SUSE Image Update Advisory: SUSE ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2000:13-1 Image Tags : SUSE:SLE-15-SP3:4 Image Release : Severity : critical Type : security References : 1006739 1020320 1020320 1027519 1027519 1027942 1028340 1028340 1029961 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1039043 1040589 1041090 1055117 1055117 1061840 1061840 1065729 1065729 1065729 1065729 1065729 1070943 1070955 1071995 1071995 1080338 1080985 1081495 1082318 1083294 1085785 1093381 1093529 1093657 1094497 1094832 1095804 1097531 1101152 1101471 1101474 1102175 1103269 1103269 1103388 1103696 1104034 1104264 1106390 1107066 1107067 1109167 1109168 1109564 1109565 1109566 1109568 1109569 1109570 1111572 1111973 1112723 1112726 1113160 1113160 1118212 1118212 1118492 1118508 1120242 1120610 1121726 1123522 1123685 1125007 1125610 1125744 1128529 1128564 1129243 1129300 1130041 1130077 1130496 1131556 1131677 1131840 1132346 1132375 1133090 1133097 1133198 1133424 1134876 1136102 1137373 1137728 1137728 1138130 1138822 1142038 1142041 1143913 1143913 1143913 1143913 1146299 1146683 1146691 1148177 1148309 1152472 1152472 1152489 1152489 1152489 1152722 1153090 1153090 1153274 1153274 1153277 1153866 1154353 1154353 1154940 1154968 1154968 1155372 1156211 1156395 1156395 1156397 1156421 1156521 1156646 1158266 1158266 1158843 1161264 1163871 1164192 1164384 1164903 1165921 1166458 1167401 1167404 1167405 1167586 1167773 1167773 1168310 1170231 1170557 1170824 1171281 1171483 1171520 1171687 1172462 1172608 1172709 1173103 1173143 1173143 1173149 1173268 1173429 1173527 1173584 1173692 1174075 1174405 1174439 1174965 1175132 1175478 1175478 1175889 1175946 1176052 1176262 1176447 1176447 1176823 1176943 1176943 1177028 1177028 1177282 1177282 1177461 1177616 1177758 1177884 1177928 1178134 1178134 1178134 1178134 1178493 1178829 1178903 1179195 1179195 1179521 1179555 1179566 1179637 1179878 1179878 1179962 1180065 1180100 1180100 1180583 1180585 1180650 1180814 1180814 1181131 1181223 1181223 1181223 1181400 1181400 1181400 1181400 1181475 1181658 1181686 1181715 1182073 1182073 1182104 1182105 1182144 1182345 1182428 1182481 1182742 1182769 1182817 1182851 1183043 1183151 1183308 1183405 1183405 1183533 1183723 1183723 1184123 1184339 1184617 1184659 1184757 1184798 1184924 1184924 1184970 1185131 1185145 1185465 1185637 1185679 1185702 1185762 1185762 1185778 1185780 1185923 1185945 1185951 1186025 1186026 1186242 1186242 1186281 1186287 1186310 1186336 1186339 1186377 1186502 1186508 1186581 1186618 1186650 1186650 1186654 1186744 1186819 1186918 1187055 1187055 1187065 1187333 1187335 1187364 1187364 1187365 1187366 1187366 1187367 1187367 1187397 1187441 1187451 1187549 1187572 1187593 1187621 1187660 1187673 1187690 1187708 1187748 1187787 1187813 1187963 1187998 1188032 1188042 1188073 1188076 1188136 1188160 1188161 1188163 1188170 1188193 1188260 1188289 1188297 1188315 1188336 1188393 1188395 1188400 1188468 1188469 1188503 1188505 1188527 1188551 1188578 1188641 1188647 1188656 1188692 1188743 1188846 1188853 1188855 1188867 1188885 1188885 1188900 1188911 1188926 1188977 1189011 1189040 1189167 1189241 1189260 1189263 1189287 1189356 1189419 1189422 1189458 1189501 1189517 1189561 1189609 1189643 1189799 1189818 1189850 1189933 1190040 1190107 1190114 1190123 1190151 1190164 1190166 1190265 1190275 1190276 1190300 1190375 1190396 1190405 1190446 1190455 1190462 1190512 1190535 1190602 1190649 1190649 1190649 1190649 1190649 1190665 1190740 1190740 1190751 1190774 1190781 1190820 1190866 1190867 1190964 1191123 1191123 1191139 1191139 1191143 1191144 1191157 1191184 1191185 1191186 1191192 1191194 1191222 1191267 1191274 1191285 1191313 1191340 1191348 1191360 1191377 1191390 1191412 1191442 1191444 1191460 1191495 1191502 1191538 1191551 1191552 1191597 1191643 1191647 1191647 1191656 1191681 1191702 1191770 1191857 1191895 1191898 1191899 1191908 1191912 1192051 1192079 1192080 1192086 1192087 1192150 1192167 1192228 1192238 1192249 1192321 1192321 1192368 1192440 1192449 1192487 1192487 1192489 1192510 1192514 1192523 1192550 1192550 1192566 1192616 1192699 1192736 1192761 1192761 1192761 1192764 1192772 1192776 1192822 1192838 1192841 1192850 1192902 1192903 1192904 1192951 1193008 1193032 1193035 1193115 1193179 1193190 1193238 1193282 1193292 1193364 1193448 1193466 1193489 1193539 1193556 1193556 1193565 1193585 1193600 1193600 1193600 1193612 1193629 1193629 1193659 1193671 1193672 1193673 1193675 1193676 1193678 1193694 1193707 1193742 1193742 1193742 1193742 1193742 1193832 1193842 1193842 1193905 1193930 1194013 1194013 1194044 1194093 1194125 1194172 1194179 1194181 1194216 1194217 1194262 1194363 1194363 1194388 1194394 1194397 1194447 1194464 1194550 1194594 1194625 1194632 1194704 1194708 1194819 1194819 1194862 1194872 1194873 1194885 1194905 1194909 1194909 1194931 1194990 1194992 1195004 1195011 1195043 1195059 1195115 1195130 1195145 1195157 1195163 1195171 1195172 1195173 1195203 1195222 1195251 1195271 1195282 1195283 1195294 1195318 1195324 1195332 1195354 1195437 1195438 1195463 1195504 1195504 1195508 1195529 1195612 1195625 1195628 1195628 1195651 1195651 1195666 1195680 1195680 1195680 1195697 1195710 1195712 1195726 1195727 1195728 1195750 1195757 1195762 1195765 1195772 1195775 1195775 1195826 1195826 1195831 1195836 1195881 1195891 1195896 1195906 1195916 1195918 1195920 1195926 1195926 1195964 1195965 1196017 1196018 1196018 1196046 1196050 1196054 1196061 1196067 1196076 1196094 1196107 1196114 1196114 1196122 1196125 1196133 1196147 1196148 1196150 1196164 1196182 1196212 1196222 1196224 1196300 1196308 1196332 1196338 1196338 1196338 1196338 1196361 1196367 1196367 1196407 1196426 1196426 1196432 1196441 1196455 1196478 1196478 1196485 1196489 1196490 1196496 1196499 1196514 1196514 1196556 1196570 1196570 1196595 1196616 1196619 1196625 1196639 1196639 1196681 1196682 1196693 1196696 1196702 1196704 1196704 1196705 1196733 1196739 1196751 1196788 1196803 1196804 1196838 1196840 1196840 1196850 1196861 1196863 1196877 1196877 1196901 1196901 1196939 1196942 1196942 1196959 1196965 1196977 1196977 1197004 1197007 1197017 1197028 1197042 1197045 1197046 1197065 1197066 1197068 1197072 1197073 1197074 1197084 1197085 1197119 1197132 1197143 1197147 1197157 1197157 1197158 1197178 1197192 1197216 1197279 1197283 1197283 1197284 1197284 1197290 1197298 1197298 1197362 1197362 1197391 1197391 1197396 1197400 1197417 1197423 1197425 1197426 1197426 1197429 1197438 1197443 1197446 1197446 1197449 1197458 1197472 1197472 1197488 1197507 1197507 1197511 1197517 1197533 1197570 1197579 1197579 1197590 1197591 1197601 1197601 1197606 1197616 1197627 1197631 1197634 1197636 1197637 1197642 1197644 1197655 1197656 1197656 1197660 1197660 1197668 1197675 1197675 1197677 1197681 1197684 1197689 1197689 1197692 1197699 1197699 1197703 1197708 1197711 1197713 1197714 1197716 1197718 1197726 1197728 1197729 1197742 1197743 1197754 1197754 1197767 1197768 1197771 1197775 1197781 1197783 1197787 1197789 1197790 1197792 1197793 1197794 1197798 1197799 1197830 1197841 1197846 1197848 1197852 1197853 1197861 1197862 1197864 1197870 1197872 1197914 1197914 1197926 1197926 1197936 1197948 1197956 1197958 1197967 1197995 1198020 1198020 1198035 1198037 1198043 1198062 1198068 1198077 1198077 1198083 1198086 1198090 1198106 1198111 1198114 1198136 1198158 1198166 1198166 1198166 1198176 1198180 1198191 1198197 1198202 1198217 1198217 1198221 1198234 1198237 1198247 1198247 1198255 1198255 1198258 1198290 1198294 1198330 1198330 1198341 1198356 1198358 1198381 1198397 1198400 1198400 1198413 1198413 1198422 1198423 1198423 1198424 1198424 1198427 1198429 1198437 1198437 1198438 1198438 1198441 1198446 1198448 1198448 1198458 1198458 1198460 1198484 1198484 1198486 1198493 1198495 1198496 1198504 1198507 1198511 1198511 1198511 1198515 1198515 1198516 1198516 1198518 1198521 1198534 1198534 1198577 1198577 1198581 1198581 1198581 1198581 1198581 1198581 1198581 1198596 1198603 1198604 1198605 1198606 1198607 1198609 1198610 1198611 1198612 1198613 1198614 1198627 1198628 1198629 1198630 1198631 1198632 1198633 1198634 1198635 1198636 1198637 1198638 1198639 1198640 1198646 1198657 1198660 1198670 1198671 1198671 1198671 1198672 1198672 1198672 1198673 1198673 1198673 1198674 1198674 1198674 1198675 1198675 1198675 1198686 1198693 1198712 1198717 1198718 1198723 1198731 1198732 1198740 1198740 1198742 1198742 1198748 1198751 1198766 1198773 1198773 1198780 1198801 1198814 1198825 1198825 1198828 1198829 1198829 1198848 1198872 1198873 1198897 1198900 1198914 1198919 1198921 1198922 1198924 1198924 1198939 1198940 1198944 1198952 1198953 1198963 1198964 1198970 1198970 1198970 1198971 1198971 1198976 1198989 1198989 1198989 1198999 1199000 1199006 1199012 1199012 1199018 1199019 1199024 1199024 1199025 1199029 1199035 1199035 1199036 1199042 1199049 1199052 1199052 1199061 1199063 1199063 1199064 1199089 1199090 1199114 1199114 1199132 1199140 1199142 1199149 1199149 1199165 1199166 1199166 1199177 1199209 1199223 1199224 1199232 1199232 1199235 1199240 1199242 1199244 1199245 1199246 1199247 1199247 1199274 1199278 1199279 1199287 1199314 1199314 1199325 1199331 1199333 1199334 1199350 1199362 1199362 1199364 1199364 1199365 1199365 1199391 1199393 1199401 1199412 1199413 1199413 1199423 1199438 1199451 1199459 1199460 1199463 1199466 1199470 1199474 1199475 1199475 1199475 1199475 1199482 1199482 1199487 1199487 1199489 1199489 1199505 1199505 1199507 1199507 1199512 1199523 1199524 1199528 1199564 1199564 1199565 1199577 1199596 1199623 1199626 1199626 1199629 1199629 1199631 1199631 1199634 1199646 1199647 1199647 1199648 1199650 1199650 1199651 1199653 1199653 1199655 1199656 1199657 1199657 1199665 1199665 1199668 1199668 1199668 1199668 1199670 1199670 1199670 1199670 1199670 1199677 1199679 1199693 1199727 1199734 1199745 1199747 1199756 1199766 1199768 1199768 1199839 1199839 1199865 1199874 1199888 1199889 1199924 1199928 1199936 1199948 1199965 1199965 1199966 1199966 1199978 1200010 1200011 1200012 1200015 1200015 1200015 1200019 1200019 1200027 1200027 1200027 1200045 1200045 1200046 1200046 1200087 1200088 1200106 1200120 1200122 1200134 1200134 1200135 1200135 1200136 1200136 1200137 1200137 1200143 1200143 1200144 1200144 1200145 1200148 1200149 1200163 1200170 1200170 1200192 1200192 1200206 1200206 1200207 1200207 1200212 1200216 1200216 1200217 1200217 1200249 1200249 1200259 1200259 1200263 1200263 1200263 1200263 1200268 1200278 1200334 1200338 1200340 1200341 1200343 1200343 1200345 1200348 1200350 1200352 1200363 1200364 1200387 1200388 1200389 1200407 1200426 1200427 1200437 1200442 1200442 1200485 1200494 1200499 1200521 1200521 1200529 1200529 1200549 1200550 1200550 1200556 1200566 1200571 1200571 1200598 1200598 1200599 1200599 1200600 1200600 1200604 1200604 1200605 1200605 1200606 1200608 1200608 1200608 1200619 1200619 1200622 1200622 1200628 1200630 1200644 1200644 1200645 1200651 1200651 1200657 1200692 1200692 1200703 1200707 1200735 1200737 1200748 1200750 1200762 1200762 1200793 1200793 1200802 1200806 1200806 1200807 1200807 1200809 1200809 1200810 1200810 1200813 1200813 1200816 1200816 1200820 1200820 1200821 1200821 1200822 1200822 1200825 1200825 1200828 1200828 1200829 1200829 1200833 1200842 1200843 1200855 1200855 1200863 1200900 1200907 1200910 1200910 1200925 1200925 1200964 1200965 1201050 1201050 1201080 1201080 1201080 1201099 1201143 1201143 1201147 1201147 1201149 1201149 1201157 1201160 1201160 1201171 1201171 1201174 1201175 1201176 1201177 1201177 1201183 1201193 1201193 1201196 1201196 1201206 1201206 1201213 1201214 1201221 1201222 1201222 1201222 1201225 1201251 1201251 1201253 1201254 1201255 1201267 1201315 1201325 1201325 1201325 1201326 1201326 1201326 1201327 1201327 1201327 1201328 1201328 1201328 1201381 1201381 1201394 1201395 1201429 1201429 1201431 1201434 1201434 1201436 1201436 1201437 1201437 1201440 1201440 1201442 1201443 1201443 1201444 1201444 1201445 1201445 1201447 1201447 1201448 1201448 1201458 1201458 1201469 1201490 1201492 1201493 1201495 1201496 1201551 1201560 1201612 1201635 1201635 1201636 1201636 1201640 1201643 1201644 1201644 1201644 1201645 1201664 1201664 1201664 1201672 1201672 1201672 1201673 1201673 1201673 1201676 1201676 1201676 1201684 1201684 1201684 1201685 1201688 1201692 1201692 1201692 1201693 1201694 1201694 1201694 1201702 1201704 1201706 1201707 1201708 1201716 1201727 1201745 1201758 1201758 1201782 1201831 1201835 1201840 1201842 1201846 1201846 1201930 1201930 1201940 1201940 1201946 1201954 1201954 1201956 1201956 1201958 1201958 1201980 1202020 1202035 1202035 1202154 1202175 1202310 1202368 1202368 1202368 1202368 1202427 1202436 1202657 1202706 1202733 974847 987798 CVE-2015-20107 CVE-2015-20107 CVE-2015-20107 CVE-2016-3977 CVE-2016-9011 CVE-2017-17087 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-11206 CVE-2018-11490 CVE-2018-14032 CVE-2018-14033 CVE-2018-14460 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-17234 CVE-2018-17237 CVE-2018-17432 CVE-2018-17433 CVE-2018-17434 CVE-2018-17436 CVE-2018-17437 CVE-2018-17438 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2018-20433 CVE-2018-20482 CVE-2018-6952 CVE-2018-7187 CVE-2019-10215 CVE-2019-10215 CVE-2019-13636 CVE-2019-15043 CVE-2019-15133 CVE-2019-17540 CVE-2019-18658 CVE-2019-19377 CVE-2019-19377 CVE-2019-20454 CVE-2019-20916 CVE-2019-5427 CVE-2019-6978 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVE-2019-9923 CVE-2020-10109 CVE-2020-10809 CVE-2020-10810 CVE-2020-10811 CVE-2020-12245 CVE-2020-13379 CVE-2020-25638 CVE-2020-25649 CVE-2020-25657 CVE-2020-25713 CVE-2020-26541 CVE-2020-26541 CVE-2020-27835 CVE-2020-27835 CVE-2020-28491 CVE-2020-29362 CVE-2020-29651 CVE-2020-36516 CVE-2020-36518 CVE-2020-36557 CVE-2020-36557 CVE-2020-36558 CVE-2020-36558 CVE-2021-0707 CVE-2021-0707 CVE-2021-20193 CVE-2021-20201 CVE-2021-20292 CVE-2021-20292 CVE-2021-20321 CVE-2021-20321 CVE-2021-21996 CVE-2021-22904 CVE-2021-26312 CVE-2021-26339 CVE-2021-26341 CVE-2021-26341 CVE-2021-26342 CVE-2021-26347 CVE-2021-26348 CVE-2021-26349 CVE-2021-26350 CVE-2021-26364 CVE-2021-26372 CVE-2021-26373 CVE-2021-26375 CVE-2021-26376 CVE-2021-26378 CVE-2021-26388 CVE-2021-26926 CVE-2021-26927 CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 CVE-2021-28153 CVE-2021-28905 CVE-2021-29509 CVE-2021-29622 CVE-2021-29622 CVE-2021-30473 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2021-33061 CVE-2021-33061 CVE-2021-33620 CVE-2021-33655 CVE-2021-33655 CVE-2021-33656 CVE-2021-33656 CVE-2021-3443 CVE-2021-34557 CVE-2021-3467 CVE-2021-35561 CVE-2021-3572 CVE-2021-3592 CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3594 CVE-2021-3595 CVE-2021-3595 CVE-2021-36222 CVE-2021-36373 CVE-2021-36374 CVE-2021-3639 CVE-2021-3670 CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2021-3711 CVE-2021-3733 CVE-2021-3737 CVE-2021-3778 CVE-2021-3796 CVE-2021-38208 CVE-2021-38208 CVE-2021-3839 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903 CVE-2021-39226 CVE-2021-3927 CVE-2021-3928 CVE-2021-39358 CVE-2021-3968 CVE-2021-39698 CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-4019 CVE-2021-40323 CVE-2021-40324 CVE-2021-40325 CVE-2021-40348 CVE-2021-4069 CVE-2021-4091 CVE-2021-41136 CVE-2021-41159 CVE-2021-41174 CVE-2021-41244 CVE-2021-4136 CVE-2021-4154 CVE-2021-4154 CVE-2021-4157 CVE-2021-4157 CVE-2021-4166 CVE-2021-41817 CVE-2021-4192 CVE-2021-4193 CVE-2021-4206 CVE-2021-4207 CVE-2021-43565 CVE-2021-43797 CVE-2021-43798 CVE-2021-43813 CVE-2021-43815 CVE-2021-44225 CVE-2021-44906 CVE-2021-44906 CVE-2021-44906 CVE-2021-44907 CVE-2021-44907 CVE-2021-45082 CVE-2021-45083 CVE-2021-46059 CVE-2021-46669 CVE-2021-46744 CVE-2021-46784 CVE-2021-46790 CVE-2022-0128 CVE-2022-0168 CVE-2022-0168 CVE-2022-0204 CVE-2022-0213 CVE-2022-0235 CVE-2022-0235 CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0561 CVE-2022-0562 CVE-2022-0669 CVE-2022-0696 CVE-2022-0778 CVE-2022-0778 CVE-2022-0812 CVE-2022-0812 CVE-2022-0856 CVE-2022-0865 CVE-2022-0891 CVE-2022-0897 CVE-2022-0908 CVE-2022-0909 CVE-2022-0924 CVE-2022-0934 CVE-2022-0959 CVE-2022-1012 CVE-2022-1012 CVE-2022-1056 CVE-2022-1116 CVE-2022-1116 CVE-2022-1116 CVE-2022-1158 CVE-2022-1158 CVE-2022-1184 CVE-2022-1184 CVE-2022-1215 CVE-2022-1227 CVE-2022-1271 CVE-2022-1280 CVE-2022-1280 CVE-2022-1292 CVE-2022-1292 CVE-2022-1304 CVE-2022-1328 CVE-2022-1353 CVE-2022-1353 CVE-2022-1381 CVE-2022-1419 CVE-2022-1419 CVE-2022-1420 CVE-2022-1462 CVE-2022-1462 CVE-2022-1516 CVE-2022-1516 CVE-2022-1520 CVE-2022-1529 CVE-2022-1529 CVE-2022-1552 CVE-2022-1552 CVE-2022-1552 CVE-2022-1552 CVE-2022-1586 CVE-2022-1586 CVE-2022-1587 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1652 CVE-2022-1652 CVE-2022-1679 CVE-2022-1679 CVE-2022-1679 CVE-2022-1705 CVE-2022-1705 CVE-2022-1706 CVE-2022-1729 CVE-2022-1729 CVE-2022-1733 CVE-2022-1735 CVE-2022-1771 CVE-2022-1785 CVE-2022-1796 CVE-2022-1802 CVE-2022-1802 CVE-2022-1834 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923 CVE-2022-1924 CVE-2022-1925 CVE-2022-1927 CVE-2022-1949 CVE-2022-1962 CVE-2022-1962 CVE-2022-1966 CVE-2022-1966 CVE-2022-1972 CVE-2022-1972 CVE-2022-1974 CVE-2022-1974 CVE-2022-1975 CVE-2022-1975 CVE-2022-20008 CVE-2022-20008 CVE-2022-20132 CVE-2022-20132 CVE-2022-20141 CVE-2022-20141 CVE-2022-20141 CVE-2022-20154 CVE-2022-20154 CVE-2022-20154 CVE-2022-20166 CVE-2022-20166 CVE-2022-2031 CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 CVE-2022-2068 CVE-2022-2068 CVE-2022-20770 CVE-2022-20771 CVE-2022-20785 CVE-2022-20792 CVE-2022-20796 CVE-2022-2097 CVE-2022-21123 CVE-2022-21123 CVE-2022-21123 CVE-2022-21125 CVE-2022-21125 CVE-2022-21125 CVE-2022-21127 CVE-2022-21127 CVE-2022-21151 CVE-2022-21166 CVE-2022-21166 CVE-2022-21166 CVE-2022-21180 CVE-2022-21180 CVE-2022-2122 CVE-2022-21233 CVE-2022-21299 CVE-2022-21426 CVE-2022-21426 CVE-2022-21426 CVE-2022-21427 CVE-2022-21434 CVE-2022-21434 CVE-2022-21434 CVE-2022-21443 CVE-2022-21443 CVE-2022-21443 CVE-2022-21449 CVE-2022-21476 CVE-2022-21476 CVE-2022-21476 CVE-2022-21496 CVE-2022-21496 CVE-2022-21496 CVE-2022-21505 CVE-2022-21505 CVE-2022-21540 CVE-2022-21540 CVE-2022-21540 CVE-2022-21541 CVE-2022-21541 CVE-2022-21541 CVE-2022-21549 CVE-2022-21673 CVE-2022-21698 CVE-2022-21698 CVE-2022-21698 CVE-2022-21698 CVE-2022-21702 CVE-2022-21703 CVE-2022-21713 CVE-2022-21716 CVE-2022-21952 CVE-2022-2200 CVE-2022-2200 CVE-2022-2226 CVE-2022-22576 CVE-2022-22594 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22637 CVE-2022-22662 CVE-2022-22677 CVE-2022-22934 CVE-2022-22935 CVE-2022-22936 CVE-2022-22941 CVE-2022-22967 CVE-2022-2309 CVE-2022-2318 CVE-2022-2318 CVE-2022-2319 CVE-2022-2320 CVE-2022-23308 CVE-2022-23633 CVE-2022-23634 CVE-2022-23648 CVE-2022-23816 CVE-2022-23825 CVE-2022-2385 CVE-2022-24302 CVE-2022-24448 CVE-2022-24675 CVE-2022-24675 CVE-2022-24735 CVE-2022-24736 CVE-2022-2476 CVE-2022-24765 CVE-2022-24769 CVE-2022-24801 CVE-2022-24882 CVE-2022-24883 CVE-2022-24903 CVE-2022-2509 CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 CVE-2022-2553 CVE-2022-25647 CVE-2022-2625 CVE-2022-2625 CVE-2022-2625 CVE-2022-2625 CVE-2022-26280 CVE-2022-26354 CVE-2022-26356 CVE-2022-26357 CVE-2022-26358 CVE-2022-26358 CVE-2022-26359 CVE-2022-26359 CVE-2022-26360 CVE-2022-26360 CVE-2022-26361 CVE-2022-26361 CVE-2022-26362 CVE-2022-26362 CVE-2022-26363 CVE-2022-26363 CVE-2022-26364 CVE-2022-26364 CVE-2022-26365 CVE-2022-26365 CVE-2022-26377 CVE-2022-2639 CVE-2022-26491 CVE-2022-26691 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-26981 CVE-2022-27191 CVE-2022-27191 CVE-2022-27239 CVE-2022-27376 CVE-2022-27377 CVE-2022-27378 CVE-2022-27379 CVE-2022-27380 CVE-2022-27381 CVE-2022-27382 CVE-2022-27383 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27444 CVE-2022-27445 CVE-2022-27446 CVE-2022-27447 CVE-2022-27448 CVE-2022-27449 CVE-2022-27451 CVE-2022-27452 CVE-2022-27455 CVE-2022-27456 CVE-2022-27457 CVE-2022-27458 CVE-2022-27536 CVE-2022-27651 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-28131 CVE-2022-28131 CVE-2022-28327 CVE-2022-28327 CVE-2022-28356 CVE-2022-28356 CVE-2022-28463 CVE-2022-28614 CVE-2022-28615 CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 CVE-2022-28739 CVE-2022-28748 CVE-2022-28748 CVE-2022-28893 CVE-2022-28893 CVE-2022-29154 CVE-2022-29155 CVE-2022-29156 CVE-2022-29156 CVE-2022-29162 CVE-2022-29187 CVE-2022-29217 CVE-2022-29404 CVE-2022-29458 CVE-2022-29500 CVE-2022-29501 CVE-2022-29526 CVE-2022-29526 CVE-2022-29527 CVE-2022-29581 CVE-2022-29581 CVE-2022-29804 CVE-2022-29804 CVE-2022-29824 CVE-2022-29869 CVE-2022-29900 CVE-2022-29900 CVE-2022-29900 CVE-2022-29901 CVE-2022-29901 CVE-2022-29909 CVE-2022-29909 CVE-2022-29909 CVE-2022-29911 CVE-2022-29911 CVE-2022-29911 CVE-2022-29912 CVE-2022-29912 CVE-2022-29912 CVE-2022-29913 CVE-2022-29914 CVE-2022-29914 CVE-2022-29914 CVE-2022-29916 CVE-2022-29916 CVE-2022-29916 CVE-2022-29917 CVE-2022-29917 CVE-2022-29917 CVE-2022-30067 CVE-2022-30067 CVE-2022-30122 CVE-2022-30123 CVE-2022-30293 CVE-2022-30522 CVE-2022-30550 CVE-2022-30552 CVE-2022-30556 CVE-2022-30580 CVE-2022-30580 CVE-2022-30594 CVE-2022-30594 CVE-2022-30629 CVE-2022-30629 CVE-2022-30630 CVE-2022-30630 CVE-2022-30631 CVE-2022-30631 CVE-2022-30632 CVE-2022-30632 CVE-2022-30633 CVE-2022-30633 CVE-2022-30634 CVE-2022-30634 CVE-2022-30635 CVE-2022-30635 CVE-2022-30767 CVE-2022-30783 CVE-2022-30784 CVE-2022-30785 CVE-2022-30786 CVE-2022-30787 CVE-2022-30788 CVE-2022-30789 CVE-2022-30790 CVE-2022-31030 CVE-2022-31081 CVE-2022-31116 CVE-2022-31117 CVE-2022-31163 CVE-2022-31248 CVE-2022-31248 CVE-2022-31625 CVE-2022-31626 CVE-2022-31676 CVE-2022-31736 CVE-2022-31736 CVE-2022-31737 CVE-2022-31737 CVE-2022-31738 CVE-2022-31738 CVE-2022-31739 CVE-2022-31739 CVE-2022-31740 CVE-2022-31740 CVE-2022-31741 CVE-2022-31741 CVE-2022-31741 CVE-2022-31742 CVE-2022-31742 CVE-2022-31744 CVE-2022-31744 CVE-2022-31747 CVE-2022-31747 CVE-2022-31783 CVE-2022-31813 CVE-2022-32148 CVE-2022-32148 CVE-2022-32189 CVE-2022-32189 CVE-2022-32206 CVE-2022-32208 CVE-2022-32209 CVE-2022-32212 CVE-2022-32212 CVE-2022-32212 CVE-2022-32213 CVE-2022-32213 CVE-2022-32213 CVE-2022-32214 CVE-2022-32214 CVE-2022-32214 CVE-2022-32215 CVE-2022-32215 CVE-2022-32215 CVE-2022-32250 CVE-2022-32250 CVE-2022-32250 CVE-2022-32545 CVE-2022-32546 CVE-2022-32547 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVE-2022-32792 CVE-2022-32816 CVE-2022-33068 CVE-2022-33103 CVE-2022-33740 CVE-2022-33740 CVE-2022-33741 CVE-2022-33741 CVE-2022-33742 CVE-2022-33742 CVE-2022-33745 CVE-2022-33967 CVE-2022-33981 CVE-2022-33981 CVE-2022-34169 CVE-2022-34169 CVE-2022-34169 CVE-2022-34468 CVE-2022-34468 CVE-2022-34470 CVE-2022-34470 CVE-2022-34472 CVE-2022-34472 CVE-2022-34478 CVE-2022-34478 CVE-2022-34479 CVE-2022-34479 CVE-2022-34481 CVE-2022-34481 CVE-2022-34484 CVE-2022-34484 CVE-2022-34835 CVE-2022-34903 CVE-2022-34918 CVE-2022-34918 CVE-2022-34918 CVE-2022-36318 CVE-2022-36318 CVE-2022-36319 CVE-2022-36319 CVE-2022-36946 CVE-2022-36946 CVE-2022-37434 CVE-2022-41160 ----------------------------------------------------------------- The container SUSE was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1189-1 Released: Wed Jun 20 16:20:01 2018 Summary: Security update for go, go1.9 Type: security Severity: moderate References: 1081495,1085785,CVE-2018-7187 This update for go and go1.9 fixes the following issues: The following security issues have been addressed for both packages: - CVE-2018-7187: Fixed the validation of the import path in the go get command, which allowed for arbitrary command execution via VCS path when the -insecure flag is used (bsc#1081495) The following other changes have been made for go1.9: - Fixes to the go command and the crypto/x509 and strings packages, which add minimal support to the go command for the vgo transition. - Several fixes to the compiler and go command - Fixed various issues in go trace (bsc#1085785): - Ensure go binaries are not stripped (eg: go tools trace), this caused some of them to misbehave - Ensure go trace html template is shipped as part of the installation, otherwise the web UI won't work For details on any other changes see the Go milestones on the official issue tracker. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1712-1 Released: Mon Aug 20 17:01:17 2018 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1039043,1083294,1093381,1093529,1094497,1101152 This update fixes the following issues: rhncfg: - Format the file mode in unified way. (bsc#1093529) spacewalk-backend: - Fix directory permissions. (bsc#1101152) - Feature: implement optional signing repository metadata. - Fix truncated result message of server actions. (bsc#1039043) - Do not copy 'foreign_entitlement' from virtual host to the registered guest. (bsc#1093381) - Spacewalk-debug: add Postgres configuration files. - Initial branding change for Uyuni. (bsc#1094497) spacewalk-remote-utils: - Fix ordering of channel data. (bsc#1083294) - Add RHEL 6.10 channel definitions. zypp-plugin-spacewalk: - Turn on metadata signature checking if signature is available. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:993-1 Released: Tue Apr 23 14:44:56 2019 Summary: Recommended update for python-python-memcached Type: recommended Severity: moderate References: 1131840,1133090 This update for python-python-memcached fixes the following issues: python-python-memcached was updated to 1.59: * Various fixes for python 3.7 and 3.6 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1691-1 Released: Mon Jun 24 16:21:37 2019 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1095804,1103388,1103696,1104034,1118492,1120242,1125610,1125744,1128529,1128564,1129243,1129300,1130041,1130077,1131677,1132346,1133424,1134876,1136102,1138130,987798 This update fixes the following issues: koan: - Require virt-install only for RHEL6/7. Other distributions accepting Recommends must use it as virt-install is not available sometimes (for example SLED) - Change virt-install from Reccommends to Require because this fixes RHEL 6 & 7 - Fix regex error in the files section - Remove Recursion in python_sitelib and remove non relevant parts of the specfile - Replace python2_sitelib macro with python_sitelib to fix build on older distros. - Remove duplicate file section entrys - Adjust Group Tag to Development/Libraries/Python to satisfy linter prometheus-node_exporter: - Add the package to the SLE Basesytem module. (fate#327287) rhnlib: - Add group to python*-rhnlib to fix building at SLE11 - Read SSL decoded buffer completely when no pending bytes on the underlying connection. - Fix encoding issues after porting to Python 3. - Sync changes from Spacewalk - 1652859 - python3 http.client does not contain _set_hostport() - Use rpm for debian packaging - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacecmd: - Save SSM list on system delete and update cache (bsc#1130077, bsc#1125744) - Replace iteritems with items for python2/3 compat (bsc#1129243) - Fix python 3 bytes issue when handling config channels - Prevent spacecmd crashing when piping the output in Python 3 (bsc#1125610) - Fix compatibility with Python 3 - Add function to merge errata and packages through spacecmd (bsc#987798) - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-backend: - Use new names in code for client tool packages which were renamed (bsc#1134876) - Fix password prompt within mgr-sign-metadata - Fix TypeError for 'errata.getErrataInfo' XMLRPC handler (bsc#1132346) - Fix typo in syncing product extensions (bsc#1118492) - Fix mgr-sign-metadata-ctl checking of exported keys. - Use suseLib.get_proxy to get the HTTP proxy configuration properly on DEB repos (bsc#1133424) - Add support for mirrorlist and metalink on Zypper reposync. - Solve situations where synced packages have epoch 0 but reposync does not find them them on the database. - Fix path to the RPM database used by Zypper at reposync. - Add makefile for python linter and unit/integration tests - Fix linking of packages in reposync (bsc#1131677) - Include arch to distinct latest packages on reposync. - Migrate missing spacewalk-cfg-get script to Python3 - Improve dependency solving algorithm for spacewalk-repo-sync. - Remove apache access_compat module and adapt config files - Add support for getting latest versions from RPM packages when running 'spacewalk-repo-sync' after migration to Zypper. - Include packages dependencies on 'spacewalk-repo-sync' when using filters for RPM packages. - Allow package filtering (name matching) on spacewalk-repo-sync after migrating away from yum. - Fix crash when importing new channel families on 'mgr-inter-sync' (bsc#1129300) - Make Zypper to use the spacewalk GPG keyring in reposync (bsc#1128529) - Fix: handle non-standard filenames for comps.xml (bsc#1120242) - Make reposync use and append token correctly to the URL - Fix invalid mode error when doing spacewalk-repo-sync on Ubuntu official repos. - Fix bootstrapping SLE15 traditional client (bsc#1128564) - Fix reading LOB objects with python3 - Fix 'mgr-inter-sync' problems after Python 3 migration. - Mgr-sign-metadata can optionally clear-sign metadata files - Allow errata import from local repositories. - Fix 'rhnpush' after migration to Python 3. - Fix package import issues when package encoding is ISO8859-1. - Fix issues with HTTP proxy and reposync. - Solve Python 3 problem and allow traditional registration. - Add 'python-urlgrabber' as a new dependency. - Fix Python3 issues on satellite_tools scripts - Use 'Zypper' and 'libsolv' in 'spacewalk-repo-sync'. Replace 'yum'. - Require the correct dependency for python-rpm to allow the Proxy to work with Python3 only - Make rhn-ssl-dbstore compatible with python3 - Take only text files from /srv/salt to make spacewalk-debug smaller (bsc#1103388) - Support mirroring of source packages - Make spacewalk-backend code compatible with Python 3 - Prepare spacewalk-backend packages to build on Python 3 - Replace PyPAM with python-python-pam - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) - Disable Oracle support for openSUSE (bsc#1095804) spacewalk-client-tools: - Fix bootstrapping SLE15 traditional client (bsc#1128564) - Sync with Spacewalk - Add ability to work behind http proxies - 1666099 - python3 is picky about bytes and string - Fix testConfig.py - Use rpm for debian packaging - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) - The rhnsd service was replaced by rhnsd timer, so registration script and systemd presets are now adapted to this (bsc#1138130) spacewalk-koan: - Fix building on openSUSE 15.0 - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-oscap: - Fix python2 compilation on openSUSE - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-remote-utils: - Sync changes from Spacewalk - 1649374 - Update spacewalk-remote-utils with RHEL 7.6 channel definitions - 1633532 - Use python-gpg instead of python-gpgme where possible - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacewalk-usix: - Add compatibility with Python 3 - Use rpm for debian packaging - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) supportutils-plugin-susemanager-client: - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) suseRegisterInfo: - Make suseRegisterInfo compatible with Python 2 and 3 - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) zypp-plugin-spacewalk: - Fix python syntax error in distupgrade (bsc#1136102) mgr-daemon: - rhnsd service was replaced by rhnsd timer (bsc#1138130) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3361-1 Released: Thu Dec 19 18:54:43 2019 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1113160,1131556,1143913,1146683,1152722,1153090,1154968,1156211,1156397,1156521 This update fixes the following issues: golang-github-lusitaniae-apache_exporter: - Handle OS TERM signals - Add option to override host name golang-github-prometheus-prometheus: - Patch macros on spec file to support builds on SLE 12 - Remove prometheus.firewall.xml source file - Remove firewalld files. They are installed in the main firewalld package. - Update Uyuni/SUSE Manager service discovery patch + Fixes crashes when systems have no FQDN + Adds Parallel calls to Uyuni API, meaningful performance increase + Adds Support for system group labels - Do not install the firewalld config file on Tumbleweed (on versions newer than Leap 15.1). It's installed in the main firewalld package. - reorder some %install tasks - Add network-online (Wants and After) dependency to systemd unit bsc#1143913 - Only package required files (reduces rpm size by 4 MB) - Add sysconfig file - Add firewall config file - Use variables for defining user and group koan: - Fix auto installing VMs (bsc#1156211) rhnlib: - Fix malformed XML response when data contains non-ASCII chars (bsc#1154968) spacecmd: - Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04 - Prevent error when piping stdout in Python 2 (bsc#1153090) spacewalk-backend: - Fix specfile for systems that do not yet use systemd - Fix spacewalk-update-signatures for python3 (bsc#1156521) - Fix problems with Package Hub repos having multiple rpms with same NEVRA but different checksums (bsc#1146683) - Add systemd service macros for diskcheck.service - Port diskcheck utility to 4.0.3 branch (bsc#1156397) - Use active values for diskchecker mails - Do not require parameters to start on column 1 - Add Requires: systemd for completeness - Create /usr/lib/systemd/systemd during build - BuildRequires: systemd for spacewalk-diskcheck - Add option spacecheck_shutdown; tidy up wording of notifications - Add disk space checker script - Fix broken spacewalk-data-fsck utility (bsc#1131556) spacewalk-client-tools: - Skip dmidecode data on aarch64 to prevent coredump (bsc#1113160) spacewalk-koan: - Gfx_type needs to default to 'vnc' (bsc#1156211) zypp-plugin-spacewalk: - Prevent possible encoding issues on Python 3 (bsc#1152722) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1972-1 Released: Tue Jul 21 02:39:24 2020 Summary: Security update for SUSE Manager Client Tools Type: security Severity: moderate References: 1113160,1138822,1142038,1148177,1153090,1153277,1154940,1154968,1155372,1163871,1165921,1168310,1170231,1170557,1170824,1171687,1172462,CVE-2019-10215,CVE-2019-15043,CVE-2020-12245,CVE-2020-13379 This update fixes the following issues: dracut-saltboot: - Print a list of available disk devices (bsc#1170824) - Install wipefs to initrd - Force install crypt modules golang-github-prometheus-prometheus: - Update change log and spec file + Modified spec file: default to golang 1.14 to avoid 'have choice' build issues in OBS. + Rebase and update patches for version 2.18.0 - Update to 2.18.0 + Features * Tracing: Added experimental Jaeger support #7148 + Changes * Federation: Only use local TSDB for federation (ignore remote read). #7096 * Rules: `rule_evaluations_total` and `rule_evaluation_failures_total` have a `rule_group` label now. #7094 + Enhancements * TSDB: Significantly reduce WAL size kept around after a block cut. #7098 * Discovery: Add `architecture` meta label for EC2. #7000 + Bug fixes * UI: Fixed wrong MinTime reported by /status. #7182 * React UI: Fixed multiselect legend on OSX. #6880 * Remote Write: Fixed blocked resharding edge case. #7122 * Remote Write: Fixed remote write not updating on relabel configs change. #7073 - Changes from 2.17.2 + Bug fixes * Federation: Register federation metrics #7081 * PromQL: Fix panic in parser error handling #7132 * Rules: Fix reloads hanging when deleting a rule group that is being evaluated #7138 * TSDB: Fix a memory leak when prometheus starts with an empty TSDB WAL #7135 * TSDB: Make isolation more robust to panics in web handlers #7129 #7136 - Changes from 2.17.1 + Bug fixes * TSDB: Fix query performance regression that increased memory and CPU usage #7051 - Changes from 2.17.0 + Features * TSDB: Support isolation #6841 * This release implements isolation in TSDB. API queries and recording rules are guaranteed to only see full scrapes and full recording rules. This comes with a certain overhead in resource usage. Depending on the situation, there might be some increase in memory usage, CPU usage, or query latency. + Enhancements * PromQL: Allow more keywords as metric names #6933 * React UI: Add normalization of localhost URLs in targets page #6794 * Remote read: Read from remote storage concurrently #6770 * Rules: Mark deleted rule series as stale after a reload #6745 * Scrape: Log scrape append failures as debug rather than warn #6852 * TSDB: Improve query performance for queries that partially hit the head #6676 * Consul SD: Expose service health as meta label #5313 * EC2 SD: Expose EC2 instance lifecycle as meta label #6914 * Kubernetes SD: Expose service type as meta label for K8s service role #6684 * Kubernetes SD: Expose label_selector and field_selector #6807 * Openstack SD: Expose hypervisor id as meta label #6962 + Bug fixes * PromQL: Do not escape HTML-like chars in query log #6834 #6795 * React UI: Fix data table matrix values #6896 * React UI: Fix new targets page not loading when using non-ASCII characters #6892 * Remote read: Fix duplication of metrics read from remote storage with external labels #6967 #7018 * Remote write: Register WAL watcher and live reader metrics for all remotes, not just the first one #6998 * Scrape: Prevent removal of metric names upon relabeling #6891 * Scrape: Fix 'superfluous response.WriteHeader call' errors when scrape fails under some circonstances #6986 * Scrape: Fix crash when reloads are separated by two scrape intervals #7011 - Changes from 2.16.0 + Features * React UI: Support local timezone on /graph #6692 * PromQL: add absent_over_time query function #6490 * Adding optional logging of queries to their own file #6520 + Enhancements * React UI: Add support for rules page and 'Xs ago' duration displays #6503 * React UI: alerts page, replace filtering togglers tabs with checkboxes #6543 * TSDB: Export metric for WAL write errors #6647 * TSDB: Improve query performance for queries that only touch the most recent 2h of data. #6651 * PromQL: Refactoring in parser errors to improve error messages #6634 * PromQL: Support trailing commas in grouping opts #6480 * Scrape: Reduce memory usage on reloads by reusing scrape cache #6670 * Scrape: Add metrics to track bytes and entries in the metadata cache #6675 * promtool: Add support for line-column numbers for invalid rules output #6533 * Avoid restarting rule groups when it is unnecessary #6450 + Bug fixes * React UI: Send cookies on fetch() on older browsers #6553 * React UI: adopt grafana flot fix for stacked graphs #6603 * React UI: broken graph page browser history so that back button works as expected #6659 * TSDB: ensure compactionsSkipped metric is registered, and log proper error if one is returned from head.Init #6616 * TSDB: return an error on ingesting series with duplicate labels #6664 * PromQL: Fix unary operator precedence #6579 * PromQL: Respect query.timeout even when we reach query.max-concurrency #6712 * PromQL: Fix string and parentheses handling in engine, which affected React UI #6612 * PromQL: Remove output labels returned by absent() if they are produced by multiple identical label matchers #6493 * Scrape: Validate that OpenMetrics input ends with `# EOF` #6505 * Remote read: return the correct error if configs can't be marshal'd to JSON #6622 * Remote write: Make remote client `Store` use passed context, which can affect shutdown timing #6673 * Remote write: Improve sharding calculation in cases where we would always be consistently behind by tracking pendingSamples #6511 * Ensure prometheus_rule_group metrics are deleted when a rule group is removed #6693 - Changes from 2.15.2 + Bug fixes * TSDB: Fixed support for TSDB blocks built with Prometheus before 2.1.0. #6564 * TSDB: Fixed block compaction issues on Windows. #6547 - Changes from 2.15.1 + Bug fixes * TSDB: Fixed race on concurrent queries against same data. #6512 - Changes from 2.15.0 + Features * API: Added new endpoint for exposing per metric metadata `/metadata`. #6420 #6442 + Changes * Discovery: Removed `prometheus_sd_kubernetes_cache_*` metrics. Additionally `prometheus_sd_kubernetes_workqueue_latency_seconds` and `prometheus_sd_kubernetes_workqueue_work_duration_seconds` metrics now show correct values in seconds. #6393 * Remote write: Changed `query` label on `prometheus_remote_storage_*` metrics to `remote_name` and `url`. #6043 + Enhancements * TSDB: Significantly reduced memory footprint of loaded TSDB blocks. #6418 #6461 * TSDB: Significantly optimized what we buffer during compaction which should result in lower memory footprint during compaction. #6422 #6452 #6468 #6475 * TSDB: Improve replay latency. #6230 * TSDB: WAL size is now used for size based retention calculation. #5886 * Remote read: Added query grouping and range hints to the remote read request #6401 * Remote write: Added `prometheus_remote_storage_sent_bytes_total` counter per queue. #6344 * promql: Improved PromQL parser performance. #6356 * React UI: Implemented missing pages like `/targets` #6276, TSDB status page #6281 #6267 and many other fixes and performance improvements. * promql: Prometheus now accepts spaces between time range and square bracket. e.g `[ 5m]` #6065 + Bug fixes * Config: Fixed alertmanager configuration to not miss targets when configurations are similar. #6455 * Remote write: Value of `prometheus_remote_storage_shards_desired` gauge shows raw value of desired shards and it's updated correctly. #6378 * Rules: Prometheus now fails the evaluation of rules and alerts where metric results collide with labels specified in `labels` field. #6469 * API: Targets Metadata API `/targets/metadata` now accepts empty `match_targets` parameter as in the spec. #6303 - Changes from 2.14.0 + Features * API: `/api/v1/status/runtimeinfo` and `/api/v1/status/buildinfo` endpoints added for use by the React UI. #6243 * React UI: implement the new experimental React based UI. #5694 and many more * Can be found by under `/new`. * Not all pages are implemented yet. * Status: Cardinality statistics added to the Runtime & Build Information page. #6125 + Enhancements * Remote write: fix delays in remote write after a compaction. #6021 * UI: Alerts can be filtered by state. #5758 + Bug fixes * Ensure warnings from the API are escaped. #6279 * API: lifecycle endpoints return 403 when not enabled. #6057 * Build: Fix Solaris build. #6149 * Promtool: Remove false duplicate rule warnings when checking rule files with alerts. #6270 * Remote write: restore use of deduplicating logger in remote write. #6113 * Remote write: do not reshard when unable to send samples. #6111 * Service discovery: errors are no longer logged on context cancellation. #6116, #6133 * UI: handle null response from API properly. #6071 - Changes from 2.13.1 + Bug fixes * Fix panic in ARM builds of Prometheus. #6110 * promql: fix potential panic in the query logger. #6094 * Multiple errors of http: superfluous response.WriteHeader call in the logs. #6145 - Changes from 2.13.0 + Enhancements * Metrics: renamed prometheus_sd_configs_failed_total to prometheus_sd_failed_configs and changed to Gauge #5254 * Include the tsdb tool in builds. #6089 * Service discovery: add new node address types for kubernetes. #5902 * UI: show warnings if query have returned some warnings. #5964 * Remote write: reduce memory usage of the series cache. #5849 * Remote read: use remote read streaming to reduce memory usage. #5703 * Metrics: added metrics for remote write max/min/desired shards to queue manager. #5787 * Promtool: show the warnings during label query. #5924 * Promtool: improve error messages when parsing bad rules. #5965 * Promtool: more promlint rules. #5515 + Bug fixes * UI: Fix a Stored DOM XSS vulnerability with query history [CVE-2019-10215](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10215). #6098 * Promtool: fix recording inconsistency due to duplicate labels. #6026 * UI: fixes service-discovery view when accessed from unhealthy targets. #5915 * Metrics format: OpenMetrics parser crashes on short input. #5939 * UI: avoid truncated Y-axis values. #6014 - Changes from 2.12.0 + Features * Track currently active PromQL queries in a log file. #5794 * Enable and provide binaries for `mips64` / `mips64le` architectures. #5792 + Enhancements * Improve responsiveness of targets web UI and API endpoint. #5740 * Improve remote write desired shards calculation. #5763 * Flush TSDB pages more precisely. tsdb#660 * Add `prometheus_tsdb_retention_limit_bytes` metric. tsdb#667 * Add logging during TSDB WAL replay on startup. tsdb#662 * Improve TSDB memory usage. tsdb#653, tsdb#643, tsdb#654, tsdb#642, tsdb#627 + Bug fixes * Check for duplicate label names in remote read. #5829 * Mark deleted rules' series as stale on next evaluation. #5759 * Fix JavaScript error when showing warning about out-of-sync server time. #5833 * Fix `promtool test rules` panic when providing empty `exp_labels`. #5774 * Only check last directory when discovering checkpoint number. #5756 * Fix error propagation in WAL watcher helper functions. #5741 * Correctly handle empty labels from alert templates. #5845 - Update Uyuni/SUSE Manager service discovery patch + Adapt service discovery to the new Uyuni API endpoints + Modified spec file: force golang 1.12 to fix build issues in SLE15SP2 - Update to Prometheus 2.11.2 grafana: - Update to version 7.0.3 * Features / Enhancements - Stats: include all fields. #24829, @ryantxu - Variables: change VariableEditorList row action Icon to IconButton. #25217, @hshoff * Bug fixes - Cloudwatch: Fix dimensions of DDoSProtection. #25317, @papagian - Configuration: Fix env var override of sections containing hyphen. #25178, @marefr - Dashboard: Get panels in collapsed rows. #25079, @peterholmberg - Do not show alerts tab when alerting is disabled. #25285, @dprokop - Jaeger: fixes cascader option label duration value. #25129, @Estrax - Transformations: Fixed Transform tab crash & no update after adding first transform. #25152, @torkelo - Update to version 7.0.2 * Bug fixes - Security: Urgent security patch release to fix CVE-2020-13379 - Update to version 7.0.1 * Features / Enhancements - Datasource/CloudWatch: Makes CloudWatch Logs query history more readable. #24795, @kaydelaney - Download CSV: Add date and time formatting. #24992, @ryantxu - Table: Make last cell value visible when right aligned. #24921, @peterholmberg - TablePanel: Adding sort order persistance. #24705, @torkelo - Transformations: Display correct field name when using reduce transformation. #25068, @peterholmberg - Transformations: Allow custom number input for binary operations. #24752, @ryantxu * Bug fixes - Dashboard/Links: Fixes dashboard links by tags not working. #24773, @KamalGalrani - Dashboard/Links: Fixes open in new window for dashboard link. #24772, @KamalGalrani - Dashboard/Links: Variables are resolved and limits to 100. #25076, @hugohaggmark - DataLinks: Bring back variables interpolation in title. #24970, @dprokop - Datasource/CloudWatch: Field suggestions no longer limited to prefix-only. #24855, @kaydelaney - Explore/Table: Keep existing field types if possible. #24944, @kaydelaney - Explore: Fix wrap lines toggle for results of queries with filter expression. #24915, @ivanahuckova - Explore: fix undo in query editor. #24797, @zoltanbedi - Explore: fix word break in type head info. #25014, @zoltanbedi - Graph: Legend decimals now work as expected. #24931, @torkelo - LoginPage: Fix hover color for service buttons. #25009, @tskarhed - LogsPanel: Fix scrollbar. #24850, @ivanahuckova - MoveDashboard: Fix for moving dashboard caused all variables to be lost. #25005, @torkelo - Organize transformer: Use display name in field order comparer. #24984, @dprokop - Panel: shows correct panel menu items in view mode. #24912, @hugohaggmark - PanelEditor Fix missing labels and description if there is only single option in category. #24905, @dprokop - PanelEditor: Overrides name matcher still show all original field names even after Field default display name is specified. #24933, @torkelo - PanelInspector: Makes sure Data display options are visible. #24902, @hugohaggmark - PanelInspector: Hides unsupported data display options for Panel type. #24918, @hugohaggmark - PanelMenu: Make menu disappear on button press. #25015, @tskarhed - Postgres: Fix add button. #25087, @phemmer - Prometheus: Fix recording rules expansion. #24977, @ivanahuckova - Stackdriver: Fix creating Service Level Objectives (SLO) datasource query variable. #25023, @papagian - Update to version 7.0.0 * Breaking changes - Removed PhantomJS: PhantomJS was deprecated in Grafana v6.4 and starting from Grafana v7.0.0, all PhantomJS support has been removed. This means that Grafana no longer ships with a built-in image renderer, and we advise you to install the Grafana Image Renderer plugin. - Dashboard: A global minimum dashboard refresh interval is now enforced and defaults to 5 seconds. - Interval calculation: There is now a new option Max data points that controls the auto interval $__interval calculation. Interval was previously calculated by dividing the panel width by the time range. With the new max data points option it is now easy to set $__interval to a dynamic value that is time range agnostic. For example if you set Max data points to 10 Grafana will dynamically set $__interval by dividing the current time range by 10. - Datasource/Loki: Support for deprecated Loki endpoints has been removed. - Backend plugins: Grafana now requires backend plugins to be signed, otherwise Grafana will not load/start them. This is an additional security measure to make sure backend plugin binaries and files haven't been tampered with. Refer to Upgrade Grafana for more information. - @grafana/ui: Forms migration notice, see @grafana/ui changelog - @grafana/ui: Select API change for creating custom values, see @grafana/ui changelog + Deprecation warnings - Scripted dashboards is now deprecated. The feature is not removed but will be in a future release. We hope to address the underlying requirement of dynamic dashboards in a different way. #24059 - The unofficial first version of backend plugins together with usage of grafana/grafana-plugin-model is now deprecated and support for that will be removed in a future release. Please refer to backend plugins documentation for information about the new officially supported backend plugins. * Features / Enhancements - Backend plugins: Log deprecation warning when using the unofficial first version of backend plugins. #24675, @marefr - Editor: New line on Enter, run query on Shift+Enter. #24654, @davkal - Loki: Allow multiple derived fields with the same name. #24437, @aocenas - Orgs: Add future deprecation notice. #24502, @torkelo * Bug Fixes - @grafana/toolkit: Use process.cwd() instead of PWD to get directory. #24677, @zoltanbedi - Admin: Makes long settings values line break in settings page. #24559, @hugohaggmark - Dashboard: Allow editing provisioned dashboard JSON and add confirmation when JSON is copied to dashboard. #24680, @dprokop - Dashboard: Fix for strange 'dashboard not found' errors when opening links in dashboard settings. #24416, @torkelo - Dashboard: Fix so default data source is selected when data source can't be found in panel editor. #24526, @mckn - Dashboard: Fixed issue changing a panel from transparent back to normal in panel editor. #24483, @torkelo - Dashboard: Make header names reflect the field name when exporting to CSV file from the the panel inspector. #24624, @peterholmberg - Dashboard: Make sure side pane is displayed with tabs by default in panel editor. #24636, @dprokop - Data source: Fix query/annotation help content formatting. #24687, @AgnesToulet - Data source: Fixes async mount errors. #24579, @Estrax - Data source: Fixes saving a data source without failure when URL doesn't specify a protocol. #24497, @aknuds1 - Explore/Prometheus: Show results of instant queries only in table. #24508, @ivanahuckova - Explore: Fix rendering of react query editors. #24593, @ivanahuckova - Explore: Fixes loading more logs in logs context view. #24135, @Estrax - Graphite: Fix schema and dedupe strategy in rollup indicators for Metrictank queries. #24685, @torkelo - Graphite: Makes query annotations work again. #24556, @hugohaggmark - Logs: Clicking 'Load more' from context overlay doesn't expand log row. #24299, @kaydelaney - Logs: Fix total bytes process calculation. #24691, @davkal - Org/user/team preferences: Fixes so UI Theme can be set back to Default. #24628, @AgnesToulet - Plugins: Fix manifest validation. #24573, @aknuds1 - Provisioning: Use proxy as default access mode in provisioning. #24669, @bergquist - Search: Fix select item when pressing enter and Grafana is served using a sub path. #24634, @tskarhed - Search: Save folder expanded state. #24496, @Clarity-89 - Security: Tag value sanitization fix in OpenTSDB data source. #24539, @rotemreiss - Table: Do not include angular options in options when switching from angular panel. #24684, @torkelo - Table: Fixed persisting column resize for time series fields. #24505, @torkelo - Table: Fixes Cannot read property subRows of null. #24578, @hugohaggmark - Time picker: Fixed so you can enter a relative range in the time picker without being converted to absolute range. #24534, @mckn - Transformations: Make transform dropdowns not cropped. #24615, @dprokop - Transformations: Sort order should be preserved as entered by user when using the reduce transformation. #24494, @hugohaggmark - Units: Adds scale symbol for currencies with suffixed symbol. #24678, @hugohaggmark - Variables: Fixes filtering options with more than 1000 entries. #24614, @hugohaggmark - Variables: Fixes so Textbox variables read value from url. #24623, @hugohaggmark - Zipkin: Fix error when span contains remoteEndpoint. #24524, @aocenas - SAML: Switch from email to login for user login attribute mapping (Enterprise) - Update Makefile and spec file * Remove phantomJS patch from Makefile * Fix multiline strings in Makefile * Exclude s390 from SLE12 builds, golang 1.14 is not built for s390 - Add instructions for patching the Grafana javascript frontend. - BuildRequires golang(API) instead of go metapackage version range * BuildRequires: golang(API) >= 1.14 from BuildRequires: ( go >= 1.14 with go < 1.15 ) - Update to version 6.7.3 - This version fixes bsc#1170557 and its corresponding CVE-2020-12245 - Admin: Fix Synced via LDAP message for non-LDAP external users. #23477, @alexanderzobnin - Alerting: Fixes notifications for alerts with empty message in Google Hangouts notifier. #23559, @hugohaggmark - AuthProxy: Fixes bug where long username could not be cached.. #22926, @jcmcken - Dashboard: Fix saving dashboard when editing raw dashboard JSON model. #23314, @peterholmberg - Dashboard: Try to parse 8 and 15 digit numbers as timestamps if parsing of time range as date fails. #21694, @jessetan - DashboardListPanel: Fixed problem with empty panel after going into edit mode (General folder filter being automatically added) . #23426, @torkelo - Data source: Handle