January 2024 - openSUSE Updates - openSUSE Mailing Lists

SUSE-RU-2024:0139-1: moderate: Recommended update for go1.21
by OPENSUSE-UPDATES 18 Jan '24

18 Jan '24

# Recommended update for go1.21 Announcement ID: SUSE-RU-2024:0139-1 Rating: moderate References: * bsc#1212475 Affected Products: * Containers Module 15-SP4 * Containers Module 15-SP5 * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for go1.21 fixes the following issues: go1.21.6 (released 2024-01-09) includes fixes to the compiler, the runtime, and the crypto/tls, maps, and runtime/pprof packages. (bsc#1212475) * x/build,os/signal: TestDetectNohup and TestNohup fail on replacement darwin LUCI builders * runtime: ReadMemStats fatal error: mappedReady and other memstats are not equal * cmd/compile: linux/s390x: inlining bug in s390x * maps: maps.Clone reference semantics when cloning a map with large value types * runtime: excessive memory use between 1.21.0 -> 1.21.1 * cmd/compile: max/min builtin broken when used with string(byte) conversions * runtime/pprof: incorrect function names for generics functions * crypto: upgrade to BoringCrypto fips-20220613 and enable TLS 1.3 * runtime: race condition raised with parallel tests, panic(nil) and -race ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-139=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2024-139=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2024-139=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-139=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-139=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-139=1 * SUSE Linux Enterprise Real Time 15 SP4 zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2024-139=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-139=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-139=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-139=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.21-doc-1.21.6-150000.1.21.1 * go1.21-race-1.21.6-150000.1.21.1 * go1.21-1.21.6-150000.1.21.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x) * container-suseconnect-2.4.0-150000.4.48.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.48.1 * container-suseconnect-debuginfo-2.4.0-150000.4.48.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.21-doc-1.21.6-150000.1.21.1 * go1.21-race-1.21.6-150000.1.21.1 * go1.21-1.21.6-150000.1.21.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * go1.21-doc-1.21.6-150000.1.21.1 * container-suseconnect-2.4.0-150000.4.48.1 * go1.21-race-1.21.6-150000.1.21.1 * go1.21-1.21.6-150000.1.21.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * go1.21-doc-1.21.6-150000.1.21.1 * container-suseconnect-2.4.0-150000.4.48.1 * go1.21-race-1.21.6-150000.1.21.1 * go1.21-1.21.6-150000.1.21.1 * SUSE Linux Enterprise Real Time 15 SP4 (x86_64) * go1.21-doc-1.21.6-150000.1.21.1 * go1.21-race-1.21.6-150000.1.21.1 * go1.21-1.21.6-150000.1.21.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * go1.21-doc-1.21.6-150000.1.21.1 * go1.21-race-1.21.6-150000.1.21.1 * go1.21-1.21.6-150000.1.21.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.21-doc-1.21.6-150000.1.21.1 * container-suseconnect-2.4.0-150000.4.48.1 * go1.21-1.21.6-150000.1.21.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 x86_64) * go1.21-race-1.21.6-150000.1.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * go1.21-doc-1.21.6-150000.1.21.1 * container-suseconnect-2.4.0-150000.4.48.1 * go1.21-1.21.6-150000.1.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * go1.21-race-1.21.6-150000.1.21.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212475

1 0

SUSE-SU-2024:0140-1: important: Security update for libssh
by OPENSUSE-UPDATES 18 Jan '24

18 Jan '24

# Security update for libssh Announcement ID: SUSE-SU-2024:0140-1 Rating: important References: * bsc#1211188 * bsc#1211190 * bsc#1218126 * bsc#1218186 * bsc#1218209 Cross-References: * CVE-2023-1667 * CVE-2023-2283 * CVE-2023-48795 * CVE-2023-6004 * CVE-2023-6918 CVSS scores: * CVE-2023-1667 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1667 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2283 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-2283 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-48795 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-48795 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-6004 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2023-6004 ( NVD ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2023-6918 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-6918 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves five vulnerabilities can now be installed. ## Description: This update for libssh fixes the following issues: Security fixes: * CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209) * CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126) * CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186) * CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing (bsc#1211188) * CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190) Other fixes: * Update to version 0.9.8 * Allow @ in usernames when parsing from URI composes * Update to version 0.9.7 * Fix several memory leaks in GSSAPI handling code ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-140=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2024-140=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2024-140=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-140=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-140=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-140=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-140=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-140=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-140=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-140=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-140=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-140=1 * SUSE Linux Enterprise Real Time 15 SP4 zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2024-140=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-140=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-140=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-140=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-140=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-140=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-140=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libssh-config-0.9.8-150400.3.3.1 * libssh4-0.9.8-150400.3.3.1 * libssh-devel-0.9.8-150400.3.3.1 * libssh4-debuginfo-0.9.8-150400.3.3.1 * libssh-debugsource-0.9.8-150400.3.3.1 * openSUSE Leap 15.4 (x86_64) * libssh4-32bit-debuginfo-0.9.8-150400.3.3.1 * libssh4-32bit-0.9.8-150400.3.3.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libssh4-64bit-debuginfo-0.9.8-150400.3.3.1 * libssh4-64bit-0.9.8-150400.3.3.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libssh4-0.9.8-150400.3.3.1 * libssh-debugsource-0.9.8-150400.3.3.1 * libssh-config-0.9.8-150400.3.3.1 * libssh4-debuginfo-0.9.8-150400.3.3.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libssh4-0.9.8-150400.3.3.1 * libssh-debugsource-0.9.8-150400.3.3.1 * libssh-config-0.9.8-150400.3.3.1 * libssh4-debuginfo-0.9.8-150400.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libssh-config-0.9.8-150400.3.3.1 * libssh4-0.9.8-150400.3.3.1 * libssh-devel-0.9.8-150400.3.3.1 * libssh4-debuginfo-0.9.8-150400.3.3.1 * libssh-debugsource-0.9.8-150400.3.3.1 * openSUSE Leap 15.5 (x86_64) * libssh4-32bit-debuginfo-0.9.8-150400.3.3.1 * libssh4-32bit-0.9.8-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libssh4-0.9.8-150400.3.3.1 * libssh-debugsource-0.9.8-150400.3.3.1 * libssh-config-0.9.8-150400.3.3.1 * libssh4-debuginfo-0.9.8-150400.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libssh4-0.9.8-150400.3.3.1 * libssh-debugsource-0.9.8-150400.3.3.1 * libssh-config-0.9.8-150400.3.3.1 * libssh4-debuginfo-0.9.8-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libssh4-0.9.8-150400.3.3.1 * libssh-debugsource-0.9.8-150400.3.3.1 * libssh-config-0.9.8-150400.3.3.1 * libssh4-debuginfo-0.9.8-150400.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libssh4-0.9.8-150400.3.3.1 * libssh-debugsource-0.9.8-150400.3.3.1 * libssh-config-0.9.8-150400.3.3.1 * libssh4-debuginfo-0.9.8-150400.3.3.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libssh4-0.9.8-150400.3.3.1 * libssh-debugsource-0.9.8-150400.3.3.1 * libssh-config-0.9.8-150400.3.3.1 * libssh4-debuginfo-0.9.8-150400.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libssh-config-0.9.8-150400.3.3.1 * libssh4-0.9.8-150400.3.3.1 * libssh-devel-0.9.8-150400.3.3.1 * libssh4-debuginfo-0.9.8-150400.3.3.1 * libssh-debugsource-0.9.8-150400.3.3.1 * Basesystem Module 15-SP5 (x86_64) * libssh4-32bit-debuginfo-0.9.8-150400.3.3.1 * libssh4-32bit-0.9.8-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libssh-config-0.9.8-150400.3.3.1 * libssh4-0.9.8-150400.3.3.1 * libssh-devel-0.9.8-150400.3.3.1 * libssh4-debuginfo-0.9.8-150400.3.3.1 * libssh-debugsource-0.9.8-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libssh4-32bit-debuginfo-0.9.8-150400.3.3.1 * libssh4-32bit-0.9.8-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libssh-config-0.9.8-150400.3.3.1 * libssh4-0.9.8-150400.3.3.1 * libssh-devel-0.9.8-150400.3.3.1 * libssh4-debuginfo-0.9.8-150400.3.3.1 * libssh-debugsource-0.9.8-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libssh4-32bit-debuginfo-0.9.8-150400.3.3.1 * libssh4-32bit-0.9.8-150400.3.3.1 * SUSE Linux Enterprise Real Time 15 SP4 (x86_64) * libssh4-32bit-debuginfo-0.9.8-150400.3.3.1 * libssh-config-0.9.8-150400.3.3.1 * libssh4-32bit-0.9.8-150400.3.3.1 * libssh4-0.9.8-150400.3.3.1 * libssh-devel-0.9.8-150400.3.3.1 * libssh4-debuginfo-0.9.8-150400.3.3.1 * libssh-debugsource-0.9.8-150400.3.3.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * libssh4-32bit-debuginfo-0.9.8-150400.3.3.1 * libssh-config-0.9.8-150400.3.3.1 * libssh4-32bit-0.9.8-150400.3.3.1 * libssh4-0.9.8-150400.3.3.1 * libssh-devel-0.9.8-150400.3.3.1 * libssh4-debuginfo-0.9.8-150400.3.3.1 * libssh-debugsource-0.9.8-150400.3.3.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * libssh-config-0.9.8-150400.3.3.1 * libssh4-0.9.8-150400.3.3.1 * libssh-devel-0.9.8-150400.3.3.1 * libssh4-debuginfo-0.9.8-150400.3.3.1 * libssh-debugsource-0.9.8-150400.3.3.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (x86_64) * libssh4-32bit-debuginfo-0.9.8-150400.3.3.1 * libssh4-32bit-0.9.8-150400.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libssh-config-0.9.8-150400.3.3.1 * libssh4-0.9.8-150400.3.3.1 * libssh-devel-0.9.8-150400.3.3.1 * libssh4-debuginfo-0.9.8-150400.3.3.1 * libssh-debugsource-0.9.8-150400.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libssh4-32bit-debuginfo-0.9.8-150400.3.3.1 * libssh4-32bit-0.9.8-150400.3.3.1 * SUSE Manager Proxy 4.3 (x86_64) * libssh4-32bit-debuginfo-0.9.8-150400.3.3.1 * libssh-config-0.9.8-150400.3.3.1 * libssh4-32bit-0.9.8-150400.3.3.1 * libssh4-0.9.8-150400.3.3.1 * libssh-devel-0.9.8-150400.3.3.1 * libssh4-debuginfo-0.9.8-150400.3.3.1 * libssh-debugsource-0.9.8-150400.3.3.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libssh4-32bit-debuginfo-0.9.8-150400.3.3.1 * libssh-config-0.9.8-150400.3.3.1 * libssh4-32bit-0.9.8-150400.3.3.1 * libssh4-0.9.8-150400.3.3.1 * libssh-devel-0.9.8-150400.3.3.1 * libssh4-debuginfo-0.9.8-150400.3.3.1 * libssh-debugsource-0.9.8-150400.3.3.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libssh-config-0.9.8-150400.3.3.1 * libssh4-0.9.8-150400.3.3.1 * libssh-devel-0.9.8-150400.3.3.1 * libssh4-debuginfo-0.9.8-150400.3.3.1 * libssh-debugsource-0.9.8-150400.3.3.1 * SUSE Manager Server 4.3 (x86_64) * libssh4-32bit-debuginfo-0.9.8-150400.3.3.1 * libssh4-32bit-0.9.8-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1667.html * https://www.suse.com/security/cve/CVE-2023-2283.html * https://www.suse.com/security/cve/CVE-2023-48795.html * https://www.suse.com/security/cve/CVE-2023-6004.html * https://www.suse.com/security/cve/CVE-2023-6918.html * https://bugzilla.suse.com/show_bug.cgi?id=1211188 * https://bugzilla.suse.com/show_bug.cgi?id=1211190 * https://bugzilla.suse.com/show_bug.cgi?id=1218126 * https://bugzilla.suse.com/show_bug.cgi?id=1218186 * https://bugzilla.suse.com/show_bug.cgi?id=1218209

