Removed rpms ============ - Mesa-libGL-devel-32bit - Mesa-libglapi0-32bit - Mesa-vulkan-overlay-32bit - gtk2-engine-oxygen-32bit - Mesa-dri-nouveau-32bit - Mesa-libEGL1-32bit - Mesa-libGLESv1_CM-devel-32bit - Mesa-libglapi-devel-32bit - Mesa-vulkan-device-select-32bit - libOSMesa8-32bit - libSDL2_net-2_0-0-32bit - libSDL2_net-devel-32bit - libSDL2_ttf-devel-32bit - libSDL_net-1_2-0-32bit - libSDLmm-0_1-8-32bit - libdbusmenu-qt5-2-32bit - libdbusmenu-qt5-devel-32bit - libfdisk1-32bit - libfreebl3-32bit - libmount-devel-32bit - libnettle8-32bit - libpostproc55_9-32bit - libraptor2-0-32bit - libswresample3_9-32bit - libudev1-32bit - libuuid-devel-32bit - libvdpau_nouveau-32bit - libvdpau_r300-32bit - libxapian30-32bit - libxcb-cursor0-32bit - libz1-32bit - mozilla-nss-32bit - systemd-32bit - libSDL2_gfx-devel-32bit - libSDL_gfx-devel-32bit - libSDL_image-1_2-0-32bit - libSDL_ttf-devel-32bit - libSDLmm-devel-32bit - libabsl2206_0_0 - libavformat58_76-32bit - libavutil56_70-32bit - libblkid-devel-32bit - libblkid1-32bit - libclang-cpp13-32bit - libdw1-32bit - libfreebl3-hmac-32bit - libgbm-devel-32bit - libgnutls30-hmac-32bit - libhogweed6-32bit - libmediainfo0-32bit - libopenh264-6 - libopenh264-devel - libswscale5_9-32bit - libsystemd0-32bit - libvdpau_radeonsi-32bit - mozilla-openh264 - openldap2-devel-32bit - wine-staging-devel-32bit - xcb-util-cursor-devel-32bit - zlib-devel-static-32bit Added rpms ========== - Mesa-dri-nouveau-32bit - Mesa-libEGL1-32bit - Mesa-libGLESv1_CM-devel-32bit - Mesa-libglapi-devel-32bit - Mesa-vulkan-device-select-32bit - abseil-cpp - gcc10-PIE - Mesa-libGL-devel-32bit - Mesa-libglapi0-32bit - Mesa-vulkan-overlay-32bit - gtk2-engine-oxygen-32bit - libSDL2_gfx-devel-32bit - libSDL_gfx-devel-32bit - libSDL_image-1_2-0-32bit - libSDL_ttf-devel-32bit - libSDLmm-devel-32bit - libavformat58_76-32bit - libavutil56_70-32bit - libblkid-devel-32bit - libblkid1-32bit - libclang-cpp13-32bit - libdw1-32bit - libfreebl3-hmac-32bit - libgbm-devel-32bit - libgnutls30-hmac-32bit - libhogweed6-32bit - libiniparser1-32bit - libmediainfo0-32bit - libswscale5_9-32bit - libsystemd0-32bit - libvdpau_radeonsi-32bit - openldap2-devel-32bit - wine-staging-devel-32bit - xcb-util-cursor-devel-32bit - zlib-devel-static-32bit - libOSMesa8-32bit - libSDL2_net-2_0-0-32bit - libSDL2_net-devel-32bit - libSDL2_ttf-devel-32bit - libSDL_net-1_2-0-32bit - libSDLmm-0_1-8-32bit - libasan6-gcc10 - libasan6-gcc10-32bit - libatomic1-gcc10 - libatomic1-gcc10-32bit - libdbusmenu-qt5-2-32bit - libdbusmenu-qt5-devel-32bit - libfdisk1-32bit - libfreebl3-32bit - libgcc_s1-gcc10 - libgcc_s1-gcc10-32bit - libgfortran5-gcc10 - libgfortran5-gcc10-32bit - libgomp1-gcc10 - libgomp1-gcc10-32bit - libitm1-gcc10 - libitm1-gcc10-32bit - libixion-0_17-0 - liblsan0-gcc10 - libmount-devel-32bit - libnettle8-32bit - libobjc4-gcc10 - libobjc4-gcc10-32bit - liborcus-0_17-0 - libpostproc55_9-32bit - libquadmath0-gcc10 - libquadmath0-gcc10-32bit - libraptor2-0-32bit - libstdc++6-gcc10 - libstdc++6-gcc10-32bit - libstdc++6-gcc10-locale - libswresample3_9-32bit - libtsan0-gcc10 - libubsan1-gcc10 - libubsan1-gcc10-32bit - libudev1-32bit - libuuid-devel-32bit - libvdpau_nouveau-32bit - libvdpau_r300-32bit - libxapian30-32bit - libxcb-cursor0-32bit - libz1-32bit - mdds-2_0-devel - mozilla-nss-32bit - systemd-32bit Package Source Changes ====================== Mesa +- revert previous change, since it resulted in Xorg and Mesa no + longer being able to load "i965" driver at all! This affects many + if not almost all Intel GPU users. I can't tell why this happens, + but I'm afraid we need to act immediately (boo#1202850); reopened + boo#1200965 for now ... + +- change default driver from 'iris' back to 'i965' for Intel + Gen8-11 hardware; that way we also use the same driver used by X + and Mesa (boo#1200965); related bugs: boo#1197045, boo#1197046 + Mesa-drivers +- revert previous change, since it resulted in Xorg and Mesa no + longer being able to load "i965" driver at all! This affects many + if not almost all Intel GPU users. I can't tell why this happens, + but I'm afraid we need to act immediately (boo#1202850); reopened + boo#1200965 for now ... + +- change default driver from 'iris' back to 'i965' for Intel + Gen8-11 hardware; that way we also use the same driver used by X + and Mesa (boo#1200965); related bugs: boo#1197045, boo#1197046 + abseil-cpp -- Add Fix-maes-msse41-leaking-into-pkgconfig.patch - * Do not make programs compiled with abseil require new-ish CPUs. - -- Update to version 20220623.0 - What's New: - * Added absl::AnyInvocable, a move-only function type. - * Added absl::CordBuffer, a type for buffering data for eventual inclusion an - absl::Cord, which is useful for writing zero-copy code. - * Added support for command-line flags of type absl::optional. - Breaking Changes: - * CMake builds now use the flag ABSL_BUILD_TESTING (default: OFF) to control - whether or not unit tests are built. - * The ABSL_DEPRECATED macro now works with the GCC compiler. GCC users that - are experiencing new warnings can use -Wno-deprecated-declatations silence - the warnings or use -Wno-error=deprecated-declarations to see warnings but - not fail the build. - * ABSL_CONST_INIT uses the C++20 keyword constinit when available. Some - compilers are more strict about where this keyword must appear compared to - the pre-C++20 implementation. - * Bazel builds now depend on the bazelbuild/bazel-skylib repository. - See Abseil's WORKSPACE file for an example of how to add this dependency. - Other: - * This will be the last release to support C++11. Future releases will require at least C++14. -- run spec-cleaner - -- Remove obsolete 0%{suse_version} < 1500 conditions - -- Add options-old.patch, options-cxx17.patch - * Ensure ABI stability regardless of compiler settings per instruction in the header. - -- Implement shlib packaging policy - audit-secondary +- Update audit-secondary.spec: create symbolic link from + /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519). + bpftrace +- do not link against the shared BFD libraries [bsc#1200630] + btrfsprogs +- Upstream behavior of btrfs compression=none (JSC#PED-1711) + * btrfs-progs_props_dont_translate_value_of_compression_none.patch + clamav-database +- database refresh on 2022-08-29 (bsc#1084929) + +- database refresh on 2022-08-22 (bsc#1084929) + clamsap +- Fix XML MIME type detection using libmagic +- 0.104.3 (jsc#PED-805) + cloud-regionsrv-client +- Follow up fix to 10.0.4 (bsc#1202706) + - While the source code was updated to support SLE Micro the spec file + was not updated for the new locations of the cache and the certs. + Update the spec file to be consistent with the code implementation. + +- Update to version 10.0.5 (bsc#1201612) + - Handle exception when trying to deregister a system form the server + cosign +- updated to 1.10.1 (jsc#SLE-23879) + - CVE-2022-35929: Fixed that cosign verify-attestaton --type can + report a false positive if any attestation exists (GHSA-vjxv-45g9-9296 + (bsc#1202157) +- What else changed: + - add flag to allow skipping upload to transparency log by @k4leung4 in #2089 + - Improve error message when no sigs/atts are found for an image by @imjasonh in #2101 + - Change Result in Vulnerability Attestation to interface{} by @knqyf263 in #2096 + - Fix field names in the vulnerability attestation by @otms61 in #2099 + - remove style jobs and cleanup makefile gofmt and goimports are running already with golangci-lint by @cpanato in #2105 + - sparkles Enable Scorecard badge by @azeemshaikh38 in #2109 + - Resolves #522 set Created date to time of execution by @Lerentis in #2108 + - Introduce a custom error type to classify errors. by @mattmoor in #2114 + - feat: attach: attestation: allow passing multiple payloads by @Dentrax in #2085 + - update cross-builder to go1.18.5 and cosign image to 1.10.0 by @cpanato in #2119 + - chore: fix documentation and warning on using untrusted rekor key by @asraa in #2124 + - Correct the type used for attest by @mattmoor in #2128 + +- updated to 1.10.0 + - replace gcr.io/distroless/ to use ghcr.io/distroless/ by @cpanato in #1961 + - Separate RegExp matching of issuer/subject from strict by @vaikas in #1956 + - tuf: improve TUF client concurrency and caching by @asraa in #1953 + - Add Cloudsmith Container Registry to tested registry list by @ciaracarey in #1966 + - feat(fulcioroots): singleton error pattern by @developer-guy in #1965 + - Drop tuf client dependency on GCS client library by @imjasonh in #1967 + - Add spdxjson predicate type for attestations by @jdolitsky in #1974 + - Remove policy-controller now that it lives in sigstore/policy-controller by @vaikas in #1976 + - cleanup: unexport kubernetes.Client method by @imjasonh in #1973 + - cleanup ci job and remove policy-controller references by @cpanato in #1981 + - fix/update post build job by @cpanato in #1983 + - docs: updated Azure kms commands. by @JBrejnholt in #1972 + - Add cyclonedx predicate type for attestations by @jdolitsky in #1977 + - Route deprecated -version to version subcommand by @puerco in #1854 + - docs(readme): add installation steps for container image for cosign binary by @developer-guy in #1986 + - Add --platform flag to cosign sbom download by @puerco in #1975 + - Use pkg/fulcioroots and pkg/tuf from sigstore/sigstore by @imjasonh in #1866 + - Add --oidc-provider flag to specify which provider to use for ambient credentials by @priyawadhwa in #1998 + - encrypt values to create the github action secret by @cpanato in #1990 + - sign-blob: bundle should work independently and respect --output-certificate and --output-signature by @Dentrax in #2016 + - Attempt to clean up pkg/cosign by @imjasonh in #2018 + - public-key: fix command description by @Dentrax in #2024 + - [NFC] specs: fix list formatting on SIGNATURE_SPEC by @woodruffw in #2030 + - feat: cert-extensions verify by @developer-guy in #1626 + - Fix #1378 create new attestation signature in replace mode if not existent by @Syquel in #2014 + - Use cosign.ConfirmPrompt more consistently by @imjasonh in #2039 + - chore: add a note about SIGSTORE_REKOR_PUBLIC_KEY var by @hectorj2f in #2040 + - Fix OIDC test by @cpanato in #2050 + - Add env subcommand. by @wlynch in #2051 + - remove tests with 1.21 k8s cluster because it is deprecated and add v1.23/24 by @cpanato in #2055 + - update ct/otel and etcd by @cpanato in #2054 + - chore(deps): CycloneDX PredicateType changed to use in-toto-golang by @masahiro331 in #2067 + - Remove replace directives in go.mod. by @wlynch in #2070 + - update design doc link by @bobcallaway in #2077 + - Remove hack/tools.go by @imjasonh in #2080 + - fix missing quote by @cpanato in #2090 +- removed cosigned and webhook + +- updated to 1.9.0 + - Check failure message of policy that fails with issuer mismatch by @vaikas in #1815 + - [Cosigned] Add signature pull secrets by @DennyHoang in #1805 + - feat: add rego policy support by @hectorj2f in #1817 + - Refactor fulcio signer to take in KeyOpts (take 2) by @wlynch in #1818 + - cosigned: Test unsupported KMS providers by @imjasonh in #1820 + - chore(deps): Included dependency review by @naveensrinivasan in #1792 + - Add auth flow option to KeyOpts. by @wlynch in #1827 + - Document Staging instance usage with Keyless by @k4leung4 in #1824 + - New flag --oidc-providers-disable to disable OIDC providers by @puerco in #1832 + - Validate tlog entry when verifying signature via public key. by @wlynch in #1833 + - Add function to explicitly request a certain provider by @priyawadhwa in #1837 + - cosigned: Fix podAntiAffinity labels by @elfotografo007 in #1841 + - remove exclude from go.mod by @cpanato in #1846 + - [Cosigned] Glob matching improvement by @DennyHoang in #1842 + - sget: Enable KMS providers for sget by @imjasonh in #1852 + - Fix piv-tool generate-key command in TOKENS doc by @nealmcb in #1850 + - Add IBM Cloud Container Registry to tested registry list by @bainsy88 in #1856 + - If SBOM ref has .json suffix, assume JSON mediatype by @jdolitsky in #1859 + - Add rekor.0.pub TUF target to unit tests by @priyawadhwa in #1860 + - Normalize certificate flag names by @haydentherapper in #1868 + - Check certificate policy flags with only a certificate by @haydentherapper in #1869 + - Update go to 1.17.10 / cosign image to 1.18.0 and actions setup go by @cpanato in #1861 + - Point git commmit FUN.md to gitsign! by @wlynch in #1874 + - [cosigned] remove regex from the image pattern fields by @hectorj2f in #1873 + - go.mod: format go.mod by @zchee in #1879 + - Remove dependency on deprecated github.com/pkg/errors by @zchee in #1887 + - tree: only report artifacts that are present by @ribbybibby in #1872 + - update README with ebpf modules by @EItanya in #1888 + - Update github.com/google/go-containerregistry/pkg/authn/k8schain module to f1b065c6cb3d by @vpnachev in #1889 + - v1beta1 API for cosigned by @vaikas in #1890 + - tree: support --attachment-tag-prefix by @ribbybibby in #1900 + - [cosigned] Remove undefined apiGroups from policy clusterrole by @vpnachev in #1896 + - GHSA-66x3-6cw3-v5gj: Update go-tuf to v0.3.0 by @janisz in #1894 + - The timeout arg in golangci-lint has been moved to the generic args p… by @dlorenc in #1901 + - [cosigned] Rename cosigned references to policy-controller by @hectorj2f in #1893 + - Move deprecated dependency: google/trillian/merkle to transparency-dev by @cpanato in #1910 + - Add support for "**" in image glob matching by @imjasonh in #1914 + - Add privacy statement for PII storage by @haydentherapper in #1909 + - Do not push to public rekor. by @vaikas in #1931 + - fix: fix fetching updated targets from TUF root by @asraa in #1921 + - fix: fix #1930 for AWS KMS formats by @vaikas in #1946 + - update cross-builder image to use go1.17.11 by @cpanato in #1950 + - remove deprecation from goreleaser, go-fish is not supported anymore by @cpanato in #1952 + - add changelog for v1.9.0 by @cpanato in #1955 + - add parallelism for goreleaser by @cpanato in #1957 + +- updated to 1.8.0 + - Move the KMS integration imports into the binary entrypoints by @mattmoor in #1744 + - [Cosigned] Convert functions for webhookCIP from v1alpha1 by @DennyHoang in #1736 + - Refactor policy related code, add support for vuln verify by @vaikas in #1747 + - Use bundle log ID to find verification key by @haydentherapper in #1748 + - [cosigned] The webhook name is now configurable via --webhook-name flag by @vpnachev in #1726 + - Add intermediate CA certificate pool for Fulcio by @haydentherapper in #1749 + - test: create fake TUF test root and create test SETs for verification by @asraa in #1750 + - Implement identities, fix bug in webhook validation. by @vaikas in #1759 + - Validate issuer/subject regexp in validate webhook. by @vaikas in #1761 + - chore: add warning when attaching sBOMs by @hectorj2f in #1756 + - Verify embedded SCTs by @haydentherapper in #1731 + - chore: add warning when downloading a sBOM by @hectorj2f in #1763 + - [policy-webhook] The webhooks name is now configurable via --(validating|mutating)-webhook-name flags by @vpnachev in #1757 + - Break the CIP action tests into a sh script. by @vaikas in #1767 + - tuf: add debug info if tuf update fails by @asraa in #1766 + - cosigned: add support for rsa keys