datasource withCredentials option properly. #23380, @hvtuananh - Security: Fix annotation popup XSS vulnerability. #23813, @torkelo - Server: Exit Grafana with status code 0 if no error. #23312, @aknuds1 - TablePanel: Fix XSS issue in header column rename (backport). #23814, @torkelo - Variables: Fixes error when setting adhoc variable values. #23580, @hugohaggmark - Update to version 6.7.2: (see installed changelog for the full list of changes) - BackendSrv: Adds config to response to fix issue for external plugins that used this property . #23032, @torkelo - Dashboard: Fixed issue with saving new dashboard after changing title . #23104, @dprokop - DataLinks: make sure we use the correct datapoint when dataset contains null value.. #22981, @mckn - Plugins: Fixed issue for plugins that imported dateMath util . #23069, @mckn - Security: Fix for dashboard snapshot original dashboard link could contain XSS vulnerability in url. #23254, @torkelo - Variables: Fixes issue with too many queries being issued for nested template variables after value change. #23220, @torkelo - Plugins: Expose promiseToDigest. #23249, @torkelo - Reporting (Enterprise): Fixes issue updating a report created by someone else - Update to 6.7.1: (see installed changelog for the full list of changes) Bug Fixes - Azure: Fixed dropdowns not showing current value. #22914, @torkelo - BackendSrv: only add content-type on POST, PUT requests. #22910, @hugohaggmark - Panels: Fixed size issue with panel internal size when exiting panel edit mode. #22912, @torkelo - Reporting: fixes migrations compatibility with mysql (Enterprise) - Reporting: Reduce default concurrency limit to 4 (Enterprise) - Update to 6.7.0: (see installed changelog for the full list of changes) Bug Fixes - AngularPanels: Fixed inner height calculation for angular panels . #22796, @torkelo - BackendSrv: makes sure provided headers are correctly recognized and set. #22778, @hugohaggmark - Forms: Fix input suffix position (caret-down in Select) . #22780, @torkelo - Graphite: Fixed issue with query editor and next select metric now showing after selecting metric node . #22856, @torkelo - Rich History: UX adjustments and fixes. #22729, @ivanahuckova - Update to 6.7.0-beta1: Breaking changes - Slack: Removed Mention setting and instead introduce Mention Users, Mention Groups, and Mention Channel. The first two settings require user and group IDs, respectively. This change was necessary because the way of mentioning via the Slack API changed and mentions in Slack notifications no longer worked. - Alerting: Reverts the behavior of diff and percent_diff to not always be absolute. Something we introduced by mistake in 6.1.0. Alerting now support diff(), diff_abs(), percent_diff() and percent_diff_abs(). #21338 - Notice about changes in backendSrv for plugin authors In our mission to migrate away from AngularJS to React we have removed all AngularJS dependencies in the core data retrieval service backendSrv. Removing the AngularJS dependencies in backendSrv has the unfortunate side effect of AngularJS digest no longer being triggered for any request made with backendSrv. Because of this, external plugins using backendSrv directly may suffer from strange behaviour in the UI. To remedy this issue, as a plugin author you need to trigger the digest after a direct call to backendSrv. Bug Fixes API: Fix redirect issues. #22285, @papagian Alerting: Don't include image_url field with Slack message if empty. #22372, @aknuds1 Alerting: Fixed bad background color for default notifications in alert tab . #22660, @krvajal Annotations: In table panel when setting transform to annotation, they will now show up right away without a manual refresh. #22323, @krvajal Azure Monitor: Fix app insights source to allow for new __timeFrom and __timeTo. #21879, @ChadNedzlek BackendSrv: Fixes POST body for form data. #21714, @hugohaggmark CloudWatch: Credentials cache invalidation fix. #22473, @sunker CloudWatch: Expand alias variables when query yields no result. #22695, @sunker Dashboard: Fix bug with NaN in alerting. #22053, @a-melnyk Explore: Fix display of multiline logs in log panel and explore. #22057, @thomasdraebing Heatmap: Legend color range is incorrect when using custom min/max. #21748, @sv5d Security: Fixed XSS issue in dashboard history diff . #22680, @torkelo StatPanel: Fixes base color is being used for null values . #22646, @torkelo - Update to version 6.6.2: (see installed changelog for the full list of changes) - Update to version 6.6.1: (see installed changelog for the full list of changes) - Update to version 6.6.0: (see installed changelog for the full list of changes) - Update to version 6.5.3: (see installed changelog for the full list of changes) - Update to version 6.5.2: (see installed changelog for the full list of changes) - Update to version 6.5.1: (see installed changelog for the full list of changes) - Update to version 6.5.0 (see installed changelog for the full list of changes) - Update to version 6.4.5: * Create version 6.4.5 * CloudWatch: Fix high CPU load (#20579) - Add obs-service-go_modules to download required modules into vendor.tar.gz - Adjusted spec file to use vendor.tar.gz - Adjusted Makefile to work with new filenames - BuildRequire go1.14 - Update to version 6.4.4: * DataLinks: Fix blur issues. #19883, @aocenas * Docker: Makes it possible to parse timezones in the docker image. #20081, @xlson * LDAP: All LDAP servers should be tried even if one of them returns a connection error. #20077, @jongyllen * LDAP: No longer shows incorrectly matching groups based on role in debug page. #20018, @xlson * Singlestat: Fix no data / null value mapping . #19951, @ryantxu - Revert the spec file and make script - Remove PhantomJS dependency - Update to 6.4.3 * Bug Fixes - Alerting: All notification channels should send even if one fails to send. #19807, @jan25 - AzureMonitor: Fix slate interference with dropdowns. #19799, @aocenas - ContextMenu: make ContextMenu positioning aware of the viewport width. #19699, @krvajal - DataLinks: Fix context menu not showing in singlestat-ish visualisations. #19809, @dprokop - DataLinks: Fix url field not releasing focus. #19804, @aocenas - Datasource: Fixes clicking outside of some query editors required 2 clicks. #19822, @aocenas - Panels: Fixes default tab for visualizations without Queries Tab. #19803, @hugohaggmark - Singlestat: Fixed issue with mapping null to text. #19689, @torkelo - @grafana/toolkit: Don't fail plugin creation when git user.name config is not set. #19821, @dprokop - @grafana/toolkit: TSLint line number off by 1. #19782, @fredwangwang - Update to 6.4.2 * Bug Fixes - CloudWatch: Changes incorrect dimension wmlid to wlmid . #19679, @ATTron - Grafana Image Renderer: Fixes plugin page. #19664, @hugohaggmark - Graph: Fixes auto decimals logic for y axis ticks that results in too many decimals for high values. #19618, @torkelo - Graph: Switching to series mode should re-render graph. #19623, @torkelo - Loki: Fix autocomplete on label values. #19579, @aocenas - Loki: Removes live option for logs panel. #19533, @davkal - Profile: Fix issue with user profile not showing more than sessions sessions in some cases. #19578, @huynhsamha - Prometheus: Fixes so results in Panel always are sorted by query order. #19597, @hugohaggmark - ShareQuery: Fixed issue when using -- Dashboard -- datasource (to share query result) when dashboard had rows. #19610, @torkelo - Show SAML login button if SAML is enabled. #19591, @papagian - SingleStat: Fixes postfix/prefix usage. #19687, @hugohaggmark - Table: Proper handling of json data with dataframes. #19596, @marefr - Units: Fixed wrong id for Terabits/sec. #19611, @andreaslangnevyjel - Changes from 6.4.1 * Bug Fixes - Provisioning: Fixed issue where empty nested keys in YAML provisioning caused a server crash, #19547 - ImageRendering: Fixed issue with image rendering in enterprise build (Enterprise) - Reporting: Fixed issue with reporting service when STMP was disabled (Enterprise). - Changes from 6.4.0 * Features / Enhancements - Build: Upgrade go to 1.12.10. #19499, @marefr - DataLinks: Suggestions menu improvements. #19396, @dprokop - Explore: Take root_url setting into account when redirecting from dashboard to explore. #19447, @ivanahuckova - Explore: Update broken link to logql docs. #19510, @ivanahuckova - Logs: Adds Logs Panel as a visualization. #19504, @davkal * Bug Fixes - CLI: Fix version selection for plugin install. #19498, @aocenas - Graph: Fixes minor issue with series override color picker and custom color . #19516, @torkelo - Changes from 6.4.0 Beta 2 * Features / Enhancements - Azure Monitor: Remove support for cross resource queries (#19115)'. #19346, @sunker - Docker: Upgrade packages to resolve reported vulnerabilities. #19188, @marefr - Graphite: Time range expansion reduced from 1 minute to 1 second. #19246, @torkelo - grafana/toolkit: Add plugin creation task. #19207, @dprokop * Bug Fixes - Alerting: Prevents creating alerts from unsupported queries. #19250, @hugohaggmark - Alerting: Truncate PagerDuty summary when greater than 1024 characters. #18730, @nvllsvm - Cloudwatch: Fix autocomplete for Gamelift dimensions. #19146, @kevinpz - Dashboard: Fix export for sharing when panels use default data source. #19315, @torkelo - Database: Rewrite system statistics query to perform better. #19178, @papagian - Gauge/BarGauge: Fix issue with [object Object] in titles . #19217, @ryantxu - MSSQL: Revert usage of new connectionstring format introduced by #18384. #19203, @marefr - Multi-LDAP: Do not fail-fast on invalid credentials. #19261, @gotjosh - MySQL, Postgres, MSSQL: Fix validating query with template variables in alert . #19237, @marefr - MySQL, Postgres: Update raw sql when query builder updates. #19209, @marefr - MySQL: Limit datasource error details returned from the backend. #19373, @marefr - Changes from 6.4.0 Beta 1 * Features / Enhancements - API: Readonly datasources should not be created via the API. #19006, @papagian - Alerting: Include configured AlertRuleTags in Webhooks notifier. #18233, @dominic-miglar - Annotations: Add annotations support to Loki. #18949, @aocenas - Annotations: Use a single row to represent a region. #17673, @ryantxu - Auth: Allow inviting existing users when login form is disabled. #19048, @548017 - Azure Monitor: Add support for cross resource queries. #19115, @sunker - CLI: Allow installing custom binary plugins. #17551, @aocenas - Dashboard: Adds Logs Panel (alpha) as visualization option for Dashboards. #18641, @hugohaggmark - Dashboard: Reuse query results between panels . #16660, @ryantxu - Dashboard: Set time to to 23:59:59 when setting To time using calendar. #18595, @simPod - DataLinks: Add DataLinks support to Gauge, BarGauge and SingleStat2 panel. #18605, @ryantxu - DataLinks: Enable access to labels & field names. #18918, @torkelo - DataLinks: Enable multiple data links per panel. #18434, @dprokop - Docker: switch docker image to alpine base with phantomjs support. #18468, @DanCech - Elasticsearch: allow templating queries to order by doc_count. #18870, @hackery - Explore: Add throttling when doing live queries. #19085, @aocenas - Explore: Adds ability to go back to dashboard, optionally with query changes. #17982, @kaydelaney - Explore: Reduce default time range to last hour. #18212, @davkal - Gauge/BarGauge: Support decimals for min/max. #18368, @ryantxu - Graph: New series override transform constant that renders a single point as a line across the whole graph. #19102, @davkal - Image rendering: Add deprecation warning when PhantomJS is used for rendering images. #18933, @papagian - InfluxDB: Enable interpolation within ad-hoc filter values. #18077, @kvc-code - LDAP: Allow an user to be synchronized against LDAP. #18976, @gotjosh - Ldap: Add ldap debug page. #18759, @peterholmberg - Loki: Remove prefetching of default label values. #18213, @davkal - Metrics: Add failed alert notifications metric. #18089, @koorgoo - OAuth: Support JMES path lookup when retrieving user email. #14683, @bobmshannon - OAuth: return GitLab groups as a part of user info (enable team sync). #18388, @alexanderzobnin - Panels: Add unit for electrical charge - ampere-hour. #18950, @anirudh-ramesh - Plugin: AzureMonitor - Reapply MetricNamespace support. #17282, @raphaelquati - Plugins: better warning when plugins fail to load. #18671, @ryantxu - Postgres: Add support for scram sha 256 authentication. #18397, @nonamef - RemoteCache: Support SSL with Redis. #18511, @kylebrandt - SingleStat: The gauge option in now disabled/hidden (unless it's an old panel with it already enabled) . #18610, @ryantxu - Stackdriver: Add extra alignment period options. #18909, @sunker - Units: Add South African Rand (ZAR) to currencies. #18893, @jeteon - Units: Adding T,P,E,Z,and Y bytes. #18706, @chiqomar * Bug Fixes - Alerting: Notification is sent when state changes from no_data to ok. #18920, @papagian - Alerting: fix duplicate alert states when the alert fails to save to the database. #18216, @kylebrandt - Alerting: fix response popover prompt when add notification channels. #18967, @lzdw - CloudWatch: Fix alerting for queries with Id (using GetMetricData). #17899, @alex-berger - Explore: Fix auto completion on label values for Loki. #18988, @aocenas - Explore: Fixes crash using back button with a zoomed in graph. #19122, @hugohaggmark - Explore: Fixes so queries in Explore are only run if Graph/Table is shown. #19000, @hugohaggmark - MSSQL: Change connectionstring to URL format to fix using passwords with semicolon. #18384, @Russiancold - MSSQL: Fix memory leak when debug enabled. #19049, @briangann - Provisioning: Allow escaping literal '$' with '$$' in configs to avoid interpolation. #18045, @kylebrandt - TimePicker: Fixes hiding time picker dropdown in FireFox. #19154, @hugohaggmark * Breaking changes + Annotations There are some breaking changes in the annotations HTTP API for region annotations. Region annotations are now represented using a single event instead of two seperate events. Check breaking changes in HTTP API below and HTTP API documentation for more details. + Docker Grafana is now using Alpine 3.10 as docker base image. + HTTP API - GET /api/alert-notifications now requires at least editor access. New /api/alert-notifications/lookup returns less information than /api/alert-notifications and can be access by any authenticated user. - GET /api/alert-notifiers now requires at least editor access - GET /api/org/users now requires org admin role. New /api/org/users/lookup returns less information than /api/org/users and can be access by users that are org admins, admin in any folder or admin of any team. - GET /api/annotations no longer returns regionId property. - POST /api/annotations no longer supports isRegion property. - PUT /api/annotations/:id no longer supports isRegion property. - PATCH /api/annotations/:id no longer supports isRegion property. - DELETE /api/annotations/region/:id has been removed. * Deprecation notes + PhantomJS - PhantomJS, which is used for rendering images of dashboards and panels, is deprecated and will be removed in a future Grafana release. A deprecation warning will from now on be logged when Grafana starts up if PhantomJS is in use. Please consider migrating from PhantomJS to the Grafana Image Renderer plugin. - Changes from 6.3.6 * Features / Enhancements - Metrics: Adds setting for turning off total stats metrics. #19142, @marefr * Bug Fixes - Database: Rewrite system statistics query to perform better. #19178, @papagian - Explore: Fixes error when switching from prometheus to loki data sources. #18599, @kaydelaney - Rebase package spec. Use mostly from fedora, fix suse specified things and fix some errors. - Add missing directories provisioning/datasources and provisioning/notifiers and sample.yaml as described in packaging/rpm/control from upstream. Missing directories are shown in logfiles. - Version 6.3.5 * Upgrades + Build: Upgrade to go 1.12.9. * Bug Fixes + Dashboard: Fixes dashboards init failed loading error for dashboards with panel links that had missing properties. + Editor: Fixes issue where only entire lines were being copied. + Explore: Fixes query field layout in splitted view for Safari browsers. + LDAP: multildap + ldap integration. + Profile/UserAdmin: Fix for user agent parser crashes grafana-server on 32-bit builds. + Prometheus: Prevents panel editor crash when switching to Prometheus datasource. + Prometheus: Changes brace-insertion behavior to be less annoying. - Version 6.3.4 * Security: CVE-2019-15043 - Parts of the HTTP API allow unauthenticated use. - Version 6.3.3 * Bug Fixes + Annotations: Fix failing annotation query when time series query is cancelled. #18532 1, @dprokop 1 + Auth: Do not set SameSite cookie attribute if cookie_samesite is none. #18462 1, @papagian 3 + DataLinks: Apply scoped variables to data links correctly. #18454 1, @dprokop 1 + DataLinks: Respect timezone when displaying datapoint’s timestamp in graph context menu. #18461 2, @dprokop 1 + DataLinks: Use datapoint timestamp correctly when interpolating variables. #18459 1, @dprokop 1 + Explore: Fix loading error for empty queries. #18488 1, @davkal + Graph: Fixes legend issue clicking on series line icon and issue with horizontal scrollbar being visible on windows. #18563 1, @torkelo 2 + Graphite: Avoid glob of single-value array variables . #18420, @gotjosh + Prometheus: Fix queries with label_replace remove the $1 match when loading query editor. #18480 5, @hugohaggmark 3 + Prometheus: More consistently allows for multi-line queries in editor. #18362 2, @kaydelaney 2 + TimeSeries: Assume values are all numbers. #18540 4, @ryantxu - Version 6.3.2 * Bug Fixes + Gauge/BarGauge: Fixes issue with losts thresholds and issue loading Gauge with avg stat. #18375 12 - Version 6.3.1 * Bug Fixes + PanelLinks: Fix crash issue Gauge & Bar Gauge for panels with panel links (drill down links). #18430 2 - Version 6.3.0 * Features / Enhancements + OAuth: Do not set SameSite OAuth cookie if cookie_samesite is None. #18392 4, @papagian 3 + Auth Proxy: Include additional headers as part of the cache key. #18298 6, @gotjosh + Build grafana images consistently. #18224 12, @hassanfarid + Docs: SAML. #18069 11, @gotjosh + Permissions: Show plugins in nav for non admin users but hide plugin configuration. #18234 1, @aocenas + TimePicker: Increase max height of quick range dropdown. #18247 2, @torkelo 2 + Alerting: Add tags to alert rules. #10989 13, @Thib17 1 + Alerting: Attempt to send email notifications to all given email addresses. #16881 1, @zhulongcheng + Alerting: Improve alert rule testing. #16286 2, @marefr + Alerting: Support for configuring content field for Discord alert notifier. #17017 2, @jan25 + Alertmanager: Replace illegal chars with underscore in label names. #17002 5, @bergquist 1 + Auth: Allow expiration of API keys. #17678, @papagian 3 + Auth: Return device, os and browser when listing user auth tokens in HTTP API. #17504, @shavonn 1 + Auth: Support list and revoke of user auth tokens in UI. #17434 2, @shavonn 1 + AzureMonitor: change clashing built-in Grafana variables/macro names for Azure Logs. #17140, @shavonn 1 + CloudWatch: Made region visible for AWS Cloudwatch Expressions. #17243 2, @utkarshcmu + Cloudwatch: Add AWS DocDB metrics. #17241, @utkarshcmu + Dashboard: Use timezone dashboard setting when exporting to CSV. #18002 1, @dehrax + Data links. #17267 11, @torkelo 2 + Docker: Switch base image to ubuntu:latest from debian:stretch to avoid security issues… #17066 5, @bergquist 1 + Elasticsearch: Support for visualizing logs in Explore . #17605 7, @marefr + Explore: Adds Live option for supported datasources. #17062 1, @hugohaggmark 3 + Explore: Adds orgId to URL for sharing purposes. #17895 1, @kaydelaney 2 + Explore: Adds support for new loki ‘start’ and ‘end’ params for labels endpoint. #17512, @kaydelaney 2 + Explore: Adds support for toggling raw query mode in explore. #17870, @kaydelaney 2 + Explore: Allow switching between metrics and logs . #16959 2, @marefr + Explore: Combines the timestamp and local time columns into one. #17775, @hugohaggmark 3 + Explore: Display log lines context . #17097, @dprokop 1 + Explore: Don’t parse log levels if provided by field or label. #17180 1, @marefr + Explore: Improves performance of Logs element by limiting re-rendering. #17685, @kaydelaney 2 + Explore: Support for new LogQL filtering syntax. #16674 4, @davkal + Explore: Use new TimePicker from Grafana/UI. #17793, @hugohaggmark 3 + Explore: handle newlines in LogRow Highlighter. #17425, @rrfeng 1 + Graph: Added new fill gradient option. #17528 3, @torkelo 2 + GraphPanel: Don’t sort series when legend table & sort column is not visible . #17095, @shavonn 1 + InfluxDB: Support for visualizing logs in Explore. #17450 9, @hugohaggmark 3 + Logging: Login and Logout actions (#17760). #17883 1, @ATTron + Logging: Move log package to pkg/infra. #17023, @zhulongcheng + Metrics: Expose stats about roles as metrics. #17469 2, @bergquist 1 + MySQL/Postgres/MSSQL: Add parsing for day, weeks and year intervals in macros. #13086 6, @bernardd + MySQL: Add support for periodically reloading client certs. #14892, @tpetr + Plugins: replace dataFormats list with skipDataQuery flag in plugin.json. #16984, @ryantxu + Prometheus: Take timezone into account for step alignment. #17477, @fxmiii + Prometheus: Use overridden panel range for $__range instead of dashboard range. #17352, @patrick246 + Prometheus: added time range filter to series labels query. #16851 3, @FUSAKLA + Provisioning: Support folder that doesn’t exist yet in dashboard provisioning. #17407 1, @Nexucis + Refresh picker: Handle empty intervals. #17585 1, @dehrax + Singlestat: Add y min/max config to singlestat sparklines. #17527 4, @pitr + Snapshot: use given key and deleteKey. #16876, @zhulongcheng + Templating: Correctly display __text in multi-value variable after page reload. #17840 1, @EduardSergeev + Templating: Support selecting all filtered values of a multi-value variable. #16873 2, @r66ad + Tracing: allow propagation with Zipkin headers. #17009 4, @jrockway + Users: Disable users removed from LDAP. #16820 2, @alexanderzobnin * Bug Fixes + PanelLinks: Fix render issue when there is no panel description. #18408 3, @dehrax + OAuth: Fix “missing saved state” OAuth login failure due to SameSite cookie policy. #18332 1, @papagian 3 + cli: fix for recognizing when in dev mode… #18334, @xlson + DataLinks: Fixes incorrect interpolation of ${__series_name} . #18251 1, @torkelo 2 + Loki: Display live tailed logs in correct order in Explore. #18031 3, @kaydelaney 2 + PhantomJS: Fixes rendering on Debian Buster. #18162 2, @xlson + TimePicker: Fixed style issue for custom range popover. #18244, @torkelo 2 + Timerange: Fixes a bug where custom time ranges didn’t respect UTC. #18248 1, @kaydelaney 2 + remote_cache: Fix redis connstr parsing. #18204 1, @mblaschke + AddPanel: Fix issue when removing moved add panel widget . #17659 2, @dehrax + CLI: Fix encrypt-datasource-passwords fails with sql error. #18014, @marefr + Elasticsearch: Fix default max concurrent shard requests. #17770 4, @marefr + Explore: Fix browsing back to dashboard panel. #17061, @jschill + Explore: Fix filter by series level in logs graph. #17798, @marefr + Explore: Fix issues when loading and both graph/table are collapsed. #17113, @marefr + Explore: Fix selection/copy of log lines. #17121, @marefr + Fix: Wrap value of multi variable in array when coming from URL. #16992 1, @aocenas + Frontend: Fix for Json tree component not working. #17608, @srid12 + Graphite: Fix for issue with alias function being moved last. #17791, @torkelo 2 + Graphite: Fixes issue with seriesByTag & function with variable param. #17795, @torkelo 2 + Graphite: use POST for /metrics/find requests. #17814 2, @papagian 3 + HTTP Server: Serve Grafana with a custom URL path prefix. #17048 6, @jan25 + InfluxDB: Fixes single quotes are not escaped in label value filters. #17398 1, @Panzki + Prometheus: Correctly escape ‘|’ literals in interpolated PromQL variables. #16932, @Limess + Prometheus: Fix when adding label for metrics which contains colons in Explore. #16760, @tolwi + SinglestatPanel: Remove background color when value turns null. #17552 1, @druggieri - Make phantomjs dependency configurable - Create plugin directory and clean up (create in %install, add to %files) handling of /var/lib/grafana/* and koan: - Calculate relative path for kernel and inited when generating grub entry (bsc#1170231) - Fix os-release version detection for SUSE mgr-cfg: - Remove commented code in test files - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Add mgr manpage links mgr-custom-info: - Bump version to 4.1.0 (bsc#1154940) mgr-daemon: - Bump version to 4.1.0 (bsc#1154940) - Fix systemd timer configuration on SLE12 (bsc#1142038) mgr-osad: - Separate osa-dispatcher and jabberd so it can be disabled independently - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Move /usr/share/rhn/config-defaults to uyuni-base-common - Require uyuni-base-common for /etc/rhn (for osa-dispatcher) - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-push: - Replace spacewalk-usix and spacewalk-backend-libs with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) mgr-virtualization: - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Fix mgr-virtualization timer rhnlib: - Fix building - Fix malformed XML response when data contains non-ASCII chars (bsc#1154968) - Bump version to 4.1.0 (bsc#1154940) - Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177) spacecmd: - Only report real error, not result (bsc#1171687) - Use defined return values for spacecmd methods so scripts can check for failure (bsc#1171687) - Disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871) - Bugfix: attempt to purge SSM when it is empty (bsc#1155372) - Bump version to 4.1.0 (bsc#1154940) - Prevent error when piping stdout in Python 2 (bsc#1153090) - Java api expects content as encoded string instead of encoded bytes like before (bsc#1153277) - Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04 - Add unit test for schedule, errata, user, utils, misc, configchannel and kickstart modules - Multiple minor bugfixes alongside the unit tests - Bugfix: referenced variable before assignment. - Add unit test for report, package, org, repo and group spacewalk-client-tools: - Add workaround for uptime overflow to spacewalk-update-status as well (bsc#1165921) - Spell correctly 'successful' and 'successfully' - Skip dmidecode data on aarch64 to prevent coredump (bsc#1113160) - Replace spacewalk-usix with uyuni-common-libs - Return a non-zero exit status on errors in rhn_check - Bump version to 4.1.0 (bsc#1154940) - Make a explicit requirement to systemd for spacewalk-client-tools when rhnsd timer is installed spacewalk-koan: - Bump version to 4.1.0 (bsc#1154940) - Require commands we use in merge-rd.sh spacewalk-oscap: - Bump version to 4.1.0 (bsc#1154940) spacewalk-remote-utils: - Update spacewalk-create-channel with RHEL 7.7 channel definitions - Bump version to 4.1.0 (bsc#1154940) supportutils-plugin-susemanager-client: - Bump version to 4.1.0 (bsc#1154940) suseRegisterInfo: - SuseRegisterInfo only needs perl-base, not full perl (bsc#1168310) - Bump version to 4.1.0 (bsc#1154940) zypp-plugin-spacewalk: - 1.0.7 - Prevent issue with non-ASCII characters in Python 2 systems (bsc#1172462) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2374-1 Released: Fri Aug 28 12:59:39 2020 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1171281,1172709,1173149,1173584,1174405,1174965 This update fixes the following issues: POS_Image-Graphical7: - Add plymouth-plugin-label-ft package to all *7 templates and set them to be of SLE15SP2 version - Add optional dracut-wireless comment section and move wpa_suplicant there POS_Image-JeOS7: - Add plymouth-plugin-label-ft package to all *7 templates and set them to be of SLE15SP2 version - Add optional dracut-wireless comment section and move wpa_suplicant there dracut-saltboot: - Use automatic RAID assembly only in the first phase before start of salt dracut-wireless: - Make sure ifup is scheduled (bsc#1173149) golang-github-prometheus-prometheus: - Add support for Prometheus exporters proxy mgr-osad: - Move uyuni-base-common dependency from mgr-osad to mgr-osa-dispatcher (bsc#1174405) spacecmd: - Fix softwarechannel update for vendor channels (bsc#1172709) - Fix escaping of package names (bsc#1171281) spacewalk-koan: - Use the 4.1 image to fix tests suseRegisterInfo: - Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584) uyuni-common-libs: - Fix issues importing RPM packages with long RPM headers (bsc#1174965) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2539-1 Released: Fri Sep 4 16:43:26 2020 Summary: Recommended update for golang-github-QubitProducts-exporter_exporter Type: recommended Severity: important References: 1175946 This Maintenance update for SUSE Manager fixes the following issue: - Add requires for fillup, groupadd, useradd, systemd (bsc#1175946) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2606-1 Released: Fri Sep 11 09:01:11 2020 Summary: Security update for golang-github-prometheus-prometheus Type: security Severity: moderate References: 1143913,1175478,CVE-2019-10215 This update for golang-github-prometheus-prometheus to version 2.18.0 fixes the following issues: - Fixed some building issues (bsc#1175478) - prometheus components systemd units should depend on network target (bsc#1143913). Update to 2.18.0 + Features * Tracing: Added experimental Jaeger support #7148 + Changes * Federation: Only use local TSDB for federation (ignore remote read). #7096 * Rules: `rule_evaluations_total` and `rule_evaluation_failures_total` have a `rule_group` label now. #7094 + Enhancements * TSDB: Significantly reduce WAL size kept around after a block cut. #7098 * Discovery: Add `architecture` meta label for EC2. #7000 + Bug fixes * UI: Fixed wrong MinTime reported by /status. #7182 * React UI: Fixed multiselect legend on OSX. #6880 * Remote Write: Fixed blocked resharding edge case. #7122 * Remote Write: Fixed remote write not updating on relabel configs change. #7073 - Changes from 2.17.2 + Bug fixes * Federation: Register federation metrics #7081 * PromQL: Fix panic in parser error handling #7132 * Rules: Fix reloads hanging when deleting a rule group that is being evaluated #7138 * TSDB: Fix a memory leak when prometheus starts with an empty TSDB WAL #7135 * TSDB: Make isolation more robust to panics in web handlers #7129 #7136 - Changes from 2.17.1 + Bug fixes * TSDB: Fix query performance regression that increased memory and CPU usage #7051 - Changes from 2.17.0 + Features * TSDB: Support isolation #6841 * This release implements isolation in TSDB. API queries and recording rules are guaranteed to only see full scrapes and full recording rules. This comes with a certain overhead in resource usage. Depending on the situation, there might be some increase in memory usage, CPU usage, or query latency. + Enhancements * PromQL: Allow more keywords as metric names #6933 * React UI: Add normalization of localhost URLs in targets page #6794 * Remote read: Read from remote storage concurrently #6770 * Rules: Mark deleted rule series as stale after a reload #6745 * Scrape: Log scrape append failures as debug rather than warn #6852 * TSDB: Improve query performance for queries that partially hit the head #6676 * Consul SD: Expose service health as meta label #5313 * EC2 SD: Expose EC2 instance lifecycle as meta label #6914 * Kubernetes SD: Expose service type as meta label for K8s service role #6684 * Kubernetes SD: Expose label_selector and field_selector #6807 * Openstack SD: Expose hypervisor id as meta label #6962 + Bug fixes * PromQL: Do not escape HTML-like chars in query log #6834 #6795 * React UI: Fix data table matrix values #6896 * React UI: Fix new targets page not loading when using non-ASCII characters #6892 * Remote read: Fix duplication of metrics read from remote storage with external labels #6967 #7018 * Remote write: Register WAL watcher and live reader metrics for all remotes, not just the first one #6998 * Scrape: Prevent removal of metric names upon relabeling #6891 * Scrape: Fix 'superfluous response.WriteHeader call' errors when scrape fails under some circonstances #6986 * Scrape: Fix crash when reloads are separated by two scrape intervals #7011 - Changes from 2.16.0 + Features * React UI: Support local timezone on /graph #6692 * PromQL: add absent_over_time query function #6490 * Adding optional logging of queries to their own file #6520 + Enhancements * React UI: Add support for rules page and 'Xs ago' duration displays #6503 * React UI: alerts page, replace filtering togglers tabs with checkboxes #6543 * TSDB: Export metric for WAL write errors #6647 * TSDB: Improve query performance for queries that only touch the most recent 2h of data. #6651 * PromQL: Refactoring in parser errors to improve error messages #6634 * PromQL: Support trailing commas in grouping opts #6480 * Scrape: Reduce memory usage on reloads by reusing scrape cache #6670 * Scrape: Add metrics to track bytes and entries in the metadata cache #6675 * promtool: Add support for line-column numbers for invalid rules output #6533 * Avoid restarting rule groups when it is unnecessary #6450 + Bug fixes * React UI: Send cookies on fetch() on older browsers #6553 * React UI: adopt grafana flot fix for stacked graphs #6603 * React UI: broken graph page browser history so that back button works as expected #6659 * TSDB: ensure compactionsSkipped metric is registered, and log proper error if one is returned from head.Init #6616 * TSDB: return an error on ingesting series with duplicate labels #6664 * PromQL: Fix unary operator precedence #6579 * PromQL: Respect query.timeout even when we reach query.max-concurrency #6712 * PromQL: Fix string and parentheses handling in engine, which affected React UI #6612 * PromQL: Remove output labels returned by absent() if they are produced by multiple identical label matchers #6493 * Scrape: Validate that OpenMetrics input ends with `# EOF` #6505 * Remote read: return the correct error if configs can't be marshal'd to JSON #6622 * Remote write: Make remote client `Store` use passed context, which can affect shutdown timing #6673 * Remote write: Improve sharding calculation in cases where we would always be consistently behind by tracking pendingSamples #6511 * Ensure prometheus_rule_group metrics are deleted when a rule group is removed #6693 - Changes from 2.15.2 + Bug fixes * TSDB: Fixed support for TSDB blocks built with Prometheus before 2.1.0. #6564 * TSDB: Fixed block compaction issues on Windows. #6547 - Changes from 2.15.1 + Bug fixes * TSDB: Fixed race on concurrent queries against same data. #6512 - Changes from 2.15.0 + Features * API: Added new endpoint for exposing per metric metadata `/metadata`. #6420 #6442 + Changes * Discovery: Removed `prometheus_sd_kubernetes_cache_*` metrics. Additionally `prometheus_sd_kubernetes_workqueue_latency_seconds` and `prometheus_sd_kubernetes_workqueue_work_duration_seconds` metrics now show correct values in seconds. #6393 * Remote write: Changed `query` label on `prometheus_remote_storage_*` metrics to `remote_name` and `url`. #6043 + Enhancements * TSDB: Significantly reduced memory footprint of loaded TSDB blocks. #6418 #6461 * TSDB: Significantly optimized what we buffer during compaction which should result in lower memory footprint during compaction. #6422 #6452 #6468 #6475 * TSDB: Improve replay latency. #6230 * TSDB: WAL size is now used for size based retention calculation. #5886 * Remote read: Added query grouping and range hints to the remote read request #6401 * Remote write: Added `prometheus_remote_storage_sent_bytes_total` counter per queue. #6344 * promql: Improved PromQL parser performance. #6356 * React UI: Implemented missing pages like `/targets` #6276, TSDB status page #6281 #6267 and many other fixes and performance improvements. * promql: Prometheus now accepts spaces between time range and square bracket. e.g `[ 5m]` #6065 + Bug fixes * Config: Fixed alertmanager configuration to not miss targets when configurations are similar. #6455 * Remote write: Value of `prometheus_remote_storage_shards_desired` gauge shows raw value of desired shards and it's updated correctly. #6378 * Rules: Prometheus now fails the evaluation of rules and alerts where metric results collide with labels specified in `labels` field. #6469 * API: Targets Metadata API `/targets/metadata` now accepts empty `match_targets` parameter as in the spec. #6303 - Changes from 2.14.0 + Features * API: `/api/v1/status/runtimeinfo` and `/api/v1/status/buildinfo` endpoints added for use by the React UI. #6243 * React UI: implement the new experimental React based UI. #5694 and many more * Can be found by under `/new`. * Not all pages are implemented yet. * Status: Cardinality statistics added to the Runtime & Build Information page. #6125 + Enhancements * Remote write: fix delays in remote write after a compaction. #6021 * UI: Alerts can be filtered by state. #5758 + Bug fixes * Ensure warnings from the API are escaped. #6279 * API: lifecycle endpoints return 403 when not enabled. #6057 * Build: Fix Solaris build. #6149 * Promtool: Remove false duplicate rule warnings when checking rule files with alerts. #6270 * Remote write: restore use of deduplicating logger in remote write. #6113 * Remote write: do not reshard when unable to send samples. #6111 * Service discovery: errors are no longer logged on context cancellation. #6116, #6133 * UI: handle null response from API properly. #6071 - Changes from 2.13.1 + Bug fixes * Fix panic in ARM builds of Prometheus. #6110 * promql: fix potential panic in the query logger. #6094 * Multiple errors of http: superfluous response.WriteHeader call in the logs. #6145 - Changes from 2.13.0 + Enhancements * Metrics: renamed prometheus_sd_configs_failed_total to prometheus_sd_failed_configs and changed to Gauge #5254 * Include the tsdb tool in builds. #6089 * Service discovery: add new node address types for kubernetes. #5902 * UI: show warnings if query have returned some warnings. #5964 * Remote write: reduce memory usage of the series cache. #5849 * Remote read: use remote read streaming to reduce memory usage. #5703 * Metrics: added metrics for remote write max/min/desired shards to queue manager. #5787 * Promtool: show the warnings during label query. #5924 * Promtool: improve error messages when parsing bad rules. #5965 * Promtool: more promlint rules. #5515 + Bug fixes * UI: Fix a Stored DOM XSS vulnerability with query history [CVE-2019-10215](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10215). #6098 * Promtool: fix recording inconsistency due to duplicate labels. #6026 * UI: fixes service-discovery view when accessed from unhealthy targets. #5915 * Metrics format: OpenMetrics parser crashes on short input. #5939 * UI: avoid truncated Y-axis values. #6014 - Changes from 2.12.0 + Features * Track currently active PromQL queries in a log file. #5794 * Enable and provide binaries for `mips64` / `mips64le` architectures. #5792 + Enhancements * Improve responsiveness of targets web UI and API endpoint. #5740 * Improve remote write desired shards calculation. #5763 * Flush TSDB pages more precisely. tsdb#660 * Add `prometheus_tsdb_retention_limit_bytes` metric. tsdb#667 * Add logging during TSDB WAL replay on startup. tsdb#662 * Improve TSDB memory usage. tsdb#653, tsdb#643, tsdb#654, tsdb#642, tsdb#627 + Bug fixes * Check for duplicate label names in remote read. #5829 * Mark deleted rules' series as stale on next evaluation. #5759 * Fix JavaScript error when showing warning about out-of-sync server time. #5833 * Fix `promtool test rules` panic when providing empty `exp_labels`. #5774 * Only check last directory when discovering checkpoint number. #5756 * Fix error propagation in WAL watcher helper functions. #5741 * Correctly handle empty labels from alert templates. #5845 - Update to Prometheus 2.11.2 + Fixes crashes when systems have no FQDN + Adds Parallel calls to Uyuni API, meaningful performance increase + Adds Support for system group labels - Build with PIE - Only package required files (reduces rpm size by 4 MB) - Add sysconfig file - Add firewall config file - Use variables for defining user and group - Add support for Uyuni/SUSE Manager service discovery - readded _service file removed in error. - Update to 2.11.1 + Bug Fix: * Fix potential panic when prometheus is watching multiple zookeeper paths. - Update to 2.11.0 + Bug Fix: * resolve race condition in maxGauge. * Fix ZooKeeper connection leak. * Improved atomicity of .tmp block replacement during compaction for usual case. * Fix 'unknown series references' after clean shutdown. * Re-calculate block size when calling block.Delete. * Fix unsafe snapshots with head block. * prometheus_tsdb_compactions_failed_total is now incremented on any compaction failure. + Changes: * Remove max_retries from queue_config (it has been unused since rewriting remote-write to utilize the write-ahead-log) * The meta file BlockStats no longer holds size information. This is now dynamically calculated and kept in memory. It also includes the meta file size which was not included before * Renamed metric from prometheus_tsdb_wal_reader_corruption_errors to prometheus_tsdb_wal_reader_corruption_errors_total + Features: * Add option to use Alertmanager API v2. * Added humanizePercentage function for templates. * Include InitContainers in Kubernetes Service Discovery. * Provide option to compress WAL records using Snappy. + Enhancements: * Create new clean segment when starting the WAL. * Reduce allocations in PromQL aggregations. * Add storage warnings to LabelValues and LabelNames API results. * Add prometheus_http_requests_total metric. * Enable openbsd/arm build. * Remote-write allocation improvements. * Query performance improvement: Efficient iteration and search in HashForLabels and HashWithoutLabels. * Allow injection of arbitrary headers in promtool. * Allow passing external_labels in alert unit tests groups. * Allows globs for rules when unit testing. * Improved postings intersection matching. * Reduced disk usage for WAL for small setups. * Optimize queries using regexp for set lookups. - Update to 2.10.0: + Bug Fixes: * TSDB: Don't panic when running out of disk space and recover nicely from the condition * TSDB: Correctly handle empty labels. * TSDB: Don't crash on an unknown tombstone reference. * Storage/remote: Remove queue-manager specific metrics if queue no longer exists. * PromQL: Correctly display {__name__='a'}. * Discovery/kubernetes: Use service rather than ingress as the name for the service workqueue. * Discovery/azure: Don't panic on a VM with a public IP. * Web: Fixed Content-Type for js and css instead of using /etc/mime.types. * API: Encode alert values as string to correctly represent Inf/NaN. + Features: * Template expansion: Make external labels available as $externalLabels in alert and console template expansion. * TSDB: Add prometheus_tsdb_wal_segment_current metric for the WAL segment index that TSDB is currently writing to. tsdb * Scrape: Add scrape_series_added per-scrape metric. #5546 + Enhancements * Discovery/kubernetes: Add labels __meta_kubernetes_endpoint_node_name and __meta_kubernetes_endpoint_hostname. * Discovery/azure: Add label __meta_azure_machine_public_ip. * TSDB: Simplify mergedPostings.Seek, resulting in better performance if there are many posting lists. tsdb * Log filesystem type on startup. * Cmd/promtool: Use POST requests for Query and QueryRange. client_golang * Web: Sort alerts by group name. * Console templates: Add convenience variables $rawParams, $params, $path. - Upadte to 2.9.2 + Bug Fixes: * Make sure subquery range is taken into account for selection * Exhaust every request body before closing it * Cmd/promtool: return errors from rule evaluations * Remote Storage: string interner should not panic in release * Fix memory allocation regression in mergedPostings.Seek tsdb - Update to 2.9.1 + Bug Fixes: * Discovery/kubernetes: fix missing label sanitization * Remote_write: Prevent reshard concurrent with calling stop - Update to 2.9.0 + Feature: * Add honor_timestamps scrape option. + Enhancements: * Update Consul to support catalog.ServiceMultipleTags. * Discovery/kubernetes: add present labels for labels/annotations. * OpenStack SD: Add ProjectID and UserID meta labels. * Add GODEBUG and retention to the runtime page. * Add support for POSTing to /series endpoint. * Support PUT methods for Lifecycle and Admin APIs. * Scrape: Add global jitter for HA server. * Check for cancellation on every step of a range evaluation. * String interning for labels & values in the remote_write path. * Don't lose the scrape cache on a failed scrape. * Reload cert files from disk automatically. common * Use fixed length millisecond timestamp format for logs. common * Performance improvements for postings. Bug Fixes: * Remote Write: fix checkpoint reading. * Check if label value is valid when unmarshaling external labels from YAML. * Promparse: sort all labels when parsing. * Reload rules: copy state on both name and labels. * Exponentation operator to drop metric name in result of operation. * Config: resolve more file paths. * Promtool: resolve relative paths in alert test files. * Set TLSHandshakeTimeout in HTTP transport. common * Use fsync to be more resilient to machine crashes. * Keep series that are still in WAL in checkpoints. - Update to 2.8.1 + Bug Fixes * Display the job labels in /targets which was removed accidentally - Update to 2.8.0 + Change: * This release uses Write-Ahead Logging (WAL) for the remote_write API. This currently causes a slight increase in memory usage, which will be addressed in future releases. * Default time retention is used only when no size based retention is specified. These are flags where time retention is specified by the flag --storage.tsdb.retention and size retention by --storage.tsdb.retention.size. * prometheus_tsdb_storage_blocks_bytes_total is now prometheus_tsdb_storage_blocks_bytes. + Feature: * (EXPERIMENTAL) Time overlapping blocks are now allowed; vertical compaction and vertical query merge. It is an optional feature which is controlled by the --storage.tsdb.allow-overlapping-blocks flag, disabled by default. + Enhancements: * Use the WAL for remote_write API. * Query performance improvements. * UI enhancements with upgrade to Bootstrap 4. * Reduce time that Alertmanagers are in flux when reloaded. * Limit number of metrics displayed on UI to 10000. * (1) Remember All/Unhealthy choice on target-overview when reloading page. (2) Resize text-input area on Graph page on mouseclick. * In histogram_quantile merge buckets with equivalent le values. * Show list of offending labels in the error message in many-to-many scenarios. * Show Storage Retention criteria in effect on /status page. + Bug Fixes: + Fix sorting of rule groups. + Fix support for password_file and bearer_token_file in Kubernetes SD. + Scrape: catch errors when creating HTTP clients + Adds new metrics: prometheus_target_scrape_pools_total prometheus_target_scrape_pools_failed_total prometheus_target_scrape_pool_reloads_total prometheus_target_scrape_pool_reloads_failed_total + Fix panic when aggregator param is not a literal. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2839-1 Released: Fri Oct 2 12:16:15 2020 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1173268,1175889 This update fixes the following issues: POS_Image-Graphical7: - Set wicked to use plain mac address for computing DHCP DUID (bsc#1173268) POS_Image-JeOS7: - Set wicked to use plain mac address for computing DHCP DUID (bsc#1173268) dracut-saltboot: - Set wicked to use plain mac address for computing DHCP DUID - Copy wicked lease xml file to prevent query for second IP address (bsc#1173268) golang-github-QubitProducts-exporter_exporter: - Pin Golang version to 1.14 mgr-daemon: - Remove duplicate languages and update translation strings spacecmd: - Fix softwarechannel_listlatestpackages throwing error on empty channels (bsc#1175889) spacewalk-client-tools: - Remove duplicated languages and update translation strings ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3767-1 Released: Fri Dec 11 16:06:22 2020 Summary: Recommended update for apache-commons-el Type: recommended Severity: low References: 1179637 This update for apache-commons-el fixes the following issues: - Provide missing update dependencies for apache-commons-el. (bsc#1179637) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3783-1 Released: Mon Dec 14 12:02:48 2020 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1143913,1176943,1177928 This update fixes the following issues: golang-github-prometheus-alertmanager: - Fix building amtool (bsc#1176943) - Fix permissions for /var/lib/prometheus to match golang-github-prometheus-prometheus package. Otherwise the install check will fail. - Update to 0.21.0 + Changes: * [HipChat] Remove HipChat integration as it is end-of-life. #2282 * [amtool] Remove default assignment of environment variables. #2161 * [PagerDuty] Enforce 512KB event size limit. #2225 + Enhancements: * [amtool] Add cluster command to show cluster and peer statuses. #2256 * Add redirection from / to the routes prefix when it isn't empty. #2235 * [Webhook] Add max_alerts option to limit the number of alerts included in the payload. #2274 * Improve logs for API v2, notifications and clustering. #2177 #2188 #2260 #2261 #2273 + Bugfixes: * Fix child routes not inheriting their parent route's grouping when group_by: [...]. * [UI] Fix the receiver selector in the Alerts page when the receiver name contains regular expression metacharacters such as +. * Fix error message about start and end time validation. #2173 * Fix a potential race condition in dispatcher. #2208 * [API v2] Return an empty array of peers when the clustering is disabled. #2203 * Fix the registration of alertmanager_dispatcher_aggregation_groups and alertmanager_dispatcher_alert_processing_duration_seconds metrics. * Always retry notifications with back-off. #2290 - Remove rpm group - Update to build with go1.14 for Factory (Tumbleweed) - Refresh example config from upstream - Add network-online (Wants and After) dependency to systemd unit bsc#1143913 mgr-daemon: - Fix removal of mgr-deamon with selinux enabled (bsc#1177928) spacecmd: - Fix: make spacecmd build on Debian spacewalk-client-tools: - Update translations spacewalk-koan: - Adjust ownership of some tests files to fix them supportutils-plugin-susemanager-client: - Remove checks for obsolete packages - Gather new configfiles - Add more important informations zypp-plugin-spacewalk: - Support 'allow vendor change' for dist upgrades ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:333-1 Released: Mon Feb 8 10:31:48 2021 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1176823,1177884,1179555,1179566 This update fixes the following issues: golang-github-prometheus-alertmanager: - Exclude s390 architecture - Update packaging * Remove systemd and shadow hard requirements * use the system user provided by the system-user-prometheus subpackge * add 'prometheus-alertmanager' package alias golang-github-prometheus-prometheus: - Update to upstream version 2.22.1 - Update packaging * Remove systemd and shadow hard requirements * use systemd-sysusers to configure the user in a dedicated 'system-user-prometheus' subpackage * add 'prometheus' package alias grafana: - Update packaging * avoid systemd and shadow hard requirements * Require the user from a new dedicated 'system-user-grafana' sibling package * avoid pinning to a specific Go version in the spec file - Update to version 7.3.1: * Breaking changes - CloudWatch: The AWS CloudWatch data source's authentication scheme has changed. See the upgrade notes for details and how this may affect you. - Units: The date time units `YYYY-MM-DD HH:mm:ss` and `MM/DD/YYYY h:mm:ss a` have been renamed to `Datetime ISO` and `Datetime US` respectively. * Features / Enhancements - AzureMonitor: Support decimal (as float64) type in analytics/logs. - Add monitoring mixing for Grafana. - CloudWatch: Missing Namespace AWS/EC2CapacityReservations. - CloudWatch: Add support for AWS DirectConnect virtual interface metrics and add missing dimensions. - CloudWatch: Adding support for Amazon ElastiCache Redis metrics. - CloudWatch: Adding support for additional Amazon CloudFront metrics. - CloudWatch: Re-implement authentication. - Elasticsearch: Support multiple pipeline aggregations for a query. - Prometheus: Add time range parameters to labels API. - Loki: Visually distinguish error logs for LogQL2. - Api: Add /healthz endpoint for health checks. - API: Enrich add user to org endpoints with user ID in the response. - API: Enrich responses and improve error handling for alerting API endpoints. - Elasticsearch: Add support for date_nanos type. - Elasticsearch: Allow fields starting with underscore. - Elasticsearch: Increase maximum geohash aggregation precision to 12. - Postgres: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). - Provisioning: Remove provisioned dashboards without parental reader. - API: Return ID of the deleted resource for dashboard, datasource and folder DELETE endpoints. - API: Support paging in the admin orgs list API. - API: return resource ID for auth key creation, folder permissions update and user invite complete endpoints. - BackendSrv: Uses credentials, deprecates withCredentials & defaults to same-origin. - CloudWatch: Update list of AmazonMQ metrics and dimensions. - Cloudwatch: Add Support for external ID in assume role. - Cloudwatch: Add af-south-1 region. - DateFormats: Default ISO & US formats never omit date part even if date is today (breaking change). - Explore: Transform prometheus query to elasticsearch query. - InfluxDB/Flux: Increase series limit for Flux datasource. - InfluxDB: exclude result and table column from Flux table results. - InfluxDB: return a table rather than an error when timeseries is missing time. - Loki: Add scopedVars support in legend formatting for repeated variables. - Loki: Re-introduce running of instant queries. - Loki: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). - MixedDatasource: Shows retrieved data even if a data source fails. - Postgres: Support Unix socket for host. - Prometheus: Add scopedVars support in legend formatting for repeated variables. - Prometheus: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). - Prometheus: add $__rate_interval variable. - Table: Adds column filtering. - grafana-cli: Add ability to read password from stdin to reset admin password. - Variables: enables cancel for slow query variables queries. - AzureMonitor: fix panic introduced in 7.1.4 when unit was unspecified and alias was used. - TextPanel: Fix content overflowing panel boundaries. - Fix golang version = 1.14 to avoid dependency conflicts on some OBS projects - Update to version 7.0.0 * Remove phantomJS patch from Makefile mgr-osad: - Change the log file permissions as expected by logrotate (bsc#1177884) spacecmd: - Fix spacecmd with no parameters produces traceback on SLE 11 SP4 (bsc#1176823) - Added '-r REVISION' option to the 'configchannel_updateinitsls' command (bsc#1179566) - Fix: internal: workaround for future tee of logs translation uyuni-common-libs: - Section in Debian packages in now treated as optional (bsc#1179555) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:598-1 Released: Thu Feb 25 10:30:23 2021 Summary: Recommended update for go Type: recommended Severity: moderate References: 1164903,1172608,1175132 This update for go fixes the following issues: Update to current stable go1.15 (bsc#1175132) * Ensure 'Provides: golang(API) = %{api_version}' is consistent to improve package resolution for common go dependency expressions 'BuildRequires: golang(API) >= 1.x' and BuildRequires: go >= 1.x OBS projects that contain go code often have prjconf entries 'Prefer: go' which selects go metapackage over go1.x packages. When go metapackage Provides: version is lower than go1.x versions, 'Prefer: go' is not effective and build failures occur with errors unresolvable: have choice for golang(API) >= 1.13: go1.13 go1.14 Edits and changelog Jeff Kowalczyk (bsc#1172608) * Unify '{version'} and '{short_version}' as '{api_version}' for 'Provides: golang(API) = %{api_version}' * Use both 'BuildRequires: go%{api_version}' and 'Requires: go%{api_version}' to trigger build errors if go1.x is unavailable * Add aarch64 to supported systems for go-race via %define tsan_arch x86_64 aarch64 * Add tsan_arch x86_64 aarch64 for suse_version >= 1500 and sle_version >= 150000, formerly conditional on suse_version >= 1315 * Ensure %ifarch %{tsan_arch} always evaluates (nil does not work) via dummy tsan_arch on systems where go-race is not supported Update to current stable go1.14 (bsc#1164903) * Remove redundant Provides: go-doc=%{version} per rpmlint warning - Change suse_version >= 1315 (was 1550) defines short_version 1.12 go1.12 packages are available for SLE-12. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:644-1 Released: Fri Feb 26 11:21:54 2021 Summary: Recommended Beta update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1180583,1180585 This update fixes the following issues: spacecmd: - Deprecated 'Software Crashes' feature - Document advanced package search on '--help' (bsc#1180583) - Fixed advanced search on 'package_listinstalledsystems' - Fixed duplicate results when using multiple search criteria (bsc#1180585) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:716-1 Released: Fri Mar 5 17:22:27 2021 Summary: Recommended update for go Type: recommended Severity: moderate References: 1182345 This update for go fixes the following issues: - Update to current stable go1.16 (bsc#1182345) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2201-1 Released: Tue Jun 29 13:05:59 2021 Summary: Recommended update for spacewalk-java Type: recommended Severity: important References: This update for spacewalk-java fixes the following issue: - Use the correct product tag. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2664-1 Released: Thu Aug 12 12:02:29 2021 Summary: Security update for golang-github-prometheus-prometheus Type: security Severity: moderate References: 1186242,CVE-2021-29622 This update for golang-github-prometheus-prometheus fixes the following issues: - Provide and reload firewalld configuration only for: + openSUSE Leap 15.0, 15.1, 15.2 + SUSE SLE15, SLE15 SP1, SLE15 SP2 - Upgrade to upstream version 2.27.1 (jsc#SLE-18254) + Bugfix: * SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242) + Features: * Promtool: Retroactive rule evaluation functionality. #7675 * Configuration: Environment variable expansion for external labels. Behind --enable-feature=expand-external-labels flag. #8649 * TSDB: Add a flag(--storage.tsdb.max-block-chunk-segment-size) to control the max chunks file size of the blocks for small Prometheus instances. * UI: Add a dark theme. #8604 * AWS Lightsail Discovery: Add AWS Lightsail Discovery. #8693 * Docker Discovery: Add Docker Service Discovery. #8629 * OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used. #8761 * Remote Write: Send exemplars via remote write. Experimental and disabled by default. #8296 + Enhancements: * Digital Ocean Discovery: Add __meta_digitalocean_vpc label. #8642 * Scaleway Discovery: Read Scaleway secret from a file. #8643 * Scrape: Add configurable limits for label size and count. #8777 * UI: Add 16w and 26w time range steps. #8656 * Templating: Enable parsing strings in humanize functions. #8682 + Bugfixes: * UI: Provide errors instead of blank page on TSDB Status Page. #8654 #8659 * TSDB: Do not panic when writing very large records to the WAL. #8790 * TSDB: Avoid panic when mmaped memory is referenced after the file is closed. #8723 * Scaleway Discovery: Fix nil pointer dereference. #8737 * Consul Discovery: Restart no longer required after config update with no targets. #8766 - Add tarball with vendor modules and web assets - Uyuni: Read formula data from exporters map - Uyuni: Add support for TLS targets - Upgrade to upstream version 2.26.0 + Changes * Alerting: Using Alertmanager v2 API by default. #8626 * Prometheus/Promtool: Binaries are now printing help and usage to stdout instead of stderr. #8542 + Features * Remote: Add support for AWS SigV4 auth method for remote_write. #8509 * PromQL: Allow negative offsets. Behind --enable-feature=promql-negative-offset flag. #8487 * UI: Add advanced auto-completion, syntax highlighting and linting to graph page query input. #8634 + Enhancements * PromQL: Add last_over_time, sgn, clamp functions. #8457 * Scrape: Add support for specifying type of Authorization header credentials with Bearer by default. #8512 * Scrape: Add follow_redirects option to scrape configuration. #8546 * Remote: Allow retries on HTTP 429 response code for remote_write. #8237 #8477 * Remote: Allow configuring custom headers for remote_read. #8516 * UI: Hitting Enter now triggers new query. #8581 * UI: Better handling of long rule and names on the /rules and /targets pages. #8608 #8609 * UI: Add collapse/expand all button on the /targets page. #8486 - Upgrade to upstream version 2.25.0 + Features * Include a new `--enable-feature=` flag that enables experimental features. + Enhancements * Add optional name property to testgroup for better test failure output. #8440 * Add warnings into React Panel on the Graph page. #8427 * TSDB: Increase the number of buckets for the compaction duration metric. #8342 * Remote: Allow passing along custom remote_write HTTP headers. #8416 * Mixins: Scope grafana configuration. #8332 * Kubernetes SD: Add endpoint labels metadata. #8273 * UI: Expose total number of label pairs in head in TSDB stats page. #8343 * TSDB: Reload blocks every minute, to detect new blocks and enforce retention more often. #8343 + Bug fixes * API: Fix global URL when external address has no port. #8359 * Deprecate unused flag --alertmanager.timeout. #8407 - Upgrade to upstream version 2.24.1 + Enhancements * Cache basic authentication results to significantly improve performance of HTTP endpoints. - Upgrade to upstream version 2.24.0 + Features * Add TLS and basic authentication to HTTP endpoints. #8316 * promtool: Add check web-config subcommand to check web config files. #8319 * promtool: Add tsdb create-blocks-from openmetrics subcommand to backfill metrics data from an OpenMetrics file. + Enhancements * HTTP API: Fast-fail queries with only empty matchers. #8288 * HTTP API: Support matchers for labels API. #8301 * promtool: Improve checking of URLs passed on the command line. #7956 * SD: Expose IPv6 as a label in EC2 SD. #7086 * SD: Reuse EC2 client, reducing frequency of requesting credentials. #8311 * TSDB: Add logging when compaction takes more than the block time range. #8151 * TSDB: Avoid unnecessary GC runs after compaction. #8276 - Upgrade to upstream version 2.23.0 + Changes * UI: Make the React UI default. #8142 * Remote write: The following metrics were removed/renamed in remote write. #6815 > prometheus_remote_storage_succeeded_samples_total was removed and prometheus_remote_storage_samples_total was introduced for all the samples attempted to send. > prometheus_remote_storage_sent_bytes_total was removed and replaced with prometheus_remote_storage_samples_bytes_total and prometheus_remote_storage_metadata_bytes_total. > prometheus_remote_storage_failed_samples_total -> prometheus_remote_storage_samples_failed_total . > prometheus_remote_storage_retried_samples_total -> prometheus_remote_storage_samples_retried_total. > prometheus_remote_storage_dropped_samples_total -> prometheus_remote_storage_samples_dropped_total. > prometheus_remote_storage_pending_samples -> prometheus_remote_storage_samples_pending. * Remote: Do not collect non-initialized timestamp metrics. #8060 + Enhancements * Remote write: Added a metric prometheus_remote_storage_max_samples_per_send for remote write. #8102 * TSDB: Make the snapshot directory name always the same length. #8138 * TSDB: Create a checkpoint only once at the end of all head compactions. #8067 * TSDB: Avoid Series API from hitting the chunks. #8050 * TSDB: Cache label name and last value when adding series during compactions making compactions faster. #8192 * PromQL: Improved performance of Hash method making queries a bit faster. #8025 * promtool: tsdb list now prints block sizes. #7993 * promtool: Calculate mint and maxt per test avoiding unnecessary calculations. #8096 * SD: Add filtering of services to Docker Swarm SD. #8074 - Uyuni: `hostname` label is now set to FQDN instead of IP - Update to upstream version 2.22.1 - Update packaging * Remove systemd and shadow hard requirements * use systemd-sysusers to configure the user in a dedicated 'system-user-prometheus' subpackage * add 'prometheus' package alias + Add support for Prometheus exporters proxy - Remove prometheus.firewall.xml source file - Remove firewalld files. They are installed in the main firewalld package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2667-1 Released: Thu Aug 12 12:03:18 2021 Summary: Recommended update for system-user-prometheus Type: recommended Severity: moderate References: This recommended update for system-user-prometheus provides the following fixes: - Provide the user and group 'prometheus' to SUSE Enterprise Storage 6 needed by 'golang-github-prometheus-prometheus' (jsc#SLE-18254) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2675-1 Released: Thu Aug 12 12:05:11 2021 Summary: Security update for SUSE Manager Client Tools Type: security Severity: moderate References: 1175478,1186242,1186508,1186581,1186650,1188846,CVE-2021-27962,CVE-2021-28146,CVE-2021-28147,CVE-2021-28148,CVE-2021-29622 This update fixes the following issues: ansible: - The support level for ansible is l2, not l3 dracut-saltboot: - Force installation of libexpat.so.1 (bsc#1188846) - Use kernel parameters from PXE formula also for local boot golang-github-prometheus-prometheus: - Provide and reload firewalld configuration only for: + openSUSE Leap 15.0, 15.1, 15.2 + SUSE Linux Enterprise 15, 15 SP1, 15 SP2 - Upgrade to upstream version 2.27.1 (jsc#SLE-18254) + Bugfix: * SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242) * UI: Provide errors instead of blank page on TSDB Status Page. #8654 #8659 * TSDB: Do not panic when writing very large records to the WAL. #8790 * TSDB: Avoid panic when mmaped memory is referenced after the file is closed. #8723 * Scaleway Discovery: Fix nil pointer dereference. #8737 * Consul Discovery: Restart no longer required after config update with no targets. #8766 + Features: * Promtool: Retroactive rule evaluation functionality. * Configuration: Environment variable expansion for external labels. Behind '--enable-feature=expand-external-labels' flag. * Add a flag '--storage.tsdb.max-block-chunk-segment-size' to control the max chunks file size of the blocks for small Prometheus instances. * UI: Add a dark theme. * AWS Lightsail Discovery: Add AWS Lightsail Discovery. * Docker Discovery: Add Docker Service Discovery. * OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used. * Remote Write: Send exemplars via remote write. Experimental and disabled by default. + Enhancements: * Digital Ocean Discovery: Add '__meta_digitalocean_vpc' label. * Scaleway Discovery: Read Scaleway secret from a file. * Scrape: Add configurable limits for label size and count. * UI: Add 16w and 26w time range steps. * Templating: Enable parsing strings in humanize functions. - Update package with changes from `server:monitoring` (bsc#1175478) Left out removal of 'firewalld' related configuration files as SUSE Linux Enterprise 15-SP1's `firewalld` package does not contain 'prometheus' configuration yet. mgr-cfg: - No visible impact for the user mgr-custom-info: - No visible impact for the user mgr-osad: - No visible impact for the user mgr-push: - No visible impact for the user mgr-virtualization: - No visible impact for the user rhnlib: - No visible impact for the user spacecmd: - Make spacecmd aware of retracted patches/packages - Enhance help for installation types when creating distributions (bsc#1186581) - Parse empty argument when nothing in between the separator spacewalk-client-tools: - Update translation strings spacewalk-koan: - Fix for spacewalk-koan tests after switching to the new Docker images spacewalk-oscap: - No visible impact for the user suseRegisterInfo: - No visible impact for the user uyuni-common-libs: - Handle broken RPM packages to prevent exceptions causing fails on repository synchronization (bsc#1186650) - Maintainer field in debian packages are only recommended (bsc#1186508) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2676-1 Released: Thu Aug 12 12:05:27 2021 Summary: Maintenance update for SUSE Manager 4.2: Server and Proxy Type: recommended Severity: low References: 1164192,1167586,1173692,1180650,1182769,1182817,1183151,1184659,1185131,1185679,1186025,1186287,1186310,1186502,1186650,1186744,1187065,1187397,1187441,1187451,1187593,1187621,1187660,1187787,1187813,1187963,1188073,1188170,1188289,1188297,1188395,1188900 Maintenance update for SUSE Manager 4.2: Server and Proxy This is a codestream only update. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2021:3166-1 Released: Mon Sep 20 17:25:05 2021 Summary: Feature update for SUSE Manager 4.2.2 Proxy Type: feature Severity: moderate References: This update provides the following package to SUSE Manager 4.2.2 Proxy golang-github-prometheus-prometheus: - golang-github-prometheus-prometheus is added to SUSE Manager Proxy as L3 supported. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2021:3168-1 Released: Mon Sep 20 17:25:42 2021 Summary: Feature update for SUSE Manager 4.2.2 Proxy and Server Type: feature Severity: moderate References: This update provides the following package to SUSE Manager 4.2.2 Proxy python-pyvmomi: - python-pyvmomi is added to SUSE Manager Proxy as L3 supported. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2021:3169-1 Released: Mon Sep 20 17:26:07 2021 Summary: Feature update for SUSE Manager 4.2.2 Proxy and Server Type: feature Severity: moderate References: This update provides the following packages to SUSE Manager 4.2.2 Proxy and Server: ansible: - ansible and ansible-doc are added to SUSE Manager Proxy as L2 supported golang-github-prometheus-alertmanager: - golang-github-prometheus-alertmanager is added to SUSE Manager Proxy as L3 supported python-python-memcached: - python-python-memcached is added to SUSE Manager Proxy as L3 supported python-redis: - python-redis is added to SUSE Manager Proxy as L3 supported system-user-prometheus: - system-user-prometheus is added to SUSE Manager Proxy as L3 supported ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3170-1 Released: Mon Sep 20 17:26:29 2021 Summary: Security maintenance update for SUSE Manager 4.2: Server and Proxy Type: security Severity: critical References: 1171483,1173143,1181223,1186026,1186281,1186339,1187335,1187549,1188032,1188042,1188136,1188163,1188193,1188260,1188393,1188400,1188503,1188505,1188551,1188641,1188647,1188656,1188853,1188855,1189011,1189040,1189167,1189263,1189419,1189458,CVE-2021-40323,CVE-2021-40324,CVE-2021-40325 Security maintenance update for SUSE Manager 4.2: Server and Proxy - This is a codestreamonly update ----------------------------------------------------------------- Advisory ID: SUSE-feature-2021:3262-1 Released: Thu Sep 30 11:39:15 2021 Summary: Feature update for SUSE Manager 4.1.11 Proxy Type: feature Severity: moderate References: This update provides the following packages to SUSE Manager 4.1.11 Proxy golang-github-prometheus-prometheus: - golang-github-prometheus-prometheus is added to SUSE Manager Proxy as L3 supported ----------------------------------------------------------------- Advisory ID: SUSE-feature-2021:3263-1 Released: Thu Sep 30 11:39:37 2021 Summary: Feature update for SUSE Manager 4.1.11 Proxy Type: feature Severity: moderate References: This update provides the following packages to SUSE Manager 4.1.11 Proxy golang-github-prometheus-alertmanager: - golang-github-prometheus-alertmanager is added to SUSE Manager Proxy as L3 supported system-user-prometheus: - system-user-prometheus is added to SUSE Manager Proxy as L3 supported ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3561-1 Released: Wed Oct 27 15:29:57 2021 Summary: Recommended maintenance update for SUSE Manager 4.2: Server and Proxy Type: recommended Severity: moderate References: 1171520,1181223,1187572,1187998,1188315,1188977,1189260,1189422,1189609,1189799,1189818,1189933,1190040,1190123,1190151,1190164,1190166,1190265,1190275,1190276,1190300,1190396,1190405,1190455,1190512,1190602,1190751,1190820,1191123,1191139,1191348,1191551,1191898,CVE-2021-21996,CVE-2021-40348 Maintenance update for SUSE Manager 4.2: Server and Proxy This is a codestream only release. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2021:3924-1 Released: Fri Dec 3 14:20:03 2021 Summary: Feature update for golang-github-prometheus-alertmanager Type: feature Severity: moderate References: 1143913,1176943 This feature update for golang-github-prometheus-alertmanager fixes the following issue: Provide version 0.21.0 of golang-github-prometheus-alertmanager (jsc#SLE-21859) - Exclude s390 architecture - Remove systemd and shadow hard requirements - Use the system user provided by the 'system-user-prometheus' subpackge - Add 'prometheus-alertmanager' package alias - Fix building amtool (bsc#1176943) - Fix permissions for '/var/lib/prometheus' to match 'golang-github-prometheus-prometheus' package and avoid installation checks failures - Remove HipChat integration as it is end-of-life. - Remove default assignment of environment variables. - Enforce 512KB event size limit. - Add cluster command to show cluster and peer statuses. - Add redirection from '/' to the routes prefix when it isn't empty. - Add 'max_alerts' option to limit the number of alerts included in the payload. - Improve logs for API v2, notifications and clustering. - Fix child routes not inheriting their parent route's grouping when 'group_by: [...]'. - Fix the receiver selector in the Alerts page when the receiver name contains regular expression metacharacters such as '+'. - Fix error message about start and end time validation. - Fix a potential race condition in dispatcher. - Return an empty array of peers when the clustering is disabled. - Fix the registration of 'alertmanager_dispatcher_aggregation_groups' and 'alertmanager_dispatcher_alert_processing_duration_seconds' metrics. - Always retry notifications with back-off. - Update to build with go1.14 - Refresh example config from upstream - Add 'network-online' (Wants and After) dependency to systemd unit (bsc#1143913) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2021:3925-1 Released: Fri Dec 3 14:20:36 2021 Summary: Feature update for SUSE Manager Client Tools Type: feature Severity: moderate References: 1191194 This update fixes the following issues: prometheus-blackbox_exporter: - Provide 'prometheus-blackbox_exporter' version 0.19.0 (jsc#SLE-22351) - Use '%set_permissions' and '%verify_permissions' for SUSE Linux Enterprise 12 (bsc#1191194) - Set 'CAP_NET_RAW' capability to allow ICMP requests grafana: - Add URL to package source code in the login page footer spacecmd: - Update translation strings spacewalk-client-tools: - Update translation strings zypp-plugin-spacewalk: - Use proxy configured in 'up2date' config when it is defined - Added RHEL8 build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3926-1 Released: Fri Dec 3 14:21:08 2021 Summary: Recommended maintenance update for SUSE Manager 4.2: Server and Proxy Type: recommended Severity: moderate References: 1173143,1184617,1185465,1185951,1187673,1187708,1189643,1190114,1190446,1190665,1190866,1190867,1190964,1191123,1191139,1191144,1191222,1191267,1191274,1191313,1191340,1191377,1191412,1191442,1191444,1191460,1191495,1191538,1191643,1191656,1191702,1191899,1192321,1192736 Maintenance update for SUSE Manager 4.2: Server and Proxy This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:321-1 Released: Thu Feb 3 12:55:16 2022 Summary: Recommended update for go Type: recommended Severity: moderate References: 1190649 This update for go fixes the following issues: - Update the go wrapper package to switch to the current stable go1.17 (bsc#1190649) - Add golang Provides for RH/Fedora compatibility ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:509-1 Released: Fri Feb 18 11:45:06 2022 Summary: Security update for cobbler Type: security Severity: important References: 1193671,1193673,1193675,1193676,1193678,1195906,1195918,CVE-2021-45082,CVE-2021-45083 This update for cobbler fixes the following issues: - CVE-2021-45083: Fixed unsafe permissions on sensitive files (bsc#1193671). - CVE-2021-45082: Fixed incomplete template sanitation (bsc#1193678). The following non-security bugs were fixed: - Fix issues with installation module logging and validation (bsc#1195918) - Move configuration files ownership to apache (bsc#1195906) - Remove hardcoded test credentials (bsc#1193673) - Prevent log pollution (bsc#1193675) - Missing sanity check on MongoDB configuration file (bsc#1193676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:593-1 Released: Mon Feb 28 16:51:36 2022 Summary: Maintenance update for SUSE Manager 4.2: Server and Proxy Type: recommended Severity: low References: 1097531,1173103,1189561,1190781,1191192,1191285,1191857,1192321,1192368,1192440,1192487,1192510,1192514,1192550,1192566,1192699,1192776,1193008,1193292,1193565,1193585,1193600,1193612,1193694,1193832,1194044,1194397,1194862,1194905,1194990,1195171,CVE-2020-25638 Maintenance update for SUSE Manager 4.2: Server and Proxy This is a codestream only update. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:595-1 Released: Mon Feb 28 16:55:47 2022 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1192487,1193600 This update fixes the following issues: ansible: - Require python macros for building mgr-cfg: - Version 4.2.6-1 * Do not build python 2 package for SLE15SP4 and higher - Version 4.2.5-1 * do not build python 2 package for SLE15 - Version 4.2.4-1 * Fix python selinux package name depending on build target (bsc#1193600) mgr-custom-info: - Version 4.2.3-1 * require python macros for building mgr-osad: - Version 4.2.7-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building mgr-push: - Version 4.2.4-1 * Do not build python 2 package for SLE15SP4 and higher mgr-virtualization: - Version 4.2.3-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building rhnlib: - Version 4.2.5-1 * do not build python 2 package for SLE15 spacecmd: - Version 4.2.15-1 * require python macros for building spacewalk-client-tools: - Version 4.2.16-1 * do not build python 2 package for SLE15 * require python macros for building spacewalk-koan: - Version 4.2.5-1 * Do not build python 2 package for SLE15SP4 and higher spacewalk-oscap: - Version 4.2.3-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building spacewalk-remote-utils: - Version 4.2.2-1 * require python macros for building suseRegisterInfo: - Version 4.2.5-1 * require python macros for building * Do not build python 2 package for SLE15 and higher uyuni-common-libs: - Version 4.2.6-1 * Read modularity data from DISTTAG tag as fallback (bsc#1192487) * require python macros for building zypp-plugin-spacewalk: - 1.0.11 * require python macros for building ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:597-1 Released: Mon Feb 28 16:58:14 2022 Summary: Recommended update for prometheus-formula Type: recommended Severity: moderate References: 1196489 This update for prometheus-formula fixes the following issues: prometheus-formula: - Version 0.6.1 * Fix checking available package version (bsc#1196489) - Version 0.6.0 * Add support for new Uyuni SD in Prometheus >= 2.31 * Fix Blackbox exporter configuration for Prometheus >= 2.31 ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:599-1 Released: Mon Feb 28 16:59:39 2022 Summary: Feature update for golang-github-prometheus-prometheus Type: feature Severity: moderate References: 1181400 This feature update for golang-github-prometheus-prometheus provides the following changes: Upgrade `golang-github-prometheus-prometheus` from version 2.27.1 to version 2.32.1: (jsc#SLE-22863) - Use `obs-service-go_modules` - Added hardening to systemd service(s). Modified `prometheus.service` (bsc#1181400) - Bugfixes: * Scrape: Fix reporting metrics when sample limit is reached during the report. * Scrape: Ensure that scrape interval and scrape timeout are always set. * TSDB: Expose and fix bug in iterators' Seek() method. * TSDB: Add more size checks when writing individual sections in the index. * PromQL: Make deriv() return zero values for constant series. * TSDB: Fix panic when checkpoint directory is empty. #9687 * TSDB: Fix panic, out of order chunks, and race warning during WAL replay. * UI: Correctly render links for targets with IPv6 addresses that contain a Zone ID. * Promtool: Fix checking of `authorization.credentials_file` and `bearer_token_file` fields. * Uyuni SD: Fix null pointer exception during initialization. * TSDB: Fix queries after a failed snapshot replay. * SD: Fix a panic when the experimental discovery manager receives targets during a reload. * Backfill: Apply rule labels after query labels. * Scrape: Resolve conflicts between multiple exported label prefixes. * Scrape: Restart scrape loops when __scrape_interval__ is changed. * TSDB: Fix memory leak in samples deletion. * UI: Use consistent margin-bottom for all alert kinds. * TSDB: Fix panic on failed snapshot replay. * TSDB: Don't fail snapshot replay with exemplar storage disabled when the snapshot contains exemplars. * TSDB: Don't error on overlapping m-mapped chunks during WAL replay. * promtool rules backfill: Prevent creation of data before the start time. * promtool rules backfill: Do not query after the end time. * Azure SD: Fix panic when no computername is set. * Exemplars: Fix panic when resizing exemplar storage from 0 to a non-zero size. * TSDB: Correctly decrement `prometheus_tsdb_head_active_appenders` when the append has no samples. * promtool rules backfill: Return 1 if backfill was unsuccessful. * promtool rules backfill: Avoid creation of overlapping blocks. * config: Fix a panic when reloading configuration with a null relabel action. * Fix Kubernetes SD failing to discover Ingress in Kubernetes v1.22. * Fix data race in loading write-ahead-log (WAL). * TSDB: align atomically accessed int64 to prevent panic in 32-bit archs. * Log when total symbol size exceeds 2^32 bytes, causing compaction to fail, and skip compaction. * Fix incorrect target_limit reloading of zero value. * Fix head GC and pending readers race condition. * Fix timestamp handling in OpenMetrics parser. * Fix potential duplicate metrics in /federate endpoint when specifying multiple matchers. * Fix server configuration and validation for authentication via client cert. * Allow start and end again as label names in PromQL queries. They were disallowed since the introduction of @ timestamp feature. * HTTP SD: Allow charset specification in Content-Type header. * HTTP SD: Fix handling of disappeared target groups. * Fix incorrect log-level handling after moving to go-kit/log. * UI: In the experimental PromQL editor, fix autocompletion and parsing for special float values and improve series metadata fetching. * TSDB: When merging chunks, split resulting chunks if they would contain more than the maximum of 120 samples. * SD: Fix the computation of the `prometheus_sd_discovered_targets` metric when using multiple service discoveries. - Change: * remote-write: Change default max retry time from 100ms to 5 seconds. * UI: Remove standard PromQL editor in favour of the codemirror-based editor. * Promote `--storage.tsdb.allow-overlapping-blocks` flag to stable. * Promote `--storage.tsdb.retention.size` flag to stable. * UI: Make the new experimental PromQL editor the default. - Features: * Agent: New mode of operation optimized for remote-write only scenarios, without local storage. * Promtool: Add promtool check service-discovery command. * PromQL: Add trigonometric functions and atan2 binary operator. * Remote: Add support for exemplar in the remote write receiver endpoint. * SD: Add PuppetDB service discovery. * SD: Add Uyuni service discovery. * Web: Add support for security-related HTTP headers. * experimental TSDB: Snapshot in-memory chunks on shutdown for faster restarts. * experimental Scrape: Configure scrape interval and scrape timeout via relabeling using `__scrape_interval__` and `__scrape_timeout__` labels respectively. * Scrape: Add scrape_timeout_seconds and scrape_sample_limit metric. * Add Kuma service discovery. * Add present_over_time PromQL function. * Allow configuring exemplar storage via file and make it reloadable. * UI: Allow selecting time range with mouse drag. * promtool: Add feature flags flag `--enable-feature`. * promtool: Add `file_sd` file validation. * Linode SD: Add Linode service discovery. * HTTP SD: Add generic HTTP-based service discovery. * Kubernetes SD: Allow configuring API Server access via a kubeconfig file. * UI: Add exemplar display support to the graphing interface. * Consul SD: Add namespace support for Consul Enterprise. - Enhancements: * Promtool: Improve test output. * Promtool: Use kahan summation for better numerical stability. * Remote-write: Reuse memory for marshalling. * Scrape: Add scrape_body_size_bytes scrape metric behind the `--enable-feature=extra-scrape-metrics` flag. * TSDB: Add windows arm64 support. * TSDB: Optimize query by skipping unneeded sorting in TSDB. * Templates: Support int and uint as datatypes for template formatting. * UI: Prefer rate over rad, delta over deg, and count over cos in autocomplete. * Azure SD: Add proxy_url, follow_redirects, tls_config. * Backfill: Add `--max-block-duration` in promtool `create-blocks-from` rules. * Config: Print human-readable sizes with unit instead of raw numbers. * HTTP: Re-enable HTTP/2. * Kubernetes SD: Warn user if number of endpoints exceeds limit. * OAuth2: Add TLS configuration to token requests. * PromQL: Several optimizations. * PromQL: Make aggregations deterministic in instant queries. * Rules: Add the ability to limit number of alerts or series. * SD: Experimental discovery manager to avoid restarts upon reload. * UI: Debounce timerange setting changes. * Remote Write: Redact remote write URL when used for metric label. * UI: Redact remote write URL and proxy URL passwords in the /config page. * Scrape: Add --scrape.timestamp-tolerance flag to adjust scrape timestamp tolerance when enabled via `--scrape.adjust-timestamps`. * Remote Write: Improve throughput when sending exemplars. * TSDB: Optimise WAL loading by removing extra map and caching min-time * promtool: Speed up checking for duplicate rules. * Scrape: Reduce allocations when parsing the metrics. * docker_sd: Support host network mode * Reduce blocking of outgoing remote write requests from series garbage collection. * Improve write-ahead-log decoding performance. * Improve append performance in TSDB by reducing mutexes usage. * Allow configuring max_samples_per_send for remote write metadata. * Add `__meta_gce_interface_ipv4_` meta label to GCE discovery. * Add `__meta_ec2_availability_zone_id` meta label to EC2 discovery. * Add `__meta_azure_machine_computer_name` meta label to Azure discovery. * Add `__meta_hetzner_hcloud_labelpresent_` meta label to Hetzner discovery. * promtool: Add compaction efficiency to promtool tsdb analyze reports. * promtool: Allow configuring max block duration for backfilling via `--max-block-duration` flag. * UI: Add sorting and filtering to flags page. * UI: Improve alerts page rendering performance. * Promtool: Allow silencing output when importing / backfilling data. * Consul SD: Support reading tokens from file. * Rules: Add a new .ExternalURL alert field templating variable, containing the external URL of the Prometheus server. * Scrape: Add experimental body_size_limit scrape configuration setting to limit the allowed response body size for target scrapes. * Kubernetes SD: Add ingress class name label for ingress discovery. * UI: Show a startup screen with progress bar when the TSDB is not ready yet. * SD: Add a target creation failure counter `prometheus_target_sync_failed_total` and improve target creation failure handling. * TSDB: Improve validation of exemplar label set length. * TSDB: Add a prometheus_tsdb_clean_start metric that indicates whether a TSDB lockfile from a previous run still existed upon startup. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:729-1 Released: Fri Mar 4 11:52:00 2022 Summary: Maintenance update for SUSE Manager 4.2.5: Server only Type: recommended Severity: moderate References: 1196619 Maintenance update for SUSE Manager 4.2.5: Server only This is a codestream only update. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:796-1 Released: Thu Mar 10 12:16:15 2022 Summary: Recommended update for golang-github-prometheus-prometheus Type: recommended Severity: moderate References: 1196300 This update for golang-github-prometheus-prometheus fixes the following issues: - Fix Firewalld configuration file location (bsc#1196300) - Require Go 1.16+ - Do not build on s390 architecture. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:797-1 Released: Thu Mar 10 12:16:39 2022 Summary: Recommended update for zypp-plugin-spacewalk Type: recommended Severity: moderate References: This update for zypp-plugin-spacewalk fixes the following issues: zypp-plugin-spacewalk: - Update to version 1.0.12 * use new encoding function if available ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1253-1 Released: Tue Apr 19 09:00:06 2022 Summary: Recommended update for helm Type: recommended Severity: moderate References: This update for helm delivers helm 3.8.0 to the Containers module. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:1298-1 Released: Fri Apr 22 07:21:47 2022 Summary: Optional update for SUSE Package Hub Type: optional Severity: moderate References: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: gutenprint ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1299-1 Released: Fri Apr 22 07:22:49 2022 Summary: Recommended update for tigervnc Type: recommended Severity: moderate References: 1177758,1197119 This update for tigervnc fixes the following issues: - Fix rendering on big endian systems (bsc#1177758, bsc#1197119) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1301-1 Released: Fri Apr 22 09:57:26 2022 Summary: Recommended update for openCryptoki Type: recommended Severity: important References: 1197396 This update for openCryptoki fixes the following issues: - Add a fix to keep support Dilithium mechanism when using an upgraded EP11 library. (bsc#1197396) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1304-1 Released: Fri Apr 22 15:25:36 2022 Summary: Security update for tomcat Type: security Severity: important References: 1198136 This update for tomcat fixes the following issues: Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources() and always return null (bsc#1198136). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1305-1 Released: Fri Apr 22 15:26:42 2022 Summary: Security update for libinput Type: security Severity: important References: 1198111,CVE-2022-1215 This update for libinput fixes the following issues: - CVE-2022-1215: Fixed a format string vulnerability (bsc#1198111). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1307-1 Released: Fri Apr 22 15:29:43 2022 Summary: Security update for dnsmasq Type: security Severity: important References: 1197872,CVE-2022-0934 This update for dnsmasq fixes the following issues: - CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial of service via crafted packet (bsc#1197872). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:1317-1 Released: Fri Apr 22 19:01:25 2022 Summary: Optional update for dvd+rw-tools Type: optional Severity: low References: 1197713 This update for dvd+rw-tools fixes the following issues: - There are no visible changes for the final user: * Make the source building on 15 SP4. (bsc#1197713) * Refresh of exisiting patches. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1373-1 Released: Mon Apr 25 15:00:40 2022 Summary: Recommended update for rpmlint Type: recommended Severity: moderate References: 1070943,1196681,1198521 This update for rpmlint fixes the following issues: - fix kpmcore, nm-priv and tukitd whitelistings that contained absolute paths instead of only the basenames (bsc#1198521) - Backport of deepin-api whitelists (bsc#1196681 bsc#1070943) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1376-1 Released: Mon Apr 25 15:41:46 2022 Summary: Security update for mutt Type: security Severity: moderate References: 1198518,CVE-2022-1328 This update for mutt fixes the following issues: - CVE-2022-1328: Fixed an invalid memory access when reading untrusted uuencoded data. This could result in including private memory in replies (bsc#1198518). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1391-1 Released: Mon Apr 25 16:41:34 2022 Summary: Recommended update for salt Type: recommended Severity: important References: 1182851,1194632,1196050,1196432,1197417,1197533,1197637,CVE-2022-22934,CVE-2022-22935,CVE-2022-22936,CVE-2022-22941 This update for salt fixes the following issues: - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533) - Prevent data pollution between actions processed at the same time (bsc#1197637) - Fix salt-ssh opts poisoning. (bsc#1197637) - Clear network interfaces cache on grains request. (bsc#1196050) - Fix Salt-API failure due to an exception from the scheduled SSH-Push Tasks. (bsc#1182851, bsc#1196432) - Restrict 'state.orchestrate_single' to pass a pillar value if it exists. (bsc#1194632) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1396-1 Released: Mon Apr 25 16:43:15 2022 Summary: Security update for SUSE Manager Client Tools Type: security Severity: moderate References: 1181400,1194363,1194873,1194909,1195726,1195727,1195728,1197579,CVE-2021-36222,CVE-2021-3711,CVE-2021-39226,CVE-2021-41174,CVE-2021-41244,CVE-2021-43798,CVE-2021-43813,CVE-2021-43815,CVE-2022-21673,CVE-2022-21702,CVE-2022-21703,CVE-2022-21713 This update fixes the following issues: grafana: - Update from version 7.5.12 to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422) + Security: * Fixes XSS vulnerability in handling data sources (bsc#1195726, CVE-2022-21702) * Fixes cross-origin request forgery vulnerability (bsc#1195727, CVE-2022-21703) * Fixes Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728, CVE-2022-21713) - Update to Go 1.17. - Add build-time dependency on `wire`. - Update license to GNU Affero General Public License v3.0. - Update to version 8.3.4 * GetUserInfo: return an error if no user was found (bsc#1194873, CVE-2022-21673) + Features and enhancements: * Alerting: Allow configuration of non-ready alertmanagers. * Alerting: Allow customization of Google chat message. * AppPlugins: Support app plugins with only default nav. * InfluxDB: query editor: skip fields in metadata queries. * Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user cancels query in grafana. * Prometheus: Forward oauth tokens after prometheus datasource migration. + Bug fixes: * Azure Monitor: Bug fix for variable interpolations in metrics dropdowns. * Azure Monitor: Improved error messages for variable queries. * CloudMonitoring: Fixes broken variable queries that use group bys. * Configuration: You can now see your expired API keys if you have no active ones. * Elasticsearch: Fix handling multiple datalinks for a single field. * Export: Fix error being thrown when exporting dashboards using query variables that reference the default datasource. * ImportDashboard: Fixes issue with importing dashboard and name ending up in uid. * Login: Page no longer overflows on mobile. * Plugins: Set backend metadata property for core plugins. * Prometheus: Fill missing steps with null values. * Prometheus: Fix interpolation of $__rate_interval variable. * Prometheus: Interpolate variables with curly brackets syntax. * Prometheus: Respect the http-method data source setting. * Table: Fixes issue with field config applied to wrong fields when hiding columns. * Toolkit: Fix bug with rootUrls not being properly parsed when signing a private plugin. * Variables: Fix so data source variables are added to adhoc configuration. + Plugin development fixes & changes: * Toolkit: Revert build config so tslib is bundled with plugins to prevent plugins from crashing. - Update to version 8.3.3: * BarChart: Use new data error view component to show actions in panel edit. * CloudMonitor: Iterate over pageToken for resources. * Macaron: Prevent WriteHeader invalid HTTP status code panic. * AnnoListPanel: Fix interpolation of variables in tags. * CloudWatch: Allow queries to have no dimensions specified. * CloudWatch: Fix broken queries for users migrating from 8.2.4/8.2.5 to 8.3.0. * CloudWatch: Make sure MatchExact flag gets the right value. * Dashboards: Fix so that empty folders can be deleted from the manage dashboards/folders page. * InfluxDB: Improve handling of metadata query errors in InfluxQL. * Loki: Fix adding of ad hoc filters for queries with parser and line_format expressions. * Prometheus: Fix running of exemplar queries for non-histogram metrics. * Prometheus: Interpolate template variables in interval. * StateTimeline: Fix toolitp not showing when for frames with multiple fields. * TraceView: Fix virtualized scrolling when trace view is opened in right pane in Explore. * Variables: Fix repeating panels for on time range changed variables. * Variables: Fix so queryparam option works for scoped - Update to version 8.3.2 + Security: Fixes CVE-2021-43813 and CVE-2021-43815. - Update to version 8.3.1 + Security: Fixes CVE-2021-43798. - Update to version 8.3.0 * Alerting: Prevent folders from being deleted when they contain alerts. * Alerting: Show full preview value in tooltip. * BarGauge: Limit title width when name is really long. * CloudMonitoring: Avoid to escape regexps in filters. * CloudWatch: Add support for AWS Metric Insights. * TooltipPlugin: Remove other panels' shared tooltip in edit panel. * Visualizations: Limit y label width to 40% of visualization width. * Alerting: Clear alerting rule evaluation errors after intermittent failures. * Alerting: Fix refresh on legacy Alert List panel. * Dashboard: Fix queries for panels with non-integer widths. * Explore: Fix url update inconsistency. * Prometheus: Fix range variables interpolation for time ranges smaller than 1 second. * ValueMappings: Fixes issue with regex value mapping that only sets color. - Update to version 8.3.0-beta2 + Breaking changes: * Grafana 8 Alerting enabled by default for installations that do not use legacy alerting. * Keep Last State for 'If execution error or timeout' when upgrading to Grafana 8 alerting. * Alerting: Create DatasourceError alert if evaluation returns error. * Alerting: Make Unified Alerting enabled by default for those who do not use legacy alerting. * Alerting: Support mute timings configuration through the api for the embedded alert manager. * CloudWatch: Add missing AWS/Events metrics. * Docs: Add easier to find deprecation notices to certain data sources and to the changelog. * Plugins Catalog: Enable install controls based on the pluginAdminEnabled flag. * Table: Add space between values for the DefaultCell and JSONViewCell. * Tracing: Make query editors available in dashboard for Tempo and Zipkin. * AccessControl: Renamed orgs roles, removed fixed:orgs:reader introduced in beta1. * Azure Monitor: Add trap focus for modals in grafana/ui and other small a11y fixes for Azure Monitor. * CodeEditor: Prevent suggestions from being clipped. * Dashboard: Fix cache timeout persistence. * Datasource: Fix stable sort order of query responses. * Explore: Fix error in query history when removing last item. * Logs: Fix requesting of older logs when flipped order. * Prometheus: Fix running of health check query based on access mode. * TextPanel: Fix suggestions for existing panels. * Tracing: Fix incorrect indentations due to reoccurring spanIDs. * Tracing: Show start time of trace with milliseconds precision. * Variables: Make renamed or missing variable section expandable. * Select: Select menus now properly scroll during keyboard navigation. - Update to version 8.3.0-beta1 * Alerting: Add UI for contact point testing with custom annotations and labels. * Alerting: Make alert state indicator in panel header work with Grafana 8 alerts. * Alerting: Option for Discord notifier to use webhook name. * Annotations: Deprecate AnnotationsSrv. * Auth: Omit all base64 paddings in JWT tokens for the JWT auth. * Azure Monitor: Clean up fields when editing Metrics. * AzureMonitor: Add new starter dashboards. * AzureMonitor: Add starter dashboard for app monitoring with Application Insights. * Barchart/Time series: Allow x axis label. * CLI: Improve error handling for installing plugins. * CloudMonitoring: Migrate to use backend plugin SDK contracts. * CloudWatch Logs: Add retry strategy for hitting max concurrent queries. * CloudWatch: Add AWS RoboMaker metrics and dimension. * CloudWatch: Add AWS Transfer metrics and dimension. * Dashboard: replace datasource name with a reference object. * Dashboards: Show logs on time series when hovering. * Elasticsearch: Add support for Elasticsearch 8.0 (Beta). * Elasticsearch: Add time zone setting to Date Histogram aggregation. * Elasticsearch: Enable full range log volume histogram. * Elasticsearch: Full range logs volume. * Explore: Allow changing the graph type. * Explore: Show ANSI colors when highlighting matched words in the logs panel. * Graph(old) panel: Listen to events from Time series panel. * Import: Load gcom dashboards from URL. * LibraryPanels: Improves export and import of library panels between orgs. * OAuth: Support PKCE. * Panel edit: Overrides now highlight correctly when searching. * PanelEdit: Display drag indicators on draggable sections. * Plugins: Refactor Plugin Management. * Prometheus: Add custom query parameters when creating PromLink url. * Prometheus: Remove limits on metrics, labels, and values in Metrics Browser. * StateTimeline: Share cursor with rest of the panels. * Tempo: Add error details when json upload fails. * Tempo: Add filtering for service graph query. * Tempo: Add links to nodes in Service Graph pointing to Prometheus metrics. * Time series/Bar chart panel: Add ability to sort series via legend. * TimeSeries: Allow multiple axes for the same unit. * TraceView: Allow span links defined on dataFrame. * Transformations: Support a rows mode in labels to fields. * ValueMappings: Don't apply field config defaults to time fields. * Variables: Only update panels that are impacted by variable change. * API: Fix dashboard quota limit for imports. * Alerting: Fix rule editor issues with Azure Monitor data source. * Azure monitor: Make sure alert rule editor is not enabled when template variables are being used. * CloudMonitoring: Fix annotation queries. * CodeEditor: Trigger the latest getSuggestions() passed to CodeEditor. * Dashboard: Remove the current panel from the list of options in the Dashboard datasource. * Encryption: Fix decrypting secrets in alerting migration. * InfluxDB: Fix corner case where index is too large in ALIAS * NavBar: Order App plugins alphabetically. * NodeGraph: Fix zooming sensitivity on touchpads. * Plugins: Add OAuth pass-through logic to api/ds/query endpoint. * Snapshots: Fix panel inspector for snapshot data. * Tempo: Fix basic auth password reset on adding tag. * ValueMapping: Fixes issue with regex mappings. * grafana/ui: Enable slider marks display. - Update to version 8.2.7 - Update to version 8.2.6 * Security: Upgrade Docker base image to Alpine 3.14.3. * Security: Upgrade Go to 1.17.2. * TimeSeries: Fix fillBelowTo wrongly affecting fills of unrelated series. - Update to version 8.2.5 * Fix No Data behaviour in Legacy Alerting. * Alerting: Fix a bug where the metric in the evaluation string was not correctly populated. * Alerting: Fix no data behaviour in Legacy Alerting for alert rules using the AND operator. * CloudMonitoring: Ignore min and max aggregation in MQL queries. * Dashboards: 'Copy' is no longer added to new dashboard titles. * DataProxy: Fix overriding response body when response is a WebSocket upgrade. * Elasticsearch: Use field configured in query editor as field for date_histogram aggregations. * Explore: Fix running queries without a datasource property set. * InfluxDB: Fix numeric aliases in queries. * Plugins: Ensure consistent plugin settings list response. * Tempo: Fix validation of float durations. * Tracing: Correct tags for each span are shown. - Update to version 8.2.4 + Security: Fixes CVE-2021-41244. - Update to version 8.2.3 + Security: Fixes CVE-2021-41174. - Update to version 8.2.2 * Annotations: We have improved tag search performance. * Application: You can now configure an error-template title. * AzureMonitor: We removed a restriction from the resource filter query. * Packaging: We removed the ProcSubset option in systemd. This option prevented Grafana from starting in LXC environments. * Prometheus: We removed the autocomplete limit for metrics. * Table: We improved the styling of the type icons to make them more distinct from column / field name. * ValueMappings: You can now use value mapping in stat, gauge, bar gauge, and pie chart visualizations. * Alerting: Fix panic when Slack's API sends unexpected response. * Alerting: The Create Alert button now appears on the dashboard panel when you are working with a default datasource. * Explore: We fixed the problem where the Explore log panel disappears when an Elasticsearch logs query returns no results. * Graph: You can now see annotation descriptions on hover. * Logs: The system now uses the JSON parser only if the line is parsed to an object. * Prometheus: We fixed the issue where the system did not reuse TCP connections when querying from Grafana alerting. * Prometheus: We fixed the problem that resulted in an error when a user created a query with a $__interval min step. * RowsToFields: We fixed the issue where the system was not properly interpreting number values. * Scale: We fixed how the system handles NaN percent when data min = data max. * Table panel: You can now create a filter that includes special characters. - Update to version 8.2.1 * Dashboard: Fix rendering of repeating panels. * Datasources: Fix deletion of data source if plugin is not found. * Packaging: Remove systemcallfilters sections from systemd unit files. * Prometheus: Add Headers to HTTP client options. - Update to version 8.2.0 * AWS: Updated AWS authentication documentation. * Alerting: Added support Alertmanager data source for upstream Prometheus AM implementation. * Alerting: Allows more characters in label names so notifications are sent. * Alerting: Get alert rules for a dashboard or a panel using /api/v1/rules endpoints. * Annotations: Improved rendering performance of event markers. * CloudWatch Logs: Skip caching for log queries. * Explore: Added an opt-in configuration for Node Graph in Jaeger, Zipkin, and Tempo. * Packaging: Add stricter systemd unit options. * Prometheus: Metrics browser can now handle label values with * CodeEditor: Ensure that we trigger the latest onSave callback provided to the component. * DashboardList/AlertList: Fix for missing All folder value. * Plugins: Create a mock icon component to prevent console errors. - Update to version 8.2.0-beta2 * AccessControl: Document new permissions restricting data source access. * TimePicker: Add fiscal years and search to time picker. * Alerting: Added support for Unified Alerting with Grafana HA. * Alerting: Added support for tune rule evaluation using configuration options. * Alerting: Cleanups alertmanager namespace from key-value store when disabling Grafana 8 alerts. * Alerting: Remove ngalert feature toggle and introduce two new settings for enabling Grafana 8 alerts and disabling them for specific organisations. * CloudWatch: Introduced new math expression where it is necessary to specify the period field. * InfluxDB: Added support for $__interval and $__interval_ms in Flux queries for alerting. * InfluxDB: Flux queries can use more precise start and end timestamps with nanosecond-precision. * Plugins Catalog: Make the catalog the default way to interact with plugins. * Prometheus: Removed autocomplete limit for metrics. * Alerting: Fixed an issue where the edit page crashes if you tried to preview an alert without a condition set. * Alerting: Fixed rules migration to keep existing Grafana 8 alert rules. * Alerting: Fixed the silence file content generated during * Analytics: Fixed an issue related to interaction event propagation in Azure Application Insights. * BarGauge: Fixed an issue where the cell color was lit even though there was no data. * BarGauge: Improved handling of streaming data. * CloudMonitoring: Fixed INT64 label unmarshal error. * ConfirmModal: Fixes confirm button focus on modal open. * Dashboard: Add option to generate short URL for variables with values containing spaces. * Explore: No longer hides errors containing refId property. * Fixed an issue that produced State timeline panel tooltip error when data was not in sync. * InfluxDB: InfluxQL query editor is set to always use resultFormat. * Loki: Fixed creating context query for logs with parsed labels. * PageToolbar: Fixed alignment of titles. * Plugins Catalog: Update to the list of available panels after an install, update or uninstall. * TimeSeries: Fixed an issue where the shared cursor was not showing when hovering over in old Graph panel. * Variables: Fixed issues related to change of focus or refresh pages when pressing enter in