May 2022 - openSUSE Security Announce - openSUSE Mailing Lists

openSUSE-SU-2022:0131-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 07 May '22

07 May '22

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0131-1 Rating: important References: #1139944 #1151927 #1152489 #1153275 #1154353 #1154355 #1161907 #1164565 #1166780 #1169514 #1176242 #1176447 #1176536 #1176544 #1176545 #1176546 #1176548 #1176558 #1176559 #1176774 #1176940 #1176956 #1177440 #1178134 #1178270 #1179211 #1179424 #1179426 #1179427 #1179599 #1181148 #1181507 #1181710 #1182404 #1183534 #1183540 #1183897 #1184318 #1185726 #1185902 #1186332 #1187541 #1189126 #1189158 #1191793 #1191876 #1192267 #1192320 #1192507 #1192511 #1192569 #1192606 #1192691 #1192845 #1192847 #1192874 #1192946 #1192969 #1192987 #1192990 #1192998 #1193002 #1193042 #1193139 #1193169 #1193306 #1193318 #1193349 #1193440 #1193442 #1193655 #1193993 #1194087 #1194094 #1195323 SLE-22574 Cross-References: CVE-2020-24504 CVE-2020-27820 CVE-2021-2032 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-4001 CVE-2021-4002 CVE-2021-43975 CVE-2021-43976 CVE-2021-45485 CVE-2021-45486 CVSS scores: CVE-2020-24504 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-24504 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-27820 (SUSE): 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L CVE-2021-2032 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-28711 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28711 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28712 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28712 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28713 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28713 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28714 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28714 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28715 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28715 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-4001 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-4002 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2021-4002 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-43975 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-43975 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-43976 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-43976 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-45485 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-45485 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-45486 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-45486 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 14 vulnerabilities, contains one feature and has 61 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) The following security bugs were fixed: - CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses. (bsc#1194094) - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c. (bnc#1194087). - CVE-2021-4001: Fixed a race condition when the EBPF map is frozen. (bsc#1192990) - CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. (bsc#1193442) - CVE-2021-28714: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by fixing rx queue stall detection. (bsc#1193442) - CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening hvc_xen against event channel storms. (bsc#1193440) - CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440) - CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. (bsc#1193440) - CVE-2020-24504: Fixed an uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers that may have allowed an authenticated user to potentially enable denial of service via local access. (bnc#1182404) - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bnc#1192845) - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847) - CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946) - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bnc#1179599) The following non-security bugs were fixed: - ACPI: battery: Accept charges over the design capacity as full (git-fixes). - ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses (git-fixes). - ACPICA: Avoid evaluating methods too early during system resume (git-fixes). - Add SMB 2 support for getting and setting SACLs (bsc#1192606). - Add to supported.conf: fs/smbfs_common/cifs_arc4 fs/smbfs_common/cifs_md4 - ALSA: ctxfi: Fix out-of-range access (git-fixes). - ALSA: gus: fix null pointer dereference on pointer block (git-fixes). - ALSA: hda: hdac_ext_stream: fix potential locking issues (git-fixes). - ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() (git-fixes). - ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS UX550VE (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PC70HS (git-fixes). - ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED (git-fixes). - ALSA: ISA: not for M68K (git-fixes). - ALSA: synth: missing check for possible NULL after the call to kstrdup (git-fixes). - ALSA: timer: Fix use-after-free problem (git-fixes). - ALSA: timer: Unconditionally unlink slave instances, too (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 400 (git-fixes). - ARM: 8970/1: decompressor: increase tag size (git-fixes). - ARM: 8974/1: use SPARSMEM_STATIC when SPARSEMEM is enabled (git-fixes) - ARM: 8986/1: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (git-fixes) - ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT (git-fixes) - ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe (git-fixes) - ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores (git-fixes) - ARM: 9064/1: hw_breakpoint: Do not directly check the event's (git-fixes) - ARM: 9071/1: uprobes: Do not hook on thumb instructions (git-fixes) - ARM: 9081/1: fix gcc-10 thumb2-kernel regression (git-fixes) - ARM: 9091/1: Revert "mm: qsd8x50: Fix incorrect permission faults" (git-fixes) - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (git-fixes) - ARM: 9134/1: remove duplicate memcpy() definition (git-fixes) - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (git-fixes) - ARM: 9141/1: only warn about XIP address when not compile testing (git-fixes) - ARM: 9155/1: fix early early_iounmap() (git-fixes) - ARM: at91: pm: add missing put_device() call in at91_pm_sram_init() (git-fixes) - ARM: at91: pm: of_node_put() after its usage (git-fixes) - ARM: at91: pm: use proper master clock register offset (git-fixes) - ARM: bcm: Select ARM_TIMER_SP804 for ARCH_BCM_NSP (git-fixes) - ARM: dts sunxi: Relax a bit the CMA pool allocation range (git-fixes) - ARM: dts: am335x-pocketbeagle: Fix mmc0 Write Protect (git-fixes) - ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema (git-fixes) - ARM: dts: am437x-idk-evm: Fix incorrect OPP node names (git-fixes) - ARM: dts: am437x-l4: fix typo in can@0 node (git-fixes) - ARM: dts: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes) - ARM: dts: armada388-helios4: assign pinctrl to each fan (git-fixes) - ARM: dts: armada388-helios4: assign pinctrl to LEDs (git-fixes) - ARM: dts: aspeed: s2600wf: Fix VGA memory region location (git-fixes) - ARM: dts: aspeed: tiogapass: Remove vuart (git-fixes) - ARM: dts: at91-sama5d27_som1: fix phy address to 7 (git-fixes) - ARM: dts: at91: add pinctrl-{names, 0} for all gpios (git-fixes) - ARM: dts: at91: at91sam9rl: fix ADC triggers (git-fixes) - ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description (git-fixes) - ARM: dts: at91: sama5d2_ptc_ek: fix vbus pin (git-fixes) - ARM: dts: at91: sama5d2_xplained: classd: pull-down the R1 and R3 lines (git-fixes) - ARM: dts: at91: sama5d2: fix CAN message ram offset and size (git-fixes) - ARM: dts: at91: sama5d2: map securam as device (git-fixes) - ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host (git-fixes) - ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host (git-fixes) - ARM: dts: at91: sama5d4: fix pinctrl muxing (git-fixes) - ARM: dts: at91: tse850: the emaclt;->phy interface is rmii (git-fixes) - ARM: dts: bcm: HR2: Fix PPI interrupt types (git-fixes) - ARM: dts: bcm: HR2: Fixed QSPI compatible string (git-fixes) - ARM: dts: bcm2835-rpi-zero-w: Fix led polarity (git-fixes) - ARM: dts: BCM5301X: Add interrupt properties to GPIO node (git-fixes) - ARM: dts: BCM5301X: Fix I2C controller interrupt (git-fixes) - ARM: dts: BCM5301X: Fixed QSPI compatible string (git-fixes) - ARM: dts: colibri-imx6ull: limit SDIO clock to 25MHz (git-fixes) - ARM: dts: Configure missing thermal interrupt for 4430 (git-fixes) - ARM: dts: dra76x: Fix mmc3 max-frequency (git-fixes) - ARM: dts: dra76x: m_can: fix order of clocks (git-fixes) - ARM: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source (git-fixes) - ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas (git-fixes) - ARM: dts: exynos: correct MUIC interrupt trigger level on Midas (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Artik 5 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Midas (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Monk (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Snow (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Spring (git-fixes) - ARM: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensor's bus (git-fixes) - ARM: dts: exynos: fix PWM LED max brightness on Odroid HC1 (git-fixes) - ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3 (git-fixes) - ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4 (git-fixes) - ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU (git-fixes) - ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid (git-fixes) - ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on (git-fixes) - ARM: dts: Fix dcan driver probe failed on am437x platform (git-fixes) - ARM: dts: Fix duovero smsc interrupt for suspend (git-fixes) - ARM: dts: gemini-rut1xx: remove duplicate ethernet node (git-fixes) - ARM: dts: gose: Fix ports node name for adv7180 (git-fixes) - ARM: dts: gose: Fix ports node name for adv7612 (git-fixes) - ARM: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells (git-fixes) - ARM: dts: imx: Fix USB host power regulator polarity on M53Menlo (git-fixes) - ARM: dts: imx: Swap M53Menlo pinctrl_power_button/pinctrl_power_out (git-fixes) - ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries (git-fixes) - ARM: dts: imx50-evk: Fix the chip select 1 IOMUX (git-fixes) - ARM: dts: imx6: pbab01: Set vmmc supply for both SD interfaces (git-fixes) - ARM: dts: imx6: phycore-som: fix arm and soc minimum voltage (git-fixes) - ARM: dts: imx6: phycore-som: fix emmc supply (git-fixes) - ARM: dts: imx6: Use gpc for FEC interrupt controller to fix wake on LAN (git-fixes) - ARM: dts: imx6dl-colibri-eval-v3: fix sram compatible properties (git-fixes). - ARM: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch (git-fixes) - ARM: dts: imx6dl-yapp4: Fix Ursa board Ethernet connection (git-fixes) - ARM: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery (git-fixes) - ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators (git-fixes) - ARM: dts: imx6q-dhcom: Fix ethernet plugin detection problems (git-fixes) - ARM: dts: imx6q-dhcom: Fix ethernet reset time properties (git-fixes) - ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming (git-fixes) - ARM: dts: imx6qdl-gw551x: Do not use 'simple-audio-card,dai-link' (git-fixes) - ARM: dts: imx6qdl-gw551x: fix audio SSI (git-fixes) - ARM: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect (git-fixes) - ARM: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status (git-fixes) - ARM: dts: imx6qdl-kontron-samx6i: fix I2C_PM scl pin (git-fixes) - ARM: dts: imx6qdl-sr-som: Increase the PHY reset duration to 10ms (git-fixes) - ARM: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy (git-fixes) - ARM: dts: imx6sl: fix rng node (git-fixes) - ARM: dts: imx6sx-sabreauto: Fix the phy-mode on fec2 (git-fixes) - ARM: dts: imx6sx-sdb: Fix the phy-mode on fec2 (git-fixes) - ARM: dts: imx6sx: Add missing UART RTS/CTS pins mux (git-fixes) - ARM: dts: imx6sx: fix the pad QSPI1B_SCLK mux mode for uart3 (git-fixes) - ARM: dts: imx6sx: Improve UART pins macro defines (git-fixes) - ARM: dts: imx7-colibri: Fix frequency for sd/mmc (git-fixes) - ARM: dts: imx7-colibri: fix muxing of usbc_det pin (git-fixes) - ARM: dts: imx7-colibri: prepare module device tree for FlexCAN (git-fixes) - ARM: dts: imx7d-meerkat96: Fix the 'tuning-step' property (git-fixes) - ARM: dts: imx7d-pico: Fix the 'tuning-step' property (git-fixes) - ARM: dts: imx7d: Correct speed grading fuse settings (git-fixes) - ARM: dts: imx7d: fix opp-supported-hw (git-fixes) - ARM: dts: imx7ulp: Correct gpio ranges (git-fixes) - ARM: dts: logicpd-som-lv-baseboard: Fix broken audio (git-fixes) - ARM: dts: logicpd-som-lv-baseboard: Fix missing video (git-fixes) - ARM: dts: logicpd-torpedo-baseboard: Fix broken audio (git-fixes) - ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL (git-fixes) - ARM: dts: ls1021a: fix QuadSPI-memory reg range (git-fixes) - ARM: dts: ls1021a: Restore MDIO compatible to gianfar (git-fixes) - ARM: dts: meson: fix PHY deassert timing requirements (git-fixes) - ARM: dts: meson8: remove two invalid interrupt lines from the GPU (git-fixes) - ARM: dts: meson8: Use a higher default GPU clock frequency (git-fixes) - ARM: dts: meson8b: ec100: Fix the pwm regulator supply properties (git-fixes) - ARM: dts: meson8b: mxq: Fix the pwm regulator supply properties (git-fixes) - ARM: dts: meson8b: odroidc1: Fix the pwm regulator supply properties (git-fixes) - ARM: dts: mt7623: add missing pause for switchport (git-fixes) - ARM: dts: N900: fix onenand timings (git-fixes). - ARM: dts: NSP: Correct FA2 mailbox node (git-fixes) - ARM: dts: NSP: Disable PL330 by default, add dma-coherent property (git-fixes) - ARM: dts: NSP: Fixed QSPI compatible string (git-fixes) - ARM: dts: omap3-gta04a4: accelerometer irq fix (git-fixes) - ARM: dts: omap3430-sdp: Fix NAND device node (git-fixes) - ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers (git-fixes) - ARM: dts: oxnas: Fix clear-mask property (git-fixes) - ARM: dts: pandaboard: fix pinmux for gpio user button of Pandaboard (git-fixes) - ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference (git-fixes) - ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY (git-fixes) - ARM: dts: r7s9210: Remove bogus clock-names from OSTM nodes (git-fixes) - ARM: dts: r8a73a4: Add missing CMT1 interrupts (git-fixes) - ARM: dts: r8a7740: Add missing extal2 to CPG node (git-fixes) - ARM: dts: r8a7779, marzen: Fix DU clock names (git-fixes) - ARM: dts: Remove non-existent i2c1 from 98dx3236 (git-fixes) - ARM: dts: renesas: Fix IOMMU device node names (git-fixes) - ARM: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries (git-fixes) - ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema (git-fixes) - ARM: dts: socfpga: fix register entry for timer3 on Arria10 (git-fixes) - ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32f429 (git-fixes) - ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32h743 (git-fixes) - ARM: dts: sun6i: a31-hummingbird: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sun7i: a20: bananapro: Fix ethernet phy-mode (git-fixes) - ARM: dts: sun7i: bananapi-m1-plus: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sun7i: bananapi: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sun7i: cubietruck: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sun7i: pcduino3-nano: enable RGMII RX/TX delay on PHY (git-fixes) - ARM: dts: sun8i-a83t-tbs-a711: Fix USB OTG mode detection (git-fixes) - ARM: dts: sun8i-h2-plus-bananapi-m2-zero: Fix led polarity (git-fixes) - ARM: dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sun8i: r40: bananapi-m2-berry: Fix dcdc1 regulator (git-fixes) - ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator (git-fixes) - ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node (git-fixes) - ARM: dts: sun8i: r40: Move AHCI device node based on address order (git-fixes) - ARM: dts: sun8i: v3s: fix GIC node memory range (git-fixes) - ARM: dts: sun8i: v40: bananapi-m2-berry: Fix ethernet node (git-fixes) - ARM: dts: sun9i: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sunxi: bananapi-m2-plus-v1.2: Fix CPU supply voltages (git-fixes) - ARM: dts: sunxi: bananapi-m2-plus: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sunxi: Fix DE2 clocks register range (git-fixes) - ARM: dts: turris-omnia: add comphy handle to eth2 (git-fixes) - ARM: dts: turris-omnia: add SFP node (git-fixes) - ARM: dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin (git-fixes) - ARM: dts: turris-omnia: describe switch interrupt (git-fixes) - ARM: dts: turris-omnia: enable HW buffer management (git-fixes) - ARM: dts: turris-omnia: fix hardware buffer management (git-fixes) - ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins (git-fixes) - ARM: dts: uniphier: Set SCSSI clock and reset IDs for each channel (git-fixes). - ARM: dts: vf610-zii-dev-rev-b: Remove #address-cells and #size-cells (git-fixes) - ARM: dts: vfxxx: Add syscon compatible with OCOTP (git-fixes) - ARM: exynos: add missing of_node_put for loop iteration (git-fixes) - ARM: exynos: MCPM: Restore big.LITTLE cpuidle support (git-fixes) - ARM: footbridge: fix PCI interrupt mapping (git-fixes) - ARM: imx: add missing clk_disable_unprepare() (git-fixes) - ARM: imx: add missing iounmap() (git-fixes) - ARM: imx: build suspend-imx6.S with arm instruction set (git-fixes) - ARM: imx: fix missing 3rd argument in macro imx_mmdc_perf_init (git-fixes) - ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram() (git-fixes) - ARM: imx6: disable the GIC CPU interface before calling stby-poweroff (git-fixes) - ARM: mvebu: drop pointless check for coherency_base (git-fixes) - ARM: OMAP2+: Fix legacy mode dss_reset (git-fixes) - ARM: OMAP2+: omap_device: fix idling of devices during probe (git-fixes) - ARM: OMAP2+: pm33xx-core: Make am43xx_get_rtc_base_addr static (git-fixes) - ARM: p2v: fix handling of LPAE translation in BE mode (git-fixes) - ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (git-fixes) - ARM: s3c24xx: fix missing system reset (git-fixes) - ARM: s3c24xx: fix mmc gpio lookup tables (git-fixes) - ARM: samsung: do not build plat/pm-common for Exynos (git-fixes) - ARM: samsung: fix PM debug build with DEBUG_LL but !MMU (git-fixes) - ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh() (git-fixes) - ASoC: DAPM: Cover regression by kctl change notification fix (git-fixes). - ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect (git-fixes). - ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer (git-fixes). - ASoC: SOF: Intel: hda-dai: fix potential locking issue (git-fixes). - ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (git-fixes). - ath10k: fix invalid dma_addr_t token assignment (git-fixes). - ath10k: high latency fixes for beacon buffer (git-fixes). - Bbluetooth: btusb: Add another Bluetooth part for Realtek 8852AE (bsc#1193655). - bfq: Limit number of requests consumed by each cgroup (bsc#1184318). - bfq: Store full bitmap depth in bfq_data (bsc#1184318). - bfq: Track number of allocated requests in bfq_entity (bsc#1184318). - block: Fix use-after-free issue accessing struct io_cq (bsc#1193042). - block: Provide blk_mq_sched_get_icq() (bsc#1184318). - Bluetooth: Add additional Bluetooth part for Realtek 8852AE (bsc#1193655). - Bluetooth: btrtl: Refine the ic_id_table for clearer and more regular (bsc#1193655). - Bluetooth: btusb: Add the more support IDs for Realtek RTL8822CE (bsc#1193655). - Bluetooth: btusb: Add the new support ID for Realtek RTL8852A (bsc#1193655). - Bluetooth: btusb: btrtl: Add support for RTL8852A (bsc#1193655). - Bluetooth: fix use-after-free error in lock_sock_nested() (git-fixes). - bnxt_en: reject indirect blk offload when hw-tc-offload is off (jsc#SLE-8372 bsc#1153275). - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (git-fixes). - bpf, arm: Fix register clobbering in div/mod implementation (git-fixes) - bpf, s390: Fix potential memory leak about jit_data (git-fixes). - bpf, x86: Fix "no previous prototype" warning (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet (git-fixes). - btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums (bsc#1193002). - btrfs: fix fsync failure and transaction abort after writes to prealloc extents (bsc#1193002). - btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction (bsc#1192998). - btrfs: fix race causing unnecessary inode logging during link and rename (bsc#1192998). - btrfs: make checksum item extension more efficient (bsc#1193002). - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (git-fixes). - cifs use true,false for bool variable (bsc#1164565). - cifs_atomic_open(): fix double-put on late allocation failure (bsc#1192606). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1192606). - cifs: add a debug macro that prints \\server\share for errors (bsc#1164565). - cifs: add a function to get a cached dir based on its dentry (bsc#1192606). - cifs: add a helper to find an existing readable handle to a file (bsc#1154355). - cifs: add a timestamp to track when the lease of the cached dir was taken (bsc#1192606). - cifs: add an smb3_fs_context to cifs_sb (bsc#1192606). - cifs: add FALLOC_FL_INSERT_RANGE support (bsc#1192606). - cifs: add files to host new mount api (bsc#1192606). - cifs: add fs_context param to parsing helpers (bsc#1192606). - cifs: Add get_security_type_str function to return sec type (bsc#1192606). - cifs: add initial reconfigure support (bsc#1192606). - cifs: add missing mount option to /proc/mounts (bsc#1164565). - cifs: add missing parsing of backupuid (bsc#1192606). - cifs: Add missing sentinel to smb3_fs_parameters (bsc#1192606). - cifs: add mount parameter tcpnodelay (bsc#1192606). - cifs: add multichannel mount options and data structs (bsc#1192606). - cifs: add new debugging macro cifs_server_dbg (bsc#1164565). - cifs: Add new mount parameter "acdirmax" to allow caching directory metadata (bsc#1192606). - cifs: Add new parameter "acregmax" for distinct file and directory metadata timeout (bsc#1192606). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: add passthrough for smb2 setinfo (bsc#1164565). - cifs: add server param (bsc#1192606). - cifs: add shutdown support (bsc#1192606). - cifs: add smb2 POSIX info level (bsc#1164565). - cifs: add SMB2_open() arg to return POSIX data (bsc#1164565). - cifs: add SMB3 change notification support (bsc#1164565). - cifs: add support for FALLOC_FL_COLLAPSE_RANGE (bsc#1192606). - cifs: add support for fallocate mode 0 for non-sparse files (bsc#1164565). - cifs: add support for flock (bsc#1164565). - cifs: Add support for setting owner info, dos attributes, and create time (bsc#1164565). - cifs: Add tracepoints for errors on flush or fsync (bsc#1164565). - cifs: Add witness information to debug data dump (bsc#1192606). - cifs: add witness mount option and data structs (bsc#1192606). - cifs: added WARN_ON for all the count decrements (bsc#1192606). - cifs: Adjust indentation in smb2_open_file (bsc#1164565). - cifs: Adjust key sizes and key generation routines for AES256 encryption (bsc#1192606). - cifs: allocate buffer in the caller of build_path_from_dentry() (bsc#1192606). - cifs: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1192606). - cifs: Allocate encryption header through kmalloc (bsc#1192606). - cifs: allow chmod to set mode bits using special sid (bsc#1164565). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: allow unlock flock and OFD lock across fork (bsc#1192606). - cifs: Always update signing key of first channel (bsc#1192606). - cifs: ask for more credit on async read/write code paths (bsc#1192606). - cifs: Assign boolean values to a bool variable (bsc#1192606). - cifs: Avoid doing network I/O while holding cache lock (bsc#1164565). - cifs: Avoid error pointer dereference (bsc#1192606). - cifs: avoid extra calls in posix_info_parse (bsc#1192606). - cifs: Avoid field over-reading memcpy() (bsc#1192606). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: avoid using MID 0xFFFF (bnc#1151927 5.3.8). - cifs: call wake_up(server->response_q) inside of cifs_reconnect() (bsc#1164565). - cifs: change confusing field serverName (to ip_addr) (bsc#1192606). - cifs: change format of CIFS_FULL_KEY_DUMP ioctl (bsc#1192606). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: Change SIDs in ACEs while transferring file ownership (bsc#1192606). - cifs: check all path components in resolved dfs target (bsc#1181710). - cifs: check new file size when extending file by fallocate (bsc#1192606). - cifs: check pointer before freeing (bsc#1183534). - cifs: check the timestamp for the cached dirent when deciding on revalidate (bsc#1192606). - cifs: cifs_md4 convert to SPDX identifier (bsc#1192606). - cifs: cifspdu.h: Replace one-element array with flexible-array member (bsc#1192606). - cifs: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1192606). - cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1164565). - cifs: clarify comment about timestamp granularity for old servers (bsc#1192606). - cifs: clarify hostname vs ip address in /proc/fs/cifs/DebugData (bsc#1192606). - cifs: Clarify SMB1 code for delete (bsc#1192606). - cifs: Clarify SMB1 code for POSIX Create (bsc#1192606). - cifs: Clarify SMB1 code for POSIX delete file (bsc#1192606). - cifs: Clarify SMB1 code for POSIX Lock (bsc#1192606). - cifs: Clarify SMB1 code for rename open file (bsc#1192606). - cifs: Clarify SMB1 code for SetFileSize (bsc#1192606). - cifs: clarify SMB1 code for UnixCreateHardLink (bsc#1192606). - cifs: Clarify SMB1 code for UnixCreateSymLink (bsc#1192606). - cifs: Clarify SMB1 code for UnixSetPathInfo (bsc#1192606). - cifs: Clean up DFS referral cache (bsc#1164565). - cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (bsc#1192606). - cifs: cleanup misc.c (bsc#1192606). - cifs: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1192606). - cifs: Close cached root handle only if it had a lease (bsc#1164565). - cifs: Close open handle after interrupted close (bsc#1164565). - cifs: close the shared root handle on tree disconnect (bsc#1164565). - cifs: compute full_path already in cifs_readdir() (bsc#1192606). - cifs: connect individual channel servers to primary channel server (bsc#1192606). - cifs: connect: style: Simplify bool comparison (bsc#1192606). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: constify path argument of ->make_node() (bsc#1192606). - cifs: constify pathname arguments in a bunch of helpers (bsc#1192606). - cifs: Constify static struct genl_ops (bsc#1192606). - cifs: convert list_for_each to entry variant (bsc#1192606, jsc#SLE-20042). - cifs: convert list_for_each to entry variant in cifs_debug.c (bsc#1192606). - cifs: convert list_for_each to entry variant in smb2misc.c (bsc#1192606). - cifs: convert revalidate of directories to using directory metadata cache timeout (bsc#1192606). - cifs: convert to use be32_add_cpu() (bsc#1192606). - cifs: Convert to use the fallthrough macro (bsc#1192606). - cifs: correct comments explaining internal semaphore usage in the module (bsc#1192606). - cifs: correct four aliased mount parms to allow use of previous names (bsc#1192606). - cifs: create a helper function to parse the query-directory response buffer (bsc#1164565). - cifs: create a helper to find a writeable handle by path name (bsc#1154355). - cifs: create a MD4 module and switch cifs.ko to use it (bsc#1192606). - cifs: Create a new shared file holding smb2 pdu definitions (bsc#1192606). - cifs: create sd context must be a multiple of 8 (bsc#1192606). - cifs: Deal with some warnings from W=1 (bsc#1192606). - cifs: Delete a stray unlock in cifs_swn_reconnect() (bsc#1192606). - cifs: delete duplicated words in header files (bsc#1192606). - cifs: detect dead connections only when echoes are enabled (bsc#1192606). - cifs: Display local UID details for SMB sessions in DebugData (bsc#1192606). - cifs: do d_move in rename (bsc#1164565). - cifs: do not allow changing posix_paths during remount (bsc#1192606). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not create a temp nls in cifs_setup_ipc (bsc#1192606). - cifs: do not disable noperm if multiuser mount option is not provided (bsc#1192606). - cifs: Do not display RDMA transport on reconnect (bsc#1164565). - cifs: do not duplicate fscache cookie for secondary channels (bsc#1192606). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: do not ignore the SYNC flags in getattr (bsc#1164565). - cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1164565). - cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (bsc#1192606). - cifs: Do not miss cancelled OPEN responses (bsc#1164565). - cifs: do not negotiate session if session already exists (bsc#1192606). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcons with DFS (bsc#1178270). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1164565). - cifs: Do not use iov_iter::type directly (bsc#1192606). - cifs: Do not use the original cruid when following DFS links for multiuser mounts (bsc#1192606). - cifs: document and cleanup dfs mount (bsc#1178270). - cifs: dump channel info in DebugData (bsc#1192606). - cifs: dump Security Type info in DebugData (bsc#1192606). - cifs: dump the session id and keys also for SMB2 sessions (bsc#1192606). - cifs: enable change notification for SMB2.1 dialect (bsc#1164565). - cifs: enable extended stats by default (bsc#1192606). - cifs: Enable sticky bit with cifsacl mount option (bsc#1192606). - cifs: ensure correct super block for DFS reconnect (bsc#1178270). - cifs: escape spaces in share names (bsc#1192606). - cifs: export supported mount options via new mount_params /proc file (bsc#1192606). - cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1164565). - cifs: fiemap: do not return EINVAL if get nothing (bsc#1192606). - cifs: fix a comment for the timeouts when sending echos (bsc#1164565). - cifs: fix a memleak with modefromsid (bsc#1192606). - cifs: fix a sign extension bug (bsc#1192606). - cifs: fix a white space issue in cifs_get_inode_info() (bsc#1164565). - cifs: fix allocation size on newly created files (bsc#1192606). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270). - cifs: Fix atime update check vs mtime (bsc#1164565). - cifs: Fix bug which the return value by asynchronous read is error (bsc#1192606). - cifs: Fix cached_fid refcnt leak in open_shroot (bsc#1192606). - cifs: fix channel signing (bsc#1192606). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: Fix chmod with modefromsid when an older ACE already exists (bsc#1192606). - cifs: fix chown and chgrp when idsfromsid mount option enabled (bsc#1192606). - cifs: Fix cifsacl ACE mask for group and others (bsc#1192606). - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bnc#1151927 5.3.10). - cifs: fix credit accounting for extra channel (bsc#1192606). - cifs: fix dereference on ses before it is null checked (bsc#1164565). - cifs: fix dfs domain referrals (bsc#1192606). - cifs: fix DFS failover (bsc#1192606). - cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270). - cifs: fix dfs-links (bsc#1192606). - cifs: fix doc warnings in cifs_dfs_ref.c (bsc#1192606). - cifs: Fix double add page to memcg when cifs_readpages (bsc#1192606). - cifs: fix double free error on share and prefix (bsc#1178270). - cifs: Fix fall-through warnings for Clang (bsc#1192606). - cifs: fix fallocate when trying to allocate a hole (bsc#1192606). - cifs: fix gcc warning in sid_to_id (bsc#1192606). - cifs: fix handling of escaped ',' in the password mount argument (bsc#1192606). - cifs: Fix in error types returned for out-of-credit situations (bsc#1192606). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: Fix inconsistent indenting (bsc#1192606). - cifs: Fix inconsistent IS_ERR and PTR_ERR (bsc#1192606). - cifs: fix incorrect check for null pointer in header_assemble (bsc#1192606). - cifs: fix incorrect kernel doc comments (bsc#1192606). - cifs: fix interrupted close commands (git-fixes). - cifs: fix ipv6 formating in cifs_ses_add_channel (bsc#1192606). - cifs: fix leak in cifs_smb3_do_mount() ctx (bsc#1192606). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs: fix leaked reference on requeued write (bsc#1178270). - cifs: Fix lookup of root ses in DFS referral cache (bsc#1164565). - cifs: Fix lookup of SMB connections on multichannel (bsc#1192606). - cifs: fix max ea value size (bnc#1151927 5.3.4). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1164565). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1192606). - cifs: fix minor typos in comments and log messages (bsc#1192606). - cifs: Fix missed free operations (bnc#1151927 5.3.8). - cifs: fix missing null session check in mount (bsc#1192606). - cifs: fix missing spinlock around update to ses->status (bsc#1192606). - cifs: fix misspellings using codespell tool (bsc#1192606). - cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1164565). - cifs: Fix mode output in debugging statements (bsc#1164565). - cifs: fix mount option display for sec=krb5i (bsc#1161907). - cifs: Fix mount options set in automount (bsc#1164565). - cifs: fix mounts to subdirectories of target (bsc#1192606). - cifs: fix nodfs mount option (bsc#1181710). - cifs: fix NULL dereference in match_prepath (bsc#1164565). - cifs: fix NULL dereference in smb2_check_message() (bsc#1192606). - cifs: Fix null pointer check in cifs_read (bsc#1192606). - cifs: Fix NULL pointer dereference in mid callback (bsc#1164565). - cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bnc#1151927 5.3.16). - cifs: Fix oplock handling for SMB 2.1+ protocols (bnc#1151927 5.3.4). - cifs: fix out-of-bound memory access when calling smb3_notify() at mount point (bsc#1192606). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: fix possible uninitialized access and race on iface_list (bsc#1192606). - cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1164565). - cifs: fix potential mismatch of UNC paths (bsc#1164565). - cifs: Fix potential softlockups while refreshing DFS cache (bsc#1164565). - cifs: fix potential use-after-free bugs (bsc#1192606, jsc#SLE-20042). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cifs: Fix preauth hash corruption (git-fixes). - cifs: fix print of hdr_flags in dfscache_proc_show() (bsc#1192606, jsc#SLE-20042). - cifs: fix reference leak for tlink (bsc#1192606). - cifs: fix regression when mounting shares with prefix paths (bsc#1192606). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1164565). - cifs: Fix resource leak (bsc#1192606). - cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1164565). - cifs: Fix retry mid list corruption on reconnects (bnc#1151927 5.3.10). - cifs: Fix return value in __update_cache_entry (bsc#1164565). - cifs: fix rsize/wsize to be negotiated values (bsc#1192606). - cifs: fix SMB1 error path in cifs_get_file_info_unix (bsc#1192606). - cifs: Fix SMB2 oplock break processing (bsc#1154355 bnc#1151927 5.3.16). - cifs: fix soft mounts hanging in the reconnect code (bsc#1164565). - cifs: fix soft mounts hanging in the reconnect code (bsc#1164565). - cifs: Fix some error pointers handling detected by static checker (bsc#1192606). - cifs: Fix spelling of 'security' (bsc#1192606). - cifs: fix string declarations and assignments in tracepoints (bsc#1192606). - cifs: Fix support for remount when not changing rsize/wsize (bsc#1192606). - cifs: Fix task struct use-after-free on reconnect (bsc#1164565). - cifs: fix the out of range assignment to bit fields in parse_server_interfaces (bsc#1192606). - cifs: Fix the target file was deleted when rename failed (bsc#1192606). - cifs: fix trivial typo (bsc#1192606). - cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270). - cifs: fix uninitialized variable in smb3_fs_context_parse_param (bsc#1192606). - cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1164565). - cifs: Fix unix perm bits to cifsacl conversion for "other" bits (bsc#1192606). - cifs: fix unneeded null check (bsc#1192606). - cifs: fix use after free in cifs_smb3_do_mount() (bsc#1192606). - cifs: Fix use after free of file info structures (bnc#1151927 5.3.8). - cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1164565). - cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1192606). - cifs: for compound requests, use open handle if possible (bsc#1192606). - cifs: Force reval dentry if LOOKUP_REVAL flag is set (bnc#1151927 5.3.7). - cifs: Force revalidate inode when dentry is stale (bnc#1151927 5.3.7). - cifs: fork arc4 and create a separate module for it for cifs and other users (bsc#1192606). - cifs: get mode bits from special sid on stat (bsc#1164565). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: get rid of cifs_sb->mountdata (bsc#1192606). - cifs: Get rid of kstrdup_const()'d paths (bsc#1164565). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270). - cifs: Grab a reference for the dentry of the cached directory during the lifetime of the cache (bsc#1192606). - cifs: Gracefully handle QueryInfo errors during open (bnc#1151927 5.3.7). - cifs: handle -EINTR in cifs_setattr (bsc#1192606). - cifs: handle "guest" mount parameter (bsc#1192606). - cifs: handle "nolease" option for vers=1.0 (bsc#1192606). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270). - cifs: handle hostnames that resolve to same ip in failover (bsc#1178270). - cifs: handle prefix paths in reconnect (bsc#1164565). - cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1192606). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270). - cifs: Handle witness client move notification (bsc#1192606). - cifs: have ->mkdir() handle race with another client sanely (bsc#1192606). - cifs: have cifs_fattr_to_inode() refuse to change type on live inode (bsc#1192606). - cifs: Identify a connection by a conn_id (bsc#1192606). - cifs: If a corrupted DACL is returned by the server, bail out (bsc#1192606). - cifs: ignore auto and noauto options if given (bsc#1192606). - cifs: ignore cached share root handle closing errors (bsc#1166780). - cifs: improve fallocate emulation (bsc#1192606). - cifs: improve read performance for page size 64KB cache=strict vers=2.1+ (bsc#1192606). - cifs: In the new mount api we get the full devname as source= (bsc#1192606). - cifs: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1192606). - cifs: Initialize filesystem timestamp ranges (bsc#1164565). - cifs: introduce cifs_ses_mark_for_reconnect() helper (bsc#1192606). - cifs: introduce helper for finding referral server (bsc#1181710). - cifs: Introduce helpers for finding TCP connection (bsc#1164565). - cifs: introduce new helper for cifs_reconnect() (bsc#1192606, jsc#SLE-20042). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: log mount errors using cifs_errorf() (bsc#1192606). - cifs: log warning message (once) if out of disk space (bsc#1164565). - cifs: make build_path_from_dentry() return const char * (bsc#1192606). - cifs: make const array static, makes object smaller (bsc#1192606). - cifs: Make extract_hostname function public (bsc#1192606). - cifs: Make extract_sharename function public (bsc#1192606). - cifs: make fs_context error logging wrapper (bsc#1192606). - cifs: make locking consistent around the server session status (bsc#1192606). - cifs: make multichannel warning more visible (bsc#1192606). - cifs: Make SMB2_notify_init static (bsc#1164565). - cifs: make sure we do not overflow the max EA buffer size (bsc#1164565). - cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1164565). - cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES (bsc#1192606). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270). - cifs: Merge is_path_valid() into get_normalized_path() (bsc#1164565). - cifs: minor fix to two debug messages (bsc#1192606). - cifs: minor kernel style fixes for comments (bsc#1192606). - cifs: minor simplification to smb2_is_network_name_deleted (bsc#1192606). - cifs: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1192606). - cifs: minor updates to Kconfig (bsc#1192606). - cifs: misc: Use array_size() in if-statement controlling expression (bsc#1192606). - cifs: missed ref-counting smb session in find (bsc#1192606). - cifs: missing null check for newinode pointer (bsc#1192606). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: modefromsid: make room for 4 ACE (bsc#1164565). - cifs: modefromsid: write mode ACE first (bsc#1164565). - cifs: move [brw]size from cifs_sb to cifs_sb->ctx (bsc#1192606). - cifs: move cache mount options to fs_context.ch (bsc#1192606). - cifs: move cifs_cleanup_volume_info[_content] to fs_context.c (bsc#1192606). - cifs: move cifs_parse_devname to fs_context.c (bsc#1192606). - cifs: move cifsFileInfo_put logic into a work-queue (bsc#1154355). - cifs: move debug print out of spinlock (bsc#1192606). - cifs: Move more definitions into the shared area (bsc#1192606). - cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (bsc#1192606). - cifs: move security mount options into fs_context.ch (bsc#1192606). - cifs: move SMB FSCTL definitions to common code (bsc#1192606). - cifs: move smb version mount options into fs_context.c (bsc#1192606). - cifs: Move SMB2_Create definitions to the shared area (bsc#1192606). - cifs: move some variables off the stack in smb2_ioctl_query_info (bsc#1192606). - cifs: move the check for nohandlecache into open_shroot (bsc#1192606). - cifs: move the enum for cifs parameters into fs_context.h (bsc#1192606). - cifs: move update of flags into a separate function (bsc#1192606). - cifs: multichannel: always zero struct cifs_io_parms (bsc#1192606). - cifs: multichannel: move channel selection above transport layer (bsc#1192606). - cifs: multichannel: move channel selection in function (bsc#1192606). - cifs: multichannel: try to rebind when reconnecting a channel (bsc#1192606). - cifs: multichannel: use pointer for binding channel (bsc#1192606). - cifs: mute -Wunused-const-variable message (bnc#1151927 5.3.9). - cifs: New optype for session operations (bsc#1181507). - cifs: nosharesock should be set on new server (bsc#1192606). - cifs: nosharesock should not share socket with future sessions (bsc#1192606). - cifs: On cifs_reconnect, resolve the hostname again (bsc#1192606). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270). - cifs: only write 64kb at a time when fallocating a small region of a file (bsc#1192606). - cifs: Optimize readdir on reparse points (bsc#1164565). - cifs: pass a path to open_shroot and check if it is the root or not (bsc#1192606). - cifs: pass the dentry instead of the inode down to the revalidation check functions (bsc#1192606). - cifs: plumb smb2 POSIX dir enumeration (bsc#1164565). - cifs: populate server_hostname for extra channels (bsc#1192606). - cifs: potential unintitliazed error code in cifs_getattr() (bsc#1164565). - cifs: prepare SMB2_Flush to be usable in compounds (bsc#1154355). - cifs: prepare SMB2_query_directory to be used with compounding (bsc#1164565). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: prevent truncation from long to int in wait_for_free_credits (bsc#1192606). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: Print the address and port we are connecting to in generic_ip_connect() (bsc#1192606). - cifs: print warning mounting with vers=1.0 (bsc#1164565). - cifs: properly invalidate cached root handle when closing it (bsc#1192606). - cifs: Properly process SMB3 lease breaks (bsc#1164565). - cifs: protect session channel fields with chan_lock (bsc#1192606). - cifs: protect srv_count with cifs_tcp_ses_lock (bsc#1192606). - cifs: protect updating server->dstaddr with a spinlock (bsc#1192606). - cifs: Re-indent cifs_swn_reconnect() (bsc#1192606). - cifs: reduce number of referral requests in DFS link lookups (bsc#1178270). - cifs: reduce stack use in smb2_compound_op (bsc#1192606). - cifs: refactor cifs_get_inode_info() (bsc#1164565). - cifs: refactor create_sd_buf() and and avoid corrupting the buffer (bsc#1192606). - cifs: Reformat DebugData and index connections by conn_id (bsc#1192606). - cifs: Register generic netlink family (bsc#1192606). Update configs with CONFIG_SWN_UPCALL unset. - cifs: release lock earlier in dequeue_mid error case (bsc#1192606). - cifs: remove [gu]id/backup[gu]id/file_mode/dir_mode from cifs_sb (bsc#1192606). - cifs: remove actimeo from cifs_sb (bsc#1192606). - cifs: remove bogus debug code (bsc#1179427). - cifs: remove ctx argument from cifs_setup_cifs_sb (bsc#1192606). - cifs: remove duplicated prototype (bsc#1192606). - cifs: remove old dead code (bsc#1192606). - cifs: remove pathname for file from SPDX header (bsc#1192606). - cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1164565). - cifs: remove redundant assignment to variable rc (bsc#1164565). - cifs: remove redundant initialization of variable rc (bsc#1192606). - cifs: remove redundant initialization of variable rc (bsc#1192606). - cifs: Remove repeated struct declaration (bsc#1192606). - cifs: Remove set but not used variable 'capabilities' (bsc#1164565). - cifs: remove set but not used variable 'server' (bsc#1164565). - cifs: remove set but not used variables 'cinode' and 'netfid' (bsc#1164565). - cifs: remove set but not used variables (bsc#1164565). - cifs: remove some minor warnings pointed out by kernel test robot (bsc#1192606). - cifs: remove the devname argument to cifs_compose_mount_options (bsc#1192606). - cifs: remove the retry in cifs_poxis_lock_set (bsc#1192606). - cifs: Remove the superfluous break (bsc#1192606). - cifs: remove two cases where rc is set unnecessarily in sid_to_id (bsc#1192606). - cifs: remove unnecessary copies of tcon->crfid.fid (bsc#1192606). - cifs: Remove unnecessary struct declaration (bsc#1192606). - cifs: remove unneeded variable in smb3_fs_context_dup (bsc#1192606). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: remove unused variable 'server' (bsc#1192606). - cifs: remove unused variable 'sid_user' (bsc#1164565). - cifs: remove unused variable (bsc#1164565). - cifs: Remove useless variable (bsc#1192606). - cifs: remove various function description warnings (bsc#1192606). - cifs: rename a variable in SendReceive() (bsc#1164565). - cifs: rename cifs_common to smbfs_common (bsc#1192606). - cifs: rename dup_vol to smb3_fs_context_dup and move it into fs_context.c (bsc#1192606). - cifs: rename posix create rsp (bsc#1164565). - cifs: rename reconn_inval_dfs_target() (bsc#1178270). - cifs: rename smb_vol as smb3_fs_context and move it to fs_context.h (bsc#1192606). - cifs: rename the *_shroot* functions to *_cached_dir* (bsc#1192606). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1164565). - cifs: Retain old ACEs when converting between mode bits and ACL (bsc#1192606). - cifs: retry lookup and readdir when EAGAIN is returned (bsc#1192606). - cifs: return cached_fid from open_shroot (bsc#1192606). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1164565). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - cifs: returning mount parm processing errors correctly (bsc#1192606). - cifs: revalidate mapping when we open files for SMB1 POSIX (bsc#1192606). - cifs: Send witness register and unregister commands to userspace daemon (bsc#1192606). - cifs: Send witness register messages to userspace daemon in echo task (bsc#1192606). - cifs: send workstation name during ntlmssp session setup (bsc#1192606). - cifs: set a minimum of 120s for next dns resolution (bsc#1192606). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath (bsc#1192606). - cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1164565). - cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (bsc#1192606). - cifs: set up next DFS target before generic_ip_connect() (bsc#1178270). - cifs: Set witness notification handler for messages from userspace daemon (bsc#1192606). - cifs: Silently ignore unknown oplock break handle (bsc#1192606). - cifs: Simplify bool comparison (bsc#1192606). - cifs: simplify handling of cifs_sb/ctx->local_nls (bsc#1192606). - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1192606). - cifs: simplify SWN code with dummy funcs instead of ifdefs (bsc#1192606). - cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails (bsc#1192606). - cifs: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1192606). - cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1164565). - cifs: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1192606). - cifs: smbd: Check and extend sender credits in interrupt context (bsc#1192606). - cifs: smbd: Check send queue size before posting a send (bsc#1192606). - cifs: smbd: Do not schedule work to send immediate packet on every receive (bsc#1192606). - cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1164565). - cifs: smbd: Merge code to track pending packets (bsc#1192606). - cifs: smbd: Only queue work for error recovery on memory registration (bsc#1164565). - cifs: smbd: Properly process errors on ib_post_send (bsc#1192606). - cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1164565). - cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1164565). - cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1164565). - cifs: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1192606). - cifs: sort interface list by speed (bsc#1192606). - cifs: Spelling s/EACCESS/EACCES/ (bsc#1192606). - cifs: split out dfs code from cifs_reconnect() (bsc#1192606, jsc#SLE-20042). - cifs: Standardize logging output (bsc#1192606). - cifs: store a pointer to the root dentry in cifs_sb_info once we have completed mounting the share (bsc#1192606). - cifs: style: replace one-element array with flexible-array (bsc#1192606). - cifs: support nested dfs links over reconnect (bsc#1192606, jsc#SLE-20042). - cifs: support share failover when remounting (bsc#1192606, jsc#SLE-20042). - cifs: switch build_path_from_dentry() to using dentry_path_raw() (bsc#1192606). - cifs: switch servers depending on binding state (bsc#1192606). - cifs: switch to new mount api (bsc#1192606). - cifs: To match file servers, make sure the server hostname matches (bsc#1192606). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - cifs: try harder to open new channels (bsc#1192606). - cifs: try opening channels after mounting (bsc#1192606). - cifs: uncomplicate printing the iocharset parameter (bsc#1192606). - cifs: Unlock on errors in cifs_swn_reconnect() (bsc#1192606). - cifs: update ctime and mtime during truncate (bsc#1192606). - cifs: update FSCTL definitions (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update mnt_cifs_flags during reconfigure (bsc#1192606). - cifs: update new ACE pointer after populate_new_aces (bsc#1192606). - cifs: update super_operations to show_devname (bsc#1192606). - cifs: Use #define in cifs_dbg (bsc#1164565). - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bnc#1151927 5.3.7). - cifs: Use common error handling code in smb2_ioctl_query_info() (bsc#1164565). - cifs: use compounding for open and first query-dir for readdir() (bsc#1164565). - cifs: use discard iterator to discard unneeded network data more efficiently (bsc#1192606). - cifs: use echo_interval even when connection not ready (bsc#1192606). - cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1154355). - cifs: use helpers when parsing uid/gid mount options and validate them (bsc#1192606). - cifs: Use memdup_user() rather than duplicating its implementation (bsc#1164565). - cifs: use mod_delayed_work() for server->reconnect if already queued (bsc#1164565). - cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1164565). - cifs: use SPDX-Licence-Identifier (bsc#1192606). - cifs: use the expiry output of dns_query to schedule next resolution (bsc#1192606). - cifs: use true,false for bool variable (bsc#1164565). - cifs: warn and fail if trying to use rootfs without the config option (bsc#1192606). - cifs: Warn less noisily on default mount (bsc#1192606). - cifs: we do not allow changing username/password/unc/... during remount (bsc#1192606). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - cifs`: handle ERRBaduid for SMB1 (bsc#1192606). - clk: imx: imx6ul: Move csi_sel mux to correct base register (git-fixes). - clk: ingenic: Fix bugs with divided dividers (git-fixes). - config: refresh BPF configs (jsc#SLE-22574) The SUSE-commit 9a413cc7eb56 ("config: disable unprivileged BPF by default (jsc#SLE-22573)") inherited from SLE15-SP2 puts the BPF config into the wrong place due to SLE15-SP3 additionally backported b24abcff918a ("bpf, kconfig: Add consolidated menu entry for bpf with core options"), and leads to duplicate CONFIG_BPF_UNPRIV_DEFAULT_OFF entires; this commit remove those BPF config. Also, disable unprivileged BPF for armv7hl, which did not inherit the config change from SLE15-SP2. - constraints: Build aarch64 on recent ARMv8.1 builders. Request asimdrdm feature which is available only on recent ARMv8.1 CPUs. This should prevent scheduling the kernel on an older slower builder. - Convert trailing spaces and periods in path components (bsc#1179424). - crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (git-fixes). - crypto: pcrypt - Delay write to padata->info (git-fixes). - crypto: s5p-sss - Add error handling in s5p_aes_probe() (git-fixes). - cxgb4: fix eeprom len when diagnostics not implemented (git-fixes). - dm raid: remove unnecessary discard limits for raid0 and raid10 (bsc#1192320). - dm: fix deadlock when swapping to encrypted device (bsc#1186332). - dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (git-fixes). - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` (git-fixes). - do_cifs_create(): do not set ->i_mode of something we had not created (bsc#1192606). - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 (git-fixes). - drm: panel-orientation-quirks: Add quirk for GPD Win3 (git-fixes). - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 (git-fixes). - drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) (git-fixes). - drm/amd/display: Set plane update flags for all planes in reset (git-fixes). - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (git-fixes). - drm/msm: Do hw_init() before capturing GPU state (git-fixes). - drm/msm/a6xx: Allocate enough space for GMU registers (git-fixes). - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (git-fixes). - drm/nouveau/acr: fix a couple NULL vs IS_ERR() checks (git-fixes). - drm/nouveau/svm: Fix refcount leak bug and missing check against null bug (git-fixes). - drm/panel-orientation-quirks: add Valve Steam Deck (git-fixes). - drm/pl111: Actually fix CONFIG_VEXPRESS_CONFIG depends (git-fixes). - drm/plane-helper: fix uninitialized variable reference (git-fixes). - drm/vc4: fix error code in vc4_create_object() (git-fixes). - drop superfluous empty lines - e1000e: Separate TGP board type from SPT (bsc#1192874). - EDAC/amd64: Handle three rank interleaving mode (bsc#1152489). - elfcore: correct reference to CONFIG_UML (git-fixes). - elfcore: fix building with clang (bsc#1169514). - ethtool: fix ethtool msg len calculation for pause stats (jsc#SLE-15075). - firmware: qcom_scm: Mark string array const (git-fixes). - fuse: release pipe buf after last use (bsc#1193318). - gve: Add netif_set_xps_queue call (bsc#1176940). - gve: Add rx buffer pagecnt bias (bsc#1176940). - gve: Allow pageflips on larger pages (bsc#1176940). - gve: Do lazy cleanup in TX path (git-fixes). - gve: DQO: avoid unused variable warnings (bsc#1176940). - gve: Switch to use napi_complete_done (git-fixes). - gve: Track RX buffer allocation failures (bsc#1176940). - hwmon: (k10temp) Add additional missing Zen2 and Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Add support for yellow carp (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Add support for Zen3 CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Create common functions and macros for Zen CPU families (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Define SVI telemetry and current factors for Zen2 CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Do not show Tdie for all Zen/Zen2/Zen3 CPU/APU (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) make some symbols static (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Remove residues of current and voltage (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Remove support for displaying voltage and current on Zen CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Reorganize and simplify temperature support detection (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Rework the temperature offset calculation (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) support Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Swap Tdie and Tctl on Family 17h CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Update documentation and add temp2_input info (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Update driver documentation (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Zen3 Ryzen Desktop CPUs support (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - i2c: cbus-gpio: set atomic transfer callback (git-fixes). - i2c: stm32f7: flush TX FIFO upon transfer errors (git-fixes). - i2c: stm32f7: recover the bus on access timeout (git-fixes). - i2c: stm32f7: stop dma transfer in case of NACK (git-fixes). - i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' (git-fixes). - i40e: Fix changing previously set num_queue_pairs for PFs (git-fixes). - i40e: Fix correct max_pkt_size on VF RX queue (git-fixes). - i40e: Fix creation of first queue by omitting it if is not power of two (git-fixes). - i40e: Fix display error code in dmesg (git-fixes). - i40e: Fix failed opcode appearing if handling messages from VF (git-fixes). - i40e: Fix NULL ptr dereference on VSI filter sync (git-fixes). - i40e: Fix ping is lost after configuring ADq on VF (git-fixes). - i40e: Fix pre-set max number of queues for VF (git-fixes). - i40e: Fix warning message and call stack during rmmod i40e driver (git-fixes). - iavf: check for null in iavf_fix_features (git-fixes). - iavf: do not clear a lock we do not hold (git-fixes). - iavf: Fix failure to exit out from last all-multicast mode (git-fixes). - iavf: Fix for setting queues to 0 (jsc#SLE-12877). - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (git-fixes). - iavf: Fix reporting when setting descriptor count (git-fixes). - iavf: Fix return of set the new channel count (jsc#SLE-12877). - iavf: free q_vectors before queues in iavf_disable_vf (git-fixes). - iavf: prevent accidental free of filter structure (git-fixes). - iavf: Prevent changing static ITR values if adaptive moderation is on (git-fixes). - iavf: Restore VLAN filters after link down (git-fixes). - iavf: validate pointers (git-fixes). - ibmvnic: drop bad optimization in reuse_rx_pools() (bsc#1193349 ltc#195568). - ibmvnic: drop bad optimization in reuse_tx_pools() (bsc#1193349 ltc#195568). - ice: avoid bpf_prog refcount underflow (jsc#SLE-7926). - ice: avoid bpf_prog refcount underflow (jsc#SLE-7926). - ice: Delete always true check of PF pointer (git-fixes). - ice: Fix not stopping Tx queues for VFs (jsc#SLE-7926). - ice: Fix VF true promiscuous mode (jsc#SLE-12878). - ice: fix vsi->txq_map sizing (jsc#SLE-7926). - ice: ignore dropped packets during init (git-fixes). - ice: Remove toggling of antispoof for VF trusted promiscuous mode (jsc#SLE-12878). - igb: fix netpoll exit with traffic (git-fixes). - igc: Remove _I_PHY_ID checking (bsc#1193169). - igc: Remove phy->type checking (bsc#1193169). - iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() (git-fixes). - Input: iforce - fix control-message timeout (git-fixes). - iommu: Check if group is NULL before remove device (git-fixes). - iommu/amd: Relocate GAMSup check to early_enable_iommus (git-fixes). - iommu/amd: Remove iommu_init_ga() (git-fixes). - iommu/mediatek: Fix out-of-range warning with clang (git-fixes). - iommu/vt-d: Consolidate duplicate cache invaliation code (git-fixes). - iommu/vt-d: Fix incomplete cache flush in intel_pasid_tear_down_entry() (git-fixes). - iommu/vt-d: Update the virtual command related registers (git-fixes). - ipmi: Disable some operations during a panic (git-fixes). - kABI: dm: fix deadlock when swapping to encrypted device (bsc#1186332). - kabi: hide changes to struct uv_info (git-fixes). - kernel-obs-build: include the preferred kernel parameters Currently the Open Build Service hardcodes the kernel boot parameters globally. Recently functionality was added to control the parameters by the kernel-obs-build package, so make use of that. parameters here will overwrite what is used by OBS otherwise. - kernel-obs-build: inform build service about virtio-serial Inform the build worker code that this kernel supports virtio-serial, which improves performance and relability of logging. - kernel-obs-build: remove duplicated/unused parameters lbs=0 - this parameters is just giving "unused parameter" and it looks like I can not find any version that implemented this. rd.driver.pre=binfmt_misc is not needed when setup_obs is used, it alread loads the kernel module. quiet and panic=1 will now be also always added by OBS, so we do not have to set it here anymore. - kernel-source.spec: install-kernel-tools also required on 15.4 - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (git-fixes). - lib/xz: Validate the value before assigning it to an enum variable (git-fixes). - libata: fix checking of DMA state (git-fixes). - linux/parser.h: add include guards (bsc#1192606). - lpfc: Reintroduce old IRQ probe logic (bsc#1183897). - md: add md_submit_discard_bio() for submitting discard bio (bsc#1192320). - md: fix a lock order reversal in md_alloc (git-fixes). - md/raid10: extend r10bio devs to raid disks (bsc#1192320). - md/raid10: improve discard request for far layout (bsc#1192320). - md/raid10: improve raid10 discard request (bsc#1192320). - md/raid10: initialize r10_bio->read_slot before use (bsc#1192320). - md/raid10: pull the code that wait for blocked dev into one function (bsc#1192320). - md/raid10: Remove unnecessary rcu_dereference in raid10_handle_discard (bsc#1192320). - mdio: aspeed: Fix "Link is Down" issue (bsc#1176447). - media: imx: set a media_device bus_info string (git-fixes). - media: ipu3-imgu: imgu_fmt: Handle properly try (git-fixes). - media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (git-fixes). - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (git-fixes). - media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes). - media: mt9p031: Fix corrupted frame after restarting stream (git-fixes). - media: netup_unidvb: handle interrupt properly according to the firmware (git-fixes). - media: rcar-csi2: Add checking to rcsi2_start_receiver() (git-fixes). - media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (git-fixes). - media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() (git-fixes). - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (git-fixes). - media: uvcvideo: Return -EIO for control errors (git-fixes). - media: uvcvideo: Set capability in s_param (git-fixes). - media: uvcvideo: Set unique vdev name based in type (git-fixes). - memstick: r592: Fix a UAF bug when removing the driver (git-fixes). - MM: reclaim mustn't enter FS for swap-over-NFS (bsc#1191876). - mmc: dw_mmc: Dont wait for DRTO on Write RSP error (git-fixes). - mmc: winbond: do not build on M68K (git-fixes). - mtd: core: do not remove debugfs directory if device is in use (git-fixes). - mwifiex: Properly initialize private structure on interface type changes (git-fixes). - mwifiex: Read a PCI register after writing the TX ring write pointer (git-fixes). - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (git-fixes). - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (git-fixes). - net: asix: fix uninit value bugs (git-fixes). - net: bnx2x: fix variable dereferenced before check (git-fixes). - net: bridge: fix under estimation in br_get_linkxstats_size() (bsc#1176447). - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (git-fixes). - net: delete redundant function declaration (git-fixes). - net: hns3: change affinity_mask to numa node range (bsc#1154353). - net: hns3: fix misuse vf id and vport id in some logs (bsc#1154353). - net: hns3: remove check VF uc mac exist when set by PF (bsc#1154353). - net: hso: fix control-request directions (git-fixes). - net: hso: fix muxed tty registration (git-fixes). - net: linkwatch: fix failure to restore device state across suspend/resume (bsc#1192511). - net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185726). - net: mana: Fix memory leak in mana_hwc_create_wq (jsc#SLE-18779, bsc#1185726). - net: mana: Fix spelling mistake "calledd" -> "called" (jsc#SLE-18779, bsc#1185726). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185726). - net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185726). - net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185726). - net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185726). - net: pegasus: fix uninit-value in get_interrupt_interval (git-fixes). - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (git-fixes). - net: stmmac: add EHL 2.5Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add EHL PSE0 PSE1 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add EHL RGMII 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add EHL SGMII 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add TGL SGMII 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: create dwmac-intel.c to contain all Intel platform (bsc#1192691). - net: stmmac: pci: Add HAPS support using GMAC5 (bsc#1192691). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available (git-fixes). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available (git-fixes). - net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32 (git-fixes). - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (git-fixes). - net/mlx5: E-Switch, return error if encap isn't supported (jsc#SLE-15172). - net/mlx5e: reset XPS on error flow if netdev isn't registered yet (git-fixes). - net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1176774). - netfilter: ctnetlink: do not erase error code with EINVAL (bsc#1176447). - netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY (bsc#1176447). - netfilter: flowtable: fix IPv6 tunnel addr match (bsc#1176447). - NFC: add NCI_UNREG flag to eliminate the race (git-fixes). - NFC: pn533: Fix double free when pn533_fill_fragment_skbs() fails (git-fixes). - NFC: reorder the logic in nfc_{un,}register_device (git-fixes). - NFC: reorganize the functions in nci_request (git-fixes). - nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes). - nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes). - NFS: Do not set NFS_INO_DATA_INVAL_DEFER and NFS_INO_INVALID_DATA (git-fixes). - NFS: do not take i_rwsem for swap IO (bsc#1191876). - NFS: Fix deadlocks in nfs_scan_commit_list() (git-fixes). - NFS: Fix up commit deadlocks (git-fixes). - NFS: move generic_write_checks() call from nfs_file_direct_write() to nfs_file_write() (bsc#1191876). - nfsd: do not alloc under spinlock in rpc_parse_scope_id (git-fixes). - nfsd: fix error handling of register_pernet_subsys() in init_nfsd() (git-fixes). - nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes). - NFSv4: Fix a regression in nfs_set_open_stateid_locked() (git-fixes). - nvme-multipath: Skip not ready namespaces when revalidating paths (bsc#1191793 bsc#1192507 bsc#1192969). - nvme-pci: add NO APST quirk for Kioxia device (git-fixes). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes). - PCI: Mark Atheros QCA6174 to avoid bus reset (git-fixes). - PCI/MSI: Deal with devices lying about their MSI mask capability (git-fixes). - perf: Correctly handle failed perf_get_aux_event() (git-fixes). - perf/x86/intel: Fix unchecked MSR access error caused by VLBR_EVENT (git-fixes). - perf/x86/intel/uncore: Fix Intel ICX IIO event constraints (git-fixes). - perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server (git-fixes). - perf/x86/intel/uncore: Fix the scale of the IMC free-running events (git-fixes). - perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server (git-fixes). - perf/x86/vlbr: Add c->flags to vlbr event constraints (git-fixes). - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes). - platform/x86: wmi: do not fail if disabling fails (git-fixes). - PM: hibernate: Get block device exclusively in swsusp_check() (git-fixes). - PM: hibernate: use correct mode for swsusp_close() (git-fixes). - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (git-fixes). - powerpc: fix unbalanced node refcount in check_kvm_guest() (jsc#SLE-15869 jsc#SLE-16321 git-fixes). - powerpc/iommu: Report the correct most efficient DMA mask for PCI devices (git-fixes). - powerpc/paravirt: correct preempt debug splat in vcpu_is_preempted() (bsc#1181148 ltc#190702 git-fixes). - powerpc/paravirt: vcpu_is_preempted() commentary (bsc#1181148 ltc#190702 git-fixes). - powerpc/perf: Fix cycles/instructions as PM_CYC/PM_INST_CMPL in power10 (jsc#SLE-13513 git-fixes). - powerpc/pseries: Move some PAPR paravirt functions to their own file (bsc#1181148 ltc#190702 git-fixes). - powerpc/watchdog: Avoid holding wd_smp_lock over printk and smp_send_nmi_ipi (bsc#1187541 ltc#192129). - powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (bsc#1187541 ltc#192129). - powerpc/watchdog: Fix wd_smp_last_reset_tb reporting (bsc#1187541 ltc#192129). - powerpc/watchdog: read TB close to where it is used (bsc#1187541 ltc#192129). - powerpc/watchdog: tighten non-atomic read-modify-write access (bsc#1187541 ltc#192129). - printk: Remove printk.h inclusion in percpu.h (bsc#1192987). - qede: validate non LSO skb length (git-fixes). - r8152: limit the RX buffer size of RTL8153A for USB 2.0 (git-fixes). - r8169: Add device 10ec:8162 to driver r8169 (git-fixes). - RDMA/bnxt_re: Update statistics counter name (jsc#SLE-16649). - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - reset: socfpga: add empty driver allowing consumers to probe (git-fixes). - ring-buffer: Protect ring_buffer_reset() from reentrancy (bsc#1179960). - rpm/*.spec.in: use buildroot macro instead of env variable The RPM_BUILD_ROOT variable is considered deprecated over a buildroot macro. future proof the spec files. - rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-lt;version>, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash... - rpm/kernel-obs-build.spec.in: move to zstd for the initrd Newer distros have capability to decompress zstd, which provides a 2-5% better compression ratio at very similar cpu overhead. Plus this tests the zstd codepaths now as well. - rt2x00: do not mark device gone on EPROTO errors during start (git-fixes). - rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1154353 bnc#1151927 5.3.9). - s390: mm: Fix secure storage access exception handling (git-fixes). - s390/bpf: Fix branch shortening during codegen pass (bsc#1193993). - s390/uv: fully validate the VMA before calling follow_page() (git-fixes). - scsi: iscsi: Adjust iface sysfs attr detection (git-fixes). - scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126). - scsi: mpi3mr: Fix duplicate device entries when scanning through sysfs (git-fixes). - scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes). - scsi: mpt3sas: Fix system going into read-only mode (git-fixes). - scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() (git-fixes). - scsi: qla2xxx: Fix gnl list corruption (git-fixes). - scsi: qla2xxx: Relogin during fabric disturbance (git-fixes). - scsi: qla2xxx: Turn off target reset during issue_lip (git-fixes). - serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array (git-fixes). - serial: 8250_pci: rewrite pericom_do_set_divisor() (git-fixes). - serial: 8250: Fix RTS modem control while in rs485 mode (git-fixes). - serial: core: fix transmit-buffer reset and memleak (git-fixes). - smb2: clarify rc initialization in smb2_reconnect (bsc#1192606). - smb2: fix use-after-free in smb2_ioctl_query_info() (bsc#1192606). - smb3: add additional null check in SMB2_ioctl (bsc#1192606). - smb3: add additional null check in SMB2_open (bsc#1192606). - smb3: add additional null check in SMB2_tcon (bsc#1192606). - smb3: add additional null check in SMB311_posix_mkdir (bsc#1192606). - smb3: Add debug message for new file creation with idsfromsid mount option (bsc#1192606). - smb3: add debug messages for closing unmatched open (bsc#1164565). - smb3: add defines for new crypto algorithms (bsc#1192606). - smb3: Add defines for new information level, FileIdInformation (bsc#1164565). - smb3: add defines for new signing negotiate context (bsc#1192606). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: add dynamic trace points for socket connection (bsc#1192606). - smb3: add dynamic tracepoints for flush and close (bsc#1164565). - smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl (bsc#1192606). - smb3: add missing flag definitions (bsc#1164565). - smb3: Add missing reparse tags (bsc#1164565). - smb3: add missing worker function for SMB3 change notify (bsc#1164565). - smb3: add mount option to allow forced caching of read only share (bsc#1164565). - smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1164565). - smb3: Add new compression flags (bsc#1192606). - smb3: Add new info level for query directory (bsc#1192606). - smb3: add new module load parm enable_gcm_256 (bsc#1192606). - smb3: add new module load parm require_gcm_256 (bsc#1192606). - smb3: Add new parm "nodelete" (bsc#1192606). - smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1164565). - smb3: add rasize mount parameter to improve readahead performance (bsc#1192606). - smb3: add some missing definitions from MS-FSCC (bsc#1192606). - smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1164565). - smb3: Add support for getting and setting SACLs (bsc#1192606). - smb3: Add support for lookup with posix extensions query info (bsc#1192606). - smb3: Add support for negotiating signing algorithm (bsc#1192606). - smb3: Add support for query info using posix extensions (level 100) (bsc#1192606). - smb3: add support for recognizing WSL reparse tags (bsc#1192606). - smb3: Add support for SMB311 query info (non-compounded) (bsc#1192606). - smb3: add support for stat of WSL reparse points for special file types (bsc#1192606). - smb3: add support for using info level for posix extensions query (bsc#1192606). - smb3: Add tracepoints for new compound posix query info (bsc#1192606). - smb3: Additional compression structures (bsc#1192606). - smb3: allow decryption keys to be dumped by admin for debugging (bsc#1164565). - smb3: allow disabling requesting leases (bnc#1151927 5.3.4). - smb3: allow dumping GCM256 keys to improve debugging of encrypted shares (bsc#1192606). - smb3: allow dumping keys for multiuser mounts (bsc#1192606). - smb3: allow parallelizing decryption of reads (bsc#1164565). - smb3: allow skipping signature verification for perf sensitive configurations (bsc#1164565). - smb3: allow uid and gid owners to be set on create with idsfromsid mount option (bsc#1192606). - smb3: avoid confusing warning message on mount to Azure (bsc#1192606). - smb3: Avoid Mid pending list corruption (bsc#1192606). - smb3: Backup intent flag missing from some more ops (bsc#1164565). - smb3: Call cifs reconnect from demultiplex thread (bsc#1192606). - smb3: change noisy error message to FYI (bsc#1192606). - smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1164565). - smb3: correct server pointer dereferencing check to be more consistent (bsc#1192606). - smb3: correct smb3 ACL security descriptor (bsc#1192606). - smb3: default to minimum of two channels when multichannel specified (bsc#1192606). - smb3: display max smb3 requests in flight at any one time (bsc#1164565). - smb3: do not attempt multichannel to server which does not support it (bsc#1192606). - smb3: do not error on fsync when readonly (bsc#1192606). - smb3: do not fail if no encryption required but server does not support it (bsc#1192606). - smb3: do not log warning message if server does not populate salt (bsc#1192606). - smb3: do not setup the fscache_super_cookie until fsinfo initialized (bsc#1192606). - smb3: do not try to cache root directory if dir leases not supported (bsc#1192606). - smb3: dump in_send and num_waiters stats counters by default (bsc#1164565). - smb3: enable negotiating stronger encryption by default (bsc#1192606). - smb3: enable offload of decryption of large reads via mount option (bsc#1164565). - smb3: enable swap on SMB3 mounts (bsc#1192606). - smb3: extend fscache mount volume coherency check (bsc#1192606). - smb3: fix access denied on change notify request to some servers (bsc#1192606). - smb3: fix cached file size problems in duplicate extents (reflink) (bsc#1192606). - smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1164565). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smb3: fix default permissions on new files when mounting with modefromsid (bsc#1164565). - smb3: Fix ids returned in POSIX query dir (bsc#1192606). - smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K (bsc#1192606). - smb3: fix leak in "open on server" perf counter (bnc#1151927 5.3.4). - smb3: Fix mkdir when idsfromsid configured on mount (bsc#1192606). - smb3: fix mode passed in on create for modetosid mount option (bsc#1164565). - smb3: fix mount failure to some servers when compression enabled (bsc#1192606). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - smb3: fix performance regression with setting mtime (bsc#1164565). - smb3: Fix persistent handles reconnect (bnc#1151927 5.3.11). - smb3: fix posix extensions mount option (bsc#1192606). - smb3: fix possible access to uninitialized pointer to DACL (bsc#1192606). - smb3: fix potential null dereference in decrypt offload (bsc#1164565). - smb3: fix problem with null cifs super block with previous patch (bsc#1164565). - smb3: fix readpage for large swap cache (bsc#1192606). - smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1164565). - smb3: Fix regression in time handling (bsc#1164565). - smb3: fix signing verification of large reads (bsc#1154355). - smb3: fix stat when special device file and mounted with modefromsid (bsc#1192606). - smb3: fix typo in compression flag (bsc#1192606). - smb3: fix typo in header file (bsc#1192606). - smb3: fix typo in mount options displayed in /proc/mounts (bsc#1192606). - smb3: fix uninitialized value for port in witness protocol move (bsc#1192606). - smb3: fix unmount hang in open_shroot (bnc#1151927 5.3.4). - smb3: fix unneeded error message on change notify (bsc#1192606). - smb3: Handle error case during offload read path (bsc#1192606). - smb3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - smb3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - smb3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - smb3: Honor lease disabling for multiuser mounts (git-fixes). - smb3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - smb3: if max_channels set to more than one channel request multichannel (bsc#1192606). - smb3: improve check for when we send the security descriptor context on create (bsc#1164565). - smb3: improve handling of share deleted (and share recreated) (bsc#1154355). - smb3: incorrect file id in requests compounded with open (bsc#1192606). - smb3: Incorrect size for netname negotiate context (bsc#1154355). - smb3: limit noisy error (bsc#1192606). - smb3: log warning if CSC policy conflicts with cache mount option (bsc#1164565). - smb3: Minor cleanup of protocol definitions (bsc#1192606). - smb3: minor update to compression header definitions (bsc#1192606). - smb3: missing ACL related flags (bsc#1164565). - smb3: negotiate current dialect (SMB3.1.1) when version 3 or greater requested (bsc#1192606). - smb3: only offload decryption of read responses if multiple requests (bsc#1164565). - smb3: pass mode bits into create calls (bsc#1164565). - smb3: prevent races updating CurrentMid (bsc#1192606). - smb3: print warning if server does not support requested encryption type (bsc#1192606). - smb3: print warning once if posix context returned on open (bsc#1164565). - smb3: query attributes on file close (bsc#1164565). - smb3: rc uninitialized in one fallocate path (bsc#1192606). - smb3: remind users that witness protocol is experimental (bsc#1192606). - smb3: remove confusing dmesg when mounting with encryption ("seal") (bsc#1164565). - smb3: remove confusing mount warning when no SPNEGO info on negprot rsp (bsc#1192606). - smb3: remove dead code for non compounded posix query info (bsc#1192606). - smb3: remove noisy debug message and minor cleanup (bsc#1164565). - smb3: remove overly noisy debug line in signing errors (bsc#1192606). - smb3: remove static checker warning (bsc#1192606). - smb3: remove trivial dfs compile warning (bsc#1192606, jsc#SLE-20042). - smb3: remove two unused variables (bsc#1192606). - smb3: remove unused flag passed into close functions (bsc#1164565). - smb3: rename nonces used for GCM and CCM encryption (bsc#1192606). - smb3: Resolve data corruption of TCP server info fields (bsc#1192606). - smb3: set COMPOUND_FID to FileID field of subsequent compound request (bsc#1192606). - smb3: set gcm256 when requested (bsc#1192606). - smb3: smbdirect support can be configured by default (bsc#1192606). - smb3: update comments clarifying SPNEGO info in negprot response (bsc#1192606). - smb3: update protocol header definitions based to include new flags (bsc#1192606). - smb3: update structures for new compression protocol definitions (bsc#1192606). - smb3: use SMB2_SIGNATURE_SIZE define (bsc#1192606). - smb3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - smb3: when mounting with multichannel include it in requested capabilities (bsc#1192606). - smbdirect: missing rc checks while waiting for rdma events (bsc#1192606). - soc/tegra: Fix an error handling path in tegra_powergate_power_up() (git-fixes). - soc/tegra: pmc: Fix imbalanced clock disabling in error code path (git-fixes). - spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (git-fixes). - spi: spl022: fix Microwire full duplex mode (git-fixes). - SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876). - SUNRPC: remove scheduling boost for "SWAPPER" tasks (bsc#1191876). - SUNRPC/auth: async tasks mustn't block waiting for memory (bsc#1191876). - SUNRPC/call_alloc: async tasks mustn't block waiting for memory (bsc#1191876). - SUNRPC/xprt: async tasks mustn't block waiting for memory (bsc#1191876). - supported.conf: add pwm-rockchip References: jsc#SLE-22615 - swiotlb: avoid double free (git-fixes). - swiotlb: Fix the type of index (git-fixes). - TCON Reconnect during STATUS_NETWORK_NAME_DELETED (bsc#1192606). - tlb: mmu_gather: add tlb_flush_*_range APIs - tracing: Add length protection to histogram string copies (git-fixes). - tracing: Change STR_VAR_MAX_LEN (git-fixes). - tracing: Check pid filtering when creating events (git-fixes). - tracing: Fix pid filtering when triggers are attached (git-fixes). - tracing: use %ps format string to print symbols (git-fixes). - tracing/histogram: Do not copy the fixed-size char array field over the field size (git-fixes). - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - tty: serial: msm_serial: Deactivate RX DMA for polling support (git-fixes). - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (git-fixes). - usb-storage: Add compatibility quirk flags for iODD 2531/2541 (git-fixes). - usb: chipidea: ci_hdrc_imx: fix potential error pointer dereference in probe (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for elapsed frames (git-fixes). - usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes). - usb: host: ohci-tmio: check return value after calling platform_get_resource() (git-fixes). - usb: musb: tusb6010: check return value after calling platform_get_resource() (git-fixes). - usb: serial: option: add Fibocom FM101-GL variants (git-fixes). - usb: serial: option: add Telit LE910S1 0x9200 composition (git-fixes). - usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts (git-fixes). - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes). - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes). - usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform (git-fixes). - vfs: do not parse forbidden flags (bsc#1192606). - x86/amd_nb: Add AMD family 19h model 50h PCI ids (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - x86/cpu: Fix migration safety with X86_BUG_NULL_SEL (bsc#1152489). - x86/efi: Restore Firmware IDT before calling ExitBootServices() (git-fixes). - x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry() (bsc#1178134). - x86/mpx: Disable MPX for 32-bit userland (bsc#1193139). - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1152489). - x86/pvh: add prototype for xen_pvh_init() (git-fixes). - x86/sev: Allow #VC exceptions on the VC2 stack (git-fixes). - x86/sev: Fix SEV-ES INS/OUTS instructions for word, dword, and qword (bsc#1178134). - x86/sev: Fix stack type check in vc_switch_off_ist() (git-fixes). - x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1152489). - x86/Xen: swap NX determination and GDT setup on BSP (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen/privcmd: fix error handling in mmap-resource processing (git-fixes). - xen/pvh: add missing prototype to header (git-fixes). - xen/x86: fix PV trap handling on secondary processors (git-fixes). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (git-fixes). - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (git-fixes). - zram: fix return value on writeback_store (git-fixes). - zram: off by one in read_block_state() (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-2022-131=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-131=1 Package List: - openSUSE Leap 15.4 (x86_64): keycloak-18.0.0-lp154.2.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-59.40.1 cluster-md-kmp-default-debuginfo-5.3.18-59.40.1 dlm-kmp-default-5.3.18-59.40.1 dlm-kmp-default-debuginfo-5.3.18-59.40.1 gfs2-kmp-default-5.3.18-59.40.1 gfs2-kmp-default-debuginfo-5.3.18-59.40.1 kernel-default-5.3.18-59.40.1 kernel-default-base-5.3.18-59.40.1.18.25.1 kernel-default-base-rebuild-5.3.18-59.40.1.18.25.1 kernel-default-debuginfo-5.3.18-59.40.1 kernel-default-debugsource-5.3.18-59.40.1 kernel-default-devel-5.3.18-59.40.1 kernel-default-devel-debuginfo-5.3.18-59.40.1 kernel-default-extra-5.3.18-59.40.1 kernel-default-extra-debuginfo-5.3.18-59.40.1 kernel-default-livepatch-5.3.18-59.40.1 kernel-default-livepatch-devel-5.3.18-59.40.1 kernel-default-optional-5.3.18-59.40.1 kernel-default-optional-debuginfo-5.3.18-59.40.1 kernel-obs-build-5.3.18-59.40.1 kernel-obs-build-debugsource-5.3.18-59.40.1 kernel-obs-qa-5.3.18-59.40.1 kernel-syms-5.3.18-59.40.1 kselftests-kmp-default-5.3.18-59.40.1 kselftests-kmp-default-debuginfo-5.3.18-59.40.1 ocfs2-kmp-default-5.3.18-59.40.1 ocfs2-kmp-default-debuginfo-5.3.18-59.40.1 reiserfs-kmp-default-5.3.18-59.40.1 reiserfs-kmp-default-debuginfo-5.3.18-59.40.1 - openSUSE Leap 15.3 (aarch64 x86_64): cluster-md-kmp-preempt-5.3.18-59.40.1 cluster-md-kmp-preempt-debuginfo-5.3.18-59.40.1 dlm-kmp-preempt-5.3.18-59.40.1 dlm-kmp-preempt-debuginfo-5.3.18-59.40.1 gfs2-kmp-preempt-5.3.18-59.40.1 gfs2-kmp-preempt-debuginfo-5.3.18-59.40.1 kernel-preempt-5.3.18-59.40.1 kernel-preempt-debuginfo-5.3.18-59.40.1 kernel-preempt-debugsource-5.3.18-59.40.1 kernel-preempt-devel-5.3.18-59.40.1 kernel-preempt-devel-debuginfo-5.3.18-59.40.1 kernel-preempt-extra-5.3.18-59.40.1 kernel-preempt-extra-debuginfo-5.3.18-59.40.1 kernel-preempt-livepatch-devel-5.3.18-59.40.1 kernel-preempt-optional-5.3.18-59.40.1 kernel-preempt-optional-debuginfo-5.3.18-59.40.1 kselftests-kmp-preempt-5.3.18-59.40.1 kselftests-kmp-preempt-debuginfo-5.3.18-59.40.1 ocfs2-kmp-preempt-5.3.18-59.40.1 ocfs2-kmp-preempt-debuginfo-5.3.18-59.40.1 reiserfs-kmp-preempt-5.3.18-59.40.1 reiserfs-kmp-preempt-debuginfo-5.3.18-59.40.1 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-5.3.18-59.40.1 kernel-debug-debuginfo-5.3.18-59.40.1 kernel-debug-debugsource-5.3.18-59.40.1 kernel-debug-devel-5.3.18-59.40.1 kernel-debug-devel-debuginfo-5.3.18-59.40.1 kernel-debug-livepatch-devel-5.3.18-59.40.1 kernel-kvmsmall-5.3.18-59.40.1 kernel-kvmsmall-debuginfo-5.3.18-59.40.1 kernel-kvmsmall-debugsource-5.3.18-59.40.1 kernel-kvmsmall-devel-5.3.18-59.40.1 kernel-kvmsmall-devel-debuginfo-5.3.18-59.40.1 kernel-kvmsmall-livepatch-devel-5.3.18-59.40.1 - openSUSE Leap 15.3 (aarch64): cluster-md-kmp-64kb-5.3.18-59.40.1 cluster-md-kmp-64kb-debuginfo-5.3.18-59.40.1 dlm-kmp-64kb-5.3.18-59.40.1 dlm-kmp-64kb-debuginfo-5.3.18-59.40.1 dtb-al-5.3.18-59.40.1 dtb-allwinner-5.3.18-59.40.1 dtb-altera-5.3.18-59.40.1 dtb-amd-5.3.18-59.40.1 dtb-amlogic-5.3.18-59.40.1 dtb-apm-5.3.18-59.40.1 dtb-arm-5.3.18-59.40.1 dtb-broadcom-5.3.18-59.40.1 dtb-cavium-5.3.18-59.40.1 dtb-exynos-5.3.18-59.40.1 dtb-freescale-5.3.18-59.40.1 dtb-hisilicon-5.3.18-59.40.1 dtb-lg-5.3.18-59.40.1 dtb-marvell-5.3.18-59.40.1 dtb-mediatek-5.3.18-59.40.1 dtb-nvidia-5.3.18-59.40.1 dtb-qcom-5.3.18-59.40.1 dtb-renesas-5.3.18-59.40.1 dtb-rockchip-5.3.18-59.40.1 dtb-socionext-5.3.18-59.40.1 dtb-sprd-5.3.18-59.40.1 dtb-xilinx-5.3.18-59.40.1 dtb-zte-5.3.18-59.40.1 gfs2-kmp-64kb-5.3.18-59.40.1 gfs2-kmp-64kb-debuginfo-5.3.18-59.40.1 kernel-64kb-5.3.18-59.40.1 kernel-64kb-debuginfo-5.3.18-59.40.1 kernel-64kb-debugsource-5.3.18-59.40.1 kernel-64kb-devel-5.3.18-59.40.1 kernel-64kb-devel-debuginfo-5.3.18-59.40.1 kernel-64kb-extra-5.3.18-59.40.1 kernel-64kb-extra-debuginfo-5.3.18-59.40.1 kernel-64kb-livepatch-devel-5.3.18-59.40.1 kernel-64kb-optional-5.3.18-59.40.1 kernel-64kb-optional-debuginfo-5.3.18-59.40.1 kselftests-kmp-64kb-5.3.18-59.40.1 kselftests-kmp-64kb-debuginfo-5.3.18-59.40.1 ocfs2-kmp-64kb-5.3.18-59.40.1 ocfs2-kmp-64kb-debuginfo-5.3.18-59.40.1 reiserfs-kmp-64kb-5.3.18-59.40.1 reiserfs-kmp-64kb-debuginfo-5.3.18-59.40.1 - openSUSE Leap 15.3 (noarch): kernel-devel-5.3.18-59.40.1 kernel-docs-5.3.18-59.40.1 kernel-docs-html-5.3.18-59.40.1 kernel-macros-5.3.18-59.40.1 kernel-source-5.3.18-59.40.1 kernel-source-vanilla-5.3.18-59.40.1 - openSUSE Leap 15.3 (s390x): kernel-zfcpdump-5.3.18-59.40.1 kernel-zfcpdump-debuginfo-5.3.18-59.40.1 kernel-zfcpdump-debugsource-5.3.18-59.40.1 References: https://www.suse.com/security/cve/CVE-2020-24504.html https://www.suse.com/security/cve/CVE-2020-27820.html https://www.suse.com/security/cve/CVE-2021-2032.html https://www.suse.com/security/cve/CVE-2021-28711.html https://www.suse.com/security/cve/CVE-2021-28712.html https://www.suse.com/security/cve/CVE-2021-28713.html https://www.suse.com/security/cve/CVE-2021-28714.html https://www.suse.com/security/cve/CVE-2021-28715.html https://www.suse.com/security/cve/CVE-2021-4001.html https://www.suse.com/security/cve/CVE-2021-4002.html https://www.suse.com/security/cve/CVE-2021-43975.html https://www.suse.com/security/cve/CVE-2021-43976.html https://www.suse.com/security/cve/CVE-2021-45485.html https://www.suse.com/security/cve/CVE-2021-45486.html https://bugzilla.suse.com/1139944 https://bugzilla.suse.com/1151927 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153275 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1154355 https://bugzilla.suse.com/1161907 https://bugzilla.suse.com/1164565 https://bugzilla.suse.com/1166780 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1176242 https://bugzilla.suse.com/1176447 https://bugzilla.suse.com/1176536 https://bugzilla.suse.com/1176544 https://bugzilla.suse.com/1176545 https://bugzilla.suse.com/1176546 https://bugzilla.suse.com/1176548 https://bugzilla.suse.com/1176558 https://bugzilla.suse.com/1176559 https://bugzilla.suse.com/1176774 https://bugzilla.suse.com/1176940 https://bugzilla.suse.com/1176956 https://bugzilla.suse.com/1177440 https://bugzilla.suse.com/1178134 https://bugzilla.suse.com/1178270 https://bugzilla.suse.com/1179211 https://bugzilla.suse.com/1179424 https://bugzilla.suse.com/1179426 https://bugzilla.suse.com/1179427 https://bugzilla.suse.com/1179599 https://bugzilla.suse.com/1181148 https://bugzilla.suse.com/1181507 https://bugzilla.suse.com/1181710 https://bugzilla.suse.com/1182404 https://bugzilla.suse.com/1183534 https://bugzilla.suse.com/1183540 https://bugzilla.suse.com/1183897 https://bugzilla.suse.com/1184318 https://bugzilla.suse.com/1185726 https://bugzilla.suse.com/1185902 https://bugzilla.suse.com/1186332 https://bugzilla.suse.com/1187541 https://bugzilla.suse.com/1189126 https://bugzilla.suse.com/1189158 https://bugzilla.suse.com/1191793 https://bugzilla.suse.com/1191876 https://bugzilla.suse.com/1192267 https://bugzilla.suse.com/1192320 https://bugzilla.suse.com/1192507 https://bugzilla.suse.com/1192511 https://bugzilla.suse.com/1192569 https://bugzilla.suse.com/1192606 https://bugzilla.suse.com/1192691 https://bugzilla.suse.com/1192845 https://bugzilla.suse.com/1192847 https://bugzilla.suse.com/1192874 https://bugzilla.suse.com/1192946 https://bugzilla.suse.com/1192969 https://bugzilla.suse.com/1192987 https://bugzilla.suse.com/1192990 https://bugzilla.suse.com/1192998 https://bugzilla.suse.com/1193002 https://bugzilla.suse.com/1193042 https://bugzilla.suse.com/1193139 https://bugzilla.suse.com/1193169 https://bugzilla.suse.com/1193306 https://bugzilla.suse.com/1193318 https://bugzilla.suse.com/1193349 https://bugzilla.suse.com/1193440 https://bugzilla.suse.com/1193442 https://bugzilla.suse.com/1193655 https://bugzilla.suse.com/1193993 https://bugzilla.suse.com/1194087 https://bugzilla.suse.com/1194094 https://bugzilla.suse.com/1195323

