openSUSE Updates
Threads by month
- ----- 2024 -----
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
October 2022
- 2 participants
- 182 discussions
openSUSE-SU-2022:10151-1: important: Security update for chromium
by opensuse-security@opensuse.org 17 Oct '22
by opensuse-security@opensuse.org 17 Oct '22
17 Oct '22
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10151-1
Rating: important
References: #1204223
Cross-References: CVE-2022-3445 CVE-2022-3446 CVE-2022-3447
CVE-2022-3448 CVE-2022-3449 CVE-2022-3450
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium 106.0.5249.119 (boo#1204223):
* CVE-2022-3445: Use after free in Skia
* CVE-2022-3446: Heap buffer overflow in WebSQL
* CVE-2022-3447: Inappropriate implementation in Custom Tabs
* CVE-2022-3448: Use after free in Permissions API
* CVE-2022-3449: Use after free in Safe Browsing
* CVE-2022-3450: Use after free in Peer Connection
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10151=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 x86_64):
chromedriver-106.0.5249.119-bp153.2.128.1
chromium-106.0.5249.119-bp153.2.128.1
References:
https://www.suse.com/security/cve/CVE-2022-3445.html
https://www.suse.com/security/cve/CVE-2022-3446.html
https://www.suse.com/security/cve/CVE-2022-3447.html
https://www.suse.com/security/cve/CVE-2022-3448.html
https://www.suse.com/security/cve/CVE-2022-3449.html
https://www.suse.com/security/cve/CVE-2022-3450.html
https://bugzilla.suse.com/1204223
1
0
SUSE-SU-2022:3594-1: important: Security update for qemu
by opensuse-security@opensuse.org 17 Oct '22
by opensuse-security@opensuse.org 17 Oct '22
17 Oct '22
SUSE Security Update: Security update for qemu
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3594-1
Rating: important
References: #1175144 #1182282 #1192115 #1198035 #1198037
#1198038
Cross-References: CVE-2021-3409 CVE-2021-4206 CVE-2021-4207
CVE-2022-0216 CVE-2022-35414
CVSS scores:
CVE-2021-3409 (NVD) : 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
CVE-2021-3409 (SUSE): 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
CVE-2021-4206 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-4206 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-4207 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-4207 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-0216 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-0216 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
CVE-2022-35414 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2022-35414 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 5 vulnerabilities and has one errata
is now available.
Description:
This update for qemu fixes the following issues:
- CVE-2021-3409: Fixed an incomplete fix for CVE-2020-17380 and
CVE-2020-25085 in sdhi controller. (bsc#1182282)
- CVE-2021-4206: Fixed an integer overflow in cursor_alloc which can lead
to heap buffer overflow. (bsc#1198035)
- CVE-2021-4207: Fixed a double fetch in qxl_cursor ehich can lead to heap
buffer overflow. (bsc#1198037)
- CVE-2022-0216: Fixed a use after free issue found in
hw/scsi/lsi53c895a.c. (bsc#1198038)
- CVE-2022-35414: Fixed an uninitialized read during address translation
that leads to a crash. (bsc#1201367)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3594=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3594=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3594=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3594=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3594=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3594=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3594=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3594=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3594=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3594=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3594=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
qemu-s390-4.2.1-150200.69.1
qemu-s390-debuginfo-4.2.1-150200.69.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
qemu-s390-4.2.1-150200.69.1
qemu-s390-debuginfo-4.2.1-150200.69.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
qemu-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-curl-debuginfo-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-iscsi-debuginfo-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-rbd-debuginfo-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-block-ssh-debuginfo-4.2.1-150200.69.1
qemu-debuginfo-4.2.1-150200.69.1
qemu-debugsource-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-guest-agent-debuginfo-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-tools-debuginfo-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1
- SUSE Manager Server 4.1 (s390x x86_64):
qemu-kvm-4.2.1-150200.69.1
- SUSE Manager Server 4.1 (ppc64le):
qemu-ppc-4.2.1-150200.69.1
qemu-ppc-debuginfo-4.2.1-150200.69.1
- SUSE Manager Server 4.1 (noarch):
qemu-ipxe-1.0.0+-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
- SUSE Manager Server 4.1 (x86_64):
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-alsa-debuginfo-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-audio-pa-debuginfo-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-curses-debuginfo-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-gtk-debuginfo-4.2.1-150200.69.1
qemu-x86-4.2.1-150200.69.1
qemu-x86-debuginfo-4.2.1-150200.69.1
- SUSE Manager Server 4.1 (s390x):
qemu-s390-4.2.1-150200.69.1
qemu-s390-debuginfo-4.2.1-150200.69.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
qemu-4.2.1-150200.69.1
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-alsa-debuginfo-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-audio-pa-debuginfo-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-curl-debuginfo-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-iscsi-debuginfo-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-rbd-debuginfo-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-block-ssh-debuginfo-4.2.1-150200.69.1
qemu-debuginfo-4.2.1-150200.69.1
qemu-debugsource-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-guest-agent-debuginfo-4.2.1-150200.69.1
qemu-kvm-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-tools-debuginfo-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-curses-debuginfo-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-gtk-debuginfo-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1
qemu-x86-4.2.1-150200.69.1
qemu-x86-debuginfo-4.2.1-150200.69.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
qemu-ipxe-1.0.0+-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
- SUSE Manager Proxy 4.1 (noarch):
qemu-ipxe-1.0.0+-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
- SUSE Manager Proxy 4.1 (x86_64):
qemu-4.2.1-150200.69.1
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-alsa-debuginfo-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-audio-pa-debuginfo-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-curl-debuginfo-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-iscsi-debuginfo-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-rbd-debuginfo-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-block-ssh-debuginfo-4.2.1-150200.69.1
qemu-debuginfo-4.2.1-150200.69.1
qemu-debugsource-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-guest-agent-debuginfo-4.2.1-150200.69.1
qemu-kvm-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-tools-debuginfo-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-curses-debuginfo-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-gtk-debuginfo-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1
qemu-x86-4.2.1-150200.69.1
qemu-x86-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
qemu-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-curl-debuginfo-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-iscsi-debuginfo-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-rbd-debuginfo-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-block-ssh-debuginfo-4.2.1-150200.69.1
qemu-debuginfo-4.2.1-150200.69.1
qemu-debugsource-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-guest-agent-debuginfo-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-tools-debuginfo-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le):
qemu-ppc-4.2.1-150200.69.1
qemu-ppc-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
qemu-ipxe-1.0.0+-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-alsa-debuginfo-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-audio-pa-debuginfo-4.2.1-150200.69.1
qemu-kvm-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-curses-debuginfo-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-gtk-debuginfo-4.2.1-150200.69.1
qemu-x86-4.2.1-150200.69.1
qemu-x86-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
qemu-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-curl-debuginfo-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-iscsi-debuginfo-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-rbd-debuginfo-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-block-ssh-debuginfo-4.2.1-150200.69.1
qemu-debuginfo-4.2.1-150200.69.1
qemu-debugsource-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-guest-agent-debuginfo-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-tools-debuginfo-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (s390x x86_64):
qemu-kvm-4.2.1-150200.69.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (ppc64le):
qemu-ppc-4.2.1-150200.69.1
qemu-ppc-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64):
qemu-arm-4.2.1-150200.69.1
qemu-arm-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64):
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-alsa-debuginfo-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-audio-pa-debuginfo-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-curses-debuginfo-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-gtk-debuginfo-4.2.1-150200.69.1
qemu-x86-4.2.1-150200.69.1
qemu-x86-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
qemu-ipxe-1.0.0+-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (s390x):
qemu-s390-4.2.1-150200.69.1
qemu-s390-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
qemu-4.2.1-150200.69.1
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-alsa-debuginfo-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-audio-pa-debuginfo-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-curl-debuginfo-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-iscsi-debuginfo-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-rbd-debuginfo-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-block-ssh-debuginfo-4.2.1-150200.69.1
qemu-debuginfo-4.2.1-150200.69.1
qemu-debugsource-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-guest-agent-debuginfo-4.2.1-150200.69.1
qemu-kvm-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-tools-debuginfo-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-curses-debuginfo-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-gtk-debuginfo-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1
qemu-x86-4.2.1-150200.69.1
qemu-x86-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
qemu-ipxe-1.0.0+-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
qemu-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-curl-debuginfo-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-iscsi-debuginfo-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-rbd-debuginfo-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-block-ssh-debuginfo-4.2.1-150200.69.1
qemu-debuginfo-4.2.1-150200.69.1
qemu-debugsource-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-guest-agent-debuginfo-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-tools-debuginfo-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64):
qemu-arm-4.2.1-150200.69.1
qemu-arm-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
qemu-ipxe-1.0.0+-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64):
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-alsa-debuginfo-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-audio-pa-debuginfo-4.2.1-150200.69.1
qemu-kvm-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-curses-debuginfo-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-gtk-debuginfo-4.2.1-150200.69.1
qemu-x86-4.2.1-150200.69.1
qemu-x86-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
qemu-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-curl-debuginfo-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-iscsi-debuginfo-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-rbd-debuginfo-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-block-ssh-debuginfo-4.2.1-150200.69.1
qemu-debuginfo-4.2.1-150200.69.1
qemu-debugsource-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-guest-agent-debuginfo-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-tools-debuginfo-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64):
qemu-arm-4.2.1-150200.69.1
qemu-arm-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
qemu-ipxe-1.0.0+-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64):
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-alsa-debuginfo-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-audio-pa-debuginfo-4.2.1-150200.69.1
qemu-kvm-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-curses-debuginfo-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-gtk-debuginfo-4.2.1-150200.69.1
qemu-x86-4.2.1-150200.69.1
qemu-x86-debuginfo-4.2.1-150200.69.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
qemu-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-curl-debuginfo-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-iscsi-debuginfo-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-rbd-debuginfo-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-block-ssh-debuginfo-4.2.1-150200.69.1
qemu-debuginfo-4.2.1-150200.69.1
qemu-debugsource-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-guest-agent-debuginfo-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-tools-debuginfo-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1
- SUSE Enterprise Storage 7 (aarch64):
qemu-arm-4.2.1-150200.69.1
qemu-arm-debuginfo-4.2.1-150200.69.1
- SUSE Enterprise Storage 7 (x86_64):
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-alsa-debuginfo-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-audio-pa-debuginfo-4.2.1-150200.69.1
qemu-kvm-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-curses-debuginfo-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-gtk-debuginfo-4.2.1-150200.69.1
qemu-x86-4.2.1-150200.69.1
qemu-x86-debuginfo-4.2.1-150200.69.1
- SUSE Enterprise Storage 7 (noarch):
qemu-ipxe-1.0.0+-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
References:
https://www.suse.com/security/cve/CVE-2021-3409.html
https://www.suse.com/security/cve/CVE-2021-4206.html
https://www.suse.com/security/cve/CVE-2021-4207.html
https://www.suse.com/security/cve/CVE-2022-0216.html
https://www.suse.com/security/cve/CVE-2022-35414.html
https://bugzilla.suse.com/1175144
https://bugzilla.suse.com/1182282
https://bugzilla.suse.com/1192115
https://bugzilla.suse.com/1198035
https://bugzilla.suse.com/1198037
https://bugzilla.suse.com/1198038
1
0
openSUSE-SU-2022:10148-1: important: Security update for roundcubemail
by opensuse-security@opensuse.org 16 Oct '22
by opensuse-security@opensuse.org 16 Oct '22
16 Oct '22
openSUSE Security Update: Security update for roundcubemail
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10148-1
Rating: important
References: #1180132 #1180399
Cross-References: CVE-2019-10740 CVE-2020-12641 CVE-2020-16145
CVE-2020-35730
CVSS scores:
CVE-2019-10740 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2020-12641 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2020-16145 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2020-35730 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:
openSUSE Backports SLE-15-SP3
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for roundcubemail fixes the following issues:
roundcubemail was updated to 1.5.3
* Enigma: Fix initial synchronization of private keys
* Enigma: Fix double quoted-printable encoding of pgp-signed messages with
no attachments (#8413)
* Fix various PHP8 warnings (#8392)
* Fix mail headers injection via the subject field on mail compose (#8404)
* Fix bug where small message/rfc822 parts could not be decoded (#8408)
* Fix setting HTML mode on reply/forward of a signed message (#8405)
* Fix handling of RFC2231-encoded attachment names inside of a
message/rfc822 part (#8418)
* Fix bug where some mail parts (images) could have not be listed as
attachments (#8425)
* Fix bug where attachment icons were stuck at the top of the messages
list in Safari (#8433)
* Fix handling of message/rfc822 parts that are small and are multipart
structures with a single part (#8458)
* Fix bug where session could time out if DB and PHP timezone were
different (#8303)
* Fix bug where DSN flag state wasn't stored with a draft (#8371)
* Fix broken encoding of HTML content encapsulated in a RTF attachment
(#8444)
* Fix problem with aria-hidden=true on toolbar menus in the Elastic skin
(#8517)
* Fix bug where title tag content was displayed in the body if it
contained HTML tags (#8540)
* Fix support for DSN specification without host e.g. pgsql:///dbname
(#8558)
update to 1.5.2
* OAuth: pass 'id_token' to 'oauth_login' plugin hook (#8214)
* OAuth: fix expiration of short-lived oauth tokens (#8147)
* OAuth: fix relative path to assets if /index.php/foo/bar url is used
(#8144)
* OAuth: no auto-redirect on imap login failures (#8370)
* OAuth: refresh access token in 'refresh' plugin hook (#8224)
* Fix so folder search parameters are honored by subscriptions_option
plugin (#8312)
* Fix password change with Directadmin driver (#8322, #8329)
* Fix so css files in plugins/jqueryui/themes will be minified too (#8337)
* Fix handling of unicode/special characters in custom From input (#8357)
* Fix some PHP8 compatibility issues (#8363)
* Fix chpass-wrapper.py helper compatibility with Python 3 (#8324)
* Fix scrolling and missing Close button in the Select image dialog in
Elastic/mobile (#8367)
* Security: fix cross-site scripting (XSS) via HTML messages with
malicious CSS content
- added Suggests: php-sqlite
- use the virtual provides from each PHP module, to allow the installation
of roundcubemail with various PHP versions. The only problem, we are
currently facing is the automatic enablement of the PHP apache module
during post-installation: Trying to evaluate the correct PHP module now
during post as well, which should eleminate the pre-definition of the
required PHP-Version during build completely. See
https://build.opensuse.org/request/show/940859 for the initial
discussion.
