fixes).
- ASoC: cs42l42: Correct some register default values (git-fixes).
- ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (git-fixes).
- ASoC: cs42l42: Do not set defaults for volatile registers (git-fixes).
- ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes).
- ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes).
- ASoC: rockchip: Use generic dmaengine code (git-fixes).
- ata: sata_mv: Fix the error handling of mv_chip_id() (git-fixes).
- ath10k: fix control-message timeout (git-fixes).
- ath10k: fix division by zero in send path (git-fixes).
- ath10k: fix max antenna gain unit (git-fixes).
- ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes).
- ath6kl: fix control-message timeout (git-fixes).
- ath6kl: fix division by zero in send path (git-fixes).
- ath9k: Fix potential interrupt storm on queue reset (git-fixes).
- auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes).
- auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes).
- auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes).
- b43: fix a lower bounds test (git-fixes).
- b43legacy: fix a lower bounds test (git-fixes).
- Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes).
- Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes).
- bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573)
- bpf: Disallow unprivileged bpf by default (jsc#SLE-22573).
- bpf: Fix potential race in tail call compatibility check (git-fixes).
- btrfs: block-group: Rework documentation of check_system_chunk function (bsc#1192896).
- btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896).
- btrfs: fix memory ordering between normal and ordered work functions (git-fixes).
- btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896).
- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes).
- config: disable unprivileged BPF by default (jsc#SLE-22573)
- crypto: caam - disable pkc for non-E SoCs (git-fixes).
- crypto: qat - detect PFVF collision after ACK (git-fixes).
- crypto: qat - disregard spurious PFVF interrupts (git-fixes).
- driver core: add a min_align_mask field to struct device_dma_parameters (bsc#1191851).
- drm/amdgpu: fix warning for overflow check (git-fixes).
- drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes).
- drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802).
- drm/sun4i: Fix macros in sun8i_csc.h (git-fixes).
- drm/v3d: fix wait for TMU write combiner flush (git-fixes).
- EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1152489).
- exfat: fix erroneous discard when clear cluster bit (git-fixes).
- exfat: handle wrong stream entry size in exfat_readdir() (git-fixes).
- exfat: properly set s_time_gran (bsc#1192328).
- exfat: truncate atimes to 2s granularity (bsc#1192328).
- firmware/psci: fix application of sizeof to pointer (git-fixes).
- fuse: fix page stealing (bsc#1192718).
- genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489).
- gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes).
- HID: u2fzero: clarify error check and length calculations (git-fixes).
- HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes).
- hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes).
- hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes).
- hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (git-fixes).
- hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes).
- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
- ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes).
- ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629).
- ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629).
- iio: dac: ad5446: Fix ad5622_write() return value (git-fixes).
- Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918).
- Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980).
- kABI: Fix kABI after 36950f2da1ea (bsc#1191851).
- kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740).
- KVM: s390: extend kvm_s390_shadow_fault to return entry pointer (bsc#1133021).
- KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021).
- KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021).
- KVM: s390: VSIE: correctly handle MVPG when in VSIE (bsc#1133021).
- libertas: Fix possible memory leak in probe and disconnect (git-fixes).
- libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- media: cx23885: Fix snd_card_free call on null card pointer (git-fixes).
- media: cxd2880-spi: Fix a null pointer dereference on error handling path (git-fixes).
- media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (git-fixes).
- media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes).
- media: em28xx: add missing em28xx_close_extension (git-fixes).
- media: em28xx: Do not use ops->suspend if it is NULL (git-fixes).
- media: i2c: ths8200 needs V4L2_ASYNC (git-fixes).
- media: ite-cir: IR receiver stop working after receive overflow (git-fixes).
- media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes).
- media: mxl111sf: change mutex_init() location (git-fixes).
- media: radio-wl1273: Avoid card name truncation (git-fixes).
- media: si470x: Avoid card name truncation (git-fixes).
- media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (git-fixes).
- media: TDA1997x: handle short reads of hdmi info frame (git-fixes).
- media: tm6000: Avoid card name truncation (git-fixes).
- media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes).
- media: v4l2-ioctl: S_CTRL output the right value (git-fixes).
- memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (git-fixes).
- memstick: avoid out-of-range warning (git-fixes).
- memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (git-fixes).
- mmc: mxs-mmc: disable regulator on error and in the remove function (git-fixes).
- mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (git-fixes).
- mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (git-fixes).
- mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906).
- mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes).
- mwifiex: fix division by zero in fw download path (git-fixes).
- mwifiex: Send DELBA requests according to spec (git-fixes).
- net: dsa: felix: re-enable TX flow control in ocelot_port_flush() (git-fixes).
- net: mscc: ocelot: fix hardware timestamp dequeue logic.
- net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (git-fixes).
- nvme-pci: set min_align_mask (bsc#1191851).
- ocfs2: do not zero pages beyond i_size (bsc#1190795).
- ocfs2: fix data corruption on truncate (bsc#1190795).
- PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes).
- PCI: aardvark: Do not spam about PIO Response Status (git-fixes).
- PCI: aardvark: Do not unmask unused interrupts (git-fixes).
- PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes).
- PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes).
- PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes).
- PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes).
- PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263).
- PCI/ACPI: Clarify message about _OSC failure (bsc#1169263).
- PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263).
- PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263).
- PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263).
- PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263).
- PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes).
- PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes).
- pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes).
- platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes).
- power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes).
- power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes).
- power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes).
- power: supply: rt5033 battery: Change voltage values to ca 5V (git-fixes).
- printk/console: Allow to disable console output by using console='' or console=null (bsc#1192753).
- printk: handle blank console arguments passed in (bsc#1192753).
- qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802).
- r8152: add a helper function about setting EEE (git-fixes).
- r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (git-fixes).
- r8152: Disable PLA MCU clock speed down (git-fixes).
- r8152: disable U2P3 for RTL8153B (git-fixes).
- r8152: divide the tx and rx bottom functions (git-fixes).
- r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes).
- r8152: fix runtime resume for linking change (git-fixes).
- r8152: replace array with linking list for rx information (git-fixes).
- r8152: reset flow control patch when linking on for RTL8153B (git-fixes).
- r8152: saving the settings of EEE (git-fixes).
- r8152: separate the rx buffer size (git-fixes).
- r8152: use alloc_pages for rx buffer (git-fixes).
- regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (git-fixes).
- regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (git-fixes).
- Revert 'ibmvnic: check failover_pending in login response' (bsc#1190523 ltc#194510).
- Revert 'platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes' (git-fixes).
- Revert 'r8152: adjust the settings about MAC clock speed down for RTL8153' (git-fixes).
- Revert 'scsi: ufs: fix a missing check of devm_reset_control_get' (git-fixes).
- Revert 'x86/kvm: fix vcpu-id indexed array sizes' (git-fixes).
- rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes).
- rsi: fix control-message timeout (git-fixes).
- rsi: Fix module dev_oper_mode parameter description (git-fixes).
- rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes).
- rtl8187: fix control-message timeouts (git-fixes).
- s390/qeth: fix deadlock during failing recovery (git-fixes).
- s390/qeth: Fix deadlock in remove_discipline (git-fixes).
- s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes).
- scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes).
- scsi: BusLogic: Fix missing pr_cont() use (git-fixes).
- scsi: core: Fix spelling in a source code comment (git-fixes).
- scsi: csiostor: Add module softdep on cxgb4 (git-fixes).
- scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes).
- scsi: dc395: Fix error case unwinding (git-fixes).
- scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes).
- scsi: FlashPoint: Rename si_flags field (git-fixes).
- scsi: iscsi: Fix iface sysfs attr detection (git-fixes).
- scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes).
- scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes).
- scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes).
- scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes).
- scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes).
- scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes).
- scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes).
- scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes).
- scsi: snic: Fix an error message (git-fixes).
- scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL (git-fixes).
- scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes).
- serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes).
- serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes).
- staging: r8712u: fix control-message timeout (git-fixes).
- staging: rtl8192u: fix control-message timeouts (git-fixes).
- stmmac: platform: Fix signedness bug in stmmac_probe_config_dt() (git-fixes).
- swiotlb: add a IO_TLB_SIZE define (bsc#1191851).
- swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851).
- swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single (bsc#1191851).
- swiotlb: factor out an io_tlb_offset helper (bsc#1191851).
- swiotlb: factor out a nr_slots helper (bsc#1191851).
- swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851).
- swiotlb: respect min_align_mask (bsc#1191851).
- swiotlb: Split size parameter to map/unmap APIs (bsc#1191851).
- tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes).
- tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745).
- Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
- usb: gadget: hid: fix error code in do_config() (git-fixes).
- usb: iowarrior: fix control-message timeouts (git-fixes).
- usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes).
- usb: musb: Balance list entry in musb_gadget_queue (git-fixes).
- usbnet: fix error return code in usbnet_probe() (git-fixes).
- usbnet: sanity check for maxpacket (git-fixes).
- usb: serial: keyspan: fix memleak on probe errors (git-fixes).
- video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes).
- virtio-gpu: fix possible memory allocation failure (git-fixes).
- wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes).
- wcn36xx: add proper DMA memory barriers in rx path (git-fixes).
- wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes).
- x86/ioapic: Force affinity setup before startup (bsc#1152489).
- x86/msi: Force affinity setup before startup (bsc#1152489).
- x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1152489).
- x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes).
- xen: Fix implicit type conversion (git-fixes).
- xen-pciback: Fix return in pm_ctrl_init() (git-fixes).
- xfs: do not allow log writes if the data device is readonly (bsc#1192229).
- zram-avoid-race-between-zram_remove-and-disksize_sto.patch: (bsc#1170269).
- zram-don-t-fail-to-remove-zram-during-unloading-modu.patch: (bsc#1170269).
- zram-fix-race-between-zram_reset_device-and-disksize.patch: (bsc#1170269).
- zram-replace-fsync_bdev-with-sync_blockdev.patch: (bsc#1170269).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3934-1
Released:    Mon Dec  6 13:22:27 2021
Summary:     Security update for mozilla-nss
Type:        security
Severity:    important
References:  1193170,CVE-2021-43527
This update for mozilla-nss fixes the following issues:

Update to version 3.68.1:

- CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3945-1
Released:    Mon Dec  6 14:56:55 2021
Summary:     Security update for python-Babel
Type:        security
Severity:    important
References:  1185768,CVE-2021-42771
This update for python-Babel fixes the following issues:

- CVE-2021-42771: Fixed relative path traversal that may lead to arbitrary locale files loading and arbitrary code execution (bsc#1185768).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3946-1
Released:    Mon Dec  6 14:57:42 2021
Summary:     Security update for gmp
Type:        security
Severity:    moderate
References:  1192717,CVE-2021-43618
This update for gmp fixes the following issues:
    
- CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3986-1
Released:    Fri Dec 10 06:09:11 2021
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    moderate
References:  1187196
This update for suse-module-tools fixes the following issues:

-  Blacklist isst_if_mbox_msr driver because uses hardware information based on 
   CPU family and model, which is too unspecific. On large systems, this causes 
   a lot of failing loading attempts for this driver, leading to slow or even 
   stalled boot (bsc#1187196)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4013-1
Released:    Mon Dec 13 13:56:44 2021
Summary:     Recommended update for apparmor
Type:        recommended
Severity:    moderate
References:  1191690
This update for apparmor fixes the following issue:

- Fix 'Requires' of python3 module. (bsc#1191690)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:4015-1
Released:    Mon Dec 13 17:16:00 2021
Summary:     Security update for python3
Type:        security
Severity:    moderate
References:  1180125,1183374,1183858,1185588,1187338,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737
This update for python3 fixes the following issues:


- CVE-2021-3737: Fixed http client infinite line reading (DoS) after a http 100. (bsc#1189241)
- CVE-2021-3733: Fixed ReDoS in urllib.request. (bsc#1189287)
- CVE-2021-3426: Fixed an information disclosure via pydoc. (bsc#1183374)

- Rebuild to get new headers, avoid building in support for stropts.h (bsc#1187338).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4139-1
Released:    Tue Dec 21 17:02:44 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    critical
References:  1193481,1193521
This update for systemd fixes the following issues:

- Revert 'core: rework how we connect to the bus' (bsc#1193521 bsc#1193481)
  sleep-config: partitions can't be deleted, only files can
  shared/sleep-config: exclude zram devices from hibernation candidates

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4141-1
Released:    Wed Dec 22 05:22:23 2021
Summary:     Recommended update for dracut
Type:        recommended
Severity:    important
References:  1193512
This update for dracut fixes the following issues:

- Add iscsi-init.service requirements (bsc#1193512)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4145-1
Released:    Wed Dec 22 05:27:48 2021
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1161276
This update for openssl-1_1 fixes the following issues:

- Remove previously applied patch because it interferes with FIPS validation (bsc#1161276)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:4154-1
Released:    Wed Dec 22 11:02:38 2021
Summary:     Security update for p11-kit
Type:        security
Severity:    important
References:  1180064,1187993,CVE-2020-29361
This update for p11-kit fixes the following issues:

- CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064)
- Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:4171-1
Released:    Thu Dec 23 09:55:13 2021
Summary:     Security update for runc
Type:        security
Severity:    moderate
References:  1193436,CVE-2021-43784
This update for runc fixes the following issues:

Update to runc v1.0.3. 
    
* CVE-2021-43784: Fixed a potential vulnerability related to the internal usage
  of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436)
* Fixed inability to start a container with read-write bind mount of a read-only fuse host mount.
* Fixed inability to start when read-only /dev in set in spec.
* Fixed not removing sub-cgroups upon container delete, when rootless cgroup
  v2 is used with older systemd.
* Fixed returning error from GetStats when hugetlb is unsupported (which
  causes excessive logging for kubernetes).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4173-1
Released:    Thu Dec 23 10:11:31 2021
Summary:     Recommended update for samba
Type:        recommended
Severity:    important
References:  1192849,CVE-2020-25717
This update for samba fixes the following issues:

The username map advice from the CVE-2020-25717 advisory
note has undesired side effects for the local nt token. Fallback
to a SID/UID based mapping if the name based lookup fails (bsc#1192849).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4182-1
Released:    Thu Dec 23 11:51:51 2021
Summary:     Recommended update for zlib
Type:        recommended
Severity:    moderate
References:  1192688
This update for zlib fixes the following issues:

- Fix hardware compression incorrect result on z15 hardware (bsc#1192688)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:4192-1
Released:    Tue Dec 28 10:39:50 2021
Summary:     Security update for permissions
Type:        security
Severity:    moderate
References:  1174504
This update for permissions fixes the following issues:

- Update to version 20181225:
  * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2-1
Released:    Mon Jan  3 08:27:18 2022
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1183905,1193181
This update for lvm2 fixes the following issues:

- Fix lvconvert not taking `--stripes` option (bsc#1183905)
- Fix LVM vgimportclone not working on hardware snapshot (bsc#1193181)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4-1
Released:    Mon Jan  3 08:28:54 2022
Summary:     Recommended update for libgcrypt
Type:        recommended
Severity:    moderate
References:  1193480
This update for libgcrypt fixes the following issues:

- Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:7-1
Released:    Mon Jan  3 08:45:52 2022
Summary:     Recommended update for grub2
Type:        recommended
Severity:    moderate
References:  1071559,1177751,1189769,1189874,1191504
This update for grub2 fixes the following issues:

- Fixed an issue when 'lvmid' disk cannot be found after second disk added to the root volume group. (bsc#1189874, bsc#1071559)
- Fix for an error when '/boot/grub2/locale/POSIX.gmo' not found. (bsc#1189769)
- Fix unknown TPM error on buggy uefi firmware. (bsc#1191504)
- Fix powerpc-ieee1275 lpar takes long time to boot with increasing number of nvme namespace (bsc#1177751)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:55-1
Released:    Tue Jan 11 12:53:27 2022
Summary:     Recommended update for rsyslog
Type:        recommended
Severity:    moderate
References:  1029961,1160414,1178490,1182653
This update for rsyslog fixes the following issues:

- Upgrade to rsyslog 8.2106.0:
  * The prime new feature is support for TLS and non-TLS connections
    via imtcp in parallel. Furthermore, most TLS parameters can now be overriden
    at the input() level. The notable exceptions are certificate files, something
    that is due to be implemented as next step.
  * New global option 'parser.supportCompressionExtension'
    This permits to turn off rsyslog's single-message compression extension
    when it interferes with non-syslog message processing (the parser
    subsystem expects syslog messages, not generic text)
    closes https://github.com/rsyslog/rsyslog/issues/4598
  * imtcp: add more override config params to input()
    It is now possible to override all module parameters at the input() level. Module
    parameters serve as defaults. Existing configs need no modification.
  * imtcp: add stream driver parameter to input() configuration
    This permits to have different inputs use different stream drivers
    and stream driver parameters.
  * imtcp: permit to run multiple inputs in parallel
    Previously, a single server was used to run all imtcp inputs. This
    had a couple of drawsbacks. First and foremost, we could not use
    different stream drivers in the varios inputs. This patch now
    provides a baseline to do that, but does still not implement the
    capability (in this sense it is a staging patch).
    Secondly, we now ensure that each input has at least one exclusive
    thread for processing, untangling the performance of multiple
    inputs from each other.
  * tcpsrv bugfix: potential sluggishnes and hang on shutdown
    tcpsrv is used by multiple other modules (imtcp, imdiag, imgssapi, and,
    in theory, also others - even ones we do not know about). However, the
    internal synchornization did not properly take multiple tcpsrv users
    in consideration.
    As such, a single user could hang under some circumstances. This was
    caused by improperly awaking all users from a pthread condition wait.
    That in turn could lead to some sluggish behaviour and, in rare cases,
    a hang at shutdown.
    Note: it was highly unlikely to experience real problems with the
    officially provided modules.
  * refactoring of syslog/tcp driver parameter passing
    This has now been generalized to a parameter block, which makes it much cleaner and
    also easier to add new parameters in the future.
  * config script: add re_match_i() and re_extract_i() functions
    This provides case-insensitive regex functionality.
- Upgrade to rsyslog 8.2104.0:
  * rainerscript: call getgrnam_r repeatedly to get all group members  (bsc#1178490)
  * new built-in function get_property() to access property vars
  * mmdblookup: add support for mmdb DB reload on HUP
  * new contributed function module fmunflatten
  * test bugfix: some tests did not work with newer TLS library versions