1 0

SUSE-SU-2024:0141-1: important: Security update for the Linux Kernel
by OPENSUSE-UPDATES 18 Jan '24

18 Jan '24

# Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:0141-1 Rating: important References: * bsc#1108281 * bsc#1179610 * bsc#1183045 * bsc#1211162 * bsc#1211226 * bsc#1212139 * bsc#1212584 * bsc#1214117 * bsc#1214747 * bsc#1214823 * bsc#1215237 * bsc#1215696 * bsc#1215885 * bsc#1215952 * bsc#1216032 * bsc#1216057 * bsc#1216559 * bsc#1216776 * bsc#1217036 * bsc#1217217 * bsc#1217250 * bsc#1217602 * bsc#1217692 * bsc#1217790 * bsc#1217801 * bsc#1217822 * bsc#1217927 * bsc#1217933 * bsc#1217938 * bsc#1217946 * bsc#1217947 * bsc#1217980 * bsc#1217981 * bsc#1217982 * bsc#1218056 * bsc#1218092 * bsc#1218139 * bsc#1218184 * bsc#1218229 * bsc#1218234 * bsc#1218253 * bsc#1218258 * bsc#1218335 * bsc#1218357 * bsc#1218397 * bsc#1218447 * bsc#1218461 * bsc#1218515 * bsc#1218559 * bsc#1218569 * bsc#1218643 * jsc#PED-3459 * jsc#PED-5021 * jsc#PED-7167 Cross-References: * CVE-2020-26555 * CVE-2023-51779 * CVE-2023-6121 * CVE-2023-6531 * CVE-2023-6546 * CVE-2023-6606 * CVE-2023-6610 * CVE-2023-6622 * CVE-2023-6931 * CVE-2023-6932 CVSS scores: * CVE-2020-26555 ( SUSE ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2020-26555 ( NVD ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-51779 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6121 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-6121 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-6531 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6606 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-6606 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-6610 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2023-6610 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-6622 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-6622 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-6931 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6931 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6932 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6932 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 10 vulnerabilities, contains three features and has 41 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). * CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946). * CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559). * CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237). * CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947). * CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335). * CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258). * CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253). * CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938). * CVE-2023-6121: Fixed an out-of-bounds read vulnerability in the NVMe-oF/TCP subsystem that could lead to information leak (bsc#1217250). The following non-security bugs were fixed: * Documentation: KVM: add separate directories for architecture-specific documentation (jsc#PED-7167). * Documentation: KVM: update amd-memory-encryption.rst references (jsc#PED-7167). * Documentation: KVM: update msr.rst reference (jsc#PED-7167). * Documentation: KVM: update s390-diag.rst reference (jsc#PED-7167). * Documentation: KVM: update s390-pv.rst reference (jsc#PED-7167). * Documentation: drop more IDE boot options and ide-cd.rst (git-fixes). * Documentation: qat: Use code block for qat sysfs example (git-fixes). * Drop Documentation/ide/ (git-fixes). * Fix crash on screen resize (bsc#1218229) * Fix drm gem object underflow (bsc#1218092) * Revert "Limit kernel-source-azure build to architectures for which we build binaries (bsc#1108281)." * Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()" (git-fixes). * Revert "PCI: acpiphp: Reassign resources on bridge if necessary" (git- fixes). * Revert "md: unlock mddev before reap sync_thread in action_store" (git- fixes). * Revert "swiotlb: panic if nslabs is too small" (git-fixes). * Revert "xhci: Loosen RPM as default policy to cover for AMD xHC 1.1" (git- fixes). * Update: drm/vmwgfx: Keep a gem reference to user bos in surfaces * acpi: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 (git- fixes). * acpi: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects (git-fixes). * acpica: Add AML_NO_OPERAND_RESOLVE flag to Timer (git-fixes). * afs: Fix afs_server_list to be cleaned up with RCU (git-fixes). * afs: Fix dynamic root lookup DNS check (git-fixes). * afs: Fix file locking on R/O volumes to operate in local mode (git-fixes). * afs: Fix overwriting of result of DNS query (git-fixes). * afs: Fix refcount underflow from error handling race (git-fixes). * afs: Fix the dynamic root's d_delete to always delete unused dentries (git- fixes). * afs: Fix use-after-free due to get/remove race in volume tree (git-fixes). * afs: Make error on cell lookup failure consistent with OpenAFS (git-fixes). * afs: Return ENOENT if no cell DNS record can be found (git-fixes). * alsa: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro (git-fixes). * alsa: hda/hdmi: add force-connect quirk for NUC5CPYB (git-fixes). * alsa: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants (git- fixes). * alsa: hda/realtek: Add Framework laptop 16 to quirks (git-fixes). * alsa: hda/realtek: Add quirk for ASUS ROG GV302XA (git-fixes). * alsa: hda/realtek: Add supported ALC257 for ChromeOS (git-fixes). * alsa: hda/realtek: Apply mute LED quirk for HP15-db (git-fixes). * alsa: hda/realtek: Enable headset on Lenovo M90 Gen5 (git-fixes). * alsa: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 (git- fixes). * alsa: hda/realtek: Headset Mic VREF to 100% (git-fixes). * alsa: hda/realtek: add new Framework laptop to quirks (git-fixes). * alsa: hda/realtek: enable SND_PCI_QUIRK for hp pavilion 14-ec1xxx series (git-fixes). * alsa: hda/realtek: fix mute/micmute LEDs for a HP ZBook (git-fixes). * alsa: hda/realtek: fix speakers on XPS 9530 (2023) (git-fixes). * alsa: hda: intel-dsp-cfg: add LunarLake support (git-fixes). * alsa: pcm: fix out-of-bounds in snd_pcm_state_names (git-fixes). * alsa: seq: oss: Fix racy open/close of MIDI devices (git-fixes). * alsa: usb-audio: Add Pioneer DJM-450 mixer controls (git-fixes). * alsa: usb-audio: Increase delay in MOTU M quirk (git-fixes). * apparmor: Free up __cleanup() name (jsc#PED-7167). * arm64: dts: arm: add missing cache properties (git-fixes) * arm64: dts: imx8mm: Add sound-dai-cells to micfil node (git-fixes) * arm64: dts: imx8mn: Add sound-dai-cells to micfil node (git-fixes) * arm64: dts: imx8mq-librem5: Remove dis_u3_susphy_quirk from (git-fixes) * arm64: kdump: Skip kmemleak scan reserved memory for kdump (jsc#PED-7167). * arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y (git- fixes) * arm: oMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init (git-fixes). * arm: pL011: Fix DMA support (git-fixes). * asoc: fsl_rpmsg: Fix error handler with pm_runtime_enable (git-fixes). * asoc: hdmi-codec: fix missing report for jack initial status (git-fixes). * asoc: meson: g12a-toacodec: Fix event generation (git-fixes). * asoc: meson: g12a-toacodec: Validate written enum values (git-fixes). * asoc: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux (git-fixes). * asoc: meson: g12a-tohdmitx: Validate written enum values (git-fixes). * asoc: wm_adsp: fix memleak in wm_adsp_buffer_populate (git-fixes). * bitmap: unify find_bit operations (jsc#PED-7167). * block: fix revalidate performance regression (bsc#1216057). * bluetooth: Fix deadlock in vhci_send_frame (git-fixes). * bluetooth: L2CAP: Send reject on command corrupted request (git-fixes). * bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE (git- fixes). * bluetooth: btusb: Add new PID/VID 0489:e0f2 for MT7921 (bsc#1218461). * bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent (git- fixes). * bluetooth: hci_event: shut up a false-positive warning (git-fixes). * bluetooth: hci_qca: Fix the teardown problem for real (git-fixes). * bnxt: do not handle XDP in netpoll (jsc#PED-1495). * bnxt_en: Clear resource reservation during resume (jsc#PED-1495). * bnxt_en: Fix HWTSTAMP_FILTER_ALL packet timestamp logic (jsc#PED-1495). * bnxt_en: Fix max_mtu setting for multi-buf XDP (jsc#PED-1495). * bnxt_en: Fix page pool logic for page size >= 64K (jsc#PED-1495). * bnxt_en: Fix wrong return value check in bnxt_close_nic() (jsc#PED-1495). * bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI (jsc#PED-1495). * bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234 git-fixes). * bus: ti-sysc: Flush posted write only after srst_udelay (git-fixes). * ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980). * ceph: fix type promotion bug on 32bit systems (bsc#1217982). * cleanup: Make no_free_ptr() __must_check (jsc#PED-7167). * clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217). * clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217). * clocksource: Handle negative skews in "skew is too large" messages (bsc#1215885 bsc#1217217). * clocksource: Improve "skew is too large" messages (bsc#1215885 bsc#1217217). * clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217). * clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217). * clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217). * clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217). * configfs-tsm: Introduce a shared ABI for attestation reports (jsc#PED-7167). * crypto: ccp - Add SEV_INIT rc error logging on init (jsc#PED-7167). * crypto: ccp - Add SEV_INIT_EX support (jsc#PED-7167). * crypto: ccp - Add a header for multiple drivers to use `__psp_pa` (jsc#PED-7167). * crypto: ccp - Add a quirk to firmware update (jsc#PED-7167). * crypto: ccp - Add psp_init_on_probe module parameter (jsc#PED-7167). * crypto: ccp - Drop TEE support for IRQ handler (jsc#PED-7167). * crypto: ccp - Ensure psp_ret is always init'd in __sev_platform_init_locked() (jsc#PED-7167). * crypto: ccp - Fail the PSP initialization when writing psp data file failed (jsc#PED-7167). * crypto: ccp - Fix the INIT_EX data file open failure (jsc#PED-7167). * crypto: ccp - Fix whitespace in sev_cmd_buffer_len() (jsc#PED-7167). * crypto: ccp - Flush the SEV-ES TMR memory before giving it to firmware (jsc#PED-7167). * crypto: ccp - Initialize PSP when reading psp data file failed (jsc#PED-7167). * crypto: ccp - Log when resetting PSP SEV state (jsc#PED-7167). * crypto: ccp - Move SEV_INIT retry for corrupted data (jsc#PED-7167). * crypto: ccp - Move some PSP mailbox bit definitions into common header (jsc#PED-7167). * crypto: ccp - Name -1 return value as SEV_RET_NO_FW_CALL (jsc#PED-7167). * crypto: ccp - Refactor out sev_fw_alloc() (jsc#PED-7167). * crypto: ccp - remove unneeded semicolon (jsc#PED-7167). * crypto: ccp: Get rid of __sev_platform_init_locked()'s local function pointer (jsc#PED-7167). * dm verity: initialize fec io before freeing it (git-fixes). * dm-verity: do not use blocking calls from tasklets (git-fixes). * dm: add cond_resched() to dm_wq_requeue_work() (git-fixes). * dm: do not attempt to queue IO under RCU protection (git-fixes). * dm: fix __send_duplicate_bios() to always allow for splitting IO (bsc#1215952). * dm: fix improper splitting for abnormal bios (bsc#1215952). * dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter (git-fixes). * dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776). * dmaengine: ioat: Free up __cleanup() name (jsc#PED-7167). * doc/README.SUSE: Add how to update the config for module signing (jsc#PED-5021) * doc/README.SUSE: Remove how to build modules using kernel-source (jsc#PED-5021) * doc/README.SUSE: Simplify the list of references (jsc#PED-5021) * drm/amd/amdgpu: Fix warnings in amdgpu/amdgpu_display.c (git-fixes). * drm/amdgpu/sdma5.2: add begin/end_use ring callbacks (bsc#1212139). * drm/amdgpu: Add EEPROM I2C address support