update to 1.5.1
* Fix importing contacts with no email address (#8227)
* Fix so session's search scope is not used if search is not active (#8199)
* Fix some PHP8 warnings (#8239)
* Fix so dark mode state is retained after closing the browser (#8237)
* Fix bug where new messages were not added to the list on refresh if
skip_deleted=true (#8234)
* Fix colors on "Show source" page in dark mode (#8246)
* Fix handling of dark_mode_support:false setting in skins meta.json -
also when devel_mode=false (#8249)
* Fix database initialization if db_prefix is a schema prefix (#8221)
* Fix undefined constant error in Installer on Windows (#8258)
* Fix installation/upgrade on MySQL 5.5 - Index column size too large
(#8231)
* Fix regression in setting of contact listing name (#8260)
* Fix bug in Larry skin where headers toggle state was reset on full page
preview (#8203)
* Fix bug where \u200b characters were added into the recipient input
preventing mail delivery (#8269)
* Fix charset conversion errors on PHP < 8 for charsets not supported by
mbstring (#8252)
* Fix bug where adding a contact to trusted senders via "Always allow
from..." button didn't work (#8264, #8268)
* Fix bug with show_images setting where option 1 and 3 were swapped
(#8268)
* Fix PHP fatal error on an undefined constant in contacts import action
(#8277)
* Fix fetching headers of multiple message parts at once in
rcube_imap_generic::fetchMIMEHeaders() (#8282)
* Fix bug where attachment download could sometimes fail with a CSRF check
error (#8283)
* Fix an infinite loop when parsing environment variables with
float/integer values (#8293)
* Fix so 'small-dark' logo has more priority than the 'small' logo (#8298)
update to 1.5.0
+ full PHP8 support
+ Dark mode for Elastic skin
+ OAuth2/XOauth support (with plugin hooks)
+ Collected recipients and trusted senders
+ Moving recipients between inputs with drag & drop
+ Full unicode support with MySQL database
+ Support of IMAP LITERAL- extension RFC 7888
<https://datatracker.ietf.org/doc/html/rfc7888>
+ Support of RFC 2231 <https://datatracker.ietf.org/doc/html/rfc2231>
encoded names
+ Cache refactoring More at
https://github.com/roundcube/roundcubemail/releases/tag/1.5.0
+ added SECURITY.md to documentation
+ mark the whole documentation directory as documentation instead of
listing some files and others not (avoid duplicate entries in RPM-DB)
+ adjust requirements: php-intl is now required
update to 1.4.11 with security fix:
- Fix cross-site scripting (XSS) via HTML messages with malicious CSS
content
- add PHP version to Requires: and Recommends: to make sure the same
version is installed as used during packaging
- drop Requires: http_daemon (fixes boo#1180132) and Suggests: apache2
(which is already required though mod_php_any)
update to 1.4.10:
* Stored cross-site scripting (XSS) via HTML or plain text messages with
malicious content ( CVE-2020-35730 boo#1180399 )
* Fix extra angle brackets in In-Reply-To header derived from mailto:
params (#7655)
* Fix folder list issue when special folder is a subfolder (#7647)
* Fix Elastic's folder subscription toggle in search result (#7653)
* Fix state of subscription toggle on folders list after changing folder
state from the search result (#7653)
* Security: Fix cross-site scripting (XSS) via HTML or plain text messages
with malicious content
update to 1.4.9:
* Fix HTML editor in latest Chrome 85.0.4183.102, update to TinyMCE 4.9.11
(#7615)
* Add missing localization for some label/legend elements in userinfo
plugin (#7478)
* Fix importing birthday dates from Gmail vCards (BDAY:YYYYMMDD)
* Fix restoring Cc/Bcc fields from local storage (#7554)
* Fix jstz.min.js installation, bump version to 1.0.7
* Fix incorrect PDO::lastInsertId() use in sqlsrv driver (#7564)
* Fix link to closure compiler in bin/jsshrink.sh script (#7567)
* Fix bug where some parts of a message could have been missing in a
reply/forward body (#7568)
* Fix empty space on mail printouts in Chrome (#7604)
* Fix empty output from HTML5 parser when content contains XML tag (#7624)
* Fix scroll jump on key press in plain text mode of the HTML editor
(#7622)
* Fix so autocompletion list does not hide on scroll inside it (#7592)
update to 1.4.8 with security fixes:
* Fix cross-site scripting (XSS) via HTML messages with malicious svg
content (CVE-2020-16145)
* Fix cross-site scripting (XSS) via HTML messages with malicious math
content
update to 1.4.7 with security fix:
* Fix bug where subfolders of special folders could have been duplicated
on folder list
* Increase maximum size of contact jobtitle and department fields to 128
characters
* Fix missing newline after the logged line when writing to stdout (#7418)
* Elastic: Fix context menu (paste) on the recipient input (#7431)
* Fix problem with forwarding inline images attached to messages with no
HTML part (#7414)
* Fix problem with handling attached images with same name when using
database_attachments/redundant_attachments (#7455)
- add http.inc file
* include one file for php5/php7 admin flags/values
update to 1.4.5
Security fixes
* Fix XSS issue in template object 'username' (#7406)
* Fix cross-site scripting (XSS) via malicious XML attachment
* Fix a couple of XSS issues in Installer (#7406)
* Better fix for CVE-2020-12641
Other changes
* Fix bug in extracting required plugins from composer.json that led to
spurious error in log (#7364)
* Fix so the database setup description is compatible with MySQL 8 (#7340)
* Markasjunk: Fix regression in jsevent driver (#7361)
* Fix missing flag indication on collapsed thread in Larry and Elastic
(#7366)
* Fix default keyservers (use keys.openpgp.org), add note about CORS
(#7373, #7367)
* Password: Fix issue with Modoboa driver (#7372)
* Mailvelope: Use sender's address to find pubkeys to check signatures
(#7348)
* Mailvelope: Fix Encrypt button hidden in Elastic (#7353)
* Fix PHP warning: count(): Parameter must be an array or an object... in
ID command handler (#7392)
* Fix error when user-configured skin does not exist anymore (#7271)
* Elastic: Fix aspect ratio of a contact photo in mail preview (#7339)
* Fix bug where PDF attachments marked as inline could have not been
attached on mail forward (#7382)
* Security: Fix a couple of XSS issues in Installer (#7406)
* Security: Better fix for CVE-2020-12641
update to 1.4.4
* Fix bug where attachments with Content-Id were attached to the message
on reply (#7122)
* Fix identity selection on reply when both sender and recipient addresses
are included in identities (#7211)
* Elastic: Fix text selection with Shift+PageUp and Shift+PageDown in
plain text editor when using Chrome (#7230)
* Elastic: Fix recipient input bug when using click to select a contact
from autocomplete list (#7231)
* Elastic: Fix color of a folder with recent messages (#7281)
* Elastic: Restrict logo size in print view (#7275)
* Fix invalid Content-Type for messages with only html part and inline
images * Mail_Mime-1.10.7 (#7261)
* Fix missing contact display name in QR Code data (#7257)
* Fix so button label in Select image/media dialogs is "Close" not
"Cancel" (#7246)
* Fix regression in testing database schema on MSSQL (#7227)
* Fix cursor position after inserting a group to a recipient input using
autocompletion (#7267)
* Fix string literals handling in IMAP STATUS (and various other)
responses (#7290)
* Fix bug where multiple images in a message were replaced by the first
one on forward/reply/edit (#7293)
* Fix handling keyservers configured with protocol prefix (#7295)
* Markasjunk: Fix marking as spam/ham on moving messages with Move menu
(#7189)
* Markasjunk: Fix bug where moving to Junk was failing on messages
selected with Select > All (#7206)
* Fix so imap error message is displayed to the user on folder
create/update (#7245)
* Fix bug where a special folder couldn't be created if a special-use flag
is not supported (#7147)
* Mailvelope: Fix bug where recipients with name were not handled properly
in mail compose (#7312)
* Fix characters encoding in group rename input after group
creation/rename (#7330)
* Fix bug where some message/rfc822 parts could not be attached on forward
(#7323)
* Make install-jsdeps.sh script working without the 'file' program
installed (#7325)
* Fix performance issue of parsing big HTML messages by disabling HTML5
parser for these (#7331)
* Fix so Print button for PDF attachments works on Firefox >= 75 (#5125)
update to 1.4.3
* Enigma: Fix so key list selection is reset when opening key creation
form (#7154)
* Enigma: Fix so using list checkbox selection does not load the key
preview frame
* Enigma: Fix generation of key pairs for identities with IDN domains
(#7181)
* Enigma: Display IDN domains of key users and identities in UTF8
* Enigma: Fix bug where "Send unencrypted" button didn't work in Elastic
skin (#7205)
* Managesieve: Fix bug where it wasn't possible to save flag actions
(#7188)
* Markasjunk: Fix bug where marking as spam/ham didn't work on moving
messages with drag-and-drop (#7137)
* Password: Make chpass-wrapper.py Python 3 compatible (#7135)
* Elastic: Fix disappearing sidebar in mail compose after clicking Mail
button
* Elastic: Fix incorrect aria-disabled attribute on Mail taskmenu button
in mail compose
* Elastic: Fix bug where it was possible to switch editor mode when
'htmleditor' was in 'dont_override' (#7143)
* Elastic: Fix text selection in recipient inputs (#7129)
* Elastic: Fix missing Close button in "more recipients" dialog
* Elastic: Fix non-working folder subscription checkbox for newly added
folders (#7174)
* Fix regression where "Open in new window" action didn't work (#7155)
* Fix PHP Warning: array_filter() expects parameter 1 to be array, null
given in subscriptions_option plugin (#7165)
* Fix unexpected error message when mail refresh involves folder
auto-unsubscribe (#6923)
* Fix recipient duplicates in print-view when the recipient list has been
expanded (#7169)
* Fix bug where files in skins/ directory were listed on skins list (#7180)
* Fix bug where message parts with no Content-Disposition header and no
name were not listed on attachments list (#7117)
* Fix display issues with mail subject that contains line-breaks (#7191)
* Fix invalid Content-Transfer-Encoding on multipart messages - Mail_Mime
fix (#7170)
* Fix regression where using an absolute path to SQLite database file on
Windows didn't work (#7196)
* Fix using unix:///path/to/socket.file in memcached driver (#7210)
- prefer brotli over gzip if brotli is available:
+ enable mod_brotli in roundcubemail-httpd.conf (after deflate)
+ enable brotli via a2enmod for new installations
update to 1.4.2:
* Plugin API: Make actionbefore, before, actionafter and after events
working with plugin actions (#7106)
* Managesieve: Replace "Filter disabled" with "Filter enabled" (#7028)
* Managesieve: Fix so modifier type select wasn't hidden after hiding
modifier select on header change
* Managesieve: Fix filter selection after removing a first filter (#7079)
* Markasjunk: Fix marking more than one message as spam/ham with
email_learn driver (#7121)
* Password: Fix kpasswd and smb drivers' double-escaping bug (#7092)
* Enigma: Add script to import keys from filesystem to the db storage (for
multihost)
* Installer: Fix DB Write test on SQLite database ("database is locked"
error) (#7064)
* Installer: Fix so SQLite DSN with a relative path to the database file
works in Installer
* Elastic: Fix contrast of warning toasts (#7058)
* Elastic: Simple search in pretty selects (#7072)
* Elastic: Fix hidden list widget on mobile/tablet when selecting folder
while search menu is open (#7120)
* Fix so type attribute on script tags is not used on HTML5 pages (#6975)
* Fix unread count after purge on a folder that is not currently selected
(#7051)
* Fix bug where Enter key didn't work on messages list in "List" layout
(#7052)
* Fix bug where deleting a saved search in addressbook caused display
issue on sources/groups list (#7061)
* Fix bug where a new saved search added after removing all searches
wasn't added to the list (#7061)
* Fix bug where a new contact group added after removing all groups from
addressbook wasn't added to the list
* Fix so install-jsdeps.sh removes Bootstrap's sourceMappingURL (#7035)
* Fix so use of Ctrl+A does not scroll the list (#7020)
* Fix/remove useless keyup event handler on username input in logon form
(#6970)
* Fix bug where cancelling switching from HTML to plain text didn't set
the flag properly (#7077)
* Fix bug where HTML reply could add an empty line with extra indentation
above the original message (#7088)
* Fix matching multiple X-Forwarded-For addresses with 'proxy_whitelist'
(#7107)
* Fix so displayed maximum attachment size depends also on
'max_message_size' (#7105)
* Fix bug where 'skins_allowed' option didn't enforce user skin preference
(#7080)
* Fix so contact's organization field accepts up to 128 characters (it was
50)
* Fix bug where listing tables in PostgreSQL database with db_prefix
didn't work (#7093)
* Fix bug where 'text' attribute on body tag was ignored when displaying
HTML message (#7109)
* Fix bug where next message wasn't displayed after delete in List mode
(#7096)
* Fix so number of contacts in a group is not limited to 200 when
redirecting to mail composer from Contacts (#6972)
* Fix malformed characters in HTML message with charset meta tag not in
head (#7116)
- php documentor is not needed on a productive system -> remove
- also fix /usr/bin/env calls for two vendor scripts
- skins now have some configurable files in their directories: move those
files over to /etc/roundcubemail/skins/
- move other text files (incl. vendor ones) out of the root directory (and
handle the LICENSE file a bit different)
- enable mod_filter and add AddOutputFilterByType for common media types
like html, javascript or xml
- enable php7 on newer openSUSE versions
- enable deflate, expires, filter, headers and setenvif on a new
installation - do not enable any module in case of an update
- recommend php-imagick for additional features
- fixed most of the shell scripts to contain /usr/bin/php
Upgrade to version 1.4.1:
* new defaults for smtp_* config options
* changed default password_charset to UTF-8
* login page returning 401 Unauthorized status
Upgrade to version 1.4.0:
* Update to jQuery 3.4.1
* Update to TinyMCE 4.8.2
* Update to jQuery-MiniColors 2.3.4
* Clarified 'address_book_type' option behavior (#6680)
* Added cookie mismatch detection, display an error message informing the
user to clear cookies
* Renamed 'log_session' option to 'session_debug'
* Removed 'delete_always' option (#6782)
* Don't log full session identifiers in userlogins log (#6625)
* Support $HasAttachment/$HasNoAttachment keywords (#6201)
* Support PECL memcached extension as a session and cache storage driver
(experimental)
* Switch to IDNA2008 variant (#6806)
* installto.sh: Add possibility to run the update even on the up-to-date
installation (#6533)
* Plugin API: Add 'render_folder_selector' hook
* Added 'keyservers' option to define list of HKP servers for
Enigma/Mailvelope (#6326)
* Added flag to disable server certificate validation via Mysql DSN
argument (#6848)
* Select all records on the current list page with CTRL + A (#6813)
* Use Left/Right Arrow keys to faster move over threaded messages list
(#6399)
* Changes in display_next setting (#6795):
* * Move it to Preferences > User Interface > Main Options
* * Make it apply to Contacts interface too
* * Make it apply only if deleting/moving a previewed message/contact
* Redis: Support connection to unix socket
* Put charset meta specification before a title tag, add page title
automatically (#6811)
* Elastic: Various internal refactorings
* Elastic: Add Prev/Next buttons on message page toolbar (#6648)
* Elastic: Close search options on Enter key press in quick-search input
(#6660)
* Elastic: Changed some icons (#6852)
* Elastic: Changed read/unread icons (#6636)
* Elastic: Changed "Move to..." icon (#6637)
* Elastic: Add hide/show for advanced preferences (#6632)
* Elastic: Add default icon on Settings/Preferences lists for external
plugins (#6814)
* Elastic: Add indicator for popover menu items that open a submenu (#6868)
* Elastic: Move compose attachments/options to the right side (#6839)
* Elastic: Add border/background to attachments list widget (#6842)
* Elastic: Add "Show unread messages" button to the search bar (#6587)
* Elastic: Fix bug where toolbar disappears on attachment menu use in
Chrome (#6677)
* Elastic: Fix folders list scrolling on touch devices (#6706)
* Elastic: Fix non-working pretty selects in Chrome browser (#6705)
* Elastic: Fix issue with absolute positioned mail content (#6739)
* Elastic: Fix bug where some menu actions could cause a browser popup
warning