a text box variable input. * Variables: Panel no longer crash when using the adhoc variable in data links. - Update to version 8.2.0-beta1 * AccessControl: Introduce new permissions to restrict access for reloading provisioning configuration. * Alerting: Add UI to edit Cortex/Loki namespace, group names, and group evaluation interval. * Alerting: Add a Test button to test contact point. * Alerting: Allow creating/editing recording rules for Loki and Cortex. * Alerting: Metrics should have the label org instead of user. * Alerting: Sort notification channels by name to make them easier to locate. * Alerting: Support org level isolation of notification * AzureMonitor: Add data links to deep link to Azure Portal Azure Resource Graph. * AzureMonitor: Add support for annotations from Azure Monitor Metrics and Azure Resource Graph services. * AzureMonitor: Show error message when subscriptions request fails in ConfigEditor. * Chore: Update to Golang 1.16.7. * CloudWatch Logs: Add link to X-Ray data source for trace IDs in logs. * CloudWatch Logs: Disable query path using websockets (Live) feature. * CloudWatch/Logs: Don't group dataframes for non time series * Cloudwatch: Migrate queries that use multiple stats to one query per stat. * Dashboard: Keep live timeseries moving left (v2). * Datasources: Introduce response_limit for datasource responses. * Explore: Add filter by trace or span ID to trace to logs * Explore: Download traces as JSON in Explore Inspector. * Explore: Reuse Dashboard's QueryRows component. * Explore: Support custom display label for derived fields buttons for Loki datasource. * Grafana UI: Update monaco-related dependencies. * Graphite: Deprecate browser access mode. * InfluxDB: Improve handling of intervals in alerting. * InfluxDB: InfluxQL query editor: Handle unusual characters in tag values better. * Jaeger: Add ability to upload JSON file for trace data. * LibraryElements: Enable specifying UID for new and existing library elements. * LibraryPanels: Remove library panel icon from the panel header so you can no longer tell that a panel is a library panel from the dashboard view. * Logs panel: Scroll to the bottom on page refresh when sorting in ascending order. * Loki: Add fuzzy search to label browser. * Navigation: Implement active state for items in the Sidemenu. * Packaging: Update PID file location from /var/run to /run. * Plugins: Add Hide OAuth Forward config option. * Postgres/MySQL/MSSQL: Add setting to limit the maximum number of rows processed. * Prometheus: Add browser access mode deprecation warning. * Prometheus: Add interpolation for built-in-time variables to backend. * Tempo: Add ability to upload trace data in JSON format. * TimeSeries/XYChart: Allow grid lines visibility control in XYChart and TimeSeries panels. * Transformations: Convert field types to time string number or boolean. * Value mappings: Add regular-expression based value mapping. * Zipkin: Add ability to upload trace JSON. * Admin: Prevent user from deleting user's current/active organization. * LibraryPanels: Fix library panel getting saved in the dashboard's folder. * OAuth: Make generic teams URL and JMES path configurable. * QueryEditor: Fix broken copy-paste for mouse middle-click * Thresholds: Fix undefined color in 'Add threshold'. * Timeseries: Add wide-to-long, and fix multi-frame output. * TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip is set to All. * Grafana UI: Fix TS error property css is missing in type. - Update to version 8.1.8 - Update to version 8.1.7 * Alerting: Fix alerts with evaluation interval more than 30 seconds resolving before notification. * Elasticsearch/Prometheus: Fix usage of proper SigV4 service namespace. - Update to version 8.1.6 + Security: Fixes CVE-2021-39226. - Update to version 8.1.5 * BarChart: Fixes panel error that happens on second refresh. - Update to version 8.1.4 + Features and enhancements * Explore: Ensure logs volume bar colors match legend colors. * LDAP: Search all DNs for users. * Alerting: Fix notification channel migration. * Annotations: Fix blank panels for queries with unknown data sources. * BarChart: Fix stale values and x axis labels. * Graph: Make old graph panel thresholds work even if ngalert is enabled. * InfluxDB: Fix regex to identify / as separator. * LibraryPanels: Fix update issues related to library panels in rows. * Variables: Fix variables not updating inside a Panel when the preceding Row uses 'Repeat For'. - Update to version 8.1.3 + Bug fixes * Alerting: Fix alert flapping in the internal alertmanager. * Alerting: Fix request handler failed to convert dataframe 'results' to plugins.DataTimeSeriesSlice: input frame is not recognized as a time series. * Dashboard: Fix UIDs are not preserved when importing/creating dashboards thru importing .json file. * Dashboard: Forces panel re-render when exiting panel edit. * Dashboard: Prevent folder from changing when navigating to general settings. * Docker: Force use of libcrypto1.1 and libssl1.1 versions to fix CVE-2021-3711. * Elasticsearch: Fix metric names for alert queries. * Elasticsearch: Limit Histogram field parameter to numeric values. * Elasticsearch: Prevent pipeline aggregations to show up in terms order by options. * LibraryPanels: Prevent duplicate repeated panels from being created. * Loki: Fix ad-hoc filter in dashboard when used with parser. * Plugins: Track signed files + add warn log for plugin assets which are not signed. * Postgres/MySQL/MSSQL: Fix region annotations not displayed correctly. * Prometheus: Fix validate selector in metrics browser. * Security: Fix stylesheet injection vulnerability. * Security: Fix short URL vulnerability. - Update to version 8.1.2 * AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers. * Datasource: Change HTTP status code for failed datasource health check to 400. * Explore: Add span duration to left panel in trace viewer. * Plugins: Use file extension allowlist when serving plugin assets instead of checking for UNIX executable. * Profiling: Add support for binding pprof server to custom network interfaces. * Search: Make search icon keyboard navigable. * Template variables: Keyboard navigation improvements. * Tooltip: Display ms within minute time range. * Alerting: Fix saving LINE contact point. * Annotations: Fix alerting annotation coloring. * Annotations: Alert annotations are now visible in the correct Panel. * Auth: Hide SigV4 config UI and disable middleware when its config flag is disabled. * Dashboard: Prevent incorrect panel layout by comparing window width against theme breakpoints. * Explore: Fix showing of full log context. * PanelEdit: Fix 'Actual' size by passing the correct panel size to Dashboard. * Plugins: Fix TLS datasource settings. * Variables: Fix issue with empty drop downs on navigation. * Variables: Fix URL util converting false into true. * Toolkit: Fix matchMedia not found error. - Update to version 8.1.1 * CloudWatch Logs: Fix crash when no region is selected. - Update to version 8.1.0 * Alerting: Deduplicate receivers during migration. * ColorPicker: Display colors as RGBA. * Select: Make portalling the menu opt-in, but opt-in everywhere. * TimeRangePicker: Improve accessibility. * Annotations: Correct annotations that are displayed upon page refresh. * Annotations: Fix Enabled button that disappeared from Grafana v8.0.6. * Annotations: Fix data source template variable that was not available for annotations. * AzureMonitor: Fix annotations query editor that does not load. * Geomap: Fix scale calculations. * GraphNG: Fix y-axis autosizing. * Live: Display stream rate and fix duplicate channels in list * Loki: Update labels in log browser when time range changes in dashboard. * NGAlert: Send resolve signal to alertmanager on alerting -> Normal. * PasswordField: Prevent a password from being displayed when you click the Enter button. * Renderer: Remove debug.log file when Grafana is stopped. * Security: Update dependencies to fix CVE-2021-36222. - Update to version 8.1.0-beta3 * Alerting: Support label matcher syntax in alert rule list filter. * IconButton: Put tooltip text as aria-label. * Live: Experimental HA with Redis. * UI: FileDropzone component. * CloudWatch: Add AWS LookoutMetrics. * Docker: Fix builds by delaying go mod verify until all required files are copied over. * Exemplars: Fix disable exemplars only on the query that failed. * SQL: Fix SQL dataframe resampling (fill mode + time intervals). - Update to version 8.1.0-beta2 * Alerting: Expand the value string in alert annotations and * Auth: Add Azure HTTP authentication middleware. * Auth: Auth: Pass user role when using the authentication proxy. * Gazetteer: Update countries.json file to allow for linking to 3-letter country codes. * Config: Fix Docker builds by correcting formatting in sample.ini. * Explore: Fix encoding of internal URLs. - Update to version 8.1.0-beta1 * Alerting: Add Alertmanager notifications tab. * Alerting: Add button to deactivate current Alertmanager * Alerting: Add toggle in Loki/Prometheus data source configuration to opt out of alerting UI. * Alerting: Allow any 'evaluate for' value >=0 in the alert rule form. * Alerting: Load default configuration from status endpoint, if Cortex Alertmanager returns empty user configuration. * Alerting: view to display alert rule and its underlying data. * Annotation panel: Release the annotation panel. * Annotations: Add typeahead support for tags in built-in annotations. * AzureMonitor: Add curated dashboards for Azure services. * AzureMonitor: Add support for deep links to Microsoft Azure portal for Metrics. * AzureMonitor: Remove support for different credentials for Azure Monitor Logs. * AzureMonitor: Support querying any Resource for Logs queries. * Elasticsearch: Add frozen indices search support. * Elasticsearch: Name fields after template variables values instead of their name. * Elasticsearch: add rate aggregation. * Email: Allow configuration of content types for email notifications. * Explore: Add more meta information when line limit is hit. * Explore: UI improvements to trace view. * FieldOverrides: Added support to change display name in an override field and have it be matched by a later rule. * HTTP Client: Introduce dataproxy_max_idle_connections config variable. * InfluxDB: InfluxQL: adds tags to timeseries data. * InfluxDB: InfluxQL: make measurement search case insensitive. Legacy Alerting: Replace simplejson with a struct in webhook notification channel. * Legend: Updates display name for Last (not null) to just Last*. * Logs panel: Add option to show common labels. * Loki: Add $__range variable. * Loki: Add support for 'label_values(log stream selector, label)' in templating. * Loki: Add support for ad-hoc filtering in dashboard. * MySQL Datasource: Add timezone parameter. * NodeGraph: Show gradient fields in legend. * PanelOptions: Don't mutate panel options/field config object when updating. * PieChart: Make pie gradient more subtle to match other charts. * Prometheus: Update PromQL typeahead and highlighting. * Prometheus: interpolate variable for step field. * Provisioning: Improve validation by validating across all dashboard providers. * SQL Datasources: Allow multiple string/labels columns with time series. * Select: Portal select menu to document.body. * Team Sync: Add group mapping to support team sync in the Generic OAuth provider. * Tooltip: Make active series more noticeable. * Tracing: Add support to configure trace to logs start and end time. * Transformations: Skip merge when there is only a single data frame. * ValueMapping: Added support for mapping text to color, boolean values, NaN and Null. Improved UI for value mapping. * Visualizations: Dynamically set any config (min, max, unit, color, thresholds) from query results. * live: Add support to handle origin without a value for the port when matching with root_url. * Alerting: Handle marshaling Inf values. * AzureMonitor: Fix macro resolution for template variables. * AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes resources. * AzureMonitor: Request and concat subsequent resource pages. * Bug: Fix parse duration for day. * Datasources: Improve error handling for error messages. * Explore: Correct the functionality of shift-enter shortcut across all uses. * Explore: Show all dataFrames in data tab in Inspector. * GraphNG: Fix Tooltip mode 'All' for XYChart. * Loki: Fix highlight of logs when using filter expressions with backticks. * Modal: Force modal content to overflow with scroll. * Plugins: Ignore symlinked folders when verifying plugin signature. * Toolkit: Improve error messages when tasks fail. - Update to version 8.0.7 - Update to version 8.0.6 * Alerting: Add annotation upon alert state change. * Alerting: Allow space in label and annotation names. * InfluxDB: Improve legend labels for InfluxDB query results. * Alerting: Fix improper alert by changing the handling of empty labels. * CloudWatch/Logs: Reestablish Cloud Watch alert behavior. * Dashboard: Avoid migration breaking on fieldConfig without defaults field in folded panel. * DashboardList: Fix issue not re-fetching dashboard list after variable change. * Database: Fix incorrect format of isolation level configuration parameter for MySQL. * InfluxDB: Correct tag filtering on InfluxDB data. * Links: Fix links that caused a full page reload. * Live: Fix HTTP error when InfluxDB metrics have an incomplete or asymmetrical field set. * Postgres/MySQL/MSSQL: Change time field to 'Time' for time series queries. * Postgres: Fix the handling of a null return value in query * Tempo: Show hex strings instead of uints for IDs. * TimeSeries: Improve tooltip positioning when tooltip overflows. * Transformations: Add 'prepare time series' transformer. - Update to version 8.0.5 * Cloudwatch Logs: Send error down to client. * Folders: Return 409 Conflict status when folder already exists. * TimeSeries: Do not show series in tooltip if it's hidden in the viz. * AzureMonitor: Fix issue where resource group name is missing on the resource picker button. * Chore: Fix AWS auth assuming role with workspace IAM. * DashboardQueryRunner: Fixes unrestrained subscriptions being * DateFormats: Fix reading correct setting key for use_browser_locale. * Links: Fix links to other apps outside Grafana when under sub path. * Snapshots: Fix snapshot absolute time range issue. * Table: Fix data link color. * Time Series: Fix X-axis time format when tick increment is larger than a year. * Tooltip Plugin: Prevent tooltip render if field is undefined. - Update to version 8.0.4 * Live: Rely on app url for origin check. * PieChart: Sort legend descending, update placeholder. * TimeSeries panel: Do not reinitialize plot when thresholds mode change. * Elasticsearch: Allow case sensitive custom options in date_histogram interval. * Elasticsearch: Restore previous field naming strategy when using variables. * Explore: Fix import of queries between SQL data sources. * InfluxDB: InfluxQL query editor: fix retention policy handling. * Loki: Send correct time range in template variable queries. * TimeSeries: Preserve RegExp series overrides when migrating from old graph panel. - Update to version 8.0.3 * Alerting: Increase alertmanager_conf column if MySQL. * Time series/Bar chart panel: Handle infinite numbers as nulls when converting to plot array. * TimeSeries: Ensure series overrides that contain color are migrated, and migrate the previous fieldConfig when changing the panel type. * ValueMappings: Improve singlestat value mappings migration. * Annotations: Fix annotation line and marker colors. * AzureMonitor: Fix KQL template variable queries without default workspace. * CloudWatch/Logs: Fix missing response data for log queries. * LibraryPanels: Fix crash in library panels list when panel plugin is not found. * LogsPanel: Fix performance drop when moving logs panel in * Loki: Parse log levels when ANSI coloring is enabled. * MSSQL: Fix issue with hidden queries still being executed. * PanelEdit: Display the VisualizationPicker that was not displayed if a panel has an unknown panel plugin. * Plugins: Fix loading symbolically linked plugins. * Prometheus: Fix issue where legend name was replaced with name Value in stat and gauge panels. * State Timeline: Fix crash when hovering over panel. - Update to version 8.0.2 * Datasource: Add support for max_conns_per_host in dataproxy settings. * Configuration: Fix changing org preferences in FireFox. * PieChart: Fix legend dimension limits. * Postgres/MySQL/MSSQL: Fix panic in concurrent map writes. * Variables: Hide default data source if missing from regex. - Update to version 8.0.1 * Alerting/SSE: Fix 'count_non_null' reducer validation. * Cloudwatch: Fix duplicated time series. * Cloudwatch: Fix missing defaultRegion. * Dashboard: Fix Dashboard init failed error on dashboards with old singlestat panels in collapsed rows. * Datasource: Fix storing timeout option as numeric. * Postgres/MySQL/MSSQL: Fix annotation parsing for empty * Postgres/MySQL/MSSQL: Numeric/non-string values are now returned from query variables. * Postgres: Fix an error that was thrown when the annotation query did not return any results. * StatPanel: Fix an issue with the appearance of the graph when switching color mode. * Visualizations: Fix an issue in the Stat/BarGauge/Gauge/PieChart panels where all values mode were showing the same name if they had the same value. * Toolkit: Resolve external fonts when Grafana is served from a sub path. - Update to version 8.0.0 * The following endpoints were deprecated for Grafana v5.0 and support for them has now been removed: GET /dashboards/db/:slug GET /dashboard-solo/db/:slug GET /api/dashboard/db/:slug DELETE /api/dashboards/db/:slug * AzureMonitor: Require default subscription for workspaces() template variable query. * AzureMonitor: Use resource type display names in the UI. * Dashboard: Remove support for loading and deleting dashboard by slug. * InfluxDB: Deprecate direct browser access in data source. * VizLegend: Add a read-only property. * AzureMonitor: Fix Azure Resource Graph queries in Azure China. * Checkbox: Fix vertical layout issue with checkboxes due to fixed height. * Dashboard: Fix Table view when editing causes the panel data to not update. * Dashboard: Fix issues where unsaved-changes warning is not displayed. * Login: Fixes Unauthorized message showing when on login page or snapshot page. * NodeGraph: Fix sorting markers in grid view. * Short URL: Include orgId in generated short URLs. * Variables: Support raw values of boolean type. - Update to version 8.0.0-beta3 * The default HTTP method for Prometheus data source is now POST. * API: Support folder UID in dashboards API. * Alerting: Add support for configuring avatar URL for the Discord notifier. * Alerting: Clarify that Threema Gateway Alerts support only Basic IDs. * Azure: Expose Azure settings to external plugins. * AzureMonitor: Deprecate using separate credentials for Azure Monitor Logs. * AzureMonitor: Display variables in resource picker for Azure * AzureMonitor: Hide application insights for data sources not using it. * AzureMonitor: Support querying subscriptions and resource groups in Azure Monitor Logs. * AzureMonitor: remove requirement for default subscription. * CloudWatch: Add Lambda@Edge Amazon CloudFront metrics. * CloudWatch: Add missing AWS AppSync metrics. * ConfirmModal: Auto focus delete button. * Explore: Add caching for queries that are run from logs * Loki: Add formatting for annotations. * Loki: Bring back processed bytes as meta information. * NodeGraph: Display node graph collapsed by default with trace view. * Overrides: Include a manual override option to hide something from visualization. * PieChart: Support row data in pie charts. * Prometheus: Update default HTTP method to POST for existing data sources. * Time series panel: Position tooltip correctly when window is scrolled or resized. * Admin: Fix infinite loading edit on the profile page. * Color: Fix issues with random colors in string and date * Dashboard: Fix issue with title or folder change has no effect after exiting settings view. * DataLinks: Fix an issue __series.name is not working in data link. * Datasource: Fix dataproxy timeout should always be applied for outgoing data source HTTP requests. * Elasticsearch: Fix NewClient not passing httpClientProvider to client impl. * Explore: Fix Browser title not updated on Navigation to Explore. * GraphNG: Remove fieldName and hideInLegend properties from UPlotSeriesBuilder. * OAuth: Fix fallback to auto_assign_org_role setting for Azure AD OAuth when no role claims exists. * PanelChrome: Fix issue with empty panel after adding a non data panel and coming back from panel edit. * StatPanel: Fix data link tooltip not showing for single value. * Table: Fix sorting for number fields. * Table: Have text underline for datalink, and add support for image datalink. * Transformations: Prevent FilterByValue transform from crashing panel edit. - Update to version 8.0.0-beta2 * AppPlugins: Expose react-router to apps. * AzureMonitor: Add Azure Resource Graph. * AzureMonitor: Managed Identity configuration UI. * AzureMonitor: Token provider with support for Managed Identities. * AzureMonitor: Update Logs workspace() template variable query to return resource URIs. * BarChart: Value label sizing. * CloudMonitoring: Add support for preprocessing. * CloudWatch: Add AWS/EFS StorageBytes metric. * CloudWatch: Allow use of missing AWS namespaces using custom * Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy. * InfluxDB: InfluxQL: allow empty tag values in the query editor. * Instrumentation: Instrument incoming HTTP request with histograms by default. * Library Panels: Add name endpoint & unique name validation to AddLibraryPanelModal. * Logs panel: Support details view. * PieChart: Always show the calculation options dropdown in the * PieChart: Remove beta flag. * Plugins: Enforce signing for all plugins. * Plugins: Remove support for deprecated backend plugin protocol version. * Tempo/Jaeger: Add better display name to legend. * Timeline: Add time range zoom. * Timeline: Adds opacity & line width option. * Timeline: Value text alignment option. * ValueMappings: Add duplicate action, and disable dismiss on backdrop click. * Zipkin: Add node graph view to trace response. * Annotations panel: Remove subpath from dashboard links. * Content Security Policy: Allow all image sources by default. * Content Security Policy: Relax default template wrt. loading of scripts, due to nonces not working. * Datasource: Fix tracing propagation for alert execution by introducing HTTP client outgoing tracing middleware. * InfluxDB: InfluxQL always apply time interval end. * Library Panels: Fixes 'error while loading library panels'. * NewsPanel: Fixes rendering issue in Safari. * PanelChrome: Fix queries being issued again when scrolling in and out of view. * Plugins: Fix Azure token provider cache panic and auth param nil value. * Snapshots: Fix key and deleteKey being ignored when creating an external snapshot. * Table: Fix issue with cell border not showing with colored background cells. * Table: Makes tooltip scrollable for long JSON values. * TimeSeries: Fix for Connected null values threshold toggle during panel editing. * Variables: Fixes inconsistent selected states on dashboard * Variables: Refreshes all panels even if panel is full screen. * QueryField: Remove carriage return character from pasted text. - Update to version 8.0.0-beta1 + License update: * AGPL License: Update license from Apache 2.0 to the GNU Affero General Public License (AGPL). * Removes the never refresh option for Query variables. * Removes the experimental Tags feature for Variables. + Deprecations: * The InfoBox & FeatureInfoBox are now deprecated please use the Alert component instead with severity info. * API: Add org users with pagination. * API: Return 404 when deleting nonexistent API key. * API: Return query results as JSON rather than base64 encoded Arrow. * Alerting: Allow sending notification tags to Opsgenie as extra properties. * Alerts: Replaces all uses of InfoBox & FeatureInfoBox with Alert. * Auth: Add support for JWT Authentication. * AzureMonitor: Add support for Microsoft.SignalRService/SignalR metrics. * AzureMonitor: Azure settings in Grafana server config. * AzureMonitor: Migrate Metrics query editor to React. * BarChart panel: enable series toggling via legend. * BarChart panel: Adds support for Tooltip in BarChartPanel. * PieChart panel: Change look of highlighted pie slices. * CloudMonitoring: Migrate config editor from angular to react. * CloudWatch: Add Amplify Console metrics and dimensions. * CloudWatch: Add missing Redshift metrics to CloudWatch data * CloudWatch: Add metrics for managed RabbitMQ service. * DashboardList: Enable templating on search tag input. * Datasource config: correctly remove single custom http header. * Elasticsearch: Add generic support for template variables. * Elasticsearch: Allow omitting field when metric supports inline script. * Elasticsearch: Allow setting a custom limit for log queries. * Elasticsearch: Guess field type from first non-empty value. * Elasticsearch: Use application/x-ndjson content type for multisearch requests. * Elasticsearch: Use semver strings to identify ES version. * Explore: Add logs navigation to request more logs. * Explore: Map Graphite queries to Loki. * Explore: Scroll split panes in Explore independently. * Explore: Wrap each panel in separate error boundary. * FieldDisplay: Smarter naming of stat values when visualising row values (all values) in stat panels. * Graphite: Expand metric names for variables. * Graphite: Handle unknown Graphite functions without breaking the visual editor. * Graphite: Show graphite functions descriptions. * Graphite: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). * InfluxDB: Flux: Improve handling of complex response-structures. * InfluxDB: Support region annotations. * Inspector: Download logs for manual processing. * Jaeger: Add node graph view for trace. * Jaeger: Search traces. * Loki: Use data source settings for alerting queries. * NodeGraph: Exploration mode. * OAuth: Add support for empty scopes. * PanelChrome: New logic-less emotion based component with no dependency on PanelModel or DashboardModel. * PanelEdit: Adds a table view toggle to quickly view data in table form. * PanelEdit: Highlight matched words when searching options. * PanelEdit: UX improvements. * Plugins: PanelRenderer and simplified QueryRunner to be used from plugins. * Plugins: AuthType in route configuration and params interpolation. * Plugins: Enable plugin runtime install/uninstall capabilities. * Plugins: Support set body content in plugin routes. * Plugins: Introduce marketplace app. * Plugins: Moving the DataSourcePicker to grafana/runtime so it can be reused in plugins. * Prometheus: Add custom query params for alert and exemplars * Prometheus: Use fuzzy string matching to autocomplete metric names and label. * Routing: Replace Angular routing with react-router. * Slack: Use chat.postMessage API by default. * Tempo: Search for Traces by querying Loki directly from Tempo. * Tempo: Show graph view of the trace. * Themes: Switch theme without reload using global shortcut. * TimeSeries panel: Add support for shared cursor. * TimeSeries panel: Do not crash the panel if there is no time series data in the response. * Variables: Do not save repeated panels, rows and scopedVars. * Variables: Removes experimental Tags feature. * Variables: Removes the never refresh option. * Visualizations: Unify tooltip options across visualizations. * Visualizations: Refactor and unify option creation between new visualizations. * Visualizations: Remove singlestat panel. * APIKeys: Fixes issue with adding first api key. * Alerting: Add checks for non supported units - disable defaulting to seconds. * Alerting: Fix issue where Slack notifications won't link to user IDs. * Alerting: Omit empty message in PagerDuty notifier. * AzureMonitor: Fix migration error from older versions of App Insights queries. * CloudWatch: Fix AWS/Connect dimensions. * CloudWatch: Fix broken AWS/MediaTailor dimension name. * Dashboards: Allow string manipulation as advanced variable format option. * DataLinks: Includes harmless extended characters like Cyrillic characters. * Drawer: Fixes title overflowing its container. * Explore: Fix issue when some query errors were not shown. * Generic OAuth: Prevent adding duplicated users. * Graphite: Handle invalid annotations. * Graphite: Fix autocomplete when tags are not available. * InfluxDB: Fix Cannot read property 'length' of undefined in when parsing response. * Instrumentation: Enable tracing when Jaeger host and port are * Instrumentation: Prefix metrics with grafana. * MSSQL: By default let driver choose port. * OAuth: Add optional strict parsing of role_attribute_path. * Panel: Fixes description markdown with inline code being rendered on newlines and full width. * PanelChrome: Ignore data updates & errors for non data panels. * Permissions: Fix inherited folder permissions can prevent new permissions being added to a dashboard. * Plugins: Remove pre-existing plugin installs when installing with grafana-cli. * Plugins: Support installing to folders with whitespace and fix pluginUrl trailing and leading whitespace failures. * Postgres/MySQL/MSSQL: Don't return connection failure details to the client. * Postgres: Fix ms precision of interval in time group macro when TimescaleDB is enabled. * Provisioning: Use dashboard checksum field as change indicator. * SQL: Fix so that all captured errors are returned from sql engine. * Shortcuts: Fixes panel shortcuts so they always work. * Table: Fixes so border is visible for cells with links. * Variables: Clear query when data source type changes. * Variables: Filters out builtin variables from unknown list. * Button: Introduce buttonStyle prop. * DataQueryRequest: Remove deprecated props showingGraph and showingTabel and exploreMode. * grafana/ui: Update React Hook Form to v7. * IconButton: Introduce variant for red and blue icon buttons. * Plugins: Expose the getTimeZone function to be able to get the current selected timeZone. * TagsInput: Add className to TagsInput. * VizLegend: Move onSeriesColorChanged to PanelContext (breaking change). - Update to version 7.5.13 * Alerting: Fix NoDataFound for alert rules using AND operator. mgr-cfg: - Version 4.2.8-1 * Fix the condition for preventing building python 2 subpackage for SLE15 (bsc#1197579) - Version 4.2.7-1 * Fix installation problem for SLE15SP4 due missing python-selinux mgr-osad: - Version 4.2.8-1 * Fix the condition for preventing building python 2 subpackage for SLE15 mgr-push: - Version 4.2.5-1 * Fix the condition for preventing building python 2 subpackage for SLE15 mgr-virtualization: - Version 4.2.4-1 * Fix the condition for preventing building python 2 subpackage for SLE15 prometheus-postgres_exporter: - Version 0.10.0 * Added hardening to systemd service(s) with changes to `prometheus-postgres_exporter.service` (bsc#1181400) * Package rename from golang-github-wrouesnel-postgres_exporter (jsc#SLE-23051) rhnlib: - Version 4.2.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 spacecmd: - Version 4.2.16-1 * implement system.bootstrap (bsc#1194909) * Fix interactive mode for 'system_applyerrata' and 'errata_apply' (bsc#1194363) spacewalk-client-tools: - Version 4.2.18-1 * Fix the condition for preventing building python 2 subpackage for SLE15 - Version 4.2.17-1 * Update translation strings spacewalk-koan: - Version 4.2.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 spacewalk-oscap: - Version 4.2.4-1 * Fix the condition for preventing building python 2 subpackage for SLE15 suseRegisterInfo: - Version 4.2.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1397-1 Released: Mon Apr 25 16:43:46 2022 Summary: Maintenance update for SUSE Manager 4.2: Server and Proxy Type: recommended Severity: moderate References: 1133198,1173527,1186336,1191360,1191597,1192150,1192822,1193448,1194363,1194447,1194464,1194909,1195043,1195145,1195271,1195282,1195294,1195666,1195712,1195750,1195757,1195762,1195765,1195772,1195920,1196067,1196094,1196407,1196455,1196693,1196704,1196977,1197007,1197579,CVE-2018-20433,CVE-2019-5427 Maintenance update for SUSE Manager 4.2: Server and Proxy This is a codestream only update. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1399-1 Released: Mon Apr 25 17:16:31 2022 Summary: Recommended update for podman Type: recommended Severity: moderate References: 1196751 This update for podman fixes the following issues: - Fixed breakage on some setups of rootless containers after the last major update (bsc#1196751). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:1400-1 Released: Tue Apr 26 08:19:29 2022 Summary: Feature update for glm Type: feature Severity: moderate References: This feature update for glm fixes the following issues: Update from version 0.9.7.5 to version 0.9.9.8 (jsc#SLE-23864): - Added CMake GLM interface - Added EXT_scalar_integer extension with power of two and multiple scalar functions - Added EXT_vector_integer extension with power of two and multiple vector functions - Added GLM_FORCE_QUAT_DATA_WXYZ to store quat data as w,x,y,z instead of x,y,z,w - Added Neon support - Added SYCL support - Added fma implementation based on std::fma - Added missing genType check for bitCount and bitfieldReverse - Added missing quat constexpr - Ensure glmConfig.cmake gets installed - Fixed 'if constexpr' warning - Fixed .natvis due to renamed structs - Fixed ARM 64bit detection - Fixed Nvidia CUDA 9 build - Fixed Clang or GCC build due to wrong GLM_HAS_IF_CONSTEXPR definition - Fixed EXT_matrix_clip_space perspectiveFov - Fixed EXT_scalar_ulp and EXT_vector_ulp API coding style - Fixed GLM_EXT_matrix_clip_space warnings - Fixed GLM_HAS_CXX11_STL broken on Clang with Linux - Fixed Wimplicit-int-float-conversion warnings with clang 10+ - Fixed build errors when defining GLM_ENABLE_EXPERIMENTAL - Fixed equal ULP variation when using negative sign - Fixed for g++6 where -std=c++1z sets __cplusplus to 201500 instead of 201402 - Fixed for glm::length using arch64 - Fixed for intersection ray/plane and added related tests - Fixed hash hashes 'qua' instead of 'tquat' - Fixed ldexp and frexp declaration - Fixed missing const to quaternion conversion operators - Fixed missing declarations for 'frexp' and 'ldexp' - Fixed quaternion componant order: w, {x, y, z} - Fixed quaternion slerp overload which interpolates with extra spins - Fixed singularity check for quatLookAt - Improved Neon support with more functions optimized ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1401-1 Released: Tue Apr 26 08:44:16 2022 Summary: Recommended update for ppp Type: recommended Severity: important References: 1197799 This update for ppp fixes the following issues: - Fix package building issues (bsc#1197799) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1403-1 Released: Tue Apr 26 09:54:06 2022 Summary: Recommended update for ocfs2-tools Type: recommended Severity: moderate References: 1196705 This update for ocfs2-tools fixes the following issues: - Prevent attempt to lock cluster after replaying journals if -F is given (bsc#1196705) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1405-1 Released: Tue Apr 26 09:55:02 2022 Summary: Recommended update for autofs Type: recommended Severity: moderate References: 1181715,1195697,1196485 This update for autofs fixes the following issues: - Fix problem with quote handling (bsc#1181715) - Fix locking problem that causes deadlock when sss is used (bsc#1196485) - Suppress portmap calls when port explicitly given (bsc#1195697) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1410-1 Released: Tue Apr 26 17:48:28 2022 Summary: Security update for go1.18 Type: security Severity: moderate References: 1183043,1193742,1198423,1198424,1198427,CVE-2022-24675,CVE-2022-27536,CVE-2022-28327 This update for go1.18 fixes the following issues: - CVE-2022-24675: Fixed a stack overlow in Decode() in encoding/pem (bsc#1198423). - CVE-2022-28327: Fixed a crash due to refused oversized scalars in generic P-256 (bsc#1198424). - CVE-2022-27536: Fixed a crash in Certificate.Verify in crypto/x509 (bsc#1198427). Bump go1.18 (bsc#1193742) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1411-1 Released: Tue Apr 26 17:48:58 2022 Summary: Security update for go1.17 Type: security Severity: moderate References: 1190649,1198423,1198424,CVE-2022-24675,CVE-2022-28327 This update for go1.17 fixes the following issues: - Updated to version 1.17.9 (bsc#1190649): - CVE-2022-24675: Fixed a stack overflow via crafted PEM file (bsc#1198423). - CVE-2022-28327: Fixed a potential panic when using big P-256 scalars in the crypto/elliptic module (bsc#1198424). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1418-1 Released: Wed Apr 27 09:19:31 2022 Summary: Security update for ant Type: security Severity: moderate References: 1188468,1188469,CVE-2021-36373,CVE-2021-36374 This update for ant fixes the following issues: - CVE-2021-36373: Fixed an excessive memory allocation when reading a specially crafted TAR archive (bsc#1188468). - CVE-2021-36374: Fixed an excessive memory allocation when reading a specially crafted ZIP archive (bsc#1188469). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1420-1 Released: Wed Apr 27 09:21:36 2022 Summary: Recommended update for lifecycle-data-sle-module-live-patching Type: recommended Severity: moderate References: 1020320 This update for lifecycle-data-sle-module-live-patching fixes the following issues: Lifecycle data update. (bsc#1020320) - Added data for 4_12_14-150_83, 4_12_14-150_86, 4_12_14-197_105, 4_12_14-197_108, 5_3_18-150300_59_46, 5_3_18-150300_59_49, 5_3_18-150300_59_54, 5_3_18-24_102, 5_3_18-24_107. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1422-1 Released: Wed Apr 27 09:24:27 2022 Summary: Recommended update for glib2-branding Type: recommended Severity: moderate References: 1195836 This update for glib2-branding fixes the following issues: - Change the default `LibreOffice Startcenter` entry to `libreoffice-startcenter.desktop` and provide the missing favorite link. (bsc#1195836) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1423-1 Released: Wed Apr 27 09:48:27 2022 Summary: Recommended update for pacemaker Type: recommended Severity: moderate References: 1197668 This update for pacemaker fixes the following issues: - Pacemaker high resolution timestamps. (bsc#1197668) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1430-1 Released: Wed Apr 27 10:01:43 2022 Summary: Security update for cifs-utils Type: security Severity: important References: 1197216,CVE-2022-27239 This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1431-1 Released: Wed Apr 27 11:34:12 2022 Summary: Security update for webkit2gtk3 Type: security Severity: important References: 1196133,1198290,CVE-2022-22594,CVE-2022-22624,CVE-2022-22628,CVE-2022-22629,CVE-2022-22637 This update for webkit2gtk3 fixes the following issues: Update to version 2.36.0 (bsc#1198290): - CVE-2022-22624: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22628: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22629: Fixed a buffer overflow that may lead to arbitrary code execution. - CVE-2022-22637: Fixed an unexpected cross-origin behavior due to a logic error. Missing CVE reference for the update to 2.34.6 (bsc#1196133): - CVE-2022-22594: Fixed a cross-origin issue in the IndexDB API. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1435-1 Released: Wed Apr 27 14:34:27 2022 Summary: Security update for firewalld, golang-github-prometheus-prometheus Type: security Severity: important References: 1196338,1197042,CVE-2022-21698 This update for firewalld, golang-github-prometheus-prometheus fixes the following issues: Security fixes for golang-github-prometheus-prometheus: - CVE-2022-21698: Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods (bsc#1196338). Other non security changes for golang-github-prometheus-prometheus: - Build `firewalld-prometheus-config` only for SUSE Linux Enterprise 15, 15-SP1 and 15-SP2, and require `firewalld`. - Only recommends `firewalld-prometheus-config` as prometheus does not require it to run. - Create `firewalld-prometheus-config` subpackage (bsc#1197042, jsc#SLE-24373, jsc#SLE-24374, jsc#SLE-24375) Other non security changes for firewalld: - Provide dummy `firewalld-prometheus-config` package (bsc#1197042) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1436-1 Released: Wed Apr 27 14:53:15 2022 Summary: Security update for libaom Type: security Severity: moderate References: 1185778,CVE-2021-30473 This update for libaom fixes the following issues: - CVE-2021-30473: AOMedia in aom_image.c frees memory that is not located on the heap (bsc#1185778). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1437-1 Released: Wed Apr 27 14:55:18 2022 Summary: Security update for buildah Type: security Severity: moderate References: 1197870,CVE-2022-27651 This update for buildah fixes the following issues: - CVE-2022-27651: Fixed incorrect default inheritable capabilities for linux container (bsc#1197870). Update to version 1.25.1. The following non-security bugs were fixed: - add workaround for https://bugzilla.opensuse.org/show_bug.cgi?id=1183043 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1439-1 Released: Wed Apr 27 16:08:04 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1198237 This update for binutils fixes the following issues: - The official name IBM z16 for IBM zSeries arch14 is recognized. (bsc#1198237) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1445-1 Released: Thu Apr 28 09:44:08 2022 Summary: Recommended update for patterns-public-cloud-15 Type: recommended Severity: important References: 1196122 This update for patterns-public-cloud-15 fixes the following issues: - Fix pattern migration issue from SLE 12 to SLE 15. (bsc#1196122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1446-1 Released: Thu Apr 28 09:46:53 2022 Summary: Security update for python-paramiko Type: security Severity: moderate References: 1197279,CVE-2022-24302 This update for python-paramiko fixes the following issues: - CVE-2022-24302: Fixed a race condition between creation and chmod when writing private keys. (bsc#1197279) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1449-1 Released: Thu Apr 28 10:19:29 2022 Summary: Recommended update for osinfo-db Type: recommended Severity: moderate References: 1182144,1188336,1188692,1192238,1196965,1197958 This update for osinfo-db fixes the following issues: - Update to database version 20220214 - Request support for SLE15-SP4 in the osinfo database. (bsc#1197958) - Add support for SUSE linux Enterprise Micro 5.2 - openSUSE Tumbleweed unattended installation with libvirt fails (bsc#1196965, bsc#1188336) - Dev: Support Oracle Linux as a guest VM. (jsc#SLE-17764, bsc#1192238) - Fix AutoYaST profiles to pass the validation during installation. (bsc#1182144) - Add support for openSUSE Leap 15.4, SLE15-SP4, and SLEM 5.1 (bsc#1188692) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1450-1 Released: Thu Apr 28 10:20:33 2022 Summary: Recommended update for openmpi3 Type: recommended Severity: moderate References: 1174439,1191390,1196838 This update for openmpi3 fixes the following issues: - Fix bad rdma component selection which can cause stall when running on multiple IB nodes. (bsc#1196838) - Move rpm macros to %_rpmmacrodir. (bsc#1191390) - Add build support for gcc8/9/10 to HPC build. (bsc#1174439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1454-1 Released: Thu Apr 28 11:15:06 2022 Summary: Security update for python-pip Type: security Severity: moderate References: 1176262,1195831,CVE-2019-20916 This update for python-pip fixes the following issues: - Add wheel subpackage with the generated wheel for this package (bsc#1176262, CVE-2019-20916). - Make wheel a separate build run to avoid the setuptools/wheel build cycle. - Switch this package to use update-alternatives for all files in %{_bindir} so it doesn't collide with the versions on 'the latest' versions of Python interpreter (jsc#SLE-18038, bsc#1195831). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1457-1 Released: Thu Apr 28 13:23:18 2022 Summary: Recommended update for postgresql12 Type: recommended Severity: moderate References: 1190740,1195680 This update for postgresql12 fixes the following issues: - Upgrade to 12.10: (bsc#1195680) * https://www.postgresql.org/docs/12/release-12-10.html * Reindexing might be needed after applying this upgrade, so please read the release notes carefully. - Add constraints file with 12GB of memory for s390x as a workaround. (bsc#1190740) - Add a llvmjit-devel subpackage to pull in the right versions of clang and llvm for building extensions. - Fix some mistakes in the interdependencies between the implementation packages and their noarch counterpart. - Update the BuildIgnore section. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1458-1 Released: Thu Apr 28 14:13:25 2022 Summary: Recommended update for postgresql Type: recommended Severity: moderate References: 1195680 This update for postgresql fixes the following issues: - Fix the pg_server_requires macro on older rpm versions (SLE-12) - Avoid a dependency on awk in postgresql-script. - Move the dependency of llvmjit-devel on clang and llvm to the implementation packages where we can depend on the correct versions. - Fix postgresql_has_llvm usage - First round of changes to make it easier to build extensions for - add postgresql-llvmjit-devel subpackage: This package will pull in clang and llvm if the distro has a recent enough version, otherwise it will just pull postgresql-server-devel. - add postgresql macros to the postgresql-server-devel package those cover all the variables from pg_config and some macros to remove repitition from the spec files - Bump version to 14. (bsc#1195680) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1460-1 Released: Thu Apr 28 16:21:58 2022 Summary: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent Type: recommended Severity: moderate References: 1195437,1195438 This update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent fixes the following issues: - Update to version 20220204.00. (bsc#1195437, bsc#1195438) * remove han from owners (#154) * Remove extra slash from metadata URL. (#151) - from version 20220104.00 * List IPv6 routes (#150) - from version 20211228.00 * add add or remove route integration test, utils (#147) - from version 20211214.00 * add malformed ssh key unit test (#142) - Update to version 20220211.00. (bsc#1195437, bsc#1195438) * Set NVMe-PD IO timeout to 4294967295. (#32) - Update to version 20220205.00. (bsc#1195437, bsc#1195438) * Fix build for EL9. (#82) - from version 20211213.00 * Reauth error (#81) - Rename Source0 field to Source - Update URL in Source field to point to upstream tarball - Update to version 20220209.00 (bsc#1195437, bsc#1195438) * Update licences, remove deprecated centos-8 tests (#414) - Update to version 20220204.00 * Add DisableLocalLogging option (#413) - from version 20220107.00 * OS assignment example: Copy file from bucket ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1461-1 Released: Thu Apr 28 16:25:04 2022 Summary: Security update for nodejs12 Type: security Severity: important References: 1194819,1196877,1197283,1198247,CVE-2021-44906,CVE-2021-44907,CVE-2022-0235,CVE-2022-0778 This update for nodejs12 fixes the following issues: - CVE-2022-0778: Fixed a infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - CVE-2021-44906: Fixed a prototype pollution in node-minimist (bsc#1198247). - CVE-2021-44907: Fixed a potential Denial of Service vulnerability in node-qs (bsc#1197283). - CVE-2022-0235: Fixed an exposure of sensitive information to an unauthorized actor in node-fetch (bsc#1194819). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1462-1 Released: Thu Apr 28 16:46:15 2022 Summary: Security update for nodejs14 Type: security Severity: important References: 1194819,1196877,1197283,1198247,CVE-2021-44906,CVE-2021-44907,CVE-2022-0235,CVE-2022-0778 This update for nodejs14 fixes the following issues: - CVE-2022-0778: Fixed a infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - CVE-2021-44906: Fixed a prototype pollution in node-minimist (bsc#1198247). - CVE-2021-44907: Fixed a potential Denial of Service vulnerability in node-qs (bsc#1197283). - CVE-2022-0235: Fixed an exposure of sensitive information to an unauthorized actor in node-fetch (bsc#1194819). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1463-1 Released: Fri Apr 29 09:39:45 2022 Summary: Recommended update for postgresql13 Type: recommended Severity: moderate References: 1190740,1195680 This update for postgresql13 fixes the following issues: - Upgrade to 14.2: (bsc#1195680) * https://www.postgresql.org/docs/14/release-14-2.html * Reindexing might be needed after applying this upgrade, so please read the release notes carefully. - Add constraints file with 12GB of memory for s390x as a workaround. (bsc#1190740) - Add a llvmjit-devel subpackage to pull in the right versions of clang and llvm for building extensions. - Fix some mistakes in the interdependencies between the implementation packages and their noarch counterpart. - Update the BuildIgnore section. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1464-1 Released: Fri Apr 29 09:40:21 2022 Summary: Recommended update for strongswan Type: recommended Severity: moderate References: This update for strongswan fixes the following issues: - Enable auth_els plugin (jsc#SLE-20151) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1465-1 Released: Fri Apr 29 11:36:02 2022 Summary: Security update for libslirp Type: security Severity: important References: 1187364,1187366,1187367,1198773,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595 This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366). - Fix a dhcp regression [bsc#1198773] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1472-1 Released: Fri Apr 29 16:48:46 2022 Summary: Recommended update for python-Whoosh Type: recommended Severity: low References: 1197830 This update for python-Whoosh fixes the following issues: - python-Whoosh won't compile on SP4 (bsc#1197830) - Remove superfluous devel dependency for noarch package ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1476-1 Released: Fri Apr 29 17:31:16 2022 Summary: Security update for libcaca Type: security Severity: moderate References: 1197028,CVE-2022-0856 This update for libcaca fixes the following issues: - CVE-2022-0856: Fixed a divide by zero issue which could be exploited to cause an application crash (bsc#1197028). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1477-1 Released: Fri Apr 29 17:31:37 2022 Summary: Security update for python-Twisted Type: security Severity: moderate References: 1198086,CVE-2022-24801 This update for python-Twisted fixes the following issues: - CVE-2022-24801: Fixed to not be as lenient as earlier HTTP/1.1 RFCs to prevent HTTP request smuggling. (bsc#1198086) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1479-1 Released: Fri Apr 29 17:32:01 2022 Summary: Security update for jasper Type: security Severity: moderate References: 1182104,1182105,1184757,1184798,CVE-2021-26926,CVE-2021-26927,CVE-2021-3443,CVE-2021-3467 This update for jasper fixes the following issues: - CVE-2021-3467: Fixed NULL pointer deref in jp2_decode() (bsc#1184757). - CVE-2021-3443: Fixed NULL pointer deref in jp2_decode() (bsc#1184798). - CVE-2021-26927: Fixed NULL pointer deref in jp2_decode() (bsc#1182104). - CVE-2021-26926: Fixed an out of bounds read in jp2_decode() (bsc#1182105). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1481-1 Released: Mon May 2 14:29:41 2022 Summary: Recommended update for collectd Type: recommended Severity: moderate References: This update for collectd fixes the following issues: - Adding new plugin rpm 'collect-plugin-dpdk' including the following modules (jsc#SLE-23472): - dpdkevent - dpdk_telemetry ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1482-1 Released: Mon May 2 14:30:07 2022 Summary: Recommended update for mdadm Type: recommended Severity: moderate References: 1196054 This update for mdadm fixes the following issues: - Fix a boot failure with multipath if the reading the VPD page attribute fails and skip RAID assembly if it is set. (bsc#1196054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1484-1 Released: Mon May 2 16:47:10 2022 Summary: Security update for git Type: security Severity: important References: 1181400,1198234,CVE-2022-24765 This update for git fixes the following issues: - Updated to version 2.35.3: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1485-1 Released: Mon May 2 16:47:41 2022 Summary: Security update for python39 Type: security Severity: moderate References: 1186819,1189241,1189287,1189356,1193179,CVE-2021-3572,CVE-2021-3733,CVE-2021-3737 This update for python39 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819). - Update to 3.9.10 (jsc#SLE-23849) - Remove shebangs from from python-base libraries in _libdir. (bsc#1193179) - Update to 3.9.9: * Core and Builtins + bpo-30570: Fixed a crash in issubclass() from infinite recursion when searching pathological __bases__ tuples. + bpo-45494: Fix parser crash when reporting errors involving invalid continuation characters. Patch by Pablo Galindo. + bpo-45385: Fix reference leak from descr_check. Patch by Dong-hee Na. + bpo-45167: Fix deepcopying of types.GenericAlias objects. + bpo-44219: Release the GIL while performing isatty system calls on arbitrary file descriptors. In particular, this affects os.isatty(), os.device_encoding() and io.TextIOWrapper. By extension, io.open() in text mode is also affected. This change solves a deadlock in os.isatty(). Patch by Vincent Michel in bpo-44219. + bpo-44959: Added fallback to extension modules with '.sl' suffix on HP-UX + bpo-44050: Extensions that indicate they use global state (by setting m_size to -1) can again be used in multiple interpreters. This reverts to behavior of Python 3.8. + bpo-45121: Fix issue where Protocol.