1 0

SUSE-SU-2022:1565-1: moderate: Security update for giflib
by opensuse-security＠opensuse.org 06 May '22

06 May '22

SUSE Security Update: Security update for giflib ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1565-1 Rating: moderate References: #1094832 #1146299 #1184123 #974847 Cross-References: CVE-2016-3977 CVE-2018-11490 CVE-2019-15133 CVSS scores: CVE-2016-3977 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-11490 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-11490 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-15133 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for giflib fixes the following issues: - CVE-2019-15133: Fixed a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero (bsc#1146299). - CVE-2018-11490: Fixed a heap-based buffer overflow in DGifDecompressLine function in dgif_lib.c (bsc#1094832). - CVE-2016-3977: Fixed a heap buffer overflow in gif2rgb (bsc#974847). Update to version 5.2.1 * In gifbuild.c, avoid a core dump on no color map. * Restore inadvertently removed library version numbers in Makefile. Changes in version 5.2.0 * The undocumented and deprecated GifQuantizeBuffer() entry point has been moved to the util library to reduce libgif size and attack surface. Applications needing this function are couraged to link the util library or make their own copy. * The following obsolete utility programs are no longer installed: gifecho, giffilter, gifinto, gifsponge. These were either installed in error or have been obsolesced by modern image-transformmation tools like ImageMagick convert. They may be removed entirely in a future release. * Address SourceForge issue #136: Stack-buffer-overflow in gifcolor.c:84 * Address SF bug #134: Giflib fails to slurp significant number of gifs * Apply SPDX convention for license tagging. Changes in version 5.1.9 * The documentation directory now includes an HTMlified version of the GIF89 standard, and a more detailed description of how LZW compression is applied to GIFs. * Address SF bug #129: The latest version of giflib cannot be build on windows. * Address SF bug #126: Cannot compile giflib using c89 Changes in version 5.1.8 * Address SF bug #119: MemorySanitizer: FPE on unknown address (CVE-2019-15133 bsc#1146299) * Address SF bug #125: 5.1.7: xmlto is still required for tarball * Address SF bug #124: 5.1.7: ar invocation is not crosscompile compatible * Address SF bug #122: 5.1.7 installs manpages to wrong directory * Address SF bug #121: make: getversion: Command not found * Address SF bug #120: 5.1.7 does not build a proper library - no Changes in version 5.1.7 * Correct a minor packaging error (superfluous symlinks) in the 5.1.6 tarballs. Changes in version 5.1.6 * Fix library installation in the Makefile. Changes in version 5.1.5 * Fix SF bug #114: Null dereferences in main() of gifclrmp * Fix SF bug #113: Heap Buffer Overflow-2 in function DGifDecompressLine() in cgif.c. This had been assigned (CVE-2018-11490 bsc#1094832). * Fix SF bug #111: segmentation fault in PrintCodeBlock * Fix SF bug #109: Segmentation fault of giftool reading a crafted file * Fix SF bug #107: Floating point exception in giftext utility * Fix SF bug #105: heap buffer overflow in DumpScreen2RGB in gif2rgb.c:317 * Fix SF bug #104: Ineffective bounds check in DGifSlurp * Fix SF bug #103: GIFLIB 5.1.4: DGifSlurp fails on empty comment * Fix SF bug #87: Heap buffer overflow in 5.1.2 (gif2rgb). (CVE-2016-3977 bsc#974847) * The horrible old autoconf build system has been removed with extreme prejudice. You now build this simply by running "make" from the top-level directory. The following non-security bugs were fixed: - build path independent objects and inherit CFLAGS from the build system (bsc#1184123) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1565=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1565=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1565=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1565=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1565=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): giflib-debugsource-5.2.1-150000.4.8.1 giflib-devel-5.2.1-150000.4.8.1 giflib-progs-5.2.1-150000.4.8.1 giflib-progs-debuginfo-5.2.1-150000.4.8.1 libgif7-5.2.1-150000.4.8.1 libgif7-debuginfo-5.2.1-150000.4.8.1 - openSUSE Leap 15.4 (x86_64): giflib-devel-32bit-5.2.1-150000.4.8.1 libgif7-32bit-5.2.1-150000.4.8.1 libgif7-32bit-debuginfo-5.2.1-150000.4.8.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): giflib-debugsource-5.2.1-150000.4.8.1 giflib-devel-5.2.1-150000.4.8.1 giflib-progs-5.2.1-150000.4.8.1 giflib-progs-debuginfo-5.2.1-150000.4.8.1 libgif7-5.2.1-150000.4.8.1 libgif7-debuginfo-5.2.1-150000.4.8.1 - openSUSE Leap 15.3 (x86_64): giflib-devel-32bit-5.2.1-150000.4.8.1 libgif7-32bit-5.2.1-150000.4.8.1 libgif7-32bit-debuginfo-5.2.1-150000.4.8.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): giflib-debugsource-5.2.1-150000.4.8.1 giflib-devel-5.2.1-150000.4.8.1 libgif7-5.2.1-150000.4.8.1 libgif7-debuginfo-5.2.1-150000.4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): giflib-debugsource-5.2.1-150000.4.8.1 giflib-devel-5.2.1-150000.4.8.1 libgif7-5.2.1-150000.4.8.1 libgif7-debuginfo-5.2.1-150000.4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): giflib-debugsource-5.2.1-150000.4.8.1 giflib-devel-5.2.1-150000.4.8.1 libgif7-5.2.1-150000.4.8.1 libgif7-debuginfo-5.2.1-150000.4.8.1 References: https://www.suse.com/security/cve/CVE-2016-3977.html https://www.suse.com/security/cve/CVE-2018-11490.html https://www.suse.com/security/cve/CVE-2019-15133.html https://bugzilla.suse.com/1094832 https://bugzilla.suse.com/1146299 https://bugzilla.suse.com/1184123 https://bugzilla.suse.com/974847

1 0

openSUSE-SU-2022:0125-1: important: Security update for chromium
by opensuse-security＠opensuse.org 06 May '22

06 May '22

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0125-1 Rating: important References: #1198917 #1199118 Cross-References: CVE-2022-1477 CVE-2022-1478 CVE-2022-1479 CVE-2022-1480 CVE-2022-1481 CVE-2022-1482 CVE-2022-1483 CVE-2022-1484 CVE-2022-1485 CVE-2022-1486 CVE-2022-1487 CVE-2022-1488 CVE-2022-1489 CVE-2022-1490 CVE-2022-1491 CVE-2022-1492 CVE-2022-1493 CVE-2022-1494 CVE-2022-1495 CVE-2022-1496 CVE-2022-1497 CVE-2022-1498 CVE-2022-1499 CVE-2022-1500 CVE-2022-1501 Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Chromium 101.0.4951.54 (boo#1199118) Chromium 101.0.4951.41 (boo#1198917): * CVE-2022-1477: Use after free in Vulkan * CVE-2022-1478: Use after free in SwiftShader * CVE-2022-1479: Use after free in ANGLE * CVE-2022-1480: Use after free in Device API * CVE-2022-1481: Use after free in Sharing * CVE-2022-1482: Inappropriate implementation in WebGL * CVE-2022-1483: Heap buffer overflow in WebGPU * CVE-2022-1484: Heap buffer overflow in Web UI Settings * CVE-2022-1485: Use after free in File System API * CVE-2022-1486: Type Confusion in V8 * CVE-2022-1487: Use after free in Ozone * CVE-2022-1488: Inappropriate implementation in Extensions API * CVE-2022-1489: Out of bounds memory access in UI Shelf * CVE-2022-1490: Use after free in Browser Switcher * CVE-2022-1491: Use after free in Bookmarks * CVE-2022-1492: Insufficient data validation in Blink Editing * CVE-2022-1493: Use after free in Dev Tools * CVE-2022-1494: Insufficient data validation in Trusted Types * CVE-2022-1495: Incorrect security UI in Downloads * CVE-2022-1496: Use after free in File Manager * CVE-2022-1497: Inappropriate implementation in Input * CVE-2022-1498: Inappropriate implementation in HTML Parser * CVE-2022-1499: Inappropriate implementation in WebAuthentication * CVE-2022-1500: Insufficient data validation in Dev Tools * CVE-2022-1501: Inappropriate implementation in iframe Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-125=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 x86_64): chromedriver-101.0.4951.54-bp153.2.88.1 chromium-101.0.4951.54-bp153.2.88.1 References: https://www.suse.com/security/cve/CVE-2022-1477.html https://www.suse.com/security/cve/CVE-2022-1478.html https://www.suse.com/security/cve/CVE-2022-1479.html https://www.suse.com/security/cve/CVE-2022-1480.html https://www.suse.com/security/cve/CVE-2022-1481.html https://www.suse.com/security/cve/CVE-2022-1482.html https://www.suse.com/security/cve/CVE-2022-1483.html https://www.suse.com/security/cve/CVE-2022-1484.html https://www.suse.com/security/cve/CVE-2022-1485.html https://www.suse.com/security/cve/CVE-2022-1486.html https://www.suse.com/security/cve/CVE-2022-1487.html https://www.suse.com/security/cve/CVE-2022-1488.html https://www.suse.com/security/cve/CVE-2022-1489.html https://www.suse.com/security/cve/CVE-2022-1490.html https://www.suse.com/security/cve/CVE-2022-1491.html https://www.suse.com/security/cve/CVE-2022-1492.html https://www.suse.com/security/cve/CVE-2022-1493.html https://www.suse.com/security/cve/CVE-2022-1494.html https://www.suse.com/security/cve/CVE-2022-1495.html https://www.suse.com/security/cve/CVE-2022-1496.html https://www.suse.com/security/cve/CVE-2022-1497.html https://www.suse.com/security/cve/CVE-2022-1498.html https://www.suse.com/security/cve/CVE-2022-1499.html https://www.suse.com/security/cve/CVE-2022-1500.html https://www.suse.com/security/cve/CVE-2022-1501.html https://bugzilla.suse.com/1198917 https://bugzilla.suse.com/1199118

1 0

SUSE-SU-2022:1548-1: moderate: Security update for tar
by opensuse-security＠opensuse.org 05 May '22

05 May '22

SUSE Security Update: Security update for tar ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1548-1 Rating: moderate References: #1029961 #1120610 #1130496 #1181131 Cross-References: CVE-2018-20482 CVE-2019-9923 CVE-2021-20193 CVSS scores: CVE-2018-20482 (NVD) : 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-20482 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-9923 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-9923 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-20193 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-20193 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the "-K NAME" option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1548=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1548=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1548=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1548=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1548=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1548=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): tar-1.34-150000.3.12.1 tar-debuginfo-1.34-150000.3.12.1 tar-debugsource-1.34-150000.3.12.1 tar-rmt-1.34-150000.3.12.1 tar-rmt-debuginfo-1.34-150000.3.12.1 tar-tests-1.34-150000.3.12.1 tar-tests-debuginfo-1.34-150000.3.12.1 - openSUSE Leap 15.3 (noarch): tar-backup-scripts-1.34-150000.3.12.1 tar-doc-1.34-150000.3.12.1 tar-lang-1.34-150000.3.12.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): tar-1.34-150000.3.12.1 tar-debuginfo-1.34-150000.3.12.1 tar-debugsource-1.34-150000.3.12.1 tar-rmt-1.34-150000.3.12.1 tar-rmt-debuginfo-1.34-150000.3.12.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): tar-lang-1.34-150000.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): tar-1.34-150000.3.12.1 tar-debuginfo-1.34-150000.3.12.1 tar-debugsource-1.34-150000.3.12.1 tar-rmt-1.34-150000.3.12.1 tar-rmt-debuginfo-1.34-150000.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): tar-lang-1.34-150000.3.12.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): tar-1.34-150000.3.12.1 tar-debuginfo-1.34-150000.3.12.1 tar-debugsource-1.34-150000.3.12.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): tar-1.34-150000.3.12.1 tar-debuginfo-1.34-150000.3.12.1 tar-debugsource-1.34-150000.3.12.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): tar-1.34-150000.3.12.1 tar-debuginfo-1.34-150000.3.12.1 tar-debugsource-1.34-150000.3.12.1 References: https://www.suse.com/security/cve/CVE-2018-20482.html https://www.suse.com/security/cve/CVE-2019-9923.html https://www.suse.com/security/cve/CVE-2021-20193.html https://bugzilla.suse.com/1029961 https://bugzilla.suse.com/1120610 https://bugzilla.suse.com/1130496 https://bugzilla.suse.com/1181131

1 0

SUSE-SU-2022:1549-1: moderate: Security update for libvirt
by opensuse-security＠opensuse.org 05 May '22

