June 2021 - openSUSE Security Announce

openSUSE-SU-2021:0899-1: critical: Security update for salt
by opensuse-security＠opensuse.org 23 Jun '21

23 Jun '21

openSUSE Security Update: Security update for salt ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0899-1 Rating: critical References: #1171257 #1176293 #1179831 #1181368 #1182281 #1182293 #1182382 #1185092 #1185281 #1186674 ECO-3212 SLE-18028 SLE-18033 Cross-References: CVE-2018-15750 CVE-2018-15751 CVE-2020-11651 CVE-2020-11652 CVE-2020-25592 CVE-2021-25315 CVE-2021-31607 CVSS scores: CVE-2018-15750 (NVD) : 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2018-15750 (SUSE): 8.7 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N CVE-2018-15751 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-15751 (SUSE): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-11651 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-11651 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-11652 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-11652 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-25592 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-25592 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25315 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-25315 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-31607 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31607 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves 7 vulnerabilities, contains three features and has three fixes is now available. Description: This update for salt fixes the following issues: Update to Salt release version 3002.2 (jsc#ECO-3212, jsc#SLE-18033, jsc#SLE-18028) - Check if dpkgnotify is executable (bsc#1186674) - Drop support for Python2. Obsoletes `python2-salt` package (jsc#SLE-18028) - virt module updates * network: handle missing ipv4 netmask attribute * more network support * PCI/USB host devices passthrough support - Set distro requirement to oldest supported version in requirements/base.txt - Bring missing part of async batch implementation back (CVE-2021-25315, bsc#1182382) - Always require `python3-distro` (bsc#1182293) - Remove deprecated warning that breaks minion execution when "server_id_use_crc" opts is missing - Fix pkg states when DEB package has "all" arch - Do not force beacons configuration to be a list. - Remove msgpack < 1.0.0 from base requirements (bsc#1176293) - msgpack support for version >= 1.0.0 (bsc#1171257) - Fix issue parsing errors in ansiblegate state module - Prevent command injection in the snapper module (bsc#1185281, CVE-2021-31607) - transactional_update: detect recursion in the executor - Add subpackage salt-transactional-update (jsc#SLE-18033) - Improvements on "ansiblegate" module (bsc#1185092): * New methods: ansible.targets / ansible.discover_playbooks - Add support for Alibaba Cloud Linux 2 (Aliyun Linux) - Regression fix of salt-ssh on processing targets - Update target fix for salt-ssh and avoiding race condition on salt-ssh event processing (bsc#1179831, bsc#1182281) - Add notify beacon for Debian/Ubuntu systems - Fix zmq bug that causes salt-call to freeze (bsc#1181368) This update was imported from the SUSE:SLE-15-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-899=1 Package List: - openSUSE Leap 15.2 (x86_64): python3-salt-3002.2-lp152.3.36.1 salt-3002.2-lp152.3.36.1 salt-api-3002.2-lp152.3.36.1 salt-cloud-3002.2-lp152.3.36.1 salt-doc-3002.2-lp152.3.36.1 salt-master-3002.2-lp152.3.36.1 salt-minion-3002.2-lp152.3.36.1 salt-proxy-3002.2-lp152.3.36.1 salt-ssh-3002.2-lp152.3.36.1 salt-standalone-formulas-configuration-3002.2-lp152.3.36.1 salt-syndic-3002.2-lp152.3.36.1 salt-transactional-update-3002.2-lp152.3.36.1 - openSUSE Leap 15.2 (noarch): salt-bash-completion-3002.2-lp152.3.36.1 salt-fish-completion-3002.2-lp152.3.36.1 salt-zsh-completion-3002.2-lp152.3.36.1 References: https://www.suse.com/security/cve/CVE-2018-15750.html https://www.suse.com/security/cve/CVE-2018-15751.html https://www.suse.com/security/cve/CVE-2020-11651.html https://www.suse.com/security/cve/CVE-2020-11652.html https://www.suse.com/security/cve/CVE-2020-25592.html https://www.suse.com/security/cve/CVE-2021-25315.html https://www.suse.com/security/cve/CVE-2021-31607.html https://bugzilla.suse.com/1171257 https://bugzilla.suse.com/1176293 https://bugzilla.suse.com/1179831 https://bugzilla.suse.com/1181368 https://bugzilla.suse.com/1182281 https://bugzilla.suse.com/1182293 https://bugzilla.suse.com/1182382 https://bugzilla.suse.com/1185092 https://bugzilla.suse.com/1185281 https://bugzilla.suse.com/1186674

1 0

openSUSE-SU-2021:0898-1: important: Security update for chromium
by opensuse-security＠opensuse.org 21 Jun '21

21 Jun '21

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0898-1 Rating: important References: #1187481 Cross-References: CVE-2021-30554 CVE-2021-30555 CVE-2021-30556 CVE-2021-30557 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for chromium fixes the following issues: Chromium 91.0.4472.114 (boo#1187481) * CVE-2021-30554: Use after free in WebGL * CVE-2021-30555: Use after free in Sharing * CVE-2021-30556: Use after free in WebAudio * CVE-2021-30557: Use after free in TabGroups Chromium 91.0.4472.106 * Fix use-after-free in SendTabToSelfSubMenuModel * Destroy system-token NSSCertDatabase on the IO thread Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-898=1 Package List: - openSUSE Leap 15.2 (x86_64): chromedriver-91.0.4472.114-lp152.2.107.1 chromedriver-debuginfo-91.0.4472.114-lp152.2.107.1 chromium-91.0.4472.114-lp152.2.107.1 chromium-debuginfo-91.0.4472.114-lp152.2.107.1 References: https://www.suse.com/security/cve/CVE-2021-30554.html https://www.suse.com/security/cve/CVE-2021-30555.html https://www.suse.com/security/cve/CVE-2021-30556.html https://www.suse.com/security/cve/CVE-2021-30557.html https://bugzilla.suse.com/1187481

1 0

openSUSE-SU-2021:0895-1: important: Security update for htmldoc
by opensuse-security＠opensuse.org 18 Jun '21

18 Jun '21

openSUSE Security Update: Security update for htmldoc ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0895-1 Rating: important References: #1184424 Cross-References: CVE-2021-20308 CVSS scores: CVE-2021-20308 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-20308 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: openSUSE Backports SLE-15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for htmldoc fixes the following issues: Update to version 1.9.12 * Fixed buffer-overflow CVE-2021-20308 ( boo#1184424 ) * Fixed a crash bug with "data:" URIs and EPUB output * Fixed several other crash bugs * Fixed JPEG error handling * Fixed some minor issues * Removed the bundled libjpeg, libpng, and zlib. update to 1.9.11: - Added high-resolution desktop icons for Linux. - Updated the internal HTTP library to fix truncation of redirection URLs - Fixed a regression in the handling of character entities for UTF-8 input - The `--numbered` option did not work when the table-of-contents was disabled - Updated local zlib to v1.2.11. - Updated local libpng to v1.6.37. - Fixed packaging issues on macOS and Windows - Now ignore sRGB profile errors in PNG files - The GUI would crash when saving - Page comments are now allowed in `pre` text update to 1.9.9: - Added support for a `HTMLDOC.filename` META keyword that controls the filename reported in CGI mode; the default remains "htmldoc.pdf" (Issue #367) - Fixed a paragraph formatting issue with large inline images (Issue #369) - Fixed a buffer underflow issue (Issue #370) - Fixed PDF page numbers (Issue #371) - Added support for a new `L` header/footer format (`$LETTERHEAD`), which inserts a letterhead image at its full size (Issue #372, Issue #373, Issue #375) - Updated the build documentation (Issue #374) - Refactored the PRE rendering code to work around compiler optimization bugs - Added support for links with targets (Issue #351) - Fixed a table rowspan + valign bug (Issue #360) - Added support for data URIs (Issue #340) - HTMLDOC no longer includes a PDF table of contents when converting a single web page (Issue #344) - Updated the markdown support with external links, additional inline markup, and hard line breaks. - Links in markdown text no longer render with a leading space as part of the link (Issue #346) - Fixed a buffer underflow bug discovered by AddressSanitizer. - Fixed a bug in UTF-8 support (Issue #348) - PDF output now includes the base language of the input document(s) - Optimized the loading of font widths (Issue #354) - Optimized PDF page resources (Issue #356) - Optimized the base memory used for font widths (Issue #357) - Added proper `` support (Issue #361) - Title files can now be markdown. - The GUI did not support EPUB output. - Empty markdown table cells were not rendered in PDF or PostScript output. - The automatically-generated title page now supports both "docnumber" and "version" metadata. - Added support for dc:subject and dc:language metadata in EPUB output from the HTML keywords and lang values. - Added support for the subject and language metadata in markdown input. - Fixed a buffer underflow bug (Issue #338) - `htmldoc --help` now reports whether HTTPS URLs are supported (Issue #339) - Fixed an issue with HTML title pages and EPUB output. - Inline fixed-width text is no longer reduced in size automatically - Optimized initialization of font width data (Issue #334) - Fixed formatting bugs with aligned images (Issue #322, Issue #324) - Fixed support for three digit "#RGB" color values (Issue #323) - Fixed character set support for markdown metadata. - Updated libpng to v1.6.34 (Issue #326) - The makefiles did not use the CPPFLAGS value (Issue #328) - Added Markdown table support. - Fixed parsing of TBODY, TFOOT, and THEAD elements in HTML files. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2021-895=1 Package List: - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64): htmldoc-1.9.12-bp151.4.3.1 References: https://www.suse.com/security/cve/CVE-2021-20308.html https://bugzilla.suse.com/1184424