* Elastic: Fix handling mailto: URL parameters in contact menu (#6751)
* Elastic: Fix keyboard navigation in some menus, e.g. the contact menu
* Elastic: Fix visual issue with long buttons in .boxwarning (#6797)
* Elastic: Fix handling new-line in text pasted to a recipient input
* Elastic: Fix so search is not reset when returning from the message
preview page (#6847)
* Larry: Fix regression where menu actions didn't work with keyboard
(#6740)
* ACL: Display user/group names (from ldap) instead of acl identifier
* Password: Added ldap_exop driver (#4992)
* Password: Added support for SSHA512 password algorithm (#6805)
* Managesieve: Fix bug where global includes were requested for vacation
(#6716)
* Managesieve: Use RFC-compliant line endings, CRLF instead of LF (#6686)
* Managesieve: Fix so "Create filter" option does not show up when Filters
menu is disabled (#6723)
* Enigma: For verified signatures, display the user id associated with the
sender address (#5958)
* Enigma: Fix bug where revoked users/keys were not greyed out in key info
* Enigma: Fix error message when trying to encrypt with a revoked key
(#6607)
* Enigma: Fix "decryption oracle" bug [CVE-2019-10740] (#6638)
* Enigma: Fix bug where signature verification could have been skipped for
some message structures (#6838)
* Fix language selection for spellchecker in html mode (#6915)
* Fix css styles leak from replied/forwarded message to the rest of the
composed text (#6831)
* Fix invalid path to "add contact" icon when using assets_path setting
* Fix invalid path to blocked.gif when using assets_path setting (#6752)
* Fix so advanced search dialog is not automatically displayed on
searchonly addressbooks (#6679)
* Fix so an error is logged when more than one attachment plugin has been
enabled, initialize the first one (#6735)
* Fix bug where flag change could have been passed to a preview frame when
not expected
* Fix bug in HTML parser that could cause missing text fragments when
there was no head/body tag (#6713)
* Fix bug where HTML messages with a xml:namespace tag were not rendered
(#6697)
* Fix TinyMCE download location (#6694)
* Fix so "Open in new window" consistently displays "external window"
interface (#6659)
* Fix bug where next row wasn't selected after deleting a collapsed thread
(#6655)
* Fix bug where external content (e.g. mail body) was passed to templates
parsing code (#6640)
* Fix bug where attachment preview didn't work with x_frame_options=deny
(#6688)
* Fix so bin/install-jsdeps.sh returns error code on error (#6704)
* Fix bug where bmp images couldn't be displayed on some systems (#6728)
* Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp
(#6744)
* Fix bug where bold/strong text was converted to upper-case on
html-to-text conversion (6758)
* Fix bug in rcube_utils::parse_hosts() where %t, %d, %z could return only
tld (#6746)
* Fix bug where Next/Prev button in mail view didn't work with
multi-folder search result (#6793)
* Fix bug where selection of columns on messages list wasn't working
* Fix bug in converting multi-page Tiff images to Jpeg (#6824)
* Fix bug where handling multiple messages from multi-folder search result
could not work (#6845)
* Fix bug where unread count wasn't updated after moving multi-folder
result (#6846)
* Fix wrong messages order after returning to a multi-folder search result
(#6836)
* Fix some PHP 7.4 compat. issues (#6884, #6866)
* Fix bug where it was possible to bypass the position:fixed CSS check in
received messages (#6898)
* Fix bug where some strict remote URIs in url() style were
unintentionally blocked (#6899)
* Fix bug where it was possible to bypass the CSS jail in HTML messages
using :root pseudo-class (#6897)
* Fix bug where it was possible to bypass href URI check with
data:application/xhtml+xml URIs (#6896)
* Changed 'password_charset' default to 'UTF-8' (#6522)
* Add skins_allowed option (#6483)
* SMTP GSSAPI support via krb_authentication plugin (#6417)
* Avoid Referer leaking by using Referrer-Policy:same-origin header (#6385)
* Removed 'referer_check' option (#6440)
* Use constant prefix for temp file names, don't remove temp files from
other apps (#6511)
* Ignore 'Sender' header on Reply-All action (#6506)
* deluser.sh: Add option to delete users who have not logged in for more
than X days (#6340)
* HTML5 Upload Progress - as a replacement for the old server-side
solution (#6177)
* Prevent from using deprecated timezone names from jsTimezoneDetect
* Force session.gc_probability=1 when using custom session handlers (#6560)
* Support simple field labels (e.g. LetterHub examples) in csv imports
(#6541)
* Add cache busters also to images used by templates (#6610)
* Plugin API: Added 'raise_error' hook (#6199)
* Plugin API: Added 'common_headers' hook (#6385)
* Plugin API: Added 'ldap_connected' hook
* Enigma: Update to OpenPGPjs 4.2.1 - fixes user name encoding issues in
key generation (#6524)
* Enigma: Fixed multi-host synchronization of private and deleted keys and
pubring.kbx file
* Managesieve: Added support for 'editheader' extension - RFC5293 (#5954)
* Managesieve: Fix bug where custom header or variable could be lost on
form submission (#6594)
* Markasjunk: Integrate markasjunk2 features into markasjunk - marking as
non-junk + learning engine (#6504)
* Password: Added 'modoboa' driver (#6361)
* Password: Fix bug where password_dovecotpw_with_method setting could be
ignored (#6436)
* Password: Fix bug where new users could skip forced password change
(#6434)
* Password: Allow drivers to override default password comparisons (eg new
is not same as current) (#6473)
* Password: Allow drivers to override default strength checks (eg allow
for 'not the same as last x passwords') (#246)
* Passowrd: Allow drivers to define password strength rules displayed to
the user
* Password: Allow separate password saving and strength drivers for use of
strength checking services (#5040)
* Password: Add zxcvbn driver for checking password strength (#6479)
* Password: Disallow control characters in passwords
* Password: Add support for Plesk >= 17.8 (#6526)
* Elastic: Improved datepicker displayed always in parent window
* Elastic: On touch devices display attachment icons on messages list
(#6296)
* Elastic: Make menu button inactive if all subactions are inactive (#6444)
* Elastic: On mobile/tablet jump to the list on folder selection (#6415)
* Elastic: Various improvements on mail compose screen (#6413)
* Elastic: Support new-line char as a separator for pasted recipients
(#6460)
* Elastic: Improved UX of search dialogs (#6416)
* Elastic: Fix unwanted thread expanding when selecting a collapsed thread
in non-mobile mode (#6445)
* Elastic: Fix too small height of mailvelope mail preview frame (#6600)
* Elastic: Add "status bar" for mobile in mail composer
* Elastic: Add selection options on contacts list (#6595)
* Elastic: Fix unintentional layout preference overwrite (#6613)
* Elastic: Fix bug where Enigma options in mail compose could sometimes be
ignored (#6515)
* Log errors caused by low pcre.backtrack_limit when sending a mail
message (#6433)
* Fix regression where drafts were not deleted after sending the message
(#6756)
* Fix so max_message_size limit is checked also when forwarding messages
as attachments (#6580)
* Fix so performance stats are logged to the main console log also when
per_user_logging=true
* Fix malformed message saved into Sent folder when using big attachments
and low memory limit (#6498)
* Fix incorrect IMAP SASL GSSAPI negotiation (#6308)
* Fix so unicode in local part of the email address is also supported in
recipient inputs (#6490)
* Fix bug where autocomplete list could be displayed out of screen (#6469)
* Fix style/navigation on error page depending on authentication state
(#6362)
* Fix so invalid smtp_helo_host is never used, fallback to localhost
(#6408)
* Fix custom logo size in Elastic (#6424)
* Fix listing the same attachment multiple times on forwarded messages
* Fix bug where a message/rfc822 part without a filename wasn't listed on
the attachments list (#6494)
* Fix inconsistent offset for various time zones - always display Standard
Time offset (#6531)
* Fix dummy Message-Id when resuming a draft without Message-Id header
(#6548)
* Fix handling of empty entries in vCard import (#6564)
* Fix bug in parsing some IMAP command responses that include unsolicited
replies (#6577)
* Fix PHP 7.2 compatibility in debug_logger plugin (#6586)
* Fix so ANY record is not used for email domain validation, use A, MX,
CNAME, AAAA instead (#6581)
* Fix so mime_content_type check in Installer uses files that should
always be available (i.e. from program/resources) (#6599)
* Fix missing CSRF token on a link to download too-big message part (#6621)
* Fix bug when aborting dragging with ESC key didn't stop the move action
(#6623)
* Improved Mailvelope integration
* * Added private key listing and generating to identity settings
* * Enable encrypt & sign option if Mailvelope supports it
* Allow contacts without an email address (#5079)
* Support SMTPUTF8 and relax email address validation to support unicode
in local part (#5120)
* Support for IMAP folders that cannot contain both folders and messages
(#5057)
* Remove sample PHP configuration from .htaccess and .user.ini files
(#5850)
* Extend skin_logo setting to allow per skin logos (#6272)
* Use Masterminds/HTML5 parser for better HTML5 support (#5761)
* Add More actions button in Contacts toolbar with Copy/Move actions
(#6081)
* Display an error when clicking disabled link to register protocol
handler (#6079)
* Add option trusted_host_patterns (#6009, #5752)
* Support additional connect parameters in PostgreSQL database wrapper
* Use UI dialogs instead of confirm() and alert() where possible
* Display value of the SMTP message size limit in the error message (#6032)
* Show message flagged status in message view (#5080)
* Skip redundant INSERT query on successful logon when using PHP7
* Replace display_version with display_product_version (#5904)
* Extend disabled_actions config so it accepts also button names (#5903)
* Handle remote stylesheets the same as remote images, ask the user to
allow them (#5994)
* Add Message-ID to the sendmail log (#5871)
* Add option to hide folders in share/other-user namespace or outside of
the personal namespace root (#5073)
* Archive: Fix archiving by sender address on cyrus-imap
* Archive: Style Archive folder also on folder selector and folder manager
lists
* Archive: Add Thunderbird compatible Month option (#5623)
* Archive: Create archive folder automatically if it's configured, but
does not exist (#6076)
* Enigma: Add button to send mail unencrypted if no key was found (#5913)
* Enigma: Add options to set PGP cipher/digest algorithms (#5645)
* Enigma: Multi-host support
* Managesieve: Add ability to disable filter sets and other actions
(#5496, #5898)
* Managesieve: Add option managesieve_forward to enable settings dialog
for simple forwarding (#6021)
* Managesieve: Support filter action with custom IMAP flags (#6011)
* Managesieve: Support 'mime' extension tests - RFC5703 (#5832)
* Managesieve: Support GSSAPI authentication with krb_authentication
plugin (#5779)
* Managesieve: Support enabling the plugin for specified hosts only (#6292)
* Password: Support host variables in password_db_dsn option (#5955)
* Password: Automatic virtualmin domain setting, removed
password_virtualmin_format option (#5759)
* Password: Added password_username_format option (#5766)
* subscriptions_option: show \Noselect folders greyed out (#5621)
* zipdownload: Added option to define size limit for multiple messages
download (#5696)
* vcard_attachments: Add possibility to send contact vCard from Contacts
toolbar (#6080)
* Changed defaults for smtp_user (%u), smtp_pass (%p) and smtp_port (587)
* Composer: Fix certificate validation errors by using packagist only
(#5148)
* Add --get and --extract arguments and CACHEDIR env-variable support to
install-jsdeps.sh (#5882)
* Support _filter and _scope as GET arguments for opening mail UI (#5825)
* Various improvements for templating engine and skin behaviours
* * Support conditional include
* * Support for 'link' objects
* * Support including files with path relative to templates directory
* * Use instead of for submit button on logon screen
* Support skin localization (#5853)
* Reset onerror on images if placeholder does not exist to prevent from
requests storm
* Unified and simplified code for loading content frame for responses and
identities
* Display contact import and advanced search in popup dialogs
* Display a dialog for mail import with supported format description and
upload size hint
* Make possible to set (some) config options from a skin
* Added optional checkbox selection for the list widget
* Make 'compose' command always enabled
* Add .log suffix to all log file names, add option log_file_ext to
control this (#313)
* Return "401 Unauthorized" status when login fails (#5663)
* Support both comma and semicolon as recipient separator, drop
recipients_separator option (#5092)
* Plugin API: Added 'show_bytes' hook (#5001)
* Add option to not indent quoted text on top-posting reply (#5105)
* Removed global $CONFIG variable
* Removed debug_level setting
* Support AUTHENTICATE LOGIN for IMAP connections (#5563)
* Support LDAP GSSAPI authentication (#5703)
* Localized timezone selector (#4983)
* Use 7bit encoding for ISO-2022-* charsets in sent mail (#5640)
* Handle inline images also inside multipart/mixed messages (#5905)
* Allow style tags in HTML editor on composed/reply messages (#5751)
* Use Github API as a fallback to fetch js dependencies to workaround
throttling issues (#6248)
* Show confirm dialog when moving folders using drag and drop (#6119)
* Fix bug where new_user_dialog email check could have been circumvented
by deleting / abandoning session (#5929)
* Fix skin extending for assets (#5115)
* Fix handling of forwarded messages inside of a TNEF message (#5632)
* Fix bug where attachment size wasn't visible when the filename was too
long (#6033)
* Fix checking table columns when there's more schemas/databases in
postgres/mysql (#6047)
* Fix css conflicts in user interface and e-mail content (#5891)
* Fix duplicated signature when using Back button in Chrome (#5809)
* Fix touch event issue on messages list in IE/Edge (#5781)
* Fix so links over images are not removed in plain text signatures
converted from HTML (#4473)
* Fix various issues when downloading files with names containing
non-ascii chars, use RFC 2231 (#5772)
Upgrade to version 1.3.10:
* Enigma: Fix "decryption oracle" bug [CVE-2019-10740] (#6638)
Upgrade to version 1.3.9:
* Fix TinyMCE download location(s) (#6694)
* Fix so mime_content_type check in Installer uses files that should
always be available (i.e. from program/resources) (#6599)
Upgrade to version 1.3.8:
* Fix support for "allow-from " in x_frame_options config option (#6449)
- add files with .log entry to logrotate config
enhance apache configuration by:
+ disable mbstring function overload (http://bugs.php.net/bug.php?id=30766)
+ do not allow to see README*, INSTALL, LICENSE or CHANGELOG files
+ set additional headers:
+ Content-Security-Policy: ask browsers to not set the referrer
+ Cache-Control: ask not to cache the content
+ Strict-Transport-Security: set HSTS rules for SSL traffic
+ X-XSS-Protection: configure built in reflective XSS protection
adjust README.openSUSE:
+ db.inc.php is not used any longer
+ flush privileges after creating/changing users in mysql
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10148=1
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10148=1
Package List:
- openSUSE Backports SLE-15-SP4 (noarch):
roundcubemail-1.5.3-bp154.2.3.1
- openSUSE Backports SLE-15-SP3 (noarch):
roundcubemail-1.5.3-bp153.2.3.1
References:
https://www.suse.com/security/cve/CVE-2019-10740.html
https://www.suse.com/security/cve/CVE-2020-12641.html
https://www.suse.com/security/cve/CVE-2020-16145.html
https://www.suse.com/security/cve/CVE-2020-35730.html
https://bugzilla.suse.com/1180132
https://bugzilla.suse.com/1180399
1
0
openSUSE-SU-2022:10150-1: important: Security update for seamonkey
by opensuse-security@opensuse.org 16 Oct '22
by opensuse-security@opensuse.org 16 Oct '22
16 Oct '22
openSUSE Security Update: Security update for seamonkey
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10150-1
Rating: important
References: #1203916
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for seamonkey fixes the following issues:
Update to SeaMonkey 2.53.14
* Updates to the following DOM HTML element interfaces: Embed, Object,
Anchor, Area, Button, Frame, Canvas, IFrame, Link, Image, MenuItem,
TextArea, Source, Select, Option, Script and Html. Please test add-ons.