05 May '22

SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1549-1 Rating: moderate References: #1193364 #1196625 #1197636 Cross-References: CVE-2022-0897 CVSS scores: CVE-2022-0897 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-0897 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for libvirt fixes the following issues: - CVE-2022-0897: Fixed a crash in nwfilter when counting number of network filters (bsc#1197636). The following non-security bugs were fixed: - qemu: Improve save operation by increasing pipe size c61d1e9b-virfile-set-pipe-size.patch, 47d6d185-virfile-fix-indent.patch, cd7acb33-virfile-report-error.patch bsc#1196625 - qemu: Directly query KVM for TSC scaling support 5df2c492-use-kvm-for-tsc-scaling.patch bsc#1193364 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1549=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1549=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-1549=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1549=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1549=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1549=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1549=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libvirt-admin-7.1.0-150300.6.29.1 libvirt-admin-debuginfo-7.1.0-150300.6.29.1 - openSUSE Leap 15.4 (noarch): libvirt-bash-completion-7.1.0-150300.6.29.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libvirt-7.1.0-150300.6.29.1 libvirt-admin-7.1.0-150300.6.29.1 libvirt-admin-debuginfo-7.1.0-150300.6.29.1 libvirt-client-7.1.0-150300.6.29.1 libvirt-client-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-7.1.0-150300.6.29.1 libvirt-daemon-config-network-7.1.0-150300.6.29.1 libvirt-daemon-config-nwfilter-7.1.0-150300.6.29.1 libvirt-daemon-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-interface-7.1.0-150300.6.29.1 libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-lxc-7.1.0-150300.6.29.1 libvirt-daemon-driver-lxc-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-network-7.1.0-150300.6.29.1 libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-nodedev-7.1.0-150300.6.29.1 libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-nwfilter-7.1.0-150300.6.29.1 libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-qemu-7.1.0-150300.6.29.1 libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-secret-7.1.0-150300.6.29.1 libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-core-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-disk-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-gluster-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-gluster-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-logical-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-hooks-7.1.0-150300.6.29.1 libvirt-daemon-lxc-7.1.0-150300.6.29.1 libvirt-daemon-qemu-7.1.0-150300.6.29.1 libvirt-debugsource-7.1.0-150300.6.29.1 libvirt-devel-7.1.0-150300.6.29.1 libvirt-libs-7.1.0-150300.6.29.1 libvirt-libs-debuginfo-7.1.0-150300.6.29.1 libvirt-lock-sanlock-7.1.0-150300.6.29.1 libvirt-lock-sanlock-debuginfo-7.1.0-150300.6.29.1 libvirt-nss-7.1.0-150300.6.29.1 libvirt-nss-debuginfo-7.1.0-150300.6.29.1 wireshark-plugin-libvirt-7.1.0-150300.6.29.1 wireshark-plugin-libvirt-debuginfo-7.1.0-150300.6.29.1 - openSUSE Leap 15.3 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.29.1 - openSUSE Leap 15.3 (noarch): libvirt-bash-completion-7.1.0-150300.6.29.1 libvirt-doc-7.1.0-150300.6.29.1 - openSUSE Leap 15.3 (x86_64): libvirt-client-32bit-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-libxl-7.1.0-150300.6.29.1 libvirt-daemon-driver-libxl-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-xen-7.1.0-150300.6.29.1 libvirt-devel-32bit-7.1.0-150300.6.29.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): libvirt-bash-completion-7.1.0-150300.6.29.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libvirt-7.1.0-150300.6.29.1 libvirt-admin-7.1.0-150300.6.29.1 libvirt-admin-debuginfo-7.1.0-150300.6.29.1 libvirt-client-7.1.0-150300.6.29.1 libvirt-client-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-7.1.0-150300.6.29.1 libvirt-daemon-config-network-7.1.0-150300.6.29.1 libvirt-daemon-config-nwfilter-7.1.0-150300.6.29.1 libvirt-daemon-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-interface-7.1.0-150300.6.29.1 libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-lxc-7.1.0-150300.6.29.1 libvirt-daemon-driver-lxc-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-network-7.1.0-150300.6.29.1 libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-nodedev-7.1.0-150300.6.29.1 libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-nwfilter-7.1.0-150300.6.29.1 libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-qemu-7.1.0-150300.6.29.1 libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-secret-7.1.0-150300.6.29.1 libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-core-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-disk-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-logical-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-hooks-7.1.0-150300.6.29.1 libvirt-daemon-lxc-7.1.0-150300.6.29.1 libvirt-daemon-qemu-7.1.0-150300.6.29.1 libvirt-debugsource-7.1.0-150300.6.29.1 libvirt-devel-7.1.0-150300.6.29.1 libvirt-lock-sanlock-7.1.0-150300.6.29.1 libvirt-lock-sanlock-debuginfo-7.1.0-150300.6.29.1 libvirt-nss-7.1.0-150300.6.29.1 libvirt-nss-debuginfo-7.1.0-150300.6.29.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.29.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): libvirt-bash-completion-7.1.0-150300.6.29.1 libvirt-doc-7.1.0-150300.6.29.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): libvirt-daemon-driver-libxl-7.1.0-150300.6.29.1 libvirt-daemon-driver-libxl-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-xen-7.1.0-150300.6.29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-7.1.0-150300.6.29.1 libvirt-libs-7.1.0-150300.6.29.1 libvirt-libs-debuginfo-7.1.0-150300.6.29.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libvirt-client-7.1.0-150300.6.29.1 libvirt-client-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-7.1.0-150300.6.29.1 libvirt-daemon-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-interface-7.1.0-150300.6.29.1 libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-network-7.1.0-150300.6.29.1 libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-nodedev-7.1.0-150300.6.29.1 libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-nwfilter-7.1.0-150300.6.29.1 libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-qemu-7.1.0-150300.6.29.1 libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-secret-7.1.0-150300.6.29.1 libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-core-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-disk-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-logical-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-qemu-7.1.0-150300.6.29.1 libvirt-debugsource-7.1.0-150300.6.29.1 libvirt-libs-7.1.0-150300.6.29.1 libvirt-libs-debuginfo-7.1.0-150300.6.29.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.29.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libvirt-daemon-7.1.0-150300.6.29.1 libvirt-daemon-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-interface-7.1.0-150300.6.29.1 libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-network-7.1.0-150300.6.29.1 libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-nodedev-7.1.0-150300.6.29.1 libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-nwfilter-7.1.0-150300.6.29.1 libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-qemu-7.1.0-150300.6.29.1 libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-secret-7.1.0-150300.6.29.1 libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-core-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-disk-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-logical-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.29.1 libvirt-daemon-qemu-7.1.0-150300.6.29.1 libvirt-debugsource-7.1.0-150300.6.29.1 libvirt-libs-7.1.0-150300.6.29.1 libvirt-libs-debuginfo-7.1.0-150300.6.29.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.29.1 libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.29.1 References: https://www.suse.com/security/cve/CVE-2022-0897.html https://bugzilla.suse.com/1193364 https://bugzilla.suse.com/1196625 https://bugzilla.suse.com/1197636

1 0

SUSE-SU-2022:1541-1: important: Security update for pgadmin4
by opensuse-security＠opensuse.org 04 May '22

04 May '22

SUSE Security Update: Security update for pgadmin4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1541-1 Rating: important References: #1197143 Cross-References: CVE-2022-0959 CVSS scores: CVE-2022-0959 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2022-0959 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for pgadmin4 fixes the following issues: - CVE-2022-0959: Fixed an unrestricted file upload (bsc#1197143). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1541=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1541=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-1541=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1541=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): pgadmin4-4.30-150300.3.3.1 pgadmin4-debuginfo-4.30-150300.3.3.1 - openSUSE Leap 15.4 (noarch): pgadmin4-doc-4.30-150300.3.3.1 pgadmin4-web-4.30-150300.3.3.1 pgadmin4-web-uwsgi-4.30-150300.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): pgadmin4-4.30-150300.3.3.1 pgadmin4-debuginfo-4.30-150300.3.3.1 - openSUSE Leap 15.3 (noarch): pgadmin4-doc-4.30-150300.3.3.1 pgadmin4-web-4.30-150300.3.3.1 pgadmin4-web-uwsgi-4.30-150300.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): pgadmin4-4.30-150300.3.3.1 pgadmin4-debuginfo-4.30-150300.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): pgadmin4-doc-4.30-150300.3.3.1 pgadmin4-web-4.30-150300.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): pgadmin4-4.30-150300.3.3.1 pgadmin4-debuginfo-4.30-150300.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): pgadmin4-doc-4.30-150300.3.3.1 pgadmin4-web-4.30-150300.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-0959.html https://bugzilla.suse.com/1197143

1 0

SUSE-SU-2022:1524-1: moderate: Security update for apache2-mod_auth_mellon
by opensuse-security＠opensuse.org 04 May '22

04 May '22

SUSE Security Update: Security update for apache2-mod_auth_mellon ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1524-1 Rating: moderate References: #1188926 Cross-References: CVE-2021-3639 CVSS scores: CVE-2021-3639 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2-mod_auth_mellon fixes the following issues: - CVE-2021-3639: Fixed open Redirect vulnerability in logout URLs (bsc#1188926) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1524=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1524=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1524=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1524=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1524=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1524=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1524=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1524=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1524=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-1524=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1524=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1524=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1524=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1524=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-debuginfo-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-debugsource-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-diagnostics-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-diagnostics-debuginfo-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-doc-0.17.0-150200.5.7.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-debuginfo-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-debugsource-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-diagnostics-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-diagnostics-debuginfo-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-doc-0.17.0-150200.5.7.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 - SUSE Manager Proxy 4.1 (x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-debuginfo-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-debugsource-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-diagnostics-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-diagnostics-debuginfo-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-doc-0.17.0-150200.5.7.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-debuginfo-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-debugsource-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-diagnostics-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-diagnostics-debuginfo-0.17.0-150200.5.7.1 apache2-mod_auth_mellon-doc-0.17.0-150200.5.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): apache2-mod_auth_mellon-0.17.0-150200.5.7.1 References: https://www.suse.com/security/cve/CVE-2021-3639.html https://bugzilla.suse.com/1188926

1 0

SUSE-SU-2022:1516-1: important: Security update for libwmf
by opensuse-security＠opensuse.org 04 May '22

04 May '22

SUSE Security Update: Security update for libwmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1516-1 Rating: important References: #1006739 #1123522 #1174075 Cross-References: CVE-2016-9011 CVE-2019-6978 CVSS scores: CVE-2016-9011 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-6978 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-6978 (SUSE): 4.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libwmf fixes the following issues: libwmf was updated to 0.2.12: * upstream changed to fork from Fedora: https://github.com/caolanm/libwmf * merged all the pending fixes * merge in fixes for libgd CVE-2019-6978 (bsc#1123522) * fixed memory allocation failure (CVE-2016-9011) * Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1516=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1516=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-1516=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1516=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1516=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libwmf-0_2-7-0.2.12-150000.4.4.1 libwmf-0_2-7-debuginfo-0.2.12-150000.4.4.1 libwmf-debugsource-0.2.12-150000.4.4.1 libwmf-devel-0.2.12-150000.4.4.1 libwmf-gnome-0.2.12-150000.4.4.1 libwmf-gnome-debuginfo-0.2.12-150000.4.4.1 libwmf-tools-0.2.12-150000.4.4.1 libwmf-tools-debuginfo-0.2.12-150000.4.4.1 - openSUSE Leap 15.4 (x86_64): libwmf-0_2-7-32bit-0.2.12-150000.4.4.1 libwmf-0_2-7-32bit-debuginfo-0.2.12-150000.4.4.1 libwmf-gnome-32bit-0.2.12-150000.4.4.1 libwmf-gnome-32bit-debuginfo-0.2.12-150000.4.4.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libwmf-0_2-7-0.2.12-150000.4.4.1 libwmf-0_2-7-debuginfo-0.2.12-150000.4.4.1 libwmf-debugsource-0.2.12-150000.4.4.1 libwmf-devel-0.2.12-150000.4.4.1 libwmf-gnome-0.2.12-150000.4.4.1 libwmf-gnome-debuginfo-0.2.12-150000.4.4.1 libwmf-tools-0.2.12-150000.4.4.1 libwmf-tools-debuginfo-0.2.12-150000.4.4.1 - openSUSE Leap 15.3 (x86_64): libwmf-0_2-7-32bit-0.2.12-150000.4.4.1 libwmf-0_2-7-32bit-debuginfo-0.2.12-150000.4.4.1 libwmf-gnome-32bit-0.2.12-150000.4.4.1 libwmf-gnome-32bit-debuginfo-0.2.12-150000.4.4.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): libwmf-0_2-7-0.2.12-150000.4.4.1 libwmf-0_2-7-debuginfo-0.2.12-150000.4.4.1 libwmf-debugsource-0.2.12-150000.4.4.1 libwmf-devel-0.2.12-150000.4.4.1 libwmf-gnome-0.2.12-150000.4.4.1 libwmf-gnome-debuginfo-0.2.12-150000.4.4.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): libwmf-0_2-7-0.2.12-150000.4.4.1 libwmf-0_2-7-debuginfo-0.2.12-150000.4.4.1 libwmf-debugsource-0.2.12-150000.4.4.1 libwmf-devel-0.2.12-150000.4.4.1 libwmf-gnome-0.2.12-150000.4.4.1 libwmf-gnome-debuginfo-0.2.12-150000.4.4.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): libwmf-0_2-7-0.2.12-150000.4.4.1 libwmf-0_2-7-debuginfo-0.2.12-150000.4.4.1 libwmf-debugsource-0.2.12-150000.4.4.1 libwmf-devel-0.2.12-150000.4.4.1 libwmf-gnome-0.2.12-150000.4.4.1 libwmf-gnome-debuginfo-0.2.12-150000.4.4.1 References: https://www.suse.com/security/cve/CVE-2016-9011.html https://www.suse.com/security/cve/CVE-2019-6978.html https://bugzilla.suse.com/1006739 https://bugzilla.suse.com/1123522 https://bugzilla.suse.com/1174075

1 0

SUSE-SU-2022:1515-1: important: Security update for rubygem-puma
by opensuse-security＠opensuse.org 04 May '22

04 May '22

SUSE Security Update: Security update for rubygem-puma ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1515-1 Rating: important References: #1188527 #1191681 #1196222 Cross-References: CVE-2021-29509 CVE-2021-41136 CVE-2022-23634 CVSS scores: CVE-2021-29509 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29509 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-41136 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N CVE-2021-41136 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N CVE-2022-23634 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for rubygem-puma fixes the following issues: rubygem-puma was updated to version 4.3.11: * CVE-2021-29509: Adjusted an incomplete fix for allows Denial of Service (DoS) (bsc#1188527) * CVE-2021-41136: Fixed request smuggling if HTTP header value contains the LF character (bsc#1191681) * CVE-2022-23634: Fixed information leak between requests (bsc#1196222) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1515=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1515=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-1515=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-1515=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-1515=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-1515=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-1515=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.11-150000.3.6.2 ruby2.5-rubygem-puma-debuginfo-4.3.11-150000.3.6.2 ruby2.5-rubygem-puma-doc-4.3.11-150000.3.6.2 rubygem-puma-debugsource-4.3.11-150000.3.6.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.11-150000.3.6.2 ruby2.5-rubygem-puma-debuginfo-4.3.11-150000.3.6.2 ruby2.5-rubygem-puma-doc-4.3.11-150000.3.6.2 rubygem-puma-debugsource-4.3.11-150000.3.6.2 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.11-150000.3.6.2 ruby2.5-rubygem-puma-debuginfo-4.3.11-150000.3.6.2 rubygem-puma-debugsource-4.3.11-150000.3.6.2 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.11-150000.3.6.2 ruby2.5-rubygem-puma-debuginfo-4.3.11-150000.3.6.2 rubygem-puma-debugsource-4.3.11-150000.3.6.2 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.11-150000.3.6.2 ruby2.5-rubygem-puma-debuginfo-4.3.11-150000.3.6.2 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.11-150000.3.6.2 ruby2.5-rubygem-puma-debuginfo-4.3.11-150000.3.6.2 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.11-150000.3.6.2 ruby2.5-rubygem-puma-debuginfo-4.3.11-150000.3.6.2 References: https://www.suse.com/security/cve/CVE-2021-29509.html https://www.suse.com/security/cve/CVE-2021-41136.html https://www.suse.com/security/cve/CVE-2022-23634.html https://bugzilla.suse.com/1188527 https://bugzilla.suse.com/1191681 https://bugzilla.suse.com/1196222

1 0

SUSE-SU-2022:1509-1: moderate: Security update for pcp
by opensuse-security＠opensuse.org 03 May '22

03 May '22

SUSE Security Update: Security update for pcp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1509-1 Rating: moderate References: #1171883 Cross-References: CVE-2020-8025 CVSS scores: CVE-2020-8025 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for pcp fixes the following issues: - CVE-2020-8025: Fixed outdated entries in permissions profiles for /var/lib/pcp/tmp/* (bsc#1171883). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1509=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1509=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): pcp-pmda-kvm-3.11.9-150000.5.14.1 pcp-pmda-lmsensors-debuginfo-3.11.9-150000.5.14.1 pcp-pmda-postgresql-3.11.9-150000.5.14.1 python-pcp-3.11.9-150000.5.14.1 python-pcp-debuginfo-3.11.9-150000.5.14.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): pcp-pmda-kvm-3.11.9-150000.5.14.1 pcp-pmda-lmsensors-debuginfo-3.11.9-150000.5.14.1 pcp-pmda-postgresql-3.11.9-150000.5.14.1 python-pcp-3.11.9-150000.5.14.1 python-pcp-debuginfo-3.11.9-150000.5.14.1 References: https://www.suse.com/security/cve/CVE-2020-8025.html https://bugzilla.suse.com/1171883

1 0