1 0

openSUSE-SU-2021:0894-1: moderate: Security update for postgresql10
by opensuse-security＠opensuse.org 18 Jun '21

18 Jun '21

openSUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0894-1 Rating: moderate References: #1183168 #1185924 #1185925 Cross-References: CVE-2021-32027 CVE-2021-32028 CVSS scores: CVE-2021-32027 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-32027 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2021-32028 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for postgresql10 fixes the following issues: - Upgrade to version 10.17: - CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924). - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925). - Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168). This update was imported from the SUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-894=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): postgresql10-10.17-lp152.2.21.1 postgresql10-contrib-10.17-lp152.2.21.1 postgresql10-contrib-debuginfo-10.17-lp152.2.21.1 postgresql10-debuginfo-10.17-lp152.2.21.1 postgresql10-debugsource-10.17-lp152.2.21.1 postgresql10-devel-10.17-lp152.2.21.1 postgresql10-devel-debuginfo-10.17-lp152.2.21.1 postgresql10-plperl-10.17-lp152.2.21.1 postgresql10-plperl-debuginfo-10.17-lp152.2.21.1 postgresql10-plpython-10.17-lp152.2.21.1 postgresql10-plpython-debuginfo-10.17-lp152.2.21.1 postgresql10-pltcl-10.17-lp152.2.21.1 postgresql10-pltcl-debuginfo-10.17-lp152.2.21.1 postgresql10-server-10.17-lp152.2.21.1 postgresql10-server-debuginfo-10.17-lp152.2.21.1 postgresql10-test-10.17-lp152.2.21.1 - openSUSE Leap 15.2 (noarch): postgresql10-docs-10.17-lp152.2.21.1 References: https://www.suse.com/security/cve/CVE-2021-32027.html https://www.suse.com/security/cve/CVE-2021-32028.html https://bugzilla.suse.com/1183168 https://bugzilla.suse.com/1185924 https://bugzilla.suse.com/1185925

1 0

openSUSE-SU-2021:0893-1: important: Security update for htmldoc
by opensuse-security＠opensuse.org 17 Jun '21

17 Jun '21

openSUSE Security Update: Security update for htmldoc ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0893-1 Rating: important References: #1184424 Cross-References: CVE-2021-20308 CVSS scores: CVE-2021-20308 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-20308 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: openSUSE Backports SLE-15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for htmldoc fixes the following issues: htmldoc was updated to version 1.9.12 * Fixed buffer-overflow CVE-2021-20308 ( boo#1184424 ) * Fixed a crash bug with "data:" URIs and EPUB output * Fixed several other crash bugs * Fixed JPEG error handling * Fixed some minor issues * Removed the bundled libjpeg, libpng, and zlib. update to 1.9.11: - Added high-resolution desktop icons for Linux. - Updated the internal HTTP library to fix truncation of redirection URLs - Fixed a regression in the handling of character entities for UTF-8 input - The `--numbered` option did not work when the table-of-contents was disabled - Updated local zlib to v1.2.11. - Updated local libpng to v1.6.37. - Fixed packaging issues on macOS and Windows - Now ignore sRGB profile errors in PNG files - The GUI would crash when saving - Page comments are now allowed in `pre` text update to 1.9.9: - Added support for a `HTMLDOC.filename` META keyword that controls the filename reported in CGI mode; the default remains "htmldoc.pdf" (Issue #367) - Fixed a paragraph formatting issue with large inline images (Issue #369) - Fixed a buffer underflow issue (Issue #370) - Fixed PDF page numbers (Issue #371) - Added support for a new `L` header/footer format (`$LETTERHEAD`), which inserts a letterhead image at its full size (Issue #372, Issue #373, Issue #375) - Updated the build documentation (Issue #374) - Refactored the PRE rendering code to work around compiler optimization bugs - Added support for links with targets (Issue #351) - Fixed a table rowspan + valign bug (Issue #360) - Added support for data URIs (Issue #340) - HTMLDOC no longer includes a PDF table of contents when converting a single web page (Issue #344) - Updated the markdown support with external links, additional inline markup, and hard line breaks. - Links in markdown text no longer render with a leading space as part of the link (Issue #346) - Fixed a buffer underflow bug discovered by AddressSanitizer. - Fixed a bug in UTF-8 support (Issue #348) - PDF output now includes the base language of the input document(s) - Optimized the loading of font widths (Issue #354) - Optimized PDF page resources (Issue #356) - Optimized the base memory used for font widths (Issue #357) - Added proper `` support (Issue #361) - Title files can now be markdown. - The GUI did not support EPUB output. - Empty markdown table cells were not rendered in PDF or PostScript output. - The automatically-generated title page now supports both "docnumber" and "version" metadata. - Added support for dc:subject and dc:language metadata in EPUB output from the HTML keywords and lang values. - Added support for the subject and language metadata in markdown input. - Fixed a buffer underflow bug (Issue #338) - `htmldoc --help` now reports whether HTTPS URLs are supported (Issue #339) - Fixed an issue with HTML title pages and EPUB output. - Inline fixed-width text is no longer reduced in size automatically - Optimized initialization of font width data (Issue #334) - Fixed formatting bugs with aligned images (Issue #322, Issue #324) - Fixed support for three digit "#RGB" color values (Issue #323) - Fixed character set support for markdown metadata. - Updated libpng to v1.6.34 (Issue #326) - The makefiles did not use the CPPFLAGS value (Issue #328) - Added Markdown table support. - Fixed parsing of TBODY, TFOOT, and THEAD elements in HTML files. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP2: zypper in -t patch openSUSE-2021-893=1 Package List: - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64): htmldoc-1.9.12-bp152.4.3.1 References: https://www.suse.com/security/cve/CVE-2021-20308.html https://bugzilla.suse.com/1184424

1 0

openSUSE-SU-2021:0877-1: important: Security update for djvulibre
by opensuse-security＠opensuse.org 16 Jun '21

16 Jun '21

openSUSE Security Update: Security update for djvulibre ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0877-1 Rating: important References: #1186253 Cross-References: CVE-2021-3500 CVSS scores: CVE-2021-3500 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for djvulibre fixes the following issues: - CVE-2021-3500: Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file (bsc#1186253) This update was imported from the SUSE:SLE-15-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-877=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): djvulibre-3.5.27-lp152.7.6.1 djvulibre-debuginfo-3.5.27-lp152.7.6.1 djvulibre-debugsource-3.5.27-lp152.7.6.1 libdjvulibre-devel-3.5.27-lp152.7.6.1 libdjvulibre21-3.5.27-lp152.7.6.1 libdjvulibre21-debuginfo-3.5.27-lp152.7.6.1 - openSUSE Leap 15.2 (noarch): djvulibre-doc-3.5.27-lp152.7.6.1 References: https://www.suse.com/security/cve/CVE-2021-3500.html https://bugzilla.suse.com/1186253

1 0

openSUSE-SU-2021:0882-1: important: Security update for htmldoc
by opensuse-security＠opensuse.org 16 Jun '21