- Update 'remote.conf' example file to new 'Address' and 'Port' notation. (bsc#1182653)

- Upgrade to rsyslog 8.2102.0:
  * omfwd: add stats counter for sent bytes
  * omfwd: add error reporting configuration option
  * action stats counter bugfix: failure count was not properly incremented
  * action stats counter bugfix: resume count was not incremented
  * omfwd bugfix: segfault or error if port not given
  * lookup table bugfix: data race on lookup table reload
  * testbench modernization
  * testbench: fix invalid sequence of kafka tests runs
  * testbench: fix kafkacat issues
  * testbench: fix year-dependendt clickhouse test

- Upgrade to rsyslog 8.2012.0:
  * testbench bugfix: some tests did not work in make distcheck
  * immark: rewrite with many improvements
  * usability: re-phrase error message to help users better understand cause
  * add new system property $now-unixtimestamp
  * omfwd: add new rate limit option
  * omfwd bug: param 'StreamDriver.PermitExpiredCerts' is not 'off' by default

- prepare usrmerge (bsc#1029961)

- remove legacy stuff from specfile
  * sysvinit is not supported anymore, so remove all tests related to systemv in the specfile

- Upgrade to rsyslog 8.2010.0:
  * gnutls TLS subsystem bugfix: handshake error handling
  * core/msg bugfix: memory leak
  * core/msg bugfix: segfault in jsonPathFindNext() when <root> not an object
  * openssl TLS subsystem: improvments of error and status messages
  * core bugfix: do not create empty JSON objects on non-existent key access
  * gnutls subsysem bugfix: potential hang on session closure
  * core/network bugfix: obey net.enableDNS=off when querying local hostname
  * core bugfix: potential segfault on query of PROGRAMNAME property
  * imtcp bugfix: broken connection not necessariy detected
  * new module: imhttp - http input
  * mmdarwin bugfix: potential zero uuid when reusing existing one
  * imdocker bugfix: build issue on some platforms
  * omudpspoof bugfix: make compatbile with Solaris build
  * testbench fix: python 3 incompatibility
  * core bugfix: segfault if disk-queue file cannot be created
  * cosmetic: fix dummy module name in debug output
  * config bugfix: intended warning emitted as error

- Upgrade to rsyslog 8.2008.0
- Added custom unit file rsyslog.service because systemd service file was removed from upstream project
- Use systemd_ordering instead of requiring to make rsyslog useable in containers.
- Fix the URL for bug reporting, should not point to 'novell.com'. (bsc#1173433)
- Add support for 'omkafka'.
- Avoid build error with gcc flag '-fno-common'. (bsc#1160414)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:72-1
Released:    Thu Jan 13 16:13:36 2022
Summary:     Recommended update for mozilla-nss and MozillaFirefox
Type:        recommended
Severity:    important
References:  1193845
This update for mozilla-nss and MozillaFirefox fix the following issues:

mozilla-nss: 
    
- Update from version 3.68.1 to 3.68.2 (bsc#1193845)
- Add SHA-2 support to mozilla::pkix's Online Certificate Status Protocol 
  implementation
    
MozillaFirefox:

- Firefox Extended Support Release 91.4.1 ESR (bsc#1193845)
- Add SHA-2 support to mozilla::pkix's Online Certificate Status Protocol 
  implementation to fix frequent MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING 
  error messages when trying to connect to various microsoft.com domains

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:84-1
Released:    Mon Jan 17 04:40:30 2022
Summary:     Recommended update for dosfstools
Type:        recommended
Severity:    moderate
References:  1172863,1188401
This update for dosfstools fixes the following issues:

- To be able to create filesystems compatible with previous
  version, add -g command line option to mkfs (bsc#1188401)
- BREAKING CHANGES:
  After fixing of bsc#1172863 in the last update, mkfs started to
  create different images than before. Applications that depend on
  exact FAT file format (e. g. embedded systems) may be broken in
  two ways:
  * The introduction of the alignment may create smaller images
    than before, with a different positions of important image
    elements. It can break existing software that expect images in
    doststools <= 4.1 style.
    To work around these problems, use '-a' command line argument.
  * The new image may contain a different geometry values. Geometry
    sensitive applications expecting doststools <= 4.1 style images
    can fails to accept different geometry values.
    There is no direct work around for this problem. But you can
    take the old image, use 'file -s $IMAGE', check its
    'sectors/track' and 'heads', and use them in the newly
    introduced '-g' command line argument.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:92-1
Released:    Mon Jan 17 20:59:15 2022
Summary:     Recommended update for rsyslog
Type:        recommended
Severity:    important
References:  1194593
This update for rsyslog fixes the following issues:

- Fix config parameters in specfile (bsc#1194593)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:93-1
Released:    Tue Jan 18 05:11:58 2022
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    important
References:  1192489
This update for openssl-1_1 fixes the following issues:

- Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:94-1
Released:    Tue Jan 18 05:13:24 2022
Summary:     Recommended update for rpm
Type:        recommended
Severity:    important
References:  1180125,1193711
This update for rpm fixes the following issues:

- Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:125-1
Released:    Wed Jan 19 05:03:22 2022
Summary:     Recommended update for dracut
Type:        recommended
Severity:    moderate
References:  1175892,1194162
This update for dracut fixes the following issues:

- Update dependency and requirement of util-linux-systemd (bsc#1194162)
- Improve SSL CA certificate bundle detection (bsc#1175892)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:141-1
Released:    Thu Jan 20 13:47:16 2022
Summary:     Security update for permissions
Type:        security
Severity:    moderate
References:  1169614
This update for permissions fixes the following issues:

- Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:178-1
Released:    Tue Jan 25 14:16:23 2022
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827
This update for expat fixes the following issues:
  
- CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251).
- CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362).
- CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474).
- CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476).
- CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477).
- CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478).
- CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479).
- CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480).  

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:184-1
Released:    Tue Jan 25 18:20:56 2022
Summary:     Security update for json-c
Type:        security
Severity:    important
References:  1171479,CVE-2020-12762
This update for json-c fixes the following issues:

- CVE-2020-12762: Fixed integer overflow and out-of-bounds write. (bsc#1171479)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:197-1
Released:    Wed Jan 26 07:40:52 2022
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1071995,1139944,1151927,1152489,1153275,1154353,1154355,1161907,1164565,1166780,1169514,1176242,1176536,1176544,1176545,1176546,1176548,1176558,1176559,1176940,1176956,1177440,1178270,1179211,1179424,1179426,1179427,1179599,1179960,1181148,1181507,1181710,1183534,1183540,1183897,1184209,1185726,1185902,1187541,1189126,1189158,1191271,1191793,1191876,1192267,1192507,1192511,1192569,1192606,1192845,1192847,1192877,1192946,1192969,1192987,1192990,1192998,1193002,1193042,1193169,1193255,1193306,1193318,1193349,1193440,1193442,1193660,1193669,1193727,1193767,1193901,1193927,1194001,1194087,1194094,1194302,1194516,1194517,1194529,1194888,1194985,CVE-2020-27820,CVE-2020-27825,CVE-2021-28711,CVE-2021-28712,CVE-2021-28713,CVE-2021-28714,CVE-2021-28715,CVE-2021-33098,CVE-2021-4001,CVE-2021-4002,CVE-2021-4083,CVE-2021-4135,CVE-2021-4149,CVE-2021-4197,CVE-2021-4202,CVE-2021-43975,CVE-2021-43976,CVE-2021-44733,CVE-2021-45485,CVE-2021-45486,CVE-2022-0185,CVE-2022-0322


The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517).
- CVE-2022-0322: Fixed a denial of service in SCTP sctp_addto_chunk (bsc#1194985).
- CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel that occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767).
- CVE-2021-4197: Fixed a cgroup issue where lower privileged processes could write to fds of lower privileged ones that could lead to privilege escalation (bsc#1194302).
- CVE-2021-4135: Fixed an information leak in the nsim_bpf_map_alloc function (bsc#1193927).
- CVE-2021-4202: Fixed a race condition during NFC device remove which could lead to a use-after-free memory corruption (bsc#1194529)
- CVE-2021-4083: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allowed a local user to crash the system or escalate their privileges on the system. (bnc#1193727).
- CVE-2021-4149: Fixed a locking condition in btrfs which could lead to system deadlocks (bsc#1194001).
- CVE-2021-45485: The IPv6 implementation in net/ipv6/output_core.c had an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses (bnc#1194094).
- CVE-2021-45486: The IPv4 implementation in net/ipv4/route.c had an information leak because the hash table is very small (bnc#1194087).
- CVE-2021-4001: A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a special privilege (cap_sys_admin or cap_bpf) can modify the frozen mapped address space. (bnc#1192990).
- CVE-2021-28715: Guest can force Linux netback driver to hog large amounts of kernel memory. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There was a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. ()
- CVE-2021-28714: Guest can force Linux netback driver to hog large amounts of kernel memory. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There was a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing (bnc#1193442).
- CVE-2021-28713: Rogue backends can cause DoS of guests via high frequency events. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'. Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. (bsc#1193440)
- CVE-2021-28712: Rogue backends can cause DoS of guests via high frequency events. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'. Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. (bsc#1193440)
- CVE-2021-28711: Rogue backends can cause DoS of guests via high frequency events. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'. Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time (bnc#1193440).
- CVE-2020-27825: A use-after-free flaw was found in kernel/trace/ring_buffer.c. There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat (bnc#1179960).
- CVE-2021-43975: hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allowed an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value (bnc#1192845).
- CVE-2021-33098: Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1192877).
- CVE-2021-43976: mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allowed an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic) (bnc#1192847).
- CVE-2021-4002: Incorrect TLBs flushing after huge_pmd_unshare could lead to exposing hugepages to other users (bsc#1192946).
- CVE-2020-27820: A use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if 'unbind' the driver) (bnc#1179599).

The following non-security bugs were fixed:

- smb3: print warning once if posix context returned on open  (bsc#1164565).
- ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses (git-fixes).
- ACPI: battery: Accept charges over the design capacity as full (git-fixes).
- ACPICA: Avoid evaluating methods too early during system resume (git-fixes).
- ALSA: ISA: not for M68K (git-fixes).
- ALSA: ctxfi: Fix out-of-range access (git-fixes).
- ALSA: gus: fix null pointer dereference on pointer block (git-fixes).
- ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UX550VE (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PC70HS (git-fixes).
- ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED (git-fixes).
- ALSA: hda: hdac_ext_stream: fix potential locking issues (git-fixes).
- ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() (git-fixes).
- ALSA: synth: missing check for possible NULL after the call to kstrdup (git-fixes).
- ALSA: timer: Fix use-after-free problem (git-fixes).
- ALSA: timer: Unconditionally unlink slave instances, too (git-fixes).
- ALSA: usb-audio: Add registration quirk for JBL Quantum 400 (git-fixes).
- ARM: 8970/1: decompressor: increase tag size (git-fixes).
- ARM: 8974/1: use SPARSMEM_STATIC when SPARSEMEM is enabled (git-fixes)
- ARM: 8986/1: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (git-fixes)
- ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT (git-fixes)
- ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe (git-fixes)
- ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores (git-fixes)
- ARM: 9064/1: hw_breakpoint: Do not directly check the event's (git-fixes)
- ARM: 9071/1: uprobes: Do not hook on thumb instructions (git-fixes)
- ARM: 9081/1: fix gcc-10 thumb2-kernel regression (git-fixes)
- ARM: 9091/1: Revert 'mm: qsd8x50: Fix incorrect permission faults' (git-fixes)
- ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (git-fixes)
- ARM: 9134/1: remove duplicate memcpy() definition (git-fixes)
- ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (git-fixes)
- ARM: 9141/1: only warn about XIP address when not compile testing (git-fixes)
- ARM: 9155/1: fix early early_iounmap() (git-fixes)
- ARM: OMAP2+: Fix legacy mode dss_reset (git-fixes)
- ARM: OMAP2+: omap_device: fix idling of devices during probe (git-fixes)
- ARM: OMAP2+: pm33xx-core: Make am43xx_get_rtc_base_addr static (git-fixes)
- ARM: at91: pm: add missing put_device() call in at91_pm_sram_init() (git-fixes)
- ARM: at91: pm: of_node_put() after its usage (git-fixes)
- ARM: at91: pm: use proper master clock register offset (git-fixes)
- ARM: bcm: Select ARM_TIMER_SP804 for ARCH_BCM_NSP (git-fixes)
- ARM: dts sunxi: Relax a bit the CMA pool allocation range (git-fixes)
- ARM: dts: BCM5301X: Add interrupt properties to GPIO node (git-fixes)
- ARM: dts: BCM5301X: Fix I2C controller interrupt (git-fixes)
- ARM: dts: BCM5301X: Fixed QSPI compatible string (git-fixes)
- ARM: dts: Configure missing thermal interrupt for 4430 (git-fixes)
- ARM: dts: Fix dcan driver probe failed on am437x platform (git-fixes)
- ARM: dts: Fix duovero smsc interrupt for suspend (git-fixes)
- ARM: dts: N900: fix onenand timings (git-fixes).
- ARM: dts: NSP: Correct FA2 mailbox node (git-fixes)
- ARM: dts: NSP: Disable PL330 by default, add dma-coherent property (git-fixes)
- ARM: dts: NSP: Fixed QSPI compatible string (git-fixes)
- ARM: dts: Remove non-existent i2c1 from 98dx3236 (git-fixes)
- ARM: dts: am335x-pocketbeagle: Fix mmc0 Write Protect (git-fixes)
- ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema (git-fixes)
- ARM: dts: am437x-idk-evm: Fix incorrect OPP node names (git-fixes)
- ARM: dts: am437x-l4: fix typo in can at 0 node (git-fixes)
- ARM: dts: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes)
- ARM: dts: armada388-helios4: assign pinctrl to LEDs (git-fixes)
- ARM: dts: armada388-helios4: assign pinctrl to each fan (git-fixes)
- ARM: dts: aspeed: s2600wf: Fix VGA memory region location (git-fixes)
- ARM: dts: aspeed: tiogapass: Remove vuart (git-fixes)
- ARM: dts: at91-sama5d27_som1: fix phy address to 7 (git-fixes)
- ARM: dts: at91: add pinctrl-{names, 0} for all gpios (git-fixes)
- ARM: dts: at91: at91sam9rl: fix ADC triggers (git-fixes)
- ARM: dts: at91: sama5d2: fix CAN message ram offset and size (git-fixes)
- ARM: dts: at91: sama5d2: map securam as device (git-fixes)
- ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description (git-fixes)
- ARM: dts: at91: sama5d2_ptc_ek: fix vbus pin (git-fixes)
- ARM: dts: at91: sama5d2_xplained: classd: pull-down the R1 and R3 lines (git-fixes)
- ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host (git-fixes)
- ARM: dts: at91: sama5d4: fix pinctrl muxing (git-fixes)
- ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host (git-fixes)
- ARM: dts: at91: tse850: the emac<->phy interface is rmii (git-fixes)
- ARM: dts: bcm2835-rpi-zero-w: Fix led polarity (git-fixes)
- ARM: dts: bcm: HR2: Fix PPI interrupt types (git-fixes)
- ARM: dts: bcm: HR2: Fixed QSPI compatible string (git-fixes)
- ARM: dts: colibri-imx6ull: limit SDIO clock to 25MHz (git-fixes)
- ARM: dts: dra76x: m_can: fix order of clocks (git-fixes)
- ARM: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source (git-fixes)
- ARM: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensor's bus (git-fixes)
- ARM: dts: exynos: correct MUIC interrupt trigger level on Midas (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Artik 5 (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Midas (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Monk (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250 (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Snow (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Spring (git-fixes)
- ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas (git-fixes)
- ARM: dts: exynos: fix PWM LED max brightness on Odroid HC1 (git-fixes)
- ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3 (git-fixes)
- ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4 (git-fixes)
- ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on (git-fixes)
- ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid (git-fixes)
- ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU (git-fixes)
- ARM: dts: gemini-rut1xx: remove duplicate ethernet node (git-fixes)
- ARM: dts: gose: Fix ports node name for adv7180 (git-fixes)
- ARM: dts: gose: Fix ports node name for adv7612 (git-fixes)
- ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries (git-fixes)
- ARM: dts: imx50-evk: Fix the chip select 1 IOMUX (git-fixes)
- ARM: dts: imx6: Use gpc for FEC interrupt controller to fix wake on LAN (git-fixes)
- ARM: dts: imx6: pbab01: Set vmmc supply for both SD interfaces (git-fixes)
- ARM: dts: imx6: phycore-som: fix arm and soc minimum voltage (git-fixes)
- ARM: dts: imx6: phycore-som: fix emmc supply (git-fixes)
- ARM: dts: imx6dl-colibri-eval-v3: fix sram compatible properties (git-fixes).
- ARM: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch (git-fixes)
- ARM: dts: imx6dl-yapp4: Fix Ursa board Ethernet connection (git-fixes)
- ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators (git-fixes)
- ARM: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery (git-fixes)
- ARM: dts: imx6q-dhcom: Fix ethernet plugin detection problems (git-fixes)
- ARM: dts: imx6q-dhcom: Fix ethernet reset time properties (git-fixes)
- ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming (git-fixes)
- ARM: dts: imx6qdl-gw551x: Do not use 'simple-audio-card,dai-link' (git-fixes)
- ARM: dts: imx6qdl-gw551x: fix audio SSI (git-fixes)
- ARM: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect (git-fixes)
- ARM: dts: imx6qdl-kontron-samx6i: fix I2C_PM scl pin (git-fixes)
- ARM: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status (git-fixes)
- ARM: dts: imx6qdl-sr-som: Increase the PHY reset duration to 10ms (git-fixes)
- ARM: dts: imx6sl: fix rng node (git-fixes)
- ARM: dts: imx6sx-sabreauto: Fix the phy-mode on fec2 (git-fixes)
- ARM: dts: imx6sx-sdb: Fix the phy-mode on fec2 (git-fixes)
- ARM: dts: imx6sx: Add missing UART RTS/CTS pins mux (git-fixes)
- ARM: dts: imx6sx: Improve UART pins macro defines (git-fixes)
- ARM: dts: imx6sx: fix the pad QSPI1B_SCLK mux mode for uart3 (git-fixes)
- ARM: dts: imx7-colibri: Fix frequency for sd/mmc (git-fixes)
- ARM: dts: imx7-colibri: fix muxing of usbc_det pin (git-fixes)
- ARM: dts: imx7-colibri: prepare module device tree for FlexCAN (git-fixes)
- ARM: dts: imx7d-meerkat96: Fix the 'tuning-step' property (git-fixes)
- ARM: dts: imx7d-pico: Fix the 'tuning-step' property (git-fixes)
- ARM: dts: imx7d: Correct speed grading fuse settings (git-fixes)
- ARM: dts: imx7d: fix opp-supported-hw (git-fixes)
- ARM: dts: imx7ulp: Correct gpio ranges (git-fixes)
- ARM: dts: imx: Fix USB host power regulator polarity on M53Menlo (git-fixes)
- ARM: dts: imx: Swap M53Menlo pinctrl_power_button/pinctrl_power_out (git-fixes)
- ARM: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells (git-fixes)
- ARM: dts: logicpd-som-lv-baseboard: Fix broken audio (git-fixes)
- ARM: dts: logicpd-som-lv-baseboard: Fix missing video (git-fixes)
- ARM: dts: logicpd-torpedo-baseboard: Fix broken audio (git-fixes)
- ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL (git-fixes)
- ARM: dts: ls1021a: Restore MDIO compatible to gianfar (git-fixes)
- ARM: dts: ls1021a: fix QuadSPI-memory reg range (git-fixes)
- ARM: dts: meson8: Use a higher default GPU clock frequency (git-fixes)
- ARM: dts: meson8: remove two invalid interrupt lines from the GPU (git-fixes)
- ARM: dts: meson8b: ec100: Fix the pwm regulator supply properties (git-fixes)
- ARM: dts: meson8b: mxq: Fix the pwm regulator supply properties (git-fixes)
- ARM: dts: meson8b: odroidc1: Fix the pwm regulator supply properties (git-fixes)
- ARM: dts: meson: fix PHY deassert timing requirements (git-fixes)
- ARM: dts: omap3430-sdp: Fix NAND device node (git-fixes)
- ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers (git-fixes)
- ARM: dts: oxnas: Fix clear-mask property (git-fixes)
- ARM: dts: pandaboard: fix pinmux for gpio user button of Pandaboard (git-fixes)
- ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference (git-fixes)
- ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY (git-fixes)
- ARM: dts: r7s9210: Remove bogus clock-names from OSTM nodes (git-fixes)
- ARM: dts: r8a73a4: Add missing CMT1 interrupts (git-fixes)
- ARM: dts: r8a7740: Add missing extal2 to CPG node (git-fixes)
- ARM: dts: r8a7779, marzen: Fix DU clock names (git-fixes)
- ARM: dts: renesas: Fix IOMMU device node names (git-fixes)
- ARM: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries (git-fixes)
- ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema (git-fixes)
- ARM: dts: socfpga: fix register entry for timer3 on Arria10 (git-fixes)
- ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32f429 (git-fixes)
- ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32h743 (git-fixes)
- ARM: dts: sun6i: a31-hummingbird: Enable RGMII RX/TX delay on (git-fixes)
- ARM: dts: sun7i: a20: bananapro: Fix ethernet phy-mode (git-fixes)
- ARM: dts: sun7i: bananapi-m1-plus: Enable RGMII RX/TX delay on (git-fixes)
- ARM: dts: sun7i: bananapi: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes)
- ARM: dts: sun7i: cubietruck: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes)
- ARM: dts: sun7i: pcduino3-nano: enable RGMII RX/TX delay on PHY (git-fixes)
- ARM: dts: sun8i-a83t-tbs-a711: Fix USB OTG mode detection (git-fixes)
- ARM: dts: sun8i-h2-plus-bananapi-m2-zero: Fix led polarity (git-fixes)
- ARM: dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes)
- ARM: dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on (git-fixes)
- ARM: dts: sun8i: r40: Move AHCI device node based on address order (git-fixes)
- ARM: dts: sun8i: r40: bananapi-m2-berry: Fix dcdc1 regulator (git-fixes)
- ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator (git-fixes)
- ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node (git-fixes)
- ARM: dts: sun8i: v3s: fix GIC node memory range (git-fixes)
- ARM: dts: sun8i: v40: bananapi-m2-berry: Fix ethernet node (git-fixes)
- ARM: dts: sun9i: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes)
- ARM: dts: sunxi: Fix DE2 clocks register range (git-fixes)
- ARM: dts: sunxi: bananapi-m2-plus-v1.2: Fix CPU supply voltages (git-fixes)
- ARM: dts: sunxi: bananapi-m2-plus: Enable RGMII RX/TX delay on (git-fixes)
- ARM: dts: turris-omnia: add SFP node (git-fixes)
- ARM: dts: turris-omnia: add comphy handle to eth2 (git-fixes)
- ARM: dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin (git-fixes)
- ARM: dts: turris-omnia: describe switch interrupt (git-fixes)
- ARM: dts: turris-omnia: enable HW buffer management (git-fixes)
- ARM: dts: turris-omnia: fix hardware buffer management (git-fixes)
- ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins (git-fixes)
- ARM: dts: uniphier: Set SCSSI clock and reset IDs for each channel (git-fixes).
- ARM: dts: vf610-zii-dev-rev-b: Remove #address-cells and #size-cells (git-fixes)
- ARM: dts: vfxxx: Add syscon compatible with OCOTP (git-fixes)
- ARM: exynos: MCPM: Restore big.LITTLE cpuidle support (git-fixes)
- ARM: exynos: add missing of_node_put for loop iteration (git-fixes)
- ARM: footbridge: fix PCI interrupt mapping (git-fixes)
- ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram() (git-fixes)
- ARM: imx6: disable the GIC CPU interface before calling stby-poweroff (git-fixes)
- ARM: imx: add missing clk_disable_unprepare() (git-fixes)
- ARM: imx: add missing iounmap() (git-fixes)
- ARM: imx: build suspend-imx6.S with arm instruction set (git-fixes)
- ARM: imx: fix missing 3rd argument in macro imx_mmdc_perf_init (git-fixes)
- ARM: mvebu: drop pointless check for coherency_base (git-fixes)
- ARM: p2v: fix handling of LPAE translation in BE mode (git-fixes)
- ARM: s3c24xx: fix missing system reset (git-fixes)
- ARM: s3c24xx: fix mmc gpio lookup tables (git-fixes)
- ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (git-fixes)
- ARM: samsung: do not build plat/pm-common for Exynos (git-fixes)
- ARM: samsung: fix PM debug build with DEBUG_LL but !MMU (git-fixes)
- ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh() (git-fixes)
- ASoC: DAPM: Cover regression by kctl change notification fix (git-fixes).
- ASoC: SOF: Intel: hda-dai: fix potential locking issue (git-fixes).
- ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect (git-fixes).
- ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer (git-fixes).
- ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (git-fixes).
- Add SMB 2 support for getting and setting SACLs (bsc#1192606).
- Add to supported.conf: fs/smbfs_common/cifs_arc4 fs/smbfs_common/cifs_md4
- Blacklist SCSI commit that breaks kABI (git-fixes)
- Bluetooth: fix use-after-free error in lock_sock_nested() (git-fixes).
- CIFS: Add support for setting owner info, dos attributes, and create time (bsc#1164565).
- CIFS: Clarify SMB1 code for POSIX Create (bsc#1192606).
- CIFS: Clarify SMB1 code for POSIX Lock (bsc#1192606).
- CIFS: Clarify SMB1 code for POSIX delete file (bsc#1192606).
- CIFS: Clarify SMB1 code for SetFileSize (bsc#1192606).
- CIFS: Clarify SMB1 code for UnixCreateSymLink (bsc#1192606).
- CIFS: Clarify SMB1 code for UnixSetPathInfo (bsc#1192606).
- CIFS: Clarify SMB1 code for delete (bsc#1192606).
- CIFS: Clarify SMB1 code for rename open file (bsc#1192606).
- CIFS: Close cached root handle only if it had a lease (bsc#1164565).
- CIFS: Close open handle after interrupted close (bsc#1164565).
- CIFS: Do not miss cancelled OPEN responses (bsc#1164565).
- CIFS: Fix NULL pointer dereference in mid callback (bsc#1164565).
- CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bnc#1151927 5.3.16).
- CIFS: Fix SMB2 oplock break processing (bsc#1154355 bnc#1151927 5.3.16).
- CIFS: Fix bug which the return value by asynchronous read is error (bsc#1192606).
- CIFS: Fix oplock handling for SMB 2.1+ protocols (bnc#1151927 5.3.4).
- CIFS: Fix retry mid list corruption on reconnects (bnc#1151927 5.3.10).
- CIFS: Fix task struct use-after-free on reconnect (bsc#1164565).
- CIFS: Fix use after free of file info structures (bnc#1151927 5.3.8).
- CIFS: Force reval dentry if LOOKUP_REVAL flag is set (bnc#1151927 5.3.7).
- CIFS: Force revalidate inode when dentry is stale (bnc#1151927 5.3.7).
- CIFS: Gracefully handle QueryInfo errors during open (bnc#1151927 5.3.7).
- CIFS: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1192606).
- CIFS: Properly process SMB3 lease breaks (bsc#1164565).
- CIFS: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1164565).
- CIFS: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1164565).
- CIFS: Spelling s/EACCESS/EACCES/ (bsc#1192606).
- CIFS: Use common error handling code in smb2_ioctl_query_info() (bsc#1164565).
- CIFS: Use memdup_user() rather than duplicating its implementation (bsc#1164565).
- CIFS: Warn less noisily on default mount (bsc#1192606).
- CIFS: avoid using MID 0xFFFF (bnc#1151927 5.3.8).
- CIFS: check new file size when extending file by fallocate (bsc#1192606).
- CIFS: fiemap: do not return EINVAL if get nothing (bsc#1192606).
- CIFS: fix a white space issue in cifs_get_inode_info() (bsc#1164565).
- CIFS: fix max ea value size (bnc#1151927 5.3.4).
- CIFS: refactor cifs_get_inode_info() (bsc#1164565).
- CIFS: remove set but not used variables 'cinode' and 'netfid' (bsc#1164565).
- Convert trailing spaces and periods in path components (bsc#1179424).
- EDAC/amd64: Handle three rank interleaving mode (bsc#1152489).
- Handle STATUS_IO_TIMEOUT gracefully (bsc#1192606).
- Input: iforce - fix control-message timeout (git-fixes).
- MM: reclaim mustn't enter FS for swap-over-NFS (bsc#1191876).
- Mark commit as not needed (git-fixes)
- Move upstreamed i8042 patch into sorted section
- NFC: add NCI_UNREG flag to eliminate the race (git-fixes).
- NFC: reorder the logic in nfc_{un,}register_device (git-fixes).
- NFC: reorganize the functions in nci_request (git-fixes).
- NFS: Do not set NFS_INO_DATA_INVAL_DEFER and NFS_INO_INVALID_DATA (git-fixes).
- NFS: Fix deadlocks in nfs_scan_commit_list() (git-fixes).
- NFS: Fix up commit deadlocks (git-fixes).
- NFS: do not take i_rwsem for swap IO (bsc#1191876).
- NFS: move generic_write_checks() call from nfs_file_direct_write() to nfs_file_write() (bsc#1191876).
- NFSv4: Fix a regression in nfs_set_open_stateid_locked() (git-fixes).
- PCI/MSI: Deal with devices lying about their MSI mask capability (git-fixes).
- PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes).
- PCI: Mark Atheros QCA6174 to avoid bus reset (git-fixes).
- PM: hibernate: Get block device exclusively in swsusp_check() (git-fixes).
- PM: hibernate: use correct mode for swsusp_close() (git-fixes).
- Pass consistent param->type to fs_parse() (bsc#1192606).
- Replace HTTP links with HTTPS ones: CIFS (bsc#1192606).
- Revert 'ARM: sti: Implement dummy L2 cache's write_sec' (git-fixes)
- Revert 'arm: sun8i: orangepi-pc-plus: Set EMAC activity LEDs to (git-fixes)
- Revert 'cifs: Fix the target file was deleted when rename failed.' (bsc#1192606).
- SMB3.1.1: Add support for negotiating signing algorithm (bsc#1192606).
- SMB3.1.1: Fix ids returned in POSIX query dir (bsc#1192606).