by @hectorj2f in #1768 + - Cosigned validate against remote sig src by @DennyHoang in #1754 + - Add Fulcio intermediate CA certificate to intermediate pool by @haydentherapper in #1774 + - fix: more informative error by @ybelMekk in #1778 + - Run update-codegen. by @wlynch in #1789 + - Remove the dependency on v1alpha1.Identity which brings in unnecessary k8s deps. by @vaikas in #1790 + - Refactor fulcio signer to take in KeyOpts. by @wlynch in #1788 + - test: add cue unit tests by @hectorj2f in #1791 + - Attestations + policy in cip. by @vaikas in #1772 + - chore: add rego function to consume modules and evaluate them by @hectorj2f in #1787 + - Add parallelization for processing policies / authorities. by @vaikas in #1795 + - Allow passing keys via environment variables (env:// refs) by @znewman01 in #1794 + - Handle context cancelled properly + tests. by @vaikas in #1796 + - Fix a bug where an error would send duplicate results. by @vaikas in #1797 + - Revert "Refactor fulcio signer to take in KeyOpts. (#1788)" by @wlynch in #1798 + - cosigned: Unify cue data and policy before evaluating it by @hectorj2f in #1793 + - Don't fail open in VerifyBundle by @mtrmac in #1648 + - Load in intermediate cert pool from TUF by @haydentherapper in #1804 + - Support PKCS1 encoded and non-ECDSA CT log public keys by @haydentherapper in #1806 + +- updated to 1.7.2 + - [Cosigned] Fix publicKey unmarshal by @DennyHoang in #1719 + - fix: add permissions to patch events by @hectorj2f in #1722 + - Make public all types required to use ValidatePolicy by @jdolitsky in #1727 + - Add unit tests for IntotoAttestation verifier. by @vaikas in #1728 + - Remove newline from download sbom output by @ribbybibby in #1732 + - Fix packages name and binary in the packages by @cpanato in #1734 + - Fix fulcioroots test and linter error by @haydentherapper in #1741 + - Support non-ECDSA public keys in certificates by @haydentherapper in #1740 + - bug: remove old fulcio root and fix fallback target code by @asraa in #1738 +- updated to 1.7.1 + - pkcs11: fix build instructions by @rgerganov in #1550 + - add definition for artifact hub to verify the ownership by @cpanato in #1563 + - Add example using AWS Key Management Service (KMS) by @davivcgarcia in #1564 + - Start of the necessary pieces to get #1418 and #1419 implemented by @vaikas in #1562 + - Support deletion of ClusterImagePolicy by @vaikas in #1580 + - 1417 policy validations by @kkavitha in #1548 + - Don't lowercase input image refs, just fail by @imjasonh in #1586 + - Fix #1583 #1582. Disallow regex now until implemented. by @vaikas in #1584 + - Fix piping 'cosign verify' using fulcio/rekor by @marcofranssen in #1590 + - Fix #1592 move authorities as siblings of images. by @vaikas in #1593 + - Add ability to inline secrets from SecretRef to configmap. by @vaikas in #1595 + - Fix copy/paste mistake in repo name. by @k4leung4 in #1600 + - Use reusuable release workflow in sigstore/sigstore by @k4leung4 in #1599 + - Add public key validation by @kkavitha in #1598 + - Validate a public key in a secret is valid. by @vaikas in #1602 + - Ensure entry is removed from CM on secret error. by @vaikas in #1605 + - Add two env variables. One for using Rekor public key from OOB and one for fetching it from Rekor server by @vaikas in #1610 + - Init entity from ociremote when signing a digest ref by @puerco in #1616 + - rename ca-key to ca-cert. Fix 1608, 1613 by @vaikas in #1617 + - improve cosigned validation error messages by @cpanato in #1618 + - Use latest knative/pkg's configmap informer by @tcnghia in #1615 + - Included OpenSSF Best Practices Badge by @naveensrinivasan in #1628 + - FUN.md broke when RecordObj changed to HashedRecordObj by @MitchellJThomas in #1633 + - update crane to v0.8.0 release by @cpanato in #1635 + - push latest tag when building a release by @cpanato in #1636 + - Add extra label and change the latest tag to unstable for non tagged releases by @cpanato in #1637 + - Document Elastic container registry support by @mgreau in #1641 + - Validate authority keys by @coyote240 in #1623 + - feat: tree command utility by @developer-guy in #1603 + - fix build date format for version command by @cpanato in #1644 + - Add support for intermediate certificates when verifiying by @haydentherapper in #1631 + - Prompt user before running cosign clean by @priyawadhwa in #1649 + - Use ClusterImagePolicy with Keyless + e2e tests for CIP with kind by @vaikas in #1650 + - KEYLESS.md: Shorten example OAuth URL by @tstromberg in #1661 + - Use syscall.Stdin for input handle. Fixes #1153 by @mdp in #1657 + - Add support for certificate chain to verify certificate by @haydentherapper in #1659 + - First batch of followups to #1650 by @vaikas in #1664 + - Add certificate chain flag for signing by @haydentherapper in #1656 + - [attach]: Add specific suffixes mediaTypes to sboms by @hectorj2f in #1663 + - update font when output the cosign version by @cpanato in #1668 + - feat: add ability to override registry keychain by @noamichael in #1666 + - remove replace directive by @cpanato in #1669 + - Refactor based on discussions in #1650 by @vaikas in #1674 + - Find all valid entries in verify-blob by @priyawadhwa in #1673 + - Fix relative paths in Gitub OIDC blob test by @priyawadhwa in #1677 + - Add support for cert and cert chain flags with PKCS11 tokens by @haydentherapper in #1671 + - Use cosign @ HEAD for Github OIDC sign blob test by @priyawadhwa in #1678 + - Make cosign copy copy metadata attached to child images. by @mattmoor in #1682 + - change file_name_template to PackageName by @strongjz in #1683 + - Update error message for verify/verify attestation by @haydentherapper in #1686 + - cosign clean: Don't log failure if the registry responds with 404 by @imjasonh in #1687 + - verify: add leaf hash verification for tlog entries by @asraa in #1688 + - Fix handling of policy in verify-attestation by @lcarva in #1672 + - Add e2e test for attest / verify-attestation by @vaikas in #1685 + - verify: remove extra calls to rekor for verify and verify-blob by @asraa in #1694 + - Remove the hardcoded sigstore audience by @mattmoor in #1698 + - Use ValidatePubKey from sigstore/sigstore by @haydentherapper in #1676 + - Use the github actions from sigstore/scaffolding. by @vaikas in #1699 + - sign: set the oidc redirect uri by @hectorj2f in #1675 + - add back the go mod proxy by @cpanato in #1701 + - enable 1.23 tests (Test cosigned with ClusterImagePolicy) by @cpanato in #1702 + - Fix incorrect unmarshalling of SCT response by @haydentherapper in #1704 + - Make CLI flag for OIDC client secret take a path by @znewman01 in #1705 + - cosigned: read the public key from the kms authority by @hectorj2f in #1706 + - fix latest tag when running a release job by @cpanato in #1707 + - [Cosigned] Parse and store publicKey data earlier by @DennyHoang in #1681 + - Dont overwrite token set in keyOpts by @puerco in #1709 + - refactor release job by @cpanato in #1710 + +- updated to 1.6.0 + - Fix double time import in e2e tests by @saschagrunert in #1388 + - Add --timeout support to sign command by @saschagrunert in #1379 + - Fix comparison in replace option for attestation by @bburky in #1366 + - Add Cosign logo to README by @nsmith5 in #1395 + - Minor refactor to verify SCT and Rekor entry with multiple keys by @haydentherapper in #1396 + - Fix a link of SECURITY.md by @knqyf263 in #1399 + - update cosign and cross-build image for the release job by @cpanato in #1400 + - feat: login command by @developer-guy in #1398 + - TUF: Add root status output by @asraa in #1404 + - Add a newline after password input by @knqyf263 in #1407 + - make imageRef lowercase before parsing by @bobcallaway in #1409 + - Improve error message when image is not found in registry by @imjasonh in #1410 + - Add ability to override the Spiffe socket via environmental variable: by @vaikas in #1421 + - Fix incorrect error check when verifying SCT by @haydentherapper in #1422 + - Skip the ReadWrite test that flakes on Windows. by @dlorenc in #1415 + - Allow PassFunc to be nil by @saschagrunert in #1426 + - Update the cosign keyless documentation to point to the GA release. by @dlorenc in #1427 + - Remove TUF timestamp from OCI signature bundle by @haydentherapper in #1428 + - Add docs on API stability and deprecation table by @priyawadhwa in #1429 + - update cross-build image which adds goimports by @cpanato in #1435 + - feat: enhance clean cmd capability by @developer-guy in #1430 + - use the upstream kubernetes version lib and ldflags by @n3wscott in #1413 + - Improve log lines to match with implementation by @marcofranssen in #1432 + - feat: fig autocomplete feature by @developer-guy in #1360 + - update cross-build to use go 1.17.7 by @cpanato in #1446 + - Fetch verification targets by TUF custom metadata by @haydentherapper in #1423 + - feat: add -buildid= to ldflags by @developer-guy in #1451 + - Streamline SignBlobCmd API with SignCmd by @saschagrunert in #1454 + - convert release cosigned to also generate yaml artifact. by @k4leung4 in #1453 + - Fix tkn link in readme by @Yongxuanzhang in #1459 + - Print message when verifying with old TUF targets by @haydentherapper in #1468 + - fix(sign): refactor unsupported provider log by @Dentrax in #1464 + - tests: /bin/bash -> /usr/bin/env bash by @znewman01 in #1470 + - Double goreleaser timeout by @znewman01 in #1472 + - increase timeout for goreleaser snapshot by @cpanato in #1473 + - fix(sign): kms unspported message by @Dentrax in #1475 + - refactor release cloudbuild job by @cpanato in #1476 + - Fix wording on attach attestation help by @luhring in #1480 + - update go-tuf and simplify TUF client code by @asraa in #1455 + - add initial changelog for 1.5.2 by @cpanato in #1483 + - Fix linter error on main by @priyawadhwa in #1484 + - Update Changelog for Security Advisory by @cpanato in #1485 + - chore(makefile): use kocache, convert publish to build by @developer-guy in #1488 + - Pick up a change to quiet ECR-login logging. by @mattmoor in #1491 + - feat: support other types in copy cmd by @developer-guy in #1493 + - Pick up some of the shared workflows by @mattmoor in #1490 + - feat: nominate Dentrax as codeowner by @developer-guy in #1492 + - add correct layer media type to cosign attach attestation by @spiffcs in #1503 + - This sets up the scaffolding for the cosigned CRD types. by @mattmoor in #1504 + - use v6 api calls in GH action for updating release milestones by @bobcallaway in #1511 + - Add skeleton reconciler for cosigned API CRD. by @mattmoor in #1513 + - bug fix: import ed25519 keys and fix error handling by @asraa in #1518 + - optimize codeql speed by using caching and tracing by @bobcallaway in #1519 + - Add a dummy.go file to allow vendoring config by @jdolitsky in #1520 + - Add CertExtensions func to extract all extensions by @ckotzbauer in #1515 + - chore(ci): add artifact hub support by @Dentrax in #1522 + - Change Fulcio URL default to be fulcio.sigstore.dev by @haydentherapper in #1529 + - Add codecov as github action, set permissions to read content only by @k4leung4 in #1530 + - images: remove --bare flags that conflict with --base-import-paths by @cpanato in #1533 + - Quay OCI Support in README by @sabre1041 in #1539 + - add rpm,deb and apks for cosign packages by @strongjz in #1537 + - Consistent parenthesis use in Makefile by @k4leung4 in #1541 + - add changelog for 1.6.0 by @cpanato in #1535 + - update golang cross image by @cpanato in #1543 + - Add fields in policy CRD by @kkavitha in #1540 + - Disable for now due some issues when downloading the knative module by @cpanato in #1546 + cross-aarch64-gcc10 +- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794 + * includes remaining regression fixes from the branch + +- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389 +- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628] +- Remove sys/rseq.h from include-fixed + +- Put libstdc++6-pp Requires on the shared library and drop + to Recoomends. + +- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to + GPL-3.0-or-later WITH GCC-exception-3.1 + +- Remove bits/unistd_ext.h from include-fixed + +- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893 + * Removes cyclades header use from libsanitizer. [boo#1188076] + +- Force using llvm11 for amdgcn offloading since llvm12 doesn't + yet work. + +- Fix value of %slibdir64 for usrmerge + cross-arm-gcc10 +- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794 + * includes remaining regression fixes from the branch + +- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389 +- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628] +- Remove sys/rseq.h from include-fixed + +- Put libstdc++6-pp Requires on the shared library and drop + to Recoomends. + +- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to + GPL-3.0-or-later WITH GCC-exception-3.1 + +- Remove bits/unistd_ext.h from include-fixed + +- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893 + * Removes cyclades header use from libsanitizer. [boo#1188076] + +- Force using llvm11 for amdgcn offloading since llvm12 doesn't + yet work. + +- Fix value of %slibdir64 for usrmerge + cross-hppa-gcc10 +- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794 + * includes remaining regression fixes from the branch + +- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389 +- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628] +- Remove sys/rseq.h from include-fixed + +- Put libstdc++6-pp Requires on the shared library and drop + to Recoomends. + +- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to + GPL-3.0-or-later WITH GCC-exception-3.1 + +- Remove bits/unistd_ext.h from include-fixed + +- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893 + * Removes cyclades header use from libsanitizer. [boo#1188076] + +- Force using llvm11 for amdgcn offloading since llvm12 doesn't + yet work. + +- Fix value of %slibdir64 for usrmerge + cross-i386-gcc10 +- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794 + * includes remaining regression fixes from the branch + +- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389 +- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628] +- Remove sys/rseq.h from include-fixed + +- Put libstdc++6-pp Requires on the shared library and drop + to Recoomends. + +- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to + GPL-3.0-or-later WITH GCC-exception-3.1 + +- Remove bits/unistd_ext.h from include-fixed + +- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893 + * Removes cyclades header use from libsanitizer. [boo#1188076] + +- Force using llvm11 for amdgcn offloading since llvm12 doesn't + yet work. + +- Fix value of %slibdir64 for usrmerge + cross-m68k-gcc10 +- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794 + * includes remaining regression fixes from the branch + +- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389 +- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628] +- Remove sys/rseq.h from include-fixed + +- Put libstdc++6-pp Requires on the shared library and drop + to Recoomends. + +- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to + GPL-3.0-or-later WITH GCC-exception-3.1 + +- Remove bits/unistd_ext.h from include-fixed + +- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893 + * Removes cyclades header use from libsanitizer. [boo#1188076] + +- Force using llvm11 for amdgcn offloading since llvm12 doesn't + yet work. + +- Fix value of %slibdir64 for usrmerge + cross-mips-gcc10 +- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794 + * includes remaining regression fixes from the branch + +- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389 +- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628] +- Remove sys/rseq.h from include-fixed + +- Put libstdc++6-pp Requires on the shared library and drop + to Recoomends. + +- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to + GPL-3.0-or-later WITH GCC-exception-3.1 + +- Remove bits/unistd_ext.h from include-fixed + +- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893 + * Removes cyclades header use from libsanitizer. [boo#1188076] + +- Force using llvm11 for amdgcn offloading since llvm12 doesn't + yet work. + +- Fix value of %slibdir64 for usrmerge + cross-nvptx-gcc10 +- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794 + * includes remaining regression fixes from the branch + +- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389 +- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628] +- Remove sys/rseq.h from include-fixed + +- Put libstdc++6-pp Requires on the shared library and drop + to Recoomends. + +- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to + GPL-3.0-or-later WITH GCC-exception-3.1 + +- Remove bits/unistd_ext.h from include-fixed + +- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893 + * Removes cyclades header use from libsanitizer. [boo#1188076] + +- Force using llvm11 for amdgcn offloading since llvm12 doesn't + yet work. + +- Fix value of %slibdir64 for usrmerge + cross-ppc64-gcc10 +- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794 + * includes remaining regression fixes from the branch + +- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389 +- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628] +- Remove sys/rseq.h from include-fixed + +- Put libstdc++6-pp Requires on the shared library and drop + to Recoomends. + +- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to + GPL-3.0-or-later WITH GCC-exception-3.1 + +- Remove bits/unistd_ext.h from include-fixed + +- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893 + * Removes cyclades header use from libsanitizer. [boo#1188076] + +- Force using llvm11 for amdgcn offloading since llvm12 doesn't + yet work. + +- Fix value of %slibdir64 for usrmerge + cross-ppc64le-gcc10 +- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794 + * includes remaining regression fixes from the branch + +- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389 +- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628] +- Remove sys/rseq.h from include-fixed + +- Put libstdc++6-pp Requires on the shared library and drop + to Recoomends. + +- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to + GPL-3.0-or-later WITH GCC-exception-3.1 + +- Remove bits/unistd_ext.h from include-fixed + +- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893 + * Removes cyclades header use from libsanitizer. [boo#1188076] + +- Force using llvm11 for amdgcn offloading since llvm12 doesn't + yet work. + +- Fix value of %slibdir64 for usrmerge + cross-riscv64-gcc10 +- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794 + * includes remaining regression fixes from the branch + +- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389 +- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628] +- Remove sys/rseq.h from include-fixed + +- Put libstdc++6-pp Requires on the shared library and drop + to Recoomends. + +- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to + GPL-3.0-or-later WITH GCC-exception-3.1 + +- Remove bits/unistd_ext.h from include-fixed + +- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893 + * Removes cyclades header use from libsanitizer. [boo#1188076] + +- Force using llvm11 for amdgcn offloading since llvm12 doesn't + yet work. + +- Fix value of %slibdir64 for usrmerge + cross-s390x-gcc10 +- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794 + * includes remaining regression fixes from the branch + +- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389 +- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628] +- Remove sys/rseq.h from include-fixed + +- Put libstdc++6-pp Requires on the shared library and drop + to Recoomends. + +- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to + GPL-3.0-or-later WITH GCC-exception-3.1 + +- Remove bits/unistd_ext.h from include-fixed + +- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893 + * Removes cyclades header use from libsanitizer. [boo#1188076] + +- Force using llvm11 for amdgcn offloading since llvm12 doesn't + yet work. + +- Fix value of %slibdir64 for usrmerge + cross-sparc-gcc10 +- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794 + * includes remaining regression fixes from the branch + +- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389 +- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628] +- Remove sys/rseq.h from include-fixed + +- Put libstdc++6-pp Requires on the shared library and drop + to Recoomends. + +- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to + GPL-3.0-or-later WITH GCC-exception-3.1 + +- Remove bits/unistd_ext.h from include-fixed + +- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893 + * Removes cyclades header use from libsanitizer. [boo#1188076] + +- Force using llvm11 for amdgcn offloading since llvm12 doesn't + yet work. + +- Fix value of %slibdir64 for usrmerge + cross-sparc64-gcc10 +- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794 + * includes remaining regression fixes from the branch + +- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389 +- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628] +- Remove sys/rseq.h from include-fixed + +- Put libstdc++6-pp Requires on the shared library and drop + to Recoomends. + +- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to + GPL-3.0-or-later WITH GCC-exception-3.1 + +- Remove bits/unistd_ext.h from include-fixed + +- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893 + * Removes cyclades header use from libsanitizer. [boo#1188076] + +- Force using llvm11 for amdgcn offloading since llvm12 doesn't + yet work. + +- Fix value of %slibdir64 for usrmerge + cross-x86_64-gcc10 +- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794 + * includes remaining regression fixes from the branch + +- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389 +- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628] +- Remove sys/rseq.h from include-fixed + +- Put libstdc++6-pp Requires on the shared library and drop + to Recoomends. + +- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to + GPL-3.0-or-later WITH GCC-exception-3.1 + +- Remove bits/unistd_ext.h from include-fixed + +- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893 + * Removes cyclades header use from libsanitizer. [boo#1188076] + +- Force using llvm11 for amdgcn offloading since llvm12 doesn't + yet work. + +- Fix value of %slibdir64 for usrmerge + dpdk +- aabdallah@suse.com: + Fix for SG#63176, bsc#1198873: Read PCI device name as UTF strings. +- tabraham@suse.com: + kni: allow configuring thread granularity (bsc#1195172) +- added patches + + 0001-kni-allow-configuring-thread-granularity.patch + + 0001-usertools-read-PCI-device-name-as-UTF-8.patch + dracut +- Update to version 055+suse.294.gc5bc4bb5: + Missing network-manager module fixes (bsc#1201975): + * fix(network-manager): avoid calling unavailable dracut-logger functions + * fix(network-manager): skip non-directories in /sys/class/net + * fix(network-manager): disable tty output if the console is not usable + * fix(network-manager): show output on console only with rd.debug enabled + * fix(network-manager): write DHCP filename option to dhcpopts file + * fix(network-manager): ensure safe content of /tmp/dhclient."$ifname".dhcpopts + * fix(network-manager): include nm-daemon-helper binary + * fix(network-manager): don't pull in systemd-udev-settle + * fix(network-manager): support teaming under NM+systemd + * fix(network-manager): pull in network.target in nm-initrd.service + +- Update to version 055+suse.283.ge98ece25: + * fix(network-manager): check for nm-initrd-generator in both /usr/{libexec,lib} (bsc#1201975) + * fix(network-legacy): add auto timeout to wicked DHCP test (bsc#1198709) + elfutils-debuginfod +- Set --enable-debuginfod-urls only for TW. + +- Add missing Requires for devel package. + emacs-apel +- Add emacs-apel-fix-build-error.patch: fix emacs-apel build error + on SLE-15-SP4 (bsc#1197714). + -- Add suse-start-apel.el. - gcc10 +- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794 + * includes remaining regression fixes from the branch + +- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389 +- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628] +- Remove sys/rseq.h from include-fixed + +- Put libstdc++6-pp Requires on the shared library and drop + to Recoomends. + +- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to + GPL-3.0-or-later WITH GCC-exception-3.1 + +- Remove bits/unistd_ext.h from include-fixed + +- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893 + * Removes cyclades header use from libsanitizer. [boo#1188076] + +- Force using llvm11 for amdgcn offloading since llvm12 doesn't + yet work. + +- Fix value of %slibdir64 for usrmerge + gcc10-testresults +- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794 + * includes remaining regression fixes from the branch + +- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389 +- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628] +- Remove sys/rseq.h from include-fixed + +- Put libstdc++6-pp Requires on the shared library and drop + to Recoomends. + +- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to + GPL-3.0-or-later WITH GCC-exception-3.1 + +- Remove bits/unistd_ext.h from include-fixed + +- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893 + * Removes cyclades header use from libsanitizer. [boo#1188076] + +- Force using llvm11 for amdgcn offloading since llvm12 doesn't + yet work. + +- Fix value of %slibdir64 for usrmerge + gnutls +- Security fix: [bsc#1202020, CVE-2022-2509] + * Fixed double free during verification of pkcs7 signatures + * Add gnutls-CVE-2022-2509.patch + +- FIPS: + * Modify gnutls-FIPS-force-self-test.patch [bsc#1198979] + - gnutls_fips140_run_self_tests now properly releases fips_context + +- FIPS: + * Add gnutls_ECDSA_signing.patch [bsc#1190698] + - Check minimum keylength for symmetric key generation + - Only allows ECDSA signature with valid set of hashes + (SHA2 and SHA3) + * Add gnutls-FIPS-force-self-test.patch [bsc#1198979] + - Provides interface for running library self tests on-demand + - Upstream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1598 + kernel-preempt +- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442) +- commit ec6a677 + +- blacklist.conf: update blacklist +- commit 63fa2f9 + +- blacklist.conf: update blacklist +- commit cc1d04f + +- mmc: cavium-thunderx: Add of_node_put() when breaking out of + loop (git-fixes). +- mmc: cavium-octeon: Add of_node_put() when breaking out of loop + (git-fixes). +- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R + (git-fixes). +- memstick/ms_block: Fix a memory leak (git-fixes). +- memstick/ms_block: Fix some incorrect memory allocation + (git-fixes). +- mmc: sdhci-of-esdhc: Fix refcount leak in + esdhc_signal_voltage_switch (git-fixes). +- PCI: tegra194: Fix link up retry sequence (git-fixes). +- PCI: tegra194: Fix Root Port interrupt handling (git-fixes). +- PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() + (git-fixes). +- PCI: qcom: Power on PHY before IPQ8074 DBI register accesses + (git-fixes). +- PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks + (git-fixes). +- PCI: dwc: Always enable CDM check if "snps,enable-cdm-check" + exists (git-fixes). +- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors + (git-fixes). +- PCI: dwc: Disable outbound windows only for controllers using + iATU (git-fixes). +- PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() + (git-fixes). +- PCI: dwc: Stop link on host_init errors and de-initialization + (git-fixes). +- PCI/portdrv: Don't disable AER reporting in + get_port_device_capability() (git-fixes). +- platform/olpc: Fix uninitialized data in debugfs write + (git-fixes). +- USB: Follow-up to SPDX identifiers addition - remove now + useless comments (git-fixes). +- staging: rtl8192u: Fix sleep in atomic context bug in + dm_fsync_timer_callback (git-fixes). +- usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command + completion (git-fixes). +- USB: serial: fix tty-port initialized comments (git-fixes). +- usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes). +- usb: host: xhci: use snprintf() in xhci_decode_trb() + (git-fixes). +- usb: xhci: tegra: Fix error check (git-fixes). +- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe + (git-fixes). +- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe + (git-fixes). +- iio: light: isl29028: Fix the warning in isl29028_remove() + (git-fixes). +- soundwire: bus_type: fix remove and shutdown support + (git-fixes). +- iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes). +- iio: resolver: ad2s1200: Fix alignment for DMA safety + (git-fixes). +- iio: proximity: as3935: Fix alignment for DMA safety + (git-fixes). +- intel_th: msu: Fix vmalloced buffers (git-fixes). +- intel_th: msu-sink: Potential dereference of null pointer + (git-fixes). +- intel_th: Fix a resource leak in an error handling path + (git-fixes). +- misc: rtsx: Fix an error handling path in rtsx_pci_probe() + (git-fixes). +- commit 2bc728a + +- iio: potentiometer: mcp4131: Fix alignment for DMA safety + (git-fixes). +- iio: potentiometer: mcp41010: Fix alignment for DMA safety + (git-fixes). +- iio: potentiometer: max5481: Fix alignment for DMA safety + (git-fixes). +- iio: potentiometer: ad5272: Fix alignment for DMA safety + (git-fixes). +- iio: gyro: fxas210002c: Fix alignment for DMA safety + (git-fixes). +- iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes). +- iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes). +- iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes). +- iio: frequency: adf4371: Fix alignment for DMA safety + (git-fixes). +- iio: frequency: adf4350: Fix alignment for DMA safety + (git-fixes). +- iio: frequency: ad9523: Fix alignment for DMA safety + (git-fixes). +- iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes). +- iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes). +- iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes). +- iio: dac: ti-dac082s085: Fix alignment for DMA safety + (git-fixes). +- iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes). +- iio: dac: ad8801: Fix alignment for DMA safety (git-fixes). +- iio: dac: ad7303: Fix alignment for DMA safety (git-fixes). +- iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes). +- iio: dac: ad5764: Fix alignment for DMA safety (git-fixes). +- iio: dac: ad5761: Fix alignment for DMA safety (git-fixes). +- iio: dac: ad5755: Fix alignment for DMA safety (git-fixes). +- iio: dac: ad5504: Fix alignment for DMA safety (git-fixes). +- iio: dac: ad5449: Fix alignment for DMA safety (git-fixes). +- iio: dac: ad5421: Fix alignment for DMA safety (git-fixes). +- iio: dac: ad5360: Fix alignment for DMA safety (git-fixes). +- iio: dac: ad5064: Fix alignment for DMA safety (git-fixes). +- commit 7981ef6 + +- clk: qcom: camcc-sdm845: Fix topology around titan_top power + domain (git-fixes). +- clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks + (git-fixes). +- clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes). +- clk: qcom: ipq8074: SW workaround for UBI32 PLL lock + (git-fixes). +- clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes). +- clk: qcom: clk-krait: unlock spin after mux completion + (git-fixes). +- clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes). +- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() + (git-fixes). +- HID: cp2112: prevent a buffer overflow in cp2112_xfer() + (git-fixes). +- driver core: fix potential deadlock in __driver_attach + (git-fixes). +- iio: amplifiers: ad8366: Fix alignment for DMA safety + (git-fixes). +- iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes). +- iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes). +- iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes). +- iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes). +- iio: adc: ti-ads124s08: Fix alignment for DMA safety + (git-fixes). +- iio: adc: ti-adc161s626: Fix alignment for DMA safety + (git-fixes). +- iio: adc: ti-adc128s052: Fix alignment for DMA safety + (git-fixes). +- iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes). +- iio: adc: ti-adc084s021: Fix alignment for DMA safety + (git-fixes). +- iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes). +- iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes). +- iio: adc: max1118: Fix alignment for DMA safety (git-fixes). +- iio: adc: max11100: Fix alignment for DMA safety (git-fixes). +- iio: adc: max1027: Fix alignment for DMA safety (git-fixes). +- iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes). +- iio: adc: hi8435: Fix alignment for DMA safety (git-fixes). +- iio: adc: ad7887: Fix alignment for DMA safety (git-fixes). +- iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes). +- iio: adc: ad7766: Fix alignment for DMA safety (git-fixes). +- iio: adc: ad7476: Fix alignment for DMA safety (git-fixes). +- iio: adc: ad7298: Fix alignment for DMA safety (git-fixes). +- iio: adc: ad7266: Fix alignment for DMA safety (git-fixes). +- iio: accel: sca3000: Fix alignment for DMA safety (git-fixes). +- iio: accel: bma220: Fix alignment for DMA safety (git-fixes). +- iio: core: Fix IIO_ALIGN and rename as it was not sufficiently + large (git-fixes). +- fpga: altera-pr-ip: fix unsigned comparison with less than zero + (git-fixes). +- commit 9bda156 + +- openvswitch: fix OOB access in reserve_sfa_size() (CVE-2022-2639 + bsc#1202154). +- commit bfc6551 + +- blacklist.conf: update blacklist +- commit 847721e + +- virtio-gpu: fix a missing check to avoid NULL dereference + (git-fixes). +- media: hdpvr: fix error value returns in hdpvr_read (git-fixes). +- media: tw686x: Register the irq at the end of probe (git-fixes). +- wifi: wil6210: debugfs: fix uninitialized variable use in + `wil_write_file_wmi()` (git-fixes). +- wifi: libertas: Fix possible refcount leak in if_usb_probe() + (git-fixes). +- wifi: iwlwifi: mvm: fix double list_add at + iwl_mvm_mac_wake_tx_queue (git-fixes). +- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() + (git-fixes). +- wifi: p54: add missing parentheses in p54_flush() (git-fixes). +- wifi: p54: Fix an error handling path in p54spi_probe() + (git-fixes). +- mediatek: mt76: mac80211: Fix missing of_node_put() in + mt76_led_init() (git-fixes). +- mt76: mt76x02u: fix possible memory leak in + __mt76x02u_mcu_send_msg (git-fixes). +- can: pch_can: pch_can_error(): initialize errc before using it + (git-fixes). +- wifi: iwlegacy: 4965: fix potential off-by-one overflow in + il4965_rs_fill_link_cmd() (git-fixes). +- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() + (git-fixes). +- thermal/tools/tmon: Include pthread and time headers in tmon.h + (git-fixes). +- regulator: of: Fix refcount leak bug in + of_get_regulation_constraints() (git-fixes). +- soc: fsl: guts: machine variable might be unset (git-fixes). +- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init + (git-fixes). +- virtio-net: fix the race between refill work and close + (git-fixes). +- mt7601u: add USB device ID for some versions of XiaoDu WiFi + Dongle (git-fixes). +- commit 347666b + +- drm/amd/display: Enable building new display engine with KCOV + enabled (git-fixes). +- drm/exynos/exynos7_drm_decon: free resources when + clk_set_parent() failed (git-fixes). +- drm/msm/mdp5: Fix global state lock backoff (git-fixes). +- drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform + (git-fixes). +- drm/mediatek: dpi: Only enable dpi after the bridge is enabled + (git-fixes). +- drm/mediatek: dpi: Remove output format of YUV (git-fixes). +- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff + function (git-fixes). +- drm: bridge: sii8620: fix possible off-by-one (git-fixes). +- drm/rockchip: Fix an error handling path rockchip_dp_probe() + (git-fixes). +- drm/rockchip: vop: Don't crash for invalid duplicate_state() + (git-fixes). +- drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes). +- drm/radeon: fix potential buffer overflow in + ni_set_mc_special_registers() (git-fixes). +- drm/vc4: hdmi: Correct HDMI timing registers for interlaced + modes (git-fixes). +- drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes). +- drm/vc4: dsi: Add correct stop condition to + vc4_dsi_encoder_disable iteration (git-fixes). +- drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes). +- drm/vc4: dsi: Correct DSI divider calculations (git-fixes). +- drm/vc4: plane: Fix margin calculations for the right/bottom + edges (git-fixes). +- drm/vc4: plane: Remove subpixel positioning check (git-fixes). +- drm/doc: Fix comment typo (git-fixes). +- drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes). +- drm: bridge: adv7511: Add check for mipi_dsi_driver_register + (git-fixes). +- drm: adv7511: override i2c address of cec before accessing it + (git-fixes). +- drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes). +- drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes). +- drm/st7735r: Fix module autoloading for Okaya RH128128T + (git-fixes). +- i2c: mux-gpmux: Add of_node_put() when breaking out of loop + (git-fixes). +- i2c: cadence: Support PEC for SMBus block read (git-fixes). +- i2c: Fix a potential use after free (git-fixes). +- commit cce0615 + +- drm/bridge: tc358767: Make sure Refclk clock are enabled + (git-fixes). +- Bluetooth: hci_intel: Add check for platform_driver_register + (git-fixes). +- can: error: specify the values of data[5..7] of CAN error frames + (git-fixes). +- can: usb_8dev: do not report txerr and rxerr during bus-off + (git-fixes). +- can: kvaser_usb_leaf: do not report txerr and rxerr during + bus-off (git-fixes). +- can: kvaser_usb_hydra: do not report txerr and rxerr during + bus-off (git-fixes). +- can: sun4i_can: do not report txerr and rxerr during bus-off + (git-fixes). +- can: hi311x: do not report txerr and rxerr during bus-off + (git-fixes). +- can: sja1000: do not report txerr and rxerr during bus-off + (git-fixes). +- can: rcar_can: do not report txerr and rxerr during bus-off + (git-fixes). +- can: pch_can: do not report txerr and rxerr during bus-off + (git-fixes). +- ath10k: do not enforce interrupt trigger type (git-fixes). +- can: Break loopback loop on loopback documentation (git-fixes). +- ACPI: video: Shortening quirk list by identifying Clevo by + board_name only (git-fixes). +- ACPI: APEI: Better fix to avoid spamming the console with old + error logs (git-fixes). +- bus: hisi_lpc: fix missing platform_device_put() in + hisi_lpc_acpi_probe() (git-fixes). +- ACPI: CPPC: Do not prevent CPPC from working in the future + (git-fixes). +- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put + (git-fixes). +- ath10k: Fix error handling in ath10k_setup_msa_resources + (git-fixes). +- commit 6ee2d65 + +- ipv4: avoid using shared IP generator for connected sockets + (CVE-2020-36516 bsc#1196616). +- ipv4: tcp: send zero IPID in SYNACK messages (CVE-2020-36516 + bsc#1196616). +- commit 6c53c05 + +- blacklist.conf: add "sched: Reenable interrupts in do_sched_yield()" + This patch caused unexplained regressions and it's not fixing any + important issue. +- commit 7b4ecae + +- Revert "Refresh patches.suse/random-fix-crash-on-multiple-early-calls..." (bsc#1201645) + This reverts commit f01d1a85f6c5334e324db629b3d43a8be5461b46. +- commit ef555c8 + +- media: smipcie: fix interrupt handling and IR timeout + (git-fixes). +- commit 72251a4 + +- sched/fair: Revise comment about lb decision matrix (git fixes + (sched/fair)). +- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation + (git fixes (kernel/time)). +- random: remove useless header comment (git fixes). +- profiling: fix shift-out-of-bounds bugs (git fixes). +- sched/membarrier: fix missing local execution of + ipi_sync_rq_state() (git fixes (sched/membarrier)). +- mm: fix page reference leak in soft_offline_page() (git fixes + (mm/memory-failure)). +- commit b0029fe + +- blacklist.conf: xtensa not used +- commit c7e553d + +- blacklist.conf: UML not used +- commit d38c3c3 + +- blacklist.conf: Cosmetic patch +- commit 137482b + +- blacklist.conf: GCC-12 not used +- commit b35581e + +- blacklist.conf: KASAN not configured +- commit ddca4d2 + +- blacklist.conf: Clang not used for build +- commit f6cb05a + +- blacklist.conf: KASAN not configured +- commit db5c6ef + +- blacklist.conf: 6ffbb45826f5d9ae09aa60cd88594b7816c96190 +- commit ae569d4 + +- blacklist.conf: Build time micro-optimisation +- commit 091232d + +- blacklist.conf: Build time micro-optimisation +- commit 06fea81 + +- blacklist.conf: Build time micro-optimisation +- commit c5a48f8 + +- blacklist.conf: Build fix that assumes bash does not exist +- commit a35739b + +- blacklist.conf: Comment fix only +- commit 1f940f0 + +- blacklist.conf: Fixes pointing to misleading commit +- commit b94c0dc + +- blacklist.conf: Patch has a number of high risk dependencies +- commit 58c61ac + +- media: rtl28xxu: add missing sleep before probing slave demod + (git-fixes). +- commit ac926ca + +- media: usb: dvb-usb-v2: rtl28xxu: convert to use + i2c_new_client_device() (git-fixes). +- commit 47f6029 + +- media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T + dongle (git-fixes). +- commit cf3cc2d + +- media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes). +- commit 27a23c1 + +- media: rc: increase rc-mm tolerance and add debug message + (git-fixes). +- commit 532733e + +- media: v4l2-mem2mem: always consider OUTPUT queue during poll + (git-fixes). +- commit 981dce5 + +- media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() + (git-fixes). +- commit 691e7d8 + +- PM: runtime: Remove link state checks in rpm_get/put_supplier() + (git-fixes). +- commit 2786445 + +- usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes). +- Refresh + patches.suse/Revert-usb-dwc3-gadget-Use-list_replace_init-before-.patch. +- Refresh + patches.suse/usb-dwc3-gadget-Use-list_replace_init-before-travers.patch. +- commit de6720f + +- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge +- commit bafbca0 + +- sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) +- commit a77b059 + +- KVM: x86: Update vCPU's hv_clock before back to guest when + tsc_offset is adjusted (git-fixes). +- commit 143ba5a + +- Updated commit IDs from a rebased upstream branch: +- patches.suse/powerpc-pseries-mobility-set-NMI-watchdog-factor-dur.patch. +- patches.suse/powerpc-watchdog-introduce-a-NMI-watchdog-s-factor.patch. +- patches.suse/watchdog-export-lockup_detector_reconfigure.patch. +- commit a3cdcd5 + +- KVM: x86: Fix split-irqchip vs interrupt injection window + request (git-fixes). +- commit 69e8da6 + +- KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint + (git-fixes). +- commit 156ec3b + +- net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes). +- commit 2fe0bb0 + +- net: usb: use eth_hw_addr_set() (git-fixes). +- commit cd08705 + +- KVM: VMX: Don't freeze guest when event delivery causes an + APIC-access exit (git-fixes). +- commit 13e27e5 + +- net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes). +- commit 5a414a0 + +- net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes). +- commit 65c08ec + +- net: usb: ax88179_178a: remove redundant assignment to variable + ret (git-fixes). +- commit 75d1e2c + +- ax88179_178a: add ethtool_op_get_ts_info() (git-fixes). +- commit 8bcd286 + +- net: usb: ax88179_178a: write mac to hardware in get_mac_addr + (git-fixes). +- commit 18afbc0 + +- KVM: VMX: Add non-canonical check on writes to RTIT address MSRs + (git-fixes). +- commit ad2b012 + +- lkdtm: Disable return thunks in rodata.c (bsc#1178134). +- commit 564965b + +- x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134). +- commit 8fc5407 + +- netfilter: nf_queue: do not allow packet truncation below + transport header offset (bsc#1201940 CVE-2022-36946). +- commit f4f33cd + +- kvm/emulate: Fix SETcc emulation function offsets with SLS + (bsc#1201930). +- commit 0a6851d + +- nvme: consider also host_iface when checking ip options + (bsc#1199670). +- commit edd56ec + +- drivers/net: Fix kABI in tun.c (git-fixes). +- commit 3adafd5 + +- FDDI: defxx: Make MMIO the configuration default except for EISA + (git-fixes). +- commit 49c7c8d + +- FDDI: defxx: Bail out gracefully with unassigned PCI resource + for CSR (git-fixes). +- commit 87b1bf0 + +- net: tun: set tun->dev->addr_len during TUNSETLINK processing + (git-fixes). +- commit 11d0ba1 + +- net: macb: restore cmp registers on resume path (git-fixes). +- commit 73e4cc3 + +- drivers: net: fix memory leak in peak_usb_create_dev + (git-fixes). +- commit bf7b83d + +- drivers: net: fix memory leak in atusb_probe (git-fixes). +- commit 1811ff5 + +- amd-xgbe: Update DMA coherency values (git-fixes). +- commit 58be63e + +- net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII + clock (git-fixes). +- commit 5683f5d + +- net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes + (git-fixes). +- commit a1e8450 + +- ftgmac100: Restart MAC HW once (git-fixes). +- commit 9b2ea44 + +- net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port + (git-fixes). +- commit 74dff8e + +- net/mlx5e: When changing XDP program without reset, take refs + for XSK RQs (git-fixes). +- commit 4584eb8 + +- net: lapbether: Remove netif_start_queue / netif_stop_queue + (git-fixes). +- commit 9195d10 + +- net: stmmac: fix incorrect DMA channel intr enable setting of + EQoS v4.10 (git-fixes). +- commit 3eac36a + +- net: enetc: keep RX ring consumer index in sync with hardware + (git-fixes). +- commit 5b9c123 + +- net: enetc: fix incorrect TPID when receiving 802.1ad tagged + packets (git-fixes). +- commit d2c7696 + +- net: hns3: fix error mask definition of flow director + (git-fixes). +- commit e86b116 + +- blacklist.conf: update blacklist +- commit 545a342 + +- scsi: lpfc: Copyright updates for 14.2.0.5 patches + (bsc#1201956). +- scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). +- scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). +- scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into + lpfc_sli_prep_abort_xri() (bsc#1201956). +- scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved + configuration (bsc#1201956). +- scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test + (bsc#1201956 bsc#1200521). +- scsi: lpfc: Fix attempted FA-PWWN usage after feature disable + (bsc#1201956). +- scsi: lpfc: Fix possible memory leak when failing to issue + CMF WQE (bsc#1201956). +- scsi: lpfc: Remove extra atomic_inc on cmd_pending in + queuecommand after VMID (bsc#1201956). +- scsi: lpfc: Set PU field when providing D_ID in + XMIT_ELS_RSP64_CX iocb (bsc#1201956). +- scsi: lpfc: Prevent buffer overflow crashes in debugfs with + malformed user input (bsc#1201956). +- scsi: lpfc: Fix uninitialized cqe field in + lpfc_nvme_cancel_iocb() (bsc#1201956). +- commit 6e7b732 + +- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). +- scsi: qla2xxx: Update manufacturer details (bsc#1201958). +- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). +- scsi: qla2xxx: Fix discovery issues in FC-AL topology + (bsc#1201958). +- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). +- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). +- scsi: qla2xxx: Fix response queue handler reading stale packets + (bsc#1201958). +- scsi: qla2xxx: Zero undefined mailbox IN registers + (bsc#1201958). +- scsi: qla2xxx: Fix incorrect display of max frame size + (bsc#1201958). +- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() + (bsc#1201958). +- commit d5c3642 + +- Drop qla2xxx patch which prevented nvme port discovery + (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958) + Upstream fixed the problem by reverting the offending commit. + Delete: + - patches.suse/scsi-qla2xxx-Fix-disk-failure-to-rediscover.patch. +- commit 1cb16fb + +- hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364). +- hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364). +- hv_netvsc: Fix validation in netvsc_linkstatus_callback() + (bsc#1199364). +- net, xdp: Introduce xdp_build_skb_from_frame utility routine + (bsc#1199364). +- net, xdp: Introduce __xdp_build_skb_from_frame utility routine + (bsc#1199364). +- hv_netvsc: Copy packets sent by Hyper-V out of the receive + buffer (bsc#1199364). +- hv_netvsc: Add (more) validation for untrusted Hyper-V values + (bsc#1199364). +- bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb + signature (bsc#1199364). +- commit cffae99 + +- KVM: emulate: do not adjust size of fastop and setcc subroutines + (bsc#1201930). +- commit 317f350 + +- Refresh + patches.suse/x86-prepare-asm-files-for-straight-line-speculation.patch. +- commit c513474 + +- Update + patches.suse/netfilter-nf_tables-disallow-non-stateful-expression.patch + references (add CVE-2022-32250). +- commit 8871b3f + +- net/sched: cls_u32: fix netns refcount changes in u32_change() + (CVE-2022-29581 bsc#1199665). +- commit e1d6992 + +- random: fix typo in comments (git-fixes). +- commit 49bfcbe + +- blacklist.conf: a cleanup that breaks kABI +- commit f8d13cb + +- random: document add_hwgenerator_randomness() with other input + functions (git-fixes). +- commit 9a03f2f + +- drbd: fix potential silent data corruption (git-fixes). +- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' + explicit (git-fixes). +- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check + (git-fixes). +- linux/random.h: Use false with bool (git-fixes). +- linux/random.h: Remove arch_has_random, arch_has_random_seed + (git-fixes). +- commit a9f5081 + +- kABI workaround for including mm.h in fs/sysfs/file.c + (bsc#1200598 cve-2022-20166). +- commit 29d7d8a + +- net: stmmac: fix watchdog timeout during suspend/resume stress + test (git-fixes). +- commit b651717 + +- net: stmmac: stop each tx channel independently (git-fixes). +- commit 3ba5a53 + +- net: stmmac: fix CBS idleslope and sendslope calculation + (git-fixes). +- commit e0b11c6 + +- net: ag71xx: remove unnecessary MTU reservation (git-fixes). +- commit 6020ebf + +- net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE + SFP (git-fixes). +- commit 858de54 + +- net: amd-xgbe: Reset link when the link never comes back + (git-fixes). +- commit 75c3dff + +- net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout + warning (git-fixes). +- commit 2d480f1 + +- net: amd-xgbe: Reset the PHY rx data path when mailbox command + timeout (git-fixes). +- commit 5734e3e + +- net: axienet: Handle deferred probe on clock properly + (git-fixes). +- commit c2493d6 + +- net: mvneta: Remove per-cpu queue mapping for Armada 3700 + (git-fixes). +- commit 421a813 + +- igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes). +- commit f6ff8de + +- macvlan: remove redundant null check on data (git-fixes). +- commit 37296a9 + +- net: dsa: bcm_sf2: put device node before return (git-fixes). +- commit d83cfd7 + +- powerpc/pseries/mobility: set NMI watchdog factor during an LPM + (bsc#1201846 ltc#198761). +- powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 + ltc#198761). +- watchdog: export lockup_detector_reconfigure (bsc#1201846 + ltc#198761). +- powerpc/mobility: wait for memory transfer to complete + (bsc#1201846 ltc#198761). +- commit 4aa9f78 + +- net: macb: unprepare clocks in case of failure (git-fixes). +- commit 9b3aefc + +- net: macb: add function to disable all macb clocks (git-fixes). +- commit e67caf5 + +- net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE (git-fixes). +- commit 2629e74 + +- octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes). +- commit 12700d6 + +- net/sonic: Fix some resource leaks in error handling paths (git-fixes). +- commit 823b92f + +- net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function (git-fixes). +- commit 3311dc2 + +- net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes). +- commit 0e7bc32 + +- net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown + (git-fixes). +- commit 0b9accc + +- cxgb4: Fix the -Wmisleading-indentation warning (git-fixes). +- commit 96affe9 + +- net: ll_temac: Fix potential NULL dereference in temac_probe() + (git-fixes). +- commit 9f3a68c + +- net: stmmac: dwmac1000: provide multicast filter fallback + (git-fixes). +- commit 173655e + +- net: ll_temac: Use devm_platform_ioremap_resource_byname() + (git-fixes). +- commit bd77f60 + +- net: mscc: Fix OF_MDIO config check (git-fixes). +- commit 6a2a9df + +- blacklist.conf: update blacklist +- commit 5495889 + +- blacklist.conf: update blacklist +- commit ccb0438 + +- i2c: cadence: Change large transfer count reset logic to be + unconditional (git-fixes). +- gpio: pca953x: use the correct register address when regcache + sync during init (git-fixes). +- gpio: pca953x: use the correct range when do regmap sync + (git-fixes). +- gpio: pca953x: only use single read/write for No AI mode + (git-fixes). +- commit 20d420c + +- USB: serial: ftdi_sio: add Belimo device ids (git-fixes). +- serial: 8250: fix return error code in + serial8250_request_std_resource() (git-fixes). +- wifi: mac80211: fix queue selection for mesh/OCB interfaces + (git-fixes). +- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop + (git-fixes). +- ALSA: hda/realtek - Fix headset mic problem for a HP machine + with alc221 (git-fixes). +- ALSA: hda/realtek - Fix headset mic problem for a HP machine + with alc671 (git-fixes). +- ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes). +- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 + model (git-fixes). +- ASoC: madera: Fix event generation for rate controls + (git-fixes). +- ASoC: madera: Fix event generation for OUT1 demux (git-fixes). +- ASoC: cs47l15: Fix event generation for low power mux control + (git-fixes). +- ASoC: wm5110: Fix DRE control (git-fixes). +- ASoC: ops: Fix off by one in range control validation + (git-fixes). +- soc: ixp4xx/npe: Fix unused match warning (git-fixes). +- NFC: nxp-nci: don't print header length mismatch on i2c error + (git-fixes). +- platform/x86: hp-wmi: Ignore Sanitization Mode event + (git-fixes). +- virtio_mmio: Restore guest page size on resume (git-fixes). +- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). +- commit 7b686cc + +- Update patches.suse/vt-vt_ioctl-fix-race-in-VT_RESIZEX.patch + (git-fixes bsc#1200910 CVE-2020-36558). + Add references. +- commit d84e9d7 + +- Update + patches.suse/vt-vt_ioctl-fix-VT_DISALLOCATE-freeing-in-use-virtua.patch + (git-fixes bsc#1201429 CVE-2020-36557). + Add references. +- commit 76ab189 + +- lockdown: Fix kexec lockdown bypass with ima policy + (CVE-2022-21505 bsc#1201458). +- commit 5806b46 + +- arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes) +- commit b51a741 + +- Fix 1201644, 1201664, 1201672, 1201673, 1201676 + All are reports of the same problem - the IBRS_* regs push/popping was + wrong but it needs + 1b331eeea7b8 ("x86/entry: Remove skip_r11rcx") + too. +- commit 7226005 + +- blacklist.conf: updated blacklist for new issue +- commit 93feb45 + +- mm: and drivers core: Convert hugetlb_report_node_meminfo to + sysfs_emit (bsc#1200598 cve-2022-20166). +- commit 6f05f26 + +- drivers core: Miscellaneous changes for sysfs_emit (bsc#1200598 + cve-2022-20166). +- commit 6ff7ebb + +- drivers core: Remove strcat uses around sysfs_emit and neaten + (bsc#1200598 cve-2022-20166). +- commit 4cafd1f + +- vt: drop old FONT ioctls (bsc#1201636 CVE-2021-33656). +- commit bcf7213 + +- drivers core: Use sysfs_emit and sysfs_emit_at for show(device + * ...) functions (bsc#1200598 cve-2022-20166). +- commit 747b6a7 + +- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output + (bsc#1200598 cve-2022-20166). +- commit 4aaf7f0 + +- fbmem: Check virtual screen sizes in fb_set_var() + (CVE-2021-33655 bsc#1201635). +- fbcon: Prevent that screen size is smaller than font size + (CVE-2021-33655 bsc#1201635). +- fbcon: Disallow setting font bigger than screen size + (CVE-2021-33655 bsc#1201635). +- commit a7693d8 + +- Delete patches.suse/hwmon-Make-chip-parameter-for-with_info-API-mandator.patch (bsc#1201206) + The patch seems causing a regression on Mac. +- commit f885f68 + +- arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA (git-fixes) +- commit 036b703 + +- arm64: stackleak: fix current_top_of_stack() (git-fixes) +- commit 9d510a3 + +- cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes) +- commit e7722fa + +- arm64: module: remove (NOLOAD) from linker script (git-fixes) +- commit 2f78693 + +- arm64 module: set plt* section addresses to 0x0 (git-fixes) +- commit 5213f10 + +- kABI workaround for rtsx_usb (git-fixes). +- commit 4ee0d92 + +- x86/bugs: Remove apostrophe typo (bsc#1178134). +- commit 0dca060 + +- power/reset: arm-versatile: Fix refcount leak in + versatile_reboot_probe (git-fixes). +- serial: stm32: Clear prev values before setting RTS delays + (git-fixes). +- serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle + (git-fixes). +- spi: amd: Limit max transfer and message size (git-fixes). +- drm/i915/gt: Serialize TLB invalidates with GT resets + (git-fixes). +- drm/i915/selftests: fix a couple IS_ERR() vs NULL tests + (git-fixes). +- raw: Fix a data-race around sysctl_raw_l3mdev_accept + (git-fixes). +- sysctl: Fix data-races in proc_dointvec_ms_jiffies() + (git-fixes). +- sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes). +- sysctl: Fix data races in proc_douintvec_minmax() (git-fixes). +- sysctl: Fix data races in proc_dointvec_minmax() (git-fixes). +- sysctl: Fix data races in proc_douintvec() (git-fixes). +- sysctl: Fix data races in proc_dointvec() (git-fixes). +- ima: Fix potential memory leak in ima_init_crypto() (git-fixes). +- ima: Fix a potential integer overflow in + ima_appraise_measurement (git-fixes). +- drm/panfrost: Fix shrinker list corruption by madvise IOCTL + (git-fixes). +- drm/panfrost: Put mapping instead of shmem obj on + panfrost_mmu_map_fault_addr() error (git-fixes). +- drm/i915: fix a possible refcount leak in + intel_dp_add_mst_connector() (git-fixes). +- ida: don't use BUG_ON() for debugging (git-fixes). +- dmaengine: pl330: Fix lockdep warning about non-static key + (git-fixes). +- misc: rtsx_usb: set return value in rsp_buf alloc err path + (git-fixes). +- misc: rtsx_usb: use separate command and response buffers + (git-fixes). +- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk + transfer (git-fixes). +- i2c: cadence: Unregister the clk notifier in error path + (git-fixes). +- memregion: Fix memregion_free() fallback definition (git-fixes). +- fbmem: Check virtual screen sizes in fb_set_var() (git-fixes). +- fbcon: Prevent that screen size is smaller than font size + (git-fixes). +- fbcon: Disallow setting font bigger than screen size + (git-fixes). +- video: of_display_timing.h: include errno.h (git-fixes). +- fbdev: fbmem: Fix logo center image dx issue (git-fixes). +- r8169: fix accessing unset transport header (git-fixes). +- net: rose: fix UAF bug caused by rose_t0timer_expiry + (git-fixes). +- pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes). +- pinctrl: sunxi: a83t: Fix NAND function name for some pins + (git-fixes). +- commit aa669e5 + +- ASoC: Intel: Skylake: Correct the handling of fmt_config + flexible array (git-fixes). +- ASoC: Intel: Skylake: Correct the ssp rate discovery in + skl_get_ssp_clks() (git-fixes). +- ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes). +- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() + correctly (git-fixes). +- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes). +- dmaengine: ti: Add missing put_device in + ti_dra7_xbar_route_allocate (git-fixes). +- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate + (git-fixes). +- can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes). +- ASoC: Remove unused hw_write_t type (git-fixes). +- commit 2be6c70 + +- arm64: fix compat syscall return truncation (git-fixes) +- commit 24bf105 + +- arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes) +- commit 992de8b + +- arm64: fix inline asm in load_unaligned_zeropad() (git-fixes) +- commit 867aa84 + +- arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes) +- commit ad8af15 + +- arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes) +- commit 02d9d74 + +- arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (git-fixes) +- commit 4265617 + +- arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes) +- commit 080c096 + +- arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes) +- commit ddc1d85 + +- KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes) +- commit aff711b + +- arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes) +- commit d286e63 + +- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (git-fixes) +- commit 437cb00 + +- usb: typec: add missing uevent when partner support PD + (git-fixes). +- commit 8f7dacd + +- usb: dwc3: gadget: Fix event pending check (git-fixes). +- commit 052f747 + +- blacklist.conf: will speed up booting in exchange for breaking charging + from a switched off laptop with some firmwares +- commit bd8e45d + +- blacklist.conf: build fix that does