for ip discovery (git-fixes). * drm/amdgpu: Add I2C EEPROM support on smu v13_0_6 (git-fixes). * drm/amdgpu: Add support for RAS table at 0x40000 (git-fixes). * drm/amdgpu: Decouple RAS EEPROM addresses from chips (git-fixes). * drm/amdgpu: Remove redundant I2C EEPROM address (git-fixes). * drm/amdgpu: Remove second moot switch to set EEPROM I2C address (git-fixes). * drm/amdgpu: Return from switch early for EEPROM I2C address (git-fixes). * drm/amdgpu: Update EEPROM I2C address for smu v13_0_0 (git-fixes). * drm/amdgpu: Update ras eeprom support for smu v13_0_0 and v13_0_10 (git- fixes). * drm/amdgpu: correct chunk_ptr to a pointer to chunk (git-fixes). * drm/amdgpu: correct the amdgpu runtime dereference usage count (git-fixes). * drm/amdgpu: fix tear down order in amdgpu_vm_pt_free (git-fixes). * drm/amdgpu: simplify amdgpu_ras_eeprom.c (git-fixes). * drm/bridge: parade-ps8640: Never store more than msg->size bytes in AUX xfer (git-fixes). * drm/bridge: ps8640: Fix size mismatch warning w/ len (git-fixes). * drm/bridge: tc358768: select CONFIG_VIDEOMODE_HELPERS (git-fixes). * drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer (git-fixes). * drm/i915/display: Drop check for doublescan mode in modevalid (git-fixes). * drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern (git-fixes). * drm/i915/dpt: Only do the POT stride remap when using DPT (git-fixes). * drm/i915/lvds: Use REG_BIT() & co (git-fixes). * drm/i915/mtl: limit second scaler vertical scaling in ver >= 14 (git-fixes). * drm/i915/sdvo: stop caching has_hdmi_monitor in struct intel_sdvo (git- fixes). * drm/i915: Fix intel_atomic_setup_scalers() plane_state handling (git-fixes). * drm/i915: Fix remapped stride with CCS on ADL+ (git-fixes). * drm/i915: Reject async flips with bigjoiner (git-fixes). * drm/i915: Relocate intel_atomic_setup_scalers() (git-fixes). * drm/i915: fix MAX_ORDER usage in i915_gem_object_get_pages_internal() (jsc#PED-7167). * drm/mediatek: Add spinlock for setting vblank event in atomic_begin (git- fixes). * drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE (git- fixes). * efi/libstub: Implement support for unaccepted memory (jsc#PED-7167). * efi/unaccepted: Avoid load_unaligned_zeropad() stepping into unaccepted memory (jsc#PED-7167). * efi/unaccepted: Fix off-by-one when checking for overlapping ranges (jsc#PED-7167). * efi/unaccepted: Fix soft lockups caused by parallel memory acceptance (jsc#PED-7167). * efi/unaccepted: Make sure unaccepted table is mapped (jsc#PED-7167). * efi/unaccepted: Use ACPI reclaim memory for unaccepted memory table (jsc#PED-7167). * efi/x86: Get full memory map in allocate_e820() (jsc#PED-7167). * efi: Add unaccepted memory support (jsc#PED-7167). * efi: libstub: avoid efi_get_memory_map() for allocating the virt map (jsc#PED-7167). * efi: libstub: install boot-time memory map as config table (jsc#PED-7167). * efi: libstub: remove DT dependency from generic stub (jsc#PED-7167). * efi: libstub: remove pointless goto kludge (jsc#PED-7167). * efi: libstub: simplify efi_get_memory_map() and struct efi_boot_memmap (jsc#PED-7167). * efi: libstub: unify initrd loading between architectures (jsc#PED-7167). * floppy: fix MAX_ORDER usage (jsc#PED-7167). * fprobe: Fix to ensure the number of active retprobes is not zero (git- fixes). * fs/jfs: Add check for negative db_l2nbperpage (git-fixes). * fs/jfs: Add validity check for db_maxag and db_agpref (git-fixes). * fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() (git- fixes). * fs/remap: constrain dedupe of EOF blocks (git-fixes). * fs: avoid empty option when generating legacy mount string (git-fixes). * fs: fix an infinite loop in iomap_fiemap (git-fixes). * fs: ocfs2: namei: check return value of ocfs2_add_entry() (git-fixes). * genwqe: fix MAX_ORDER usage (jsc#PED-7167). * gfs2: Add wrapper for iomap_file_buffered_write (git-fixes). * gfs2: Check sb_bsize_shift after reading superblock (git-fixes). * gfs2: Clean up function may_grant (git-fixes). * gfs2: Fix filesystem block deallocation for short writes (git-fixes). * gfs2: Fix gfs2_release for non-writers regression (git-fixes). * gfs2: Fix inode height consistency check (git-fixes). * gfs2: Fix length of holes reported at end-of-file (git-fixes). * gfs2: Fix possible data races in gfs2_show_options() (git-fixes). * gfs2: Improve gfs2_make_fs_rw error handling (git-fixes). * gfs2: Make sure FITRIM minlen is rounded up to fs block size (git-fixes). * gfs2: Silence "suspicious RCU usage in gfs2_permission" warning (git-fixes). * gfs2: Switch from strlcpy to strscpy (git-fixes). * gfs2: fix an oops in gfs2_permission (git-fixes). * gfs2: gfs2_setattr_size error path fix (git-fixes). * gfs2: ignore negated quota changes (git-fixes). * gfs2: jdata writepage fix (git-fixes). * gfs2: use i_lock spin_lock for inode qadata (git-fixes). * gpiolib: sysfs: Fix error handling on failed export (git-fixes). * gve: Fixes for napi_poll when budget is 0 (git-fixes). * gve: Use size_add() in call to struct_size() (git-fixes). * hid: add ALWAYS_POLL quirk for Apple kb (git-fixes). * hid: glorious: fix Glorious Model I HID report (git-fixes). * hid: hid-asus: add const to read-only outgoing usb buffer (git-fixes). * hid: hid-asus: reset the backlight brightness level on resume (git-fixes). * hid: lenovo: Restrict detection of patched firmware only to USB cptkbd (git- fixes). * hid: multitouch: Add quirk for HONOR GLO-GXXX touchpad (git-fixes). * hwmon: (acpi_power_meter) Fix 4.29 MW bug (git-fixes). * hwmon: (nzxt-kraken2) Fix error handling path in kraken2_probe() (git- fixes). * i2c: aspeed: Handle the coalesced stop conditions with the start conditions (git-fixes). * i2c: core: Fix atomic xfer check for non-preempt config (git-fixes). * i2c: designware: Fix corrupted memory seen in the ISR (git-fixes). * i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value (jsc#PED-372). * i40e: Fix VF VLAN offloading when port VLAN is configured (jsc#PED-372). * i40e: Fix unexpected MFS warning message (jsc#PED-372). * i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (jsc#PED-372). * i40e: fix misleading debug logs (jsc#PED-372). * i40e: fix potential NULL pointer dereferencing of pf->vf i40e_sync_vsi_filters() (jsc#PED-372). * i40e: fix potential memory leaks in i40e_remove() (jsc#PED-372). * i40e: prevent crash on probe if hw registers have invalid values (jsc#PED-372). * ib/mlx5: Fix init stage error handling to avoid double free of same QP and UAF (git-fixes) * ib/mlx5: Fix rdma counter binding for RAW QP (git-fixes) * igb: Avoid starting unnecessary workqueues (jsc#PED-370). * igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-370). * igb: Fix potential memory leak in igb_add_ethtool_nfc_entry (jsc#PED-370). * igb: clean up in all error paths when enabling SR-IOV (jsc#PED-370). * igb: disable virtualization features on 82580 (jsc#PED-370). * igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-370). * igc: Change IGC_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-375). * igc: Expose tx-usecs coalesce setting to user (jsc#PED-375). * igc: Fix ambiguity in the ethtool advertising (jsc#PED-375). * igc: Fix infinite initialization loop with early XDP redirect (jsc#PED-375). * igc: Fix the typo in the PTM Control macro (jsc#PED-375). * iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() (git- fixes). * iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table (git-fixes). * iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw (git-fixes). * iio: triggered-buffer: prevent possible freeing of wrong buffer (git-fixes). * input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN (git-fixes). * input: ipaq-micro-keys - add error handling for devm_kmemdup (git-fixes). * input: soc_button_array - add mapping for airplane mode button (git-fixes). * input: xpad - add HyperX Clutch Gladiate Support (git-fixes). * interconnect: Treat xlate() returning NULL node as an error (git-fixes). * iomap: Fix iomap_dio_rw return value for user copies (git-fixes). * iommu: fix MAX_ORDER usage in __iommu_dma_alloc_pages() (jsc#PED-7167). * iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user() (git- fixes). * jfs: fix array-index-out-of-bounds in dbFindLeaf (git-fixes). * jfs: fix array-index-out-of-bounds in diAlloc (git-fixes). * jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount (git-fixes). * jfs: validate max amount of blocks before allocation (git-fixes). * kABI: Preserve the type of rethook::handler (git-fixes). * kABI: restore void return to typec_altmode_attention (git-fixes). * kabi/severities: ignore kABI for asus-wmi drivers Tolerate the kABI changes, as used only locally for asus-wmi stuff * kabi/severities: make snp_issue_guest_request PASS (jsc#PED-7167) * kabi: fix of_reserved_mem_* due to struct vm_struct became defined (jsc#PED-7167). * kabi: fix sev-dev due to fs_struct became defined (jsc#PED-7167). * kabi: fix struct efi after adding unaccepted memory table (jsc#PED-7167). * kabi: fix struct zone kabi after adding unaccepted_pages and NR_UNACCEPTED (jsc#PED-7167). * kbuild: Drop -Wdeclaration-after-statement (jsc#PED-7167). * kconfig: fix memory leak from range properties (git-fixes). * kernel-source: Remove config-options.changes (jsc#PED-5021) * kprobes: consistent rcu api usage for kretprobe holder (git-fixes). * kvm: arm64: Prevent kmemleak from accessing pKVM memory (jsc#PED-7167). * kvm: s390/mm: Properly reset no-dat (git-fixes bsc#1218056). * kvm: s390: vsie: fix wrong VIR 37 when MSO is used (git-fixes bsc#1217933). * lib/vsprintf: Fix %pfwf when current node refcount == 0 (git-fixes). * libceph: use kernel_connect() (bsc#1217981). * limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281). * locking: Introduce __cleanup() based infrastructure (jsc#PED-7167). * locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock (git-fixes). * md/bitmap: do not set max_write_behind if there is no write mostly device (git-fixes). * md/md-bitmap: hold 'reconfig_mutex' in backlog_store() (git-fixes). * md/md-bitmap: remove unnecessary local variable in backlog_store() (git- fixes). * md/raid0: add discard support for the 'original' layout (git-fixes). * md/raid10: do not call bio_start_io_acct twice for bio which experienced read error (git-fixes). * md/raid10: factor out code from wait_barrier() to stop_waiting_barrier() (git-fixes). * md/raid10: factor out dereference_rdev_and_rrdev() (git-fixes). * md/raid10: fix io loss while replacement replace rdev (git-fixes). * md/raid10: fix leak of 'r10bio->remaining' for recovery (git-fixes). * md/raid10: fix memleak for 'conf->bio_split' (git-fixes). * md/raid10: fix memleak of md thread (git-fixes). * md/raid10: fix null-ptr-deref in raid10_sync_request (git-fixes). * md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request (git- fixes). * md/raid10: fix overflow of md/safe_mode_delay (git-fixes). * md/raid10: fix task hung in raid10d (git-fixes). * md/raid10: fix the condition to call bio_end_io_acct() (git-fixes). * md/raid10: fix wrong setting of max_corr_read_errors (git-fixes). * md/raid10: prevent soft lockup while flush writes (git-fixes). * md/raid10: use dereference_rdev_and_rrdev() to get devices (git-fixes). * md/raid1: fix error: ISO C90 forbids mixed declarations (git-fixes). * md/raid1: free the r1bio before waiting for blocked rdev (git-fixes). * md/raid1: hold the barrier until handle_read_error() finishes (git-fixes). * md/raid5-cache: fix a deadlock in r5l_exit_log() (git-fixes). * md/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid() (git- fixes). * md/raid5: fix miscalculation of 'end_sector' in raid5_read_one_chunk() (git- fixes). * md: Put the right device in md_seq_next (bsc#1217822). * md: Set MD_BROKEN for RAID1 and RAID10 (git-fixes). * md: avoid signed overflow in slot_store() (git-fixes). * md: do not update