- SMB3.1.1: add defines for new signing negotiate context (bsc#1192606).
- SMB3.1.1: do not log warning message if server does not populate salt (bsc#1192606).
- SMB3.1.1: fix mount failure to some servers when compression enabled (bsc#1192606).
- SMB3.1.1: remove confusing mount warning when no SPNEGO info on negprot rsp (bsc#1192606).
- SMB3.1.1: update comments clarifying SPNEGO info in negprot response (bsc#1192606).
- SMB311: Add support for query info using posix extensions (level 100) (bsc#1192606).
- SMB3: Add new compression flags (bsc#1192606).
- SMB3: Add new info level for query directory (bsc#1192606).
- SMB3: Add support for getting and setting SACLs (bsc#1192606).
- SMB3: Additional compression structures (bsc#1192606).
- SMB3: Backup intent flag missing from some more ops (bsc#1164565).
- SMB3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1164565).
- SMB3: Fix mkdir when idsfromsid configured on mount (bsc#1192606).
- SMB3: Fix persistent handles reconnect (bnc#1151927 5.3.11).
- SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558).
- SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559).
- SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545).
- SMB3: Honor lease disabling for multiuser mounts (git-fixes).
- SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546).
- SMB3: Minor cleanup of protocol definitions (bsc#1192606).
- SMB3: Resolve data corruption of TCP server info fields (bsc#1192606).
- SMB3: add support for recognizing WSL reparse tags (bsc#1192606).
- SMB3: avoid confusing warning message on mount to Azure (bsc#1192606).
- SMB3: fix readpage for large swap cache (bsc#1192606).
- SMB3: incorrect file id in requests compounded with open (bsc#1192606).
- SMB3: update structures for new compression protocol definitions (bsc#1192606).
- SUNRPC/auth: async tasks mustn't block waiting for memory (bsc#1191876).
- SUNRPC/call_alloc: async tasks mustn't block waiting for memory (bsc#1191876).
- SUNRPC/xprt: async tasks mustn't block waiting for memory (bsc#1191876).
- SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876).
- SUNRPC: remove scheduling boost for 'SWAPPER' tasks (bsc#1191876).
- TCON Reconnect during STATUS_NETWORK_NAME_DELETED (bsc#1192606).
- USB: serial: option: add Fibocom FM101-GL variants (git-fixes).
- USB: serial: option: add Telit LE910S1 0x9200 composition (git-fixes).
- Update configs to add CONFIG_SMBFS_COMMON=m.
- Update patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch (bsc#1189158)
- arm: dts: dra76x: Fix mmc3 max-frequency (git-fixes)
- arm: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy (git-fixes)
- arm: dts: mt7623: add missing pause for switchport (git-fixes)
- arm: dts: omap3-gta04a4: accelerometer irq fix (git-fixes)
- ath10k: fix invalid dma_addr_t token assignment (git-fixes).
- ath10k: high latency fixes for beacon buffer (git-fixes).
- ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (git-fixes).
- block: Fix use-after-free issue accessing struct io_cq (bsc#1193042).
- bnxt_en: reject indirect blk offload when hw-tc-offload is off (jsc#SLE-8372 bsc#1153275).
- bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (git-fixes).
- bpf, arm: Fix register clobbering in div/mod implementation (git-fixes)
- brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet (git-fixes).
- btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums (bsc#1193002).
- btrfs: fix fsync failure and transaction abort after writes to prealloc extents (bsc#1193002).
- btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction (bsc#1192998).
- btrfs: fix race causing unnecessary inode logging during link and rename (bsc#1192998).
- btrfs: make checksum item extension more efficient (bsc#1193002).
- cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (git-fixes).
- cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544).
- cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536).
- cifs: Add get_security_type_str function to return sec type (bsc#1192606).
- cifs: Add missing sentinel to smb3_fs_parameters (bsc#1192606).
- cifs: Add new mount parameter 'acdirmax' to allow caching directory metadata (bsc#1192606).
- cifs: Add new parameter 'acregmax' for distinct file and directory metadata timeout (bsc#1192606).
- cifs: Add tracepoints for errors on flush or fsync (bsc#1164565).
- cifs: Add witness information to debug data dump (bsc#1192606).
- cifs: Adjust indentation in smb2_open_file (bsc#1164565).
- cifs: Adjust key sizes and key generation routines for AES256 encryption (bsc#1192606).
- cifs: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1192606).
- cifs: Allocate encryption header through kmalloc (bsc#1192606).
- cifs: Always update signing key of first channel (bsc#1192606).
- cifs: Avoid doing network I/O while holding cache lock (bsc#1164565).
- cifs: Avoid error pointer dereference (bsc#1192606).
- cifs: Avoid field over-reading memcpy() (bsc#1192606).
- cifs: Change SIDs in ACEs while transferring file ownership (bsc#1192606).
- cifs: Clean up DFS referral cache (bsc#1164565).
- cifs: Constify static struct genl_ops (bsc#1192606).
- cifs: Convert to use the fallthrough macro (bsc#1192606).
- cifs: Create a new shared file holding smb2 pdu definitions (bsc#1192606).
- cifs: Deal with some warnings from W=1 (bsc#1192606).
- cifs: Delete a stray unlock in cifs_swn_reconnect() (bsc#1192606).
- cifs: Display local UID details for SMB sessions in DebugData (bsc#1192606).
- cifs: Do not display RDMA transport on reconnect (bsc#1164565).
- cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (bsc#1192606).
- cifs: Do not use iov_iter::type directly (bsc#1192606).
- cifs: Do not use the original cruid when following DFS links for multiuser mounts (bsc#1192606).
- cifs: Enable sticky bit with cifsacl mount option (bsc#1192606).
- cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270).
- cifs: Fix cached_fid refcnt leak in open_shroot (bsc#1192606).
- cifs: Fix chmod with modefromsid when an older ACE already exists (bsc#1192606).
- cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bnc#1151927 5.3.10).
- cifs: Fix cifsacl ACE mask for group and others (bsc#1192606).
- cifs: Fix double add page to memcg when cifs_readpages (bsc#1192606).
- cifs: Fix fall-through warnings for Clang (bsc#1192606).
- cifs: Fix in error types returned for out-of-credit situations (bsc#1192606).
- cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).
- cifs: Fix inconsistent IS_ERR and PTR_ERR (bsc#1192606).
- cifs: Fix inconsistent indenting (bsc#1192606).
- cifs: Fix leak when handling lease break for cached root fid (bsc#1176242).
- cifs: Fix lookup of SMB connections on multichannel (bsc#1192606).
- cifs: Fix lookup of root ses in DFS referral cache (bsc#1164565).
- cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1164565).
- cifs: Fix missed free operations (bnc#1151927 5.3.8).
- cifs: Fix mode output in debugging statements (bsc#1164565).
- cifs: Fix mount options set in automount (bsc#1164565).
- cifs: Fix null pointer check in cifs_read (bsc#1192606).
- cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1164565).
- cifs: Fix potential softlockups while refreshing DFS cache (bsc#1164565).
- cifs: Fix preauth hash corruption (git-fixes).
- cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1164565).
- cifs: Fix return value in __update_cache_entry (bsc#1164565).
- cifs: Fix some error pointers handling detected by static checker (bsc#1192606).
- cifs: Fix spelling of 'security' (bsc#1192606).
- cifs: Fix support for remount when not changing rsize/wsize (bsc#1192606).
- cifs: Fix the target file was deleted when rename failed (bsc#1192606).
- cifs: Fix unix perm bits to cifsacl conversion for 'other' bits (bsc#1192606).
- cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1164565).
- cifs: Get rid of kstrdup_const()'d paths (bsc#1164565).
- cifs: Grab a reference for the dentry of the cached directory during the lifetime of the cache (bsc#1192606).
- cifs: Handle witness client move notification (bsc#1192606).
- cifs: Identify a connection by a conn_id (bsc#1192606).
- cifs: If a corrupted DACL is returned by the server, bail out (bsc#1192606).
- cifs: In the new mount api we get the full devname as source= (bsc#1192606).
- cifs: Introduce helpers for finding TCP connection (bsc#1164565).
- cifs: Make extract_hostname function public (bsc#1192606).
- cifs: Make extract_sharename function public (bsc#1192606).
- cifs: Merge is_path_valid() into get_normalized_path() (bsc#1164565).
- cifs: Move SMB2_Create definitions to the shared area (bsc#1192606).
- cifs: Move more definitions into the shared area (bsc#1192606).
- cifs: New optype for session operations (bsc#1181507).
- cifs: On cifs_reconnect, resolve the hostname again (bsc#1192606).
- cifs: Optimize readdir on reparse points (bsc#1164565).
- cifs: Print the address and port we are connecting to in generic_ip_connect() (bsc#1192606).
- cifs: Re-indent cifs_swn_reconnect() (bsc#1192606).
- cifs: Reformat DebugData and index connections by conn_id (bsc#1192606).
- cifs: Register generic netlink family (bsc#1192606). Update configs with CONFIG_SWN_UPCALL unset.
- cifs: Remove the superfluous break (bsc#1192606).
- cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902).
- cifs: Remove useless variable (bsc#1192606).
- cifs: Retain old ACEs when converting between mode bits and ACL (bsc#1192606).
- cifs: Return correct error code from smb2_get_enc_key (git-fixes).
- cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).
- cifs: Send witness register and unregister commands to userspace daemon (bsc#1192606).
- cifs: Send witness register messages to userspace daemon in echo task (bsc#1192606).
- cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath (bsc#1192606).
- cifs: Set witness notification handler for messages from userspace daemon (bsc#1192606).
- cifs: Silently ignore unknown oplock break handle (bsc#1192606).
- cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1192606).
- cifs: Standardize logging output (bsc#1192606).
- cifs: To match file servers, make sure the server hostname matches (bsc#1192606).
- cifs: Tracepoints and logs for tracing credit changes (bsc#1181507).
- cifs: Unlock on errors in cifs_swn_reconnect() (bsc#1192606).
- cifs: Use #define in cifs_dbg (bsc#1164565).
- cifs: add FALLOC_FL_INSERT_RANGE support (bsc#1192606).
- cifs: add NULL check for ses->tcon_ipc (bsc#1178270).
- cifs: add SMB2_open() arg to return POSIX data (bsc#1164565).
- cifs: add SMB3 change notification support (bsc#1164565).
- cifs: add a debug macro that prints \\server\share for errors (bsc#1164565).
- cifs: add a function to get a cached dir based on its dentry (bsc#1192606).
- cifs: add a helper to find an existing readable handle to a file (bsc#1154355).
- cifs: add a timestamp to track when the lease of the cached dir was taken (bsc#1192606).
- cifs: add an smb3_fs_context to cifs_sb (bsc#1192606).
- cifs: add files to host new mount api (bsc#1192606).
- cifs: add fs_context param to parsing helpers (bsc#1192606).
- cifs: add initial reconfigure support (bsc#1192606).
- cifs: add missing mount option to /proc/mounts (bsc#1164565).
- cifs: add missing parsing of backupuid (bsc#1192606).
- cifs: add mount parameter tcpnodelay (bsc#1192606).
- cifs: add multichannel mount options and data structs (bsc#1192606).
- cifs: add new debugging macro cifs_server_dbg (bsc#1164565).
- cifs: add passthrough for smb2 setinfo (bsc#1164565).
- cifs: add server param (bsc#1192606).
- cifs: add shutdown support (bsc#1192606).
- cifs: add smb2 POSIX info level (bsc#1164565).
- cifs: add support for FALLOC_FL_COLLAPSE_RANGE (bsc#1192606).
- cifs: add support for fallocate mode 0 for non-sparse files (bsc#1164565).
- cifs: add support for flock (bsc#1164565).
- cifs: add witness mount option and data structs (bsc#1192606).
- cifs: added WARN_ON for all the count decrements (bsc#1192606).
- cifs: allocate buffer in the caller of build_path_from_dentry() (bsc#1192606).
- cifs: allow chmod to set mode bits using special sid (bsc#1164565).
- cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956).
- cifs: allow unlock flock and OFD lock across fork (bsc#1192606).
- cifs: ask for more credit on async read/write code paths (bsc#1192606).
- cifs: avoid extra calls in posix_info_parse (bsc#1192606).
- cifs: avoid starvation when refreshing dfs cache (bsc#1185902).
- cifs: call wake_up(&server->response_q) inside of cifs_reconnect() (bsc#1164565).
- cifs: change confusing field serverName (to ip_addr) (bsc#1192606).
- cifs: change format of CIFS_FULL_KEY_DUMP ioctl (bsc#1192606).
- cifs: change noisy error message to FYI (bsc#1181507).
- cifs: check all path components in resolved dfs target (bsc#1181710).
- cifs: check pointer before freeing (bsc#1183534).
- cifs: check the timestamp for the cached dirent when deciding on revalidate (bsc#1192606).
- cifs: cifs_md4 convert to SPDX identifier (bsc#1192606).
- cifs: cifspdu.h: Replace one-element array with flexible-array member (bsc#1192606).
- cifs: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1192606).
- cifs: clarify SMB1 code for UnixCreateHardLink (bsc#1192606).
- cifs: clarify comment about timestamp granularity for old servers (bsc#1192606).
- cifs: clarify hostname vs ip address in /proc/fs/cifs/DebugData (bsc#1192606).
- cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (bsc#1192606).
- cifs: cleanup misc.c (bsc#1192606).
- cifs: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1192606).
- cifs: close the shared root handle on tree disconnect (bsc#1164565).
- cifs: compute full_path already in cifs_readdir() (bsc#1192606).
- cifs: connect individual channel servers to primary channel server (bsc#1192606).
- cifs: connect: style: Simplify bool comparison (bsc#1192606).
- cifs: constify get_normalized_path() properly (bsc#1185902).
- cifs: constify path argument of ->make_node() (bsc#1192606).
- cifs: constify pathname arguments in a bunch of helpers (bsc#1192606).
- cifs: convert list_for_each to entry variant (bsc#1192606, jsc#SLE-20042).
- cifs: convert list_for_each to entry variant in cifs_debug.c (bsc#1192606).
- cifs: convert list_for_each to entry variant in smb2misc.c (bsc#1192606).
- cifs: convert revalidate of directories to using directory metadata cache timeout (bsc#1192606).
- cifs: convert to use be32_add_cpu() (bsc#1192606).
- cifs: correct comments explaining internal semaphore usage in the module (bsc#1192606).
- cifs: correct four aliased mount parms to allow use of previous names (bsc#1192606).
- cifs: create a MD4 module and switch cifs.ko to use it (bsc#1192606).
- cifs: create a helper function to parse the query-directory response buffer (bsc#1164565).
- cifs: create a helper to find a writeable handle by path name (bsc#1154355).
- cifs: create sd context must be a multiple of 8 (bsc#1192606).
- cifs: delete duplicated words in header files (bsc#1192606).
- cifs: detect dead connections only when echoes are enabled (bsc#1192606).
- cifs: do d_move in rename (bsc#1164565).
- cifs: do not allow changing posix_paths during remount (bsc#1192606).
- cifs: do not cargo-cult strndup() (bsc#1185902).
- cifs: do not create a temp nls in cifs_setup_ipc (bsc#1192606).
- cifs: do not disable noperm if multiuser mount option is not provided (bsc#1192606).
- cifs: do not duplicate fscache cookie for secondary channels (bsc#1192606).
- cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes).
- cifs: do not ignore the SYNC flags in getattr (bsc#1164565).
- cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1164565).
- cifs: do not negotiate session if session already exists (bsc#1192606).
- cifs: do not send close in compound create+close requests (bsc#1181507).
- cifs: do not send tree disconnect to ipc shares (bsc#1185902).
- cifs: do not share tcons with DFS (bsc#1178270).
- cifs: do not share tcp servers with dfs mounts (bsc#1185902).
- cifs: do not share tcp sessions of dfs connections (bsc#1185902).
- cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1164565).
- cifs: document and cleanup dfs mount (bsc#1178270).
- cifs: dump Security Type info in DebugData (bsc#1192606).
- cifs: dump channel info in DebugData (bsc#1192606).
- cifs: dump the session id and keys also for SMB2 sessions (bsc#1192606).
- cifs: enable change notification for SMB2.1 dialect (bsc#1164565).
- cifs: enable extended stats by default (bsc#1192606).
- cifs: ensure correct super block for DFS reconnect (bsc#1178270).
- cifs: escape spaces in share names (bsc#1192606).
- cifs: export supported mount options via new mount_params /proc file (bsc#1192606).
- cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1164565).
- cifs: fix DFS failover (bsc#1192606).
- cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270).
- cifs: fix NULL dereference in match_prepath (bsc#1164565).
- cifs: fix NULL dereference in smb2_check_message() (bsc#1192606).
- cifs: fix SMB1 error path in cifs_get_file_info_unix (bsc#1192606).
- cifs: fix a comment for the timeouts when sending echos (bsc#1164565).
- cifs: fix a memleak with modefromsid (bsc#1192606).
- cifs: fix a sign extension bug (bsc#1192606).
- cifs: fix allocation size on newly created files (bsc#1192606).
- cifs: fix channel signing (bsc#1192606).
- cifs: fix check of dfs interlinks (bsc#1185902).
- cifs: fix check of tcon dfs in smb1 (bsc#1178270).
- cifs: fix chown and chgrp when idsfromsid mount option enabled (bsc#1192606).
- cifs: fix credit accounting for extra channel (bsc#1192606).
- cifs: fix dereference on ses before it is null checked (bsc#1164565).
- cifs: fix dfs domain referrals (bsc#1192606).
- cifs: fix dfs-links (bsc#1192606).
- cifs: fix doc warnings in cifs_dfs_ref.c (bsc#1192606).
- cifs: fix double free error on share and prefix (bsc#1178270).
- cifs: fix fallocate when trying to allocate a hole (bsc#1192606).
- cifs: fix handling of escaped ',' in the password mount argument (bsc#1192606).
- cifs: fix incorrect check for null pointer in header_assemble (bsc#1192606).
- cifs: fix incorrect kernel doc comments (bsc#1192606).
- cifs: fix interrupted close commands (git-fixes).
- cifs: fix ipv6 formating in cifs_ses_add_channel (bsc#1192606).
- cifs: fix leak in cifs_smb3_do_mount() ctx (bsc#1192606).
- cifs: fix leaked reference on requeued write (bsc#1178270).
- cifs: fix memory leak in smb2_copychunk_range (git-fixes).
- cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1192606).
- cifs: fix minor typos in comments and log messages (bsc#1192606).
- cifs: fix missing null session check in mount (bsc#1192606).
- cifs: fix missing spinlock around update to ses->status (bsc#1192606).
- cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1164565).
- cifs: fix mount option display for sec=krb5i (bsc#1161907).
- cifs: fix mounts to subdirectories of target (bsc#1192606).
- cifs: fix nodfs mount option (bsc#1181710).
- cifs: fix out-of-bound memory access when calling smb3_notify() at mount point (bsc#1192606).
- cifs: fix path comparison and hash calc (bsc#1185902).
- cifs: fix possible uninitialized access and race on iface_list (bsc#1192606).
- cifs: fix potential mismatch of UNC paths (bsc#1164565).
- cifs: fix potential use-after-free bugs (bsc#1192606, jsc#SLE-20042).
- cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944).
- cifs: fix print of hdr_flags in dfscache_proc_show() (bsc#1192606, jsc#SLE-20042).
- cifs: fix reference leak for tlink (bsc#1192606).
- cifs: fix regression when mounting shares with prefix paths (bsc#1192606).
- cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1164565).
- cifs: fix rsize/wsize to be negotiated values (bsc#1192606).
- cifs: fix soft mounts hanging in the reconnect code (bsc#1164565).
- cifs: fix soft mounts hanging in the reconnect code (bsc#1164565).
- cifs: fix string declarations and assignments in tracepoints (bsc#1192606).
- cifs: fix the out of range assignment to bit fields in parse_server_interfaces (bsc#1192606).
- cifs: fix trivial typo (bsc#1192606).
- cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270).
- cifs: fix uninitialized variable in smb3_fs_context_parse_param (bsc#1192606).
- cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1164565).
- cifs: fix unneeded null check (bsc#1192606).
- cifs: fix use after free in cifs_smb3_do_mount() (bsc#1192606).
- cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1192606).
- cifs: for compound requests, use open handle if possible (bsc#1192606).
- cifs: fork arc4 and create a separate module for it for cifs and other users (bsc#1192606).
- cifs: get mode bits from special sid on stat (bsc#1164565).
- cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902).
- cifs: get rid of cifs_sb->mountdata (bsc#1192606).
- cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270).
- cifs: handle 'guest' mount parameter (bsc#1192606).
- cifs: handle 'nolease' option for vers=1.0 (bsc#1192606).
- cifs: handle -EINTR in cifs_setattr (bsc#1192606).
- cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270).
- cifs: handle different charsets in dfs cache (bsc#1185902).
- cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270).
- cifs: handle hostnames that resolve to same ip in failover (bsc#1178270).
- cifs: handle prefix paths in reconnect (bsc#1164565).
- cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1192606).
- cifs: have ->mkdir() handle race with another client sanely (bsc#1192606).
- cifs: have cifs_fattr_to_inode() refuse to change type on live inode (bsc#1192606).
- cifs: ignore auto and noauto options if given (bsc#1192606).
- cifs: ignore cached share root handle closing errors (bsc#1166780).
- cifs: improve fallocate emulation (bsc#1192606).
- cifs: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1192606).
- cifs: introduce cifs_ses_mark_for_reconnect() helper (bsc#1192606).
- cifs: introduce helper for finding referral server (bsc#1181710).
- cifs: introduce new helper for cifs_reconnect() (bsc#1192606, jsc#SLE-20042).
- cifs: keep referral server sessions alive (bsc#1185902).
- cifs: log mount errors using cifs_errorf() (bsc#1192606).
- cifs: log warning message (once) if out of disk space (bsc#1164565).
- cifs: make build_path_from_dentry() return const char * (bsc#1192606).
- cifs: make const array static, makes object smaller (bsc#1192606).
- cifs: make fs_context error logging wrapper (bsc#1192606).
- cifs: make locking consistent around the server session status (bsc#1192606).
- cifs: make multichannel warning more visible (bsc#1192606).
- cifs: make sure we do not overflow the max EA buffer size (bsc#1164565).
- cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1164565).
- cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES (bsc#1192606).
- cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270).
- cifs: minor fix to two debug messages (bsc#1192606).
- cifs: minor kernel style fixes for comments (bsc#1192606).
- cifs: minor simplification to smb2_is_network_name_deleted (bsc#1192606).
- cifs: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1192606).
- cifs: minor updates to Kconfig (bsc#1192606).
- cifs: misc: Use array_size() in if-statement controlling expression (bsc#1192606).
- cifs: missed ref-counting smb session in find (bsc#1192606).
- cifs: missing null check for newinode pointer (bsc#1192606).
- cifs: missing null pointer check in cifs_mount (bsc#1185902).
- cifs: modefromsid: make room for 4 ACE (bsc#1164565).
- cifs: modefromsid: write mode ACE first (bsc#1164565).
- cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (bsc#1192606).
- cifs: move SMB FSCTL definitions to common code (bsc#1192606).
- cifs: move [brw]size from cifs_sb to cifs_sb->ctx (bsc#1192606).
- cifs: move cache mount options to fs_context.ch (bsc#1192606).
- cifs: move cifsFileInfo_put logic into a work-queue (bsc#1154355).
- cifs: move cifs_cleanup_volume_info[_content] to fs_context.c (bsc#1192606).
- cifs: move cifs_parse_devname to fs_context.c (bsc#1192606).
- cifs: move debug print out of spinlock (bsc#1192606).
- cifs: move security mount options into fs_context.ch (bsc#1192606).
- cifs: move smb version mount options into fs_context.c (bsc#1192606).
- cifs: move some variables off the stack in smb2_ioctl_query_info (bsc#1192606).
- cifs: move the check for nohandlecache into open_shroot (bsc#1192606).
- cifs: move the enum for cifs parameters into fs_context.h (bsc#1192606).
- cifs: move update of flags into a separate function (bsc#1192606).
- cifs: multichannel: always zero struct cifs_io_parms (bsc#1192606).
- cifs: multichannel: move channel selection above transport layer (bsc#1192606).
- cifs: multichannel: move channel selection in function (bsc#1192606).
- cifs: multichannel: try to rebind when reconnecting a channel (bsc#1192606).
- cifs: multichannel: use pointer for binding channel (bsc#1192606).
- cifs: nosharesock should be set on new server (bsc#1192606).
- cifs: nosharesock should not share socket with future sessions (bsc#1192606).
- cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270).
- cifs: only write 64kb at a time when fallocating a small region of a file (bsc#1192606).
- cifs: pass a path to open_shroot and check if it is the root or not (bsc#1192606).
- cifs: pass the dentry instead of the inode down to the revalidation check functions (bsc#1192606).
- cifs: plumb smb2 POSIX dir enumeration (bsc#1164565).
- cifs: populate server_hostname for extra channels (bsc#1192606).
- cifs: potential unintitliazed error code in cifs_getattr() (bsc#1164565).
- cifs: prepare SMB2_Flush to be usable in compounds (bsc#1154355).
- cifs: prepare SMB2_query_directory to be used with compounding (bsc#1164565).
- cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902).
- cifs: prevent truncation from long to int in wait_for_free_credits (bsc#1192606).
- cifs: print MIDs in decimal notation (bsc#1181507).
- cifs: print warning mounting with vers=1.0 (bsc#1164565).
- cifs: properly invalidate cached root handle when closing it (bsc#1192606).
- cifs: protect session channel fields with chan_lock (bsc#1192606).
- cifs: protect srv_count with cifs_tcp_ses_lock (bsc#1192606).
- cifs: protect updating server->dstaddr with a spinlock (bsc#1192606).
- cifs: reduce number of referral requests in DFS link lookups (bsc#1178270).
- cifs: reduce stack use in smb2_compound_op (bsc#1192606).
- cifs: refactor create_sd_buf() and and avoid corrupting the buffer (bsc#1192606).
- cifs: release lock earlier in dequeue_mid error case (bsc#1192606).
- cifs: remove [gu]id/backup[gu]id/file_mode/dir_mode from cifs_sb (bsc#1192606).
- cifs: remove actimeo from cifs_sb (bsc#1192606).
- cifs: remove bogus debug code (bsc#1179427).
- cifs: remove ctx argument from cifs_setup_cifs_sb (bsc#1192606).
- cifs: remove duplicated prototype (bsc#1192606).
- cifs: remove old dead code (bsc#1192606).
- cifs: remove pathname for file from SPDX header (bsc#1192606).
- cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1164565).
- cifs: remove redundant assignment to variable rc (bsc#1164565).
- cifs: remove redundant initialization of variable rc (bsc#1192606).
- cifs: remove redundant initialization of variable rc (bsc#1192606).
- cifs: remove set but not used variable 'server' (bsc#1164565).
- cifs: remove set but not used variables (bsc#1164565).
- cifs: remove some minor warnings pointed out by kernel test robot (bsc#1192606).
- cifs: remove the devname argument to cifs_compose_mount_options (bsc#1192606).
- cifs: remove the retry in cifs_poxis_lock_set (bsc#1192606).
- cifs: remove two cases where rc is set unnecessarily in sid_to_id (bsc#1192606).
- cifs: remove unnecessary copies of tcon->crfid.fid (bsc#1192606).
- cifs: remove unused variable 'server' (bsc#1192606).
- cifs: remove unused variable 'sid_user' (bsc#1164565).
- cifs: remove unused variable (bsc#1164565).
- cifs: remove various function description warnings (bsc#1192606).
- cifs: rename a variable in SendReceive() (bsc#1164565).
- cifs: rename cifs_common to smbfs_common (bsc#1192606).
- cifs: rename dup_vol to smb3_fs_context_dup and move it into fs_context.c (bsc#1192606).
- cifs: rename posix create rsp (bsc#1164565).
- cifs: rename reconn_inval_dfs_target() (bsc#1178270).
- cifs: rename smb_vol as smb3_fs_context and move it to fs_context.h (bsc#1192606).
- cifs: rename the *_shroot* functions to *_cached_dir* (bsc#1192606).
- cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440).
- cifs: retry lookup and readdir when EAGAIN is returned (bsc#1192606).
- cifs: return cached_fid from open_shroot (bsc#1192606).
- cifs: return proper error code in statfs(2) (bsc#1181507).
- cifs: returning mount parm processing errors correctly (bsc#1192606).
- cifs: revalidate mapping when we open files for SMB1 POSIX (bsc#1192606).
- cifs: send workstation name during ntlmssp session setup (bsc#1192606).
- cifs: set a minimum of 120s for next dns resolution (bsc#1192606).
- cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902).
- cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1164565).
- cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (bsc#1192606).
- cifs: set up next DFS target before generic_ip_connect() (bsc#1178270).
- cifs: simplify SWN code with dummy funcs instead of ifdefs (bsc#1192606).
- cifs: simplify handling of cifs_sb/ctx->local_nls (bsc#1192606).
- cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails (bsc#1192606).
- cifs: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1192606).
- cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1164565).
- cifs: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1192606).
- cifs: smbd: Check and extend sender credits in interrupt context (bsc#1192606).
- cifs: smbd: Check send queue size before posting a send (bsc#1192606).
- cifs: smbd: Do not schedule work to send immediate packet on every receive (bsc#1192606).
- cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1164565).
- cifs: smbd: Merge code to track pending packets (bsc#1192606).
- cifs: smbd: Only queue work for error recovery on memory registration (bsc#1164565).
- cifs: smbd: Properly process errors on ib_post_send (bsc#1192606).
- cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1164565).
- cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1164565).
- cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1164565).
- cifs: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1192606).
- cifs: sort interface list by speed (bsc#1192606).
- cifs: split out dfs code from cifs_reconnect() (bsc#1192606, jsc#SLE-20042).
- cifs: store a pointer to the root dentry in cifs_sb_info once we have completed mounting the share (bsc#1192606).
- cifs: style: replace one-element array with flexible-array (bsc#1192606).
- cifs: support nested dfs links over reconnect (bsc#1192606, jsc#SLE-20042).
- cifs: support share failover when remounting (bsc#1192606, jsc#SLE-20042).
- cifs: switch build_path_from_dentry() to using dentry_path_raw() (bsc#1192606).
- cifs: switch servers depending on binding state (bsc#1192606).
- cifs: switch to new mount api (bsc#1192606).
- cifs: try harder to open new channels (bsc#1192606).
- cifs: try opening channels after mounting (bsc#1192606).
- cifs: uncomplicate printing the iocharset parameter (bsc#1192606).
- cifs: update FSCTL definitions (bsc#1192606).
- cifs: update ctime and mtime during truncate (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal version number (bsc#1192606).
- cifs: update internal version number (bsc#1192606).
- cifs: update internal version number (bsc#1192606).
- cifs: update internal version number (bsc#1192606).
- cifs: update mnt_cifs_flags during reconfigure (bsc#1192606).
- cifs: update new ACE pointer after populate_new_aces (bsc#1192606).
- cifs: update super_operations to show_devname (bsc#1192606).
- cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1164565).
- cifs: use SPDX-Licence-Identifier (bsc#1192606).
- cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bnc#1151927 5.3.7).
- cifs: use compounding for open and first query-dir for readdir() (bsc#1164565).
- cifs: use discard iterator to discard unneeded network data more efficiently (bsc#1192606).
- cifs: use echo_interval even when connection not ready (bsc#1192606).
- cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1154355).
- cifs: use helpers when parsing uid/gid mount options and validate them (bsc#1192606).
- cifs: use mod_delayed_work() for &server->reconnect if already queued (bsc#1164565).
- cifs: use the expiry output of dns_query to schedule next resolution (bsc#1192606).
- cifs: warn and fail if trying to use rootfs without the config option (bsc#1192606).
- cifs: we do not allow changing username/password/unc/... during remount (bsc#1192606).
- cifs_atomic_open(): fix double-put on late allocation failure (bsc#1192606).
- cifs_debug: use %pd instead of messing with ->d_name (bsc#1192606).
- cifs`: handle ERRBaduid for SMB1 (bsc#1192606).
- clk: imx: imx6ul: Move csi_sel mux to correct base register (git-fixes).
- clk: ingenic: Fix bugs with divided dividers (git-fixes).
- crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (git-fixes).
- crypto: pcrypt - Delay write to padata->info (git-fixes).
- crypto: s5p-sss - Add error handling in s5p_aes_probe() (git-fixes).
- cxgb4: fix eeprom len when diagnostics not implemented (git-fixes).
- dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (git-fixes).
- dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` (git-fixes).
- do_cifs_create(): do not set ->i_mode of something we had not created (bsc#1192606).
- drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (git-fixes).
- drm/msm: Do hw_init() before capturing GPU state (git-fixes).
- drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (git-fixes).
- drm/panel-orientation-quirks: add Valve Steam Deck (git-fixes).
- drm/plane-helper: fix uninitialized variable reference (git-fixes).
- drm/vc4: fix error code in vc4_create_object() (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for GPD Win3 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 (git-fixes).
- drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) (git-fixes).
- elfcore: correct reference to CONFIG_UML (git-fixes).
- elfcore: fix building with clang (bsc#1169514).
- ext4: Avoid trim error on fs with small groups (bsc#1191271).
- fget: clarify and improve __fget_files() implementation (bsc#1193727).
- fix memory leak in large read decrypt offload (bsc#1164565).
- fs/cifs/: fix misspellings using codespell tool (bsc#1192606).
- fs/cifs/cifssmb.c: use true,false for bool variable (bsc#1164565).
- fs/cifs/sess.c: Remove set but not used variable 'capabilities' (bsc#1164565).
- fs/cifs/smb2ops.c: use true,false for bool variable (bsc#1164565).
- fs/cifs/smb2pdu.c: Make SMB2_notify_init static (bsc#1164565).
- fs/cifs: Assign boolean values to a bool variable (bsc#1192606).
- fs/cifs: Fix resource leak (bsc#1192606).
- fs/cifs: Simplify bool comparison (bsc#1192606).
- fs/cifs: fix gcc warning in sid_to_id (bsc#1192606).
- fs: cifs: Fix atime update check vs mtime (bsc#1164565).
- fs: cifs: Initialize filesystem timestamp ranges (bsc#1164565).
- fs: cifs: Remove repeated struct declaration (bsc#1192606).
- fs: cifs: Remove unnecessary struct declaration (bsc#1192606).
- fs: cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1164565).
- fs: cifs: mute -Wunused-const-variable message (bnc#1151927 5.3.9).
- fs: cifs: remove unneeded variable in smb3_fs_context_dup (bsc#1192606).
- fuse: release pipe buf after last use (bsc#1193318).
- gve: Add netif_set_xps_queue call (bsc#1176940).
- gve: Add rx buffer pagecnt bias (bsc#1176940).
- gve: Allow pageflips on larger pages (bsc#1176940).
- gve: DQO: avoid unused variable warnings (bsc#1176940).
- gve: Do lazy cleanup in TX path (git-fixes).
- gve: Switch to use napi_complete_done (git-fixes).
- gve: Track RX buffer allocation failures (bsc#1176940).
- i2c: cbus-gpio: set atomic transfer callback (git-fixes).
- i2c: stm32f7: flush TX FIFO upon transfer errors (git-fixes).
- i2c: stm32f7: recover the bus on access timeout (git-fixes).
- i2c: stm32f7: stop dma transfer in case of NACK (git-fixes).
- i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' (git-fixes).
- i40e: Fix NULL ptr dereference on VSI filter sync (git-fixes).
- i40e: Fix changing previously set num_queue_pairs for PFs (git-fixes).
- i40e: Fix correct max_pkt_size on VF RX queue (git-fixes).
- i40e: Fix creation of first queue by omitting it if is not power of two (git-fixes).
- i40e: Fix display error code in dmesg (git-fixes).
- i40e: Fix failed opcode appearing if handling messages from VF (git-fixes).
- i40e: Fix ping is lost after configuring ADq on VF (git-fixes).
- i40e: Fix pre-set max number of queues for VF (git-fixes).
- i40e: Fix warning message and call stack during rmmod i40e driver (git-fixes).
- iavf: Fix failure to exit out from last all-multicast mode (git-fixes).
- iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (git-fixes).
- iavf: Fix reporting when setting descriptor count (git-fixes).
- iavf: Prevent changing static ITR values if adaptive moderation is on (git-fixes).
- iavf: Restore VLAN filters after link down (git-fixes).
- iavf: check for null in iavf_fix_features (git-fixes).
- iavf: do not clear a lock we do not hold (git-fixes).
- iavf: free q_vectors before queues in iavf_disable_vf (git-fixes).
- iavf: prevent accidental free of filter structure (git-fixes).
- iavf: validate pointers (git-fixes).
- ibmvnic: drop bad optimization in reuse_rx_pools() (bsc#1193349 ltc#195568).
- ibmvnic: drop bad optimization in reuse_tx_pools() (bsc#1193349 ltc#195568).
- ice: Delete always true check of PF pointer (git-fixes).
- ice: avoid bpf_prog refcount underflow (jsc#SLE-7926).
- ice: fix vsi->txq_map sizing (jsc#SLE-7926).
- ice: ignore dropped packets during init (git-fixes).
- igb: fix netpoll exit with traffic (git-fixes).
- igc: Remove _I_PHY_ID checking (bsc#1193169).
- igc: Remove phy->type checking (bsc#1193169).
- iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() (git-fixes).
- iommu/amd: Relocate GAMSup check to early_enable_iommus (git-fixes).
- iommu/amd: Remove iommu_init_ga() (git-fixes).
- iommu: Check if group is NULL before remove device (git-fixes).
- ipmi: Disable some operations during a panic (git-fixes).
- kernel-source.spec: install-kernel-tools also required on 15.4
- kprobes: Limit max data_size of the kretprobe instances (bsc#1193669).
- lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (git-fixes).