16 Jun '21

openSUSE Security Update: Security update for htmldoc ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0882-1 Rating: important References: #1184424 Cross-References: CVE-2021-20308 CVSS scores: CVE-2021-20308 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-20308 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for htmldoc fixes the following issues: htmldoc was updated to version 1.9.12: * Fixed buffer-overflow CVE-2021-20308 ( boo#1184424 ) * Fixed a crash bug with "data:" URIs and EPUB output * Fixed several other crash bugs * Fixed JPEG error handling * Fixed some minor issues * Removed the bundled libjpeg, libpng, and zlib. update to 1.9.11: - Added high-resolution desktop icons for Linux. - Updated the internal HTTP library to fix truncation of redirection URLs - Fixed a regression in the handling of character entities for UTF-8 input - The `--numbered` option did not work when the table-of-contents was disabled - Updated local zlib to v1.2.11. - Updated local libpng to v1.6.37. - Fixed packaging issues on macOS and Windows - Now ignore sRGB profile errors in PNG files - The GUI would crash when saving - Page comments are now allowed in `pre` text update to 1.9.9: - Added support for a `HTMLDOC.filename` META keyword that controls the filename reported in CGI mode; the default remains "htmldoc.pdf" (Issue #367) - Fixed a paragraph formatting issue with large inline images (Issue #369) - Fixed a buffer underflow issue (Issue #370) - Fixed PDF page numbers (Issue #371) - Added support for a new `L` header/footer format (`$LETTERHEAD`), which inserts a letterhead image at its full size (Issue #372, Issue #373, Issue #375) - Updated the build documentation (Issue #374) - Refactored the PRE rendering code to work around compiler optimization bugs - Added support for links with targets (Issue #351) - Fixed a table rowspan + valign bug (Issue #360) - Added support for data URIs (Issue #340) - HTMLDOC no longer includes a PDF table of contents when converting a single web page (Issue #344) - Updated the markdown support with external links, additional inline markup, and hard line breaks. - Links in markdown text no longer render with a leading space as part of the link (Issue #346) - Fixed a buffer underflow bug discovered by AddressSanitizer. - Fixed a bug in UTF-8 support (Issue #348) - PDF output now includes the base language of the input document(s) - Optimized the loading of font widths (Issue #354) - Optimized PDF page resources (Issue #356) - Optimized the base memory used for font widths (Issue #357) - Added proper `` support (Issue #361) - Title files can now be markdown. - The GUI did not support EPUB output. - Empty markdown table cells were not rendered in PDF or PostScript output. - The automatically-generated title page now supports both "docnumber" and "version" metadata. - Added support for dc:subject and dc:language metadata in EPUB output from the HTML keywords and lang values. - Added support for the subject and language metadata in markdown input. - Fixed a buffer underflow bug (Issue #338) - `htmldoc --help` now reports whether HTTPS URLs are supported (Issue #339) - Fixed an issue with HTML title pages and EPUB output. - Inline fixed-width text is no longer reduced in size automatically - Optimized initialization of font width data (Issue #334) - Fixed formatting bugs with aligned images (Issue #322, Issue #324) - Fixed support for three digit "#RGB" color values (Issue #323) - Fixed character set support for markdown metadata. - Updated libpng to v1.6.34 (Issue #326) - The makefiles did not use the CPPFLAGS value (Issue #328) - Added Markdown table support. - Fixed parsing of TBODY, TFOOT, and THEAD elements in HTML files. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-882=1 Package List: - openSUSE Leap 15.2 (x86_64): htmldoc-1.9.12-lp152.4.3.1 References: https://www.suse.com/security/cve/CVE-2021-20308.html https://bugzilla.suse.com/1184424

1 0

openSUSE-SU-2021:0879-1: important: Security update for squid
by opensuse-security＠opensuse.org 16 Jun '21

16 Jun '21

openSUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0879-1 Rating: important References: #1171164 #1171569 #1183436 #1185916 #1185918 #1185919 #1185921 #1185923 Cross-References: CVE-2020-25097 CVE-2021-28651 CVE-2021-28652 CVE-2021-28662 CVE-2021-31806 CVSS scores: CVE-2020-25097 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2020-25097 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2021-28651 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28651 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H CVE-2021-28652 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-28652 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2021-28662 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-28662 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-31806 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-31806 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has three fixes is now available. Description: This update for squid fixes the following issues: - update to 4.15: - CVE-2021-28652: Broken cache manager URL parsing (bsc#1185918) - CVE-2021-28651: Memory leak in RFC 2169 response parsing (bsc#1185921) - CVE-2021-28662: Limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs (bsc#1185919) - CVE-2021-31806: Handle more Range requests (bsc#1185916) - CVE-2020-25097: HTTP Request Smuggling vulnerability (bsc#1183436) - Handle more partial responses (bsc#1185923) - fix previous change to reinstante permissions macros, because the wrong path has been used (bsc#1171569). - use libexecdir instead of libdir to conform to recent changes in Factory (bsc#1171164). - Reinstate permissions macros for pinger binary, because the permissions package is also responsible for setting up the cap_net_raw capability, currently a fresh squid install doesn't get a capability bit at all (bsc#1171569). - Change pinger and basic_pam_auth helper to use standard permissions. pinger uses cap_net_raw=ep instead (bsc#1171569) This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-879=1 Package List: - openSUSE Leap 15.2 (x86_64): squid-4.15-lp152.2.9.1 squid-debuginfo-4.15-lp152.2.9.1 squid-debugsource-4.15-lp152.2.9.1 References: https://www.suse.com/security/cve/CVE-2020-25097.html https://www.suse.com/security/cve/CVE-2021-28651.html https://www.suse.com/security/cve/CVE-2021-28652.html https://www.suse.com/security/cve/CVE-2021-28662.html https://www.suse.com/security/cve/CVE-2021-31806.html https://bugzilla.suse.com/1171164 https://bugzilla.suse.com/1171569 https://bugzilla.suse.com/1183436 https://bugzilla.suse.com/1185916 https://bugzilla.suse.com/1185918 https://bugzilla.suse.com/1185919 https://bugzilla.suse.com/1185921 https://bugzilla.suse.com/1185923

1 0

openSUSE-SU-2021:0886-1: moderate: Security update for libxml2
by opensuse-security＠opensuse.org 16 Jun '21

16 Jun '21

openSUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0886-1 Rating: moderate References: #1186015 Cross-References: CVE-2021-3541 CVSS scores: CVE-2021-3541 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015) This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-886=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): libxml2-2-2.9.7-lp152.10.15.1 libxml2-2-debuginfo-2.9.7-lp152.10.15.1 libxml2-debugsource-2.9.7-lp152.10.15.1 libxml2-devel-2.9.7-lp152.10.15.1 libxml2-tools-2.9.7-lp152.10.15.1 libxml2-tools-debuginfo-2.9.7-lp152.10.15.1 python-libxml2-python-debugsource-2.9.7-lp152.10.15.1 python2-libxml2-python-2.9.7-lp152.10.15.1 python2-libxml2-python-debuginfo-2.9.7-lp152.10.15.1 python3-libxml2-python-2.9.7-lp152.10.15.1 python3-libxml2-python-debuginfo-2.9.7-lp152.10.15.1 - openSUSE Leap 15.2 (x86_64): libxml2-2-32bit-2.9.7-lp152.10.15.1 libxml2-2-32bit-debuginfo-2.9.7-lp152.10.15.1 libxml2-devel-32bit-2.9.7-lp152.10.15.1 - openSUSE Leap 15.2 (noarch): libxml2-doc-2.9.7-lp152.10.15.1 References: https://www.suse.com/security/cve/CVE-2021-3541.html https://bugzilla.suse.com/1186015

1 0

openSUSE-SU-2021:0873-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 16 Jun '21