* Continue the switch from Python 2 to Python 3 in the build system.
* Add ESR 102 links to debugQA bug 1779028.
* Remove about plugins from help menu bug 1779031.
* Dead links in cs_nav_prefs_advanced.xhtml [en-US] bug 1783558.
* Dead links in cs_nav_prefs_advanced.xhtml bug 1786030.
* Remove obsolete chat services from SeaMonkey address book bug 1779034.
* Address Book: "Get Map" button is not shown for home addresses bug
1779319.
* Added compatibility for rust 1.63
* SeaMonkey 2.53.14 uses the same backend as Firefox and contains the
relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.14 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.8.0 release notes for
specific security fixes in this release.
* Additional important security fixes up to Current Firefox 91.11 and
Thunderbird 91.11 ESR plus many enhancements have been backported. We
will continue to enhance SeaMonkey security in subsequent 2.53.x beta
and release versions as fast as we are able to.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-2022-10150=1
Package List:
- openSUSE Leap 15.3 (aarch64 i586 x86_64):
seamonkey-2.53.14-lp153.17.14.1
seamonkey-debuginfo-2.53.14-lp153.17.14.1
seamonkey-debugsource-2.53.14-lp153.17.14.1
seamonkey-dom-inspector-2.53.14-lp153.17.14.1
seamonkey-irc-2.53.14-lp153.17.14.1
References:
https://bugzilla.suse.com/1203916
1
0
openSUSE-SU-2022:10149-1: important: Security update for seamonkey
by opensuse-security@opensuse.org 16 Oct '22
by opensuse-security@opensuse.org 16 Oct '22
16 Oct '22
openSUSE Security Update: Security update for seamonkey
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10149-1
Rating: important
References: #1203916
Affected Products:
openSUSE Leap 15.4
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update fixes the following issues:
Update to SeaMonkey 2.53.14
* Updates to the following DOM HTML element interfaces: Embed, Object,
Anchor, Area, Button, Frame, Canvas, IFrame, Link, Image, MenuItem,
TextArea, Source, Select, Option, Script and Html. Please test add-ons.
* Continue the switch from Python 2 to Python 3 in the build system.
* Add ESR 102 links to debugQA bug 1779028.
* Remove about plugins from help menu bug 1779031.
* Dead links in cs_nav_prefs_advanced.xhtml [en-US] bug 1783558.
* Dead links in cs_nav_prefs_advanced.xhtml bug 1786030.
* Remove obsolete chat services from SeaMonkey address book bug 1779034.
* Address Book: "Get Map" button is not shown for home addresses bug
1779319.
* Added compatibility for rust 1.63
* SeaMonkey 2.53.14 uses the same backend as Firefox and contains the
relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.14 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.8.0 release notes for
specific security fixes in this release.
* Additional important security fixes up to Current Firefox 91.11 and
Thunderbird 91.11 ESR plus many enhancements have been backported. We
will continue to enhance SeaMonkey security in subsequent 2.53.x beta
and release versions as fast as we are able to.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-2022-10149=1
Package List:
- openSUSE Leap 15.4 (aarch64 i586 x86_64):
seamonkey-2.53.14-lp154.2.3.1
seamonkey-debuginfo-2.53.14-lp154.2.3.1
seamonkey-debugsource-2.53.14-lp154.2.3.1
seamonkey-dom-inspector-2.53.14-lp154.2.3.1
seamonkey-irc-2.53.14-lp154.2.3.1
References:
https://bugzilla.suse.com/1203916
1
0
14 Oct '22
SUSE Recommended Update: Recommended update for kdump
______________________________________________________________________________
Announcement ID: SUSE-RU-2022:3591-1
Rating: moderate
References: #1186272 #1201051
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that has two recommended fixes can now be
installed.
Description:
This update for kdump fixes the following issues:
- Fix unload issue when secure boot enabled (bsc#1186272)
- Fix network-related dracut options handling for fadump case (bsc#1201051)
Patch Instructions:
To install this SUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3591=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3591=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3591=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3591=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3591=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
kdump-0.9.0-150300.18.15.1
kdump-debuginfo-0.9.0-150300.18.15.1
kdump-debugsource-0.9.0-150300.18.15.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
kdump-0.9.0-150300.18.15.1
kdump-debuginfo-0.9.0-150300.18.15.1
kdump-debugsource-0.9.0-150300.18.15.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
kdump-0.9.0-150300.18.15.1
kdump-debuginfo-0.9.0-150300.18.15.1
kdump-debugsource-0.9.0-150300.18.15.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
kdump-0.9.0-150300.18.15.1
kdump-debuginfo-0.9.0-150300.18.15.1
kdump-debugsource-0.9.0-150300.18.15.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
kdump-0.9.0-150300.18.15.1
kdump-debuginfo-0.9.0-150300.18.15.1
kdump-debugsource-0.9.0-150300.18.15.1
References:
https://bugzilla.suse.com/1186272
https://bugzilla.suse.com/1201051
1
0
SUSE-RU-2022:3588-1: moderate: Recommended update for rmt-server
by maintenance@opensuse.org 14 Oct '22
by maintenance@opensuse.org 14 Oct '22
14 Oct '22
SUSE Recommended Update: Recommended update for rmt-server
______________________________________________________________________________
Announcement ID: SUSE-RU-2022:3588-1
Rating: moderate
References: #1188578 #1197038 #1197405 #1198721 #1199961
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Public Cloud 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that has 5 recommended fixes can now be installed.
Description:
This update for rmt-server fixes the following issues:
- Implement `System-Token` header handling to improve unique system
reporting.
- Add --proxy-byos flag to rmt-cli systems command to filter BYOS systems
using RMT as a proxy
- Retry failed http requests automatically (bsc#1197405, bsc#1188578,
bsc#1198721, bsc#1199961)
- Improved rmt-client-setup-res script for CentOS8.x and RHEL/RES8.x
(bsc#1197038)
Patch Instructions:
To install this SUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3588=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3588=1
- SUSE Linux Enterprise Module for Public Cloud 15-SP4:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-3588=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
rmt-server-2.9-150400.3.6.1
rmt-server-config-2.9-150400.3.6.1
rmt-server-debuginfo-2.9-150400.3.6.1
rmt-server-debugsource-2.9-150400.3.6.1
rmt-server-pubcloud-2.9-150400.3.6.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
rmt-server-2.9-150400.3.6.1
rmt-server-config-2.9-150400.3.6.1
rmt-server-debuginfo-2.9-150400.3.6.1
rmt-server-debugsource-2.9-150400.3.6.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 ppc64le s390x x86_64):
rmt-server-debuginfo-2.9-150400.3.6.1
rmt-server-debugsource-2.9-150400.3.6.1
rmt-server-pubcloud-2.9-150400.3.6.1
References:
https://bugzilla.suse.com/1188578
https://bugzilla.suse.com/1197038
https://bugzilla.suse.com/1197405
https://bugzilla.suse.com/1198721
https://bugzilla.suse.com/1199961
1
0
SUSE-SU-2022:3585-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 14 Oct '22
by opensuse-security@opensuse.org 14 Oct '22
14 Oct '22
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3585-1
Rating: important
References: #1152472 #1152489 #1185032 #1190497 #1194023
#1194869 #1195917 #1196444 #1196869 #1197659
#1198189 #1200622 #1201309 #1201310 #1201987
#1202095 #1202960 #1203039 #1203066 #1203101
#1203197 #1203263 #1203338 #1203360 #1203361
#1203389 #1203410 #1203505 #1203552 #1203664
#1203693 #1203699 #1203701 #1203767 #1203769
#1203794 #1203798 #1203893 #1203902 #1203906
#1203908 #1203933 #1203935 #1203939 #1203969
#1203987 #1203992 PED-387 PED-529 PED-652
PED-664 PED-682 PED-688 PED-720 PED-729 PED-755
PED-763 SLE-19924 SLE-24814
Cross-References: CVE-2022-1263 CVE-2022-2586 CVE-2022-3202
CVE-2022-3239 CVE-2022-3303 CVE-2022-39189
CVE-2022-41218 CVE-2022-41848 CVE-2022-41849
CVSS scores:
CVE-2022-1263 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1263 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2586 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3202 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-3202 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41849 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41849 (SUSE): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Public Cloud 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 9 vulnerabilities, contains 12
features and has 38 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP4 kernel was updated.
The following security bugs were fixed:
- CVE-2022-3303: Fixed a race condition in the sound subsystem due to
improper locking (bnc#1203769).
- CVE-2022-41218: Fixed an use-after-free caused by refcount races in
drivers/media/dvb-core/dmxdev.c (bnc#1202960).
- CVE-2022-3239: Fixed an use-after-free in the video4linux driver that
could lead a local user to able to crash the system or escalate their
privileges (bnc#1203552).
- CVE-2022-41848: Fixed a race condition and resultant use-after-free if a
physically proximate attacker removes a PCMCIA device while calling
ioctl (bnc#1203987).
- CVE-2022-41849: Fixed a race condition and resultant use-after-free if a
physically proximate attacker removes a USB device while calling open
(bnc#1203992).
- CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft
table is deleted (bnc#1202095).
- CVE-2022-1263: Fixed a NULL pointer dereference issue was found in KVM
when releasing a vCPU with dirty ring support enabled. This flaw allowed
an unprivileged local attacker on the host to issue specific ioctl
calls, causing a kernel oops condition that results in a denial of
service (bnc#1198189).
- CVE-2022-3202: Fixed a NULL pointer dereference flaw in Journaled File
System. This could allow a local attacker to crash the system or leak
kernel internal information (bnc#1203389).
- CVE-2022-39189: Fixed a bug in the x86 KVM subsystem which allows
unprivileged guest users to compromise the guest kernel because TLB
flush operations are mishandled (bnc#1203066).
The following non-security bugs were fixed:
- ACPI / scan: Create platform device for CS35L41 (bsc#1203699).
- ACPI: processor idle: Practically limit "Dummy wait" workaround to old
Intel systems (bsc#1203767).
- ACPI: resource: skip IRQ override on AMD Zen platforms (git-fixes).
- ACPI: scan: Add CLSA0101 Laptop Support (bsc#1203699).
- ACPI: utils: Add api to read _SUB from ACPI (bsc#1203699).
- ALSA: aloop: Fix random zeros in capture data when using jiffies timer
(git-fixes).
- ALSA: core: Fix double-free at snd_card_new() (git-fixes).
- ALSA: cs35l41: Check hw_config before using it (bsc#1203699).
- ALSA: cs35l41: Enable Internal Boost in shared lib (bsc#1203699).
- ALSA: cs35l41: Move cs35l41_gpio_config to shared lib (bsc#1203699).
- ALSA: cs35l41: Unify hardware configuration (bsc#1203699).
- ALSA: emu10k1: Fix out of bounds access in
snd_emu10k1_pcm_channel_alloc() (git-fixes).
- ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes).
- ALSA: hda: cs35l41: Add Amp Name based on channel and index
(bsc#1203699).
- ALSA: hda: cs35l41: Add Boost type flag (bsc#1203699).