- lib/xz: Validate the value before assigning it to an enum variable (git-fixes).
- libata: fix checking of DMA state (git-fixes).
- linux/parser.h: add include guards (bsc#1192606).
- livepatch: Avoid CPU hogging with cond_resched (bsc#1071995).
- lpfc: Reintroduce old IRQ probe logic (bsc#1183897).
- md: fix a lock order reversal in md_alloc (git-fixes).
- media: Revert 'media: uvcvideo: Set unique vdev name based in type' (bsc#1193255).
- media: imx: set a media_device bus_info string (git-fixes).
- media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (git-fixes).
- media: ipu3-imgu: imgu_fmt: Handle properly try (git-fixes).
- media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (git-fixes).
- media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes).
- media: mt9p031: Fix corrupted frame after restarting stream (git-fixes).
- media: netup_unidvb: handle interrupt properly according to the firmware (git-fixes).
- media: rcar-csi2: Add checking to rcsi2_start_receiver() (git-fixes).
- media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (git-fixes).
- media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() (git-fixes).
- media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (git-fixes).
- media: uvcvideo: Return -EIO for control errors (git-fixes).
- media: uvcvideo: Set capability in s_param (git-fixes).
- media: uvcvideo: Set unique vdev name based in type (git-fixes).
- memstick: r592: Fix a UAF bug when removing the driver (git-fixes).
- mmc: dw_mmc: Dont wait for DRTO on Write RSP error (git-fixes).
- mmc: winbond: do not build on M68K (git-fixes).
- moxart: fix potential use-after-free on remove path (bsc#1194516).
- mtd: core: do not remove debugfs directory if device is in use (git-fixes).
- mwifiex: Properly initialize private structure on interface type changes (git-fixes).
- mwifiex: Read a PCI register after writing the TX ring write pointer (git-fixes).
- mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (git-fixes).
- mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (git-fixes).
- net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (git-fixes).
- net/mlx5: Update error handler for UCTX and UMEM (git-fixes).
- net/mlx5e: reset XPS on error flow if netdev isn't registered yet (git-fixes).
- net: asix: fix uninit value bugs (git-fixes).
- net: bnx2x: fix variable dereferenced before check (git-fixes).
- net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (git-fixes).
- net: delete redundant function declaration (git-fixes).
- net: hso: fix control-request directions (git-fixes).
- net: hso: fix muxed tty registration (git-fixes).
- net: linkwatch: fix failure to restore device state across suspend/resume (bsc#1192511).
- net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix memory leak in mana_hwc_create_wq (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix spelling mistake 'calledd' -> 'called' (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185726).
- net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185726).
- net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185726).
- net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185726).
- net: pegasus: fix uninit-value in get_interrupt_interval (git-fixes).
- net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (git-fixes).
- net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32 (git-fixes).
- net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes).
- net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes).
- nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails (git-fixes).
- nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes).
- nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes).
- nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes).
- nfsd: do not alloc under spinlock in rpc_parse_scope_id (git-fixes).
- nfsd: fix error handling of register_pernet_subsys() in init_nfsd() (git-fixes).
- nvme-multipath: Skip not ready namespaces when revalidating paths (bsc#1191793 bsc#1192507 bsc#1192969).
- nvme-pci: add NO APST quirk for Kioxia device (git-fixes).
- objtool: Support Clang non-section symbols in ORC generation (bsc#1169514).
- perf/x86/intel/uncore: Fix Intel ICX IIO event constraints (git-fixes).
- perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server (git-fixes).
- perf/x86/intel/uncore: Fix the scale of the IMC free-running events (git-fixes).
- perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server (git-fixes).
- perf: Correctly handle failed perf_get_aux_event() (git-fixes).
- platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes).
- platform/x86: wmi: do not fail if disabling fails (git-fixes).
- pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (git-fixes).
- powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic (bsc#1193901 ltc#194976).
- powerpc/paravirt: correct preempt debug splat in vcpu_is_preempted() (bsc#1181148 ltc#190702 git-fixes).
- powerpc/paravirt: vcpu_is_preempted() commentary (bsc#1181148 ltc#190702 git-fixes).
- powerpc/pseries: Move some PAPR paravirt functions to their own file (bsc#1181148 ltc#190702 git-fixes).
- powerpc/watchdog: Avoid holding wd_smp_lock over printk and smp_send_nmi_ipi (bsc#1187541 ltc#192129).
- powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (bsc#1187541 ltc#192129).
- powerpc/watchdog: Fix wd_smp_last_reset_tb reporting (bsc#1187541 ltc#192129).
- powerpc/watchdog: read TB close to where it is used (bsc#1187541 ltc#192129).
- powerpc/watchdog: tighten non-atomic read-modify-write access (bsc#1187541 ltc#192129).
- powerpc: fix unbalanced node refcount in check_kvm_guest() (jsc#SLE-15869 jsc#SLE-16321 git-fixes).
- powerpc: handle kdump appropriately with crash_kexec_post_notifiers option (bsc#1193901 ltc#194976).
- printk: Remove printk.h inclusion in percpu.h (bsc#1192987).
- qede: validate non LSO skb length (git-fixes).
- r8152: limit the RX buffer size of RTL8153A for USB 2.0 (git-fixes).
- r8169: Add device 10ec:8162 to driver r8169 (git-fixes).
- recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267).
- recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267).
- reset: socfpga: add empty driver allowing consumers to probe (git-fixes).
- ring-buffer: Protect ring_buffer_reset() from reentrancy (bsc#1179960).
- rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306)
- rpm/kernel-obs-build.spec.in: move to zstd for the initrd
- rt2x00: do not mark device gone on EPROTO errors during start (git-fixes).
- rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1154353 bnc#1151927 5.3.9).
- s390/uv: fully validate the VMA before calling follow_page() (git-fixes).
- s390: mm: Fix secure storage access exception handling (git-fixes).
- scsi: iscsi: Adjust iface sysfs attr detection (git-fixes).
- scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126).
- scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes).
- scsi: mpt3sas: Fix system going into read-only mode (git-fixes).
- scsi: qla2xxx: Fix gnl list corruption (git-fixes).
- scsi: qla2xxx: Relogin during fabric disturbance (git-fixes).
- scsi: qla2xxx: Turn off target reset during issue_lip (git-fixes).
- serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array (git-fixes).
- serial: 8250_pci: rewrite pericom_do_set_divisor() (git-fixes).
- serial: core: fix transmit-buffer reset and memleak (git-fixes).
- series.conf: whitespace and comment cleanup No effect on expanded tree.
- smb2: clarify rc initialization in smb2_reconnect (bsc#1192606).
- smb2: fix use-after-free in smb2_ioctl_query_info() (bsc#1192606).
- smb3.1.1: add new module load parm enable_gcm_256 (bsc#1192606).
- smb3.1.1: add new module load parm require_gcm_256 (bsc#1192606).
- smb3.1.1: allow dumping GCM256 keys to improve debugging of encrypted shares (bsc#1192606).
- smb3.1.1: allow dumping keys for multiuser mounts (bsc#1192606).
- smb3.1.1: do not fail if no encryption required but server does not support it (bsc#1192606).
- smb3.1.1: enable negotiating stronger encryption by default (bsc#1192606).
- smb3.1.1: fix typo in compression flag (bsc#1192606).
- smb3.1.1: print warning if server does not support requested encryption type (bsc#1192606).
- smb3.1.1: rename nonces used for GCM and CCM encryption (bsc#1192606).
- smb3.1.1: set gcm256 when requested (bsc#1192606).
- smb311: Add support for SMB311 query info (non-compounded) (bsc#1192606).
- smb311: Add support for lookup with posix extensions query info (bsc#1192606).
- smb311: Add tracepoints for new compound posix query info (bsc#1192606).
- smb311: add support for using info level for posix extensions query (bsc#1192606).
- smb311: remove dead code for non compounded posix query info (bsc#1192606).
- smb3: Add debug message for new file creation with idsfromsid mount option (bsc#1192606).
- smb3: Add defines for new information level, FileIdInformation (bsc#1164565).
- smb3: Add missing reparse tags (bsc#1164565).
- smb3: Add new parm 'nodelete' (bsc#1192606).
- smb3: Avoid Mid pending list corruption (bsc#1192606).
- smb3: Call cifs reconnect from demultiplex thread (bsc#1192606).
- smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540).
- smb3: Fix regression in time handling (bsc#1164565).
- smb3: Handle error case during offload read path (bsc#1192606).
- smb3: Incorrect size for netname negotiate context (bsc#1154355).
- smb3: add additional null check in SMB2_ioctl (bsc#1192606).
- smb3: add additional null check in SMB2_open (bsc#1192606).
- smb3: add additional null check in SMB2_tcon (bsc#1192606).
- smb3: add additional null check in SMB311_posix_mkdir (bsc#1192606).
- smb3: add debug messages for closing unmatched open (bsc#1164565).
- smb3: add defines for new crypto algorithms (bsc#1192606).
- smb3: add dynamic trace point to trace when credits obtained (bsc#1181507).
- smb3: add dynamic trace points for socket connection (bsc#1192606).
- smb3: add dynamic tracepoints for flush and close (bsc#1164565).
- smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl (bsc#1192606).
- smb3: add missing flag definitions (bsc#1164565).
- smb3: add missing worker function for SMB3 change notify (bsc#1164565).
- smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1164565).
- smb3: add mount option to allow forced caching of read only share (bsc#1164565).
- smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1164565).
- smb3: add rasize mount parameter to improve readahead performance (bsc#1192606).
- smb3: add some missing definitions from MS-FSCC (bsc#1192606).
- smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1164565).
- smb3: add support for stat of WSL reparse points for special file types (bsc#1192606).
- smb3: allow decryption keys to be dumped by admin for debugging (bsc#1164565).
- smb3: allow disabling requesting leases (bnc#1151927 5.3.4).
- smb3: allow parallelizing decryption of reads (bsc#1164565).
- smb3: allow skipping signature verification for perf sensitive configurations (bsc#1164565).
- smb3: allow uid and gid owners to be set on create with idsfromsid mount option (bsc#1192606).
- smb3: change noisy error message to FYI (bsc#1192606).
- smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1164565).
- smb3: correct server pointer dereferencing check to be more consistent (bsc#1192606).
- smb3: correct smb3 ACL security descriptor (bsc#1192606).
- smb3: default to minimum of two channels when multichannel specified (bsc#1192606).
- smb3: display max smb3 requests in flight at any one time (bsc#1164565).
- smb3: do not attempt multichannel to server which does not support it (bsc#1192606).
- smb3: do not error on fsync when readonly (bsc#1192606).
- smb3: do not setup the fscache_super_cookie until fsinfo initialized (bsc#1192606).
- smb3: do not try to cache root directory if dir leases not supported (bsc#1192606).
- smb3: dump in_send and num_waiters stats counters by default (bsc#1164565).
- smb3: enable offload of decryption of large reads via mount option (bsc#1164565).
- smb3: enable swap on SMB3 mounts (bsc#1192606).
- smb3: extend fscache mount volume coherency check (bsc#1192606).
- smb3: fix access denied on change notify request to some servers (bsc#1192606).
- smb3: fix cached file size problems in duplicate extents (reflink) (bsc#1192606).
- smb3: fix crediting for compounding when only one request in flight (bsc#1181507).
- smb3: fix default permissions on new files when mounting with modefromsid (bsc#1164565).
- smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K (bsc#1192606).
- smb3: fix leak in 'open on server' perf counter (bnc#1151927 5.3.4).
- smb3: fix mode passed in on create for modetosid mount option (bsc#1164565).
- smb3: fix performance regression with setting mtime (bsc#1164565).
- smb3: fix posix extensions mount option (bsc#1192606).
- smb3: fix possible access to uninitialized pointer to DACL (bsc#1192606).
- smb3: fix potential null dereference in decrypt offload (bsc#1164565).
- smb3: fix problem with null cifs super block with previous patch (bsc#1164565).
- smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1164565).
- smb3: fix signing verification of large reads (bsc#1154355).
- smb3: fix stat when special device file and mounted with modefromsid (bsc#1192606).
- smb3: fix typo in header file (bsc#1192606).
- smb3: fix typo in mount options displayed in /proc/mounts (bsc#1192606).
- smb3: fix uninitialized value for port in witness protocol move (bsc#1192606).
- smb3: fix unmount hang in open_shroot (bnc#1151927 5.3.4).
- smb3: fix unneeded error message on change notify (bsc#1192606).
- smb3: if max_channels set to more than one channel request multichannel (bsc#1192606).
- smb3: improve check for when we send the security descriptor context on create (bsc#1164565).
- smb3: improve handling of share deleted (and share recreated) (bsc#1154355).
- smb3: limit noisy error (bsc#1192606).
- smb3: log warning if CSC policy conflicts with cache mount option (bsc#1164565).
- smb3: minor update to compression header definitions (bsc#1192606).
- smb3: missing ACL related flags (bsc#1164565).
- smb3: negotiate current dialect (SMB3.1.1) when version 3 or greater requested (bsc#1192606).
- smb3: only offload decryption of read responses if multiple requests (bsc#1164565).
- smb3: pass mode bits into create calls (bsc#1164565).
- smb3: prevent races updating CurrentMid (bsc#1192606).
- smb3: query attributes on file close (bsc#1164565).
- smb3: rc uninitialized in one fallocate path (bsc#1192606).
- smb3: remind users that witness protocol is experimental (bsc#1192606).
- smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1164565).
- smb3: remove noisy debug message and minor cleanup (bsc#1164565).
- smb3: remove overly noisy debug line in signing errors (bsc#1192606).
- smb3: remove static checker warning (bsc#1192606).
- smb3: remove trivial dfs compile warning (bsc#1192606, jsc#SLE-20042).
- smb3: remove two unused variables (bsc#1192606).
- smb3: remove unused flag passed into close functions (bsc#1164565).
- smb3: set COMPOUND_FID to FileID field of subsequent compound request (bsc#1192606).
- smb3: smbdirect support can be configured by default (bsc#1192606).
- smb3: update protocol header definitions based to include new flags (bsc#1192606).
- smb3: use SMB2_SIGNATURE_SIZE define (bsc#1192606).
- smb3: warn on confusing error scenario with sec=krb5 (bsc#1176548).
- smb3: when mounting with multichannel include it in requested capabilities (bsc#1192606).
- smbdirect: missing rc checks while waiting for rdma events (bsc#1192606).
- soc/tegra: Fix an error handling path in tegra_powergate_power_up() (git-fixes).
- soc/tegra: pmc: Fix imbalanced clock disabling in error code path (git-fixes).
- spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (git-fixes).
- spi: spl022: fix Microwire full duplex mode (git-fixes).
- swiotlb-xen: avoid double free (git-fixes).
- swiotlb: Fix the type of index (git-fixes).
- tlb: mmu_gather: add tlb_flush_*_range APIs
- tpm: fix potential NULL pointer access in tpm_del_char_device (bsc#1184209 ltc#190917 git-fixes bsc#1193660 ltc#195634).
- tracing/histogram: Do not copy the fixed-size char array field over the field size (git-fixes).
- tracing: Add length protection to histogram string copies (git-fixes).
- tracing: Change STR_VAR_MAX_LEN (git-fixes).
- tracing: Check pid filtering when creating events (git-fixes).
- tracing: Fix pid filtering when triggers are attached (git-fixes).
- tracing: use %ps format string to print symbols (git-fixes).
- tty: hvc: replace BUG_ON() with negative return value (git-fixes).
- tty: serial: msm_serial: Deactivate RX DMA for polling support (git-fixes).
- tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (git-fixes).
- update structure definitions from updated protocol documentation (bsc#1192606).
- usb-storage: Add compatibility quirk flags for iODD 2531/2541 (git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for elapsed frames (git-fixes).
- usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes).
- usb: host: ohci-tmio: check return value after calling platform_get_resource() (git-fixes).
- usb: musb: tusb6010: check return value after calling platform_get_resource() (git-fixes).
- usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts (git-fixes).
- usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes).
- usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes).
- usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform (git-fixes).
- vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888).
- vfs: do not parse forbidden flags (bsc#1192606).
- x86/Xen: swap NX determination and GDT setup on BSP (git-fixes).
- x86/cpu: Fix migration safety with X86_BUG_NULL_SEL (bsc#1152489).
- x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1152489).
- x86/pvh: add prototype for xen_pvh_init() (git-fixes).
- x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1152489).
- xen/blkfront: do not take local copy of a request from the ring page (git-fixes).
- xen/blkfront: do not trust the backend response data blindly (git-fixes).
- xen/blkfront: read response from backend only once (git-fixes).
- xen/netfront: disentangle tx_skb_freelist (git-fixes).
- xen/netfront: do not read data from request on the ring page (git-fixes).
- xen/netfront: do not trust the backend response data blindly (git-fixes).
- xen/netfront: read response from backend only once (git-fixes).
- xen/privcmd: fix error handling in mmap-resource processing (git-fixes).
- xen/pvh: add missing prototype to header (git-fixes).
- xen/x86: fix PV trap handling on secondary processors (git-fixes).
- xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes).
- xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (git-fixes).
- xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569).
- xhci: Fix commad ring abort, write all 64 bits to CRCR register (git-fixes).
- zram: fix return value on writeback_store (git-fixes).
- zram: off by one in read_block_state() (git-fixes).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:203-1
Released:    Wed Jan 26 14:13:45 2022
Summary:     Recommended update for cloud-init
Type:        recommended
Severity:    important
References:  1186004
This update for cloud-init fixes the following issues:

- Update to version 21.2 (bsc#1186004)
  +  Add \r\n check for SSH keys in Azure (#889)
  +  Revert 'Add support to resize rootfs if using LVM (#721)' (#887)
     (LP: #1922742)
  +  Add Vultaire as contributor (#881) [Paul Goins]
  +  Azure: adding support for consuming userdata from IMDS (#884) [Anh Vo]
  +  test_upgrade: modify test_upgrade_package to run for more sources (#883)
  +  Fix chef module run failure when chef_license is set (#868) [Ben Hughes]
  +  Azure: Retry net metadata during nic attach for non-timeout errs (#878)
     [aswinrajamannar]
  +  Azure: Retrieve username and hostname from IMDS (#865) [Thomas Stringer]
  +  Azure: eject the provisioning iso before reporting ready (#861) [Anh Vo]
  +  Use `partprobe` to re-read partition table if available (#856)
     [Nicolas Bock] (LP: #1920939)
  +  fix error on upgrade caused by new vendordata2 attributes (#869)
     (LP: #1922739)
  +  add prefer_fqdn_over_hostname config option (#859)
     [hamalq] (LP: #1921004)
  +  Emit dots on travis to avoid timeout (#867)
  +  doc: Replace remaining references to user-scripts as a config module
     (#866) [Ryan Harper]
  +  azure: Removing ability to invoke walinuxagent (#799) [Anh Vo]
  +  Add Vultr support (#827) [David Dymko]
  +  Fix unpickle for source paths missing run_dir (#863)
     [lucasmoura] (LP: #1899299)
  +  sysconfig: use BONDING_MODULE_OPTS on SUSE (#831) [Jens Sandmann]
  +  bringup_static_routes: fix gateway check (#850) [Petr Fedchenkov]
  +  add hamalq user (#860) [hamalq]
  +  Add support to resize rootfs if using LVM (#721)
     [Eduardo Otubo] (LP: #1799953)
  +  Fix mis-detecting network configuration in initramfs cmdline (#844)
     (LP: #1919188)
  +  tools/write-ssh-key-fingerprints: do not display empty header/footer
     (#817) [dermotbradley]
  +  Azure helper: Ensure Azure http handler sleeps between retries (#842)
     [Johnson Shi]
  +  Fix chef apt source example (#826) [timothegenzmer]
  +  .travis.yml: generate an SSH key before running tests (#848)
  +  write passwords only to serial console, lock down cloud-init-output.log
     (#847) (LP: #1918303)
  +  Fix apt default integration test (#845)
  +  integration_tests: bump pycloudlib dependency (#846)
  +  Fix stack trace if vendordata_raw contained an array (#837) [eb3095]
  +  archlinux: Fix broken locale logic (#841)
     [Kristian Klausen] (LP: #1402406)
  +  Integration test for #783 (#832)
  +  integration_tests: mount more paths IN_PLACE (#838)
  +  Fix requiring device-number on EC2 derivatives (#836) (LP: #1917875)
  +  Remove the vi comment from the part-handler example (#835)
  +  net: exclude OVS internal interfaces in get_interfaces (#829)
     (LP: #1912844)
  +  tox.ini: pass OS_* environment variables to integration tests (#830)
  +  integration_tests: add OpenStack as a platform (#804)
  +  Add flexibility to IMDS api-version (#793) [Thomas Stringer]
  +  Fix the TestApt tests using apt-key on Xenial and Hirsute (#823)
     [Paride Legovini] (LP: #1916629)
  +  doc: remove duplicate 'it' from nocloud.rst (#825) [V.I. Wood]
  +  archlinux: Use hostnamectl to set the transient hostname (#797)
     [Kristian Klausen]
  +  cc_keys_to_console.py: Add documentation for recently added config key
     (#824) [dermotbradley]
  +  Update cc_set_hostname documentation (#818) [Toshi Aoyama]
>From 21.1
  +  Azure: Support for VMs without ephemeral resource disks. (#800)
     [Johnson Shi] (LP: #1901011)
  +  cc_keys_to_console: add option to disable key emission (#811)
     [Michael Hudson-Doyle] (LP: #1915460)
  +  integration_tests: introduce lxd_use_exec mark (#802)
  +  azure: case-insensitive UUID to avoid new IID during kernel upgrade
     (#798) (LP: #1835584)
  +  stale.yml: don't ask submitters to reopen PRs (#816)
  +  integration_tests: fix use of SSH agent within tox (#815)
  +  integration_tests: add UPGRADE CloudInitSource (#812)
  +  integration_tests: use unique MAC addresses for tests (#813)
  +  Update .gitignore (#814)
  +  Port apt cloud_tests to integration tests (#808)
  +  integration_tests: fix test_gh626 on LXD VMs (#809)
  +  Fix attempting to decode binary data in test_seed_random_data test (#806)
  +  Remove wait argument from tests with session_cloud calls (#805)
  +  Datasource for UpCloud (#743) [Antti Myyrä]
  +  test_gh668: fix failure on LXD VMs (#801)
  +  openstack: read the dynamic metadata group vendor_data2.json (#777)
     [Andrew Bogott] (LP: #1841104)
  +  includedir in suoders can be prefixed by 'arroba' (#783)
     [Jordi Massaguer Pla]
  +  [VMware] change default max wait time to 15s (#774) [xiaofengw-vmware]
  +  Revert integration test associated with reverted #586 (#784)
  +  Add jordimassaguerpla as contributor (#787) [Jordi Massaguer Pla]
  +  Add Rick Harding to CLA signers (#792) [Rick Harding]
  +  HACKING.rst: add clarifying note to LP CLA process section (#789)
  +  Stop linting cloud_tests (#791)
  +  cloud-tests: update cryptography requirement (#790) [Joshua Powers]
  +  Remove 'remove-raise-on-failure' calls from integration_tests (#788)
  +  Use more cloud defaults in integration tests (#757)
  +  Adding self to cla signers (#776) [Andrew Bogott]
  +  doc: avoid two warnings (#781) [Dan Kenigsberg]
  +  Use proper spelling for Red Hat (#778) [Dan Kenigsberg]
  +  Add antonyc to .github-cla-signers (#747) [Anton Chaporgin]
  +  integration_tests: log image serial if available (#772)
  +  [VMware] Support cloudinit raw data feature (#691) [xiaofengw-vmware]
  +  net: Fix static routes to host in eni renderer (#668) [Pavel Abalikhin]
  +  .travis.yml: don't run cloud_tests in CI (#756)
  +  test_upgrade: add some missing commas (#769)
  +  cc_seed_random: update documentation and fix integration test (#771)
     (LP: #1911227)
  +  Fix test gh-632 test to only run on NoCloud (#770) (LP: #1911230)
  +  archlinux: fix package upgrade command handling (#768) [Bao Trinh]
  +  integration_tests: add integration test for LP: #1910835 (#761)
  +  Fix regression with handling of IMDS ssh keys (#760) [Thomas Stringer]
  +  integration_tests: log cloud-init version in SUT (#758)
  +  Add ajmyyra as contributor (#742) [Antti Myyrä]
  +  net_convert: add some missing help text (#755)
  +  Missing IPV6_AUTOCONF=no to render sysconfig dhcp6 stateful on RHEL
     (#753) [Eduardo Otubo]
  +  doc: document missing IPv6 subnet types (#744) [Antti Myyrä]
  +  Add example configuration for datasource `AliYun` (#751) [Xiaoyu Zhong]
  +  integration_tests: add SSH key selection settings (#754)
  +  fix a typo in man page cloud-init.1 (#752) [Amy Chen]
  +  network-config-format-v2.rst: add Netplan Passthrough section (#750)
  +  stale: re-enable post holidays (#749)
  +  integration_tests: port ca_certs tests from cloud_tests (#732)
  +  Azure: Add telemetry for poll IMDS (#741) [Johnson Shi]
  +  doc: move testing section from HACKING to its own doc (#739)
  +  No longer allow integration test failures on travis (#738)
  +  stale: fix error in definition (#740)
  +  integration_tests: set log-cli-level to INFO by default (#737)
  +  PULL_REQUEST_TEMPLATE.md: use backticks around commit message (#736)
  +  stale: disable check for holiday break (#735)
  +  integration_tests: log the path we collect logs into (#733)
  +  .travis.yml: add (most) supported Python versions to CI (#734)
  +  integration_tests: fix IN_PLACE CLOUD_INIT_SOURCE (#731)
  +  cc_ca_certs: add RHEL support (#633) [cawamata]
  +  Azure: only generate config for NICs with addresses (#709)
     [Thomas Stringer]
  +  doc: fix CloudStack configuration example (#707) [Olivier Lemasle]
  +  integration_tests: restrict test_lxd_bridge appropriately (#730)
  +  Add integration tests for CLI functionality (#729)
  +  Integration test for gh-626 (#728)
  +  Some test_upgrade fixes (#726)
  +  Ensure overriding test vars with env vars works for booleans (#727)
  +  integration_tests: port lxd_bridge test from cloud_tests (#718)
  +  Integration test for gh-632. (#725)
  +  Integration test for gh-671 (#724)
  +  integration-requirements.txt: bump pycloudlib commit (#723)
  +  Drop unnecessary shebang from cmd/main.py (#722) [Eduardo Otubo]
  +  Integration test for LP: #1813396 and #669 (#719)
  +  integration_tests: include timestamp in log output (#720)
  +  integration_tests: add test for LP: #1898997 (#713)
  +  Add integration test for power_state_change module (#717)
  +  Update documentation for network-config-format-v2 (#701) [ggiesen]
  +  sandbox CA Cert tests to not require ca-certificates (#715)
     [Eduardo Otubo]
  +  Add upgrade integration test (#693)
  +  Integration test for 570 (#712)
  +  Add ability to keep snapshotted images in integration tests (#711)
  +  Integration test for pull #586 (#706)
  +  integration_tests: introduce skipping of tests by OS (#702)
  +  integration_tests: introduce IntegrationInstance.restart (#708)
  +  Add lxd-vm to list of valid integration test platforms (#705)
  +  Adding BOOTPROTO = dhcp to render sysconfig dhcp6 stateful on RHEL
     (#685) [Eduardo Otubo]
  +  Delete image snapshots created for integration tests (#682)
  +  Parametrize ssh_keys_provided integration test (#700) [lucasmoura]
  +  Drop use_sudo attribute on IntegrationInstance (#694) [lucasmoura]
  +  cc_apt_configure: add riscv64 as a ports arch (#687)
     [Dimitri John Ledkov]
  +  cla: add xnox (#692) [Dimitri John Ledkov]
  +  Collect logs from integration test runs (#675)
>From 20.4.1
  +  Revert 'ssh_util: handle non-default AuthorizedKeysFile config (#586)'
>From 20.4
  +  tox: avoid tox testenv subsvars for xenial support (#684)
  +  Ensure proper root permissions in integration tests (#664) [James Falcon]
  +  LXD VM support in integration tests (#678) [James Falcon]
  +  Integration test for fallocate falling back to dd (#681) [James Falcon]
  +  .travis.yml: correctly integration test the built .deb (#683)
  +  Ability to hot-attach NICs to preprovisioned VMs before reprovisioning
     (#613) [aswinrajamannar]
  +  Support configuring SSH host certificates. (#660) [Jonathan Lung]
  +  add integration test for LP: #1900837 (#679)
  +  cc_resizefs on FreeBSD: Fix _can_skip_ufs_resize (#655)
     [Mina Galić] (LP: #1901958, #1901958)
  +  DataSourceAzure: push dmesg log to KVP (#670) [Anh Vo]
  +  Make mount in place for tests work (#667) [James Falcon]
  +  integration_tests: restore emission of settings to log (#657)
  +  DataSourceAzure: update password for defuser if exists (#671) [Anh Vo]
  +  tox.ini: only select 'ci' marked tests for CI runs (#677)
  +  Azure helper: Increase Azure Endpoint HTTP retries (#619) [Johnson Shi]
  +  DataSourceAzure: send failure signal on Azure datasource failure (#594)
     [Johnson Shi]
  +  test_persistence: simplify VersionIsPoppedFromState (#674)
  +  only run a subset of integration tests in CI (#672)
  +  cli: add  + -system param to allow validating system user-data on a
     machine (#575)
  +  test_persistence: add VersionIsPoppedFromState test (#673)
  +  introduce an upgrade framework and related testing (#659)
  +  add  + -no-tty option to gpg (#669) [Till Riedel] (LP: #1813396)
  +  Pin pycloudlib to a working commit (#666) [James Falcon]
  +  DataSourceOpenNebula: exclude SRANDOM from context output (#665)
  +  cloud_tests: add hirsute release definition (#662)
  +  split integration and cloud_tests requirements (#652)
  +  faq.rst: add warning to answer that suggests running `clean` (#661)
  +  Fix stacktrace in DataSourceRbxCloud if no metadata disk is found (#632)
     [Scott Moser]
  +  Make wakeonlan Network Config v2 setting actually work (#626)
     [dermotbradley]
  +  HACKING.md: unify network-refactoring namespace (#658) [Mina Galić]
  +  replace usage of dmidecode with kenv on FreeBSD (#621) [Mina Galić]
  +  Prevent timeout on travis integration tests. (#651) [James Falcon]
  +  azure: enable pushing the log to KVP from the last pushed byte  (#614)
     [Moustafa Moustafa]
  +  Fix launch_kwargs bug in integration tests (#654) [James Falcon]
  +  split read_fs_info into linux & freebsd parts (#625) [Mina Galić]
  +  PULL_REQUEST_TEMPLATE.md: expand commit message section (#642)
  +  Make some language improvements in growpart documentation (#649)
     [Shane Frasier]
  +  Revert '.travis.yml: use a known-working version of lxd (#643)' (#650)
  +  Fix not sourcing default 50-cloud-init ENI file on Debian (#598)
     [WebSpider]
  +  remove unnecessary reboot from gpart resize (#646) [Mina Galić]
  +  cloudinit: move dmi functions out of util (#622) [Scott Moser]
  +  integration_tests: various launch improvements (#638)
  +  test_lp1886531: don't assume /etc/fstab exists (#639)
  +  Remove Ubuntu restriction from PR template (#648) [James Falcon]
  +  util: fix mounting of vfat on *BSD (#637) [Mina Galić]
  +  conftest: improve docstring for disable_subp_usage (#644)
  +  doc: add example query commands to debug Jinja templates (#645)
  +  Correct documentation and testcase data for some user-data YAML (#618)
     [dermotbradley]
  +  Hetzner: Fix instance_id / SMBIOS serial comparison (#640)
     [Markus Schade]
  +  .travis.yml: use a known-working version of lxd (#643)
  +  tools/build-on-freebsd: fix comment explaining purpose of the script
     (#635) [Mina Galić]
  +  Hetzner: initialize instance_id from system-serial-number (#630)
     [Markus Schade] (LP: #1885527)
  +  Explicit set IPV6_AUTOCONF and IPV6_FORCE_ACCEPT_RA on static6 (#634)
     [Eduardo Otubo]
  +  get_interfaces: don't exclude Open vSwitch bridge/bond members (#608)
     [Lukas Märdian] (LP: #1898997)
  +  Add config modules for controlling IBM PowerVM RMC. (#584)
     [Aman306] (LP: #1895979)
  +  Update network config docs to clarify MAC address quoting (#623)
     [dermotbradley]
  +  gentoo: fix hostname rendering when value has a comment (#611)
     [Manuel Aguilera]
  +  refactor integration testing infrastructure (#610) [James Falcon]
  +  stages: don't reset permissions of cloud-init.log every boot (#624)
     (LP: #1900837)
  +  docs: Add how to use cloud-localds to boot qemu (#617) [Joshua Powers]
  +  Drop vestigial update_resolve_conf_file function (#620) [Scott Moser]
  +  cc_mounts: correctly fallback to dd if fallocate fails (#585)
     (LP: #1897099)
  +  .travis.yml: add integration-tests to Travis matrix (#600)
  +  ssh_util: handle non-default AuthorizedKeysFile config (#586)
     [Eduardo Otubo]
  +  Multiple file fix for AuthorizedKeysFile config (#60) [Eduardo Otubo]
  +  bddeb: new  + -packaging-branch argument to pull packaging from branch
     (#576) [Paride Legovini]
  +  Add more integration tests (#615) [lucasmoura]
  +  DataSourceAzure: write marker file after report ready in preprovisioning
     (#590) [Johnson Shi]
  +  integration_tests: emit settings to log during setup (#601)
  +  integration_tests: implement citest tests run in Travis (#605)
  +  Add Azure support to integration test framework (#604) [James Falcon]
  +  openstack: consider product_name as valid chassis tag (#580)
     [Adrian Vladu] (LP: #1895976)
  +  azure: clean up and refactor report_diagnostic_event (#563) [Johnson Shi]
  +  net: add the ability to blacklist network interfaces based on driver
     during enumeration of physical network devices (#591) [Anh Vo]
  +  integration_tests: don't error on cloud-init failure (#596)
  +  integration_tests: improve cloud-init.log assertions (#593)
  +  conftest.py: remove top-level import of httpretty (#599)
  +  tox.ini: add integration-tests testenv definition (#595)
  +  PULL_REQUEST_TEMPLATE.md: empty checkboxes need a space (#597)
  +  add integration test for LP: #1886531 (#592)
  +  Initial implementation of integration testing infrastructure (#581)
     [James Falcon]
  +  Fix name of ntp and chrony service on CentOS and RHEL. (#589)
     [Scott Moser] (LP: #1897915)
  +  Adding a PR template (#587) [James Falcon]
  +  Azure parse_network_config uses fallback cfg when generate IMDS network
     cfg fails (#549) [Johnson Shi]
  +  features: refresh docs for easier out-of-context reading (#582)
  +  Fix typo in resolv_conf module's description (#578) [Wacław Schiller]
  +  cc_users_groups: minor doc formatting fix (#577)
  +  Fix typo in disk_setup module's description (#579) [Wacław Schiller]
  +  Add vendor-data support to seedfrom parameter for NoCloud and OVF (#570)
     [Johann Queuniet]
  +  boot.rst: add First Boot Determination section (#568) (LP: #1888858)
  +  opennebula.rst: minor readability improvements (#573) [Mina Galić]
  +  cloudinit: remove unused LOG variables (#574)
  +  create a shutdown_command method in distro classes (#567)
     [Emmanuel Thomé]
  +  user_data: remove unused constant (#566)
  +  network: Fix type and respect name when rendering vlan in
     sysconfig. (#541) [Eduardo Otubo] (LP: #1788915, #1826608)
  +  Retrieve SSH keys from IMDS first with OVF as a fallback (#509)
     [Thomas Stringer]
  +  Add jqueuniet as contributor (#569) [Johann Queuniet]
  +  distros: minor typo fix (#562)
  +  Bump the integration-requirements versioned dependencies (#565)
     [Paride Legovini]
  +  network-config-format-v1: fix typo in nameserver example (#564)
     [Stanislas]
  +  Run cloud-init-local.service after the hv_kvp_daemon (#505)
     [Robert Schweikert]
  +  Add method type hints for Azure helper (#540) [Johnson Shi]
  +  systemd: add Before=shutdown.target when Conflicts=shutdown.target is
     used (#546) [Paride Legovini]
  +  LXD: detach network from profile before deleting it (#542)
     [Paride Legovini] (LP: #1776958)
  +  redhat spec: add missing BuildRequires (#552) [Paride Legovini]
  +  util: remove debug statement (#556) [Joshua Powers]
  +  Fix cloud config on chef example (#551) [lucasmoura]
>From 20.3
  +  Azure: Add netplan driver filter when using hv_netvsc driver (#539)
     [James Falcon] (LP: #1830740)
  +  query: do not handle non-decodable non-gzipped content (#543)
  +  DHCP sandboxing failing on noexec mounted /var/tmp (#521) [Eduardo Otubo]
  +  Update the list of valid ssh keys. (#487)
     [Ole-Martin Bratteng] (LP: #1877869)
  +  cmd: cloud-init query to handle compressed userdata (#516) (LP: #1889938)
  +  Pushing cloud-init log to the KVP (#529) [Moustafa Moustafa]
  +  Add Alpine Linux support. (#535) [dermotbradley]
  +  Detect kernel version before swap file creation (#428) [Eduardo Otubo]
  +  cli: add devel make-mime subcommand (#518)
  +  user-data: only verify mime-types for TYPE_NEEDED and x-shellscript
     (#511) (LP: #1888822)
  +  DataSourceOracle: retry twice (and document why we retry at all) (#536)
  +  Refactor Azure report ready code (#468) [Johnson Shi]
  +  tox.ini: pin correct version of httpretty in xenial{,-dev} envs (#531)
  +  Support Oracle IMDSv2 API (#528) [James Falcon]
  +  .travis.yml: run a doc build during CI (#534)
  +  doc/rtd/topics/datasources/ovf.rst: fix doc8 errors (#533)
  +  Fix 'Users and Groups' configuration documentation (#530) [sshedi]
  +  cloudinit.distros: update docstrings of add_user and create_user (#527)
  +  Fix headers for device types in network v2 docs (#532)
     [Caleb Xavier Berger]
  +  Add AlexBaranowski as contributor (#508) [Aleksander Baranowski]
  +  DataSourceOracle: refactor to use only OPC v1 endpoint (#493)
  +  .github/workflows/stale.yml: s/Josh/Rick/ (#526)
  +  Fix a typo in apt pipelining module (#525) [Xiao Liang]
  +  test_util: parametrize devlist tests (#523) [James Falcon]
  +  Recognize LABEL_FATBOOT labels (#513) [James Falcon] (LP: #1841466)
  +  Handle additional identifier for SLES For HPC (#520) [Robert Schweikert]
  +  Revert 'test-requirements.txt: pin pytest to <6 (#512)' (#515)
  +  test-requirements.txt: pin pytest to <6 (#512)
  +  Add 'tsanghan' as contributor (#504) [tsanghan]
  +  fix brpm building (LP: #1886107)
  +  Adding eandersson as a contributor (#502) [Erik Olof Gunnar Andersson]
  +  azure: disable bouncing hostname when setting hostname fails (#494)
     [Anh Vo]
  +  VMware: Support parsing DEFAULT-RUN-POST-CUST-SCRIPT (#441)
     [xiaofengw-vmware]
  +  DataSourceAzure: Use ValueError when JSONDecodeError is not available
     (#490) [Anh Vo]
  +  cc_ca_certs.py: fix blank line problem when removing CAs and adding
     new one (#483) [dermotbradley]
  +  freebsd: py37-serial is now py37-pyserial (#492) [Goneri Le Bouder]
  +  ssh exit with non-zero status on disabled user (#472)
     [Eduardo Otubo] (LP: #1170059)
  +  cloudinit: remove global disable of pylint W0107 and fix errors (#489)
  +  networking: refactor wait_for_physdevs from cloudinit.net (#466)
     (LP: #1884626)
  +  HACKING.rst: add pytest.param pytest gotcha (#481)
  +  cloudinit: remove global disable of pylint W0105 and fix errors (#480)
  +  Fix two minor warnings (#475)
  +  test_data: fix faulty patch (#476)
  +  cc_mounts: handle missing fstab (#484) (LP: #1886531)
  +  LXD cloud_tests: support more lxd image formats (#482) [Paride Legovini]
  +  Add update_etc_hosts as default module on *BSD (#479) [Adam Dobrawy]
  +  cloudinit: fix tip-pylint failures and bump pinned pylint version (#478)
  +  Added BirknerAlex as contributor and sorted the file (#477)
     [Alexander Birkner]
  +  Update list of types of modules in cli.rst [saurabhvartak1982]
  +  tests: use markers to configure disable_subp_usage (#473)
  +  Add mention of vendor-data to no-cloud format documentation (#470)
     [Landon Kirk]
  +  Fix broken link to OpenStack metadata service docs (#467)
     [Matt Riedemann]
  +  Disable ec2 mirror for non aws instances (#390)
     [lucasmoura] (LP: #1456277)
  +  cloud_tests: don't pass  + -python-version to read-dependencies (#465)
  +  networking: refactor is_physical from cloudinit.net (#457) (LP: #1884619)
  +  Enable use of the caplog fixture in pytest tests, and add a
     cc_final_message test using it (#461)
  +  RbxCloud: Add support for FreeBSD (#464) [Adam Dobrawy]
  +  Add schema for cc_chef module (#375) [lucasmoura] (LP: #1858888)
  +  test_util: add (partial) testing for util.mount_cb (#463)
  +  .travis.yml: revert to installing ubuntu-dev-tools (#460)
  +  HACKING.rst: add details of net refactor tracking (#456)
  +  .travis.yml: rationalise installation of dependencies in host (#449)
  +  Add dermotbradley as contributor. (#458) [dermotbradley]
  +  net/networking: remove unused functions/methods (#453)
  +  distros.networking: initial implementation of layout (#391)
  +  cloud-init.service.tmpl: use 'rhel' instead of 'redhat' (#452)
  +  Change from redhat to rhel in systemd generator tmpl (#450)
     [Eduardo Otubo]
  +  Hetzner: support reading user-data that is base64 encoded. (#448)
     [Scott Moser] (LP: #1884071)
  +  HACKING.rst: add strpath gotcha to testing gotchas section (#446)
  +  cc_final_message: don't create directories when writing boot-finished
     (#445) (LP: #1883903)
  +  .travis.yml: only store new schroot if something has changed (#440)
  +  util: add ensure_dir_exists parameter to write_file (#443)
  +  printing the error stream of the dhclient process before killing it
     (#369) [Moustafa Moustafa]
  +  Fix link to the MAAS documentation (#442)
     [Paride Legovini] (LP: #1883666)
  +  RPM build: disable the dynamic mirror URLs when using a proxy (#437)
     [Paride Legovini]
  +  util: rename write_file's copy_mode parameter to preserve_mode (#439)
  +  .travis.yml: use $TRAVIS_BUILD_DIR for lxd_image caching (#438)
  +  cli.rst: alphabetise devel subcommands and add net-convert to list (#430)
  +  Default to UTF-8 in /var/log/cloud-init.log (#427) [James Falcon]
  +  travis: cache the chroot we use for package builds (#429)
  +  test: fix all flake8 E126 errors (#425) [Joshua Powers]
  +  Fixes KeyError for bridge with no 'parameters:' setting (#423)
     [Brian Candler] (LP: #1879673)
  +  When tools.conf does not exist, running cmd 'vmware-toolbox-cmd
     config get deployPkg enable-custom-scripts', the return code will
     be EX_UNAVAILABLE(69), on this condition, it should not take it as
     error. (#413) [chengcheng-chcheng]
  +  Document CloudStack data-server well-known hostname (#399) [Gregor Riepl]
  +  test: move conftest.py to top-level, to cover tests/ also (#414)
  +  Replace cc_chef is_installed with use of subp.is_exe. (#421)
     [Scott Moser]
  +  Move runparts to subp. (#420) [Scott Moser]
  +  Move subp into its own module. (#416) [Scott Moser]
  +  readme: point at travis-ci.com (#417) [Joshua Powers]
  +  New feature flag functionality and fix includes failing silently (#367)
     [James Falcon] (LP: #1734939)
  +  Enhance poll imds logging (#365) [Moustafa Moustafa]
  +  test: fix all flake8 E121 and E123 errors (#404) [Joshua Powers]
  +  test: fix all flake8 E241 (#403) [Joshua Powers]
  +  test: ignore flake8 E402 errors in main.py (#402) [Joshua Powers]
  +  cc_grub_dpkg: determine idevs in more robust manner with grub-probe
     (#358) [Matthew Ruffell] (LP: #1877491)
  +  test: fix all flake8 E741 errors (#401) [Joshua Powers]
  +  tests: add groovy integration tests for ubuntu (#400)
  +  Enable chef_license support for chef infra client (#389) [Bipin Bachhao]
  +  testing: use flake8 again (#392) [Joshua Powers]
  +  enable Puppet, Chef mcollective in default config (#385)
     [Mina Galić (deprecated: Igor Galić)] (LP: #1880279)
  +  HACKING.rst: introduce .net  + > Networking refactor section (#384)
  +  Travis: do not install python3-contextlib2 (dropped dependency) (#388)
     [Paride Legovini]
  +  HACKING: mention that .github-cla-signers is alpha-sorted (#380)
  +  Add bipinbachhao as contributor (#379) [Bipin Bachhao]
  +  cc_snap: validate that assertions property values are strings (#370)
  +  conftest: implement partial disable_subp_usage (#371)
  +  test_resolv_conf: refresh stale comment (#374)
  +  cc_snap: apply validation to snap.commands properties (#364)
  +  make finding libc platform independent (#366)
     [Mina Galić (deprecated: Igor Galić)]
  +  doc/rtd/topics/faq: Updates LXD docs links to current site (#368) [TomP]
  +  templater: drop Jinja Python 2 compatibility shim (#353)
  +  cloudinit: minor pylint fixes (#360)
  +  cloudinit: remove unneeded __future__ imports (#362)
  +  migrating momousta lp user to Moustafa-Moustafa GitHub user (#361)
     [Moustafa Moustafa]
  +  cloud_tests: emit dots on Travis while fetching images (#347)
  +  Add schema to apt configure config (#357) [lucasmoura] (LP: #1858884)
  +  conftest: add docs and tests regarding CiTestCase's subp functionality
     (#343)
  +  analyze/dump: refactor shared string into variable (#350)
  +  doc: update boot.rst with correct timing of runcmd (#351)
  +  HACKING.rst: change contact info to Rick Harding (#359) [lucasmoura]
  +  HACKING.rst: guide people to add themselves to the CLA file (#349)
  +  HACKING.rst: more unit testing documentation (#354)
  +  .travis.yml: don't run lintian during integration test package builds
     (#352)
  +  Add test to ensure docs examples are valid cloud-init configs (#355)
     [James Falcon] (LP: #1876414)
  +  make suse and sles support 127.0.1.1 (#336) [chengcheng-chcheng]
  +  Create tests to validate schema examples (#348)
     [lucasmoura] (LP: #1876412)
  +  analyze/dump: add support for Amazon Linux 2 log lines (#346)
     (LP: #1876323)
  +  bsd: upgrade support (#305) [Goneri Le Bouder]
  +  Add lucasmoura as contributor (#345) [lucasmoura]
  +  Add 'therealfalcon' as contributor (#344) [James Falcon]
  +  Adapt the package building scripts to use Python 3 (#231)
     [Paride Legovini]
  +  DataSourceEc2: use metadata's NIC ordering to determine route-metrics
     (#342) (LP: #1876312)
  +  .travis.yml: introduce caching (#329)
  +  cc_locale: introduce schema (#335)
  +  doc/rtd/conf.py: bump copyright year to 2020 (#341)
  +  yum_add_repo: Add Centos to the supported distro list (#340)