recovery_cp when curr_resync is ACTIVE (git-fixes). * md: drop queue limitation for RAID1 and RAID10 (git-fixes). * md: raid0: account for split bio in iostat accounting (git-fixes). * md: raid10 add nowait support (git-fixes). * md: raid1: fix potential OOB in raid1_remove_disk() (git-fixes). * md: restore 'noio_flag' for the last mddev_resume() (git-fixes). * md: select BLOCK_LEGACY_AUTOLOAD (git-fixes). * memblock: exclude MEMBLOCK_NOMAP regions from kmemleak (jsc#PED-7167). * memblock: make memblock_find_in_range method private (jsc#PED-7167). * misc: mei: client.c: fix problem of return '-EOVERFLOW' in mei_cl_write (git-fixes). * misc: mei: client.c: return negative error code in mei_cl_write (git-fixes). * mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184) When MULTIBUILD option in config.sh is enabled generate a _multibuild file listing all spec files. * mm/page_alloc: make deferred page init free pages in MAX_ORDER blocks (jsc#PED-7167). * mm/pgtable: Fix multiple -Wstringop-overflow warnings (jsc#PED-7167). * mm/slab: Add __free() support for kvfree (jsc#PED-7167). * mm/slub: fix MAX_ORDER usage in calculate_order() (jsc#PED-7167). * mm: Add PAGE_ALIGN_DOWN macro (jsc#PED-7167). * mm: Add support for unaccepted memory (jsc#PED-7167). * mm: add pageblock_align() macro (jsc#PED-7167). * mm: add pageblock_aligned() macro (jsc#PED-7167). * mm: avoid passing 0 to __ffs() (jsc#PED-7167). * mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515). * mm: move kvmalloc-related functions to slab.h (jsc#PED-7167). * mm: new primitive kvmemdup() (jsc#PED-7167). * mm: reuse pageblock_start/end_pfn() macro (jsc#PED-7167). * mmc: meson-mx-sdhc: Fix initialization frozen issue (git-fixes). * mmc: rpmb: fixes pause retune on all RPMB partitions (git-fixes). * mmc: sdhci-sprd: Fix eMMC init failure after hw reset (git-fixes). * neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section (git-fixes). * net/rose: Fix Use-After-Free in rose_ioctl (git-fixes). * net/smc: Fix pos miscalculation in statistics (bsc#1218139). * net/tg3: fix race condition in tg3_reset_task() (bsc#1217801). * net: 9p: avoid freeing uninit memory in p9pdu_vreadf (git-fixes). * net: bnxt: fix a potential use-after-free in bnxt_init_tc (jsc#PED-1495). * net: ena: Destroy correct number of xdp queues upon failure (git-fixes). * net: ena: Fix XDP redirection error (git-fixes). * net: ena: Fix xdp drops handling due to multibuf packets (git-fixes). * net: ena: Flush XDP packets on error (git-fixes). * net: mana: select PAGE_POOL (git-fixes). * net: rfkill: gpio: set GPIO direction (git-fixes). * net: usb: ax88179_178a: avoid failed operations when device is disconnected (git-fixes). * net: usb: ax88179_178a: clean up pm calls (git-fixes). * net: usb: ax88179_178a: wol optimizations (git-fixes). * net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (git-fixes). * nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local (git-fixes). * nfs: Fix O_DIRECT locking issues (bsc#1211162). * nfs: Fix a few more clear_bit() instances that need release semantics (bsc#1211162). * nfs: Fix a potential data corruption (bsc#1211162). * nfs: Fix a use after free in nfs_direct_join_group() (bsc#1211162). * nfs: Fix error handling for O_DIRECT write scheduling (bsc#1211162). * nfs: More O_DIRECT accounting fixes for error paths (bsc#1211162). * nfs: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162). * nfs: Use the correct commit info in nfs_join_page_group() (bsc#1211162). * nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162). * nilfs2: fix missing error check for sb_set_blocksize call (git-fixes). * nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() (git-fixes). * nlm: Defend against file_lock changes after vfs_test_lock() (bsc#1217692). * null_blk: fix poll request timeout handling (git-fixes). * nvme-core: check for too small lba shift (bsc#1214117). * nvme-pci: Add sleep quirk for Kingston drives (git-fixes). * nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev (git-fixes). * nvme-pci: do not set the NUMA node of device if it has none (git-fixes). * nvme-pci: factor out a nvme_pci_alloc_dev helper (git-fixes). * nvme-rdma: do not try to stop unallocated queues (git-fixes). * nvme: sanitize metadata bounce buffer for reads (git-fixes). * nvmet-auth: complete a request only after freeing the dhchap pointers (git- fixes). * of: reserved_mem: Have kmemleak ignore dynamically allocated reserved mem (jsc#PED-7167). * orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() (git- fixes). * orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() (git-fixes). * orangefs: Fix sysfs not cleanup when dev init failed (git-fixes). * orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (git-fixes). * padata: Fix refcnt handling in padata_free_shell() (git-fixes). * parport: Add support for Brainboxes IX/UC/PX parallel cards (git-fixes). * pci: loongson: Limit MRRS to 256 (git-fixes). * perf/core: fix MAX_ORDER usage in rb_alloc_aux_page() (jsc#PED-7167). * pinctrl: at91-pio4: use dedicated lock class for IRQ (git-fixes). * platform/surface: aggregator: fix recv_buf() return value (git-fixes). * platform/x86: asus-wmi: Add support for ROG X13 tablet mode (git-fixes). * platform/x86: asus-wmi: Adjust tablet/lidflip handling to use enum (git- fixes). * platform/x86: asus-wmi: Fix kbd_dock_devid tablet-switch reporting (git- fixes). * platform/x86: asus-wmi: Move i8042 filter install to shared asus-wmi code (git-fixes). * platform/x86: asus-wmi: Simplify tablet-mode-switch handling (git-fixes). * platform/x86: asus-wmi: Simplify tablet-mode-switch probing (git-fixes). * platform/x86: wmi: Allow duplicate GUIDs for drivers that use struct wmi_driver (git-fixes). * platform/x86: wmi: Skip blocks with zero instances (git-fixes). * powerpc/pseries/vas: Migration suspend waits for no in-progress open windows (bsc#1218397 ltc#204523). * qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info (jsc#PED-1526). * qed: Fix a potential use-after-free in qed_cxt_tables_alloc (jsc#PED-1526). * qed: fix LL2 RX buffer allocation (jsc#PED-1526). * qede: fix firmware halt over suspend and resume (jsc#PED-1526). * qla2xxx: add debug log for deprecated hw detected (bsc#1216032). * r8152: Add RTL8152_INACCESSIBLE checks to more loops (git-fixes). * r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (git-fixes). * r8152: Add RTL8152_INACCESSIBLE to r8153_pre_firmware_1() (git-fixes). * r8152: Add RTL8152_INACCESSIBLE to r8156b_wait_loading_flash() (git-fixes). * r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE (git-fixes). * r8169: Fix PCI error on system resume (git-fixes). * rdma/bnxt_re: Correct module description string (jsc#PED-1495). * rdma/core: Use size_{add,sub,mul}() in calls to struct_size() (git-fixes) * rdma/hfi1: Use FIELD_GET() to extract Link Width (git-fixes) * rdma/hfi1: Workaround truncation compilation error (git-fixes) * rdma/hns: Add check for SL (git-fixes) * rdma/hns: Fix printing level of asynchronous events (git-fixes) * rdma/hns: Fix signed-unsigned mixed comparisons (git-fixes) * rdma/hns: Fix uninitialized ucmd in hns_roce_create_qp_common() (git-fixes) * rdma/hns: The UD mode can only be configured with DCQCN (git-fixes) * regmap: fix bogus error on regcache_sync success (git-fixes). * reiserfs: Check the return value from __getblk() (git-fixes). * reiserfs: Replace 1-element array with C99 style flex-array (git-fixes). * remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569). * reset: Fix crash when freeing non-existent optional resets (git-fixes). * restore renamed device IDs for USB HID devices (git-fixes). * rethook: Fix to use WRITE_ONCE() for rethook:: Handler (git-fixes). * rethook: Use __rcu pointer for rethook::handler (git-fixes). * ring-buffer: Do not try to put back write_stamp (git-fixes). * ring-buffer: Do not update before stamp when switching sub-buffers (git- fixes). * ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs (git-fixes). * ring-buffer: Fix memory leak of free page (git-fixes). * ring-buffer: Fix slowpath of interrupted event (git-fixes). * ring-buffer: Fix wake ups when buffer_percent is set to 100 (git-fixes). * ring-buffer: Fix writing to the buffer with max_data_size (git-fixes). * ring-buffer: Force absolute timestamp on discard of event (git-fixes). * ring-buffer: Have saved event hold the entire event (git-fixes). * ring-buffer: Remove useless update to write_stamp in rb_try_to_discard() (git-fixes). * s390/vx: fix save/restore of fpu kernel context (git-fixes bsc#1218357). * scsi: lpfc: use unsigned type for num_sge (bsc#1214747). * serial: 8250: 8250_omap: Clear UART_HAS_RHR_IT_DIS bit (git-fixes). * serial: 8250: 8250_omap: Do not start RX DMA on THRI interrupt (git-fixes). * serial: sc16is7xx: address RX timeout interrupt errata (git-fixes). * soundwire: stream: fix NULL pointer dereference for multi_link (git-fixes). * spi: atmel: Fix clock issue when using devices with different polarities (git-fixes). * statfs: enforce statfs[64] structure initialization (git-fixes). * supported.conf: add drivers/virt/coco/tsm (jsc#PED-7167) * swiotlb: always set the number of areas before allocating the pool (git- fixes). * swiotlb: do not panic! (git-fixes). * swiotlb: fix a braino in the alignment check fix (bsc#1216559). * swiotlb: fix debugfs reporting of reserved memory pools (git-fixes). * swiotlb: fix slot alignment checks (bsc#1216559). * swiotlb: fix the deadlock in swiotlb_do_find_slots (git-fixes). * swiotlb: mark swiotlb_memblock_alloc() as __init (git-fixes). * swiotlb: reduce the number of areas to match actual memory pool size (git- fixes). * swiotlb: reduce the swiotlb buffer size on allocation failure (git-fixes). * swiotlb: use the calculated number of areas (git-fixes). * tracing / synthetic: Disable events after testing in synth_event_gen_test_init() (git-fixes). * tracing/kprobes: Fix the description of variable length arguments (git- fixes). * tracing/kprobes: Fix the order of argument descriptions (git-fixes). * tracing/perf: Add interrupt_context_level() helper (git-fixes). * tracing/synthetic: fix kernel-doc warnings (git-fixes). * tracing: Always update snapshot buffer size (git-fixes). * tracing: Disable preemption when using the filter buffer (bsc#1217036). * tracing: Disable snapshot buffer when stopping instance tracers (git-fixes). * tracing: Fix a possible race when disabling buffered events (bsc#1217036). * tracing: Fix a warning when allocating buffered events fails (bsc#1217036). * tracing: Fix blocked reader of snapshot buffer (git-fixes). * tracing: Fix incomplete locking when disabling buffered events (bsc#1217036). * tracing: Fix warning in trace_buffered_event_disable() (git-fixes, bsc#1217036). * tracing: Have the user copy of synthetic event address use correct context (git-fixes). * tracing: Reuse logic from perf's get_recursion_context() (git-fixes). * tracing: Set actual size after ring buffer resize (git-fixes). * tracing: Stop current tracer when resizing buffer (git-fixes). * tracing: Update snapshot buffer on resize if it is allocated (git-fixes). * tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036). * tracing: relax trace_event_eval_update() execution with cond_resched() (git- fixes). * uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978). * ubifs: Fix memory leak of bud->log_hash (git-fixes). * ubifs: fix possible dereference after free (git-fixes). * usb-storage: Add quirk for incorrect WP on Kingston DT Ultimate 3.0 G3 (git- fixes). * usb: aqc111: check packet for fixup for true limit (git-fixes). * usb: config: fix iteration issue in 'usb_get_bos_descriptor()' (git-fixes). * usb: host: xhci-plat: fix possible kernel oops while resuming (git-fixes). * usb: hub: Guard against accesses to uninitialized BOS descriptors (git- fixes). * usb: serial: ftdi_sio: update Actisense PIDs constant names (git-fixes). * usb: serial: option: add Foxconn T99W265 with new baseline (git-fixes). * usb: serial: option: add Quectel EG912Y module support (git-fixes). * usb: serial: option: add Quectel RM500Q R13 firmware support (git-fixes). * usb: typec: bus: verify partner exists in typec_altmode_attention (git- fixes). * usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes). * usb: typec: ucsi: acpi: add quirk for ASUS Zenbook UM325 (git-fixes). * virt/coco/sev-guest: Double-buffer messages (jsc#PED-7167). * virt: coco: Add a coco/Makefile and coco/Kconfig (jsc#PED-7167). * virt: sevguest: Add TSM_REPORTS support for SNP_GET_EXT_REPORT (jsc#PED-7167). * virt: sevguest: Fix passing a stack buffer as a scatterlist target (jsc#PED-7167). * virt: sevguest: Prep for kernel internal get_ext_report() (jsc#PED-7167). * virt: tdx-guest: Add Quote generation support using TSM_REPORTS (jsc#PED-7167). * vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602). * wifi: cfg80211: Add my certificate (git-fixes). * wifi: cfg80211: fix certs build to not depend on file order (git-fixes). * wifi: iwlwifi: pcie: add another missing bh-disable for rxq->lock (git- fixes). * wifi: iwlwifi: pcie: do not synchronize IRQs from IRQ (git-fixes). * wifi: mac80211: mesh: check element parsing succeeded (git-fixes). * wifi: mac80211: mesh_plink: fix matches_local logic (git-fixes). * x86/CPU/AMD: Check vendor in the AMD microcode callback (git-fixes). * x86/alternatives: Disable KASAN in apply_alternatives() (git-fixes). * x86/alternatives: Disable interrupts and sync when optimizing NOPs in place (git-fixes). * x86/alternatives: Sync core before enabling interrupts (git-fixes). * x86/boot/compressed: Handle unaccepted memory (jsc#PED-7167). * x86/boot/compressed: Reserve more memory for page tables (git-fixes). * x86/boot: Add an efi.h header for the decompressor (jsc#PED-7167). * x86/boot: Centralize __pa()/__va() definitions (jsc#PED-7167). * x86/boot: Fix incorrect startup_gdt_descr.size (git-fixes). * x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (git-fixes). * x86/cpu: Do not write CSTAR MSR on Intel CPUs (jsc#PED-7167). * x86/cpu: Fix amd_check_microcode() declaration (git-fixes). * x86/efi: Safely enable unaccepted memory in UEFI (jsc#PED-7167). * x86/entry: Convert INT 0x80 emulation to IDTENTRY (bsc#1217927). * x86/entry: Do not allow external 0x80 interrupts (bsc#1217927). * x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf() (git-fixes). * x86/fpu: Invalidate FPU state correctly on exec() (git-fixes). * x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790). * x86/purgatory: Remove LTO flags (git-fixes). * x86/resctrl: Fix kernel-doc warnings (git-fixes). * x86/sev-es: Replace open-coded hlt-loop with sev_es_terminate() (jsc#PED-7167). * x86/sev-es: Use insn_decode_mmio() for MMIO implementation (jsc#PED-7167). * x86/sev: Add SNP-specific unaccepted memory support (jsc#PED-7167). * x86/sev: Allow for use of the early boot GHCB for PSC requests (jsc#PED-7167). * x86/sev: Change npages to unsigned long in snp_accept_memory() (jsc#PED-7167). * x86/sev: Change snp_guest_issue_request()'s fw_err argument (jsc#PED-7167). * x86/sev: Fix address space sparse warning (jsc#PED-7167). * x86/sev: Get rid of special sev_es_enable_key (jsc#PED-7167). * x86/sev: Mark snp_abort() noreturn (jsc#PED-7167). * x86/sev: Put PSC struct on the stack in prep for unaccepted memory support (jsc#PED-7167). * x86/sev: Use large PSC requests if applicable (jsc#PED-7167). * x86/smp: Use dedicated cache-line for mwait_play_dead() (git-fixes). * x86/srso: Add SRSO mitigation for Hygon processors (git-fixes). * x86/srso: Fix SBPB enablement for (possible) future fixed HW (git-fixes). * x86/srso: Fix vulnerability reporting for missing microcode (git-fixes). * x86/tdx: Add unaccepted memory support (jsc#PED-7167). * x86/tdx: Disable NOTIFY_ENABLES (jsc#PED-7167). * x86/tdx: Make _tdx_hypercall() and __tdx_module_call() available in boot stub (jsc#PED-7167). * x86/tdx: Refactor try_accept_one() (jsc#PED-7167). * x86/tdx: Relax SEPT_VE_DISABLE check for debug TD (jsc#PED-7167). * x86/tdx: Use ReportFatalError to report missing SEPT_VE_DISABLE (jsc#PED-7167). * x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217). * x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217). * x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217). * x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry (git- fixes). * xfs: Rename __xfs_attr_rmtval_remove (git-fixes). * xfs: Use kvcalloc() instead of kvzalloc() (git-fixes). * xfs: aborting inodes on shutdown may need buffer lock (git-fixes). * xfs: add selinux labels to whiteout inodes (git-fixes). * xfs: clean up "%Ld/%Lu" which does not meet C standard (git-fixes). * xfs: convert flex-array declarations in struct xfs_attrlist* (git-fixes). * xfs: convert flex-array declarations in xfs attr leaf blocks (git-fixes). * xfs: convert flex-array declarations in xfs attr shortform objects (git- fixes). * xfs: decode scrub flags in ftrace output (git-fixes). * xfs: dump log intent items that cannot be recovered due to corruption (git- fixes). * xfs: fix a bug in the online fsck directory leaf1 bestcount check (git- fixes). * xfs: fix agf_fllast when repairing an empty AGFL (git-fixes). * xfs: fix incorrect unit conversion in scrub tracepoint (git-fixes). * xfs: fix silly whitespace problems with kernel libxfs (git-fixes). * xfs: fix uninit warning in xfs_growfs_data (git-fixes). * xfs: fix units conversion error in xfs_bmap_del_extent_delay (git-fixes). * xfs: make sure maxlen is still congruent with prod when rounding down (git- fixes). * xfs: remove kmem_alloc_io() (git-fixes). * xfs: remove the xfs_dinode_t typedef (git-fixes). * xfs: remove the xfs_dqblk_t typedef (git-fixes). * xfs: remove the xfs_dsb_t typedef (git-fixes). * xfs: rename xfs_has_attr() (git-fixes). * xfs: replace snprintf in show functions with sysfs_emit (git-fixes). * xfs: return EINTR when a fatal signal terminates scrub (git-fixes). * xfs: sb verifier does not handle uncached sb buffer (git-fixes). * xfs: simplify two-level sysctl registration for xfs_table (git-fixes). * xfs: sysfs: use default_groups in kobj_type (git-fixes). * xfs: use swap() to make dabtree code cleaner (git-fixes). * xhci: Clear EHB bit only at end of interrupt handler (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-141=1 openSUSE-SLE-15.5-2024-141=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2024-141=1 ## Package List: * openSUSE Leap 15.5 (aarch64 x86_64) * reiserfs-kmp-azure-5.14.21-150500.33.29.1 * kernel-azure-optional-5.14.21-150500.33.29.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150500.33.29.1 * kernel-azure-debuginfo-5.14.21-150500.33.29.1 * kernel-azure-livepatch-devel-5.14.21-150500.33.29.1 * kernel-azure-debugsource-5.14.21-150500.33.29.1 * kselftests-kmp-azure-debuginfo-5.14.21-150500.33.29.1 * kernel-azure-extra-debuginfo-5.14.21-150500.33.29.1 * dlm-kmp-azure-debuginfo-5.14.21-150500.33.29.1 * kselftests-kmp-azure-5.14.21-150500.33.29.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150500.33.29.1 * gfs2-kmp-azure-5.14.21-150500.33.29.1 * kernel-azure-devel-5.14.21-150500.33.29.1 * kernel-syms-azure-5.14.21-150500.33.29.1 * dlm-kmp-azure-5.14.21-150500.33.29.1 * gfs2-kmp-azure-debuginfo-5.14.21-150500.33.29.1 * kernel-azure-devel-debuginfo-5.14.21-150500.33.29.1 * ocfs2-kmp-azure-5.14.21-150500.33.29.1 * cluster-md-kmp-azure-5.14.21-150500.33.29.1 * kernel-azure-extra-5.14.21-150500.33.29.1 * kernel-azure-optional-debuginfo-5.14.21-150500.33.29.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150500.33.29.1 * openSUSE Leap 15.5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.29.1 * openSUSE Leap 15.5 (x86_64) * kernel-azure-vdso-5.14.21-150500.33.29.1 * kernel-azure-vdso-debuginfo-5.14.21-150500.33.29.1 * openSUSE Leap 15.5 (noarch) * kernel-source-azure-5.14.21-150500.33.29.1 * kernel-devel-azure-5.14.21-150500.33.29.1 * Public Cloud Module 15-SP5 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150500.33.29.1 * Public Cloud Module 15-SP5 (aarch64 x86_64) * kernel-azure-devel-debuginfo-5.14.21-150500.33.29.1 * kernel-azure-devel-5.14.21-150500.33.29.1 * kernel-syms-azure-5.14.21-150500.33.29.1 * kernel-azure-debuginfo-5.14.21-150500.33.29.1 * kernel-azure-debugsource-5.14.21-150500.33.29.1 * Public Cloud Module 15-SP5 (noarch) * kernel-source-azure-5.14.21-150500.33.29.1 * kernel-devel-azure-5.14.21-150500.33.29.1 ## References: * https://www.suse.com/security/cve/CVE-2020-26555.html * https://www.suse.com/security/cve/CVE-2023-51779.html * https://www.suse.com/security/cve/CVE-2023-6121.html * https://www.suse.com/security/cve/CVE-2023-6531.html * https://www.suse.com/security/cve/CVE-2023-6546.html * https://www.suse.com/security/cve/CVE-2023-6606.html * https://www.suse.com/security/cve/CVE-2023-6610.html * https://www.suse.com/security/cve/CVE-2023-6622.html * https://www.suse.com/security/cve/CVE-2023-6931.html * https://www.suse.com/security/cve/CVE-2023-6932.html * https://bugzilla.suse.com/show_bug.cgi?id=1108281 * https://bugzilla.suse.com/show_bug.cgi?id=1179610 * https://bugzilla.suse.com/show_bug.cgi?id=1183045 * https://bugzilla.suse.com/show_bug.cgi?id=1211162 * https://bugzilla.suse.com/show_bug.cgi?id=1211226 * https://bugzilla.suse.com/show_bug.cgi?id=1212139 * https://bugzilla.suse.com/show_bug.cgi?id=1212584 * https://bugzilla.suse.com/show_bug.cgi?id=1214117 * https://bugzilla.suse.com/show_bug.cgi?id=1214747 * https://bugzilla.suse.com/show_bug.cgi?id=1214823 * https://bugzilla.suse.com/show_bug.cgi?id=1215237 * https://bugzilla.suse.com/show_bug.cgi?id=1215696 * https://bugzilla.suse.com/show_bug.cgi?id=1215885 * https://bugzilla.suse.com/show_bug.cgi?id=1215952 * https://bugzilla.suse.com/show_bug.cgi?id=1216032 * https://bugzilla.suse.com/show_bug.cgi?id=1216057 * https://bugzilla.suse.com/show_bug.cgi?id=1216559 * https://bugzilla.suse.com/show_bug.cgi?id=1216776 * https://bugzilla.suse.com/show_bug.cgi?id=1217036 * https://bugzilla.suse.com/show_bug.cgi?id=1217217 * https://bugzilla.suse.com/show_bug.cgi?id=1217250 * https://bugzilla.suse.com/show_bug.cgi?id=1217602 * https://bugzilla.suse.com/show_bug.cgi?id=1217692 * https://bugzilla.suse.com/show_bug.cgi?id=1217790 * https://bugzilla.suse.com/show_bug.cgi?id=1217801 * https://bugzilla.suse.com/show_bug.cgi?id=1217822 * https://bugzilla.suse.com/show_bug.cgi?id=1217927 * https://bugzilla.suse.com/show_bug.cgi?id=1217933 * https://bugzilla.suse.com/show_bug.cgi?id=1217938 * https://bugzilla.suse.com/show_bug.cgi?id=1217946 * https://bugzilla.suse.com/show_bug.cgi?id=1217947 * https://bugzilla.suse.com/show_bug.cgi?id=1217980 * https://bugzilla.suse.com/show_bug.cgi?id=1217981 * https://bugzilla.suse.com/show_bug.cgi?id=1217982 * https://bugzilla.suse.com/show_bug.cgi?id=1218056 * https://bugzilla.suse.com/show_bug.cgi?id=1218092 * https://bugzilla.suse.com/show_bug.cgi?id=1218139 * https://bugzilla.suse.com/show_bug.cgi?id=1218184 * https://bugzilla.suse.com/show_bug.cgi?id=1218229 * https://bugzilla.suse.com/show_bug.cgi?id=1218234 * https://bugzilla.suse.com/show_bug.cgi?id=1218253 * https://bugzilla.suse.com/show_bug.cgi?id=1218258 * https://bugzilla.suse.com/show_bug.cgi?id=1218335 * https://bugzilla.suse.com/show_bug.cgi?id=1218357 * https://bugzilla.suse.com/show_bug.cgi?id=1218397 * https://bugzilla.suse.com/show_bug.cgi?id=1218447 * https://bugzilla.suse.com/show_bug.cgi?id=1218461 * https://bugzilla.suse.com/show_bug.cgi?id=1218515 * https://bugzilla.suse.com/show_bug.cgi?id=1218559 * https://bugzilla.suse.com/show_bug.cgi?id=1218569 * https://bugzilla.suse.com/show_bug.cgi?id=1218643 * https://jira.suse.com/browse/PED-3459 * https://jira.suse.com/browse/PED-5021 * https://jira.suse.com/browse/PED-7167