- ALSA: hda: cs35l41: Add calls to newly added test key function
(bsc#1203699).
- ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence
(bsc#1203699).
- ALSA: hda: cs35l41: Add initial DSP support and firmware loading
(bsc#1203699).
- ALSA: hda: cs35l41: Add missing default cases (bsc#1203699).
- ALSA: hda: cs35l41: Add module parameter to control firmware load
(bsc#1203699).
- ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems (bsc#1203699).
- ALSA: hda: cs35l41: Add Support for Interrupts (bsc#1203699).
- ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations
(bsc#1203699).
- ALSA: hda: cs35l41: Always configure the DAI (bsc#1203699).
- ALSA: hda: cs35l41: Avoid overwriting register patch (bsc#1203699).
- ALSA: hda: cs35l41: Clarify support for CSC3551 without _DSD Properties
(bsc#1203699).
- ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41
(bsc#1203699).
- ALSA: hda: cs35l41: Do not dereference fwnode handle (bsc#1203699).
- ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() (bsc#1203699).
- ALSA: hda: cs35l41: Enable GPIO2 Interrupt for CLSA0100 laptops
(bsc#1203699).
- ALSA: hda: cs35l41: Fix comments wrt serial-multi-instantiate reference
(bsc#1203699).
- ALSA: hda: cs35l41: fix double free on error in probe() (bsc#1203699).
- ALSA: hda: cs35l41: Fix error in spi cs35l41 hda driver name
(bsc#1203699).
- ALSA: hda: cs35l41: Fix I2S params comments (bsc#1203699).
- ALSA: hda: cs35l41: Handle all external boost setups the same way
(bsc#1203699).
- ALSA: hda: cs35l41: Improve dev_err_probe() messaging (bsc#1203699).
- ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void (bsc#1203699).
- ALSA: hda: cs35l41: Make use of the helper function dev_err_probe()
(bsc#1203699).
- ALSA: hda: cs35l41: Move boost config to initialization code
(bsc#1203699).
- ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace
(bsc#1203699).
- ALSA: hda: cs35l41: Move external boost handling to lib for ASoC use
(bsc#1203699).
- ALSA: hda: cs35l41: Mute the device before shutdown (bsc#1203699).
- ALSA: hda: cs35l41: Put the device into safe mode for external boost
(bsc#1203699).
- ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables
(bsc#1203699).
- ALSA: hda: cs35l41: Remove cs35l41_hda_reg_sequence struct (bsc#1203699).
- ALSA: hda: cs35l41: Remove Set Channel Map api from binding
(bsc#1203699).
- ALSA: hda: cs35l41: Reorganize log for playback actions (bsc#1203699).
- ALSA: hda: cs35l41: Save codec object inside component struct
(bsc#1203699).
- ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver
(bsc#1203699).
- ALSA: hda: cs35l41: Set Speaker Position for CLSA0100 Laptop
(bsc#1203699).
- ALSA: hda: cs35l41: Support CLSA0101 (bsc#1203699).
- ALSA: hda: cs35l41: Support Firmware switching and reloading
(bsc#1203699).
- ALSA: hda: cs35l41: Support Hibernation during Suspend (bsc#1203699).
- ALSA: hda: cs35l41: Support multiple load paths for firmware
(bsc#1203699).
- ALSA: hda: cs35l41: Support reading subsystem id from ACPI (bsc#1203699).
- ALSA: hda: cs35l41: Support Speaker ID for laptops (bsc#1203699).
- ALSA: hda: cs35l41: Tidyup code (bsc#1203699).
- ALSA: hda: cs35l41: Use the CS35L41 HDA internal define (bsc#1203699).
- ALSA: hda: Fix dependencies of CS35L41 on SPI/I2C buses (bsc#1203699).
- ALSA: hda: Fix dependency on ASoC cs35l41 codec (bsc#1203699).
- ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount
saturation (git-fixes).
- ALSA: hda: Fix Nvidia dp infoframe (git-fixes).
- ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly
(bsc#1203699).
- ALSA: hda: hda_cs_dsp_ctl: Add fw id strings (bsc#1203699).
- ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls
(bsc#1203699).
- ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (jsc#PED-720).
- ALSA: hda/cs8409: Add new Dolphin HW variants (bsc#1203699).
- ALSA: hda/cs8409: Add Speaker Playback Switch for Cyborg (bsc#1203699).
- ALSA: hda/cs8409: Add Speaker Playback Switch for Warlock (bsc#1203699).
- ALSA: hda/cs8409: change cs8409_fixups v.pins initializers to static
(bsc#1203699).
- ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg (bsc#1203699).
- ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants
(bsc#1203699).
- ALSA: hda/cs8409: Fix Warlock to use mono mic configuration
(bsc#1203699).
- ALSA: hda/cs8409: Re-order quirk table into ascending order
(bsc#1203699).
- ALSA: hda/cs8409: Support manual mode detection for CS42L42
(bsc#1203699).
- ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1203699).
- ALSA: hda/cs8409: Support new Odin Variants (bsc#1203699).
- ALSA: hda/cs8409: Support new Warlock MLK Variants (bsc#1203699).
- ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver
(bsc#1203699).
- ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED
(git-fixes).
- ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops
(bsc#1203699).
- ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9
(bsc#1203699).
- ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes).
- ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model
(bsc#1203699).
- ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo Yoga7 14IAL7 (bsc#1203699).
- ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41
(bsc#1203699).
- ALSA: hda/realtek: Add support for HP Laptops (bsc#1203699).
- ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop (bsc#1203699).
- ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop
(git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop
(git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on
EliteBook 845/865 G9 (bsc#1203699).
- ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops
(bsc#1203699).
- ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops
(bsc#1203699).
- ALSA: hda/realtek: Fix LED on Zbook Studio G9 (bsc#1203699).
- ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec
(bsc#1203699).
- ALSA: hda/realtek: More robust component matching for CS35L41
(bsc#1203699).
- ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes).
- ALSA: hda/sigmatel: Fix unused variable warning for beep power change
(git-fixes).
- ALSA: hda/tegra: Add Tegra234 hda driver support (git-fixes).
- ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes).
- ALSA: hda/tegra: set depop delay for tegra (git-fixes).
- ALSA: hda/tegra: Update scratch reg. communication (git-fixes).
- ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes).
- ALSA: usb-audio: Fix an out-of-bounds bug in
__snd_usb_parse_audio_interface() (git-fixes).
- ALSA: usb-audio: Inform the delayed registration more properly
(git-fixes).
- ALSA: usb-audio: Register card again for iface over delayed_register
option (git-fixes).
- ALSA: usb-audio: Split endpoint setups for hw_params and prepare
(git-fixes).
- ARM: dts: am33xx: Fix MMCHS0 dma properties (git-fixes).
- ARM: dts: imx: align SPI NOR node name with dtschema (git-fixes).
- ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (git-fixes).
- arm64: dts: qcom: sm8350: fix UFS PHY serdes size (git-fixes).
- arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (git-fixes).
- arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes).
- arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma
(git-fixes).
- arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes).
- arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes)
Enable this errata fix configuration option to arm64/default.
- arm64: kexec_file: use more system keyrings to verify kernel image
signature (bsc#1196444).
- arm64: lib: Import latest version of Arm Optimized Routines' strcmp
(git-fixes)
- arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes)
- arm64: topology: fix possible overflow in amu_fie_setup() (git-fixes).
- ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1203699).
- ASoC: cs35l41: Add bindings for CS35L41 (bsc#1203699).
- ASoC: cs35l41: Add common cs35l41 enter hibernate function (bsc#1203699).
- ASoC: cs35l41: Add cs35l51/53 IDs (bsc#1203699).
- ASoC: cs35l41: Add endianness flag in snd_soc_component_driver
(bsc#1203699).
- ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699).
- ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699).
- ASoC: cs35l41: Add support for CLSA3541 ACPI device ID (bsc#1203699).
- ASoC: cs35l41: Add support for hibernate memory retention mode
(bsc#1203699).
- ASoC: cs35l41: Binding fixes (bsc#1203699).
- ASoC: cs35l41: Change monitor widgets to siggens (bsc#1203699).
- ASoC: cs35l41: Combine adjacent register writes (bsc#1203699).
- ASoC: cs35l41: Convert tables to shared source code (bsc#1203699).
- ASoC: cs35l41: Correct DSP power down (bsc#1203699).
- ASoC: cs35l41: Correct handling of some registers in the cache
(bsc#1203699).
- ASoC: cs35l41: Correct some control names (bsc#1203699).
- ASoC: cs35l41: Create shared function for boost configuration
(bsc#1203699).
- ASoC: cs35l41: Create shared function for errata patches (bsc#1203699).
- ASoC: cs35l41: Create shared function for setting channels (bsc#1203699).
- ASoC: cs35l41: CS35L41 Boosted Smart Amplifier (bsc#1203699).
- ASoC: cs35l41: Do not overwrite returned error code (bsc#1203699).
- ASoC: cs35l41: Do not print error when waking from hibernation
(bsc#1203699).
- ASoC: cs35l41: Document CS35l41 External Boost (bsc#1203699).
- ASoC: cs35l41: DSP Support (bsc#1203699).
- ASoC: cs35l41: Fix a bunch of trivial code formating/style issues
(bsc#1203699).
- ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN
(bsc#1203699).
- ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t
(bsc#1203699).
- ASoC: cs35l41: Fix DSP mbox start command and global enable order
(bsc#1203699).
- ASoC: cs35l41: Fix GPIO2 configuration (bsc#1203699).
- ASoC: cs35l41: Fix link problem (bsc#1203699).
- ASoC: cs35l41: Fix max number of TX channels (bsc#1203699).
- ASoC: cs35l41: Fix undefined reference to core functions (bsc#1203699).
- ASoC: cs35l41: Fix use of an uninitialised variable (bsc#1203699).
- ASoC: cs35l41: Fixup the error messages (bsc#1203699).
- ASoC: cs35l41: Make cs35l41_remove() return void (bsc#1203699).
- ASoC: cs35l41: Move cs_dsp config struct into shared code (bsc#1203699).
- ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code
(bsc#1203699).
- ASoC: cs35l41: Move cs35l41 fs errata into shared code (bsc#1203699).
- ASoC: cs35l41: Move cs35l41_otp_unpack to shared code (bsc#1203699).
- ASoC: cs35l41: Move cs35l41_set_cspl_mbox_cmd to shared code
(bsc#1203699).
- ASoC: cs35l41: Move power initializations to reg_sequence (bsc#1203699).
- ASoC: cs35l41: Read System Name from ACPI _SUB to identify firmware
(bsc#1203699).
- ASoC: cs35l41: Remove incorrect comment (bsc#1203699).
- ASoC: cs35l41: Remove unnecessary param (bsc#1203699).
- ASoC: cs35l41: Set the max SPI speed for the whole device (bsc#1203699).
- ASoC: cs35l41: Support external boost (bsc#1203699).
- ASoC: cs35l41: Update handling of test key registers (bsc#1203699).
- ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot
(bsc#1203699).
- ASoC: cs42l42: Add control for audio slow-start switch (bsc#1203699).
- ASoC: cs42l42: Add warnings about DETECT_MODE and PLL_START
(bsc#1203699).
- ASoC: cs42l42: Allow time for HP/ADC to power-up after enable
(bsc#1203699).
- ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts
(bsc#1203699).
- ASoC: cs42l42: Change jack_detect_mutex to a lock of all IRQ handling
(bsc#1203699).
- ASoC: cs42l42: Do not claim to support 192k (bsc#1203699).
- ASoC: cs42l42: Do not reconfigure the PLL while it is running
(bsc#1203699).
- ASoC: cs42l42: Fix WARN in remove() if running without an interrupt
(bsc#1203699).
- ASoC: cs42l42: free_irq() before powering-down on probe() fail
(bsc#1203699).
- ASoC: cs42l42: Handle system suspend (bsc#1203699).
- ASoC: cs42l42: Implement Manual Type detection as fallback (bsc#1203699).
- ASoC: cs42l42: Mark OSC_SWITCH_STATUS register volatile (bsc#1203699).
- ASoC: cs42l42: Minor fix all errors reported by checkpatch.pl script
(bsc#1203699).
- ASoC: cs42l42: Move CS42L42 register descriptions to general include
(bsc#1203699).
- ASoC: cs42l42: Only report button state if there was a button interrupt
(git-fixes).
- ASoC: cs42l42: Prevent NULL pointer deref in interrupt handler
(bsc#1203699).
- ASoC: cs42l42: Remove redundant pll_divout member (bsc#1203699).
- ASoC: cs42l42: Remove redundant writes to DETECT_MODE (bsc#1203699).
- ASoC: cs42l42: Remove redundant writes to RS_PLUG/RS_UNPLUG masks
(bsc#1203699).
- ASoC: cs42l42: Remove unused runtime_suspend/runtime_resume callbacks
(bsc#1203699).
- ASoC: cs42l42: Report full jack status when plug is detected
(bsc#1203699).
- ASoC: cs42l42: Report initial jack state (bsc#1203699).
- ASoC: cs42l42: Reset and power-down on remove() and failed probe()
(bsc#1203699).
- ASoC: cs42l42: Set correct SRC MCLK (bsc#1203699).
- ASoC: cs42l42: Simplify reporting of jack unplug (bsc#1203699).
- ASoC: cs42l42: Use PLL for SCLK > 12.288MHz (bsc#1203699).
- ASoC: cs42l42: Use two thresholds and increased wait time for manual
type detection (bsc#1203699).
- ASoC: dt-bindings: cs42l42: Convert binding to yaml (bsc#1203699).
- ASoC: imx-card: Fix refcount issue with of_node_put (git-fixes).
- ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (git-fixes).
- ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (git-fixes).
- ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes).
- ASoC: qcom: sm8250: add missing module owner (git-fixes).
- ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720).
- ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720).
- ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652).
- ASoC: tas2770: Reinit regcache on reset (git-fixes).
- ASoC: wm_adsp: Add support for "toggle" preloaders (bsc#1203699).
- ASoC: wm_adsp: Add trace caps to speaker protection FW (bsc#1203699).
- ASoC: wm_adsp: Cancel ongoing work when removing controls (bsc#1203699).
- ASoC: wm_adsp: Compressed stream DSP memory structs should be __packed
(bsc#1203699).
- ASoC: wm_adsp: Correct control read size when parsing compressed buffer
(bsc#1203699).