- Fix unit test fail in TestGetPackageMirrorInfo::test_substitution.

- Add patch from upstream to remove python2 compatibility so
  cloud-init builds fine in Tumbleweed with a recent Jinja2
  version. This patch is only applied in TW.


The following package changes have been done:

- SUSEConnect-0.3.32-16.1 updated
- aaa_base-84.87+git20180409.04c9dae-3.52.1 updated
- apparmor-abstractions-2.13.4-3.11.1 added
- apparmor-parser-2.13.4-3.11.1 updated
- bind-utils-9.16.6-12.57.1 updated
- cloud-init-config-suse-21.2-8.51.1 updated
- cloud-init-21.2-8.51.1 updated
- cracklib-dict-small-2.9.7-11.6.1 updated
- cracklib-2.9.7-11.6.1 updated
- dosfstools-4.1-3.6.1 updated
- dracut-049.1+suse.224.gd285ddd8-3.51.1 updated
- glibc-locale-base-2.26-13.62.1 updated
- glibc-locale-2.26-13.62.1 updated
- glibc-2.26-13.62.1 updated
- grub2-i386-pc-2.04-9.52.3 updated
- grub2-x86_64-efi-2.04-9.52.3 updated
- grub2-x86_64-xen-2.04-9.52.3 updated
- grub2-2.04-9.52.3 updated
- iproute2-5.3-5.5.1 updated
- kernel-default-5.3.18-24.99.1 updated
- keyutils-1.6.3-5.6.1 updated
- less-530-3.3.2 updated
- libapparmor1-2.13.4-3.11.1 updated
- libbind9-1600-9.16.6-12.57.1 updated
- libblkid1-2.33.2-4.16.1 updated
- libcrack2-2.9.7-11.6.1 updated
- libdcerpc-binding0-4.11.14+git.313.d4e302805e1-4.32.1 updated
- libdcerpc0-4.11.14+git.313.d4e302805e1-4.32.1 updated
- libdevmapper1_03-1.02.163-8.39.1 updated
- libdns1605-9.16.6-12.57.1 updated
- libexpat1-2.2.5-3.9.1 updated
- libfdisk1-2.33.2-4.16.1 updated
- libfreebl3-3.68.2-3.64.2 updated
- libgcc_s1-11.2.1+git610-1.3.9 updated
- libgcrypt20-1.8.2-8.42.1 updated
- libgmp10-6.1.2-4.9.1 updated
- libirs1601-9.16.6-12.57.1 updated
- libisc1606-9.16.6-12.57.1 updated
- libisccc1600-9.16.6-12.57.1 updated
- libisccfg1600-9.16.6-12.57.1 updated
- libjson-c3-0.13-3.3.1 updated
- libkeyutils1-1.6.3-5.6.1 updated
- libmount1-2.33.2-4.16.1 updated
- libndr-krb5pac0-4.11.14+git.313.d4e302805e1-4.32.1 updated
- libndr-nbt0-4.11.14+git.313.d4e302805e1-4.32.1 updated
- libndr-standard0-4.11.14+git.313.d4e302805e1-4.32.1 updated
- libndr0-4.11.14+git.313.d4e302805e1-4.32.1 updated
- libnetapi0-4.11.14+git.313.d4e302805e1-4.32.1 updated
- libns1604-9.16.6-12.57.1 updated
- libopenssl1_1-1.1.1d-11.38.1 updated
- libp11-kit0-0.23.2-4.13.1 updated
- libpcre1-8.45-20.10.1 updated
- libpython3_6m1_0-3.6.15-3.91.3 updated
- librdkafka1-0.11.6-1.8.1 added
- libruby2_5-2_5-2.5.9-4.20.1 updated
- libsamba-credentials0-4.11.14+git.313.d4e302805e1-4.32.1 updated
- libsamba-errors0-4.11.14+git.313.d4e302805e1-4.32.1 updated
- libsamba-hostconfig0-4.11.14+git.313.d4e302805e1-4.32.1 updated
- libsamba-passdb0-4.11.14+git.313.d4e302805e1-4.32.1 updated
- libsamba-util0-4.11.14+git.313.d4e302805e1-4.32.1 updated
- libsamdb0-4.11.14+git.313.d4e302805e1-4.32.1 updated
- libsmartcols1-2.33.2-4.16.1 updated
- libsmbconf0-4.11.14+git.313.d4e302805e1-4.32.1 updated
- libsmbldap2-4.11.14+git.313.d4e302805e1-4.32.1 updated
- libstdc++6-11.2.1+git610-1.3.9 updated
- libsystemd0-234-24.102.1 updated
- libtevent-util0-4.11.14+git.313.d4e302805e1-4.32.1 updated
- libudev1-234-24.102.1 updated
- libuuid1-2.33.2-4.16.1 updated
- libwbclient0-4.11.14+git.313.d4e302805e1-4.32.1 updated
- libz1-1.2.11-3.24.1 updated
- libzypp-17.28.8-20.1 updated
- openssl-1_1-1.1.1d-11.38.1 updated
- p11-kit-tools-0.23.2-4.13.1 updated
- p11-kit-0.23.2-4.13.1 updated
- pam-1.3.0-6.50.1 updated
- permissions-20181225-23.12.1 updated
- python3-Babel-2.8.0-3.3.1 updated
- python3-base-3.6.15-3.91.3 updated
- python3-bind-9.16.6-12.57.1 updated
- python3-3.6.15-3.91.4 updated
- rpm-ndb-4.14.1-22.7.1 updated
- rsyslog-8.2106.0-4.16.1 updated
- ruby2.5-stdlib-2.5.9-4.20.1 updated
- ruby2.5-2.5.9-4.20.1 updated
- runc-1.0.3-27.1 updated
- samba-libs-python3-4.11.14+git.313.d4e302805e1-4.32.1 updated
- samba-libs-4.11.14+git.313.d4e302805e1-4.32.1 updated
- shim-15.4-3.32.1 added
- suse-module-tools-15.2.16-4.12.1 updated
- systemd-sysvinit-234-24.102.1 updated
- systemd-234-24.102.1 updated
- timezone-2021e-75.4.1 updated
- udev-234-24.102.1 updated
- util-linux-systemd-2.33.2-4.16.1 updated
- util-linux-2.33.2-4.16.1 updated
- xen-libs-4.13.4_02-3.40.1 updated
- xen-tools-domU-4.13.4_02-3.40.1 updated
- xfsprogs-4.15.0-4.52.1 updated
- zypper-1.14.50-21.1 updated
- python-rpm-macros-20200207.5feb6c1-3.11.1 removed


More information about the sle-updates mailing list