16 Jun '21

openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0873-1 Rating: important References: #1043990 #1055117 #1065729 #1152457 #1152489 #1155518 #1156395 #1167260 #1167574 #1168838 #1174416 #1174426 #1175995 #1178089 #1179243 #1179851 #1180846 #1181161 #1182613 #1183063 #1183203 #1183289 #1184208 #1184209 #1184436 #1184485 #1184514 #1184585 #1184650 #1184724 #1184728 #1184730 #1184731 #1184736 #1184737 #1184738 #1184740 #1184741 #1184742 #1184760 #1184811 #1184893 #1184934 #1184942 #1184957 #1184969 #1184984 #1185041 #1185113 #1185233 #1185244 #1185269 #1185365 #1185454 #1185472 #1185491 #1185549 #1185586 #1185587 Cross-References: CVE-2021-29155 CVE-2021-29650 CVSS scores: CVE-2021-29155 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-29155 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-29650 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29650 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves two vulnerabilities and has 57 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-29650: Fixed an issue with the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue that was discovered in kernel/bpf/verifier.c that performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation was not correctly accounted for when restricting subsequent operations (bnc#1184942). The following non-security bugs were fixed: - ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes). - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect (git-fixes). - ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer (git-fixes). - ALSA: hda/cirrus: Add error handling into CS8409 I2C functions (git-fixes). - ALSA: hda/cirrus: Add Headphone and Headset MIC Volume Control (git-fixes). - ALSA: hda/cirrus: Add jack detect interrupt support from CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Add support for CS8409 HDA bridge and CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Cleanup patch_cirrus.c code (git-fixes). - ALSA: hda/cirrus: Fix CS42L42 Headset Mic volume control name (git-fixes). - ALSA: hda/cirrus: Make CS8409 driver more generic by using fixups (git-fixes). - ALSA: hda/cirrus: Set Initial DMIC volume for Bullseye to -26 dB (git-fixes). - ALSA: hda/cirrus: Use CS8409 filter to fix abnormal sounds on Bullseye (git-fixes). - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx (git-fixes). - ALSA: hda/realtek: fix mic boost on Intel NUC 8 (git-fixes). - ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops (git-fixes). - ALSA: hda/realtek: GA503 use same quirks as GA401 (git-fixes). - ALSA: hda/realtek - Headset Mic issue on HP platform (git-fixes). - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC662 quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries (git-fixes). - ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes). - ALSA: usb-audio: Add DJM450 to Pioneer format quirk (git-fixes). - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls (git-fixes). - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes). - ALSA: usb-audio: Configure Pioneer DJM-850 samplerate (git-fixes). - ALSA: usb-audio: DJM-750: ensure format is set (git-fixes). - ALSA: usb-audio: Explicitly set up the clock selector (git-fixes). - ALSA: usb-audio: Fix implicit sync clearance at stopping stream (git-fixes). - ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request direction to set samplerate (git-fixes). - ALSA: usb: midi: do not return -ENOMEM when usb_urb_ep_type_check fails (git-fixes). - arm: dts: add imx7d pcf2127 fix to blacklist - ASoC: ak5558: correct reset polarity (git-fixes). - ASoC: ak5558: Fix s/show/slow/ typo (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ASoC: samsung: tm2_wm5110: check of of_parse return value (git-fixes). - ASoC: simple-card: fix possible uninitialized single_cpu local variable (git-fixes). - ASoC: SOF: Intel: HDA: fix core status verification (git-fixes). - ASoC: SOF: Intel: hda: remove unnecessary parentheses (git-fixes). - ata: libahci_platform: fix IRQ check (git-fixes). - ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock (git-fixes). - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices (git-fixes). - backlight: journada720: Fix Wmisleading-indentation warning (git-fixes). - blkcg: fix memleak for iolatency (git-fixes). - block, bfq: set next_rq to waker_bfqq->next_rq in waker injection (bsc#1168838). - block: recalculate segment count for multi-segment discards correctly (bsc#1184724). - block: rsxx: select CONFIG_CRC32 (git-fixes). - bluetooth: eliminate the potential race condition when removing the HCI controller (git-fixes). - bnxt_en: reverse order of TX disable and carrier off (git-fixes). - bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518). - bpf, libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518). - bpf, samples: Fix possible hang in xdpsock with multiple threads (bsc#1155518). - bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518). - bsg: free the request before return error code (git-fixes). - btrfs: fix qgroup data rsv leak caused by falloc failure (bsc#1185549). - btrfs: fix race between swap file activation and snapshot creation (bsc#1185587). - btrfs: fix race between writes to swap files and scrub (bsc#1185586). - btrfs: track qgroup released data in own variable in insert_prealloc_file_extent (bsc#1185549). - bus: qcom: Put child node before return (git-fixes). - cfg80211: remove WARN_ON() in cfg80211_sme_connect (git-fixes). - clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes). - clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz (git-fixes). - clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 (git-fixes). - clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock (git-fixes). - clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE (git-fixes). - clk: uniphier: Fix potential infinite loop (git-fixes). - clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback (git-fixes). - coresight: etm4x: Fix issues on trcseqevr access (git-fixes). - coresight: etm4x: Fix save and restore of TRCVMIDCCTLR1 register (git-fixes). - coresight: tmc-etr: Fix barrier packet insertion for perf buffer (git-fixes). - cpufreq: armada-37xx: Fix determining base CPU frequency (git-fixes). - cpufreq: armada-37xx: Fix driver cleanup when registration failed (git-fixes). - cpufreq: armada-37xx: Fix setting TBG parent for load levels (git-fixes). - cpufreq: armada-37xx: Fix the AVS value for load L1 (git-fixes). - cpufreq: Kconfig: fix documentation links (git-fixes). - crypto: arm/curve25519 - Move '.fpu' after '.arch' (git-fixes). - crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS (git-fixes). - cxgb4: avoid collecting SGE_QBASE regs during traffic (git-fixes). - cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (git-fixes). - dmaengine: dw: Make it dependent to HAS_IOMEM (git-fixes). - dm: eliminate potential source of excessive kernel log noise (git-fixes). - dm era: Fix bitset memory leaks (git-fixes). - dm era: only resize metadata in preresume (git-fixes). - dm era: Recover committed writeset after crash (git-fixes). - dm era: Reinitialize bitset cache before digesting a new writeset (git-fixes). - dm era: Use correct value size in equality function of writeset tree (git-fixes). - dm era: Verify the data block size hasn't changed (git-fixes). - dm: fix bug with RCU locking in dm_blk_report_zones (git-fixes). - dm integrity: fix error reporting in bitmap mode after creation (git-fixes). - dm ioctl: fix error return code in target_message (git-fixes). - dm mpath: fix racey management of PG initialization (git-fixes). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485). - dm raid: fix discard limits for raid1 (git-fixes). - dm: remove invalid sparse __acquires and __releases annotations (git-fixes). - dm writecache: fix the maximum number of arguments (git-fixes). - dm writecache: handle DAX to partitions on persistent memory correctly (git-fixes). - dm writecache: remove BUG() and fail gracefully instead (git-fixes). - dm zoned: select CONFIG_CRC32 (git-fixes). - dpaa_eth: copy timestamp fields to new skb in A-050385 workaround (git-fixes). - dpaa_eth: fix the RX headroom size alignment (git-fixes). - dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom (git-fixes). - dpaa_eth: Use random MAC address when none is given (bsc#1184811). - drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' (git-fixes). - drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes). - drm/ast: Add 25MHz refclk support (bsc#1174416). - drm/ast: Add support for 1152x864 mode (bsc#1174416). - drm/ast: Add support for AIP200 (bsc#1174416). - drm/ast: AST2500 fixups (bsc#1174416). - drm/ast: Correct mode table for AST2500 precatch (bsc#1174416). - drm/ast: Disable screen on register init (bsc#1174416). - drm/ast: Disable VGA decoding while driver is active (bsc#1174416). - drm/ast: drm/ast: Fix boot address for AST2500 (bsc#1174416). - drm/ast: Fix P2A config detection (bsc#1174416). - drm/ast: Fix register access in non-P2A mode for DP501 (bsc#1174416). - drm/ast: Keep MISC fields when enabling VGA (bsc#1174416). - drm/i915/gvt: Fix error code in intel_gvt_init_device() (git-fixes). - drm/imx: imx-ldb: fix out of bounds array access warning (git-fixes). - drm/msm: Fix a5xx/a6xx timestamps (git-fixes). - drm/omap: fix misleading indentation in pixinc() (git-fixes). - drm/radeon: fix copy of uninitialized variable back to userspace (git-fixes). - drm/tegra: dc: Do not set PLL clock to 0Hz (git-fixes). - e1000e: add rtnl_lock() to e1000_reset_task (git-fixes). - e1000e: Fix duplicate include guard (git-fixes). - e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 (git-fixes). - enetc: Let the hardware auto-advance the taprio base-time of 0 (git-fixes). - enetc: Workaround for MDIO register access issue (git-fixes). - ethernet/netronome/nfp: Fix a use after free in nfp_bpf_ctrl_msg_rx (git-fixes). - ext4: do not try to set xattr into ea_inode if value is empty (bsc#1184730). - ext4: find old entry again if failed to rename whiteout (bsc#1184742). - ext4: fix potential error in ext4_do_update_inode (bsc#1184731). - ext4: fix potential htree index checksum corruption (bsc#1184728). - firmware: qcom-scm: Fix QCOM_SCM configuration (git-fixes). - fnic: use scsi_host_busy_iter() to traverse commands (bsc#1179851). - fotg210-udc: Complete OUT requests on short packets (git-fixes). - fotg210-udc: Do not DMA more than the buffer can take (git-fixes). - fotg210-udc: Fix DMA on EP0 for length > max packet size (git-fixes). - fotg210-udc: Fix EP0 IN requests bigger than two packets (git-fixes). - fotg210-udc: Mask GRP2 interrupts we do not handle (git-fixes). - fotg210-udc: Remove a dubious condition leading to fotg210_done (git-fixes). - fs: direct-io: fix missing sdio->boundary (bsc#1184736). - fs/jfs: fix potential integer overflow on shift of a int (bsc#1184741). - fsl/fman: reuse set_mac_address() in dtsec init() (bsc#1184811). - fsl/fman: tolerate missing MAC address in device tree (bsc#1184811). - gpio: omap: Save and restore sysconfig (git-fixes). - gpio: sysfs: Obey valid_mask (git-fixes). - HID: alps: fix error return code in alps_input_configured() (git-fixes). - HID: google: add don USB id (git-fixes). - HID: plantronics: Workaround for double volume key presses (git-fixes). - HID: wacom: Assign boolean values to a bool variable (git-fixes). - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices (git-fixes). - i2c: cadence: add IRQ check (git-fixes). - i2c: emev2: add IRQ check (git-fixes). - i2c: img-scb: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: jz4780: add IRQ check (git-fixes). - i2c: omap: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: sh7760: add IRQ check (git-fixes). - i2c: sh7760: fix IRQ error path (git-fixes). - i2c: sprd: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i40e: Added Asym_Pause to supported link modes (git-fixes). - i40e: Add zero-initialization of AQ command structures (git-fixes). - i40e: Fix addition of RX filters after enabling FW LLDP agent (git-fixes). - i40e: Fix add TC filter for IPv6 (git-fixes). - i40e: Fix display statistics for veb_tc (git-fixes). - i40e: Fix endianness conversions (git-fixes). - i40e: Fix flow for IPv6 next header (extension header) (git-fixes). - i40e: Fix kernel oops when i40e driver removes VF's (git-fixes). - i40e: Fix overwriting flow control settings during driver loading (git-fixes). - i40e: Fix sparse errors in i40e_txrx.c (git-fixes). - i40e: Fix sparse warning: missing error code 'err' (git-fixes). - i40e: fix the panic when running bpf in xdpdrv mode (git-fixes). - ibmvnic: avoid calling napi_disable() twice (bsc#1065729). - ibmvnic: clean up the remaining debugfs data structures (bsc#1065729). - ibmvnic: correctly use dev_consume/free_skb_irq (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 git-fixes). - ibmvnic: improve failover sysfs entry (bsc#1043990 ltc#155681 git-fixes). - ibmvnic: print adapter state as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: print reset reason as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: queue reset work in system_long_wq (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: remove duplicate napi_schedule call in do_reset function (bsc#1065729). - ibmvnic: remove duplicate napi_schedule call in open function (bsc#1065729). - ice: Account for port VLAN in VF max packet size calculation (git-fixes). - ice: Cleanup fltr list in case of allocation issues (git-fixes). - ice: Fix for dereference of NULL pointer (git-fixes). - ice: Increase control queue timeout (git-fixes). - ice: prevent ice_open and ice_stop during reset (git-fixes). - igb: check timestamp validity (git-fixes). - igb: Fix duplicate include guard (git-fixes). - igc: Fix Pause Frame Advertising (git-fixes). - igc: Fix Supported Pause Frame Link Setting (git-fixes). - igc: reinit_locked() should be called with rtnl_lock (git-fixes). - iio:accel:adis16201: Fix wrong axis assignment that prevents loading (git-fixes). - ima: Free IMA measurement buffer after kexec syscall (git-fixes). - Input: i8042 - fix Pegatron C15B ID entry (git-fixes). - Input: nspire-keypad - enable interrupts only when opened (git-fixes). - Input: s6sy761 - fix coordinate read bit shift (git-fixes). - interconnect: core: fix error return code of icc_link_destroy() (git-fixes). - iopoll: introduce read_poll_timeout macro (git-fixes). - iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585). - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() (git-fixes). - irqchip: Add support for Layerscape external interrupt lines (bsc#1185233). - irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip flags (bsc#1185233). - irqchip/ls-extirq: Add LS1043A, LS1088A external interrupt support (bsc#1185233). - isofs: release buffer head before return (bsc#1182613). - ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (git-fixes). - jffs2: fix use after free in jffs2_sum_write_data() (bsc#1184740). - kABI: cover up change in struct kvm_arch (bsc#1184969). - kABI: Fix kABI caused by fixes for bsc#1174426 (bsc#1174426). - kABI: powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (bsc#1152489). - KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit (bsc#1156395). - KVM: PPC: Make the VMX instruction emulation routines static (bsc#1156395). - libnvdimm/label: Return -ENXIO for no slot in __blk_label_update (bsc#1185269). - libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels (bsc#1185269). - libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC (bsc#1184969 git-fixes). - libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (git-fixes). - liquidio: Fix unintented sign extension of a left shift of a u16 (git-fixes). - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (bsc#1185041). - mac80211: bail out if cipher schemes are invalid (git-fixes). - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN (git-fixes). - macvlan: macvlan_count_rx() needs to be aware of preemption (git-fixes). - media: dvbdev: Fix memory leak in dvb_media_device_free() (git-fixes). - media: m88rs6000t: avoid potential out-of-bounds reads on arrays (git-fixes). - media: mantis: remove orphan mantis_core.c (git-fixes). - media: omap4iss: return error code when omap4iss_get() failed (git-fixes). - media: platform: sunxi: sun6i-csi: fix error return code of sun6i_video_start_streaming() (git-fixes). - media: staging/intel-ipu3: Fix memory leak in imu_fmt (git-fixes). - media: staging/intel-ipu3: Fix race condition during set_fmt (git-fixes). - media: staging/intel-ipu3: Fix set_fmt error handling (git-fixes). - media: v4l2-ctrls.c: fix race condition in hdl->requests list (git-fixes). - memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] (git-fixes). - memory: pl353: fix mask of ECC page_size config register (git-fixes). - mfd: lpc_sch: Partially revert "Add support for Intel Quark X1000" (git-fixes). - mfd: stm32-timers: Avoid clearing auto reload register (git-fixes). - misc: lis3lv02d: Fix false-positive WARN on various HP models (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_datagram payload (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct (git-fixes). - mmc: core: Correct descriptions in mmc_of_parse() (git-fixes). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes). - mmc: sdhci-of-arasan: Add missed checks for devm_clk_register() (git-fixes). - mmc: sdhci-of-dwcmshc: fix rpmb access (git-fixes). - mmc: sdhci-of-dwcmshc: implement specific set_uhs_signaling (git-fixes). - mmc: sdhci-of-esdhc: make sure delay chain locked for HS400 (git-fixes). - mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mmc: sdhci: Use Auto CMD Auto Select only when v4_mode is true (git-fixes). - mmc: uniphier-sd: Fix an error handling path in uniphier_sd_probe() (git-fixes). - mmc: uniphier-sd: Fix a resource leak in the remove function (git-fixes). - mm/rmap: fix potential pte_unmap on an not mapped pte (git-fixes). - Move upstreamed i915 fix into sorted section - mt7601u: fix always true expression (git-fixes). - mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() (git-fixes). - mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC (git-fixes). - mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe() (git-fixes). - mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init (git-fixes). - mtd: rawnand: qcom: Return actual error code instead of -ENODEV (git-fixes). - mtd: require write permissions for locking and badblock ioctls (git-fixes). - mtd: spinand: core: add missing MODULE_DEVICE_TABLE() (git-fixes). - mtd: spi-nor: Rename "n25q512a" to "mt25qu512a (n25q512a)" (bsc#1167260). - mtd: spi-nor: Split mt25qu512a (n25q512a) entry into two (bsc#1167260). - nbd: fix a block_device refcount leak in nbd_release (git-fixes). - net: atlantic: fix out of range usage of active_vlans array (git-fixes). - net: atlantic: fix potential error handling (git-fixes). - net: atlantic: fix use after free kasan warn (git-fixes). - net: dsa: felix: implement port flushing on .phylink_mac_link_down (git-fixes). - net: enetc: remove bogus write to SIRXIDR from enetc_setup_rxbdr (git-fixes). - net: enetc: take the MDIO lock only once per NAPI poll cycle (git-fixes). - net: geneve: check skb is large enough for IPv4/IPv6 header (git-fixes). - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (git-fixes). - net: hns3: clear VF down state bit before request link status (git-fixes). - net: hns3: fix bug when calculating the TCAM table info (git-fixes). - net: hns3: fix query vlan mask value error for flow director (git-fixes). - net: hns3: Remove un-necessary 'else-if' in the hclge_reset_event() (git-fixes). - net: ll_temac: Add more error handling of dma_map_single() calls (git-fixes). - net: ll_temac: Fix race condition causing TX hang (git-fixes). - net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure (git-fixes). - net: ll_temac: Handle DMA halt condition caused by buffer underrun (git-fixes). - net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes). - net/mlx5: Do not request more than supported EQs (git-fixes). - net/mlx5e: Do not match on Geneve options in case option masks are all zero (git-fixes). - net/mlx5e: Fix error path for ethtool set-priv-flag (git-fixes). - net/mlx5e: Fix ethtool indication of connector type (git-fixes). - net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta (jsc#SLE-8464). - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req (git-fixes). - net: phy: intel-xway: enable integrated led functions (git-fixes). - net: phy: marvell: fix m88e1011_set_downshift (git-fixes). - net: phy: marvell: fix m88e1111_set_downshift (git-fixes). - net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template (git-fixes). - net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes). - net: stmmac: fix missing IFF_MULTICAST check in dwmac4_set_filter (git-fixes). - net: stmmac: xgmac: fix missing IFF_MULTICAST checki in dwxgmac2_set_filter (git-fixes). - net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes). - nfc: pn533: prevent potential memory corruption (git-fixes). - nfp: flower: ignore duplicate merge hints from FW (git-fixes). - node: fix device cleanups in error handling code (git-fixes). - null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes). - nvme-fabrics: reject I/O to offline device (bsc#1181161). - nvme-tcp: fix possible hang when failing to set io queues (bsc#1181161). - ocfs2: fix a use after free on error (bsc#1184738). - pata_arasan_cf: fix IRQ check (git-fixes). - pata_ipx4xx_cf: fix IRQ check (git-fixes). - PCI/AER: Add pcie_walk_rcec() to RCEC AER handling (bsc#1174426). - PCI/AER: Add RCEC AER error injection support (bsc#1174426). - PCI/AER: Clear AER status from Root Port when resetting Downstream Port (bsc#1174426). - PCI/AER: Specify the type of Port that was reset (bsc#1174426). - PCI/AER: Use "aer" variable for capability offset (bsc#1174426). - PCI/AER: Write AER Capability only when we control it (bsc#1174426). - PCI: designware-ep: Fix the Header Type check (git-fixes). - PCI/ERR: Add pcie_link_rcec() to associate RCiEPs (bsc#1174426). - PCI/ERR: Add pci_walk_bridge() to pcie_do_recovery() (bsc#1174426). - PCI/ERR: Avoid negated conditional for clarity (bsc#1174426). - PCI/ERR: Bind RCEC devices to the Root Port driver (bsc#1174426). - PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() (bsc#1174426). - PCI/ERR: Clear AER status only when we control AER (bsc#1174426). - PCI/ERR: Clear PCIe Device Status errors only if OS owns AER (bsc#1174426). - PCI/ERR: Clear status of the reporting device (bsc#1174426). - PCI/ERR: Recover from RCEC AER errors (bsc#1174426). - PCI/ERR: Recover from RCiEP AER errors (bsc#1174426). - PCI/ERR: Rename reset_link() to reset_subordinates() (bsc#1174426). - PCI/ERR: Retain status from error notification (bsc#1174426). - PCI/ERR: Simplify by computing pci_pcie_type() once (bsc#1174426). - PCI/ERR: Simplify by using pci_upstream_bridge() (bsc#1174426). - PCI/ERR: Use "bridge" for clarity in pcie_do_recovery() (bsc#1174426). - PCI/PME: Add pcie_walk_rcec() to RCEC PME handling (bsc#1174426). - PCI/portdrv: Report reset for frozen channel (bsc#1174426). - PCI: tegra: Fix ASPM-L1SS advertisement disable code (git-fixes). - PCI: tegra: Move "dbi" accesses to post common DWC initialization (git-fixes). - phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally (git-fixes). - pinctrl: core: Fix kernel doc string for pin_get_name() (git-fixes). - pinctrl: Ingenic: Add missing pins to the JZ4770 MAC MII group (git-fixes). - platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table (git-fixes). - PM: runtime: Add documentation for pm_runtime_resume_and_get() (git-fixes). - powerepc/book3s64/hash: Align start/end address correctly with bolt mapping (bsc#1184957). - powerpc/64s: Fix pte update for kernel memory on radix (bsc#1055117 git-fixes). - powerpc/asm-offsets: GPR14 is not needed either (bsc#1065729). - powerpc/eeh: Fix EEH handling for hugepages in ioremap space (bsc#1156395). - powerpc/fadump: Mark fadump_calculate_reserve_size as __init (bsc#1065729). - powerpc/mm: Add cond_resched() while removing hpte mappings (bsc#1183289 ltc#191637). - powerpc/papr_scm: Fix build error due to wrong printf specifier (bsc#1184969). - powerpc/papr_scm: Implement support for H_SCM_FLUSH hcall (bsc#1184969). - powerpc/perf: Fix PMU constraint check for EBB events (bsc#1065729). - powerpc/prom: Mark identical_pvr_fixup as __init (bsc#1065729). - powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - powerpc/time: Enable sched clock for irqtime (bsc#1156395). - regmap: set debugfs_name to NULL after it is freed (git-fixes). - regulator: Avoid a double 'of_node_get' in 'regulator_of_get_init_node()' (git-fixes). - reintroduce cqhci_suspend for kABI (git-fixes). - reiserfs: update reiserfs_xattrs_initialized() condition (bsc#1184737). - rpm/constraints.in: bump disk space to 45GB on riscv64 - rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). - rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) - rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650) - rsi: Use resume_noirq for SDIO (git-fixes). - rsxx: remove extraneous 'const' qualifier (git-fixes). - rtc: ds1307: Fix wday settings for rx8130 (git-fixes). - rtc: fsl-ftm-alarm: add MODULE_TABLE() (bsc#1185454). - rtc: fsl-ftm-alarm: avoid struct rtc_time conversions (bsc#1185454). - rtc: fsl-ftm-alarm: enable acpi support (bsc#1185454). - rtc: fsl-ftm-alarm: fix freeze(s2idle) failed to wake (bsc#1185454). - rtc: fsl-ftm-alarm: report alarm to core (bsc#1185454). - rtc: fsl-ftm-alarm: switch to ktime_get_real_seconds (bsc#1185454). - rtc: fsl-ftm-alarm: switch to rtc_time64_to_tm/rtc_tm_to_time64 (bsc#1185454). - rtc: fsl-ftm-alarm: update acpi device id (bsc#1185454). - rtc: pcf2127: add alarm support (bsc#1185233). - rtc: pcf2127: add pca2129 device id (bsc#1185233). - rtc: pcf2127: add tamper detection support (bsc#1185233). - rtc: pcf2127: add watchdog feature support (bsc#1185233). - rtc: pcf2127: bugfix: watchdog build dependency (bsc#1185233). - rtc: pcf2127: cleanup register and bit defines (bsc#1185233). - rtc: pcf2127: convert to devm_rtc_allocate_device (bsc#1185233). - rtc: pcf2127: fix a bug when not specify interrupts property (bsc#1185233). - rtc: pcf2127: fix alarm handling (bsc#1185233). - rtc: pcf2127: fix pcf2127_nvmem_read/write() returns (bsc#1185233). - rtc: pcf2127: handle boot-enabled watchdog feature (bsc#1185233). - rtc: pcf2127: let the core handle rtc range (bsc#1185233). - rtc: pcf2127: move watchdog initialisation to a separate function (bsc#1185233). - rtc: pcf2127: only use watchdog when explicitly available (bsc#1185233). - rtc: pcf2127: properly set flag WD_CD for rtc chips(pcf2129, pca2129) (bsc#1185233). - rtc: pcf2127: remove unnecessary #ifdef (bsc#1185233). - rtc: pcf2127: set regmap max_register (bsc#1185233). - rtc: pcf2127: watchdog: handle nowayout feature (bsc#1185233). - rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes). - rtw88: Fix array overrun in rtw_get_tx_power_params() (git-fixes). - sata_mv: add IRQ checks (git-fixes). - scsi: block: Fix a race in the runtime power management code (git-fixes). - scsi: core: add scsi_host_busy_iter() (bsc#1179851). - scsi: core: Only return started requests from scsi_host_find_tag() (bsc#1179851). - scsi: lpfc: Copyright updates for 12.8.0.9 patches (bsc#1185472). - scsi: lpfc: Eliminate use of LPFC_DRIVER_NAME in lpfc_attr.c (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc issues (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc misdemeanours (bsc#1185472). - scsi: lpfc: Fix a bunch of misnamed functions (bsc#1185472). - scsi: lpfc: Fix a few incorrectly named functions (bsc#1185472). - scsi: lpfc: Fix a typo (bsc#1185472). - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response (bsc#1185472). - scsi: lpfc: Fix DMA virtual address ptr assignment in bsg (bsc#1185365). - scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode (bsc#1185472). - scsi: lpfc: Fix formatting and misspelling issues (bsc#1185472). - scsi: lpfc: Fix gcc -Wstringop-overread warning (bsc#1185472). - scsi: lpfc: Fix illegal memory access on Abort IOCBs (bsc#1183203). - scsi: lpfc: Fix incorrectly documented function lpfc_debugfs_commonxripools_data() (bsc#1185472). - scsi: lpfc: Fix incorrect naming of __lpfc_update_fcf_record() (bsc#1185472). - scsi: lpfc: Fix kernel-doc formatting issue (bsc#1185472). - scsi: lpfc: Fix lack of device removal on port swaps with PRLIs (bsc#1185472). - scsi: lpfc: Fix lpfc_hdw_queue attribute being ignored (bsc#1185472). - scsi: lpfc: Fix missing FDMI registrations after Mgmt Svc login (bsc#1185472). - scsi: lpfc: Fix NMI crash during rmmod due to circular hbalock dependency (bsc#1185472). - scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp() (bsc#1185472). - scsi: lpfc: Fix rmmod crash due to bad ring pointers to abort_iotag (bsc#1185472). - scsi: lpfc: Fix silent memory allocation failure in lpfc_sli4_bsg_link_diag_test() (bsc#1185472). - scsi: lpfc: Fix some error codes in debugfs (bsc#1185472). - scsi: lpfc: Fix use-after-free on unused nodes after port swap (bsc#1185472). - scsi: lpfc: Fix various trivial errors in comments and log messages (bsc#1185472). - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic (bsc#1185472). - scsi: lpfc: Standardize discovery object logging format (bsc#1185472). - scsi: lpfc: Update lpfc version to 12.8.0.9 (bsc#1185472). - scsi: qla2xxx: Add error counters to debugfs node (bsc#1185491). - scsi: qla2xxx: Add H:C:T info in the log message for fc ports (bsc#1185491). - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() (bsc#1185491). - scsi: qla2xxx: Assign boolean values to a bool variable (bsc#1185491). - scsi: qla2xxx: Check kzalloc() return value (bsc#1185491). - scsi: qla2xxx: Consolidate zio threshold setting for both FCP NVMe (bsc#1185491). - scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (bsc#1185491). - scsi: qla2xxx: Do logout even if fabric scan retries got exhausted (bsc#1185491). - scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (bsc#1185491). - scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (bsc#1185491). - scsi: qla2xxx: Fix a couple of misdocumented functions (bsc#1185491). - scsi: qla2xxx: Fix a couple of misnamed functions (bsc#1185491). - scsi: qla2xxx: Fix broken #endif placement (bsc#1185491). - scsi: qla2xxx: Fix crash in PCIe error handling (bsc#1185491). - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (bsc#1185491). - scsi: qla2xxx: Fix endianness annotations (bsc#1185491). - scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (bsc#1185491). - scsi: qla2xxx: Fix IOPS drop seen in some adapters (bsc#1185491). - scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1185491). - scsi: qla2xxx: Fix mailbox recovery during PCIe error (bsc#1185491). - scsi: qla2xxx: Fix RISC RESET completion polling (bsc#1185491). - scsi: qla2xxx: Fix some incorrect formatting/spelling issues (bsc#1185491). - scsi: qla2xxx: Fix some memory corruption (bsc#1185491). - scsi: qla2xxx: Fix stuck session (bsc#1185491). - scsi: qla2xxx: Fix use after free in bsg (bsc#1185491). - scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (bsc#1185491). - scsi: qla2xxx: Move some messages from debug to normal log level (bsc#1185491). - scsi: qla2xxx: Remove redundant NULL check (bsc#1185491). - scsi: qla2xxx: Remove unnecessary NULL check (bsc#1185491). - scsi: qla2xxx: Remove unneeded if-null-free check (bsc#1185491). - scsi: qla2xxx: Replace __qla2x00_marker()'s missing underscores (bsc#1185491). - scsi: qla2xxx: Reserve extra IRQ vectors (bsc#1184436). - scsi: qla2xxx: Reuse existing error handling path (bsc#1185491). - scsi: qla2xxx: Simplify if statement (bsc#1185491). - scsi: qla2xxx: Simplify qla8044_minidump_process_control() (bsc#1185491). - scsi: qla2xxx: Simplify the calculation of variables (bsc#1185491). - scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (bsc#1185491). - scsi: qla2xxx: Update default AER debug mask (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.105-k (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.106-k (bsc#1185491). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1185491). - scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (bsc#1185491). - scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089). - scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089). - scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089). - selftests/powerpc: Add pkey helpers for rights (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for execute-disabled pkeys (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for pkey siginfo verification (bsc#1184934 ltc#191460). - selftests/powerpc: Add wrapper for gettid (bsc#1184934 ltc#191460). - selftests/powerpc: Fix exit status of pkey tests (bsc#1184934 ltc#191460). - selftests/powerpc: Fix L1D flushing tests for Power10 (bsc#1184934 ltc#191460). - selftests/powerpc: Fix pkey syscall redefinitions (bsc#1184934 ltc#191460). - selftests/powerpc: Move pkey helpers to headers (bsc#1184934 ltc#191460). - selftests/powerpc: refactor entry and rfi_flush tests (bsc#1184934 ltc#191460). - soc: aspeed: fix a ternary sign expansion bug (git-fixes). - soc: qcom: mdt_loader: Detect truncated read of segments (git-fixes). - soc: qcom: mdt_loader: Validate that p_filesz p_memsz (git-fixes). - soundwire: bus: Fix device found flag correctly (git-fixes). - soundwire: stream: fix memory leak in stream config error path (git-fixes). - spi: fsl-dspi: fix NULL pointer dereference (bsc#1167260). - spi: fsl-dspi: fix use-after-free in remove path (bsc#1167260). - spi: fsl-dspi: fix wrong pointer in suspend/resume (bsc#1167260). - spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() (git-fixes). - spi: Introduce dspi_slave_abort() function for NXP's dspi SPI driver (bsc#1167260). - spi: spi-fsl-dspi: Accelerate transfers using larger word size if possible (bsc#1167260). - spi: spi-fsl-dspi: Add comments around dspi_pop_tx and dspi_push_rx functions (bsc#1167260). - spi: spi-fsl-dspi: Adding shutdown hook (bsc#1167260). - spi: spi-fsl-dspi: Add support for LS1028A (bsc#1167260). - spi: spi-fsl-dspi: Always use the TCFQ devices in poll mode (bsc#1167260). - spi: spi-fsl-dspi: Avoid NULL pointer in dspi_slave_abort for non-DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Avoid reading more data than written in EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (bsc#1167260). - spi: spi-fsl-dspi: Convert TCFQ users to XSPI FIFO mode (bsc#1167260). - spi: spi-fsl-dspi: Convert the instantiations that support it to DMA (bsc#1167260). - spi: spi-fsl-dspi: delete EOQ transfer mode (bsc#1167260). - spi: spi-fsl-dspi: Demistify magic value in SPI_SR_CLEAR (bsc#1167260). - spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (bsc#1167260). - spi: spi-fsl-dspi: Do not mask off undefined bits (bsc#1167260). - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#1167260). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Fix bits-per-word acceleration in DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Fix code alignment (bsc#1167260). - spi: spi-fsl-dspi: fix DMA mapping (bsc#1167260). - spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths (bsc#1167260). - spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path (bsc#1167260). - spi: spi-fsl-dspi: Fix little endian access to PUSHR CMD and TXDATA (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: fix native data copy (bsc#1167260). - spi: spi-fsl-dspi: Fix race condition in TCFQ/EOQ interrupt (bsc#1167260). - spi: spi-fsl-dspi: Fix typos (bsc#1167260). - spi: spi-fsl-dspi: Free DMA memory with matching function (bsc#1167260). - spi: spi-fsl-dspi: Implement .max_message_size method for EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Initialize completion before possible interrupt (bsc#1167260). - spi: spi-fsl-dspi: LS2080A and LX2160A support XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Make bus-num property optional (bsc#1167260). - spi: spi-fsl-dspi: Move dspi_interrupt above dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Move invariant configs out of dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Optimize dspi_setup_accel for lowest interrupt count (bsc#1167260). - spi: spi-fsl-dspi: Parameterize the FIFO size and DMA buffer size (bsc#1167260). - spi: spi-fsl-dspi: Protect against