- ASoC: wm_adsp: Expand firmware loading search options (bsc#1203699).
- ASoC: wm_adsp: Fix event for preloader (bsc#1203699).
- ASoC: wm_adsp: Introduce cs_dsp logging macros (bsc#1203699).
- ASoC: wm_adsp: Make compressed buffers optional (bsc#1203699).
- ASoC: wm_adsp: Minor clean and redundant code removal (bsc#1203699).
- ASoC: wm_adsp: Move check for control existence (bsc#1203699).
- ASoC: wm_adsp: Move check of dsp->running to better place (bsc#1203699).
- ASoC: wm_adsp: move firmware loading to client (bsc#1203699).
- ASoC: wm_adsp: Move sys_config_size to wm_adsp (bsc#1203699).
- ASoC: wm_adsp: Pass firmware names as parameters when starting DSP core
(bsc#1203699).
- ASoC: wm_adsp: remove a repeated including (bsc#1203699).
- ASoC: wm_adsp: Remove pointless string comparison (bsc#1203699).
- ASoC: wm_adsp: Remove the wmfw_add_ctl helper function (bsc#1203699).
- ASoC: wm_adsp: Remove use of snd_ctl_elem_type_t (bsc#1203699).
- ASoC: wm_adsp: Rename generic DSP support (bsc#1203699).
- ASoC: wm_adsp: Separate generic cs_dsp_coeff_ctl handling (bsc#1203699).
- ASoC: wm_adsp: Separate some ASoC and generic functions (bsc#1203699).
- ASoC: wm_adsp: Separate wm_adsp specifics in cs_dsp_client_ops
(bsc#1203699).
- ASoC: wm_adsp: Split DSP power operations into helper functions
(bsc#1203699).
- ASoC: wm_adsp: Split out struct cs_dsp from struct wm_adsp (bsc#1203699).
- ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers
(bsc#1203699).
- ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret'
(bsc#1203699).
- batman-adv: Fix hang up with small MTU hard-interface (git-fixes).
- Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend
(git-fixes).
- Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure
(git-fixes).
- Bluetooth: hci_core: Fix not handling link timeouts propertly
(git-fixes).
- bnx2x: fix built-in kernel driver load failure (git-fixes).
- bnx2x: fix driver load from initrd (git-fixes).
- btrfs: fix relocation crash due to premature return from
btrfs_commit_transaction() (bsc#1203360).
- btrfs: fix space cache corruption and potential double allocations
(bsc#1203361).
- build mlx in x86_64/azure as modules again (bsc#1203701) There is little
gain by having the drivers built into the kernel. Having them as modules
allows easy replacement by third party drivers.
- can: gs_usb: gs_can_open(): fix race dev->can.state condition
(git-fixes).
- can: rx-offload: can_rx_offload_init_queue(): fix typo (git-fixes).
- cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
(bsc#1196869).
- cgroup: cgroup_get_from_id() must check the looked-up kn is a directory
(bsc#1203906).
- cgroup: Fix race condition at rebind_subsystems() (bsc#1203902).
- cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock
(bsc#1196869).
- clk: bcm: rpi: Prevent out-of-bounds access (git-fixes).
- clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc()
(git-fixes).
- clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks
(git-fixes).
- clk: ingenic-tcu: Properly enable registers before accessing timers
(git-fixes).
- clk: iproc: Do not rely on node name for correct PLL setup (git-fixes).
- constraints: increase disk space for all architectures References:
bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show
that it is very close to the limit.
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)
- cs-dsp and serial-multi-instantiate enablement (bsc#1203699)
- dmaengine: idxd: add helper for per interrupt handle drain (jsc#PED-682).
- dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755).
- dmaengine: idxd: change MSIX allocation based on per wq activation
(jsc#PED-664).
- dmaengine: idxd: create locked version of idxd_quiesce() call
(jsc#PED-682).
- dmaengine: idxd: embed irq_entry in idxd_wq struct (jsc#PED-664).
- dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664).
- dmaengine: idxd: fix retry value to be constant for duration of function
call (git-fixes).
- dmaengine: idxd: handle interrupt handle revoked event (jsc#PED-682).
- dmaengine: idxd: handle invalid interrupt handle descriptors
(jsc#PED-682).
- dmaengine: idxd: int handle management refactoring (jsc#PED-682).
- dmaengine: idxd: match type for retries var in idxd_enqcmds()
(git-fixes).
- dmaengine: idxd: move interrupt handle assignment (jsc#PED-682).
- dmaengine: idxd: rework descriptor free path on failure (jsc#PED-682).
- dmaengine: idxd: set defaults for wq configs (jsc#PED-688).
- dmaengine: idxd: update IAA definitions for user header (jsc#PED-763).
- dmaengine: ti: k3-udma-private: Fix refcount leak bug in
of_xudma_dev_get() (git-fixes).
- docs: i2c: i2c-topology: fix incorrect heading (git-fixes).
- dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes).
- drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV (git-fixes).
- drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (git-fixes).
- drm/amd/display: Limit user regamma to a valid value (git-fixes).
- drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack
usage (git-fixes).
- drm/amd/display: Reduce number of arguments of dml31's
CalculateFlipSchedule() (git-fixes).
- drm/amd/display: Reduce number of arguments of dml31's
CalculateWatermarksAndDRAMSpeedChangeSupport() (git-fixes).
- drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid
cards (git-fixes).
- drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes).
- drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes).
- drm/amdgpu: make sure to init common IP before gmc (git-fixes).
- drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes).
- drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega
(git-fixes).
- drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega
(git-fixes).
- drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device
to psp_hw_fini (git-fixes).
- drm/amdgpu: Separate vf2pf work item init from virt data exchange
(git-fixes).
- drm/amdgpu: use dirty framebuffer helper (git-fixes).
- drm/bridge: display-connector: implement bus fmts callbacks (git-fixes).
- drm/bridge: lt8912b: add vsync hsync (git-fixes).
- drm/bridge: lt8912b: fix corrupted image output (git-fixes).
- drm/bridge: lt8912b: set hdmi or dvi mode (git-fixes).
- drm/gem: Fix GEM handle release errors (git-fixes).
- drm/gma500: Fix BUG: sleeping function called from invalid context
errors (git-fixes).
- drm/i915: Implement WaEdpLinkRateDataReload (git-fixes).
- drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes).
- drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes).
- drm/i915/gt: Restrict forced preemption to the active context
(git-fixes).
- drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks
(git-fixes).
- drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff()
(git-fixes).
- drm/meson: Correct OSD1 global alpha value (git-fixes).
- drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes).
- drm/msm/rd: Fix FIFO-full deadlock (git-fixes).
- drm/panel: simple: Fix innolux_g121i1_l01 bus_format (git-fixes).
- drm/panfrost: devfreq: set opp to the recommended one to configure
regulator (git-fixes).
- drm/radeon: add a force flush to delay work when radeon (git-fixes).
- drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes).
- drm/tegra: vic: Fix build warning when CONFIG_PM=n (git-fixes).
- dt-bindings: hwmon: (mr75203) fix "intel,vm-map" property to be optional
(git-fixes).
- EDAC/dmc520: Do not print an error for each unconfigured interrupt line
(bsc#1190497).
- efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes).
- efi: libstub: Disable struct randomization (git-fixes).
- eth: alx: take rtnl_lock on resume (git-fixes).
- eth: sun: cassini: remove dead code (git-fixes).
- explicit set MODULE_SIG_HASH in azure config (bsc#1203933) Setting this
option became mandatory in Feb 2022. While the lack of this option did
not cause issues with automated builds, a manual osc build started to
fail due to incorrect macro expansion.
- fbcon: Add option to enable legacy hardware acceleration (bsc#1152472)
Backporting changes: * context fixes in other patch * update config
- fbcon: Fix accelerated fbdev scrolling while logo is still shown
(bsc#1152472)
- fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()
(git-fixes).
- firmware: arm_scmi: Fix the asynchronous reset requests (git-fixes).
- firmware: arm_scmi: Harden accesses to the reset domains (git-fixes).
- firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic
DSPs (bsc#1203699).
- firmware: cs_dsp: Add lockdep asserts to interface functions
(bsc#1203699).
- firmware: cs_dsp: Add memory chunk helpers (bsc#1203699).
- firmware: cs_dsp: Add offset to cs_dsp read/write (bsc#1203699).
- firmware: cs_dsp: Add pre_run callback (bsc#1203699).
- firmware: cs_dsp: Add pre_stop callback (bsc#1203699).
- firmware: cs_dsp: Add support for rev 2 coefficient files (bsc#1203699).
- firmware: cs_dsp: Add version checks on coefficient loading
(bsc#1203699).
- firmware: cs_dsp: Allow creation of event controls (bsc#1203699).
- firmware: cs_dsp: Clarify some kernel doc comments (bsc#1203699).
- firmware: cs_dsp: Clear core reset for cache (bsc#1203699).
- firmware: cs_dsp: Fix overrun of unterminated control name string
(bsc#1203699).
- firmware: cs_dsp: Move lockdep asserts to avoid potential null pointer
(bsc#1203699).
- firmware: cs_dsp: Perform NULL check in cs_dsp_coeff_write/read_ctrl
(bsc#1203699).
- firmware: cs_dsp: Print messages from bin files (bsc#1203699).
- firmware: cs_dsp: tidy includes in cs_dsp.c and cs_dsp.h (bsc#1203699).
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace
is dead (git-fixes).
- fuse: Remove the control interface for virtio-fs (bsc#1203798).
- gpio: mockup: fix NULL pointer dereference when removing debugfs
(git-fixes).
- gpio: mockup: remove gpio debugfs when remove device (git-fixes).
- gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx
(git-fixes).
- gpio: mvebu: Fix check for pwm support on non-A8K platforms (git-fixes).
- gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully
(git-fixes).
- gve: Fix GFP flags when allocing pages (git-fixes).
- HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message
(git-fixes).
- HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes).
- hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (git-fixes).
- hwmon: (mr75203) enable polling for all VM channels (git-fixes).
- hwmon: (mr75203) fix multi-channel voltage reading (git-fixes).
- hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map" not
defined (git-fixes).
- hwmon: (mr75203) fix voltage equation for negative source input
(git-fixes).
- hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888
controller (git-fixes).
- hwmon: (tps23861) fix byte order in resistance register (git-fixes).
- i2c: acpi: Add an i2c_acpi_client_count() helper function (bsc#1203699).
- i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible
(git-fixes).
- i2c: mlxbf: Fix frequency calculation (git-fixes).
- i2c: mlxbf: incorrect base address passed during io write (git-fixes).
- i2c: mlxbf: prevent stack overflow in
mlxbf_i2c_smbus_start_transaction() (git-fixes).
- i2c: mlxbf: support lock mechanism (git-fixes).
- ice: Allow operation with reduced device MSI-X (bsc#1201987).
- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (git-fixes).
- ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (git-fixes).
- ice: fix crash when writing timestamp on RX rings (git-fixes).
- ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (git-fixes).
- ice: fix possible under reporting of ethtool Tx and Rx statistics
(git-fixes).
- ice: Fix race during aux device (un)plugging (git-fixes).
- ice: Match on all profiles in slow-path (git-fixes).
- ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes).
- igb: skip phy status check where unavailable (git-fixes).
- Input: goodix - add compatible string for GT1158 (git-fixes).
- Input: goodix - add support for GT1158 (git-fixes).
- Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes).
- Input: iqs62x-keys - drop unused device node references (git-fixes).
- Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes).
- Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes).
- kABI workaround for spi changes (bsc#1203699).
- kABI: Add back removed struct paca member (bsc#1203664 ltc#199236).
- kABI: fix adding another field to scsi_device (bsc#1203039).
- kABI: Fix kABI after SNP-Guest backport (jsc#SLE-19924, jsc#SLE-24814).
- kbuild: disable header exports for UML in a straightforward way
(git-fixes).
- kexec_file: drop weak attribute from functions (bsc#1196444).
- kexec, KEYS, s390: Make use of built-in and secondary keyring for
signature verification (bsc#1196444).
- kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444).
- kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444).
- kexec: drop weak attribute from functions (bsc#1196444).
- KVM: SVM: Create a separate mapping for the GHCB save area
(jsc#SLE-19924, jsc#SLE-24814).
- KVM: SVM: Create a separate mapping for the SEV-ES save area
(jsc#SLE-19924, jsc#SLE-24814).
- KVM: SVM: Define sev_features and VMPL field in the VMSA (jsc#SLE-19924,
jsc#SLE-24814).
- KVM: SVM: fix tsc scaling cache logic (bsc#1203263).
- KVM: SVM: Update the SEV-ES save area mapping (jsc#SLE-19924,
jsc#SLE-24814).
- KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (git-fixes).
- KVM: X86: Fix when shadow_root_level=5 && guest root_level<4
(git-fixes).
- KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi()
(git-fixes).
- KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall
(git-fixes).
- KVM: x86: Move lookup of indexed CPUID leafs to helper (jsc#SLE-19924,
jsc#SLE-24814).
- libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205
(git-fixes).
- lockd: detect and reject lock arguments that overflow (git-fixes).
- md-raid10: fix KASAN warning (git-fixes).
- md: call __md_stop_writes in md_stop (git-fixes).
- md: unlock mddev before reap sync_thread in action_store (bsc#1197659).
- media: aspeed: Fix an error handling path in aspeed_video_probe()
(git-fixes).
- media: coda: Add more H264 levels for CODA960 (git-fixes).
- media: coda: Fix reported H264 profile (git-fixes).
- media: dvb_vb2: fix possible out of bound access (git-fixes).
- media: exynos4-is: Change clk_disable to clk_disable_unprepare
(git-fixes).
- media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe
(git-fixes).
- media: flexcop-usb: fix endpoint type check (git-fixes).
- media: imx-jpeg: Add pm-sleep support for imx-jpeg (git-fixes).
- media: imx-jpeg: Correct some definition according specification
(git-fixes).
- media: imx-jpeg: Disable slot interrupt when frame done (git-fixes).
- media: imx-jpeg: Fix potential array out of bounds in queue_setup
(git-fixes).
- media: imx-jpeg: Leave a blank space before the configuration data
(git-fixes).
- media: imx-jpeg: Refactor function mxc_jpeg_parse (git-fixes).
- media: mceusb: Use new usb_control_msg_*() routines (git-fixes).
- media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment.