not matter on a released kernel +- commit 3296a39 + +- net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). +- commit a69d674 + +- net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). +- commit 1caf14d + +- Sort in RETbleed backport into the sorted section + Now that it is upstream.. +- Refresh + patches.suse/KVM-VMX-Convert-launched-argument-to-flags.patch. +- Refresh + patches.suse/KVM-VMX-Fix-IBRS-handling-after-vmexit.patch. +- Refresh patches.suse/KVM-VMX-Flatten-__vmx_vcpu_run.patch. +- Refresh + patches.suse/KVM-VMX-Prevent-RSB-underflow-before-vmenter.patch. +- Refresh + patches.suse/KVM-VMX-Prevent-guest-RSB-poisoning-attacks-with-eIBRS.patch. +- Refresh + patches.suse/KVM-x86-speculation-Disable-Fill-buffer-clear-within-guests.patch. +- Refresh + patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch. +- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch. +- Refresh patches.suse/x86-Undo-return-thunk-damage.patch. +- Refresh patches.suse/x86-Use-return-thunk-in-asm-code.patch. +- Refresh patches.suse/x86-bpf-Use-alternative-RET-encoding.patch. +- Refresh + patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch. +- Refresh + patches.suse/x86-bugs-Add-Cannon-lake-to-RETBleed-affected-CPU-list.patch. +- Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch. +- Refresh + patches.suse/x86-bugs-Do-IBPB-fallback-check-only-once.patch. +- Refresh + patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch. +- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch. +- Refresh + patches.suse/x86-bugs-Group-MDS-TAA-Processor-MMIO-Stale-Data-mitigations.patch. +- Refresh + patches.suse/x86-bugs-Keep-a-per-CPU-IA32_SPEC_CTRL-value.patch. +- Refresh + patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch. +- Refresh + patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch. +- Refresh + patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch. +- Refresh + patches.suse/x86-bugs-Split-spectre_v2_select_mitigation-and-spectre_v2.patch. +- Refresh + patches.suse/x86-common-Stamp-out-the-stepping-madness.patch. +- Refresh patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch. +- Refresh patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch. +- Refresh + patches.suse/x86-cpufeatures-Move-RETPOLINE-flags-to-word-11.patch. +- Refresh + patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch. +- Refresh + patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch. +- Refresh patches.suse/x86-retpoline-Use-mfunction-return.patch. +- Refresh + patches.suse/x86-sev-Avoid-using-__x86_return_thunk.patch. +- Refresh + patches.suse/x86-speculation-Add-a-common-function-for-MD_CLEAR-mitigation-update.patch. +- Refresh + patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch. +- Refresh + patches.suse/x86-speculation-Fill-RSB-on-vmexit-for-IBRS.patch. +- Refresh + patches.suse/x86-speculation-Fix-SPEC_CTRL-write-on-SMT-state-change.patch. +- Refresh + patches.suse/x86-speculation-Fix-firmware-entry-SPEC_CTRL-handling.patch. +- Refresh + patches.suse/x86-speculation-Remove-x86_spec_ctrl_mask.patch. +- Refresh + patches.suse/x86-speculation-Use-cached-host-SPEC_CTRL-value-for-guest-.patch. +- Refresh + patches.suse/x86-speculation-mmio-Add-mitigation-for-Processor-MMIO-Stale-Data.patch. +- Refresh + patches.suse/x86-speculation-mmio-Add-sysfs-reporting-for-Processor-MMIO-Stale-Data.patch. +- Refresh + patches.suse/x86-speculation-mmio-Enable-CPU-Fill-buffer-clearing-on-idle.patch. +- Refresh + patches.suse/x86-speculation-mmio-Enumerate-Processor-MMIO-Stale-Data-bug.patch. +- Refresh + patches.suse/x86-speculation-mmio-Reuse-SRBDS-mitigation-for-SBDS.patch. +- Refresh + patches.suse/x86-speculation-srbds-Update-SRBDS-mitigation-selection.patch. +- Refresh + patches.suse/x86-vsyscall_emu-64-Don-t-use-RET-in-vsyscall-emulation.patch. +- Refresh patches.suse/x86-xen-Rename-SYS-entry-points.patch. +- commit 94dfede + +- arm64: dts: marvell: espressobin: add ethernet alias (git-fixes) +- commit ed82a39 + +- blacklist.conf: blocks a driver from building +- commit 2f8d19f + +- arm64: dts: mcbin: support 2W SFP modules (git-fixes) +- commit 1950671 + +- arm64: lib: Use modern annotations for assembly functions (git-fixes) + Refresh patches.suse/arm64-clear_page-shouldn-t-use-DC-ZVA-when-DCZID_EL0.DZP-1.patch. +- commit fb5a868 + +- spi: : add missing struct kernel-doc entry + (git-fixes). +- Refresh + patches.kabi/move-devm_allocate-to-end-of-structure-for-kABI.patch. +- commit 8e36894 + +- arm64: asm: Add new-style position independent function annotations (git-fixes) +- commit a5d53f5 + +- usbnet: fix memory leak in error case (git-fixes). +- commit 988ba16 + +- arm64: module: rework special section handling (git-fixes) +- commit 7d368bc + +- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge +- commit fb0447a + +- dm mirror log: round up region bitmap size to BITS_PER_LONG + (git-fixes). +- md: bcache: check the return value of kzalloc() in + detached_dev_do_request() (git-fixes). +- dm crypt: make printing of the key constant-time (git-fixes). +- dm integrity: fix error code in dm_integrity_ctr() (git-fixes). +- dm stats: add cond_resched when looping over entries + (git-fixes). +- md/raid0: Ignore RAID0 layout if the second zone has only one + device (git-fixes). +- hex2bin: make the function hex_to_bin constant-time (git-fixes). +- dm integrity: fix memory corruption when tag_size is less than + digest size (git-fixes). +- block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes). +- dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS + (git-fixes). +- block: don't delete queue kobject before its children + (git-fixes). +- block: bio-integrity: Advance seed correctly for larger interval + sizes (git-fixes). +- block: Fix wrong offset in bio_truncate() (git-fixes). +- block: Fix fsync always failed if once failed (git-fixes). +- dm btree remove: fix use after free in rebalance_children() + (git-fixes). +- dm: fix mempool NULL pointer race when completing IO + (git-fixes). +- dm crypt: Avoid percpu_counter spinlock contention in + crypt_page_alloc() (git-fixes). +- blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN + (git-fixes). +- blk-zoned: allow zone management send operations without + CAP_SYS_ADMIN (git-fixes). +- dm btree remove: assign new_root only when removal succeeds + (git-fixes). +- dm snapshot: properly fix a crash when an origin has no + snapshots (git-fixes). +- dm snapshot: fix crash with transient storage and zero chunk + size (git-fixes). +- dm raid: fix inconclusive reshape layout on fast raid4/5/6 + table reload sequences (git-fixes). +- dm space map common: fix division bug in sm_ll_find_free_block() + (git-fixes). +- dm persistent data: packed struct should have an aligned() + attribute too (git-fixes). +- md/bitmap: wait for external bitmap writes to complete during + tear down (git-fixes). +- dm verity: fix FEC for RS roots unaligned to block size + (git-fixes). +- dm bufio: subtract the number of initial sectors in + dm_bufio_get_device_size (git-fixes). +- md: Set prev_flush_start and flush_bio in an atomic way + (git-fixes). +- dm integrity: conditionally disable "recalculate" feature + (git-fixes). +- dm integrity: fix a crash if "recalculate" used without + "internal_hash" (git-fixes). +- dm integrity: fix the maximum number of arguments (git-fixes). +- dm snapshot: flush merged data before committing metadata + (git-fixes). +- lib/string.c: implement stpcpy (git-fixes). +- commit ab41893 + +- xen/netback: avoid entering xenvif_rx_next_skb() with an empty + rx queue (bsc#1201381). +- commit ae4d431 + +- Refresh + patches.suse/crypto-qat-remove-dma_free_coherent-for-DH.patch. + revert the effect of mainline 453431a54934d917153 on patch. +- Refresh + patches.suse/crypto-qat-remove-dma_free_coherent-for-RSA.patch. + revert the effect of mainline 453431a54934d917153 on patch. +- commit 5e710e7 + +- crypto: qat - remove dma_free_coherent() for DH (git-fixes). +- crypto: qat - remove dma_free_coherent() for RSA (git-fixes). +- crypto: qat - fix memory leak in RSA (git-fixes). +- crypto: qat - set to zero DH parameters before free (git-fixes). +- crypto: qat - disable registration of algorithms (git-fixes). +- commit 8d18bba + +- rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer + Dwarves 1.22 or newer is required to build kernels with BTF information + embedded in modules. +- commit 2dbbe9d + +- scripts: dummy-tools, add pahole (jsc#SLE-24559). +- commit 6a3fc85 + +- pty: do tty_flip_buffer_push without port->lock in pty_write + (bsc#1198829 CVE-2022-1462). +- commit ce8f318 + +- tty: use new tty_insert_flip_string_and_push_buffer() in + pty_write() (bsc#1198829 CVE-2022-1462). +- tty: extract tty_flip_buffer_commit() from + tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462). +- commit cbf8ad3 + +- bpf: Add config to allow loading modules with BTF mismatches (jsc#SLE-24559). +- Update config files: + - MODULE_ALLOW_BTF_MISMATCH=y +- commit 0660602 + +- bpf: Keep module's btf_data_size intact after load (jsc#SLE-24559). +- Refresh + patches.kabi/kabi-create-module-private-struct-to-hold-btf-size-data.patch. +- commit 6a4211c + +- bpf: Sanitize BTF data pointer after module is loaded (jsc#SLE-24559). +- Refresh + patches.kabi/kabi-create-module-private-struct-to-hold-btf-size-data.patch. +- commit ec84a18 + +- kbuild: Skip module BTF generation for out-of-tree external + modules (jsc#SLE-24559). +- commit b411a90 + +- bpf: Load and verify kernel module BTFs (jsc#SLE-24559). +- kabi: create module private struct to hold btf size/data (jsc#SLE-24559). +- commit dd48d54 + +- kbuild: Build kernel module BTFs if BTF is enabled and pahole + supports it (jsc#SLE-24559). +- Update config files: + - PAHOLE_HAS_SPLIT_BTF=y + - DEBUG_INFO_BTF_MODULES=y +- commit 00469b9 + +- bpf: Assign ID to vmlinux BTF and return extra info for BTF + in GET_OBJ_INFO (jsc#SLE-24559). +- commit bf525c4 + +- bpf: Add in-kernel split BTF support (jsc#SLE-24559). +- commit de75fe3 + +- bpf: Provide function to get vmlinux BTF information (jsc#SLE-24559). +- Refresh + patches.suse/bpf-Add-bpf_patch_call_args-prototype-to-include-lin.patch. +- commit 97960b8 + +- kbuild: rename any-prereq to newer-prereqs (jsc#SLE-24559). +- commit d74c2bd + +- kbuild: drop $(wildcard $^) check in if_changed* for faster + rebuild (jsc#SLE-24559). +- commit 2b23691 + +- kbuild: split final module linking out into Makefile.modfinal (jsc#SLE-24559). +- Refresh + patches.suse/0008-scripts-Coccinelle-script-for-namespace-dependencies.patch. +- Refresh + patches.suse/0026-modpost-do-not-invoke-extra-modpost-for-nsdeps.patch. +- Refresh + patches.suse/0028-modpost-dump-missing-namespaces-into-a-single-module.patch. +- Refresh + patches.suse/0029-scripts-nsdeps-support-nsdeps-for-external-module-bu.patch. +- commit 860eb7e + +- kbuild: rebuild modules when module linker scripts are updated (jsc#SLE-24559). +- Refresh + patches.suse/kbuild-stop-filtering-out-GCC_PLUGINS_CFLAGS-from-cc.patch. +- commit e48ca3e + +- kbuild: add marker for build log of *.mod.o (jsc#SLE-24559). +- commit 089d37f + +- io_uring: fix fs->users overflow (CVE-2022-1116, bsc#1199647). +- commit e8dfed6 + +- scsi: sd: Fix potential NULL pointer dereference (git-fixes). +- scsi: scsi_debug: Sanity check block descriptor length in + resp_mode_select() (git-fixes). +- scsi: core: Put LLD module refcnt after SCSI device is released + (git-fixes). +- scsi: core: Retry I/O for Notify (Enable Spinup) Required error + (git-fixes). +- scsi: core: Only put parent device if host state differs from + SHOST_CREATED (git-fixes). +- scsi: core: Put .shost_dev in failure path if host state + changes to RUNNING (git-fixes). +- scsi: core: Fix failure handling of scsi_add_host_with_dma() + (git-fixes). +- scsi: core: Fix error handling of scsi_host_alloc() (git-fixes). +- scsi: ufs: handle cleanup correctly on devm_reset_control_get + error (git-fixes). +- scsi: ufs: Release clock if DMA map fails (git-fixes). +- commit cad0d5f + +- don't call utsname() after ->nsproxy is NULL (bsc#1201196). +- commit 12197a1 + +- mm/slub: add missing TID updates on slab deactivation + (git-fixes). +- commit af73675 + +- xen: detect uninitialized xenbus in xenbus_init (git-fixes). +- commit 89b5cfc + +- xen: don't continue xenstore initialization in case of errors + (git-fixes). +- commit a397042 + +- x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes). +- commit 223f7ba + +- KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in + intel_pmu_refresh() (git-fixes). +- commit 2a600a1 + +- KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS + GPAs (git-fixes). +- commit a048eb5 + +- KVM: apic: avoid calculating pending eoi from an uninitialized + val (git-fixes). +- commit bd607c6 + +- KVM: nVMX: handle nested posted interrupts when apicv is + disabled for L1 (git-fixes). +- commit a486b7a + +- KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF + attacks (git-fixes). +- commit eb73c2f + +- KVM: x86: Don't let userspace set host-reserved cr4 bits + (git-fixes). +- commit 404b24a + +- net: hso: bail out on interrupt URB allocation failure + (git-fixes). +- commit f562212 + +- blacklist.conf: misattributed in upstream +- commit 202e210 + +- net: rose: fix UAF bugs caused by timer handler (CVE-2022-2318 + bsc#1201251). +- commit 84c7e09 + +- Update patch reference for rose fix (CVE-2022-2318 bsc#1201251) +- commit 4566057 + +- xen/netfront: force data bouncing when backend is untrusted + (bsc#1200762, CVE-2022-33741, XSA-403). +- commit 7daee4f + +- xen/netfront: fix leaking data in shared pages (bsc#1200762, + CVE-2022-33740, XSA-403). +- commit bfb8cc2 + +- xen/blkfront: force data bouncing when backend is untrusted + (bsc#1200762, CVE-2022-33742, XSA-403). +- commit 9c6c1df + +- xen/blkfront: fix leaking data in shared pages (bsc#1200762, + CVE-2022-26365, XSA-403). +- commit 7095954 + +- blacklist.conf: Add 6a2d90ba027a ptrace: Reimplement PTRACE_KILL by always sending SIGKILL +- commit 272b7b1 + +- config: enable DEBUG_INFO_BTF + This option allows users to access the btf type information for vmlinux + but not kernel modules. +- commit fb07e10 + +- blacklist.conf: Add b4e00444cab4 fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent +- commit b1b6d4b + libdmtx -- Update RPM group and use a source URL - -- Add few patches to improve funcitonality bnc#881387: - * libdmtx-DmtxPropRowPadBytes.patch - * libdmtx-explicit-cast.patch - * libdmtx-mosaic.patch - -- Add baselibs.conf, needed for kdebase4-workspace-libs-32bit - -- Fix the SLES build (%make_install not expanded) -- Fix a couple rpmlint warnings - -- change license to be in spdx.org format - -- make snprintf available to the sources - -- Update to 0.7.4 - library: Relicensed to use Simplified BSD with waiver option - library: Added new error codes and messages in dmtxencode.c - library: Added DmtxByteList struct and supporting functions - library: Changed file header with updated text - library: Fixed ECC bug for 144x144 case (thanks Huver!) - library: New Reed Solomon implementation - library: New repository structure: libdmtx, dmtx-utils, and dmtx-wrappers - -- Add dmtx. - libixion +- Fix build on SLE-12-SP5 +- Remove unneeded vulkan dependency + +- Added patch: + * libixion-boost-system.patch + + fix missing symbols from boost_system library + +- update to 0.17.0: + * set the baseline C++ version to 17. + * mdds has been internalized so that the public header no longer contains + references to mdds. With this change, the users can use different API + versions of mdds between the ixion build and run-time use. + * cleaned up public API to make use of std::string_view and std::variant + where appropriate. + * implemented built-in LEFT() function in the formula interpreter. + * it is no longer required to set the size of void* at build time to ensure + the binaries to be fully functional. + * fixed a bug where named expressions with names containing invalid + characters were still allowed in. + +- Define conditionally make_build to fix build on systems that do + not have that macro + libnettle +- update to 3.8.1: + * Avoid non-posix m4 argument references in the chacha + implementation for arm64, powerpc64 and s390x. Reported by + Christian Weisgerber, fix contributed by Mamone Tarsha. + * Use explicit .machine pseudo-ops where needed in s390x + assembly files. Bug report by Andreas K. Huettel, fix + contributed by Mamone Tarsha. + +- update to 3.8: + This release includes a couple of new features, and many + performance improvements. It adds assembly code for two more + architectures: ARM64 and S390x. + The new version is intended to be fully source and binary + compatible with Nettle-3.6. The shared library names are + libnettle.so.8.5 and libhogweed.so.6.5, with sonames + libnettle.so.8 and libhogweed.so.6. + New features: + * AES keywrap (RFC 3394), contributed by Nicolas Mora. + * SM3 hash function, contributed by Tianjia Zhang. + * New functions cbc_aes128_encrypt, cbc_aes192_encrypt, + cbc_aes256_encrypt. + On processors where AES is fast enough, e.g., x86_64 with + aesni instructions, the overhead of using Nettle's general + cbc_encrypt can be significant. The new functions can be + implemented in assembly, to do multiple blocks with reduced + per-block overhead. + Note that there's no corresponding new decrypt functions, + since the general cbc_decrypt doesn't suffer from the same + performance problem. + Bug fixes: + * Fix fat builds for x86_64 windows, these appear to never + have worked. + Optimizations: + * New ARM64 implementation of AES, GCM, Chacha, SHA1 and + SHA256, for processors supporting crypto extensions. Great + speedups, and fat builds are supported. Contributed by + Mamone Tarsha. + * New s390x implementation of AES, GCM, Chacha, memxor, SHA1, + SHA256, SHA512 and SHA3. Great speedups, and fat builds are + supported. Contributed by Mamone Tarsha. + * New PPC64 assembly for ecc modulo/redc operations, + contributed by Amitay Isaacs, Martin Schwenke and Alastair + D´Silva. + * The x86_64 AES implementation using aesni instructions has + been reorganized with one separate function per key size, + each interleaving the processing of two blocks at a time + (when the caller processes multiple blocks with each call). + This gives a modest performance improvement on some + processors. + * Rewritten and faster x86_64 poly1305 assembly. +- drop libnettle-s390x-CPACF-SHA-AES-support.patch (included in 3.8) + +- Make shared libraries executable + liborcus +- Added patch: + * no-std-filesystem.patch + + use boost::filesystem instead of std::filesystem, in order to + allow building with older compilers + +- Update to 0.17.2: + * fixed a bug where the state of style:cell-protect="none" was not + explicitly pushed, thereby having had the same effect as not having this + attribute. After the fix, style:cell-protect="none" will explicitly push + the hidden state to false, locked state to false, and the formula-hidden + state to false. +- Update to 0.17.1: + * addressed a number of coverity issues. + * removed a variety of compiler warnings. + * re-generated sax parser tokens from ODF v1.3. + * revised the style import code to only push style attributes that are + actually specified in the XML. + * revised the XML structure validation strategy to ignore any mis-placed + elements and their sub structures rather than aborting the import. + +- Update to 0.17.0: + * set the baseline C++ version to 17. + * cleaned up the public API to replace pstring with std::string_view, union + with std::variant, and boost::optional with std::optional. With this + change, the public API no longer has dependency on boost. + * switched to using ixion::model_iterator for horizontal iteration of cells + instead of using mdds::mtv::collection. + * fixed a bug where exporting a spreadsheet document containing adjacent + merged cells regions to html incorrectly exported the merged cell areas. + * cached cell values are now correctly loaded from the xlsx file. + * utf-8 names are now allowed as element and attribute names in the sax parser. + * unquoted utf-8 property values are now allowed in the css parser. + * added yaml output option in orcus-json. + * fixed a bug where mapping of an XML document with namespace aliases + sometimes corrupts the alias values. + * added orcus.FormulaTokenOp enum type in python which describes type formula token + operator types in a more finer grained manner. + * added notes to how to use orcus-xml and orcus-json to map XML and JSON + documents to spreadsheet documents. +- Drop GCC11_build_fixes.patch + +- Define conditionally make_build to fix build on systems that do + not have that macro + libreoffice +- Update to 7.3.3.1 (jsc#SLE-23447): + You can read the release notes for major version 7.3 here: + https://wiki.documentfoundation.org/ReleaseNotes/7.3 + Release notes for minor releases: + https://wiki.documentfoundation.org/Releases/7.3.3/RC1 + https://wiki.documentfoundation.org/Releases/7.3.2/RC2 + https://wiki.documentfoundation.org/Releases/7.3.2/RC1 + https://wiki.documentfoundation.org/Releases/7.3.1/RC3 + https://wiki.documentfoundation.org/Releases/7.3.1/RC2 + https://wiki.documentfoundation.org/Releases/7.3.1/RC1 + https://wiki.documentfoundation.org/Releases/7.3.0/RC3 + https://wiki.documentfoundation.org/Releases/7.3.0/RC2 + https://wiki.documentfoundation.org/Releases/7.3.0/RC1 + https://wiki.documentfoundation.org/Releases/7.3.0/Beta1 +- Update bundled dependencies: + * boost_1_75_0.tar.xz -> boost_1_77_0.tar.xz + * curl-7.79.1.tar.xz + * gpgme-1.13.1.tar.bz2 -> gpgme-1.16.0.tar.bz2 + * icu4c-69_1-data.zip -> icu4c-70_1-data.zip + * icu4c-69_1-src.tgz -> icu4c-70_1-src.tgz + * libassuan-2.5.3.tar.bz2 -> libassuan-2.5.5.tar.bz2 + * libgpg-error-1.37.tar.bz2 -> libgpg-error-1.43.tar.bz2 + * pdfium-4500.tar.bz2 -> pdfium-4699.tar.bz2 + * skia-m90-45c57e116ee0ce214bdf78405a4762722e4507d9.tar.xz -> + skia-m97-a7230803d64ae9d44f4e1282444801119a3ae967.tar.xz +- Added patches: + * bsc1192616.patch +- Refreshed patches: + * 0001-Revert-java-9-changes.patch + * fix_gtk_popover_on_3.20.patch + * fix-wayland-scaling-in-plasma.patch +- Deleted patches: + * bsc1183308.patch +- This package contain the fixes for the following bugs: + * bsc#1196212 + * bsc#1195881 +- This package is not affected by the following bugs: + * bsc#1196017 + * bsc#1196499 +- Enable gtk3_kde5. The gtk3 interface is more stable than the + qt5/kf5 one, this option makes it possible to use gtk3 in kde + with the kde filepicker (bsc#1197017) +- Add system_curl build condition + libslirp +- security update +- added patches + fix CVE-2021-3593 [bsc#1187365], invalid pointer initialization may lead to information disclosure (udp6) + + libslirp-CVE-2021-3593.patch + +- Add patch to fix the version header (bsc#1201551): + * 0001-meson-remove-meson-dist-script.patch + libyang +- security update +- added patches + fix CVE-2021-28905 [bsc#1186377], In function lys_node_free() in libyang v1.0.225, it asserts that the value of node-module can't be NULL, which could lead to a DoS + + libyang-CVE-2021-28905.patch + mozilla-nss +- update to NSS 3.79.1 (bsc#1202645) + * bmo#1366464 - compare signature and signatureAlgorithm fields in legacy certificate verifier. + * bmo#1771498 - Uninitialized value in cert_ComputeCertType. + * bmo#1759794 - protect SFTKSlot needLogin with slotLock. + * bmo#1760998 - avoid data race on primary password change. + * bmo#1330271 - check for null template in sec_asn1{d,e}_push_state. + +- Update nss-fips-approved-crypto-non-ec.patch to unapprove the + rest of the DSA ciphers, keeping signature verification only + (bsc#1201298). +- Update nss-fips-constructor-self-tests.patch to fix compiler + warning. + nasm +- Update to version 2.15.05: + + Fix {%ifid $} and {%ifid $$} incorrectly being treated as true. + + Add {--reproducible} option to suppress NASM version numbers + and timestamps in output files. See {opt-reproducible}. + +- update to 2.15.4: + * More sensible handling of the case where one single-line macro + definition will shadow another. + * Add special preprocessor tokens \c{%*?} and \c{%*??} that expand + like \c{%?} and \c{%??} in single-line macros only. See + \k{selfref%*?}. + * Fix SSE instructions not being recognized with an explicit memory + operation size (e.g. \c{movsd qword [eax],xmm0}). + * The \c{-L+} option no longer enables \c{-Lw}, which is mainly + useful to debug NASM crashes. See \k{opt-L}. + * The NASM-only RDOFF output format backend, which has been broken + since at least NASM 2.14, has been disabled. The RDOFF tools are + scheduled to be removed from the NASM distribution in NASM 2.16. If + you have a concrete use case for RDOFF, please file a NASM bug report + at \W{https://bugs.nasm.us/}\c{https://bugs.nasm.us/} as soon as + possible. See \k{rdffmt}. + +- nasm 2.15.3: + * Add instructions from the Intel Instruction Set Extensions and + Future Features Programming Reference, June 2020. This includes + AVX5512 bfloat16, AVX512 mask intersect, and Intel Advanced + Matrix Extensions (AMX). + * Support for bfloat16 floating-point constants + * various bug fixes + +- update to 2.15.2: + * Fix the handling of macro parameter ranges (%{:}), including + with brace-enclosed original arguments +- includes changes from 2.15.01: + * Add instructions for Intel Control Flow Enforcement Technology +- includes changes from 2.15: + * The comparison and booleanizing operators can now be used in + any expression context, not just %if + * New operator ? ... :. + * Signed shift operators <<< and >>> + * The MASM DUP syntax for data definitions is now supported, + in a somewhat enhanced form + * Warn for strange legacy behavior regarding empty arguments in + multi-line macro expansion, but try to match legacy behavior in + most cases. Legacy behavior can be disabled with the directive + %pragma preproc sane_empty_expansion + * A much more sensible limit to expression evaluation depth. + The previously defined limit would rarely trigger before NASM + died with a stack overrun error on most systems + * The state of warnings can now be saved and restored via the + [WARNING PUSH] and [WARNING POP] directives + * The sectalign on|off switch does not affect an explicit directive + * Fixed 'mismatch in operand sizes' error in the MOVDDUP, + CMPXCHG8B and CMPXCHG16B instructions. + * Removed obsolete gnu-elf-extensions warning about 8- and 16-bit + relocation generation + * Added group aliases for all prefixed warnings + * Added implicitly sized versions of the K... instructions, + which allows the K... instructions to be specified without a + size suffix as long as the operands are sized + * Added -L option for additional listing information + * Added some warnings for obsolete instructions for a specified CPU. + * Deprecated -hf and -y options. Use -h instead + * Made DWARF as the default debug format for ELF + * Added %pragma list options... to set or clear listing options + * Allowed immediate syntax for LEA instruction (ignore operand + size completely) + * Added limited functionality MASM compatibility package + * Add single-line macros aliases using %defalias or %idefalias. + These behave like a kind of "symbolic links" for single-line + macros + * Added support for stringify, nostrip, evaluating, and greedy + single-line macro arguments + * Unused single-line macro arguments no longer need to have a + specified name + * Added conditional comma operator %, + * Changed private namespace from __foo__ to __?foo?__, so a user + namespace starting from underscore is now clean from symbols. + For backwards compatibility, the previous names are defined as + aliases + * Added support of ELF weak symbols and external references + * Changed the behavior of the EXTERN keyword and introduced + REQUIRED keyword + * Added %ifusable and %ifusing directives + * Made various performance improvements and stability fixes in + macro preprocessor engine + * Improved NASM error handling and cleaned up error messages +- includes changes from 2.14.03: + * Suppress nuisance "label changed during code generation" + messages after a real error + * Add support for the merge and strings attributes on ELF sections + * Add support for the note, preinit_array, init_array, and + fini_array sections type in ELF + * Handle more than 32,633 sections in ELF + ndctl +- Update to version 74 (jsc#PED-1080): + * Many CXL fixes + * Some build system fixes + * monitor: Fix the monitor config file parsing + * ndctl/bus: Handle missing scrub commands more gracefully + * ndctl/dimm: Flush invalidated labels after overwrite + - Remove upstreamed patch + - ndctl-build-Fix-systemd-unit-directory-detection.patch + - ndctl-meson-make-modprobedatadir-an-option.patch + +- Provide compatibility symlink for libdaxctl.h in the old location + +- Update to version 73: + * Many CXL fixes + * Fix shipped monitor.conf (bsc#1194696 https://github.com/pmem/ndctl/pull/189) + * inject-smart: Add support for papr + * Switch to meson build system + + ndctl-build-Fix-systemd-unit-directory-detection.patch + + ndctl-meson-make-modprobedatadir-an-option.patch +- Add monitor.conf migration as upstream has (bsc#1194696) +- Use %%config(noreplace) for files in /etc as upstream does. +- Update to version 72.1 + * Add support for CXL interface + * Configuration file rework + * Add service for automatic reconfiguration + * Drop upstreamed patches + - ndctl-namespace-skip-zero-namespaces-when-processing.patch + - ndctl-namespace-Suppress-ENXIO-when-processing-all-n.patch + - 0001-ndctl-namespace-Fix-disable-namespace-accounting-rel.patch + - 0002-Expose-ndctl_bus_nfit_translate_spa-as-a-public-func.patch + - 0003-libndctl-Unify-adding-dimms-for-papr-and-nfit-famili.patch + - 0004-daxctl-fail-reconfigure-device-based-on-kernel-onlin.patch + - 0005-libdaxctl-add-an-API-to-check-if-a-device-is-active.patch + - 0006-libndctl-check-for-active-system-ram-before-disablin.patch + - 0007-daxctl-emit-counts-of-total-and-online-memblocks.patch + - 0008-ndctl-Update-nvdimm-mailing-list-address.patch + - 0009-libndctl-papr-Fix-probe-for-papr-scm-compatible-nvdi.patch + - 0010-ndctl-scrub-Stop-translating-return-values.patch + - 0011-ndctl-scrub-Reread-scrub-engine-status-at-start.patch + - 0012-ndctl-dimm-Fix-label-index-block-calculations.patch + - 0013-daxctl-Add-Soft-Reservation-theory-of-operation.patch + - 0014-Documentation-ndctl-fix-self-reference-of-ndctl-disa.patch + - 0015-ndctl-docs-Clarify-update-firwmware-activation-overf.patch + - 0016-libndctl-papr-Add-support-for-reporting-shutdown-cou.patch +- Add rpmlinrc filter for libcxl and libdaxctl (boo#1191773). +- Fix asciidoctor conditional + open-vm-tools +- Update to 12.1.0 (build 20219665) (boo#1202733) + + New/Updated features: + - Contains security update fix for (bsc#1202657) - (CVE-2022-31676) + VUL-0: CVE-2022-31676: open-vm-tools: + local privilege escalation vulnerability + + A number of Coverity reported issues have been addressed. + + [FTBFS] Fix the build of the ContainerInfo plugin for a 32-bit Linux + release: + https://github.com/vmware/open-vm-tools/pull/588 + + Make HgfsConvertFromNtTimeNsec aware of 64-bit time_t on i386 (32-bit) + This change incorporates the support of 64 bit time epoch conversion + from Windows NT time to Unix Epoch time on i386. + https://github.com/vmware/open-vm-tools/pull/387 +- Drop patch now contained in 12.1.0: + + gcc_size_t.patch + openldap2 +- bsc#1198341 - Prevent memory reuse which may lead to instability + * 0243-Change-malloc-to-use-calloc-to-prevent-memory-reuse-.patch + osinfo-db +- bsc#1197958 - request support for SLE15-SP4 in the osinfo database +- Add support for SUSE linux Enterprise Micro 5.2 + add-slem5.2-support.patch + +- bsc#1196965 - openSUSE Tumbleweed unattended installation with + libvirt fails + opensuse-autoyast-desktop.patch + +- Update to database version 20220214 + osinfo-db-20220214.tar.xz + perl-HTTP-Daemon +- Fix request smuggling in HTTP::Daemon + (CVE-2022-31081, bsc#1201157) + * CVE-2022-31081.patch + * CVE-2022-31081-2.patch + * CVE-2022-31081-Add-new-test-for-Content-Length-issues.patch + post-build-checks +- Update to version 84.87+git20220325.f46ef3c: + * enable -z now linking by default + +- Update to version 84.87+git20220322.48f07a0: + * Remove errneous whitespaces + * fix comparison name + +- Update to version 84.87+git20220321.9651edb: + * Restore secure permissions in build environment (bsc#1159963) + * Handle default being easy + * Various speedups around invoking rpm +- change service file from disabled to manual + +- Update to version 84.87+git20220128.77a97b9: + * change cross build detection logic to be more robust + * kill useless use of cat awards + +- Update to version 84.87+git20220128.2a04ecb: + * keep package that provides /usr/bin/sh + +- Update to version 84.87+git20210517.d960568: + * support cross builds + postgresql10 +- Update to 10.22: + * bsc#1202368, CVE-2022-2625: Extension scripts replace objects + not belonging to the extension. + * https://www.postgresql.org/docs/release/10.22/ + procps +- Add the patches + * procps-3.3.17-library-bsc1181475.patch + * procps-3.3.17-top-bsc1181475.patch + which are backports of current newlib tree to solve bug bsc#1181475 + * 'free' command reports misleading "used" value + python-lxml +- add CVE-2022-2309.patch (bsc#1201253, CVE-2022-2309) + python3-libmount +- agetty: Resolve tty name even if stdin is specified (bsc#1197178, + util-linux-agetty-resolve-tty-if-stdin-is-specified.patch). +- libmount: When moving a mount point, update all sub mount entries + in utab (bsc#1198731, + util-linux-libmount-moving-mount-point-sub-mounts.patch, + util-linux-libmount-fix-and-improve-utab-on-ms_move.patch). + raptor +- add CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch (bsc#1178903, CVE-2020-25713) + -- Update to v2.0.7 - * CVE-2012-0037 fixed (bnc#745298) - * Removed Expat support - * Removed internal Unicode NFC code for better and optional ICU - * Added options for denying file requests and XML entity loading - * Added options for SSL certificate verifying - rubygem-rails-html-sanitizer +- Add patch 0001_CVE-2022-32209.patch + This patch fixes CVE-2022-32209 (bsc#1201183) + scap-security-guide +- updated to 0.1.63 (jsc#ECO-3319) + - multiple bugfixes in SUSE profiles + - Expand project guidelines + - Add Draft OCP4 STIG profile + - Add anssi_bp28_intermediary profile + - add products/uos20 to support UnionTech OS Server 20 + - products/alinux3: Add CIS Alibaba Cloud Linux 3 profiles + - Remove WRLinux Products + - Update CIS RHEL8 Benchmark for v2.0.0 +- removed fix-bash-template.patch: fixed upstream +- Fixed: stig: /etc/shadow group owner should not be root but shadow (bsc#1200149) +- Fixed: sles15_script-stig.sh: remediation_functions: No such file or directory (bsc#1200163) +- Fixed: SLES-15-010130 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity (bsc#1200122) + systemd +- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one + pointing to /usr/lib/systemd/ (bsc#1201795) + +- Update 1009-Drop-or-soften-some-of-the-deprecation-warnings.patch (jsc#PED-944) + To decrease log level of messages about use of KillMode=none from warning to + debug. SAP still uses this deprecated option and the warnings emitted by PID1 + confuse both SAP customers and support. + +- Import commit 7b70d88264a588fdba36c6e7655d1feea2b0e0a0 (merge of v249.12) + For a complete list of changes, visit: + https://github.com/openSUSE/systemd/compare/4949659dd6ce81845e13034504fe06b85a02f08b...7b70d88264a588fdba36c6e7655d1feea2b0e0a0 + +- Import commit 4949659dd6ce81845e13034504fe06b85a02f08b + 0f096f16ba tmpfiles: check the directory we were supposed to create, not its parent + 82c3793e43 stat-util: replace is_dir() + is_dir_fd() by single is_dir_full() call + 2191a9ae95 logind: don't delay login for root even if systemd-user-sessions.service is not activated yet (bsc#1195059) + systemd-presets-common-SUSE +- enable ignition-delete-config by default (bsc#1199524) + +- Modify branding-preset-states to fix systemd-presets-common-SUSE + not enabling new user systemd service preset configuration just + as it handles system service presets. By passing an (optional) + second parameter "user", the save/apply-changes commands now + work with user services instead of system ones (boo#1200485) + +- Add the wireplumber user service preset to enable it by default + in SLE15-SP4 where it replaced pipewire-media-session, but keep + pipewire-media-session preset so we don't have to branch the + systemd-presets-common-SUSE package for SP4 (boo#1200485) + timezone +- Update to reflect new Chile DST change, bsc#1202310 + * bsc1202310.patch + timezone-java +- Update to reflect new Chile DST change, bsc#1202310 + * bsc1202310.patch + transactional-update +- Version 4.0.1 + - create_dirs_from_rpmdb: Just warn if no default SELinux context found + [gh#openSUSE/transactional-update#88], [bsc#1188215] + - create_dirs_from_rpmdb: Don't update the rpmdb cookie on failure + [gh#openSUSE/transactional-update#88] + - Handle directories owned by multiple packages + [gh#openSUSE/transactional-update#90], [bsc#1188215] + u-boot +Fix out-of-bounds write in sqfs_readdir() may lead to arbitrary code execution CVE-2022-33103 (bsc#1201213) + Patch queue updated from https://github.com/openSUSE/u-boot.git sle15-sp4 + * Patches added: + 0022-fs-squashfs-sqfs_read-Prevent-arbit.patch + ucode-intel +- Updated to Intel CPU Microcode 20220809 release. (bsc#1201727) + - CVE-2022-21233: Security updates for [INTEL-SA-00657](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html). + - Update for functional issues. Refer to [Intel® Xeon® Processor Scalable Family Specification + +Update](https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scalable-spec-update.html?wapkw=processor+specification+update) for details. - Updated Platforms: + | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products + |:---------------|:---------|:------------|:---------|:---------|:--------- + | SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable + | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable + | SKX-D | M1 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx + | ICX-SP | D0 | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3 + | GLK | B0 | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx + | GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 + | ICL-U/Y | D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile + | TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile + | TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile + | RKL-S | B0 | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11 + | ADL | C0 | 06-97-02/03 | 0000001f | 00000022 | Core Gen12 + | ADL | C0 | 06-97-05/03 | 0000001f | 00000022 | Core Gen12 + | ADL | L0 | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12 + | ADL | L0 | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12 + | ADL | C0 | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12 + | ADL | C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12 + util-linux +- agetty: Resolve tty name even if stdin is specified (bsc#1197178, + util-linux-agetty-resolve-tty-if-stdin-is-specified.patch). +- libmount: When moving a mount point, update all sub mount entries + in utab (bsc#1198731, + util-linux-libmount-moving-mount-point-sub-mounts.patch, + util-linux-libmount-fix-and-improve-utab-on-ms_move.patch). + util-linux-systemd +- agetty: Resolve tty name even if stdin is specified (bsc#1197178, + util-linux-agetty-resolve-tty-if-stdin-is-specified.patch). +- libmount: When moving a mount point, update all sub mount entries + in utab (bsc#1198731, + util-linux-libmount-moving-mount-point-sub-mounts.patch, + util-linux-libmount-fix-and-improve-utab-on-ms_move.patch). + xcb-util-cursor -- Clean up with spec-cleaner -- Make building more verbose - -- Update to version 0.1.3: - * Add a --with-cursorpath option to configure - -- removed u_fix-issue-with-gcc.patch - * patch was only necessary with gcc in 2013, when building - 'awesome' against the static library; we do not ship the static - libary (did we ever?) - https://lists.freedesktop.org/archives/xcb/2016-April/010737.html - -- added baselibs.conf as source to specfile - -- Update to version 0.1.2: - + Use CFSwapInt32LittleToHost from CoreFoundation.h on Mac OS X - to implement le32toh. - + Check submodules before running autoconf. - + darwin: Use OSByteOrder.h rather than CF. - + Perform safety check before trying to load glyph cursor - -- Update to version 0.1.1: - + Fix memleak with broken resource databases - + Check exact RENDER version that the server supports - + Use LE_32 macro from on Solaris versions without le32toh() - + Use $(AM_V_GEN) when calling gperf - + Fail the build if gperf is needed, but not found - + handle read() errors - + Bugfix: Properly load cursor files where not all cursors are suitable - -- renamed patch according to the X11:XOrg patch guidelines - -- Fix issue with GCC - -- Initial package, version 0.1.0+2 - yast2 +- On transactional systems, inform the user that packages are + required to be installed manually (related to bsc#1199840) +- 4.5.11 + yast2-security +- Do not crash when reading active LSM modules returns nil + (related to jsc#SLE-22069) +- 4.5.1 + yast2-tune +- Added runtime dependency on hwinfo (bsc#1202651) +- 4.5.1 + yast2-users +- AY: Fix writing ssh keys for user without specified home + (bsc#1201185) +- 4.5.2 + zlib -- CVE-2018-25032: Fix memory corruption on deflate, bsc#1197459 - * bsc1197459.patch - -- Update 410.patch to include new fixes from upstream, - fixes bsc#1192688 -- Refresh bsc1174736-DFLTCC_LEVEL_MASK-set-to-0x1ff.patch - to match upstream commit -- Drop patches which changes have been merged in 410.patch: - * zlib-compression-switching.patch - * zlib-390x-z15-fix-hw-compression.patch - * bsc1174551-fxi-imcomplete-raw-streams.patch - -- Fix hw compression on z15 bsc#1176201 -- Add zlib-s390x-z15-fix-hw-compression.patch - -- Add patch to fix compression level switching - bsc#1175811 bsc#1175830 bsc#1175831 - * zlib-compression-switching.patch - -- Set -DDFLTCC_LEVEL_MASK=0x7e on s390/s390x jsc#13776 - -- Permit a deflateParams() parameter change as soon as possible(bsc#1174736) - * bsc1174736-DFLTCC_LEVEL_MASK-set-to-0x1ff.patch - Fix DFLTCC not flushing EOBS when creating raw streams(bsc#1174551) - * bsc1174551-fxi-imcomplete-raw-streams.patch - -- Update 410.patch to contain latest fixes from IBM bsc#1166260 - * The build behaviour changed - -- Update the zlib-no-version-check.patch to be even more forgiving - with the versions on the zlib to allow updates without rebuilds - -- Add SUSE specific patch to fix bsc#1138793, we simply don't want - to test if the app was linked with exactly same version of zlib - like the one that is present on the runtime: - * zlib-no-version-check.patch - -- Update the s390 patchset bsc#1137624: - * 410.patch - -- Tweak zlib-power8-fate325307.patch to have type of crc32_vpmsum - conform to usage - bsc#1141059 - -- Use FAT LTO objects in order to provide proper static library. - -- Do not enable the previous patchset on s390 but just s390x - bsc#1137624 - -- Add patchset for s390 improvements jsc#SLE-5807 bsc#1136717: - * 410.patch - -- Try to safely abort if we get NULL ptr bsc#1110304 bsc#1129576: - * zlib-power8-fate325307.patch - -- Add patch for fate#325307 zlib speedup on power8: - * zlib-power8-fate325307.patch - -- Add patch to safeguard against negative values in uInt bsc#1071321: - * 0001-Do-not-try-to-store-negative-values-in-unsigned-int.patch - -- Added 32bit minizip support - -- Add gpg signature -- Re-enable profiling - -- Add s390 performance patch (fate#314093): - * zlib-1.2.11-optimized-s390.patch - -- baselibs.conf: add missing dependencies - -- Update to version 1.2.11: - * Fix deflate stored bug when pulling last block from window - * Permit immediate deflateParams changes before any deflate input - -- Update to version 1.2.10: - * Avoid warnings on snprintf() return value - * Fix bug in deflate_stored() for zero-length input - * Fix bug in gzwrite.c that produced corrupt gzip files - * Remove files to be installed before copying them in Makefile.in - * Add warnings when compiling with assembler code - -- Update to version 1.2.9: - * Improve compress() and uncompress() to support large lengths - * Allow building zlib outside of the source directory - * Fix bug when level 0 used with Z_HUFFMAN or Z_RLE - * Fix bugs in creating a very large gzip header - * Add uncompress2() function, which returns the input size used - * Dramatically speed up deflation for level 0 (storing) - * Add gzfread() and gzfwrite(), duplicating the interfaces of fread() and fwrite() - * Add crc32_z() and adler32_z() functions with size_t lengths - * Many portability improvements -- Drop patches included in upstream: - * zlib-bnc1003577.patch - * zlib-bnc1003579-part2.patch - * zlib-bnc1003579.patch - * zlib-bnc1003580.patch - * zlib-bnc1013882.patch -- Drop zlib-1.2.7-improve-longest_match-performance.patch - * not accepted by upstream for two releases - * rebasing no longer possible - -- Include fixes for bnc#1003580 bnc#1003579 bnc#1003577 bnc#1013882: - * zlib-bnc1003577.patch - * zlib-bnc1003579-part2.patch - * zlib-bnc1003579.patch - * zlib-bnc1003580.patch refreshed - * zlib-bnc1013882.patch CVE-2016-9843 - -- Trim descriptions to fit target audience. Update RPM group - classification. - -- Require zlib-devel in zlib-devel-static to fix previous change - -- Bring back zlib-devel-static. Needed by binutils - -- Remove zlib-devel-static, nothing should use libz.a anyway. -- Package minizip library, everything using it should now pull - minizip-devel and unbundle it bnc#935864 -