1 0

SUSE-RU-2024:0142-1: moderate: Recommended update for go1.20
by OPENSUSE-UPDATES 18 Jan '24

18 Jan '24

# Recommended update for go1.20 Announcement ID: SUSE-RU-2024:0142-1 Rating: moderate References: * bsc#1206346 Affected Products: * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for go1.20 fixes the following issues: * Update to version go1.20.13 (bsc#1206346) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-142=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-142=1 * SUSE Linux Enterprise Real Time 15 SP4 zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2024-142=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.20-debuginfo-1.20.13-150000.1.38.1 * go1.20-doc-1.20.13-150000.1.38.1 * go1.20-race-1.20.13-150000.1.38.1 * go1.20-1.20.13-150000.1.38.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.20-debuginfo-1.20.13-150000.1.38.1 * go1.20-doc-1.20.13-150000.1.38.1 * go1.20-race-1.20.13-150000.1.38.1 * go1.20-1.20.13-150000.1.38.1 * SUSE Linux Enterprise Real Time 15 SP4 (x86_64) * go1.20-doc-1.20.13-150000.1.38.1 * go1.20-race-1.20.13-150000.1.38.1 * go1.20-1.20.13-150000.1.38.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346

1 0

SUSE-RU-2024:0143-1: moderate: Recommended update for nvidia-open-driver-G06-signed
by OPENSUSE-UPDATES 18 Jan '24

18 Jan '24

# Recommended update for nvidia-open-driver-G06-signed Announcement ID: SUSE-RU-2024:0143-1 Rating: moderate References: * bsc#1215981 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for nvidia-open-driver-G06-signed fixes the following issues: * Update to 545.29.06 * no longer try to overwrite NVreg_OpenRmEnableUnsupportedGpus driver NVreg_OpenRmEnableUnsupportedGpus driver option setting (disable it), ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-143=1 openSUSE-SLE-15.5-2024-143=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-143=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-143=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2024-143=1 ## Package List: * openSUSE Leap 15.5 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-545.29.06-150500.11.15.1 * openSUSE Leap 15.5 (x86_64) * nvidia-open-driver-G06-signed-kmp-azure-545.29.06_k5.14.21_150500.33.26-150500.3.21.5 * nvidia-open-driver-G06-signed-azure-devel-545.29.06-150500.3.21.5 * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-545.29.06_k5.14.21_150500.33.26-150500.3.21.5 * openSUSE Leap 15.5 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-debuginfo-545.29.06_k5.14.21_150500.55.39-150500.3.21.5 * nvidia-open-driver-G06-signed-default-devel-545.29.06-150500.3.21.5 * nvidia-open-driver-G06-signed-debugsource-545.29.06-150500.3.21.5 * nvidia-open-driver-G06-signed-kmp-default-545.29.06_k5.14.21_150500.55.39-150500.3.21.5 * openSUSE Leap 15.5 (aarch64) * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-545.29.06_k5.14.21_150500.55.39-150500.3.21.5 * nvidia-open-driver-G06-signed-kmp-64kb-545.29.06_k5.14.21_150500.55.39-150500.3.21.5 * nvidia-open-driver-G06-signed-64kb-devel-545.29.06-150500.3.21.5 * SUSE Linux Enterprise Micro 5.5 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-545.29.06-150500.11.15.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-debuginfo-545.29.06_k5.14.21_150500.55.39-150500.3.21.5 * nvidia-open-driver-G06-signed-kmp-default-545.29.06_k5.14.21_150500.55.39-150500.3.21.5 * Basesystem Module 15-SP5 (aarch64 nosrc x86_64) * kernel-firmware-nvidia-gspx-G06-545.29.06-150500.11.15.1 * Basesystem Module 15-SP5 (aarch64) * nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-545.29.06_k5.14.21_150500.55.39-150500.3.21.5 * nvidia-open-driver-G06-signed-kmp-64kb-545.29.06_k5.14.21_150500.55.39-150500.3.21.5 * nvidia-open-driver-G06-signed-64kb-devel-545.29.06-150500.3.21.5 * Basesystem Module 15-SP5 (aarch64 x86_64) * nvidia-open-driver-G06-signed-kmp-default-debuginfo-545.29.06_k5.14.21_150500.55.39-150500.3.21.5 * nvidia-open-driver-G06-signed-default-devel-545.29.06-150500.3.21.5 * nvidia-open-driver-G06-signed-debugsource-545.29.06-150500.3.21.5 * nvidia-open-driver-G06-signed-kmp-default-545.29.06_k5.14.21_150500.55.39-150500.3.21.5 * Public Cloud Module 15-SP5 (x86_64) * nvidia-open-driver-G06-signed-kmp-azure-545.29.06_k5.14.21_150500.33.26-150500.3.21.5 * nvidia-open-driver-G06-signed-azure-devel-545.29.06-150500.3.21.5 * nvidia-open-driver-G06-signed-kmp-azure-debuginfo-545.29.06_k5.14.21_150500.33.26-150500.3.21.5 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215981

1 0

openSUSE-RU-2024:0022-1: moderate: Recommended update for python-podman
by maintenance＠opensuse.org 17 Jan '24