- media: rkvdec: Disable H.264 error detection (git-fixes).
- media: st-delta: Fix PM disable depth imbalance in delta_probe
(git-fixes).
- media: vsp1: Fix offset calculation for plane cropping.
- misc: cs35l41: Remove unused pdn variable (bsc#1203699).
- mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes).
- mlxsw: i2c: Fix initialization error flow (git-fixes).
- mm: Fix PASID use-after-free issue (bsc#1203908).
- mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch
failure (git-fixes).
- mmc: hsq: Fix data stomping during mmc recovery (git-fixes).
- mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes).
- mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv
(git-fixes).
- net: axienet: fix RX ring refill allocation failure handling (git-fixes).
- net: axienet: reset core on initialization prior to MDIO access
(git-fixes).
- net: bcmgenet: hide status block before TX timestamping (git-fixes).
- net: bcmgenet: Revert "Use stronger register read/writes to assure
ordering" (git-fixes).
- net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes).
- net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator
(git-fixes).
- net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (git-fixes).
- net: dsa: felix: fix tagging protocol changes with multiple CPU ports
(git-fixes).
- net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).
- net: dsa: introduce helpers for iterating through ports using dp
(git-fixes).
- net: dsa: lantiq_gswip: Do not set GSWIP_MII_CFG_RMII_CLK (git-fixes).
- net: dsa: lantiq_gswip: fix use after free in gswip_remove() (git-fixes).
- net: dsa: microchip: fix bridging with more than two member ports
(git-fixes).
- net: dsa: mt7530: 1G can also support 1000BASE-X link mode (git-fixes).
- net: dsa: mt7530: add missing of_node_put() in mt7530_setup()
(git-fixes).
- net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr
(git-fixes).
- net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register
(git-fixes).
- net: dsa: restrict SMSC_LAN9303_I2C kconfig (git-fixes).
- net: emaclite: Add error handling for of_address_to_resource()
(git-fixes).
- net: enetc: Use pci_release_region() to release some resources
(git-fixes).
- net: ethernet: mediatek: ppe: fix wrong size passed to memset()
(git-fixes).
- net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address()
(git-fixes).
- net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
(git-fixes).
- net: ethernet: stmmac: fix write to sgmii_adapter_base (git-fixes).
- net: fec: add missing of_node_put() in fec_enet_init_stop_mode()
(git-fixes).
- net: ftgmac100: access hardware register after clock ready (git-fixes).
- net: hns3: add netdev reset check for hns3_set_tunable() (git-fixes).
- net: hns3: fix the concurrency between functions reading debugfs
(git-fixes).
- net: ipa: get rid of a duplicate initialization (git-fixes).
- net: ipa: kill ipa_cmd_pipeline_clear() (git-fixes).
- net: ipa: record proper RX transaction count (git-fixes).
- net: macb: Fix PTP one step sync support (git-fixes).
- net: macb: Increment rx bd head after allocating skb and buffer
(git-fixes).
- net: mana: Add rmb after checking owner bits (git-fixes).
- net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529).
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller
(git-fixes).
- net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP
filters (git-fixes).
- net: mscc: ocelot: fix all IP traffic getting trapped to CPU with PTP
over IP (git-fixes).
- net: mscc: ocelot: fix broken IP multicast flooding (git-fixes).
- net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware
when deleted (git-fixes).
- net: mscc: ocelot: fix missing unlock on error in ocelot_hwstamp_set()
(git-fixes).
- net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups
(git-fixes).
- net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0
(git-fixes).
- net: phy: aquantia: wait for the suspend/resume operations to finish
(git-fixes).
- net: phy: at803x: move page selection fix to config_init (git-fixes).
- net: phy: Do not WARN for PHY_UP state in mdio_bus_phy_resume()
(git-fixes).
- net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes).
- net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes).
- net: stmmac: dwmac-qcom-ethqos: add platform level clocks management
(git-fixes).
- net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock on resume
(git-fixes).
- net: stmmac: dwmac-sun8i: add missing of_node_put() in
sun8i_dwmac_register_mdio_mux() (git-fixes).
- net: stmmac: enhance XDP ZC driver level switching performance
(git-fixes).
- net: stmmac: fix out-of-bounds access in a selftest (git-fixes).
- net: stmmac: Fix unset max_speed difference between DT and non-DT
platforms (git-fixes).
- net: stmmac: only enable DMA interrupts when ready (git-fixes).
- net: stmmac: perserve TX and RX coalesce value during XDP setup
(git-fixes).
- net: stmmac: remove unused get_addr() callback (git-fixes).
- net: stmmac: Use readl_poll_timeout_atomic() in atomic state (git-fixes).
- net: systemport: Fix an error handling path in bcm_sysport_probe()
(git-fixes).
- net: thunderbolt: Enable DMA paths only after rings are enabled
(git-fixes).
- net: usb: qmi_wwan: add Quectel RM520N (git-fixes).
- net: wwan: iosm: Call mutex_init before locking it (git-fixes).
- net: wwan: iosm: remove pointless null check (git-fixes).
- net/mlx5: CT: Fix header-rewrite re-use for tupels (git-fixes).
- net/mlx5: Drain fw_reset when removing device (git-fixes).
- net/mlx5e: Block rx-gro-hw feature in switchdev mode (git-fixes).
- net/mlx5e: Properly block HW GRO when XDP is enabled (git-fixes).
- net/mlx5e: Properly block LRO when XDP is enabled (git-fixes).
- net/mlx5e: Remove HW-GRO from reported features (git-fixes).
- net/mlx5e: TC NIC mode, fix tc chains miss table (git-fixes).
- net/qla3xxx: Fix a test in ql_reset_work() (git-fixes).
- net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change()
(git-fixes).
- NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes).
- NFS: fix problems with __nfs42_ssc_open (git-fixes).
- NFS: Fix races in the legacy idmapper upcall (git-fixes).
- NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (git-fixes).
- NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes).
- NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
- NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes).
- NFS: Turn off open-by-filehandle and NFS re-export for NFSv4.0
(git-fixes).
- NFS: Update mode bits after ALLOCATE and DEALLOCATE (git-fixes).
- NFSD: Clean up the show_nf_flags() macro (git-fixes).
- NFSD: eliminate the NFSD_FILE_BREAK_* flags (git-fixes).
- NFSD: Fix offset type in I/O trace points (git-fixes).
- NFSD: restore EINVAL error translation in nfsd_commit() (git-fixes).
- of: device: Fix up of_dma_configure_id() stub (git-fixes).
- of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes).
- parisc/sticon: fix reverse colors (bsc#1152489)
- parisc/stifb: Fix fb_is_primary_device() only available with
(bsc#1152489)
- parisc/stifb: Implement fb_is_primary_device() (bsc#1152489)
- parisc/stifb: Keep track of hardware path of graphics card (bsc#1152489)
- PCI: Correct misspelled words (git-fixes).
- PCI: Disable MSI for Tegra234 Root Ports (git-fixes).
- PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes).
- PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (jsc#PED-387).
- pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (git-fixes).
- pinctrl: qcom: sc8180x: Fix wrong pin numbers (git-fixes).
- pinctrl: sunxi: Fix name for A100 R_PIO (git-fixes).
- platform/surface: aggregator_registry: Add support for Surface Laptop Go
2 (git-fixes).
- platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap
fixes (git-fixes).
- platform/x86: i2c-multi-instantiate: Rename it for a generic serial
driver name (bsc#1203699).
- platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop
(bsc#1203699).
- platform/x86: serial-multi-instantiate: Add SPI support (bsc#1203699).
- platform/x86: serial-multi-instantiate: Reorganize I2C functions
(bsc#1203699).
- pNFS/flexfiles: Report RDMA connection errors to the server (git-fixes).
- powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL
(bsc#1194869).
- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
- regulator: core: Clean up on enable failure (git-fixes).
- regulator: pfuze100: Fix the global-out-of-bounds access in
pfuze100_regulator_probe() (git-fixes).
- regulator: qcom_rpm: Fix circular deferral regression (git-fixes).
- reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes).
- s390: fix double free of GS and RI CBs on fork() failure (bsc#1203197
LTC#199895).
- s390/boot: fix absolute zero lowcore corruption on boot (git-fixes).
- scsi: core: Add BLIST_NO_ASK_VPD_SIZE for some VDASD (bsc#1203039).
- scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939).
- scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID
cases (bsc#1203939).
- scsi: lpfc: Add reporting capability for Link Degrade Signaling
(bsc#1203939).
- scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939).
- scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload
(bsc#1203939).
- scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same
NPort ID (bsc#1203939).
- scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939).
- scsi: lpfc: Fix various issues reported by tools (bsc#1203939).
- scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed
phba (bsc#1185032 bsc#1203939).
- scsi: lpfc: Remove the unneeded result variable (bsc#1203939).
- scsi: lpfc: Remove unneeded result variable (bsc#1203939).
- scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd
(bsc#1203939).
- scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE
(bsc#1203939).
- scsi: lpfc: Rework FDMI attribute registration for unintential padding
(bsc#1203939).
- scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency
(bsc#1203939).
- scsi: lpfc: Update congestion mode logging for Emulex SAN Manager
application (bsc#1203939).
- scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939).
- scsi: mpt3sas: Fix use-after-free warning (git-fixes).
- scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
- scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status
(bsc#1203935).
- scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1()
(bsc#1203935).
- scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
- scsi: qla2xxx: Define static symbols (bsc#1203935).
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX
(bsc#1203935).
- scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
- scsi: qla2xxx: Enhance driver tracing with separate tunable and more
(bsc#1203935).
- scsi: qla2xxx: Fix disk failure to rediscover (git-fixes).
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935).
- scsi: qla2xxx: Fix response queue handler reading stale packets
(bsc#1203935).
- scsi: qla2xxx: Fix spelling mistake "definiton" -> "definition"
(bsc#1203935).
- scsi: qla2xxx: Log message "skipping scsi_scan_host()" as informational
(bsc#1203935).
- scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935).
- scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
- scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
- scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading
stale packets" (bsc#1203935).
- scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
- scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" (git-fixes).
- scsi: smartpqi: Add module param to disable managed ints (bsc#1203893).
- scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622).
- selftests: Fix the if conditions of in test_extra_filter() (git-fixes).
- selftests: forwarding: add shebang for sch_red.sh (git-fixes).
- selftests: forwarding: Fix failing tests with old libnet (git-fixes).
- serial: atmel: remove redundant assignment in rs485_config (git-fixes).
- serial: Create uart_xmit_advance() (git-fixes).
- serial: fsl_lpuart: Reset prior to registration (git-fixes).
- serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting
(git-fixes).
- serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting
(git-fixes).
- soc: sunxi: sram: Actually claim SRAM regions (git-fixes).
- soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes).
- soc: sunxi: sram: Prevent the driver from being unbound (git-fixes).
- spi: Add API to count spi acpi resources (bsc#1203699).
- spi: Create helper API to lookup ACPI info for spi device (bsc#1203699).
- spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (git-fixes).
- spi: meson-spicc: do not rely on busy flag in pow2 clk ops (git-fixes).
- spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes).
- spi: propagate error code to the caller of acpi_spi_device_alloc()
(bsc#1203699).
- spi: qup: add missing clk_disable_unprepare on error in
spi_qup_pm_resume_runtime() (git-fixes).
- spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume()
(git-fixes).
- spi: Return deferred probe error when controller isn't yet available
(bsc#1203699).
- spi: s3c64xx: Fix large transfers with DMA (git-fixes).
- spi: Support selection of the index of the ACPI Spi Resource before
alloc (bsc#1203699).
- spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe
(git-fixes).
- struct ehci_hcd: hide new element going into a hole (git-fixes).
- struct xhci_hcd: restore member now dynamically allocated (git-fixes).
- SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes).
- SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes).
- SUNRPC: fix expiry of auth creds (git-fixes).
- SUNRPC: Fix xdr_encode_bool() (git-fixes).
- SUNRPC: Reinitialise the backchannel request buffers before reuse
(git-fixes).
- SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes).
- thunderbolt: Add support for Intel Maple Ridge single port controller
(git-fixes).
- tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes).
- tty: serial: atmel: Preserve previous USART mode if RS485 disabled
(git-fixes).
- USB: add quirks for Lenovo OneLink+ Dock (git-fixes).
- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes).
- USB: core: Fix RST error in hub.c (git-fixes).
- USB: core: Prevent nested device-reset calls (git-fixes).
- USB: Drop commas after SoC match table sentinels (git-fixes).
- USB: dwc3: core: leave default DMA if the controller does not support
64-bit DMA (git-fixes).
- USB: dwc3: disable USB core PHY management (git-fixes).
- USB: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind
(git-fixes).
- USB: dwc3: gadget: Do not modify GEVNTCOUNT in pullup() (git-fixes).
- USB: dwc3: gadget: Refactor pullup() (git-fixes).
- USB: dwc3: pci: Add support for Intel Raptor Lake (git-fixes).
- USB: Fix ehci infinite suspend-resume loop issue in zhaoxin (git-fixes).
- USB: host: xhci: fix a comment typo in xhci_mem_init() (git-fixes).
- USB: host: xhci: use ffs() in xhci_mem_init() (git-fixes).
- USB: hub: avoid warm port reset during USB3 disconnect (git-fixes).
- USB: serial: cp210x: add Decagon UCA device id (git-fixes).
- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes).
- USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes).
- USB: serial: option: add Quectel EM060K modem (git-fixes).
- USB: serial: option: add Quectel RM520N (git-fixes).
- USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode
(git-fixes).
- USB: serial: option: add support for OPPO R11 diag port (git-fixes).
- USB: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes).
- USB: storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes).
- USB: struct usb_device: hide new member (git-fixes).
- USB: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device
(git-fixes).
- USB: typec: tipd: Add an additional overflow check (git-fixes).
- USB: typec: tipd: Do not read/write more bytes than required (git-fixes).
- USB: typec: ucsi: Remove incorrect warning (git-fixes).
- USB: xhci-mtk: relax TT periodic bandwidth allocation (git-fixes).
- usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).
- vfio/type1: Unpin zero pages (git-fixes).
- vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes).
- video: fbdev: i740fb: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
(git-fixes).
- virt: Add SEV-SNP guest driver (jsc#SLE-19924, jsc#SLE-24814).
- virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement
(jsc#SLE-19924, jsc#SLE-24814).