races on dspi->words_in_flight (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation in dspi_release_dma() (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation level in dspi_interrupt (bsc#1167260). - spi: spi-fsl-dspi: remove git-fixes Remove git-fixes. Prepare to update the driver. References: bsc#1167260 - spi: spi-fsl-dspi: Remove impossible to reach error check (bsc#1167260). - spi: spi-fsl-dspi: Remove pointless assignment of master->transfer to NULL (bsc#1167260). - spi: spi-fsl-dspi: Remove unused chip->void_write_data (bsc#1167260). - spi: spi-fsl-dspi: Remove unused defines and includes (bsc#1167260). - spi: spi-fsl-dspi: Remove unused initialization of 'ret' in dspi_probe (bsc#1167260). - spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (bsc#1167260). - spi: spi-fsl-dspi: Replace legacy spi_master names with spi_controller (bsc#1167260). - spi: spi-fsl-dspi: set ColdFire to DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Simplify bytes_per_word gymnastics (bsc#1167260). - spi: spi-fsl-dspi: Take software timestamp in dspi_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Use BIT() and GENMASK() macros (bsc#1167260). - spi: spi-fsl-dspi: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1167260). - spi: spi-fsl-dspi: Use EOQ for last word in buffer even for XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Use poll mode in case the platform IRQ is missing (bsc#1167260). - spi: spi-fsl-dspi: Use reverse Christmas tree declaration order (bsc#1167260). - spi: spi-fsl-dspi: Use specific compatible strings for all SoC instantiations (bsc#1167260). - spi: spi-fsl-dspi: use XSPI mode instead of DMA for DPAA2 SoCs (bsc#1167260). - spi: spi-ti-qspi: Free DMA resources (git-fixes). - staging: fwserial: fix TIOCGSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL jiffies conversions (git-fixes). - staging: fwserial: fix TIOCSSERIAL permission check (git-fixes). - staging: rtl8192u: Fix potential infinite loop (git-fixes). - usb: CDC-ACM: fix poison/unpoison imbalance (bsc#1184984). - usb: CDC-ACM: fix poison/unpoison imbalance (git-fixes). - usb: cdc-acm: fix TIOCGSERIAL implementation (git-fixes). - usb: cdc-acm: fix unprivileged TIOCCSERIAL (git-fixes). - usb: dwc2: Fix hibernation between host and device modes (git-fixes). - usb: dwc2: Fix host mode hibernation exit with remote wakeup flow (git-fixes). - usb: dwc2: Fix session request interrupt handler (git-fixes). - usb: dwc3: gadget: Fix START_TRANSFER link state check (git-fixes). - usb: dwc3: keystone: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: meson-g12a: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: Switch to use device_property_count_u32() (git-fixes). - usb: gadget: aspeed: fix dma map failure (git-fixes). - usb: gadget: Fix double free of device descriptor pointers (git-fixes). - usb: gadget: pch_udc: Check for DMA mapping error (git-fixes). - usb: gadget: pch_udc: Check if driver is present before calling ->setup() (git-fixes). - usb: gadget: pch_udc: Move pch_udc_init() to satisfy kernel doc (git-fixes). - usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() (git-fixes). - usb: gadget: pch_udc: Revert d3cb25a12138 completely (git-fixes). - usb: gadget: r8a66597: Add missing null check on return from platform_get_resource (git-fixes). - usb: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes). - usb: Remove dev_err() usage after platform_get_irq() (git-fixes). - usb: serial: ark3116: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: f81232: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: f81534: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: fix return value for unsupported ioctls (git-fixes). - usb: serial: mos7720: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: opticon: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: quatech2: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: ssu100: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: usb_wwan: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes). - usb: serial: usb_wwan: fix unprivileged TIOCCSERIAL (git-fixes). - usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS (git-fixes). - usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply (git-fixes). - usb: typec: tcpm: Honour pSnkStdby requirement during negotiation (git-fixes). - veth: Store queue_mapping independently of XDP prog presence (git-fixes). - vfio/pci: Add missing range check in vfio_pci_mmap (git-fixes). - virt_wifi: Return micros for BSS TSF values (git-fixes). - vxlan: move debug check after netdev unregister (git-fixes). - workqueue: Move the position of debug_work_activate() in __queue_work() (bsc#1184893). - x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access (bsc#1152489). - x86/insn: Add some Intel instructions to the opcode map (bsc#1184760). - x86/insn: Add some more Intel instructions to the opcode map (bsc#1184760). - x86/microcode: Check for offline CPUs before requesting new microcode (bsc#1152489). - x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd (bsc#1152489). - x86/platform/uv: Set section block size for hubless architectures (bsc#1152489). - x86/reboot: Force all cpus to exit VMX root if VMX is supported (bsc#1152489). This update was imported from the SUSE:SLE-15-SP2:Update update project. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-873=1 Package List: - openSUSE Leap 15.2 (noarch): kernel-devel-rt-5.3.18-lp152.3.11.1 kernel-source-rt-5.3.18-lp152.3.11.1 - openSUSE Leap 15.2 (x86_64): cluster-md-kmp-rt-5.3.18-lp152.3.11.1 cluster-md-kmp-rt-debuginfo-5.3.18-lp152.3.11.1 cluster-md-kmp-rt_debug-5.3.18-lp152.3.11.1 cluster-md-kmp-rt_debug-debuginfo-5.3.18-lp152.3.11.1 dlm-kmp-rt-5.3.18-lp152.3.11.1 dlm-kmp-rt-debuginfo-5.3.18-lp152.3.11.1 dlm-kmp-rt_debug-5.3.18-lp152.3.11.1 dlm-kmp-rt_debug-debuginfo-5.3.18-lp152.3.11.1 gfs2-kmp-rt-5.3.18-lp152.3.11.1 gfs2-kmp-rt-debuginfo-5.3.18-lp152.3.11.1 gfs2-kmp-rt_debug-5.3.18-lp152.3.11.1 gfs2-kmp-rt_debug-debuginfo-5.3.18-lp152.3.11.1 kernel-rt-5.3.18-lp152.3.11.1 kernel-rt-debuginfo-5.3.18-lp152.3.11.1 kernel-rt-debugsource-5.3.18-lp152.3.11.1 kernel-rt-devel-5.3.18-lp152.3.11.1 kernel-rt-devel-debuginfo-5.3.18-lp152.3.11.1 kernel-rt-extra-5.3.18-lp152.3.11.1 kernel-rt-extra-debuginfo-5.3.18-lp152.3.11.1 kernel-rt_debug-5.3.18-lp152.3.11.1 kernel-rt_debug-debuginfo-5.3.18-lp152.3.11.1 kernel-rt_debug-debugsource-5.3.18-lp152.3.11.1 kernel-rt_debug-devel-5.3.18-lp152.3.11.1 kernel-rt_debug-devel-debuginfo-5.3.18-lp152.3.11.1 kernel-rt_debug-extra-5.3.18-lp152.3.11.1 kernel-rt_debug-extra-debuginfo-5.3.18-lp152.3.11.1 kernel-syms-rt-5.3.18-lp152.3.11.1 kselftests-kmp-rt-5.3.18-lp152.3.11.1 kselftests-kmp-rt-debuginfo-5.3.18-lp152.3.11.1 kselftests-kmp-rt_debug-5.3.18-lp152.3.11.1 kselftests-kmp-rt_debug-debuginfo-5.3.18-lp152.3.11.1 ocfs2-kmp-rt-5.3.18-lp152.3.11.1 ocfs2-kmp-rt-debuginfo-5.3.18-lp152.3.11.1 ocfs2-kmp-rt_debug-5.3.18-lp152.3.11.1 ocfs2-kmp-rt_debug-debuginfo-5.3.18-lp152.3.11.1 reiserfs-kmp-rt-5.3.18-lp152.3.11.1 reiserfs-kmp-rt-debuginfo-5.3.18-lp152.3.11.1 reiserfs-kmp-rt_debug-5.3.18-lp152.3.11.1 reiserfs-kmp-rt_debug-debuginfo-5.3.18-lp152.3.11.1 References: https://www.suse.com/security/cve/CVE-2021-29155.html https://www.suse.com/security/cve/CVE-2021-29650.html https://bugzilla.suse.com/1043990 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1167260 https://bugzilla.suse.com/1167574 https://bugzilla.suse.com/1168838 https://bugzilla.suse.com/1174416 https://bugzilla.suse.com/1174426 https://bugzilla.suse.com/1175995 https://bugzilla.suse.com/1178089 https://bugzilla.suse.com/1179243 https://bugzilla.suse.com/1179851 https://bugzilla.suse.com/1180846 https://bugzilla.suse.com/1181161 https://bugzilla.suse.com/1182613 https://bugzilla.suse.com/1183063 https://bugzilla.suse.com/1183203 https://bugzilla.suse.com/1183289 https://bugzilla.suse.com/1184208 https://bugzilla.suse.com/1184209 https://bugzilla.suse.com/1184436 https://bugzilla.suse.com/1184485 https://bugzilla.suse.com/1184514 https://bugzilla.suse.com/1184585 https://bugzilla.suse.com/1184650 https://bugzilla.suse.com/1184724 https://bugzilla.suse.com/1184728 https://bugzilla.suse.com/1184730 https://bugzilla.suse.com/1184731 https://bugzilla.suse.com/1184736 https://bugzilla.suse.com/1184737 https://bugzilla.suse.com/1184738 https://bugzilla.suse.com/1184740 https://bugzilla.suse.com/1184741 https://bugzilla.suse.com/1184742 https://bugzilla.suse.com/1184760 https://bugzilla.suse.com/1184811 https://bugzilla.suse.com/1184893 https://bugzilla.suse.com/1184934 https://bugzilla.suse.com/1184942 https://bugzilla.suse.com/1184957 https://bugzilla.suse.com/1184969 https://bugzilla.suse.com/1184984 https://bugzilla.suse.com/1185041 https://bugzilla.suse.com/1185113 https://bugzilla.suse.com/1185233 https://bugzilla.suse.com/1185244 https://bugzilla.suse.com/1185269 https://bugzilla.suse.com/1185365 https://bugzilla.suse.com/1185454 https://bugzilla.suse.com/1185472 https://bugzilla.suse.com/1185491 https://bugzilla.suse.com/1185549 https://bugzilla.suse.com/1185586 https://bugzilla.suse.com/1185587

1 0