17 Jan '24

openSUSE Recommended Update: Recommended update for python-podman ______________________________________________________________________________ Announcement ID: openSUSE-RU-2024:0022-1 Rating: moderate References: #1208627 Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-podman fixes the following issues: - update to 4.8.1: * [release-4.8] Make progress_bar an extra feature by @openshift-cherrypick-robot in https://github.com/containers/podman-py/pull/362 * Bump version to 4.8.2 by @umohnani8 in https://github.com/containers/podman-py/pull/363 - update to 4.8.1: * [release-4.8] Add rich dep to setup.cfg by @openshift-cherrypick-robot in #354 * [release-4.8] Fix lint issues by @openshift-cherrypick-robot in #359 * Bump version to podman 4.8.1 by @umohnani8 in #357 - update to 4.8.0: * Update version to 4.8.0-dev by @umohnani8 in #329 * Fix up docs and format issues by @umohnani8 in #338 * Fix readthedocs yaml by @umohnani8 in #339 * Add progress_bar option to image pull by @umohnani8 in #340 * Update dependency containers/automation_images to v20231004 by @renovate in #335 * Update pull progress bar colour by @umohnani8 in #341 * Fix readthedocs build issues by @umohnani8 in #342 * Update dependency containers/automation_images to v20231116 by @renovate in #344 * Bump version v4.8.0 by @umohnani8 in #345 - update to 4.6.0: * Bump version to v4.6.0 by @umohnani8 in #303 * Packit: mention downstream_package_name: python-podman in config by @lsm5 in #306 * Bump version on main to 4.7.0-dev by @umohnani8 in #304 * Add read_write_tmpfs by @msisj in #302 * Update dependency containers/automation_images to v20230807 by @renovate in #308 * remove direct logging to sys.stderr by @chnrxn in #311 * packit: Build PRs into default packit COPRs by @martinpitt in #310 * Update dependency ubuntu to v22 by @renovate in #313 * Update dependency containers/automation_images to v20230809 by @renovate in #314 * [skip-ci] Update tim-actions/commit-message-checker-with-regex action to v0.3.2 by @renovate in #317 * Fix assertation error in manifest.py by @umohnani8 in #320 * Update dependency containers/automation_images to v20230816 by @renovate in #316 * Fixes the secrets parameter, adds the secret_env parameter by @andryyy in #319 * Fix image SCP when not providing quiet by @hpvb in #321 * Change default value for tty in exec_run by @maxi0604 in #324 - update to 4.6.0: * Bump version to 4.5.0 by @umohnani8 in #263 * chore(deps): update dependency containers/automation_images to v20230426 by @renovate in #259 * chore(deps): update dependency urllib3 to v2 by @renovate in #265 * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.0 by @renovate in #268 * chore(deps): update dependency containers/automation_images to v20230517 by @renovate in #270 * Streaming support for PodsManager.stats API by @RazCrimson in #266 * Minor text fixes in contributing.md by @umohnani8 in #278 * Swap renovate dep. update. PR assignments by @cevich in #279 * chore(deps): update dependency containers/automation_images to v20230601 by @renovate in #280 * Update Makefile to emulate readthedocs automation by @umohnani8 in #282 * [CI:BUILD] Packit: initial enablement by @lsm5 in #242 * chore(deps): update dependency containers/automation_images to v20230614 by @renovate in #286 * Packit: remove .packit.sh by @lsm5 in #288 * Fix catching errors in the response body of containers/prune by @francisbergin in #290 * Fix pod prune error explanation string by @francisbergin in #291 * Refactor Makefile to support tox / MacOS Ventura by @jwhonce in #285 * Switch HTTPConnection from http.client to urllib3.connection by @dcermak in #283 * Keep main branch version ahead of release branches by @lsm5 in #289 * [CI:BUILD] RPM: Cleanup by @lsm5 in #296 * Includes the possibility to use the 'listTags' parameter in image search endpoint by @apozsuse in #295 * Update dependency fixtures to ~=4.1.0 by @renovate in #297 * Update fixtures to not be tied to a version by @umohnani8 in #300 * Fix passing filters to networks prune by @francisbergin in #298 - update to 4.5.1: * [v4.5-rhel] cherry-pick urlib3 fixes by @umohnani8 in https://github.com/containers/podman-py/pull/274 - update to 4.5.0: * Change docstring to point to podman docs * [skip-ci] Update tim-actions/get-pr-commits action to v1.2.0 * Add renovate.json * Fix new lint problems * Improve exception when missing env var * chg: Container.top to use stream_helper * chg: Container.stats to use stream_helper * add: stream_helper in api/parse_utils.py * Cirrus: Update CI VM images * Bump fixtures requirement * Specify version verbatim in setup.cfg * [spec] Switch license to SPDX * podman.spec: run unit tests * Fix version spec in setup.cfg * Correct pyproject.toml [build-system] requires * Fallback to pytoml on RHEL 8 and toml on 9 * Use modern tomllib/tomli modules for reading TOML files * Revert "Use modern tomllib/tomli modules for reading TOML files" * chore: Container.stats - type hints * fix: Container.stats - invalid response for non-stream mode * fix: Container.stats - missing stream param to requests * Lint fix * Merge branch 'containers:main' into feat/container-create-secret * Correctly add secrets to container on creation - New upstream release 4.4.1: This release contains necessary backports to revert the new tomli package that was introduced but is not supported by RHEL currently. - New upstream release 4.4.0: Bump version to 4.3.0 by @umohnani8 in #216 update urllib to 1.26.5 for a CVE found in previous versions by @cdoern in #210 Correct path for rtd conf.py by @baude in #219 Clean up pylint configuration by @jwhonce in #222 Use modern tomllib/tomli modules for reading TOML files by @mgorny in #214 Added port binding range by @msisj in #224 Update cirrus image by @rhatdan in #225 Cirrus: Update CI VM images to F37 by @cevich in #228 Fix the ability to run containers by @jonathanunderwood in #226 Update files to adhere to new lint requirements by @umohnani8 in #236 - Update to 4.3.0 * Add pass-through layers, output and outputformat to building images * Support passing of interval and condition in podman wait calls * Implement podman image scp * Update supported python versions * Add support of passing empty strings in second * Add support for on failure actions in healthchecks * Bug fixes - update to 4.2.0 * Added support for devices in container creation * Implemented the login endpoint * Added relabel option for mounts and other mount option support * Implemented exec_run * Bug Fixes - update to 4.0.0 * Remove support for old (ApiConnection) API * Update CI to use copr and release podman packages for testing * Port code to support Podman 4.0.0 API changes * Added support for Python 3.10 * lint scrub and correction of code * Bug fixes * Move to tox for development support * Move to pytest from nose for test execution * Support testing python 3.6,3.8-3.10 * Allow passing string values to memory limits - update to 3.2.1: * Update packaging * Update CI to support testing against released and main podman branches * Cleanup CI configuration * Bug fixes * Bug fixes and updates to make API more complete * Update dependency checking * PodmanClient() now supports service addresses using ssh:// and tcp:// schemes. The keyword connection has been added, using its value as a key into the connections that have been defined in XDG_CONFIG_DIR/containers/containers.cfg. The podman system connection is used to curate connections. * docstrings were cleaned up to aid in future sphinx generated documentation. * ssh:// service addresses are supported by the use of an external ssh client. * tcp:// connections are not secure. * PodmanClient() introduces docker-py functionality, while additionally allowing access to Podman unique functionality such as Pods. * Note: APIConnection() and it's support classes will be deprecated. Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-22=1 Package List: - openSUSE Backports SLE-15-SP5 (noarch): python3-podman-4.8.2-bp155.3.3.1 References: https://bugzilla.suse.com/1208627

1 0

SUSE-SU-2024:0111-1: important: Security update for xorg-x11-server
by OPENSUSE-UPDATES 17 Jan '24

17 Jan '24

# Security update for xorg-x11-server Announcement ID: SUSE-SU-2024:0111-1 Rating: important References: * bsc#1218176 * bsc#1218240 * bsc#1218582 * bsc#1218583 * bsc#1218584 * bsc#1218585 Cross-References: * CVE-2023-6816 * CVE-2024-0229 * CVE-2024-21885 * CVE-2024-21886 CVSS scores: * CVE-2023-6816 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-0229 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-21885 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-21886 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves four vulnerabilities and has two security fixes can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: Security fixes: * CVE-2023-6816: Fixed heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (bsc#1218582) * CVE-2024-0229: Fixed reattaching to different master device may lead to out- of-bounds memory access (bsc#1218583) * CVE-2024-21885: Fixed heap buffer overflow in XISendDeviceHierarchyEvent (bsc#1218584) * CVE-2024-21886: Fixed heap buffer overflow in DisableDevice (bsc#1218585) Other: * Fix vmware graphics driver crash (bsc#1218176) * Fix xserver crash when Xinerama is enabled (bsc#1218240) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-111=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-111=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-111=1 * SUSE Linux Enterprise Real Time 15 SP4 zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2024-111=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-111=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-111=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-111=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-111=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-111=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-111=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * xorg-x11-server-source-1.20.3-150400.38.40.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.40.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.40.1 * xorg-x11-server-sdk-1.20.3-150400.38.40.1 * xorg-x11-server-1.20.3-150400.38.40.1 * xorg-x11-server-debugsource-1.20.3-150400.38.40.1 * xorg-x11-server-extra-1.20.3-150400.38.40.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.40.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.40.1 * xorg-x11-server-sdk-1.20.3-150400.38.40.1 * xorg-x11-server-1.20.3-150400.38.40.1 * xorg-x11-server-debugsource-1.20.3-150400.38.40.1 * xorg-x11-server-extra-1.20.3-150400.38.40.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.40.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.40.1 * xorg-x11-server-sdk-1.20.3-150400.38.40.1 * xorg-x11-server-1.20.3-150400.38.40.1 * xorg-x11-server-debugsource-1.20.3-150400.38.40.1 * xorg-x11-server-extra-1.20.3-150400.38.40.1 * SUSE Linux Enterprise Real Time 15 SP4 (x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.40.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.40.1 * xorg-x11-server-sdk-1.20.3-150400.38.40.1 * xorg-x11-server-1.20.3-150400.38.40.1 * xorg-x11-server-debugsource-1.20.3-150400.38.40.1 * xorg-x11-server-extra-1.20.3-150400.38.40.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.40.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.40.1 * xorg-x11-server-sdk-1.20.3-150400.38.40.1 * xorg-x11-server-1.20.3-150400.38.40.1 * xorg-x11-server-debugsource-1.20.3-150400.38.40.1 * xorg-x11-server-extra-1.20.3-150400.38.40.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.40.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.40.1 * xorg-x11-server-sdk-1.20.3-150400.38.40.1 * xorg-x11-server-1.20.3-150400.38.40.1 * xorg-x11-server-debugsource-1.20.3-150400.38.40.1 * xorg-x11-server-extra-1.20.3-150400.38.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.40.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.40.1 * xorg-x11-server-sdk-1.20.3-150400.38.40.1 * xorg-x11-server-1.20.3-150400.38.40.1 * xorg-x11-server-debugsource-1.20.3-150400.38.40.1 * xorg-x11-server-extra-1.20.3-150400.38.40.1 * SUSE Manager Proxy 4.3 (x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.40.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.40.1 * xorg-x11-server-1.20.3-150400.38.40.1 * xorg-x11-server-debugsource-1.20.3-150400.38.40.1 * xorg-x11-server-extra-1.20.3-150400.38.40.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.40.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.40.1 * xorg-x11-server-1.20.3-150400.38.40.1 * xorg-x11-server-debugsource-1.20.3-150400.38.40.1 * xorg-x11-server-extra-1.20.3-150400.38.40.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.40.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.40.1 * xorg-x11-server-1.20.3-150400.38.40.1 * xorg-x11-server-debugsource-1.20.3-150400.38.40.1 * xorg-x11-server-extra-1.20.3-150400.38.40.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6816.html * https://www.suse.com/security/cve/CVE-2024-0229.html * https://www.suse.com/security/cve/CVE-2024-21885.html * https://www.suse.com/security/cve/CVE-2024-21886.html * https://bugzilla.suse.com/show_bug.cgi?id=1218176 * https://bugzilla.suse.com/show_bug.cgi?id=1218240 * https://bugzilla.suse.com/show_bug.cgi?id=1218582 * https://bugzilla.suse.com/show_bug.cgi?id=1218583 * https://bugzilla.suse.com/show_bug.cgi?id=1218584 * https://bugzilla.suse.com/show_bug.cgi?id=1218585

1 0

SUSE-SU-2024:0114-1: important: Security update for xwayland
by OPENSUSE-UPDATES 17 Jan '24