- virt: sevguest: Add support to derive key (jsc#SLE-19924, jsc#SLE-24814).
- virt: sevguest: Add support to get extended report (jsc#SLE-19924,
jsc#SLE-24814).
- virt: sevguest: Fix bool function returning negative value
(jsc#SLE-19924, jsc#SLE-24814).
- virt: sevguest: Fix return value check in alloc_shared_pages()
(jsc#SLE-19924, jsc#SLE-24814).
- vrf: fix packet sniffing for traffic originating from ip tunnels
(git-fixes).
- vt: Clear selection before changing the font (git-fixes).
- watchdog: wdat_wdt: Set the min and max timeout values properly
(bsc#1194023).
- wifi: ath10k: add peer map clean up for peer delete in
ath10k_sta_state() (git-fixes).
- wifi: ath11k: fix number of VHT beamformee spatial streams (git-fixes).
- wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in
il4965_rs_fill_link_cmd() (git-fixes).
- wifi: mac80211_hwsim: check length for virtio packets (git-fixes).
- wifi: mac80211: allow bw change during channel switch in mesh
(git-fixes).
- wifi: mac80211: fix regression with non-QoS drivers (git-fixes).
- wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes).
- wifi: mt76: fix reading current per-tid starting sequence number for
aggregation (git-fixes).
- wifi: mt76: mt7615: add mt7615_mutex_acquire/release in
mt7615_sta_set_decap_offload (git-fixes).
- wifi: mt76: mt7915: do not check state before configuring implicit
beamform (git-fixes).
- wifi: mt76: sdio: fix transmitting packet hangs (git-fixes).
- wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes).
- wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes).
- wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes).
- wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes).
- wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask
(git-fixes).
- wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
(git-fixes).
- wifi: rtlwifi: 8192de: correct checking of IQK reload (git-fixes).
- wifi: rtw88: add missing destroy_workqueue() on error path in
rtw_core_init() (git-fixes).
- workqueue: do not skip lockdep work dependency in cancel_work_sync()
(git-fixes).
- x86/boot: Add a pointer to Confidential Computing blob in bootparams
(jsc#SLE-19924, jsc#SLE-24814).
- x86/boot: Add Confidential Computing type to setup_data (jsc#SLE-19924,
jsc#SLE-24814).
- x86/boot: Introduce helpers for MSR reads/writes (jsc#SLE-19924,
jsc#SLE-24814).
- x86/boot: Put globals that are accessed early into the .data section
(jsc#SLE-19924, jsc#SLE-24814).
- x86/boot: Use MSR read/write helpers instead of inline assembly
(jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed: Add helper for validating pages in the decompression
stage (jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed: Add SEV-SNP feature detection/setup (jsc#SLE-19924,
jsc#SLE-24814).
- x86/compressed: Export and rename add_identity_map() (jsc#SLE-19924,
jsc#SLE-24814).
- x86/compressed: Register GHCB memory when SEV-SNP is active
(jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests
(jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed/64: Add identity mapping for Confidential Computing blob
(jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers
(jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed/64: Detect/setup SEV/SME features earlier during boot
(jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed/acpi: Move EFI config table lookup to helper
(jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed/acpi: Move EFI detection to helper (jsc#SLE-19924,
jsc#SLE-24814).
- x86/compressed/acpi: Move EFI kexec handling into common code
(jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed/acpi: Move EFI system table lookup to helper
(jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed/acpi: Move EFI vendor table lookup to helper
(jsc#SLE-19924, jsc#SLE-24814).
- x86/head/64: Re-enable stack protection (jsc#SLE-19924, jsc#SLE-24814).
- x86/ibt,ftrace: Make function-graph play nice (bsc#1203969).
- x86/kernel: Mark the .bss..decrypted section as shared in the RMP table
(jsc#SLE-19924, jsc#SLE-24814).
- x86/kernel: Validate ROM memory before accessing when SEV-SNP is active
(jsc#SLE-19924, jsc#SLE-24814).
- x86/kexec: fix memory leak of elf header buffer (bsc#1196444).
- x86/mm: Extend cc_attr to include AMD SEV-SNP (jsc#SLE-19924,
jsc#SLE-24814).
- x86/mm: Validate memory when changing the C-bit (jsc#SLE-19924,
jsc#SLE-24814).
- x86/sev: Add a helper for the PVALIDATE instruction (jsc#SLE-19924,
jsc#SLE-24814).
- x86/sev: Add a sev= cmdline option (jsc#SLE-19924, jsc#SLE-24814).
- x86/sev: Add helper for validating pages in early enc attribute changes
(jsc#SLE-19924, jsc#SLE-24814).
- x86/sev: Add missing __init annotations to SEV init routines
(jsc#SLE-19924 jsc#SLE-24814).
- x86/sev: Add SEV-SNP feature detection/setup (jsc#SLE-19924,
jsc#SLE-24814).
- x86/sev: Check SEV-SNP features support (jsc#SLE-19924, jsc#SLE-24814).
- x86/sev: Check the VMPL level (jsc#SLE-19924, jsc#SLE-24814).
- x86/sev: Detect/setup SEV/SME features earlier in boot (jsc#SLE-19924,
jsc#SLE-24814).
- x86/sev: Get the AP jump table address from secrets page (jsc#SLE-19924,
jsc#SLE-24814).
- x86/sev: Move MSR-based VMGEXITs for CPUID to helper (jsc#SLE-19924,
jsc#SLE-24814).
- x86/sev: Provide support for SNP guest request NAEs (jsc#SLE-19924,
jsc#SLE-24814).
- x86/sev: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924,
jsc#SLE-24814).
- x86/sev: Register SEV-SNP guest request platform device (jsc#SLE-19924,
jsc#SLE-24814).
- x86/sev: Use firmware-validated CPUID for SEV-SNP guests (jsc#SLE-19924,
jsc#SLE-24814).
- x86/sev: Use SEV-SNP AP creation to start secondary CPUs (jsc#SLE-19924,
jsc#SLE-24814).
- x86/xen: Remove undefined behavior in setup_features() (git-fixes).
- xen-blkback: Advertise feature-persistent as user requested (git-fixes).
- xen-blkback: Apply 'feature_persistent' parameter when connect
(git-fixes).
- xen-blkback: fix persistent grants negotiation (git-fixes).
- xen-blkfront: Advertise feature-persistent as user requested (git-fixes).
- xen-blkfront: Apply 'feature_persistent' parameter when connect
(git-fixes).
- xen-blkfront: Cache feature_persistent value before advertisement
(git-fixes).
- xen-blkfront: Handle NULL gendisk (git-fixes).
- xen-netback: only remove 'hotplug-status' when the vif is actually
destroyed (git-fixes).
- xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes).
- xen/grants: prevent integer overflow in gnttab_dma_alloc_pages()
(git-fixes).
- xen/usb: do not use arbitrary_virt_to_machine() (git-fixes).
- xhci: Allocate separate command structures for each LPM command
(git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3585=1
- SUSE Linux Enterprise Module for Public Cloud 15-SP4:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-3585=1
Package List:
- openSUSE Leap 15.4 (aarch64 x86_64):
cluster-md-kmp-azure-5.14.21-150400.14.16.1
cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.16.1
dlm-kmp-azure-5.14.21-150400.14.16.1
dlm-kmp-azure-debuginfo-5.14.21-150400.14.16.1
gfs2-kmp-azure-5.14.21-150400.14.16.1
gfs2-kmp-azure-debuginfo-5.14.21-150400.14.16.1
kernel-azure-5.14.21-150400.14.16.1
kernel-azure-debuginfo-5.14.21-150400.14.16.1
kernel-azure-debugsource-5.14.21-150400.14.16.1
kernel-azure-devel-5.14.21-150400.14.16.1
kernel-azure-devel-debuginfo-5.14.21-150400.14.16.1
kernel-azure-extra-5.14.21-150400.14.16.1
kernel-azure-extra-debuginfo-5.14.21-150400.14.16.1
kernel-azure-livepatch-devel-5.14.21-150400.14.16.1
kernel-azure-optional-5.14.21-150400.14.16.1
kernel-azure-optional-debuginfo-5.14.21-150400.14.16.1
kernel-syms-azure-5.14.21-150400.14.16.1
kselftests-kmp-azure-5.14.21-150400.14.16.1
kselftests-kmp-azure-debuginfo-5.14.21-150400.14.16.1
ocfs2-kmp-azure-5.14.21-150400.14.16.1
ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.16.1
reiserfs-kmp-azure-5.14.21-150400.14.16.1
reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.16.1
- openSUSE Leap 15.4 (noarch):
kernel-devel-azure-5.14.21-150400.14.16.1
kernel-source-azure-5.14.21-150400.14.16.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 x86_64):
kernel-azure-5.14.21-150400.14.16.1
kernel-azure-debuginfo-5.14.21-150400.14.16.1
kernel-azure-debugsource-5.14.21-150400.14.16.1
kernel-azure-devel-5.14.21-150400.14.16.1
kernel-azure-devel-debuginfo-5.14.21-150400.14.16.1
kernel-syms-azure-5.14.21-150400.14.16.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch):
kernel-devel-azure-5.14.21-150400.14.16.1
kernel-source-azure-5.14.21-150400.14.16.1
References:
https://www.suse.com/security/cve/CVE-2022-1263.html
https://www.suse.com/security/cve/CVE-2022-2586.html
https://www.suse.com/security/cve/CVE-2022-3202.html
https://www.suse.com/security/cve/CVE-2022-3239.html
https://www.suse.com/security/cve/CVE-2022-3303.html
https://www.suse.com/security/cve/CVE-2022-39189.html
https://www.suse.com/security/cve/CVE-2022-41218.html
https://www.suse.com/security/cve/CVE-2022-41848.html
https://www.suse.com/security/cve/CVE-2022-41849.html
https://bugzilla.suse.com/1152472
https://bugzilla.suse.com/1152489
https://bugzilla.suse.com/1185032
https://bugzilla.suse.com/1190497
https://bugzilla.suse.com/1194023
https://bugzilla.suse.com/1194869
https://bugzilla.suse.com/1195917
https://bugzilla.suse.com/1196444
https://bugzilla.suse.com/1196869
https://bugzilla.suse.com/1197659
https://bugzilla.suse.com/1198189
https://bugzilla.suse.com/1200622
https://bugzilla.suse.com/1201309
https://bugzilla.suse.com/1201310
https://bugzilla.suse.com/1201987
https://bugzilla.suse.com/1202095
https://bugzilla.suse.com/1202960
https://bugzilla.suse.com/1203039
https://bugzilla.suse.com/1203066
https://bugzilla.suse.com/1203101
https://bugzilla.suse.com/1203197
https://bugzilla.suse.com/1203263
https://bugzilla.suse.com/1203338
https://bugzilla.suse.com/1203360
https://bugzilla.suse.com/1203361
https://bugzilla.suse.com/1203389
https://bugzilla.suse.com/1203410
https://bugzilla.suse.com/1203505
https://bugzilla.suse.com/1203552
https://bugzilla.suse.com/1203664
https://bugzilla.suse.com/1203693
https://bugzilla.suse.com/1203699
https://bugzilla.suse.com/1203701
https://bugzilla.suse.com/1203767
https://bugzilla.suse.com/1203769
https://bugzilla.suse.com/1203794
https://bugzilla.suse.com/1203798
https://bugzilla.suse.com/1203893
https://bugzilla.suse.com/1203902
https://bugzilla.suse.com/1203906
https://bugzilla.suse.com/1203908
https://bugzilla.suse.com/1203933
https://bugzilla.suse.com/1203935
https://bugzilla.suse.com/1203939
https://bugzilla.suse.com/1203969
https://bugzilla.suse.com/1203987
https://bugzilla.suse.com/1203992
1
0
SUSE-RU-2022:3579-1: moderate: Recommended update for rmt-server
by maintenance@opensuse.org 13 Oct '22
by maintenance@opensuse.org 13 Oct '22
13 Oct '22
SUSE Recommended Update: Recommended update for rmt-server
______________________________________________________________________________
Announcement ID: SUSE-RU-2022:3579-1
Rating: moderate
References: #1188578 #1197038 #1197405 #1198721 #1199961
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Public Cloud 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that has 5 recommended fixes can now be installed.
Description:
This update for rmt-server fixes the following issues:
- Implement `System-Token` header handling to improve unique system
reporting.
- Add --proxy-byos flag to rmt-cli systems command to filter BYOS systems
using RMT as a proxy
- Retry failed http requests automatically (bsc#1197405, bsc#1188578,
bsc#1198721, bsc#1199961)
- Improved rmt-client-setup-res script for CentOS8.x and RHEL/RES8.x
(bsc#1197038)
Patch Instructions:
To install this SUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3579=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3579=1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-3579=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
rmt-server-2.9-150300.3.18.1
rmt-server-config-2.9-150300.3.18.1
rmt-server-debuginfo-2.9-150300.3.18.1
rmt-server-debugsource-2.9-150300.3.18.1
rmt-server-pubcloud-2.9-150300.3.18.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
rmt-server-2.9-150300.3.18.1
rmt-server-config-2.9-150300.3.18.1
rmt-server-debuginfo-2.9-150300.3.18.1
rmt-server-debugsource-2.9-150300.3.18.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64):
rmt-server-debuginfo-2.9-150300.3.18.1
rmt-server-debugsource-2.9-150300.3.18.1
rmt-server-pubcloud-2.9-150300.3.18.1
References:
https://bugzilla.suse.com/1188578
https://bugzilla.suse.com/1197038
https://bugzilla.suse.com/1197405
https://bugzilla.suse.com/1198721
https://bugzilla.suse.com/1199961
1
0
openSUSE-SU-2022:10147-1: important: Security update for libosip2
by opensuse-security@opensuse.org 13 Oct '22
by opensuse-security@opensuse.org 13 Oct '22
13 Oct '22
openSUSE Security Update: Security update for libosip2
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10147-1
Rating: important
References: #1204225
Cross-References: CVE-2022-41550
CVSS scores:
CVE-2022-41550 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libosip2 fixes the following issues:
- CVE-2022-41550: Fixed an integer overflow in the header parser
(boo#1204225)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10147=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
libosip2-12-5.2.1-bp154.2.3.1
libosip2-devel-5.2.1-bp154.2.3.1
References:
https://www.suse.com/security/cve/CVE-2022-41550.html
https://bugzilla.suse.com/1204225
1
0