17 Jan '24

# Security update for xwayland Announcement ID: SUSE-SU-2024:0114-1 Rating: important References: * bsc#1218582 * bsc#1218583 * bsc#1218584 * bsc#1218585 Cross-References: * CVE-2023-6816 * CVE-2024-0229 * CVE-2024-21885 * CVE-2024-21886 CVSS scores: * CVE-2023-6816 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-0229 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-21885 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-21886 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for xwayland fixes the following issues: * CVE-2023-6816: Fixed heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (bsc#1218582) * CVE-2024-0229: Fixed reattaching to different master device may lead to out- of-bounds memory access (bsc#1218583) * CVE-2024-21885: Fixed heap buffer overflow in XISendDeviceHierarchyEvent (bsc#1218584) * CVE-2024-21886: Fixed heap buffer overflow in DisableDevice (bsc#1218585) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-114=1 openSUSE-SLE-15.5-2024-114=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-114=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * xwayland-22.1.5-150500.7.14.1 * xwayland-debugsource-22.1.5-150500.7.14.1 * xwayland-devel-22.1.5-150500.7.14.1 * xwayland-debuginfo-22.1.5-150500.7.14.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * xwayland-22.1.5-150500.7.14.1 * xwayland-debugsource-22.1.5-150500.7.14.1 * xwayland-debuginfo-22.1.5-150500.7.14.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6816.html * https://www.suse.com/security/cve/CVE-2024-0229.html * https://www.suse.com/security/cve/CVE-2024-21885.html * https://www.suse.com/security/cve/CVE-2024-21886.html * https://bugzilla.suse.com/show_bug.cgi?id=1218582 * https://bugzilla.suse.com/show_bug.cgi?id=1218583 * https://bugzilla.suse.com/show_bug.cgi?id=1218584 * https://bugzilla.suse.com/show_bug.cgi?id=1218585

1 0

SUSE-RU-2024:0124-1: moderate: Recommended update for suseconnect-ng
by OPENSUSE-UPDATES 17 Jan '24

17 Jan '24

# Recommended update for suseconnect-ng Announcement ID: SUSE-RU-2024:0124-1 Rating: moderate References: * bsc#1218364 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for suseconnect-ng fixes the following issues: * Update to version 1.5.0 * Configure docker credentials for registry authentication * Feature: Support usage from Agama + Cockpit for ALP Micro system registration (bsc#1218364) * Add --json output option ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-124=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-124=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-124=1 ## Package List: * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * suseconnect-ng-debuginfo-1.5.0~git0.d27a8e2-150500.3.9.1 * suseconnect-ruby-bindings-1.5.0~git0.d27a8e2-150500.3.9.1 * libsuseconnect-debuginfo-1.5.0~git0.d27a8e2-150500.3.9.1 * suseconnect-ng-1.5.0~git0.d27a8e2-150500.3.9.1 * libsuseconnect-1.5.0~git0.d27a8e2-150500.3.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * suseconnect-ng-debuginfo-1.5.0~git0.d27a8e2-150500.3.9.1 * suseconnect-ruby-bindings-1.5.0~git0.d27a8e2-150500.3.9.1 * libsuseconnect-debuginfo-1.5.0~git0.d27a8e2-150500.3.9.1 * suseconnect-ng-1.5.0~git0.d27a8e2-150500.3.9.1 * libsuseconnect-1.5.0~git0.d27a8e2-150500.3.9.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * suseconnect-ng-1.5.0~git0.d27a8e2-150500.3.9.1 * suseconnect-ng-debuginfo-1.5.0~git0.d27a8e2-150500.3.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1218364

1 0

SUSE-RU-2024:0127-1: moderate: Recommended update for google-cloud-sap-agent
by OPENSUSE-UPDATES 17 Jan '24

17 Jan '24

# Recommended update for google-cloud-sap-agent Announcement ID: SUSE-RU-2024:0127-1 Rating: moderate References: * bsc#1215672 * bsc#1215673 * bsc#1217373 * bsc#1217374 Affected Products: * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has four fixes can now be installed. ## Description: This update for google-cloud-sap-agent contains the following fixes: * Update to version 2.8 (bsc#1217373, bsc#1217374) * Bump agent version to 2.8 to support C3/M3 certification * Update go.yml to use go 1.21 * Switch from "slices" to "go_exp.../slices" for go version dependency * Use newly refactored discovery packages. * Fixes issue with diskname from source or device name * Adds extreme disk type IOps and Throughput for host metrics * Add `INTEGRATION` target config environment for collection definition testing * Add project number to SAP System proto * Add a cache to discovered resources. This reduces the number of API calls needed to perform System Discovery * Replace windows wmic hardware queries with PowerShell wmi queries * Fix test flakiness * Improve development process for collection definition configuration * HANA PD based snapshot and restore - changes to add wait for uploading * Fix for kokoro build issue in processmetrics/networkstats * GCBDR SAPCoreAPP Package in Agent for SAP * Add version tracking for WLM validation config * Send workload validation config to remote instances for use during remote collection * Add flag for passing in workload validation config into remote collection OTE * Bump google.golang.org/grpc from 1.58.2 to 1.58.3 * from version 2.7 * Added ote for hma dashboards migration * Increase Max backoff in storage package to 300 seconds * Added subpaths for collection of required TCP metrics * Add more debug logs and increase the wait-time for PD operations in restore * No public description * Add 30 second timeout to read/write from the local file system for Backint * No public description * Adds RHEL 9 VM Manager policy * Extract cloud-related discovery functions into separate file * Adding timeout to systemReplication.py command execution * Allow download attempts without verifying connection to bucket * Invoke `collectiondefinition.Start` when starting the agent in daemon mode * SAP Agent CLI - usability improvements for flags and help menu * Add host project information to HANA DB component discovery data. * Use proto names for default configuration during Backint installation * Extending logging capabilities to all packages of the agent * Added a feature for exposing TCP connection metrics * Migrating context logging logic to all packages of SAP Agent * Add an ifthisthenthatlint to ensure new script is kept in sync with rule proto * (collectiondefition) - Discard unknown fields and remove breaking metrics * Moving commandlineexecutor from internal to shared for sqlserveragent * Define startup function for collectiondefinition package * Check error on close of destFile in backint restore * Allow trailing zeros for millisecond timestamps in Backint * Add pid to all agent logs * Bump SAP Agent version to 2.7 (placeholder release version) * Separate collection definition validation functionality into a separate file * Add datetime to migration folder for Backint installation * Add symlink for Backint log file to install directory * Set a deadline for the final flush to cloud logging * Increase chunk retry deadline in storage package * Fix order dependent tests in sapagent/internal/storage * Change support bundle feature to collect the OTE logs from new path * Usage logging for remote WLM validation metrics collection from the collector instance * Extract discovery functions performed on the host to a separate file * Improve agent shutdown experience in daemon mode * Fix Backint restoring incorrect file * Google Events - rule proto initial submission * Move gce package to shared folder for use by SQL Server agent * Add GCS integration into collectiondefinition package * Standardize import aliases * go mod updates * Fixing go/gotsan data race error in processmetrics_test * Add Backint support for Inquire line: `#EBID <external_backup_id>` * Chown Backint install directories to user/group of the opt/ folder * Create OTE logs under a subdir under /var/log as /var/log is only writable by root * Will not create an empty log file for logusage logs and one time execution logs will have 0666 file mode * Setting the log file created to world read+write permission * Bump golang.org/x/net from 0.15.0 to 0.17.0 * Add recovery_bucket parameter to Backint * Extract SAP related discovery functions to a separate file * Fix Backint install directory * Fix Backint parallel uploads * Move maintenance collector to beta API * Pruning batches to prevent time series duplication * Added a logger for incorporating service context keys in logs * Encode the DB password string to handle passwords with special characters * Handling non error scenarios better in netweaver.go * Internal change * fixes typo on backint install * Allow all users to execute google_cloud_sap_agent * Fix hdbbackint script. * Subdirs for Backint DIAGNOSE temporary files * Report zero-value metrics for upcoming maintenance * Clean up gcealpha functionality * Fix default configuration values in daemon and backint * Update the comment in proto to reflect that the metric path in skip list should start with /sap * Implemented separation of context of different services * Update to version 2.6 (bsc#1215672, bsc#1215673) * Rolling back previous change for storing Project Number, Project ID is sufficient, no need to add complexity * Determine location of HANA global.ini using SAP system discovery logic * Add numeric project ID prefix to object name for ReadMetrics * Discovery now looks up and stores project number with discovery data * ReadMetrics updates for IAM permissions and bucket object names * fixing the bug in backoff logic, using separate policies for each collector and adding some logs * Backint migration from the old agent and supporting legacy parameters * adding new backoff policies for process metrics and fixing the bug in process metrics sapservice collector * Bump SAP Agent version to 2.6 * Fix an issue where HANA hosts may not be discovered properly if hostname differs from instance name * Use Go 1.20 friendly sorting solution * adding retries in process metrics logic with backoffs * Fix parsing of instance (host/VM) name in Pacemaker pcmk_delay_max metric * Add the collection definition changes for the SAP HANA Topology metrics * Template for Cloud Monitoring Alerts for Backint errors * adding backoff to InstanceProperties to each collector * Reduced the number of parameters of startXX functions by consolidating them into respective structs * completing TODO (b/298315981): Create a map from skipped list metrics and pass it to collectors. * Proto package name changes to reflect the current path * Use instance_name instead of instance_id for baremetal systems * Decode encryption keys for Backint. * Moving hareplication metric to fast moving metrics * Added backoffs package in process metrics to keep the backoff policies and retry policies separately and make it reusable acrosss process metrics * Install Backint OTE * Adding skip list logic to process metrics * Separating fastmoving metrics into a separate file from other process metrics * Update remote collection to use collected instance's Cloud Properties * ReadMetrics upload to bucket and send status to monitoring * Remove local implementation of DW API in favor of using generated third_party version * ReadMetrics read input file and write results to local filesystem * Clean up command line executions to collect SAP Control metrics * Adding new OTE structure for ReadMetrics * Add the SUSE specific spec file to keep upstream changes and SUSE packaging in sync * Collect and report upcoming maintenance * Add basepath override and gcealpha functionality * Making proto changes for process metrics re-arch * Changes for generating HANA Insights locally into a markdown file * Delay feature specific daily action logs by 24 hours to avoid noise created by startup failures * Update to the rule "maximum_invalid_connect_attempts" * Add some missing related resources * Fix rate limiting for compression enabled uploads/downloads * Optional User-Agent parameter added to storage package client connection * Relocate gcealpha to /internal * Fix parse_test error * Retries added for opening files in Backint * Make processmetrics unit tests hermetic * Remove if-this-then-that requirement from WLM validation rule * Fix WriteInsight JSON encoding, and add missing elements * Add configuration value to change API endpoint for Data Warehouse calls * Storage package progress messages based off of read/writes directly to the bucket * Make Collect DB Metrics as NO-OP when metrics are being read from override file * Remove unused field from backint proto * Custom retries for the storage package with exponential backoff and MaxRetries setting ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2024-127=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2024-127=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2024-127=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-127=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2024-127=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2024-127=1 ## Package List: * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-2.8-150100.3.20.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-2.8-150100.3.20.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-2.8-150100.3.20.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-2.8-150100.3.20.1 * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-2.8-150100.3.20.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-2.8-150100.3.20.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215672 * https://bugzilla.suse.com/show_bug.cgi?id=1215673 * https://bugzilla.suse.com/show_bug.cgi?id=1217373 * https://bugzilla.suse.com/show_bug.cgi?id=1217374

1 0