__init__ raises RecursionError when it's called directly or via super(). Patch provided by Yurii Karabas. + bpo-45083: When the interpreter renders an exception, its name now has a complete qualname. Previously only the class name was concatenated to the module name, which sometimes resulted in an incorrect full name being displayed. + bpo-45738: Fix computation of error location for invalid continuation characters in the parser. Patch by Pablo Galindo. + Library + bpo-45678: Fix bug in Python 3.9 that meant functools.singledispatchmethod failed to properly wrap the attributes of the target method. Patch by Alex Waygood. + bpo-45679: Fix caching of multi-value typing.Literal. Literal[True, 2] is no longer equal to Literal[1, 2]. + bpo-45438: Fix typing.Signature string representation for generic builtin types. + bpo-45581: sqlite3.connect() now correctly raises MemoryError if the underlying SQLite API signals memory error. Patch by Erlend E. Aasland. + bpo-39679: Fix bug in functools.singledispatchmethod that caused it to fail when attempting to register a classmethod() or staticmethod() using type annotations. Patch contributed by Alex Waygood. + bpo-45515: Add references to zoneinfo in the datetime documentation, mostly replacing outdated references to dateutil.tz. Change by Paul Ganssle. + bpo-45467: Fix incremental decoder and stream reader in the 'raw-unicode-escape' codec. Previously they failed if the escape sequence was split. + bpo-45461: Fix incremental decoder and stream reader in the 'unicode-escape' codec. Previously they failed if the escape sequence was split. + bpo-45239: Fixed email.utils.parsedate_tz() crashing with UnboundLocalError on certain invalid input instead of returning None. Patch by Ben Hoyt. + bpo-44904: Fix bug in the doctest module that caused it to fail if a docstring included an example with a classmethod property. Patch by Alex Waygood. + bpo-45406: Make inspect.getmodule() catch FileNotFoundError raised by :'func:inspect.getabsfile, and return None to indicate that the module could not be determined. + bpo-45262: Prevent use-after-free in asyncio. Make sure the cached running loop holder gets cleared on dealloc to prevent use-after-free in get_running_loop + bpo-45386: Make xmlrpc.client more robust to C runtimes where the underlying C strftime function results in a ValueError when testing for year formatting options. + bpo-45371: Fix clang rpath issue in distutils. The UnixCCompiler now uses correct clang option to add a runtime library directory (rpath) to a shared library. + bpo-20028: Improve error message of csv.Dialect when initializing. Patch by Vajrasky Kok and Dong-hee Na. + bpo-45343: Update bundled pip to 21.2.4 and setuptools to 58.1.0 + bpo-41710: On Unix, if the sem_clockwait() function is available in the C library (glibc 2.30 and newer), the threading.Lock.acquire() method now uses the monotonic clock (time.CLOCK_MONOTONIC) for the timeout, rather than using the system clock (time.CLOCK_REALTIME), to not be affected by system clock changes. Patch by Victor Stinner. + bpo-45328: Fixed http.client.HTTPConnection to work properly in OSs that don't support the TCP_NODELAY socket option. + bpo-1596321: Fix the threading._shutdown() function when the threading module was imported first from a thread different than the main thread: no longer log an error at Python exit. + bpo-45274: Fix a race condition in the Thread.join() method of the threading module. If the function is interrupted by a signal and the signal handler raises an exception, make sure that the thread remains in a consistent state to prevent a deadlock. Patch by Victor Stinner. + bpo-45238: Fix unittest.IsolatedAsyncioTestCase.debug(): it runs now asynchronous methods and callbacks. + bpo-36674: unittest.TestCase.debug() raises now a unittest.SkipTest if the class or the test method are decorated with the skipping decorator. + bpo-45235: Fix an issue where argparse would not preserve values in a provided namespace when using a subparser with defaults. + bpo-45234: Fixed a regression in copyfile(), copy(), copy2() raising FileNotFoundError when source is a directory, which should raise IsADirectoryError + bpo-45228: Fix stack buffer overflow in parsing J1939 network address. + bpo-45192: Fix the tempfile._infer_return_type function so that the dir argument of the tempfile functions accepts an object implementing the os.PathLike protocol. + bpo-45160: When tracing a tkinter variable used by a ttk OptionMenu, callbacks are no longer made twice. + bpo-35474: Calling mimetypes.guess_all_extensions() with strict=False no longer affects the result of the following call with strict=True. Also, mutating the returned list no longer affects the global state. + bpo-45166: typing.get_type_hints() now works with Final wrapped in ForwardRef. + bpo-45097: Remove deprecation warnings about the loop argument in asyncio incorrectly emitted in cases when the user does not pass the loop argument. + bpo-45081: Fix issue when dataclasses that inherit from typing.Protocol subclasses have wrong __init__. Patch provided by Yurii Karabas. + bpo-24444: Fixed an error raised in argparse help display when help for an option is set to 1+ blank spaces or when choices arg is an empty container. + bpo-45021: Fix a potential deadlock at shutdown of forked children when using concurrent.futures module + bpo-45030: Fix integer overflow in pickling and copying the range iterator. + bpo-39039: tarfile.open raises ReadError when a zlib error occurs during file extraction. + bpo-44594: Fix an edge case of ExitStack and AsyncExitStack exception chaining. They will now match with block behavior when __context__ is explicitly set to None when the exception is in flight. * Documentation + bpo-45726: Improve documentation for functools.singledispatch() and functools.singledispatchmethod. + bpo-45680: Amend the docs on GenericAlias objects to clarify that non-container classes can also implement __class_getitem__. Patch contributed by Alex Waygood. + bpo-45655: Add a new 'relevant PEPs' section to the top of the documentation for the typing module. Patch by Alex Waygood. + bpo-45604: Add level argument to multiprocessing.log_to_stderr function docs. + bpo-45464: Mention in the documentation of Built-in Exceptions that inheriting from multiple exception types in a single subclass is not recommended due to possible memory layout incompatibility. + bpo-45449: Add note about PEP 585 in collections.abc. + bpo-45516: Add protocol description to the importlib.abc.Traversable documentation. + bpo-20692: Add Programming FAQ entry explaining that int literal attribute access requires either a space after or parentheses around the literal. + bpo-45216: Remove extra documentation listing methods in difflib. It was rendering twice in pydoc and was outdated in some places. + bpo-45772: socket.socket documentation is corrected to a class from a function. + bpo-45392: Update the docstring of the type built-in to remove a redundant line and to mention keyword arguments for the constructor. * Tests + bpo-45578: Add tests for dis.distb() + bpo-45577: Add subtests for all pickle protocols in test_zoneinfo. + bpo-43592: test.libregrtest now raises the soft resource limit for the maximum number of file descriptors when the default is too low for our test suite as was often the case on macOS. + bpo-40173: Fix test.support.import_helper.import_fresh_module(). + bpo-45280: Add a test case for empty typing.NamedTuple. + bpo-45269: Cover case when invalid markers type is supplied to c_make_encoder. + bpo-45209: Fix UserWarning: resource_tracker warning in _test_multiprocessing._TestSharedMemory.test_shared_memory_cleaned_after_process_termination + bpo-45195: Fix test_readline.test_nonascii(): sometimes, the newline character is not written at the end, so don't expect it in the output. Patch by Victor Stinner. + bpo-45156: Fixes infinite loop on unittest.mock.seal() of mocks created by create_autospec(). + bpo-45042: Fixes that test classes decorated with @hashlib_helper.requires_hashdigest were skipped all the time. + bpo-45235: Reverted an argparse bugfix that caused regression in the handling of default arguments for subparsers. This prevented leaf level arguments from taking precedence over root level arguments. + bpo-45765: In importlib.metadata, fix distribution discovery for an empty path. + bpo-45644: In-place JSON file formatting using python3 -m json.tool infile infile now works correctly, previously it left the file empty. Patch by Chris Wesseling. * Build + bpo-43158: setup.py now uses values from configure script to build the _uuid extension module. Configure now detects util-linux's libuuid, too. + bpo-45571: Modules/Setup now use PY_CFLAGS_NODIST instead of PY_CFLAGS to compile shared modules. + bpo-45532: Update sys.version to use main as fallback information. Patch by Jeong YunWon. + bpo-45405: Prevent internal configure error when running configure with recent versions of non-Apple clang. Patch by David Bohman. + bpo-45220: Avoid building with the Windows 11 SDK previews automatically. This may be overridden by setting the DefaultWindowsSDKVersion environment variable before building. * C API + bpo-44687: BufferedReader.peek() no longer raises ValueError when the entire file has already been buffered. + bpo-44751: Remove crypt.h include from the public Python.h header. - rpm-build-python dependency is available on the current Factory, not with SLE. - BuildRequire rpm-build-python: The provider to inject python(abi) has been moved there. rpm-build pulls rpm-build-python automatically in when building anything against python3-base, but this implies that the initial build of python3-base does not trigger the automatic installation. - Update to 3.9.7: - Security - Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition. - Add auditing events to the marshal module, and stop raising code.__init__ events for every unmarshalled code object. Directly instantiated code objects will continue to raise an event, and audit event handlers should inspect or collect the raw marshal data. This reduces a significant performance overhead when loading from .pyc files. - Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection. - Core and Builtins - Fixed pickling of range iterators that iterated for over 2**32 times. - Fix a race in WeakKeyDictionary, WeakValueDictionary and WeakSet when two threads attempt to commit the last pending removal. This fixes asyncio.create_task and fixes a data loss in asyncio.run where shutdown_asyncgens is not run - Fixed a corner case bug where the result of float.fromhex('0x.8p-1074') was rounded the wrong way. - Refine the syntax error for trailing commas in import statements. Patch by Pablo Galindo. - Restore behaviour of complex exponentiation with integer-valued exponent of type float or complex. - Correct the ast locations of f-strings with format specs and repeated expressions. Patch by Pablo Galindo - Use new trashcan macros (Py_TRASHCAN_BEGIN/END) in frameobject.c instead of the old ones (Py_TRASHCAN_SAFE_BEGIN/END). - Fix segmentation fault with deep recursion when cleaning method objects. Patch by Augusto Goulart and Pablo Galindo. - Fix bug where PyErr_SetObject hangs when the current exception has a cycle in its context chain. - Fix reference leaks in the error paths of update_bases() and __build_class__. Patch by Pablo Galindo. - Fix undefined behaviour in complex object exponentiation. - Remove uses of PyObject_GC_Del() in error path when initializing types.GenericAlias. - Remove the pass-through for hash() of weakref.proxy objects to prevent unintended consequences when the original referred object dies while the proxy is part of a hashable object. Patch by Pablo Galindo. - Fix ltrace functionality when exceptions are raised. Patch by Pablo Galindo - Fix a crash at Python exit when a deallocator function removes the last strong reference to a heap type. Patch by Victor Stinner. - Fix crash when using passing a non-exception to a generator's throw() method. Patch by Noah Oxer - Library - run() now always return a TestResult instance. Previously it returned None if the test class or method was decorated with a skipping decorator. - Fix bugs in cleaning up classes and modules in unittest: - Functions registered with addModuleCleanup() were not called unless the user defines tearDownModule() in their test module. - Functions registered with addClassCleanup() were not called if tearDownClass is set to None. - Buffering in TestResult did not work with functions registered with addClassCleanup() and addModuleCleanup(). - Errors in functions registered with addClassCleanup() and addModuleCleanup() were not handled correctly in buffered and debug modes. - Errors in setUpModule() and functions registered with addModuleCleanup() were reported in wrong order. - And several lesser bugs. - Made email date parsing more robust against malformed input, namely a whitespace-only Date: header. Patch by Wouter Bolsterlee. - Fix a crash in the signal handler of the faulthandler module: no longer modify the reference count of frame objects. Patch by Victor Stinner. - Method stopTestRun() is now always called in pair with method startTestRun() for TestResult objects implicitly created in run(). Previously it was not called for test methods and classes decorated with a skipping decorator. - argparse.BooleanOptionalAction's default value is no longer printed twice when used with argparse.ArgumentDefaultsHelpFormatter. - Upgrade bundled pip to 21.2.3 and setuptools to 57.4.0 - Fix the os.set_inheritable() function on FreeBSD 14 for file descriptor opened with the O_PATH flag: ignore the EBADF error on ioctl(), fallback on the fcntl() implementation. Patch by Victor Stinner. - The @functools.total_ordering() decorator now works with metaclasses. - sqlite3 user-defined functions and aggregators returning strings with embedded NUL characters are no longer truncated. Patch by Erlend E. Aasland. - Always show loop= arg deprecations in asyncio.gather() and asyncio.sleep() - Non-protocol subclasses of typing.Protocol ignore now the __init__ method inherited from protocol base classes. - The tokenize.tokenize() doesn't incorrectly generate a NEWLINE token if the source doesn't end with a new line character but the last line is a comment, as the function is already generating a NL token. Patch by Pablo Galindo - Fix http.client.HTTPSConnection fails to download >2GiB data. - rcompleter does not call getattr() on property objects to avoid the side-effect of evaluating the corresponding method. - weakref.proxy objects referencing non-iterators now raise TypeError rather than dereferencing the null tp_iternext slot and crashing. - The implementation of collections.abc.Set._hash() now matches that of frozenset.__hash__(). - Fixed issue in compileall.compile_file() when sys.stdout is redirected. Patch by Stefan Hölzl. - Give priority to using the current class constructor in inspect.signature(). Patch by Weipeng Hong. - Fix memory leak in _tkinter._flatten() if it is called with a sequence or set, but not list or tuple. - Update shutil.copyfile() to raise FileNotFoundError instead of confusing IsADirectoryError when a path ending with a os.path.sep does not exist; shutil.copy() and shutil.copy2() are also affected. - handle StopIteration subclass raised from @contextlib.contextmanager generator - Make the implementation consistency of indexOf() between C and Python versions. Patch by Dong-hee Na. - Fixes TypedDict to work with typing.get_type_hints() and postponed evaluation of annotations across modules. - Fix bug with pdb's handling of import error due to a package which does not have a __main__ module - Fixed an exception thrown while parsing a malformed multipart email by email.message.EmailMessage. - pathlib.PureWindowsPath.is_reserved() now identifies a greater range of reserved filenames, including those with trailing spaces or colons. - Handle exceptions from parsing the arg of pdb's run/restart command. - The sqlite3 context manager now performs a rollback (thus releasing the database lock) if commit failed. Patch by Luca Citi and Erlend E. Aasland. - Improved string handling for sqlite3 user-defined functions and aggregates: - It is now possible to pass strings with embedded null characters to UDFs - Conversion failures now correctly raise MemoryError - Patch by Erlend E. Aasland. - Handle RecursionError in TracebackException's constructor, so that long exceptions chains are truncated instead of causing traceback formatting to fail. - Fix email.message.EmailMessage.set_content() when called with binary data and 7bit content transfer encoding. - The compresslevel and preset keyword arguments of tarfile.open() are now both documented and tested. - Fixed a Y2k38 bug in the compileall module where it would fail to compile files with a modification time after the year 2038. - Fix test___all__ on platforms lacking a shared memory implementation. - Pass multiprocessing BaseProxy argument manager_owned through AutoProxy. - email.utils.getaddresses() now accepts email.header.Header objects along with string values. Patch by Zackery Spytz. - lib2to3 now recognizes async generators everywhere. - Fix TypeError when required subparsers without dest do not receive arguments. Patch by Anthony Sottile. - Documentation - Removed the othergui.rst file, any references to it, and the list of GUI frameworks in the FAQ. In their place I've added links to the Python Wiki page on GUI frameworks. - Update the definition of __future__ in the glossary by replacing the confusing word 'pseudo-module' with a more accurate description. - Add typical examples to os.path.splitext docs - Clarify that shutil.make_archive() is not thread-safe due to reliance on changing the current working directory. - Update of three expired hyperlinks in Doc/distributing/index.rst: 'Project structure', 'Building and packaging the project', and 'Uploading the project to the Python Packaging Index'. - Updated the docstring and docs of filecmp.cmp() to be more accurate and less confusing especially in respect to shallow arg. - Match the docstring and python implementation of countOf() to the behavior of its c implementation. - List all kwargs for textwrap.wrap(), textwrap.fill(), and textwrap.shorten(). Now, there are nav links to attributes of TextWrap, which makes navigation much easier while minimizing duplication in the documentation. - Clarify that atexit uses equality comparisons internally. - Documentation of csv.Dialect is more descriptive. - Fix documentation for the return type of sysconfig.get_path(). - Add a 'Security Considerations' index which links to standard library modules that have explicitly documented security considerations. - Remove the unqualified claim that tkinter is threadsafe. It has not been true for several years and likely never was. An explanation of what is true may be added later, after more discussion, and possibly after patching _tkinter.c, - Tests - Add calls of gc.collect() in tests to support PyPy. - Made tests relying on the _asyncio C extension module optional to allow running on alternative Python implementations. Patch by Serhiy Storchaka. - Fix auto history tests of test_readline: sometimes, the newline character is not written at the end, so don't expect it in the output. - Add ability to wholesale silence DeprecationWarnings while running the regression test suite. - Notify users running test_decimal regression tests on macOS of potential harmless 'malloc can't allocate region' messages spewed by test_decimal. - Fixed floating point precision issue in turtle tests. - Regression tests, when run with -w, are now re-running only the affected test methods instead of re-running the entire test file. - Add test for nested queues when using multiprocessing shared objects AutoProxy[Queue] inside ListProxy and DictProxy - Add building with --with-system-libmpdec option (bsc#1189356). - test_faulthandler is still problematic under qemu linux-user emulation, disable it there - Reenable profileopt with qemu emulation, test_faulthandler is no longer run during profiling - bpo-44022 (bsc#1189241, CVE-2021-3737): http.client now avoids infinitely reading potential HTTP headers after a 100 Continue status response from the server. - bpo-43075 (CVE-2021-3733, bsc#1189287): Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1490-1 Released: Tue May 3 07:06:10 2022 Summary: Recommended update for liblangtag Type: recommended Severity: important References: 1197767 This update for liblangtag fixes the following issues: - Fix build of future service packs of SUSE Linux Enterprise 15 (bsc#1197767) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1491-1 Released: Tue May 3 07:09:44 2022 Summary: Recommended update for psmisc Type: recommended Severity: moderate References: 1194172 This update for psmisc fixes the following issues: - Add a fallback if the system call name_to_handle_at() is not supported by the used file system. - Replace the synchronizing over pipes of the sub process for the stat(2) system call with mutex and conditions from pthreads(7) (bsc#1194172) - Use statx(2) or SYS_statx system call to replace the stat(2) system call and avoid the sub process (bsc#1194172) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:1492-1 Released: Tue May 3 07:11:20 2022 Summary: Optional update for SUSE Package Hub Type: optional Severity: moderate References: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: libdvdread ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:1493-1 Released: Tue May 3 07:13:58 2022 Summary: Optional update for SUSE Package Hub Type: optional Severity: moderate References: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: a52dec ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:1494-1 Released: Tue May 3 07:16:18 2022 Summary: Optional update for SUSE Package Hub Type: optional Severity: moderate References: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: hp-drive-guard, upower ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1496-1 Released: Tue May 3 07:26:18 2022 Summary: Recommended update for kvm_stat Type: recommended Severity: moderate References: 1178493,1185945 This update for kvm_stat fixes the following issues: - Add an appropriate delay in the unit file to ensure kvm module is properly loaded (bsc#1185945) - Add a dummy -rebuild package: give OBS/Tumbleweed a hint to tell when this package needs a rebuild (bsc#1178493) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1497-1 Released: Tue May 3 09:31:03 2022 Summary: Recommended update for yast2-bootloader Type: recommended Severity: moderate References: 1187690,1197192 This update for yast2-bootloader fixes the following issue: - AutoYaST: do not clone device for hibernation and also check during autoinstallation if device for hibernation exists and if not then use proposed one. (bsc#1187690, bsc#1197192) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1500-1 Released: Tue May 3 09:31:40 2022 Summary: Recommended updates for jetty-artifact-remote-resources, jboss-logging Type: recommended Severity: low References: 1197642 This update for jetty-artifact-remote-resources, jboss-logging fixes the following issues: - Do not require mvn(log4j:log4j) for build. (bsc#1197642) - Do not build against the log4j12 packages. - Update jboss-logging to 3.4.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1501-1 Released: Tue May 3 09:32:00 2022 Summary: Recommended update for python-uamqp Type: recommended Severity: moderate References: 1197848 This update for python-uamqp fixes the following issues: - python-uamqp won't compile on SP4 (bsc#1197848) - Only build Python3 flavors for distributions 15 and greater ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1503-1 Released: Tue May 3 11:49:28 2022 Summary: Recommended update for rpmlint Type: recommended Severity: moderate References: 1198693,1199006 This update for rpmlint fixes the following issues: - whitelist kcron (bsc#1199006) - whitelisted power-profiles-daemon (bsc#1198693). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1506-1 Released: Tue May 3 16:08:08 2022 Summary: Security update for xen Type: security Severity: moderate References: 1197423,1197425,1197426,CVE-2022-26356,CVE-2022-26357,CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361 This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host (bsc#1197423). - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to a denial of service in the host (bsc#1197425). - CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be leveraged by an attacker to cause a denial of service in the host (bsc#1197426). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1510-1 Released: Tue May 3 16:08:55 2022 Summary: Security update for amazon-ssm-agent Type: security Severity: important References: 1196556,CVE-2022-29527 This update for amazon-ssm-agent fixes the following issues: - CVE-2022-29527: Fixed unsafe file creation mode of ssm-agent-users sudoer file (bsc#1196556). Update to version 3.1.1260.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1512-1 Released: Tue May 3 16:11:28 2022 Summary: Security update for ruby2.5 Type: security Severity: important References: 1188160,1188161,1190375,1193035,1198441,CVE-2021-31799,CVE-2021-31810,CVE-2021-32066,CVE-2021-41817,CVE-2022-28739 This update for ruby2.5 fixes the following issues: - CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion (bsc#1198441). - CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods (bsc#1193035). - CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). - CVE-2021-31810: Fixed a trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-31799: Fixed a command injection vulnerability in RDoc (bsc#1190375). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1513-1 Released: Tue May 3 16:13:25 2022 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1198671,1198672,1198673,1198674,1198675,CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21476,CVE-2022-21496 This update for java-11-openjdk fixes the following issues: - CVE-2022-21426: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198672). - CVE-2022-21434: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198674). - CVE-2022-21496: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198673). - CVE-2022-21443: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198675). - CVE-2022-21476: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198671). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1515-1 Released: Wed May 4 10:24:10 2022 Summary: Security update for rubygem-puma Type: security Severity: important References: 1188527,1191681,1196222,CVE-2021-29509,CVE-2021-41136,CVE-2022-23634 This update for rubygem-puma fixes the following issues: rubygem-puma was updated to version 4.3.11: * CVE-2021-29509: Adjusted an incomplete fix for allows Denial of Service (DoS) (bsc#1188527) * CVE-2021-41136: Fixed request smuggling if HTTP header value contains the LF character (bsc#1191681) * CVE-2022-23634: Fixed information leak between requests (bsc#1196222) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1516-1 Released: Wed May 4 10:25:15 2022 Summary: Security update for libwmf Type: security Severity: important References: 1006739,1123522,1174075,CVE-2016-9011,CVE-2019-6978 This update for libwmf fixes the following issues: libwmf was updated to 0.2.12: * upstream changed to fork from Fedora: https://github.com/caolanm/libwmf * merged all the pending fixes * merge in fixes for libgd CVE-2019-6978 (bsc#1123522) * fixed memory allocation failure (CVE-2016-9011) * Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1517-1 Released: Wed May 4 10:25:51 2022 Summary: Recommended update for lksctp-tools Type: recommended Severity: moderate References: 1133097,1197590 This update for lksctp-tools fixes the following issues: Update to version 1.0.17 (bsc#1197590) * sctp_test: fix hostname resolution * man: remove sysctl listing from sctp.7 * Fix recieved->received typos * Fix usage help for sctp_test * test_1_to_1_accept_close: also expect EACCES when accept on an established socket * lksctp-tools: make bind_test can do while disable IPV6 * libsctp: add pkg-config support ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1518-1 Released: Wed May 4 11:42:04 2022 Summary: Recommended update for sanlock Type: recommended Severity: important References: 1197853 This update for sanlock fixes the following issues: - Add libuuid as a build requirement to fix build issues on future SUSE Linux Enterprise Service Packs (bsc#1197853) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:1519-1 Released: Wed May 4 12:11:57 2022 Summary: Feature update for python-contextvars, python-immutables Type: feature Severity: moderate References: This feature update for python-contextvars, python-immutables fixes the following issues: python-immutables: - Provide python-immutables version 0.11 in SUSE Linux Enterprise 15 (jsc#SLE-24404) python-contextvars: - Provide python-contextvars version 2.4 in SUSE Linux Enterprise 15 (jsc#SLE-24404) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1522-1 Released: Wed May 4 13:29:49 2022 Summary: Recommended update for NetworkManager Type: recommended Severity: moderate References: 1195173,1195222 This update for NetworkManager fixes the following issues: - Backport upstream fixes to implement RFC 8106. (bsc#1195173) - ndisc: don't artificially extend the lifetime of DNSSL/RDNSS options. (bsc#1195222) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1524-1 Released: Wed May 4 13:46:39 2022 Summary: Security update for apache2-mod_auth_mellon Type: security Severity: moderate References: 1188926,CVE-2021-3639 This update for apache2-mod_auth_mellon fixes the following issues: - CVE-2021-3639: Fixed open Redirect vulnerability in logout URLs (bsc#1188926) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1541-1 Released: Wed May 4 17:35:16 2022 Summary: Security update for pgadmin4 Type: security Severity: important References: 1197143,CVE-2022-0959 This update for pgadmin4 fixes the following issues: - CVE-2022-0959: Fixed an unrestricted file upload (bsc#1197143). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1542-1 Released: Wed May 4 23:37:33 2022 Summary: Recommended update for sblim-sfcb Type: recommended Severity: moderate References: 1190107 This update for sblim-sfcb fixes the following issues: - Add config option to optionally disable TLSv1.2 (bsc#1190107) - Enable TLS v1.3 by removing explicit curve selection. This should not be required for OpenSSL 1.1.0+ (bsc#1190107) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1544-1 Released: Thu May 5 11:52:22 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1195011,1195508,1197967 This update for dracut fixes the following issues: - fix(dracut-install): copy files preserving ownership attributes (bsc#1197967) - fix(dracut-systemd): do not require vconsole-setup.service (bsc#1195508) - fix(dracut-functions.sh): ip route parsing (bsc#1195011) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1548-1 Released: Thu May 5 16:45:28 2022 Summary: Security update for tar Type: security Severity: moderate References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1549-1 Released: Thu May 5 16:45:52 2022 Summary: Security update for libvirt Type: security Severity: moderate References: 1193364,1196625,1197636,CVE-2022-0897 This update for libvirt fixes the following issues: - CVE-2022-0897: Fixed a crash in nwfilter when counting number of network filters (bsc#1197636). The following non-security bugs were fixed: - qemu: Improve save operation by increasing pipe size c61d1e9b-virfile-set-pipe-size.patch, 47d6d185-virfile-fix-indent.patch, cd7acb33-virfile-report-error.patch bsc#1196625 - qemu: Directly query KVM for TSC scaling support 5df2c492-use-kvm-for-tsc-scaling.patch bsc#1193364 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1551-1 Released: Fri May 6 09:43:46 2022 Summary: Recommended update for go1.18 Type: recommended Severity: moderate References: This update for go1.18 fixes the following issues: - Remove remaining use of gold linker when bootstrapping with gccgo. * History: go1.8.3 2017-06-18 added conditional if gccgo defined BuildRequires: binutils-gold for arches other than s390x * No information available why binutils-gold was used initially * Unrelated to upstream recent hardcoded gold dependency for ARM ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:1553-1 Released: Fri May 6 12:42:08 2022 Summary: Optional update for SUSE Package Hub Type: optional Severity: moderate References: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: gom ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:1554-1 Released: Fri May 6 12:43:36 2022 Summary: Optional update for SUSE Package Hub Type: optional Severity: moderate References: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: gtkmm2, atkmm1_6, pangomm1_4, cairomm1_0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1555-1 Released: Fri May 6 12:51:35 2022 Summary: Recommended update for amavisd-new Type: recommended Severity: moderate References: 1185145 This update for amavisd-new fixes the following issues: - Removed deprecated option 'syslog' used in amavis.service (bsc#1185145) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1556-1 Released: Fri May 6 12:54:09 2022 Summary: Recommended update for xkeyboard-config Type: recommended Severity: moderate References: 1188867 This update for xkeyboard-config fixes the following issues: - Add French standardized AZERTY layout (AFNOR: NF Z71-300) (bsc#1188867) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1558-1 Released: Fri May 6 12:56:45 2022 Summary: Recommended update for perf Type: recommended Severity: important References: 1198077 This update for perf fixes the following issues: - Support for PowerPC exposing Performance Monitor Counter SPRs as part of extended regs (bsc#1198077) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1559-1 Released: Fri May 6 12:58:29 2022 Summary: Recommended update for ovmf Type: recommended Severity: important References: 1197458 This update for ovmf fixes the following issues: - Set TPM2_ENABLE and TPM2_CONFIG_ENABLE because it's needed by ARM (bsc#1197458) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1561-1 Released: Fri May 6 14:51:35 2022 Summary: Recommended update for python-kiwi Type: recommended Severity: moderate References: 1192523 This update for python-kiwi fixes the following issue: - Fix booting GRUB submenu entries with hybrid images (linux/linuxefi) Variables assigned with 'set' are not visible in submenus. Export $linux and $initrd, so that they also work in submenu entries. (bsc#1192523) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1565-1 Released: Fri May 6 17:09:36 2022 Summary: Security update for giflib Type: security Severity: moderate References: 1094832,1146299,1184123,974847,CVE-2016-3977,CVE-2018-11490,CVE-2019-15133 This update for giflib fixes the following issues: - CVE-2019-15133: Fixed a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero (bsc#1146299). - CVE-2018-11490: Fixed a heap-based buffer overflow in DGifDecompressLine function in dgif_lib.c (bsc#1094832). - CVE-2016-3977: Fixed a heap buffer overflow in gif2rgb (bsc#974847). Update to version 5.2.1 * In gifbuild.c, avoid a core dump on no color map. * Restore inadvertently removed library version numbers in Makefile. Changes in version 5.2.0 * The undocumented and deprecated GifQuantizeBuffer() entry point has been moved to the util library to reduce libgif size and attack surface. Applications needing this function are couraged to link the util library or make their own copy. * The following obsolete utility programs are no longer installed: gifecho, giffilter, gifinto, gifsponge. These were either installed in error or have been obsolesced by modern image-transformmation tools like ImageMagick convert. They may be removed entirely in a future release. * Address SourceForge issue #136: Stack-buffer-overflow in gifcolor.c:84 * Address SF bug #134: Giflib fails to slurp significant number of gifs * Apply SPDX convention for license tagging. Changes in version 5.1.9 * The documentation directory now includes an HTMlified version of the GIF89 standard, and a more detailed description of how LZW compression is applied to GIFs. * Address SF bug #129: The latest version of giflib cannot be build on windows. * Address SF bug #126: Cannot compile giflib using c89 Changes in version 5.1.8 * Address SF bug #119: MemorySanitizer: FPE on unknown address (CVE-2019-15133 bsc#1146299) * Address SF bug #125: 5.1.7: xmlto is still required for tarball * Address SF bug #124: 5.1.7: ar invocation is not crosscompile compatible * Address SF bug #122: 5.1.7 installs manpages to wrong directory * Address SF bug #121: make: getversion: Command not found * Address SF bug #120: 5.1.7 does not build a proper library - no Changes in version 5.1.7 * Correct a minor packaging error (superfluous symlinks) in the 5.1.6 tarballs. Changes in version 5.1.6 * Fix library installation in the Makefile. Changes in version 5.1.5 * Fix SF bug #114: Null dereferences in main() of gifclrmp * Fix SF bug #113: Heap Buffer Overflow-2 in function DGifDecompressLine() in cgif.c. This had been assigned (CVE-2018-11490 bsc#1094832). * Fix SF bug #111: segmentation fault in PrintCodeBlock * Fix SF bug #109: Segmentation fault of giftool reading a crafted file * Fix SF bug #107: Floating point exception in giftext utility * Fix SF bug #105: heap buffer overflow in DumpScreen2RGB in gif2rgb.c:317 * Fix SF bug #104: Ineffective bounds check in DGifSlurp * Fix SF bug #103: GIFLIB 5.1.4: DGifSlurp fails on empty comment * Fix SF bug #87: Heap buffer overflow in 5.1.2 (gif2rgb). (CVE-2016-3977 bsc#974847) * The horrible old autoconf build system has been removed with extreme prejudice. You now build this simply by running 'make' from the top-level directory. The following non-security bugs were fixed: - build path independent objects and inherit CFLAGS from the build system (bsc#1184123) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1566-1 Released: Sat May 7 12:33:28 2022 Summary: Recommended update for go1.17 Type: recommended Severity: moderate References: This update for go1.17 fixes the following issues: - Remove remaining use of gold linker when bootstrapping with gccgo. * History: go1.8.3 2017-06-18 added conditional if gccgo defined BuildRequires: binutils-gold for arches other than s390x * No information available why binutils-gold was used initially * Unrelated to upstream recent hardcoded gold dependency for ARM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1576-1 Released: Mon May 9 13:44:45 2022 Summary: Security update for ldb Type: security Severity: low References: 1198397,CVE-2021-3670 This update for ldb fixes the following issues: - Update to version 2.4.2 - CVE-2021-3670: Fixed an issue where the LDAP server MaxQueryDuration value would not be honoured (bsc#1198397). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1579-1 Released: Mon May 9 17:22:05 2022 Summary: Recommended update for MozillaFirefox Type: recommended Severity: important References: 1198970,CVE-2022-29909,CVE-2022-29911,CVE-2022-29912,CVE-2022-29914,CVE-2022-29916,CVE-2022-29917 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.9.0 ESR MFSA 2022-17 (bsc#1198970) * CVE-2022-29914: Fullscreen notification bypass using popups * CVE-2022-29909: Bypassing permission prompt in nested browsing contexts * CVE-2022-29916: Leaking browser history with CSS variables * CVE-2022-29911: iframe Sandbox bypass * CVE-2022-29912: Reader mode bypassed SameSite cookies * CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1583-1 Released: Mon May 9 17:42:50 2022 Summary: Security update for rsyslog Type: security Severity: important References: 1199061,CVE-2022-24903 This update for rsyslog fixes the following issues: - CVE-2022-24903: Fixed potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:1594-1 Released: Tue May 10 05:29:06 2022 Summary: Optional update for SUSE Package Hub Type: optional Severity: moderate References: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: stoken ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1595-1 Released: Tue May 10 05:30:16 2022 Summary: Recommended update for libnss_nis Type: recommended Severity: important References: 1197768 This update for libnss_nis fixes the following issues: - Fix build issues occurring on SUSE Linux Enterprise 15 Service Pack 4 (bsc#1197768) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1625-1 Released: Tue May 10 15:54:43 2022 Summary: Recommended update for python-python3-saml Type: recommended Severity: moderate References: 1197846 This update for python-python3-saml fixes the following issues: - Update expiry dates for responses. (bsc#1197846) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1627-1 Released: Tue May 10 15:55:42 2022 Summary: Recommended update for cluster-glue Type: recommended Severity: moderate References: 1197681 This update for cluster-glue fixes the following issues: - Fix for comment in external ec2 (bsc#1197681) - Support IMDSv2 in EC2 stonith agent. (jsc#SLE-23490, jsc#SLE-23491, jsc#SLE-23492, jsc#SLE-23494) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1642-1 Released: Wed May 11 12:58:46 2022 Summary: Recommended update for u-boot Type: recommended Severity: moderate References: 1197627 This update for u-boot fixes the following issue: - Fix USB stall that causes reboot with some devices on RPi (bsc#1197627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1643-1 Released: Thu May 12 07:37:50 2022 Summary: Recommended update for linuxrc Type: recommended Severity: moderate References: 1196061 This update for linuxrc fixes the following issues: - Do not leave repository mounted when starting yast (bsc#1196061) - Improve url logging function - Handle umount errors better - Check RAID devices for install repository (bsc#1196061) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1644-1 Released: Thu May 12 07:57:26 2022 Summary: Security update for clamav Type: security Severity: important References: 1199242,1199244,1199245,1199246,1199274,CVE-2022-20770,CVE-2022-20771,CVE-2022-20785,CVE-2022-20792,CVE-2022-20796 This update for clamav fixes the following issues: - CVE-2022-20770: Fixed a possible infinite loop vulnerability in the CHM file parser (bsc#1199242). - CVE-2022-20796: Fixed a possible NULL-pointer dereference crash in the scan verdict cache check (bsc#1199246). - CVE-2022-20771: Fixed a possible infinite loop vulnerability in the TIFF file parser (bsc#1199244). - CVE-2022-20785: Fixed a possible memory leak in the HTML file parser / Javascript normalizer (bsc#1199245). - CVE-2022-20792: Fixed a possible multi-byte heap buffer overflow write vulnerability in the signature database load module (bsc#1199274). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1656-1 Released: Fri May 13 15:38:02 2022 Summary: Recommended update for llvm7 Type: recommended Severity: moderate References: 1197775 This update for llvm7 fixes the following issues: - Backport fixes and changes from Factory. (bsc#1197775) - Drop RUNPATH from packaged binaries, instead set LD_LIBRARY_PATH for building and testing to simulate behavior of actual package. - Fix build with linux-glibc-devel 5.13. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1659-1 Released: Fri May 13 15:41:32 2022 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1189517,1195115 This update for cups fixes the following issues: - CUPS printservice takes much longer than before with a big number of printers (bsc#1189517) - CUPS PreserveJobHistory doesn't work with seconds (bsc#1195115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1660-1 Released: Fri May 13 15:42:21 2022 Summary: Recommended update for publicsuffix Type: recommended Severity: low References: 1198068 This update for publicsuffix fixes the following issue: - Update to version 20220405 (bsc#1198068) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1661-1 Released: Mon May 16 09:24:18 2022 Summary: Recommended update for rust, rust1.60 Type: recommended Severity: moderate References: This update for rust, rust1.60 fixes the following issues: rust1.60 is shipped with this update. Version 1.60.0 (2022-04-07) ========================== Language -------- - Stabilize cfg(panic = '...') for either 'unwind' or 'abort'. - Stabilize cfg(target_has_atomic = '...') for each integer size and 'ptr'. Compiler -------- - Enable combining +crt-static and relocation-model=pic on x86_64-unknown-linux-gnu - Fixes wrong unreachable_pub lints on nested and glob public reexport - Stabilize -Z instrument-coverage as -C instrument-coverage - Stabilize -Z print-link-args as --print link-args - Add new Tier 3 target mips64-openwrt-linux-musl\* - Add new Tier 3 target armv7-unknown-linux-uclibceabi (softfloat)\* - Fix invalid removal of newlines from doc comments - Add kernel target for RustyHermit - Deny mixing bin crate type with lib crate types - Make rustc use RUST_BACKTRACE=full by default * Refer to Rust's platform support page for more information on Rust's tiered platform support. Libraries --------- - Guarantee call order for sort_by_cached_key - Improve Duration::try_from_secs_f32/f64 accuracy by directly processing exponent and mantissa - Make Instant::{duration_since, elapsed, sub} saturating - Remove non-monotonic clocks workarounds in Instant::now - Make BuildHasherDefault, iter::Empty and future::Pending covariant Stabilized APIs -------------- - Arc::new_cyclic - Rc::new_cyclic - slice::EscapeAscii - <[u8]>::escape_ascii - u8::escape_ascii - Vec::spare_capacity_mut - MaybeUninit::assume_init_drop - MaybeUninit::assume_init_read - i8::abs_diff - i16::abs_diff - i32::abs_diff - i64::abs_diff - i128::abs_diff - isize::abs_diff - u8::abs_diff - u16::abs_diff - u32::abs_diff - u64::abs_diff - u128::abs_diff - usize::abs_diff - Display for io::ErrorKind - From for ExitCode] - Not for ! (the 'never' type) - _Op_Assign<$t> for Wrapping<$t> - arch::is_aarch64_feature_detected! Cargo ----- - Port cargo from toml-rs to toml_edit - Stabilize -Ztimings as --timings - Stabilize namespaced and weak dependency features. - Accept more cargo:rustc-link-arg-* types from build script output. - cargo-new should not add ignore rule on Cargo.lock inside subdirs Misc ---- - Ship docs on Tier 2 platforms by reusing the closest Tier 1 platform docs - Drop rustc-docs from complete profile - bootstrap: tidy up flag handling for llvm build Compatibility Notes ------------------- - Mitigations for platforms with non-monotonic clocks have been removed from Instant::now. On platforms that don't provide monotonic clocks, an instant is not guaranteed to be greater than an earlier instant anymore. - Instant::{duration_since, elapsed, sub} do not panic anymore on underflow, saturating to 0 instead. In the real world the panic happened mostly on platforms with buggy monotonic clock implementations rather than catching programming errors like reversing the start and end times. Such programming errors will now results in 0 rather than a panic. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:1663-1 Released: Mon May 16 09:51:22 2022 Summary: Optional update for SUSE Package Hub Type: optional Severity: moderate References: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: meanwhile ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1665-1 Released: Mon May 16 10:01:45 2022 Summary: Security update for pidgin Type: security Severity: important References: 1199025,CVE-2022-26491 This update for pidgin fixes the following issues: - CVE-2022-26491: Fixed MITM vulnerability when DNSSEC wasn't used (bsc#1199025). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1666-1 Released: Mon May 16 10:02:23 2022 Summary: Security update for slurm Type: security Severity: important References: 1199278,1199279,CVE-2022-29500,CVE-2022-29501 This update for slurm fixes the following issues: - CVE-2022-29500: Fixed architectural flaw that could have been exploited to allow an unprivileged user to execute arbitrary processes as root (bsc#1199278). - CVE-2022-29501: Fixed a problem that an unprivileged user could have sent data to arbitrary unix socket as root (bsc#1199279). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1676-1 Released: Mon May 16 10:13:43 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1028340,1065729,1071995,1121726,1137728,1152489,1177028,1179878,1182073,1183723,1187055,1191647,1193556,1193842,1195926,1196018,1196114,1196367,1196514,1196639,1196942,1197157,1197391,1197656,1197660,1197914,1197926,1198217,1198330,1198400,1198413,1198437,1198448,1198484,1198515,1198516,1198660,1198742,1198825,1199012,1199024,CVE-2020-27835,CVE-2021-0707,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-4154,CVE-2022-0812,CVE-2022-1158,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-28356,CVE-2022-28748,CVE-2022-28893,CVE-2022-29156 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-27835: Fixed a use after free vulnerability in infiniband hfi1 driver in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). - CVE-2021-0707: Fixed a use after free vulnerability in dma_buf_release of dma-buf.c, which may lead to local escalation of privilege with no additional execution privileges needed (bnc#1198437). - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2021-4154: Fixed a use-after-free vulnerability in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c, allowing a local privilege escalation by an attacker with user privileges by exploiting the fsconfig syscall parameter, leading to a container breakout and a denial of service on the system (bnc#1193842). - CVE-2022-0812: Fixed information leak when a file is read from RDMA (bsc#1196639) - CVE-2022-1158: Fixed a vulnerability in the kvm module that may lead to a use-after-free write or denial of service (bsc#1197660). - CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2022-28356: Fixed a refcount leak bug in net/llc/af_llc.c (bnc#1197391). - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018). - CVE-2022-28893: Fixed a use after free vulnerability in inet_put_port where some sockets are not closed before xs_xprt_free() (bsc#1198330). - CVE-2022-29156: Fixed a double free vulnerability related to rtrs_clt_dev_release.ate (jsc#SLE-15176 bsc#1198515). The following non-security bugs were fixed: - ACPI/APEI: Limit printable size of BERT table data (git-fixes). - ACPI: processor idle: Check for architectural support for LPI (git-fixes). - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes). - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes). - ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes). - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes). - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes). - ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes). - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes). - ALSA: usb-audio: Increase max buffer size (git-fixes). - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes). - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes). - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes). - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes). - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes). - ASoC: soc-compress: Change the check for codec_dai (git-fixes). - ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes). - ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes). - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes). - Bluetooth: Fix use after free in hci_send_acl (git-fixes). - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes). - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes). - Documentation: add link to stable release candidate tree (git-fixes). - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes). - IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes). - PCI: aardvark: Fix support for MSI interrupts (git-fixes). - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes). - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes). - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes). - RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449). - RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175). - RDMA/mlx5: Do not remove cache MRs when a delay is needed (jsc#SLE-15175). - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (jsc#SLE-15175). - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (git-fixes). - SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes). - SUNRPC: Handle low memory situations in call_status() (git-fixes). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - USB: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: simple: add Nokia phone driver (git-fixes). - USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - USB: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes). - USB: gadget: uvc: Fix crash when encoding data for usb request (git-fixes). - adm8211: fix error return code in adm8211_probe() (git-fixes). - arm64/sve: Use correct size when reinitialising SVE state (git-fixes) - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes) - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes) - arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes) - arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes) - arm64: dts: ls1028a: fix memory node (git-fixes) - arm64: dts: ls1028a: fix node name for the sysclk (git-fixes) - arm64: dts: lx2160a: fix scl-gpios property name (git-fixes) - arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes) - arm64: dts: marvell: armada-37xx: Fix reg for standard variant of (git-fixes) - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes) - arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes) - arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes) - arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes) - arm64: head: avoid over-mapping in map_memory (git-fixes) - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes). - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes). - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - ath5k: fix building with LEDS=m (git-fixes). - ath9k: Fix usage of driver-private space in tx_info (git-fixes). - ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes). - ath9k_htc: fix uninit value bugs (git-fixes). - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172). - bfq: Avoid merging queues with different parents (bsc#1197926). - bfq: Drop pointless unlock-lock pair (bsc#1197926). - bfq: Get rid of __bio_blkcg() usage (bsc#1197926). - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926). - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926). - bfq: Split shared queues on move between cgroups (bsc#1197926). - bfq: Track whether bfq_group is still online (bsc#1197926). - bfq: Update cgroup information before merging bio (bsc#1197926). - block: Drop leftover references to RQF_SORTED (bsc#1182073). - bnx2x: fix napi API usage sequence (bsc#1198217). - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes bsc#1177028). - brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes). - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes). - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes). - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes). - carl9170: fix missing bit-wise or operator for tx_params (git-fixes). - cfg80211: hold bss_lock while updating nontrans_list (git-fixes). - cifs: fix bad fids sent over wire (bsc#1197157). - clk: Enforce that disjoints limits are invalid (git-fixes). - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes). - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656). - direct-io: defer alignment check until after the EOF check (bsc#1197656). - direct-io: do not force writeback for reads beyond EOF (bsc#1197656). - dma-debug: fix return value of __setup handlers (git-fixes). - dma: at_xdmac: fix a missing check on list iterator (git-fixes). - dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes). - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes). - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes). - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes). - dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes). - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes). - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes). - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes). - drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes). - drm/amd: Add USBC connector ID (git-fixes). - drm/amdgpu: Fix recursive locking warning (git-fixes). - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes). - drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes). - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes). - drm/amdkfd: make CRAT table missing message informational only (git-fixes). - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes). - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes). - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes). - drm/edid: Do not clear formats if using deep color (git-fixes). - drm/edid: check basic audio support on CEA extension block (git-fixes). - drm/i915/gem: Flush coherency domains on first set-domain-ioctl (git-fixes). - drm/i915: Call i915_globals_exit() if pci_register_device() fails (git-fixes). - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes). - drm/mediatek: Add AAL output size configuration (git-fixes). - drm/mediatek: Fix aal size config (git-fixes). - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes). - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes). - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes). - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes). - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - drm: Add orientation quirk for GPD Win Max (git-fixes). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - e1000e: Fix possible overflow in LTR decoding (git-fixes). - fibmap: Reject negative block numbers (bsc#1198448). - fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448). - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes). - gpiolib: acpi: use correct format characters (git-fixes). - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes). - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi: Move remove_work to dedicated workqueue (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes). - livepatch: Do not block removal of patches that are safe to unload (bsc#1071995). - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes). - media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes). - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes). - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes). - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes). - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes). - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes). - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes). - mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes). - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes). - mtd: onenand: Check for error irq (git-fixes). - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes). - mtd: rawnand: gpmi: fix controller timings setting (git-fixes). - mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: mcs7830: handle usb read errors properly (git-fixes). - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes). - nfc: nci: add flush_workqueue to prevent uaf (git-fixes). - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes). - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes). - power: supply: axp20x_battery: properly report current when discharging (git-fixes). - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes). - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes). - power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes). - power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes). - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes). - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - random: check for signal_pending() outside of need_resched() check (git-fixes). - ray_cs: Check ioremap return value (git-fixes). - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes). - rtc: check if __rtc_read_time was successful (git-fixes). - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes). - scsi: mpt3sas: Page fault in reply q processing (git-fixes). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - spi: Fix erroneous sgs value with min_t() (git-fixes). - spi: Fix invalid sgs value (git-fixes). - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes). - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes). - spi: mxic: Fix the transmit path (git-fixes). - spi: tegra20: Use of_device_get_match_data() (git-fixes). - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes). - vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#1152489) - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes). - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes). - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes). - video: fbdev: udlfb: properly check endpoint type (bsc#1152489) - video: fbdev: w100fb: Reset global state (git-fixes). - virtio_console: break out of buf poll on remove (git-fixes). - virtio_console: eliminate anonymous module_init & module_exit (git-fixes). - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes). - x86/pm: Save the MSR validity status at context setup (bsc#1198400). - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (git-fixes). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400). - xen/blkfront: fix comment for need_copy (git-fixes). - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - xen: fix is_xen_pmu() (git-fixes). - xhci: fix runtime PM imbalance in USB2 resume (git-fixes). - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1678-1 Released: Mon May 16 10:19:03 2022 Summary: Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core Type: security Severity: important References: 1177616,1182481,1197132,CVE-2020-25649,CVE-2020-28491,CVE-2020-36518 This update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core fixes the following issues: Security issues fixed: - CVE-2020-36518: Fixed a Java stack overflow exception and denial of service via a large depth of nested objects in jackson-databind. (bsc#1197132) - CVE-2020-25649: Fixed an insecure entity expansion in jackson-databind which was vulnerable to XML external entity (XXE). (bsc#1177616) - CVE-2020-28491: Fixed a bug which could cause `java.lang.OutOfMemoryError` exception in jackson-dataformats-binary. (bsc#1182481) Non security fixes: jackson-annotations - update from version 2.10.2 to version 2.13.0: + Build with source/target levels 8 + Add 'mvnw' wrapper + 'JsonSubType.Type' should accept array of names + Jackson version alignment with Gradle 6 + Add '@JsonIncludeProperties' + Add '@JsonTypeInfo(use=DEDUCTION)' + Ability to use '@JsonAnyGetter' on fields + Add '@JsonKey' annotation + Allow repeated calls to 'SimpleObjectIdResolver.bindItem()' for same mapping + Add 'namespace' property for '@JsonProperty' (for XML module) + Add target 'ElementType.ANNOTATION_TYPE' for '@JsonEnumDefaultValue' + 'JsonPattern.Value.pattern' retained as '', never (accidentally) exposed as 'null' + Rewrite to use `ant` for building in order to be able to use it in packages that have to be built before maven jackson-bom - update from version 2.10.2 to version 2.13.0: + Configure moditect plugin with '11' + jackson-bom manages the version of 'junit:junit' + Drop 'jackson-datatype-hibernate3' (support for Hibernate 3.x datatypes) + Removed 'jakarta' classifier variants of JAXB/JSON-P/JAX-RS modules due to the addition of new Jakarta artifacts (Jakarta-JSONP, Jakarta-xmlbind-annotations, Jakarta-rs-providers) + Add version for 'jackson-datatype-jakarta-jsonp' module (introduced after 2.12.2) + Add (beta) version for 'jackson-dataformat-toml' + Jakarta 9 artifact versions are missing from jackson-bom + Add default settings for 'gradle-module-metadata-maven-plugin' (gradle metadata) + Add default settings for 'build-helper-maven-plugin' + Drop 'jackson-module-scala_2.10' entry (not released for Jackson 2.12 or later) + Add override for 'version.plugin.bundle' (for 5.1.1) to help build on JDK 15+ + Add missing version for jackson-datatype-eclipse-collections jackson-core - update from version 2.10.2 to version 2.13.0: + Build with source and target levels 8 + Misleading exception for input source when processing byte buffer with start offset + Escape contents of source document snippet for 'JsonLocation._appendSourceDesc()' + Add 'StreamWriteException' type to eventually replace 'JsonGenerationException' + Replace 'getCurrentLocation()'/'getTokenLocation()' with 'currentLocation()'/'currentTokenLocation()' in 'JsonParser' + Replace 'JsonGenerator.writeObject()' (and related) with 'writePOJO()' + Replace 'getCurrentValue()'/'setCurrentValue()' with 'currentValue()'/'assignCurrentValue()' in 'JsonParser'/'JsonGenerator + Introduce O(n^1.5) BigDecimal parser implementation + ByteQuadsCanonicalizer.addName(String, int, int) has incorrect handling for case of q2 == null + UTF32Reader ArrayIndexOutOfBoundsException + Improve exception/JsonLocation handling for binary content: don't show content, include byte offset + Fix an issue with the TokenFilter unable to ignore properties when deserializing. + Optimize array allocation by 'JsonStringEncoder' + Add 'mvnw' wrapper + (partial) Optimize array allocation by 'JsonStringEncoder' + Add back accidentally removed 'JsonStringEncoder' related methods in 'BufferRecyclers' (like 'getJsonStringEncoder()') + 'ArrayOutOfBoundException' at 'WriterBasedJsonGenerator.writeString(Reader, int)' + Allow 'optional-padding' for 'Base64Variant' + More customizable TokenFilter inclusion (using 'Tokenfilter.Inclusion') + Publish Gradle Module Metadata + Add 'StreamReadCapability' for further format-based/format-agnostic handling improvements + Add 'JsonParser.isExpectedNumberIntToken()' convenience method + Add 'StreamWriteCapability' for further format-based/format-agnostic handling improvements + Add 'JsonParser.getNumberValueExact()' to allow precision-retaining buffering + Limit initial allocated block size by 'ByteArrayBuilder' to max block size + Add 'JacksonException' as parent class of 'JsonProcessingException' + Make 'JsonWriteContext.reset()' and 'JsonReadContext.reset()' methods public + Deprecate 'JsonParser.getCurrentTokenId()' (use '#currentTokenId()' instead) + Full 'LICENSE' included in jar for easier access by compliancy tools + Fix NPE in 'writeNumber(String)' method of 'UTF8JsonGenerator', 'WriterBasedJsonGenerator' + Add a String Array write method in the Streaming API + Synchronize variants of 'JsonGenerator#writeNumberField' with 'JsonGenerator#writeNumber' + Add JsonGenerator#writeNumber(char[], int, int) method + Do not clear aggregated contents of 'TextBuffer' when 'releaseBuffers()' called + 'FilteringGeneratorDelegate' does not handle 'writeString(Reader, int)' + Optionally allow leading decimal in float tokens + Rewrite to use ant for building in order to be able to use it in packages that have to be built before maven + Parsing JSON with 'ALLOW_MISSING_VALUE' enabled results in endless stream of 'VALUE_NULL' tokens + Handle case when system property access is restricted + 'FilteringGeneratorDelegate' does not handle 'writeString(Reader, int)' + DataFormatMatcher#getMatchedFormatName throws NPE when no match exists + 'JsonParser.getCurrentLocation()' byte/char offset update incorrectly for big payloads jackson-databind - update from version 2.10.5.1 to version 2.13.0: + '@JsonValue' with integer for enum does not deserialize correctly + 'AnnotatedMethod.getValue()/setValue()' doesn't have useful exception message + Add 'DatabindException' as intermediate subtype of 'JsonMappingException' + Jackson does not support deserializing new Java 9 unmodifiable collections + Allocate TokenBuffer instance via context objects (to allow format-specific buffer types) + Add mechanism for setting default 'ContextAttributes' for 'ObjectMapper' + Add 'DeserializationContext.readTreeAsValue()' methods for more convenient conversions for deserializers to use + Clean up support of typed 'unmodifiable', 'singleton' Maps/Sets/Collections + Extend internal bitfield of 'MapperFeature' to be 'long' + Add 'removeMixIn()' method in 'MapperBuilder' + Backport 'MapperBuilder' lambda-taking methods: 'withConfigOverride()', 'withCoercionConfig()', 'withCoercionConfigDefaults()' + configOverrides(boolean.class) silently ignored, whereas .configOverride(Boolean.class) works for both primitives and boxed boolean values + Dont track unknown props in buffer if 'ignoreAllUnknown' is true + Should allow deserialization of java.time types via opaque 'JsonToken.VALUE_EMBEDDED_OBJECT' + Optimize 'AnnotatedConstructor.call()' case by passing explicit null + Add AnnotationIntrospector.XmlExtensions interface for decoupling javax dependencies + Custom SimpleModule not included in list returned by ObjectMapper.getRegisteredModuleIds() after registration + Use more limiting default visibility settings for JDK types (java.*, javax.*) + Deep merge for 'JsonNode' using 'ObjectReader.readTree()' + IllegalArgumentException: Conflicting setter definitions for property with more than 2 setters + Serializing java.lang.Thread fails on JDK 11 and above + String-based 'Map' key deserializer is not deterministic when there is no single arg constructor + Add ArrayNode#set(int index, primitive_type value) + JsonStreamContext 'currentValue' wrongly references to '@JsonTypeInfo' annotated object + DOM 'Node' serialization omits the default namespace declaration + Support 'suppressed' property when deserializing 'Throwable' + 'AnnotatedMember.equals()' does not work reliably + Add 'MapperFeature.APPLY_DEFAULT_VALUES', initially for Scala module + For an absent property Jackson injects 'NullNode' instead of 'null' to a JsonNode-typed constructor argument of a '@ConstructorProperties'-annotated constructor + 'XMLGregorianCalendar' doesn't work with default typing + Content 'null' handling not working for root values + StdDeserializer rejects blank (all-whitespace) strings for ints + 'USE_BASE_TYPE_AS_DEFAULT_IMPL' not working with 'DefaultTypeResolverBuilder' + Add PropertyNamingStrategies.UpperSnakeCaseStrategy (and UPPER_SNAKE_CASE constant) + StackOverflowError when serializing JsonProcessingException + Support for BCP 47 'java.util.Locale' serialization/deserialization + String property deserializes null as 'null' for JsonTypeInfo.As.EXISTING_PROPERTY + Can not deserialize json to enum value with Object-/Array-valued input, '@JsonCreator' + Fix to avoid problem with 'BigDecimalNode', scale of 'Integer.MIN_VALUE' + Extend handling of 'FAIL_ON_NULL_FOR_PRIMITIVES' to cover coercion from (Empty) String via 'AsNull' + Add 'mvnw' wrapper + (regression) Factory method generic type resolution does not use Class-bound type parameter + Deserialization of 'empty' subtype with DEDUCTION failed + Merge findInjectableValues() results in AnnotationIntrospectorPair + READ_UNKNOWN_ENUM_VALUES_USING_DEFAULT_VALUE doesn't work with empty strings + 'TypeFactory' cannot convert 'Collection' sub-type without type parameters to canonical form and back + Fix for [modules-java8#207]: prevent fail on secondary Java 8 date/time types + EXTERNAL_PROPERTY does not work well with '@JsonCreator' and 'FAIL_ON_UNKNOWN_PROPERTIES' + String property deserializes null as 'null' for 'JsonTypeInfo.As.EXTERNAL_PROPERTY' + Property ignorals cause 'BeanDeserializer 'to forget how to read from arrays (not copying '_arrayDelegateDeserializer') + UntypedObjectDeserializer' mixes multiple unwrapped collections (related to #2733) + Two cases of incorrect error reporting about DeserializationFeature + Bug in polymorphic deserialization with '@JsonCreator', '@JsonAnySetter', 'JsonTypeInfo.As.EXTERNAL_PROPERTY' + Polymorphic subtype deduction ignores 'defaultImpl' attribute + MismatchedInputException: Cannot deserialize instance of 'com.fasterxml.jackson.databind.node.ObjectNode' out of VALUE_NULL token + Missing override for 'hasAsKey()' in 'AnnotationIntrospectorPair' + Creator lookup fails with 'InvalidDefinitionException' for conflict between single-double/single-Double arg constructor + 'MapDeserializer' forcing 'JsonMappingException' wrapping even if WRAP_EXCEPTIONS set to false + Auto-detection of constructor-based creator method skipped if there is an annotated factory-based creator method (regression from 2.11) + 'ObjectMapper.treeToValue()' no longer invokes 'JsonDeserializer.getNullValue()' + DeserializationProblemHandler is not invoked when trying to deserialize String + Fix failing 'double' JsonCreators in jackson 2.12.0 + Conflicting in POJOPropertiesCollector when having namingStrategy + Breaking API change in 'BasicClassIntrospector' (2.12.0) + 'JsonNode.requiredAt()' does NOT fail on some path expressions + Exception thrown when 'Collections.synchronizedList()' is serialized with type info, deserialized + Add option to resolve type from multiple existing properties, '@JsonTypeInfo(use=DEDUCTION)' + '@JsonIgnoreProperties' does not prevent Exception Conflicting getter/setter definitions for property + Deserialization Not Working Right with Generic Types and Builders + Add '@JsonIncludeProperties(propertyNames)' (reverse of '@JsonIgnoreProperties') + '@JsonAnyGetter' should be allowed on a field + Allow handling of single-arg constructor as property based by default + Allow case insensitive deserialization of String value into 'boolean'/'Boolean' (esp for Excel) + Allow use of '@JsonFormat(with=JsonFormat.Feature .ACCEPT_CASE_INSENSITIVE_PROPERTIES)' on Class + Abstract class included as part of known type ids for error message when using JsonSubTypes + Distinguish null from empty string for UUID deserialization + 'ReferenceType' does not expose valid containedType + Add 'CoercionConfig[s]' mechanism for configuring allowed coercions + 'JsonProperty.Access.READ_ONLY' does not work with 'getter-as-setter' 'Collection's + Support 'BigInteger' and 'BigDecimal' creators in 'StdValueInstantiator' + 'JsonProperty.Access.READ_ONLY' fails with collections when a property name is specified + 'BigDecimal' precision not retained for polymorphic deserialization + Support use of 'Void' valued properties ('MapperFeature.ALLOW_VOID_VALUED_PROPERTIES') + Explicitly fail (de)serialization of 'java.time.*' types in absence of registered custom (de)serializers + Improve description included in by 'DeserializationContext.handleUnexpectedToken()' + Support for JDK 14 record types ('java.lang.Record') + 'PropertyNamingStrategy' class initialization depends on its subclass, this can lead to class loading deadlock + 'FAIL_ON_IGNORED_PROPERTIES' does not throw on 'READONLY' properties with an explicit name + Add Gradle Module Metadata for version alignment with Gradle 6 + Allow 'JsonNode' auto-convert into 'ArrayNode' if duplicates found (for XML) + Allow values of 'untyped' auto-convert into 'List' if duplicates found (for XML) + Add 'ValueInstantiator.createContextual(...) + Support multiple names in 'JsonSubType.Type' + Disabling 'FAIL_ON_INVALID_SUBTYPE' breaks polymorphic deserialization of Enums + Explicitly fail (de)serialization of 'org.joda.time.*' types in absence of registered custom (de)serializers + Trailing zeros are stripped when deserializing BigDecimal values inside a @JsonUnwrapped property + Extract getter/setter/field name mangling from 'BeanUtil' into pluggable 'AccessorNamingStrategy' + Throw 'InvalidFormatException' instead of 'MismatchedInputException' for ACCEPT_FLOAT_AS_INT coercion failures + Add '@JsonKey' annotation (similar to '@JsonValue') for customizable serialization of Map keys + 'MapperFeature.ACCEPT_CASE_INSENSITIVE_ENUMS' should work for enum as keys + Add support for disabling special handling of 'Creator properties' wrt alphabetic property ordering + Add 'JsonNode.canConvertToExactIntegral()' to indicate whether floating-point/BigDecimal values could be converted to integers losslessly + Improve static factory method generic type resolution logic + Allow preventing 'Enum from integer' coercion using new 'CoercionConfig' system + '@JsonValue' not considered when evaluating inclusion + Make some java platform modules optional + Add support for serializing 'java.sql.Blob' + 'AnnotatedCreatorCollector' should avoid processing synthetic static (factory) methods + Add errorprone static analysis profile to detect bugs at build time + Problem with implicit creator name detection for constructor detection + Add 'BeanDeserializerBase.isCaseInsensitive()' + Refactoring of 'CollectionDeserializer' to solve CSV array handling issues + Full 'LICENSE' included in jar for easier access by compliancy tools + Fix type resolution for static methods (regression in 2.11.3) + '@JsonCreator' on constructor not compatible with '@JsonIdentityInfo', 'PropertyGenerator' + Add debug improvements about 'ClassUtil.getClassMethods()' + Cannot detect creator arguments of mixins for JDK types + Add 'JsonFormat.Shape' awareness for UUID serialization ('UUIDSerializer') + Json serialization fails or a specific case that contains generics and static methods with generic parameters (2.11.1 -> 2.11.2 regression) + 'ObjectMapper.activateDefaultTypingAsProperty()' is not using parameter 'PolymorphicTypeValidator' + Problem deserialization 'raw generic' fields (like 'Map') in 2.11.2 + Fix issues with 'MapLikeType.isTrueMapType()', 'CollectionLikeType.isTrueCollectionType()' + Parser/Generator features not set when using 'ObjectMapper.createParser()', 'createGenerator()' + Polymorphic subtypes not registering on copied ObjectMapper (2.11.1) + Failure to read AnnotatedField value in Jackson 2.11 + 'TypeFactory.constructType()' does not take 'TypeBindings' correctly + Builder Deserialization with JsonCreator Value vs Array + JsonCreator on static method in Enum and Enum used as key in map fails randomly + 'StdSubtypeResolver' is not thread safe (possibly due to copy not being made with 'ObjectMapper.copy()') + 'Conflicting setter definitions for property' exception for 'Map' subtype during deserialization + Fail to deserialize local Records + Rearranging of props when property-based generator is in use leads to incorrect output + Jackson doesn't respect 'CAN_OVERRIDE_ACCESS_MODIFIERS=false' for deserializer properties + 'DeserializationFeature.UNWRAP_SINGLE_VALUE_ARRAYS' don't support 'Map' type field + JsonParser from MismatchedInputException cannot getText() for floating-point value + i-I case conversion problem in Turkish locale with case-insensitive deserialization + '@JsonInject' fails on trying to find deserializer even if inject-only + Polymorphic deserialization should handle case-insensitive Type Id property name if 'MapperFeature.ACCEPT_CASE_INSENSITIVE_PROPERTIES' is enabled + TreeTraversingParser and UTF8StreamJsonParser create contexts differently + Support use of '@JsonAlias' for enum values + 'declaringClass' of 'enum-as-POJO' not removed for 'ObjectMapper' with a naming strategy + Fix 'JavaType.isEnumType()' to support sub-classes + BeanDeserializerBuilder Protected Factory Method for Extension + Support '@JsonSerialize(keyUsing)' and '@JsonDeserialize(keyUsing)' on Key class + Add 'SerializationFeature.WRITE_SELF_REFERENCES_AS_NULL' + 'ObjectMapper.registerSubtypes(NamedType...)' doesn't allow registering same POJO for two different type ids + 'DeserializationContext.handleMissingInstantiator()' throws 'MismatchedInputException' for non-static inner classes + Incorrect 'JsonStreamContext' for 'TokenBuffer' and 'TreeTraversingParser' + Add 'AnnotationIntrospector.findRenameByField()' to support Kotlin's 'is-getter' naming convention + Use '@JsonProperty(index)' for sorting properties on serialization + Java 8 'Optional' not working with '@JsonUnwrapped' on unwrappable type + Add 'MapperFeature.BLOCK_UNSAFE_POLYMORPHIC_BASE_TYPES' to allow blocking use of unsafe base type for polymorphic deserialization + 'ObjectMapper.setSerializationInclusion()' is ignored for 'JsonAnyGetter' + 'ValueInstantiationException' when deserializing using a builder and 'UNWRAP_SINGLE_VALUE_ARRAYS' + JsonIgnoreProperties(ignoreUnknown = true) does not work on field and method level + Failure to resolve generic type parameters on serialization + JsonParser cannot getText() for input stream on MismatchedInputException + ObjectReader readValue lacks Class argument + Change default textual serialization of 'java.util.Date'/'Calendar' to include colon in timezone offset + Add 'ObjectMapper.createParser()' and 'createGenerator()' methods + Allow serialization of 'Properties' with non-String values + Add new factory method for creating custom 'EnumValues' to pass to 'EnumDeserializer + 'IllegalArgumentException' thrown for mismatched subclass deserialization + Add convenience methods for creating 'List', 'Map' valued 'ObjectReader's (ObjectMapper.readerForListOf()) + 'SerializerProvider.findContentValueSerializer()' methods jackson-dataformats-binary - update from version 2.10.1 to version 2.13.0: + (cbor) Should validate UTF-8 multi-byte validity for short decode path too + (ion) Deprecate 'CloseSafeUTF8Writer', remove use + (smile) Make 'SmileFactory' support 'JsonFactory.Feature.CANONICALIZE_FIELD_NAMES' + (cbor) Make 'CBORFactory' support 'JsonFactory.Feature.CANONICALIZE_FIELD_NAMES' + (cbor) Handle case of BigDecimal with Integer.MIN_VALUE for scale gracefully + (cbor) Uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer) + (cbor) Another uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer) + (smile) Add 'SmileGenerator.Feature.LENIENT_UTF_ENCODING' for lenient handling of broken Unicode surrogate pairs on writing + (avro) Add 'logicalType' support for some 'java.time' types; add 'AvroJavaTimeModule' for native ser/deser + Support base64 strings in 'getBinaryValue()' for CBOR and Smile + (cbor) 'ArrayIndexOutOfBounds' for truncated UTF-8 name + (avro) Generate logicalType switch + (smile) 'ArrayIndexOutOfBounds' for truncated UTF-8 name + (ion) 'jackson-dataformat-ion' does not handle null.struct deserialization correctly + 'Ion-java' dep 1.4.0 -> 1.8.0 + Minor change to Ion module registration names (fully-qualified) + (cbor) Uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer) + (cbor) Uncaught exception in CBORParser._findDecodedFromSymbols() (by ossfuzzer) + (smile) Uncaught validation problem wrt Smile 'BigDecimal' type + (smile) ArrayIndexOutOfBoundsException for malformed Smile header + (cbor) Failed to handle case of alleged String with length of Integer.MAX_VALUE + (smile) Allocate byte[] lazily for longer Smile binary data payloads + (cbor) CBORParser need to validate zero-length byte[] for BigInteger + (smile) Handle invalid chunked-binary-format length gracefully + (smile) Allocate byte[] lazily for longer Smile binary data payloads (7-bit encoded) + (smile) ArrayIndexOutOfBoundsException in SmileParser._decodeShortUnicodeValue() + (smile) Handle sequence of Smile header markers without recursion + (cbor) CBOR loses 'Map' entries with specific 'long' Map key values (32-bit boundary) + (ion) Ion Polymorphic deserialization in 2.12 breaks wrt use of Native Type Ids when upgrading from 2.8 + (cbor) 'ArrayIndexOutOfBoundsException' in 'CBORParser' for invalid UTF-8 String + (cbor) Handle invalid CBOR content like '[0x84]' (incomplete array) + (ion) Respect 'WRITE_ENUMS_USING_TO_STRING' in 'EnumAsIonSymbolSerializer' + (ion) Add support for generating IonSexps + (ion) Add support for deserializing IonTimestamps and IonBlobs + (ion) Add 'IonObjectMapper.builderForBinaryWriters()' / '.builderforTextualWriters()' convenience methods + (ion) Enabling pretty-printing fails Ion serialization + (ion) Allow disabling native type ids in IonMapper + (smile) Small bug in byte-alignment for long field names in Smile, symbol table reuse + (ion) Add 'IonFactory.getIonSystem()' accessor + (ion) Optimize 'IonParser.getNumberType()' using 'IonReader.getIntegerSize()' + (cbor) Add 'CBORGenerator.Feature.LENIENT_UTF_ENCODING' for lenient handling of Unicode surrogate pairs on writing + (cbor) Add support for decoding unassigned 'simple values' (type 7) + Add Gradle Module Metadata (https://blog.gradle.org/alignment-with-gradle-module-metadata) + (avro) Cache record names to avoid hitting class loader + (avro) Avro null deserialization + (ion) Add 'IonFactory.getIonSystem()' accessor + (avro) Add 'AvroGenerator.canWriteBinaryNatively()' to support binary writes, fix 'java.util.UUID' representation + (ion) Allow 'IonObjectMapper' with class name annotation introspector to deserialize generic subtypes + Remove dependencies upon Jackson 1.X and Avro's JacksonUtils + 'jackson-databind' should not be full dependency for (cbor, protobuf, smile) modules + 'CBORGenerator.Feature.WRITE_MINIMAL_INTS' does not write most compact form for all integers + 'AvroGenerator' overrides 'getOutputContext()' properly + (ion) Add 'IonFactory.getIonSystem()' accessor + (avro) Fix schema evolution involving maps of non-scalar + (protobuf) Parsing a protobuf message doesn't properly skip unknown fields + (ion) IonObjectMapper close()s the provided IonWriter unnecessarily + ion-java dependency 1.4.0 -> 1.5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1679-1 Released: Mon May 16 10:56:38 2022 Summary: Recommended update for sssd Type: recommended Severity: moderate References: 1199362 This update for sssd provides the following fix: - update to meet last ldb2 version update. (bsc#1199362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1681-1 Released: Mon May 16 11:10:08 2022 Summary: Recommended update for bpftrace Type: recommended Severity: moderate References: 1199177 This update of bpftrace fixes working with the current binutils update. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1684-1 Released: Mon May 16 11:13:24 2022 Summary: Recommended update for release-notes-sles Type: recommended Severity: low References: 1198083 This update for release-notes-sles fixes the following issues: - Added note about Btrfs RAID 1 not being fully supported (bsc#1198083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1687-1 Released: Mon May 16 13:58:33 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1028340,1071995,1137728,1152472,1152489,1177028,1179878,1182073,1183723,1187055,1191647,1193556,1193842,1194625,1195651,1195926,1196018,1196114,1196367,1196514,1196639,1196942,1197157,1197391,1197656,1197660,1197677,1197914,1197926,1198077,1198217,1198330,1198400,1198413,1198437,1198448,1198484,1198515,1198516,1198534,1198742,1198825,1198989,1199012,1199024,CVE-2020-27835,CVE-2021-0707,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-4154,CVE-2022-0812,CVE-2022-1158,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-28356,CVE-2022-28748,CVE-2022-28893,CVE-2022-29156 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release (bnc#1198515). - CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330). - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018). - CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#1197391). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516). - CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914). - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660). - CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA (bsc#1196639). - CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system (bnc#1193842). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2021-0707: Fixed possible memory corruption due to a use after free inside dma_buf_releas e of dma-buf.c (bnc#1198437). - CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). The following non-security bugs were fixed: - ACPI: processor idle: Check for architectural support for LPI (git-fixes). - ACPI/APEI: Limit printable size of BERT table data (git-fixes). - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes). - adm8211: fix error return code in adm8211_probe() (git-fixes). - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes). - ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes). - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes). - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes). - ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes). - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes). - ALSA: usb-audio: Increase max buffer size (git-fixes). - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes). - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes) - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes) - arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes) - arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes) - arm64: dts: ls1028a: fix memory node (git-fixes) - arm64: dts: ls1028a: fix node name for the sysclk (git-fixes) - arm64: dts: lx2160a: fix scl-gpios property name (git-fixes) - arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes) - arm64: dts: marvell: armada-37xx: Fix reg for standard variant of (git-fixes) - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes) - arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes) - arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes) - arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes) - arm64: head: avoid over-mapping in map_memory (git-fixes) - arm64: Update config files; arm LIBNVDIMM y->m ppc64le ND_BLK ->m (bsc#1199024). - arm64/sve: Use correct size when reinitialising SVE state (git-fixes) - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes). - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes). - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes). - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes). - ASoC: soc-compress: Change the check for codec_dai (git-fixes). - ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes). - ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes). - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes). - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes). - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes). - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). - ath5k: fix building with LEDS=m (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - ath9k_htc: fix uninit value bugs (git-fixes). - ath9k: Fix usage of driver-private space in tx_info (git-fixes). - ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes). - backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489) - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172). - bfq: Avoid merging queues with different parents (bsc#1197926). - bfq: Drop pointless unlock-lock pair (bsc#1197926). - bfq: Get rid of __bio_blkcg() usage (bsc#1197926). - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926). - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926). - bfq: Split shared queues on move between cgroups (bsc#1197926). - bfq: Track whether bfq_group is still online (bsc#1197926). - bfq: Update cgroup information before merging bio (bsc#1197926). - block: Drop leftover references to RQF_SORTED (bsc#1182073). - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes). - Bluetooth: Fix use after free in hci_send_acl (git-fixes). - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes). - bnx2x: fix napi API usage sequence (bsc#1198217). - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes bsc#1177028). - brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes). - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes). - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes). - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes). - carl9170: fix missing bit-wise or operator for tx_params (git-fixes). - cfg80211: hold bss_lock while updating nontrans_list (git-fixes). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: fix bad fids sent over wire (bsc#1197157). - clk: Enforce that disjoints limits are invalid (git-fixes). - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes). - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656). - direct-io: defer alignment check until after the EOF check (bsc#1197656). - direct-io: do not force writeback for reads beyond EOF (bsc#1197656). - dma-debug: fix return value of __setup handlers (git-fixes). - dma: at_xdmac: fix a missing check on list iterator (git-fixes). - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes). - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes). - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes). - dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes). - dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes). - Documentation: add link to stable release candidate tree (git-fixes). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: Add orientation quirk for GPD Win Max (git-fixes). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - drm/amd: Add USBC connector ID (git-fixes). - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes). - drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes). - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes). - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes). - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472) - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489) - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes). - drm/amdgpu: Fix recursive locking warning (git-fixes). - drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes). - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes). - drm/amdkfd: make CRAT table missing message informational only (git-fixes). - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes). - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes). - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes). - drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472) - drm/edid: check basic audio support on CEA extension block (git-fixes). - drm/edid: Do not clear formats if using deep color (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472) - drm/i915: Call i915_globals_exit() if pci_register_device() fails (git-fixes). - drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489) - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489) - drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489) - drm/i915/gem: Flush coherency domains on first set-domain-ioctl (git-fixes). - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes). - drm/mediatek: Add AAL output size configuration (git-fixes). - drm/mediatek: Fix aal size config (git-fixes). - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes). - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes). - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes). - drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472) - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes). - drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534) - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - drm/vmwgfx: Remove unused compile options (bsc#1152472) - e1000e: Fix possible overflow in LTR decoding (git-fixes). - fibmap: Reject negative block numbers (bsc#1198448). - fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448). - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes). - gpiolib: acpi: use correct format characters (git-fixes). - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes). - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes). - IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi: Move remove_work to dedicated workqueue (git-fixes). - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes). - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes). - livepatch: Do not block removal of patches that are safe to unload (bsc#1071995). - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes). - media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes). - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes). - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes). - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes). - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes). - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes). - mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes). - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes). - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes). - mtd: onenand: Check for error irq (git-fixes). - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes). - mtd: rawnand: gpmi: fix controller timings setting (git-fixes). - mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: mcs7830: handle usb read errors properly (git-fixes). - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes). - nfc: nci: add flush_workqueue to prevent uaf (git-fixes). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes). - PCI: aardvark: Fix support for MSI interrupts (git-fixes). - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes). - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes). - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes). - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes). - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes). - power: supply: axp20x_battery: properly report current when discharging (git-fixes). - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes). - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes). - power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes). - power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes). - powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299). - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes). - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299). - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - random: check for signal_pending() outside of need_resched() check (git-fixes). - ray_cs: Check ioremap return value (git-fixes). - RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449). - RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175). - RDMA/mlx5: Do not remove cache MRs when a delay is needed (jsc#SLE-15175). - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (jsc#SLE-15175). - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes). - rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942). - rpm: Use bash for %() expansion (jsc#SLE-18234). - rpm/*.spec.in: remove backtick usage - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484) - rtc: check if __rtc_read_time was successful (git-fixes). - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes). - s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes). - scsi: mpt3sas: Page fault in reply q processing (git-fixes). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes). - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes). - spi: Fix erroneous sgs value with min_t() (git-fixes). - spi: Fix invalid sgs value (git-fixes). - spi: mxic: Fix the transmit path (git-fixes). - spi: tegra20: Use of_device_get_match_data() (git-fixes). - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (git-fixes). - SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes). - SUNRPC: Handle low memory situations in call_status() (git-fixes). - USB: dwc3: core: Fix tx/rx threshold settings (git-fixes). - USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - USB: dwc3: gadget: Return proper request status (git-fixes). - USB: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes). - USB: gadget: uvc: Fix crash when encoding data for usb request (git-fixes). - USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489) - USB: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: simple: add Nokia phone driver (git-fixes). - USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#1152489) - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes). - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes). - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes). - video: fbdev: udlfb: properly check endpoint type (bsc#1152489) - video: fbdev: w100fb: Reset global state (git-fixes). - virtio_console: break out of buf poll on remove (git-fixes). - virtio_console: eliminate anonymous module_init & module_exit (git-fixes). - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes). - x86/pm: Save the MSR validity status at context setup (bsc#1198400). - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (git-fixes). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400). - xen: fix is_xen_pmu() (git-fixes). - xen/blkfront: fix comment for need_copy (git-fixes). - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - xhci: fix runtime PM imbalance in USB2 resume (git-fixes). - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1689-1 Released: Mon May 16 14:09:01 2022 Summary: Security update for containerd, docker Type: security Severity: important References: 1193930,1196441,1197284,1197517,CVE-2021-43565,CVE-2022-23648,CVE-2022-24769,CVE-2022-27191 This update for containerd, docker fixes the following issues: - CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517). - CVE-2022-23648: Fixed directory traversal issue (bsc#1196441). - CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284). - CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1691-1 Released: Mon May 16 15:13:39 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1197443 This update for augeas fixes the following issue: - Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1692-1 Released: Mon May 16 15:30:40 2022 Summary: Recommended update for jeos-firstboot Type: recommended Severity: low References: 1198940 This update for jeos-firstboot fixes the following issue: - Add jeos-firstboot-rpiwifi to SLE-15-SP3-aarch64 on Module-Development-Tools. (bsc#1198940) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1700-1 Released: Tue May 17 10:51:38 2022 Summary: Recommended update for crmsh Type: recommended Severity: moderate References: 1132375,1194125,1198180 This update for crmsh fixes the following issues: - Update to version 4.3.1+20220505.cf4ab649: * Fix: hb_report: Read data in a save way, to avoid UnicodeDecodeError (bsc#1198180) * Dev: ocfs2: Fix running ocfs2 stage on cluster with diskless-sbd * Fix: ui_configure: Give a deprecated warning when using 'ms' subcommand (bsc#1194125) * Fix: xmlutil: Parse promotable clone correctly and also consider compatibility (bsc#1194125) * Fix: bootstrap: Change default transport type as udpu(unicast) (bsc#1132375) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1703-1 Released: Tue May 17 12:13:36 2022 Summary: Recommended update for hwdata Type: recommended Severity: important References: 1196332 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:1705-1 Released: Tue May 17 17:34:09 2022 Summary: Optional update for SUSE Package Hub Type: optional Severity: moderate References: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: libgrss ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:1706-1 Released: Tue May 17 17:34:30 2022 Summary: Optional update for SUSE Package Hub Type: optional Severity: moderate References: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: libgadu ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1709-1 Released: Tue May 17 17:35:47 2022 Summary: Recommended update for libcbor Type: recommended Severity: important References: 1197743 This update for libcbor fixes the following issues: - Fix build errors occuring on SUSE Linux Enterprise 15 Service Pack 4 ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:1712-1 Released: Tue May 17 17:38:36 2022 Summary: Optional update for SUSE Package Hub Type: optional Severity: moderate References: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: libchamplain cogl clutter clutter-gtk ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1719-1 Released: Tue May 17 17:45:16 2022 Summary: Security update for MozillaThunderbird Type: security Severity: important References: 1198970,CVE-2022-1520,CVE-2022-29909,CVE-2022-29911,CVE-2022-29912,CVE-2022-29913,CVE-2022-29914,CVE-2022-29916,CVE-2022-29917 This update for MozillaThunderbird fixes the following issues: Various security fixes MFSA 2022-18 (bsc#1198970): - CVE-2022-1520: Incorrect security status shown after viewing an attached email (bmo#1745019). - CVE-2022-29914: Fullscreen notification bypass using popups (bmo#1746448). - CVE-2022-29909: Bypassing permission prompt in nested browsing contexts (bmo#1755081). - CVE-2022-29916: Leaking browser history with CSS variables (bmo#1760674). - CVE-2022-29911: iframe sandbox bypass (bmo#1761981). - CVE-2022-29912: Reader mode bypassed SameSite cookies (bmo#1692655). - CVE-2022-29913: Speech Synthesis feature not properly disabled (bmo#1764778). - CVE-2022-29917: Memory safety bugs fixed in Thunderbird 91.9 (bmo#1684739, bmo#1706441, bmo#1753298, bmo#1762614, bmo#1762620). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1720-1 Released: Tue May 17 17:46:03 2022 Summary: Recommended update for python-rtslib-fb Type: recommended Severity: important References: 1199090 This update for python-rtslib-fb fixes the following issues: - Update parameters description. - Enable the 'disable_emulate_legacy_capacity' parameter. (bsc#1199090) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1722-1 Released: Wed May 18 16:01:25 2022 Summary: Recommended update for resource-agents Type: recommended Severity: important References: 1197956 This update for resource-agents fixes the following issues: - Improve the error message if monpassword was not set (bsc#1197956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1727-1 Released: Wed May 18 16:54:08 2022 Summary: Security update for ucode-intel Type: security Severity: moderate References: 1198717,1199423,CVE-2022-21151 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220510 release. (bsc#1199423) Updated to Intel CPU Microcode 20220419 release. (bsc#1198717) - CVE-2022-21151: Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (bsc#1199423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1730-1 Released: Wed May 18 16:56:21 2022 Summary: Security update for libslirp Type: security Severity: important References: 1187364,1187366,1187367,1198773,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595 This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366). - Fix a dhcp regression [bsc#1198773] ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:1734-1 Released: Thu May 19 09:12:21 2022 Summary: Optional update for SUSE Package Hub Type: optional Severity: moderate References: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: lpsolve ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:1735-1 Released: Thu May 19 09:12:52 2022 Summary: Optional update for SUSE Package Hub Type: optional Severity: moderate References: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: libmediaart ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:1736-1 Released: Thu May 19 09:13:16 2022 Summary: Optional update for SUSE Package Hub Type: optional Severity: moderate References: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: mysql-connector-cpp ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:1737-1 Released: Thu May 19 09:13:38 2022 Summary: Optional update for SUSE Package Hub Type: optional Severity: moderate References: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: libpst ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:1738-1 Released: Thu May 19 09:13:58 2022 Summary: Optional update for SUSE Package Hub Type: optional Severity: moderate References: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: libzapojit ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:1739-1 Released: Thu May 19 09:15:05 2022 Summary: Optional update for SUSE Package Hub Type: optional Severity: moderate References: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: libGLw motif ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:1741-1 Released: Thu May 19 11:19:39 2022 Summary: Optional update for SUSE Package Hub Type: optional Severity: moderate References: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: libotr ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:1742-1 Released: Thu May 19 11:20:25 2022 Summary: Optional update for SUSE Package Hub Type: optional Severity: moderate References: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: libmpeg2 ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:1743-1 Released: Thu May 19 11:21:02 2022 Summary: Optional update for SUSE Package Hub Type: optional Severity: moderate References: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: tbb ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1748-1 Released: Thu May 19 11:36:05 2022 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1198970,CVE-2022-29909,CVE-2022-29911,CVE-2022-29912,CVE-2022-29914,CVE-2022-29916,CVE-2022-29917 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.9.0 ESR (MFSA 2022-17)(bsc#1198970): - CVE-2022-29914: Fullscreen notification bypass using popups - CVE-2022-29909: Bypassing permission prompt in nested browsing contexts - CVE-2022-29916: Leaking browser history with CSS variables - CVE-2022-29911: iframe Sandbox bypass - CVE-2022-29912: Reader mode bypassed SameSite cookies - CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1752-1 Released: Thu May 19 15:51:22 2022 Summary: Recommended update for samba Type: recommended Severity: important References: 1080338,1118508,1173429,1195896,1196308,1196788,1197995,1198255,1199247,1199362 This update for samba provides the following fixes: Bugfixes: - Revert NIS support removal (bsc#1199247); - Update to meet last ldb2 version update (bsc#1199362). - Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time (bsc#1199362). - Add provides to samba-client-libs package to fix upgrades from previous versions (bsc#1197995). - Add missing samba-client requirement to samba-winbind package (bsc#1198255). - Add missing samba-libs requirement to samba-winbind package (bsc#1198255). - Fixed mismatched version of libldb2 (bsc#1196788). - Dropped obsolete Samba fsrvp v0->v1 state upgrade functionality (bsc#1080338). - Fixed ntlm authentications with 'winbind use default domain = yes' (bsc#1173429, bsc#1196308). - Fixed samba-ad-dc status warning notification message by disabling systemd notifications in bgqd (bsc#1195896). - Fixed libldb version mismatch in Samba dsdb component (bsc#1118508). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1761-1 Released: Fri May 20 09:00:46 2022 Summary: Recommended update for go Type: recommended Severity: moderate References: 1193742 This update for go fixes the following issues: Updated wrapper package to current stable go1.18 (bsc#1193742). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1762-1 Released: Fri May 20 09:10:45 2022 Summary: Security update for ImageMagick Type: security Severity: moderate References: 1197147,1199350,CVE-2022-28463 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2022-28463: Fixed buffer overflow in coders/cin.c (bsc#1199350). Bugfixes: - Use png_get_eXIf_1 when available (bsc#1197147). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:1767-1 Released: Fri May 20 12:35:42 2022 Summary: Optional update for SUSE Package Hub Type: optional Severity: moderate References: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: rasqal redland raptor ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1768-1 Released: Fri May 20 12:36:29 2022 Summary: Security update for php7 Type: security Severity: low References: 1197644 This update for php7 fixes the following issues: - Fixed filter_var bypass vulnerability (bsc#1197644). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1802-1 Released: Mon May 23 11:02:59 2022 Summary: Recommended updates for autoyast2, yast2-installation, yast2-samba-client, yast2-storage-ng, yast2-schema Type: recommended Severity: important References: 1196595,1197655,1197692,1197936,1198294,1199000,1199165 These updates for YaST fix the following issues: autoyast2: - Respect general/signature-handling settings during the 2nd stage (bsc#1197655) - Fix detection of disk serial and size in the 'disks' ERB helper (bsc#1199000) - Fix rules validation when using a dialog (bsc#1199165) yast2-installation: - Revert changes introduced in v4.3.50 because they cause some ordering cycle issues (bsc#1198294) - AutoYaST: move custom file creation past user creation so that the element files/file/file_owner actually has an effect (bsc#1196595) yast2-samba-client: - Use translation macro for range settings expert details text (bsc#1197936) yast2-schema: - Fix rules validation when using a dialog (bsc#1199165) yast2-storage-ng: - Fix fstab entry filesystem matching allowing the use of quotes surrounding the device UUID or label (bsc#1197692) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1803-1 Released: Mon May 23 11:04:08 2022 Summary: Security update for libarchive Type: security Severity: moderate References: 1197634,CVE-2022-26280 This update for libarchive fixes the following issues: - CVE-2022-26280: Fixed out-of-bounds read via the component zipx_lzma_alone_init (bsc#1197634). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1812-1 Released: Mon May 23 13:27:11 2022 Summary: Recommended update for rmt-server Type: recommended Severity: moderate References: 1188578,1191552,1195318 This update for rmt-server fixes the following issues: Version 2.8.0 - Forwarding information of registered systems to SCC more efficiently in batches - Syncing the systems' most recent last seen timestamps to SCC - Optional '--no-confirmation' switch to skip user confirmation when cleaning repository data - Fix 'rmt-cli systems list --csv -a' for RMTs with millions of systems (bsc#1191552) - Enable nginx configs to serve on IPv6 - Enable users with old versions of RMT to sync systems with SCC by default - Fix build using ruby 3.x (bsc#1195318). Version 2.7.1 - Remove products with a negative ID during migration - Changes to RMT/connect API: RMT returns HTTP status code 422 whenever a system tries to register/activate a product with an expired subscription. - Mirror metadata retry. This fixes bsc#1188578 - Update the way allowed paths are checked SUMA requested a new feature where it is possible to validate all versions of the same product and arch (that are allowed to that system) - De-register BYOS systems using RMT as a proxy from SCC - De-activate a single product from a BYOS proxy system ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1814-1 Released: Mon May 23 14:04:13 2022 Summary: Recommended update for sapconf Type: recommended Severity: moderate References: 1185702,1188743,1192841 This update for sapconf fixes the following issues: Version update from 5.0.3 to 5.0.4: - Change block device handling to handle multipath devices correctly. Only the DM multipath devices (mpath) will be used for the settings, but not its paths (bsc#1188743) - Fixed wrong comparison used for setting force_latency (bsc#1185702) - SAP Note 1771258 v6 updates nofile values to 1048576 (bsc#1192841) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1820-1 Released: Mon May 23 17:04:18 2022 Summary: Recommended update for rzsz Type: recommended Severity: low References: 1197852 This update for rzsz fixes the following issue: - Fix build with the latest gettext (bsc#1197852) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1821-1 Released: Tue May 24 08:01:58 2022 Summary: Recommended update for read-only-root-fs Type: recommended Severity: low References: 1156421,1161264,1176052 This update for read-only-root-fs fixes the following issues: - Add required mount for /etc for systemd udevd. - Workaround for /var being RO during systemd journal flush. (bsc#1156421) - Better check for already existing etc overlay. (bsc#1161264) - Adjust btrfs maintenance sysconfig to not use the read-only root filesystem. (bsc#1176052) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1822-1 Released: Tue May 24 08:02:14 2022 Summary: Recommended update for sle-module-legacy Type: recommended Severity: low References: 1196863 This update for bind fixes the following issue: - Clear EOL on sle-module-legacy so it inherits from the main product. (bsc#1196863) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1824-1 Released: Tue May 24 10:31:13 2022 Summary: Recommended update for dhcp Type: recommended Severity: moderate References: 1198657 This update for dhcp fixes the following issues: - Properly handle DHCRELAY(6)_OPTIONS (bsc#1198657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1826-1 Released: Tue May 24 10:32:40 2022 Summary: Recommended update for nut Type: recommended Severity: important References: 1197789 This update for nut fixes the following issues: - Fix package build requirements (bsc#1197789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1827-1 Released: Tue May 24 10:46:48 2022 Summary: Recommended update for xf86-video-vesa Type: recommended Severity: moderate References: 1193539 This update for xf86-video-vesa fixes the following issues: - Disallow vesa driver on the system with simpledrmfb (bsc#1193539): ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1828-1 Released: Tue May 24 10:47:38 2022 Summary: Recommended update for oath-toolkit Type: recommended Severity: important References: 1197790 This update for oath-toolkit fixes the following issues: - Fix build issues occurring on SUSE Linux Enterprise 15 Service Pack 4 (bsc#1197790) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1829-1 Released: Tue May 24 10:58:04 2022 Summary: Security update for go1.18 Type: security Severity: moderate References: 1193742,1199413,CVE-2022-29526 This update for go1.18 fixes the following issues: - CVE-2022-29526: Fixed faccessat() system call operation that checked the wrong group (bsc#1199413). - go1.18.2 (released 2022-05-10) (bsc#1193742). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1830-1 Released: Tue May 24 11:27:00 2022 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1199768,CVE-2022-1529,CVE-2022-1802 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.9.1 ESR - MFSA 2022-19 (bsc#1199768): - CVE-2022-1802: Prototype pollution in Top-Level Await implementation - CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1837-1 Released: Wed May 25 10:28:43 2022 Summary: Recommended update for suse-hpc, trilinos Type: recommended Severity: moderate References: 1197781 This update for suse-hpc, trilinos fixes the following issues: - Update to version 0.5.20211210 - Add an 'Obsoletes:/Provides:' for a bogus package name that was released to SLE/Leap by accident. - Tie %python_flavor to python3 on Leap/SLE 15-SP3 (bsc#1197781). - Lower disk and memory constraints to match actual requirements. - Add openmpi4 non-HPC flavor ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1838-1 Released: Wed May 25 10:29:09 2022 Summary: Recommended update for firewalld Type: recommended Severity: moderate References: 1198814 This update for firewalld fixes the following issues: - Fix regression introduced in previous patch (an api change to a function also needed backporting) (bsc#1198814) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1840-1 Released: Wed May 25 11:53:44 2022 Summary: Security update for kernel-firmware Type: security Severity: moderate References: 1199459,1199470,CVE-2021-26312,CVE-2021-26339,CVE-2021-26342,CVE-2021-26347,CVE-2021-26348,CVE-2021-26349,CVE-2021-26350,CVE-2021-26364,CVE-2021-26372,CVE-2021-26373,CVE-2021-26375,CVE-2021-26376,CVE-2021-26378,CVE-2021-26388,CVE-2021-46744 This update for kernel-firmware fixes the following issues: Update AMD ucode and SEV firmware - (CVE-2021-26339, CVE-2021-26373, CVE-2021-26347, CVE-2021-26376, CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26339, CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349, CVE-2021-26364, CVE-2021-26312, CVE-2021-26350, CVE-2021-46744, bsc#1199459, bsc#1199470) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1842-1 Released: Wed May 25 14:35:55 2022 Summary: Security update for redis Type: security Severity: moderate References: 1198952,1198953,CVE-2022-24735,CVE-2022-24736 This update for redis fixes the following issues: - CVE-2022-24735: Fixed Lua code injection (bsc#1198952). - CVE-2022-24736: Fixed Lua NULL pointer dereference (bsc#1198953). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1843-1 Released: Wed May 25 15:25:44 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1198504 This update for suse-build-key fixes the following issues: - still ship the old ptf key in the documentation directory (bsc#1198504) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1844-1 Released: Wed May 25 15:44:47 2022 Summary: Security update for fribidi Type: security Severity: moderate References: 1196147,1196148,1196150,CVE-2022-25308,CVE-2022-25309,CVE-2022-25310 This update for fribidi fixes the following issues: - CVE-2022-25308: Fixed stack out of bounds read (bsc#1196147). - CVE-2022-25309: Fixed heap-buffer-overflow in fribidi_cap_rtl_to_unicode (bsc#1196148). - CVE-2022-25310: Fixed NULL pointer dereference in fribidi_remove_bidi_marks (bsc#1196150). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1850-1 Released: Thu May 26 08:32:57 2022 Summary: Recommended update for perl-XML-LibXML Type: recommended Severity: moderate References: 1197798 This update for perl-XML-LibXML fixes the following issues: - Allow compile against latest version available of libxml in SP4 so perl-XML-LibXSLT compiles cleanly. (bsc#1197798) This update has no customer visible change. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1851-1 Released: Thu May 26 08:59:55 2022 Summary: Recommended update for gcc8 Type: recommended Severity: moderate References: 1197716 This update for gcc8 fixes the following issues: - Fix build against SP4. (bsc#1197716) - Remove bogus fixed include bits/statx.h from glibc 2.30 (bsc#1197716) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1861-1 Released: Thu May 26 12:07:40 2022 Summary: Security update for cups Type: security Severity: important References: 1199474,CVE-2022-26691 This update for cups fixes the following issues: - CVE-2022-26691: Fixed an authentication bypass and code execution vulnerability (bsc#1199474) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1862-1 Released: Thu May 26 12:41:44 2022 Summary: Security update for go1.17 Type: security Severity: moderate References: 1190649,1199413,CVE-2022-29526 This update for go1.17 fixes the following issues: - CVE-2022-29526: Fixed faccessat() system call operation that checked the wrong group (bsc#1199413). - go1.17.10 (released 2022-05-10) (bsc#1190649). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:1863-1 Released: Fri May 27 09:06:37 2022 Summary: Optional update for ckermit Type: optional Severity: low References: 1197708 This optional update for ckermit fixes the following issues: There are no visible changes for the final user. - Solve a source build issue (FTBFS) after the removal of `libio` with `glibc-2.28`. (bsc#1197708) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1864-1 Released: Fri May 27 09:07:30 2022 Summary: Recommended update for leveldb Type: recommended Severity: low References: 1197742 This update for leveldb fixes the following issue: - fix tests (bsc#1197742) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1865-1 Released: Fri May 27 09:08:32 2022 Summary: Recommended update for xiterm Type: recommended Severity: low References: 1197864 This update for xiterm fixes the following issues: - Remove use of obsolete XSI STREAMS interface. (bsc#1197864) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1866-1 Released: Fri May 27 09:09:33 2022 Summary: Recommended update for ceph Type: recommended Severity: moderate References: 1187748,1188911,1192838,1196046,1196733 This update for ceph fixes the following issues: - Remove build directory during '%clean'. (bsc#1196733) - ses7: mgr/cephadm: try to get FQDN for configuration files - cephadm: infer the default container image during pull - ses7: Notify user that there is a SES7.1 upgrade available - mgr/cephadm: Try to get FQDN for configuration files. (bsc#1196046) - cephadm: Fix iscsi client caps to allow 'mgr service status' calls. (bsc#1192838) - When an RBD is mapped, it is attempted to be deployed as an OSD. (bsc#1187748) - OSD marked down causes wrong backfill_toofull. (bsc#1188911) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1867-1 Released: Fri May 27 09:13:41 2022 Summary: Recommended update for v4l-utils Type: recommended Severity: low References: 1197861 This update for v4l-utils fixes the following issues: - fix build (bsc#1197861) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1868-1 Released: Fri May 27 09:14:45 2022 Summary: Recommended update for openwsman Type: recommended Severity: low References: 1197792 This update for openwsman fixes the following issue: - fix FTBFS with newer libcurl in SLE 15-SP4 (bsc#1197792) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1870-1 Released: Fri May 27 10:03:40 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782 This update for curl fixes the following issues: - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223) - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1871-1 Released: Fri May 27 10:54:05 2022 Summary: Recommended update for nftables Type: recommended Severity: moderate References: 1197606 This update for nftables fixes the following issues: - Fix rare crashes that could occur e.g. in firewalld (bsc#1197606) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1872-1 Released: Fri May 27 10:54:41 2022 Summary: Recommended update for oprofile Type: recommended Severity: important References: 1197793 This update for oprofile fixes the following issues: - Resolve build issues due to binutils 2.34 api changes (bsc#1197793) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1875-1 Released: Mon May 30 00:10:24 2022 Summary: Recommended update for grpc Type: recommended Severity: low References: 1197726 This update for grpc fixes the following issues: - grpc won't compile on SP4(bsc#1197726) - Add conditional to build without python2 if needed ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1876-1 Released: Mon May 30 00:11:47 2022 Summary: Recommended update for csync Type: recommended Severity: low References: 1197711 This update for csync fixes the following issues: - Detect libssh version. (bsc#1197711) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1882-1 Released: Mon May 30 12:37:13 2022 Summary: Security update for tiff Type: security Severity: important References: 1195964,1195965,1197066,1197068,1197072,1197073,1197074,1197631,CVE-2022-0561,CVE-2022-0562,CVE-2022-0865,CVE-2022-0891,CVE-2022-0908,CVE-2022-0909,CVE-2022-0924,CVE-2022-1056 This update for tiff fixes the following issues: - CVE-2022-0561: Fixed null source pointer passed as an argument to memcpy() within TIFFFetchStripThing() in tif_dirread.c (bsc#1195964). - CVE-2022-0562: Fixed null source pointer passed as an argument to memcpy() within TIFFReadDirectory() in tif_dirread.c (bsc#1195965). - CVE-2022-0865: Fixed assertion failure in TIFFReadAndRealloc (bsc#1197066). - CVE-2022-0909: Fixed divide by zero error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197072). - CVE-2022-0924: Fixed out-of-bounds read error in tiffcp that could have led to a denial-of-service via a crafted tiff file (bsc#1197073). - CVE-2022-0908: Fixed null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() (bsc#1197074). - CVE-2022-1056: Fixed out-of-bounds read error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197631). - CVE-2022-0891: Fixed heap buffer overflow in extractImageSection (bsc#1197068). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1883-1 Released: Mon May 30 12:41:35 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1888-1 Released: Tue May 31 10:44:41 2022 Summary: Security update for helm-mirror Type: security Severity: moderate References: 1156646,1197728,CVE-2019-18658 This update for helm-mirror fixes the following issues: - Updated to version 0.3.1: - CVE-2019-18658: Fixed a potential symbolic link issue in helm that could be used to leak sensitive files (bsc#1156646). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1890-1 Released: Tue May 31 11:21:18 2022 Summary: Security update for postgresql10 Type: security Severity: important References: 1199475,CVE-2022-1552 This update for postgresql10 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1892-1 Released: Tue May 31 12:32:45 2022 Summary: Security update for dpdk Type: security Severity: moderate References: 1195172,1198873,1198963,1198964,CVE-2021-3839,CVE-2022-0669 This update for dpdk fixes the following issues: Security: - CVE-2021-3839: Fixed a memory corruption issue during vhost-user communication (bsc#1198963). - CVE-2022-0669: Fixed a denial of service that could be triggered by a vhost-user master (bsc#1198964). Bugfixes: - kni: allow configuring thread granularity (bsc#1195172). - Fixed reading of PCI device name as UTF strings (bsc#1198873). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1894-1 Released: Tue May 31 14:49:16 2022 Summary: Security update for postgresql12 Type: security Severity: important References: 1199475,CVE-2022-1552 This update for postgresql12 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1895-1 Released: Tue May 31 14:51:12 2022 Summary: Security update for postgresql13 Type: security Severity: important References: 1199475,CVE-2022-1552 This update for postgresql13 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1896-1 Released: Tue May 31 17:29:21 2022 Summary: Recommended update for apache2 Type: recommended Severity: moderate References: 1195130 This update for apache2 fixes the following issues: - Fix mod_php8 to provide php_module (bsc#1195130) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1900-1 Released: Wed Jun 1 10:45:21 2022 Summary: Recommended update for rabbitmq-c Type: recommended Severity: moderate References: 1198202 This update for rabbitmq-c fixes the following issues: - Resolve package build issues (bsc#1198202) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1904-1 Released: Wed Jun 1 14:16:50 2022 Summary: Recommended update for libbluray Type: recommended Severity: important References: 1199463 This update for libbluray fixes the following issues: - Implement the new java.io.FileSystem.isInvalid method that entered all supported java versions with April 2022 CPU (bsc#1199463) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1905-1 Released: Wed Jun 1 14:18:43 2022 Summary: Recommended update for gnome-packagekit Type: recommended Severity: important References: 1198801 This update for gnome-packagekit fixes the following issues: - Fix issues with getting updates when there is a new gpg key signed in the repository (bsc#1198801) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1906-1 Released: Wed Jun 1 14:19:37 2022 Summary: Recommended update for NetworkManager Type: recommended Severity: moderate References: 1198381 This update for NetworkManager fixes the following issues: - Match more ciphers to better determine the access point security type (bsc#1198381) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1907-1 Released: Wed Jun 1 14:20:29 2022 Summary: Recommended update for hunspell Type: recommended Severity: moderate References: 1199209 This update for hunspell fixes the following issues: - Add requirement for english dictionary (bsc#1199209) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1908-1 Released: Wed Jun 1 15:31:33 2022 Summary: Security update for postgresql14 Type: security Severity: important References: 1199475,CVE-2022-1552 This update for postgresql14 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1912-1 Released: Thu Jun 2 09:54:40 2022 Summary: Security update for hdf5 Type: security Severity: important References: 1093657,1101471,1101474,1102175,1109167,1109168,1109564,1109565,1109566,1109568,1109569,1109570,1167401,1167404,1167405,1179521,1196682,CVE-2018-11206,CVE-2018-14032,CVE-2018-14033,CVE-2018-14460,CVE-2018-17234,CVE-2018-17237,CVE-2018-17432,CVE-2018-17433,CVE-2018-17434,CVE-2018-17436,CVE-2018-17437,CVE-2018-17438,CVE-2020-10809,CVE-2020-10810,CVE-2020-10811 This update for hdf5 fixes the following issues: Security issues fixed: - CVE-2020-10811: Fixed heap-based buffer over-read in the function H5O__layout_decode() located in H5Olayout.c (bsc#1167405). - CVE-2020-10810: Fixed NULL pointer dereference in the function H5AC_unpin_entry() located in H5AC.c (bsc#1167401). - CVE-2020-10809: Fixed heap-based buffer overflow in the function Decompress() located in decompress.c (bsc#1167404). - CVE-2018-17438: Fixed SIGFPE signal raise in the function H5D__select_io() of H5Dselect.c (bsc#1109570). - CVE-2018-17437: Fixed memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c. (bsc#1109569). - CVE-2018-17436: Fixed issue in ReadCode() in decompress.c that allowed attackers to cause a denial of service via a crafted HDF5 file (bsc#1109568). - CVE-2018-17434: Fixed SIGFPE signal raise in function apply_filters() of h5repack_filters.c (bsc#1109566). - CVE-2018-17433: Fixed heap-based buffer overflow in ReadGifImageDesc() in gifread.c (bsc#1109565). - CVE-2018-17432: Fixed NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c (bsc#1109564). - CVE-2018-17237: Fixed SIGFPE signal raise in the function H5D__chunk_set_info_real() (bsc#1109168). - CVE-2018-17234: Fixed memory leak in the H5O__chunk_deserialize() function in H5Ocache.c (bsc#1109167). - CVE-2018-14460: Fixed heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c (bsc#1102175). - CVE-2018-14033: Fixed heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c (bsc#1101471). - CVE-2018-14032: Fixed heap-based buffer over-read in the function H5O_fill_new_decode in H5Ofill.c (bsc#1101474). - CVE-2018-11206: Fixed out of bounds read in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c (bsc#1093657). Bugfixes: - Fix python-h5py packages built against out-of-date version of HDF5 (bsc#1196682). - Fix netcdf-cxx4 packages built against out-of-date version of HDF5 (bsc#1179521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1913-1 Released: Thu Jun 2 10:05:26 2022 Summary: Recommended update for aws-iam-authenticator Type: recommended Severity: moderate References: 1197703 This update for aws-iam-authenticator fixes the following issues: - Update in SLE-15 (bsc#1197703) - Update to version 0.5.3 * Bump Go to 1.15 in Travis (#361) * Update aws sdk go v1.37.1 (#360) * (arn): validate partition against all partitions returned by the aws sdk (#348) * Document AccessKeyId from UserInfo (#332) * Support IPv6 listen address (#352) * Added user agent to AWS SDK (#359) * Remove Chris Hein from OWNERS (#351) * Add instructions for the release process (#346) - from version 0.5.2 * Added partition flag (#341) * Update link to Kops docs site (#338) * Security Improvements on the example yaml (#335) * Fix RBAC on example file: service account requires get to ConfigMap (#334) * Add AccessKeyID as variable for username (#337) * Added server side AWS account ID log redaction (#327) - from version 0.5.1 * Update examples/README (#317) * Changelog gen (#318) * Fix CRD mapper blocking all others because caches never sync and revamp backend-mode flag (#303) * Update aws-sdk-go to version v1.30.0 (#306) * Bump k8s.io/ dependencies to 1.16.8 (#305) * chown aws-iam-authenticator to avoid permission denied (#302) * Indentation and unit test improvements (#298) * Adding Rate limiting ec2:DescribeInstances API along with Batching for high TPS (#292) * Restrict ClusterRole to readonly IAMIdentityMapping access (#287) * added selector to spec and changed from extenstions to apps/v1 (#291) * Add AWS AccessKeyID as an extra field in UserInfo (#286) * Allow server port customization (#278) - from version 0.5.0 * Remove DNS-1123 validation of usernames and groups (#260) * switch to use regional sts endpoint & imdsV2 (#283) * Add AWS Access Key ID to log (#282) * Require to pass in interface instead of the concrete type (#279) * Refactor to allow configurable backends (configmap, eks configmap, crd) (#269) * Update go version (#255) * Adding session name parameter to TokenGenerator (#272) * Rename prometheus metrics to match new project name (#249) * Remove inactive approvers, add wongma7 (#266) * Update aws-sdk-go to v1.23.11 (257) * Added go module download check (#259) * Updating goreleaser yaml to fix deprecated options (#252) * Remove deprecated language from README (#244) * Lowercase ARN inside doMapping and log about it (#239) * IAMIdentityMapping CRD Implementation (#116) * Adding micahhausler as approver (#237) * add support for passing externalID to assume role (#228) * Update README.md (#231) * Using sigs.k8s.io domain instead of github.com (#223) * Refactored EC2 API calls to be testable (#226) * Include aws request ID when logging errors (#178) - Remove global Go project variables - Set GO111MODULE=off to force use of vendored modules - Update Go build paths ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1920-1 Released: Thu Jun 2 13:04:48 2022 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1200027,CVE-2022-31736,CVE-2022-31737,CVE-2022-31738,CVE-2022-31739,CVE-2022-31740,CVE-2022-31741,CVE-2022-31742,CVE-2022-31747 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.10.0 ESR (MFSA 2022-21)(bsc#1200027) - CVE-2022-31736: Cross-Origin resource's length leaked - CVE-2022-31737: Heap buffer overflow in WebGL - CVE-2022-31738: Browser window spoof using fullscreen mode - CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files - CVE-2022-31740: Register allocation problem in WASM on arm64 - CVE-2022-31741: Uninitialized variable leads to invalid memory read - CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information - CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1925-1 Released: Thu Jun 2 14:35:20 2022 Summary: Security update for patch Type: security Severity: moderate References: 1080985,1111572,1142041,1198106,CVE-2018-6952,CVE-2019-13636 This update for patch fixes the following issues: Security issues fixed: - CVE-2019-13636: Fixed follow symlinks unless --follow-symlinks is given. This increases the security against malicious patches (bsc#1142041). - CVE-2018-6952: Fixed swapping fakelines in pch_swap. This bug was causing a double free leading to a crash (bsc#1080985). Bugfixes: - Abort when cleaning up fails. This bug could cause an infinite loop when a patch wouldn't apply, leading to a segmentation fault (bsc#1111572). - Pass the correct stat to backup files. This bug would occasionally cause backup files to be missing when all hunks failed to apply (bsc#1198106). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1935-1 Released: Fri Jun 3 17:29:16 2022 Summary: Recommended update for mutter Type: recommended Severity: moderate References: 1193190 This update for mutter fixes the following issues: - Fixes xterm -iconic support, by reverting a workaround for wrongly behaved wine games.(bsc#1193190) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1936-1 Released: Fri Jun 3 20:01:44 2022 Summary: Recommended update for sssd Type: recommended Severity: low References: 1199393 This update for sssd fixes the following issues: - Update sss_cache command's manpage to clarify its effects on the memory cache. (bsc#1199393) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2001-1 Released: Mon Jun 6 20:52:04 2022 Summary: Recommended update for s3fs Type: recommended Severity: moderate References: 1198900 This update for s3fs fixes the following issues: - Update to version 1.91 (bsc#1198900) * Fix RowFlush can not upload last part smaller than 5MB using NoCacheMultipartPost * Fix IAM role retrieval from IMDSv2 * Add option to allow unsigned payloads * Fix mixupload return EntityTooSmall while a copypart is less than 5MB after split * Allow compilation on Windows via MSYS2 * Handle utimensat UTIME_NOW and UTIME_OMIT special values * Preserve sub-second precision in more situations * Always flush open files with O_CREAT flag * Fixed not to call Flush even if the file size is increased * Include climits to support musl libc - Update to version 1.90 + Don't ignore nomultipart when storage is low + Fix POSIX compatibility issues found by pjdfstest + Fail CheckBucket when S3 returns PermanentRedirect + Do not create zero-byte object when creating file + Allow arbitrary size AWS secret keys + Fix race conditions + Set explicit Content-Length: 0 when initiating MPU + Set CURLOPT_UNRESTRICTED_AUTH when authenticating + Add jitter to avoid thundering herd + Loosen CheckBucket to check only the bucket + Add support for AWS-style environment variables ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2003-1 Released: Tue Jun 7 16:33:51 2022 Summary: Security update for mariadb Type: security Severity: important References: 1198603,1198604,1198605,1198606,1198607,1198609,1198610,1198611,1198612,1198613,1198628,1198629,1198630,1198631,1198632,1198633,1198634,1198635,1198636,1198637,1198638,1198639,1198640,1199928,CVE-2021-46669,CVE-2022-21427,CVE-2022-27376,CVE-2022-27377,CVE-2022-27378,CVE-2022-27379,CVE-2022-27380,CVE-2022-27381,CVE-2022-27382,CVE-2022-27383,CVE-2022-27384,CVE-2022-27386,CVE-2022-27387,CVE-2022-27444,CVE-2022-27445,CVE-2022-27446,CVE-2022-27447,CVE-2022-27448,CVE-2022-27449,CVE-2022-27451,CVE-2022-27452,CVE-2022-27455,CVE-2022-27456,CVE-2022-27457,CVE-2022-27458 This update for mariadb fixes the following issues: Update to 10.5.16 (bsc#1199928): - CVE-2021-46669 (bsc#1199928) - CVE-2022-27376 (bsc#1198628) - CVE-2022-27377 (bsc#1198603) - CVE-2022-27378 (bsc#1198604) - CVE-2022-27379 (bsc#1198605) - CVE-2022-27380 (bsc#1198606) - CVE-2022-27381 (bsc#1198607) - CVE-2022-27382 (bsc#1198609) - CVE-2022-27383 (bsc#1198610) - CVE-2022-27384 (bsc#1198611) - CVE-2022-27386 (bsc#1198612) - CVE-2022-27387 (bsc#1198613) - CVE-2022-27444 (bsc#1198634) - CVE-2022-27445 (bsc#1198629) - CVE-2022-27446 (bsc#1198630) - CVE-2022-27447 (bsc#1198631) - CVE-2022-27448 (bsc#1198632) - CVE-2022-27449 (bsc#1198633) - CVE-2022-27451 (bsc#1198639) - CVE-2022-27452 (bsc#1198640) - CVE-2022-27455 (bsc#1198638) - CVE-2022-27456 (bsc#1198635) - CVE-2022-27457 (bsc#1198636) - CVE-2022-27458 (bsc#1198637) - The following issue is not affecting this package: CVE-2022-21427 External refernences: - https://mariadb.com/kb/en/library/mariadb-10516-release-notes - https://mariadb.com/kb/en/library/mariadb-10516-changelog ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2004-1 Released: Tue Jun 7 16:34:20 2022 Summary: Security update for go1.17 Type: security Severity: important References: 1190649,1200134,1200135,1200136,1200137,CVE-2022-29804,CVE-2022-30580,CVE-2022-30629,CVE-2022-30634 This update for go1.17 fixes the following issues: Update to go1.17.11 (released 2022-06-01) (bsc#1190649): - CVE-2022-30634: Fixed crypto/rand rand.Read hangs with extremely large buffers (bsc#1200134). - CVE-2022-30629: Fixed crypto/tls session tickets lack random ticket_age_add (bsc#1200135). - CVE-2022-29804: Fixed path/filepath Clean(`.\c:`) returns `c:` on Windows (bsc#1200137). - CVE-2022-30580: Fixed os/exec empty Cmd.Path can result in running unintended binary on Windows (bsc#1200136). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2005-1 Released: Tue Jun 7 16:34:46 2022 Summary: Security update for go1.18 Type: security Severity: important References: 1193742,1200134,1200135,1200136,1200137,CVE-2022-29804,CVE-2022-30580,CVE-2022-30629,CVE-2022-30634 This update for go1.18 fixes the following issues: Update to go1.18.3 (released 2022-06-01) (bsc#1193742): - CVE-2022-30634: Fixed crypto/rand rand.Read hangs with extremely large buffers (bsc#1200134). - CVE-2022-30629: Fixed crypto/tls session tickets lack random ticket_age_add (bsc#1200135). - CVE-2022-29804: Fixed path/filepath Clean(`.\c:`) returns `c:` on Windows (bsc#1200137). - CVE-2022-30580: Fixed os/exec empty Cmd.Path can result in running unintended binary on Windows (bsc#1200136). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2014-1 Released: Tue Jun 7 19:08:55 2022 Summary: Recommended update for scap-security-guide Type: recommended Severity: moderate References: This update for scap-security-guide fixes the following issues: scap-security-guide was updated to 0.1.61 (jsc#ECO-3319): - Stop building PCI-DSS-centric XCCDF benchmark for RHEL 7 - Introduce OL9 product - Implement handling of logical expressions in platform definitions Please note that SUSE supports only the DISA STIG, HIPAA and PCI-DSS profiles for SUSE Linux Enterprise Server 12 and 15. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2016-1 Released: Wed Jun 8 16:26:36 2022 Summary: Recommended update for vulkan Type: recommended Severity: low References: 1197862 This update for vulkan fixes the following issue: - Disable RPATH to make the inherited package run on SLE-15-SP4. (bsc#1197862) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2017-1 Released: Wed Jun 8 16:27:06 2022 Summary: Recommended update for icewm Type: recommended Severity: low References: 1197729 This update for icewm fixes the following issues: - A later glib2 update will cause icewm fail to build. (bsc#1197729) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2018-1 Released: Wed Jun 8 16:47:04 2022 Summary: Recommended update for build Type: recommended Severity: moderate References: 1197298,1197699,1198740 This update for build fixes the following issues: - Update SLE 15 SP4 and Leap 15.4 build config (bsc#1198740) - Use aio=io_uring if available (bsc#1197699) (build#814) - Add arm32 and loongarch definitions (build#808) - Add compatibility code to initvm - Use upstream way of binfmt argv0 preservation (bsc#1197298) (build#809) - Add template support for Build::SimpleJSON - minor documentation updates - docker: Add support for --root and --installroot global zypper options - debian cross build support via multi-arch (obsoleting cbinstall remnants) - Tumbleweed config synced - documentation updates - smaller bugfixes - regression fix from last release, avoid calling shutdown handler twice when building in vm Changes: * pbuild: add --debug option for building debuginfo packages * rename --debug to --debuginfo to be more exact. * docu: add buildflags:ccachtype and OBS-DoNotAppendProfileToContainername Fixes: * Avoid shutdown of host when using nspawn Features: * download_assets: add --outdir --clean --show-dir-srcmd5 parameters support multiple --arch arguments * asset support for golang modules * add support for LXC 4. * new shortcuts for rpm building: --rpm-noprep, --rpm-build-in-place, --rpm-build-in-place-noprep for building directly from upstream git repositories without any tar ball. * mount securityfs if not mounted by kernel-obs-build * collect steal time during VM builds in statistics. * declare armv8 and armv7 compatible * support OBS Debuginfo build flag for Red Hat variants * setup rpmmacros for all build types and earlier * Kiwi builds - Always append the profile name to kiwi container names * Dockerfile build - improve registry handling - initial Dockerfile.dapper support - support 'curl' commands in docker builds - strip known domains from container name - support container alias names * introducing --verbose option, currently only showing kernel messages. * support cpio creation for special files * handle QEMU >= 6.0 on POWER9 Changes: * Use git+https instead of git-https as url schema * add oops=panic kernel parameter * Updated distribution configurations (esp. Leap 15.4 and Tumbleweed) * new preinstallimages are using zstd by default * source subdirectories are used in git managed sources Minor improvements * change sccache default size limit * speed up improvements in - vm shutdown - rpm preinstall - avoid calling external commands in a loop - using zstd for preinstallimages - no more unpacking progress indicators to avoid slowdown - virtio handling * fixed vm-type=qemu * multiple smaller bugfixes and speed improvements - renamed tumbleweed config to tumbleweed - synced tumbleweed config changes - initial config for Leap 15.4 - docker build environment * Use /.dockerenv as marker for docker environment * support privileged docker/nspawn mode * move --cap-add=SYS_ADMIN --cap-add=MKNOD to privileged mode * initvm: do not attempt to mount /proc and binfmt_misc handler if present - pbuild * rename --hide-timestamps to --no-timestamps * reuse options from older builds * revised --single build mode * support ccache - Unify ccache and sccache handling Features: - deb zstd support (for Ubuntu 21.10) - support KVM builds with enabled network - modulemd support improvements - Support a 'Distmacro' directive for recipe parser-only macros Fixes: - Load selinux policy when using a preinstall image - Use the pax format for preinstall images if bsdtar is available - Add %riscv to std_macros - Fix combine_configs dropping newlines pbuild: - Implement SCC calculation - Improve --shell-after-build and --single options - initial documentation of pbuild - Bugfixes - Fix unpacking of deb/arch archives without bsdtar - fixed regression in multiline macro evaluation from 20th August release Features: - cross architecture build support (for rpm and kiwi) - modulemd meta data support - pbuild to build multiple source packages (initial release, can not be considered stable yet) - supporting external asset stores for source files - support multiple post build checks placed in the directory: /usr/lib/build/post-build-checks/ - sccache support - New --shell-after-fail option - allow to disable squashfs in SimpleImage - supporting aarch64 kernel on armv?l distributions - kiwi: Add support for OBS-RemoteAsset and OBS-CopyToImage directives - container: FROM scratch build support Improvements: - supporting kvm builds as non-root user - Extend stage selection support for rpm builds - various distribution config updates - Support 'BuildFlags: cumulaterpms' (was done only via suse_version before) Fixes: - container builds * support newer podman versions * supporting multiple containers for multi-stage builds - Supporting URL's in Flatpak manifests - epoch handling in debian builds - catch more cases where a failed build is marked as host error - fixing wrong status reporting when a job got killed - hugetlbfs handling fixes - try mounting selinuxfs in VM - Also create the /sys dir when preinstalling (to satisfy dracut) - various XML parser fixes - and many minor ones ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2020-1 Released: Thu Jun 9 10:12:00 2022 Summary: Recommended update for sapwmp Type: recommended Severity: moderate References: This update for sapwmp fixes the following issues: - Update to version 0.1+git.1645197740.6b06c5c: * wmp-check: Polish the phrase of error output. * wmp-check: raise error when user not configure MemoryLow of target slice in digital. * Polish pull request based on review comments. * check.sh: Add unprotect_list check of subcgroups * check.sh: Fix a wmp check bug of memory_low_children * Add switch f and avoid empty DBus message error. * Skip systemd managed processes jsc#PM-3309 (jsc#SLE-24330, jsc#SLE-24332) * Enable wmp-checker for SLE15SP4. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2024-1 Released: Thu Jun 9 10:13:12 2022 Summary: Recommended update for python-azure-agent Type: recommended Severity: moderate References: 1198258 This update for python-azure-agent fixes the following issues: - Reset the dhcp config when deprovisioning and instance to ensure instances from aVM image created from that instance send host information to the DHCP server. (bsc#1198258) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2026-1 Released: Thu Jun 9 10:14:19 2022 Summary: Recommended update for lirc Type: recommended Severity: low References: 1192772 This update for lirc fixes the following issues: - Fix library dependency. (bsc#1192772) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2044-1 Released: Fri Jun 10 13:37:07 2022 Summary: Security update for google-gson Type: security Severity: important References: 1199064,CVE-2022-25647 This update for google-gson fixes the following issues: - CVE-2022-25647: Fixed deserialization of untrusted data (bsc#1199064). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2047-1 Released: Mon Jun 13 09:19:06 2022 Summary: Security update for netty3 Type: security Severity: moderate References: 1193672,1197787,CVE-2021-43797 This update for netty3 fixes the following issues: - CVE-2021-43797: Fixed a potential HTTP request smuggling issue due to insufficient validation against control characters (bsc#1193672). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2049-1 Released: Mon Jun 13 09:23:52 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1191908,1198422 This update for binutils fixes the following issues: - Revert back to old behaviour of not ignoring the in-section content of to be relocated fields on x86-64, even though that's a RELA architecture. Compatibility with buggy object files generated by old tools. [bsc#1198422] - Fix a problem in crash not accepting some of our .ko.debug files. (bsc#1191908) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2053-1 Released: Mon Jun 13 10:37:44 2022 Summary: Security update for u-boot Type: security Severity: important References: 1199623,1200363,1200364,CVE-2022-30552,CVE-2022-30767,CVE-2022-30790 This update for u-boot fixes the following issues: - CVE-2022-30552: A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code. (bsc#1200363) - CVE-2022-30790: A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive. (bsc#1200364) - CVE-2022-30767: Fixed an unbounded memcpy with a failed length check leading to a buffer overflow (bsc#1199623). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2060-1 Released: Mon Jun 13 15:26:16 2022 Summary: Recommended update for geronimo-specs Type: recommended Severity: moderate References: 1200426 This recommended update for geronimo-specs provides the following fix: - Ship geronimo-annotation-1_0-api to SUSE Manager server as it is now needed by google-gson. (bsc#1200426) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2061-1 Released: Mon Jun 13 15:33:49 2022 Summary: Recommended update for SUSEConnect Type: recommended Severity: moderate References: 1196076 This update for SUSEConnect fixes the following issues: - Update to 0.3.34 - Manage the `System-Token` header. The `System-Token` header as delivered by SCC will be stored inside of the credentials file for later use on API calls. This way we add system clone detection for systems using this version of SUSE Connect. - Update to 0.3.33 - Add --keepalive command to send pings to SCC. - Add service/timer to periodically call --keepalive command to make system information in SCC and proxies more accurate. (bsc#1196076) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2062-1 Released: Mon Jun 13 15:34:16 2022 Summary: Security update for MozillaThunderbird Type: security Severity: important References: 1199768,1200027,CVE-2022-1529,CVE-2022-1802,CVE-2022-1834,CVE-2022-31736,CVE-2022-31737,CVE-2022-31738,CVE-2022-31739,CVE-2022-31740,CVE-2022-31741,CVE-2022-31742,CVE-2022-31747 This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 91.9.1 MFSA 2022-19 (bsc#1199768): - CVE-2022-1802: Prototype pollution in Top-Level Await implementation (bmo#1770137). - CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution (bmo#1770048). Update to Mozilla Thunderbird 91.10 MFSA 2022-22 (bsc#1200027): - CVE-2022-31736: Cross-Origin resource's length leaked (bmo#1735923) - CVE-2022-31737: Heap buffer overflow in WebGL (bmo#1743767) - CVE-2022-31738: Browser window spoof using fullscreen mode (bmo#1756388) - CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files (bmo#1765049) - CVE-2022-31740: Register allocation problem in WASM on arm64 (bmo#1766806) - CVE-2022-31741: Uninitialized variable leads to invalid memory read (bmo#1767590) - CVE-2022-1834: Braille space character caused incorrect sender email to be shown for a digitally signed email (bmo#1767816) - CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information (bmo#1730434) - CVE-2022-31747: Memory safety bugs fixed in Thunderbird 91.10 (bmo#1760765, bmo#1765610, bmo#1766283, bmo#1767365, bmo#1768559, bmo#1768734) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2063-1 Released: Mon Jun 13 15:34:44 2022 Summary: Security update for gimp Type: security Severity: moderate References: 1199653,CVE-2022-30067 This update for gimp fixes the following issues: - CVE-2022-30067: Fixed uncontrolled memory consumption via crafted XCF file (bsc#1199653). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2064-1 Released: Mon Jun 13 15:35:18 2022 Summary: Security update for grub2 Type: security Severity: important References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198495,1198496,1198581,CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736 This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2065-1 Released: Mon Jun 13 15:35:53 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1197426,1199965,1199966,CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361,CVE-2022-26362,CVE-2022-26363,CVE-2022-26364 This update for xen fixes the following issues: - CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361: Fixed IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues (XSA-400) (bsc#1197426) - CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965) - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2070-1 Released: Tue Jun 14 11:55:48 2022 Summary: Security update for python-Twisted Type: security Severity: important References: 1196739,CVE-2022-21716 This update for python-Twisted fixes the following issues: - CVE-2022-21716: Fixed that ssh server accepts an infinite amount of data using all the available memory (bsc#1196739). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2072-1 Released: Tue Jun 14 11:58:34 2022 Summary: Security update for webkit2gtk3 Type: security Severity: important References: 1199287,1200106,CVE-2022-26700,CVE-2022-26709,CVE-2022-26716,CVE-2022-26717,CVE-2022-26719,CVE-2022-30293 This update for webkit2gtk3 fixes the following issues: Update to version 2.36.3 (bsc#1200106) - CVE-2022-30293: Fixed heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer (bsc#1199287). - CVE-2022-26700: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26709: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26716: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26717: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26719: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2078-1 Released: Tue Jun 14 20:30:07 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1055117,1061840,1065729,1103269,1118212,1153274,1154353,1156395,1158266,1167773,1176447,1178134,1180100,1183405,1188885,1195826,1196426,1196478,1196570,1196840,1197446,1197472,1197601,1197675,1198438,1198577,1198971,1198989,1199035,1199052,1199063,1199114,1199314,1199505,1199507,1199564,1199626,1199631,1199650,1199670,1199839,1200019,1200045,1200046,1200192,1200216,CVE-2019-19377,CVE-2021-33061,CVE-2022-0168,CVE-2022-1184,CVE-2022-1652,CVE-2022-1729,CVE-2022-1972,CVE-2022-20008,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-30594 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472) - CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564) - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). The following non-security bugs were fixed: - ACPI: property: Release subnode properties with data nodes (git-fixes). - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes) - ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes) - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes) - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes) - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes) - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes) - ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes) - ARM: dts: at91: fix pinctrl phandles (git-fixes) - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes) - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes) - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes) - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes) - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes) - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes) - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes) - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes) - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes) - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes) - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes) - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes) - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes) - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes) - ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes) - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes) - ARM: dts: meson: Fix the UART compatible strings (git-fixes) - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes) - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes) - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes) - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes) - arm: mediatek: select arch timer for mt7629 (git-fixes) - ARM: omap: remove debug-leds driver (git-fixes) - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes) - ARM: socfpga: dts: fix qspi node compatible (git-fixes) - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes) - ARM: tegra: Move panels to AUX bus (git-fixes) - arm64: dts: broadcom: Fix sata nodename (git-fixes) - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes) - arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes) - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes) - arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes) - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - batman-adv: Do not skb_split skbuffs with frag_list (git-fixes). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - ceph: fix setting of xattrs on async created inodes (bsc#1200192). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - dim: initialize all struct fields (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - docs: powerpc: Fix misspellings and grammar errors (bsc#1055117 ltc#159753). - docs: submitting-patches: Fix crossref to 'The canonical patch format' (git-fixes). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - driver: core: fix deadlock in __device_attach (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes) - drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - drivers/base/node.c: fix compaction sysfs file leak (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm: sti: do not use kernel-doc markers (git-fixes). - drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types (git-fixes). - drm/amdkfd: Fix GWS queue count (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/edid: fix invalid EDID extension block filtering (git-fixes). - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes). - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - EDAC/synopsys: Read the error count from the correct register (bsc#1178134). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - genirq: Fix reference leaks on irq affinity notifiers (git-fixes) - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes) - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - genirq/affinity: Handle affinity setting on inactive (git-fixes) - genirq/msi: Ensure deactivation on teardown (git-fixes) - genirq/proc: Reject invalid affinity masks (again) (git-fixes) - genirq/timings: Fix error return code in (git-fixes) - genirq/timings: Prevent potential array overflow in (git-fixes) - gma500: fix an incorrect NULL check on list iterator (git-fixes). - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - hinic: fix bug of wq out of bound access (bsc#1176447). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - i40e: stop disabling VFs due to PF error responses (git-fixes). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (jsc#SLE-12878). - ice: Clear default forwarding VSI during VSI release (jsc#SLE-12878). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (jsc#SLE-7926). - ice: Fix race conditions between virtchnl handling and VF ndo ops (git-fixes). - ice: synchronize_rcu() when terminating rings (jsc#SLE-7926). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - Input: add bounds checking to input_set_capability() (git-fixes). - Input: ili210x - fix reset timing (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - ionic: avoid races in ionic_heartbeat_check (bsc#1167773). - ionic: Cleanups in the Tx hotpath code (bsc#1167773). - ionic: disable napi when ionic_lif_init() fails (bsc#1167773). - ionic: Do not send reset commands if FW isn't running (bsc#1167773). - ionic: fix missing pci_release_regions() on error in ionic_probe() (bsc#1167773). - ionic: fix type complaint in ionic_dev_cmd_clean() (jsc#SLE-16649). - ionic: monitor fw status generation (bsc#1167773). - ionic: remove the dbid_inuse bitmap (bsc#1167773). - ionic: start watchdog after all is setup (bsc#1167773). - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - iwlwifi: mvm: fix the return type for DSM functions 1 and 2 (git-fixes). - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - kABI: ivtv: restore caps member (git-fixes). - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (git-fixes). - lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes). - lan743x: remove redundant assignment to variable rx_process_result (git-fixes). - lib/raid6/test: fix multiple definition linking error (git-fixes). - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - mac80211: Reset MBSSID parameters upon connection (git-fixes). - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: videobuf2: Fix the size printk format (git-fixes). - media: vim2m: Register video device after setting up internals (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (jsc#SLE-15176, jsc#SLE-16387). - mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (git-fixes). - mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - mt76: mt7663s: fix rx buffer refcounting (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes). - net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs (git-fixes). - net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes). - net: ethernet: Fix memleak in ethoc_probe (git-fixes). - net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes). - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes). - net: hns3: add a check for index in hclge_get_rss_key() (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (bsc#1154353). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (jsc#SLE-14777). - net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes). - net: korina: fix return value (git-fixes). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1183405). - net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes). - net: stmmac: dwmac-sun8i: Balance internal PHY resource references (git-fixes). - net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes). - net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes). - net/mlx5: Fix a race on command flush flow (jsc#SLE-15172). - net/mlx5e: Fix the calling of update_buffer_lossy() API (jsc#SLE-15172). - netdevice: demote the type of some dev_addr_set() helpers (bsc#1200216). - netfilter: conntrack: connection timeout after re-register (bsc#1199035). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (bsc#1176447). - NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - NFC: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - NFC: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - NFC: NULL out the dev->rfkill to prevent UAF (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - NFS: Do not invalidate inode attributes on delegation return (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - nvdimm/region: always show the 'align' attribute (bsc#1199114). - nvme-tcp: allow selecting the network interface for connections (bsc#1199670). - nvme-tcp: use __dev_get_by_name instead dev_get_by_name for OPT_HOST_IFACE (bsc#1199670). - objtool: Fix type of reloc::addend (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI: Do not enable AtomicOps on VFs (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: iproc: Set affinity mask on MSI interrupts (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl/rockchip: support deferring other gpio params (git-fixes). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - ping: remove pr_err from ping_lookup (bsc#1195826). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - qlcnic: Fix error code in probe (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes). - revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438). - rtc: fix use-after-free on device removal (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - sched/topology: Skip updating masks for non-online nodes (bsc#1197446 ltc#183000). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init & module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: 8250: core: Remove unneeded <linux/pm_runtime.h> (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250: pxa: Remove unneeded <linux/pm_runtime.h> (git-fixes). - serial: digicolor-usart: Do not allow CS5-6 (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes). - serial: rda-uart: Do not allow CS5-6 (git-fixes). - serial: sh-sci: Do not allow CS5-6 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: txx9: Do not allow CS5-6 (git-fixes). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - smsc911x: allow using IRQ0 (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - timekeeping: Really make sure wall_to_monotonic isn't (git-fixes) - timers: Fix warning condition in __run_timers() (git-fixes) - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - tracing: Fix potential double free in create_var_ref() (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - usb: quirks: add a Realtek card reader (git-fixes). - usb: quirks: add STRING quirk for VCOM device (git-fixes). - usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - usb: serial: option: add Fibocom L610 modem (git-fixes). - usb: serial: option: add Fibocom MA510 modem (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - usb: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - usb: storage: karma: fix rio_karma_init return (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2079-1 Released: Tue Jun 14 20:32:06 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1055117,1061840,1065729,1103269,1118212,1152472,1152489,1153274,1154353,1156395,1158266,1167773,1176447,1178134,1180100,1183405,1188885,1195612,1195651,1195826,1196426,1196478,1196570,1196840,1197446,1197472,1197601,1197675,1198438,1198534,1198577,1198971,1198989,1199035,1199052,1199063,1199114,1199314,1199505,1199507,1199564,1199626,1199631,1199650,1199670,1199839,1200019,1200045,1200046,1200192,1200216,CVE-2019-19377,CVE-2021-33061,CVE-2022-0168,CVE-2022-1184,CVE-2022-1652,CVE-2022-1729,CVE-2022-1972,CVE-2022-20008,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-24448,CVE-2022-30594 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564) - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472) - CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). The following non-security bugs were fixed: - ACPI: property: Release subnode properties with data nodes (git-fixes). - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes) - ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes) - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes) - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes) - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes) - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes) - ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes) - ARM: dts: at91: fix pinctrl phandles (git-fixes) - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes) - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes) - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes) - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes) - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes) - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes) - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes) - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes) - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes) - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes) - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes) - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes) - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes) - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes) - ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes) - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes) - ARM: dts: meson: Fix the UART compatible strings (git-fixes) - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes) - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes) - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes) - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes) - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes) - ARM: mediatek: select arch timer for mt7629 (git-fixes) - ARM: omap: remove debug-leds driver (git-fixes) - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes) - ARM: socfpga: dts: fix qspi node compatible (git-fixes) - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes) - ARM: tegra: Move panels to AUX bus (git-fixes) - arm64: dts: broadcom: Fix sata nodename (git-fixes) - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes) - arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes) - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes) - arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes) - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489) - batman-adv: Do not skb_split skbuffs with frag_list (git-fixes). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - ceph: fix setting of xattrs on async created inodes (bsc#1200192). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - crypto: x86 - eliminate anonymous module_init & module_exit (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - dim: initialize all struct fields (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - docs: powerpc: Fix misspellings and grammar errors (bsc#1055117 ltc#159753). - docs: submitting-patches: Fix crossref to 'The canonical patch format' (git-fixes). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - driver core: fix deadlock in __device_attach (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes) - drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - drivers/base/node.c: fix compaction sysfs file leak (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm: sti: do not use kernel-doc markers (git-fixes). - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472) - drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types (git-fixes). - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489) - drm/amdkfd: Fix GWS queue count (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472) - drm/edid: fix invalid EDID extension block filtering (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472) - drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489) - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes). - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489) - drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489) - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472) - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534) - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - drm/vmwgfx: Remove unused compile options (bsc#1152472) - EDAC/synopsys: Read the error count from the correct register (bsc#1178134). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - Fix double fget() in vhost_net_set_backend() (git-fixes). - genirq: Fix reference leaks on irq affinity notifiers (git-fixes) - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes) - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - genirq/affinity: Handle affinity setting on inactive (git-fixes) - genirq/msi: Ensure deactivation on teardown (git-fixes) - genirq/proc: Reject invalid affinity masks (again) (git-fixes) - genirq/timings: Fix error return code in (git-fixes) - genirq/timings: Prevent potential array overflow in (git-fixes) - gma500: fix an incorrect NULL check on list iterator (git-fixes). - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - hinic: fix bug of wq out of bound access (bsc#1176447). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - i40e: stop disabling VFs due to PF error responses (git-fixes). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (jsc#SLE-12878). - ice: Clear default forwarding VSI during VSI release (jsc#SLE-12878). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (jsc#SLE-7926). - ice: Fix race conditions between virtchnl handling and VF ndo ops (git-fixes). - ice: synchronize_rcu() when terminating rings (jsc#SLE-7926). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - Input: add bounds checking to input_set_capability() (git-fixes). - Input: ili210x - fix reset timing (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - ionic: avoid races in ionic_heartbeat_check (bsc#1167773). - ionic: Cleanups in the Tx hotpath code (bsc#1167773). - ionic: disable napi when ionic_lif_init() fails (bsc#1167773). - ionic: Do not send reset commands if FW isn't running (bsc#1167773). - ionic: fix missing pci_release_regions() on error in ionic_probe() (bsc#1167773). - ionic: fix type complaint in ionic_dev_cmd_clean() (jsc#SLE-16649). - ionic: monitor fw status generation (bsc#1167773). - ionic: remove the dbid_inuse bitmap (bsc#1167773). - ionic: start watchdog after all is setup (bsc#1167773). - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - iwlwifi: mvm: fix the return type for DSM functions 1 and 2 (git-fixes). - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - kABI: ivtv: restore caps member (git-fixes). - Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH (git-fixes). - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (git-fixes). - lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes). - lan743x: remove redundant assignment to variable rx_process_result (git-fixes). - lib/raid6/test: fix multiple definition linking error (git-fixes). - lpfc: Readd update to version 14.2.0.1 (bsc#1197675 bsc#1196478 bsc#1198989) The update was reverted due to some regression on older hardware. These have been fixed in the meantime, thus update the driver. - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - mac80211: Reset MBSSID parameters upon connection (git-fixes). - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: videobuf2: Fix the size printk format (git-fixes). - media: vim2m: Register video device after setting up internals (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (jsc#SLE-15176, jsc#SLE-16387). - mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (git-fixes). - mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - mt76: mt7663s: fix rx buffer refcounting (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes). - net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs (git-fixes). - net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes). - net: ethernet: Fix memleak in ethoc_probe (git-fixes). - net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes). - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes). - net: hns3: add a check for index in hclge_get_rss_key() (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (bsc#1154353). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (jsc#SLE-14777). - net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes). - net: korina: fix return value (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1183405). - net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes). - net: stmmac: dwmac-sun8i: Balance internal PHY resource references (git-fixes). - net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes). - net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes). - net/mlx5: Fix a race on command flush flow (jsc#SLE-15172). - net/mlx5e: Fix the calling of update_buffer_lossy() API (jsc#SLE-15172). - netdevice: demote the type of some dev_addr_set() helpers (bsc#1200216). - netfilter: conntrack: connection timeout after re-register (bsc#1199035). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (bsc#1176447). - NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - NFC: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - NFC: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - NFC: NULL out the dev->rfkill to prevent UAF (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - NFSv4: Do not invalidate inode attributes on delegation return (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - nvdimm/region: always show the 'align' attribute (bsc#1199114). - nvme-tcp: allow selecting the network interface for connections (bsc#1199670). - nvme-tcp: use __dev_get_by_name instead dev_get_by_name for OPT_HOST_IFACE (bsc#1199670). - objtool: Fix type of reloc::addend (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI: Do not enable AtomicOps on VFs (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: iproc: Set affinity mask on MSI interrupts (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl/rockchip: support deferring other gpio params (git-fixes). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - ping: remove pr_err from ping_lookup (bsc#1195826). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - qlcnic: Fix error code in probe (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes). - rtc: fix use-after-free on device removal (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - sched/topology: Skip updating masks for non-online nodes (bsc#1197446 ltc#183000). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045 bsc#1198989 bsc#1197675). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init & module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: 8250: core: Remove unneeded <linux/pm_runtime.h> (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250: pxa: Remove unneeded <linux/pm_runtime.h> (git-fixes). - serial: digicolor-usart: Do not allow CS5-6 (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes). - serial: rda-uart: Do not allow CS5-6 (git-fixes). - serial: sh-sci: Do not allow CS5-6 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: txx9: Do not allow CS5-6 (git-fixes). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - smsc911x: allow using IRQ0 (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - timekeeping: Really make sure wall_to_monotonic isn't (git-fixes) - timers: Fix warning condition in __run_timers() (git-fixes) - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - tracing: Fix potential double free in create_var_ref() (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - usb: dwc3: core: Fix tx/rx threshold settings (git-fixes). - usb: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - usb: dwc3: gadget: Return proper request status (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - usb: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489) - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - usb: quirks: add a Realtek card reader (git-fixes). - usb: quirks: add STRING quirk for VCOM device (git-fixes). - usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - usb: serial: option: add Fibocom L610 modem (git-fixes). - usb: serial: option: add Fibocom MA510 modem (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - usb: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - usb: storage: karma: fix rio_karma_init return (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2081-1 Released: Tue Jun 14 21:04:07 2022 Summary: Security update for 389-ds Type: security Severity: important References: 1195324,1199889,CVE-2021-4091,CVE-2022-1949 This update for 389-ds fixes the following issues: - CVE-2021-4091: Fixed double free in psearch (bsc#1195324). - CVE-2022-1949: Fixed full access control bypass with simple crafted query (bsc#1199889). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:2086-1 Released: Wed Jun 15 09:45:24 2022 Summary: Optional update for SUSE Package Hub Type: optional Severity: moderate References: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: os-prober ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:2087-1 Released: Wed Jun 15 09:46:37 2022 Summary: Optional update for SUSE Package Hub Type: optional Severity: moderate References: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: rp-pppoe linux-atm ppp ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2090-1 Released: Wed Jun 15 12:38:34 2022 Summary: Recommended update for regionServiceClientConfigAzure Type: recommended Severity: moderate References: 1199668 This update for regionServiceClientConfigAzure fixes the following issues: - Update to version 2.0.0 (bsc#1199668) - Move the certs to /usr from /var to accomodate ro filesystem of SLE-Micro - Fix source url in spec file ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2093-1 Released: Wed Jun 15 17:08:05 2022 Summary: Recommended update for open-vm-tools Type: recommended Severity: moderate References: 1196803,1196804 This update for open-vm-tools fixes the following issues: - Update to 12.0.0 (build 19345655) (bsc#1196803) - Update open-vm-tools 12.0.0. (jsc#SLE-24097) - Support for managing Salt Minion through guest variables. A new open-vm-tools-salt-minion rpm is added to handle this support. - New ComponentMgr plugin to manage (add, remove, monitor) components on the guest VM. - Patch to fix potential Fail to Build from Source. (bsc#1196804) - Build vmhgfs with either libfuse2 or libfuse3. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2094-1 Released: Wed Jun 15 17:08:50 2022 Summary: Recommended update for fence-agents Type: recommended Severity: important References: 1198872 This update for fence-agents fixes the following issues: - Fix and issue where 'fence-agents' is broken in GCP due to missing '--zone' parameter (bsc#1198872) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2096-1 Released: Wed Jun 15 17:09:51 2022 Summary: Recommended update for yast2-online-update-configuration Type: recommended Severity: moderate References: 1198848 This update for yast2-online-update-configuration fixes the following issues: - Reduce nesting in the 'category_filter' section of the AutoYaST profile. The old (nested) format is still accepted. (bsc#1198848) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2097-1 Released: Wed Jun 15 17:10:07 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1199451 This update for yast2-network fixes the following issues: - CFA NM: replace problematic characters when getting the filename for the given wireless configuration (bsc#1199451). - 4.3.82 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2102-1 Released: Thu Jun 16 15:18:23 2022 Summary: Security update for vim Type: security Severity: important References: 1070955,1191770,1192167,1192902,1192903,1192904,1193466,1193905,1194093,1194216,1194217,1194388,1194872,1194885,1195004,1195203,1195332,1195354,1196361,1198596,1198748,1199331,1199333,1199334,1199651,1199655,1199693,1199745,1199747,1199936,1200010,1200011,1200012,CVE-2017-17087,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3875,CVE-2021-3903,CVE-2021-3927,CVE-2021-3928,CVE-2021-3968,CVE-2021-3973,CVE-2021-3974,CVE-2021-3984,CVE-2021-4019,CVE-2021-4069,CVE-2021-4136,CVE-2021-4166,CVE-2021-4192,CVE-2021-4193,CVE-2021-46059,CVE-2022-0128,CVE-2022-0213,CVE-2022-0261,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0359,CVE-2022-0361,CVE-2022-0392,CVE-2022-0407,CVE-2022-0413,CVE-2022-0696,CVE-2022-1381,CVE-2022-1420,CVE-2022-1616,CVE-2022-1619,CVE-2022-1620,CVE-2022-1733,CVE-2022-1735,CVE-2022-1771,CVE-2022-1785,CVE-2022-1796,CVE-2022-1851,CVE-2022-1897,CVE-2022-1898,CVE-2022-1927 This update for vim fixes the following issues: - CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955). - CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770). - CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167). - CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902). - CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903). - CVE-2021-3974: Fixed use-after-free (bsc#1192904). - CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466). - CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905). - CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093). - CVE-2021-4192: Fixed use-after-free (bsc#1194217). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388). - CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885). - CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872). - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203). - CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332). - CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354). - CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361). - CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596). - CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748). - CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331). - CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333). - CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334). - CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655). - CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651). - CVE-2022-1771: Fixed stack exhaustion (bsc#1199693). - CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745). - CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747). - CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936). - CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010). - CVE-2022-1898: Fixed use-after-free (bsc#1200011). - CVE-2022-1927: Fixed buffer over-read (bsc#1200012). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2108-1 Released: Thu Jun 16 15:25:55 2022 Summary: Security update for rubygem-actionpack-5_1, rubygem-activesupport-5_1 Type: security Severity: important References: 1185780,1196182,CVE-2021-22904,CVE-2022-23633 This update for rubygem-actionpack-5_1 and rubygem-activesupport-5_1 fixes the following issues: - CVE-2021-22904: Fixed possible DoS Vulnerability in Action Controller Token Authentication (bsc#1185780) - CVE-2022-23633: Fixed possible exposure of information vulnerability in Action Pack (bsc#1196182) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:2114-1 Released: Fri Jun 17 18:11:32 2022 Summary: Feature update for build Type: feature Severity: moderate References: This feature update for build provides the following changes: Support the Multi Factor Authentication in osc (jsc#SLE-24657, jsc#SLE-24652, jsc#SLE-24653) - Upgrade build from version 20220422 to version 20220613: * deb: defer dpkg triggers until all packages are installed, and disable man-db altogether * Add support of Debian Source format 3.0 (quilt) and changelog modification * Stop building aarch64_ilp32 baselibs for aarch64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2118-1 Released: Mon Jun 20 13:04:15 2022 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1181223,1190462,1193600,1196704,1197507,1197689 This update fixes the following issues: golang-github-QubitProducts-exporter_exporter: - Adapted to build on Enterprise Linux. - Fix build for RedHat 7 - Require Go >= 1.14 also for CentOS - Add support for CentOS - Replace %{?systemd_requires} with %{?systemd_ordering} mgr-cfg: - Version 4.3.6-1 * Corrected source URL in spec file * Fix installation problem for SLE15SP4 due missing python-selinux * Fix python selinux package name depending on build target (bsc#1193600) * Do not build python 2 package for SLE15SP4 and higher * Remove unused legacy code mgr-custom-info: - Version 4.3.3-1 * Remove unused legacy code mgr-daemon: - Version 4.3.4-1 * Corrected source URLs in spec file. * Update translation strings mgr-osad: - Version 4.3.6-1 * Corrected source URL in spec file. * Do not build python 2 package for SLE15SP4 and higher * Removed spacewalk-selinux dependencies. * Updated source url. mgr-push: - Version 4.3.4-1 * Corrected source URLs in spec file. mgr-virtualization: - Version 4.3.5-1 * Corrected source URLs in spec file. * Do not build python 2 package for SLE15SP4 and higher prometheus-blackbox_exporter: - Enhanced to build on Enterprise Linux 8 prometheus-postgres_exporter: - Updated for RHEL8. python-hwdata: - Require python macros for building rhnlib: - Version 4.3.4-1 * Reorganize python files spacecmd: - Version 4.3.11-1 * on full system update call schedulePackageUpdate API (bsc#1197507) * parse boolean paramaters correctly (bsc#1197689) * Add parameter to set containerized proxy SSH port * Add proxy config generation subcommand * Option 'org_createfirst' added to perform initial organization and user creation * Added gettext build requirement for RHEL. * Removed RHEL 5 references. * Include group formulas configuration in spacecmd group_backup and spacecmd group_restore. This changes backup format to json, previously used plain text is still supported for reading (bsc#1190462) * Update translation strings * Improved event history listing and added new system_eventdetails command to retrieve the details of an event * Make schedule_deletearchived to get all actions without display limit * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) spacewalk-client-tools: - Version 4.3.9-1 * Corrected source URLs in spec file. * do not build python 2 package for SLE15 * Remove unused legacy code * Update translation strings spacewalk-koan: - Version 4.3.5-1 * Corrected source URLs in spec file. spacewalk-oscap: - Version 4.3.5-1 * Corrected source URLs in spec file. * Do not build python 2 package for SLE15SP4 and higher spacewalk-remote-utils: - Version 4.3.3-1 * Adapt the package for changes in rhnlib supportutils-plugin-susemanager-client: - Version 4.3.2-1 * Add proxy containers config and logs suseRegisterInfo: - Version 4.3.3-1 * Bump version to 4.3.0 supportutils-plugin-salt: - Add support for Salt Bundle uyuni-common-libs: - Version 4.3.4-1 * implement more decompression algorithms for reposync (bsc#1196704) * Reorganize python files * Add decompression of zck files to fileutils ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:2124-1 Released: Mon Jun 20 13:28:36 2022 Summary: Feature update for salt Type: feature Severity: important References: 1195625,1199149 This update for salt fixes the following issues: - Make sure SaltCacheLoader use correct fileclient (bsc#1199149) - Update to version 3004 (jsc#SLE-24223) (jsc#SLE-23672) * See release notes: https://docs.saltproject.io/en/master/topics/releases/3004.html - Expose missing 'ansible' module functions in Salt 3004 (bsc#1195625) - Fixes for Python 3.10 - Fix issues found around pre_flight_script_args - Fix salt-call event.send with pillar or grains - Fix exception in batch_async caused by a bad function call - Fix print regression for yumnotify plugin - Fix issues with salt-ssh's extra-filerefs - Fix crash when calling manage.not_alive runners ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2139-1 Released: Mon Jun 20 14:55:41 2022 Summary: Security update for golang-github-prometheus-alertmanager Type: security Severity: important References: 1181400,1196338,CVE-2022-21698 This update for golang-github-prometheus-alertmanager fixes the following issues: Update golang-github-prometheus-alertmanager from version 0.21.0 to version 0.23.0 (bsc#1196338, jsc#SLE-24077) - CVE-2022-21698: Denial of service using InstrumentHandlerCounter - Update vendor tarball with prometheus/client_golang 1.11.1 - Update required Go version to 1.16 - Use %autosetup macro - Update to version 0.23.0: * Release 0.23.0 * Release 0.23.0-rc.0 * amtool: Detect version drift and warn users (#2672) * Add ability to skip TLS verification for amtool (#2663) * Fix empty isEqual in amtool. (#2668) * Fix main tests (#2670) * cli: add new template render command (#2538) * OpsGenie: refer to alert instead of incident (#2609) * Docs: target_match and source_match are DEPRECATED (#2665) * Fix test not waiting for cluster member to be ready - Add go_modules to _service. - Added hardening to systemd service(s) with a modified prometheus-alertmanager.service (bsc#1181400) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2140-1 Released: Mon Jun 20 14:58:38 2022 Summary: Security update for node_exporter Type: security Severity: important References: 1190535,1196338,CVE-2022-21698 This security update for golang-github-prometheus-node_exporter provides: Update golang-github-prometheus-node_exporter from version 1.1.2 to version 1.3.0 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239) - CVE-2022-21698: Denial of service using InstrumentHandlerCounter - Update vendor tarball with prometheus/client_golang 1.11.1 - Update to 1.3.0 * [CHANGE] Add path label to rapl collector #2146 * [CHANGE] Exclude filesystems under /run/credentials #2157 * [CHANGE] Add TCPTimeouts to netstat default filter #2189 * [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771 * [FEATURE] Add darwin powersupply collector #1777 * [FEATURE] Add support for monitoring GPUs on Linux #1998 * [FEATURE] Add Darwin thermal collector #2032 * [FEATURE] Add os release collector #2094 * [FEATURE] Add netdev.address-info collector #2105 * [FEATURE] Add clocksource metrics to time collector #2197 * [ENHANCEMENT] Support glob textfile collector directories #1985 * [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080 * [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165 * [ENHANCEMENT] Add flag to disable guest CPU metrics #2123 * [ENHANCEMENT] Add DMI collector #2131 * [ENHANCEMENT] Add threads metrics to processes collector #2164 * [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169 * [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189 * [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208 * [BUGFIX] ethtool: Sanitize metric names #2093 * [BUGFIX] Fix ethtool collector for multiple interfaces #2126 * [BUGFIX] Fix possible panic on macOS #2133 * [BUGFIX] Collect flag_info and bug_info only for one core #2156 * [BUGFIX] Prevent duplicate ethtool metric names #2187 - Update to 1.2.2 * Bug fixes Fix processes collector long int parsing #2112 - Update to 1.2.1 * Removed Remove obsolete capture permission denied error fix already included upstream * Bug fixes Fix zoneinfo parsing prometheus/procfs#386 Fix nvme collector log noise #2091 Fix rapl collector log noise #2092 - Update to 1.2.0 * Changes Rename filesystem collector flags to match other collectors #2012 Make node_exporter print usage to STDOUT #203 * Features Add conntrack statistics metrics #1155 Add ethtool stats collector #1832 Add flag to ignore network speed if it is unknown #1989 Add tapestats collector for Linux #2044 Add nvme collector #2062 * Enhancements Add ErrorLog plumbing to promhttp #1887 Add more Infiniband counters #2019 netclass: retrieve interface names and filter before parsing #2033 Add time zone offset metric #2060 * Bug fixes Handle errors from disabled PSI subsystem #1983 Fix panic when using backwards compatible flags #2000 Fix wrong value for OpenBSD memory buffer cache #2015 Only initiate collectors once #2048 Handle small backwards jumps in CPU idle #2067 - Capture permission denied error for 'energy_uj' file (bsc#1190535) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2144-1 Released: Mon Jun 20 16:11:48 2022 Summary: Security maintenance update for SUSE Manager 4.2: Server and Proxy Type: security Severity: important References: 1187333,1191143,1192550,1193707,1194594,1195710,1196702,1197400,1197438,1197449,1197488,1197591,1197689,1198221,1199089,1199142,1199149,1199512,1199629,1200212,1200606,CVE-2021-44906,CVE-2022-21952,CVE-2022-31248 Security maintenance update for SUSE Manager 4.2: Server and Proxy This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2156-1 Released: Wed Jun 22 17:08:41 2022 Summary: Recommended updates for python3-dnspython and python3-zypp-plugin: Type: recommended Severity: important References: - Add python3-dnspython and python3-zypp-plugin to unrestricted channels. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2157-1 Released: Wed Jun 22 17:11:25 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1198458 This update for binutils fixes the following issues: - For building the shim 15.6~rc1 and later versions aarch64 image, objcopy needs to support efi-app-aarch64 target. (bsc#1198458) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2168-1 Released: Fri Jun 24 09:57:53 2022 Summary: Security update for drbd Type: security Severity: important References: 1198581 This update of drbd fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2172-1 Released: Fri Jun 24 10:33:55 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1177282,1184924,1198924,1199365,1199482,1200015,1200143,1200144,1200206,1200207,1200249,1200259,1200263,1200343,1200494,1200529,1200604,CVE-2020-26541,CVE-2022-1012,CVE-2022-1966,CVE-2022-1974,CVE-2022-1975,CVE-2022-20141,CVE-2022-32250 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-1012: Fixed a small table perturb size in the TCP source port generation algorithm which could leads to information leak. (bsc#1199482). - CVE-2022-20141: Fixed an use after free due to improper locking. This bug could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. (bnc#1200604) - CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) The following non-security bugs were fixed: - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - ACPI: sysfs: Make sparse happy about address space in use (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes) - ASoC: dapm: Do not fold register value changes into notifications (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cfg80211: set custom regdomain after wiphy registration (git-fixes). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - drm/i915: fix i915_globals_exit() section mismatch error (git-fixes). - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - ftrace: Clean up hash direct_functions on register failures (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - hwmon: Make chip parameter for with_info API mandatory (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: goodix - fix spurious key release events (git-fixes). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - KVM: fix wrong exception emulation in check_rdtsc (git-fixes). - KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT (git-fixes). - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (git-fixes). - KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (git-fixes). - KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - KVM: s390: pv: avoid double free of sida page (git-fixes). - KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes). - KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation (git-fixes). - KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes). - KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (git-fixes). - KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes). - KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes). - KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes). - KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - mmc: block: Fix CQE recovery reset success (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - modpost: fix removing numeric suffixes (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes). - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - NFS: Do not report ENOSPC write errors twice (git-fixes). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes). - platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes). - platform/x86: wmi: Replace read_takes_no_args with a flags field (git-fixes). - PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - raid5: introduce MD_BROKEN (git-fixes). - random: Add and use pr_fmt() (bsc#1184924). - random: remove unnecessary unlikely() (bsc#1184924). - rtl818x: Prevent using not initialized queues (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes). - s390: fix strrchr() implementation (git-fixes). - s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes). - s390/cio: Fix the 'type' field in s390_cio_tpi tracepoint (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454). - s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455). - s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206 LTC#198455). - s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207 LTC#198454). - s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: fix invalid KVM guest condition check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/pv: fix the forcing of the swiotlb (git-fixes). - s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes). - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes). - s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - spi: Introduce device-managed SPI controller allocation (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (git-fixes). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes). - usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - usb: new quirk for Dell Gen 2 devices (git-fixes). - usb: serial: option: add Quectel BG95 modem (git-fixes). - vfio-ccw: Check initialized flag in cp_init() (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes). - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2173-1 Released: Fri Jun 24 10:52:31 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1177282,1199365,1200015,1200143,1200144,1200206,1200207,1200249,1200259,1200263,1200268,1200529,CVE-2020-26541,CVE-2022-1966,CVE-2022-1974,CVE-2022-1975 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - The following non-security bugs were fixed: - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - ACPI: sysfs: Make sparse happy about address space in use (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - ASoC: dapm: Do not fold register value changes into notifications (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - cfg80211: set custom regdomain after wiphy registration (git-fixes). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - drm/i915: fix i915_globals_exit() section mismatch error (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - ftrace: Clean up hash direct_functions on register failures (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - hwmon: Make chip parameter for with_info API mandatory (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: goodix - fix spurious key release events (git-fixes). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - KVM: fix wrong exception emulation in check_rdtsc (git-fixes). - KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT (git-fixes). - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (git-fixes). - KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (git-fixes). - KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - KVM: s390: pv: avoid double free of sida page (git-fixes). - KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes). - KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation (git-fixes). - KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes). - KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (git-fixes). - KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes). - KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes). - KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes). - KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - mmc: block: Fix CQE recovery reset success (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - modpost: fix removing numeric suffixes (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes). - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - NFS: Do not report ENOSPC write errors twice (git-fixes). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes). - platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes). - platform/x86: wmi: Replace read_takes_no_args with a flags field (git-fixes). - devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - raid5: introduce MD_BROKEN (git-fixes). - rtl818x: Prevent using not initialized queues (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes). - s390: fix strrchr() implementation (git-fixes). - s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes). - s390/cio: Fix the 'type' field in s390_cio_tpi tracepoint (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454). - s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455). - s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206 LTC#198455). - s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207 LTC#198454). - s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: fix invalid KVM guest condition check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/pv: fix the forcing of the swiotlb (git-fixes). - s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes). - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes). - s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - spi: Introduce device-managed SPI controller allocation (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (git-fixes). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes). - usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - usb: new quirk for Dell Gen 2 devices (git-fixes). - usb: serial: option: add Quectel BG95 modem (git-fixes). - vfio-ccw: Check initialized flag in cp_init() (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes). - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2174-1 Released: Fri Jun 24 11:34:17 2022 Summary: Security update for python39 Type: security Severity: important References: 1192249,1198511,CVE-2015-20107 This update for python39 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). - Update to 3.9.13: - Core and Builtins - gh-92311: Fixed a bug where setting frame.f_lineno to jump over a list comprehension could misbehave or crash. - gh-92112: Fix crash triggered by an evil custom mro() on a metaclass. - gh-92036: Fix a crash in subinterpreters related to the garbage collector. When a subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a crash in deallocator functions expecting objects to be tracked by the GC, leak a strong reference to these objects on purpose, so they are never deleted and their deallocator functions are not called. Patch by Victor Stinner. - gh-91421: Fix a potential integer overflow in _Py_DecodeUTF8Ex. - bpo-46775: Some Windows system error codes(>= 10000) are now mapped into the correct errno and may now raise a subclass of OSError. Patch by Dong-hee Na. - bpo-46962: Classes and functions that unconditionally declared their docstrings ignoring the --without-doc-strings compilation flag no longer do so. - The classes affected are pickle.PickleBuffer, testcapi.RecursingInfinitelyError, and types.GenericAlias. - The functions affected are 24 methods in ctypes. - Patch by Oleg Iarygin. - bpo-36819: Fix crashes in built-in encoders with error handlers that return position less or equal than the starting position of non-encodable characters. - Library - gh-91581: utcfromtimestamp() no longer attempts to resolve fold in the pure Python implementation, since the fold is never 1 in UTC. In addition to being slightly faster in the common case, this also prevents some errors when the timestamp is close to datetime.min. Patch by Paul Ganssle. - gh-92530: Fix an issue that occurred after interrupting threading.Condition.notify(). - gh-92049: Forbid pickling constants re._constants.SUCCESS etc. Previously, pickling did not fail, but the result could not be unpickled. - bpo-47029: Always close the read end of the pipe used by multiprocessing.Queue after the last write of buffered data to the write end of the pipe to avoid BrokenPipeError at garbage collection and at multiprocessing.Queue.close() calls. Patch by Géry Ogam. - gh-91910: Add missing f prefix to f-strings in error messages from the multiprocessing and asyncio modules. - gh-91810: ElementTree method write() and function tostring() now use the text file''s encoding ('UTF-8' if not available) instead of locale encoding in XML declaration when encoding='unicode' is specified. - gh-91832: Add required attribute to argparse.Action repr output. - gh-91734: Fix OSS audio support on Solaris. - gh-91700: Compilation of regular expression containing a conditional expression (?(group)...) now raises an appropriate re.error if the group number refers to not defined group. Previously an internal RuntimeError was raised. - gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown the per test event loop executor before returning from its run method so that a not yet stopped or garbage collected executor state does not persist beyond the test. - gh-90568: Parsing \N escapes of Unicode Named Character Sequences in a regular expression raises now re.error instead of TypeError. - gh-91595: Fix the comparison of character and integer inside Tools.gdb.libpython.write_repr(). Patch by Yu Liu. - gh-90622: Worker processes for concurrent.futures.ProcessPoolExecutor are no longer spawned on demand (a feature added in 3.9) when the multiprocessing context start method is 'fork' as that can lead to deadlocks in the child processes due to a fork happening while threads are running. - gh-91575: Update case-insensitive matching in the re module to the latest Unicode version. - gh-91581: Remove an unhandled error case in the C implementation of calls to datetime.fromtimestamp with no time zone (i.e. getting a local time from an epoch timestamp). This should have no user-facing effect other than giving a possibly more accurate error message when called with timestamps that fall on 10000-01-01 in the local time. Patch by Paul Ganssle. - bpo-34480: Fix a bug where _markupbase raised an UnboundLocalError when an invalid keyword was found in marked section. Patch by Marek Suscak. - bpo-27929: Fix asyncio.loop.sock_connect() to only resolve names for socket.AF_INET or socket.AF_INET6 families. Resolution may not make sense for other families, like socket.AF_BLUETOOTH and socket.AF_UNIX. - bpo-43323: Fix errors in the email module if the charset itself contains undecodable/unencodable characters. - bpo-46787: Fix concurrent.futures.ProcessPoolExecutor exception memory leak - bpo-46415: Fix ipaddress.ip_{address,interface,network} raising TypeError instead of ValueError if given invalid tuple as address parameter. - bpo-44911: IsolatedAsyncioTestCase will no longer throw an exception while cancelling leaked tasks. Patch by Bar Harel. - bpo-44493: Add missing terminated NUL in sockaddr_un's length - This was potentially observable when using non-abstract AF_UNIX datagram sockets to processes written in another programming language. - bpo-42627: Fix incorrect parsing of Windows registry proxy settings - bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of cursors in sqlite3 converters. Patch by Sergey Fedoseev. - Documentation - gh-91888: Add a new gh role to the documentation to link to GitHub issues. - gh-91783: Document security issues concerning the use of the function shutil.unpack_archive() - gh-91547: Remove 'Undocumented modules' page. - bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of shutil.copytree(). - bpo-38668: Update the introduction to documentation for os.path to remove warnings that became irrelevant after the implementations of PEP 383 and PEP 529. - bpo-47138: Pin Jinja to a version compatible with Sphinx version 2.4.4. - bpo-46962: All docstrings in code snippets are now wrapped into PyDoc_STR() to follow the guideline of PEP 7's Documentation Strings paragraph. Patch by Oleg Iarygin. - bpo-26792: Improve the docstrings of runpy.run_module() and runpy.run_path(). Original patch by Andrew Brezovsky. - bpo-45790: Adjust inaccurate phrasing in Defining Extension Types: Tutorial about the ob_base field and the macros used to access its contents. - bpo-42340: Document that in some circumstances KeyboardInterrupt may cause the code to enter an inconsistent state. Provided a sample workaround to avoid it if needed. - bpo-41233: Link the errnos referenced in Doc/library/exceptions.rst to their respective section in Doc/library/errno.rst, and vice versa. Previously this was only done for EINTR and InterruptedError. Patch by Yan 'yyyyyyyan' Orestes. - bpo-38056: Overhaul the Error Handlers documentation in codecs. - bpo-13553: Document tkinter.Tk args. - Tests - gh-91607: Fix test_concurrent_futures to test the correct multiprocessing start method context in several cases where the test logic mixed this up. - bpo-47205: Skip test for sched_getaffinity() and sched_setaffinity() error case on FreeBSD. - bpo-29890: Add tests for ipaddress.IPv4Interface and ipaddress.IPv6Interface construction with tuple arguments. Original patch and tests by louisom. - Build - bpo-47103: Windows PGInstrument builds now copy a required DLL into the output directory, making it easier to run the profile stage of a PGO build. - Windows - bpo-47194: Update zlib to v1.2.12 to resolve CVE-2018-25032. - bpo-46785: Fix race condition between os.stat() and unlinking a file on Windows, by using errors codes returned by FindFirstFileW() when appropriate in win32_xstat_impl. - bpo-40859: Update Windows build to use xz-5.2.5 - Tools/Demos - gh-91583: Fix regression in the code generated by Argument Clinic for functions with the defining_class parameter. - Update to 3.9.12: - bpo-46968: Check for the existence of the 'sys/auxv.h' header in faulthandler to avoid compilation problems in systems where this header doesn't exist. Patch by Pablo Galindo - bpo-47101: hashlib.algorithms_available now lists only algorithms that are provided by activated crypto providers on OpenSSL 3.0. Legacy algorithms are not listed unless the legacy provider has been loaded into the default OSSL context. - bpo-23691: Protect the re.finditer() iterator from re-entering. - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to avoid a 'zipfile.BadZipFile: Bad CRC-32 for file' exception when reading a ZipFile from multiple threads. - bpo-38256: Fix binascii.crc32() when it is compiled to use zlib'c crc32 to work properly on inputs 4+GiB in length instead of returning the wrong result. The workaround prior to this was to always feed the function data in increments smaller than 4GiB or to just call the zlib module function. - bpo-39394: A warning about inline flags not at the start of the regular expression now contains the position of the flag. - bpo-47061: Deprecate the various modules listed by PEP 594: - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, sndhdr, spwd, sunau, telnetlib, uu, xdrlib - bpo-2604: Fix bug where doctests using globals would fail when run multiple times. - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. - bpo-47022: The asynchat, asyncore and smtpd modules have been deprecated since at least Python 3.6. Their documentation has now been updated to note they will removed in Python 3.12 (PEP 594). - bpo-46421: Fix a unittest issue where if the command was invoked as python -m unittest and the filename(s) began with a dot (.), a ValueError is returned. - bpo-40296: Fix supporting generic aliases in pydoc. - bpo-14156: argparse.FileType now supports an argument of '-'; in binary mode, returning the .buffer attribute of sys.stdin/sys.stdout as appropriate. Modes including 'x' and 'a' are treated equivalently to 'w' when argument is '-'. Patch contributed by Josh Rosenberg - Update to 3.9.11: - bpo-46852: Rename the private undocumented float.__set_format__() method to float.__setformat__() to fix a typo introduced in Python 3.7. The method is only used by test_float. Patch by Victor Stinner. - bpo-46794: Bump up the libexpat version into 2.4.6 - bpo-46762: Fix an assert failure in debug builds when a '<', '>', or '=' is the last character in an f-string that's missing a closing right brace. - bpo-46732: Correct the docstring for the __bool__() method. Patch by Jelle Zijlstra. - bpo-40479: Add a missing call to va_end() in Modules/_hashopenssl.c. - bpo-46615: When iterating over sets internally in setobject.c, acquire strong references to the resulting items from the set. This prevents crashes in corner-cases of various set operations where the set gets mutated. - bpo-43721: Fix docstrings of getter, setter, and deleter to clarify that they create a new copy of the property. - bpo-46503: Fix an assert when parsing some invalid N escape sequences in f-strings. - bpo-46417: Fix a race condition on setting a type __bases__ attribute: the internal function add_subclass() now gets the PyTypeObject.tp_subclasses member after calling PyWeakref_NewRef() which can trigger a garbage collection which can indirectly modify PyTypeObject.tp_subclasses. Patch by Victor Stinner. - bpo-46383: Fix invalid signature of _zoneinfo's module_free function to resolve a crash on wasm32-emscripten platform. - bpo-43253: Fix a crash when closing transports where the underlying socket handle is already invalid on the Proactor event loop. - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, including bugfix for EntryPoint.extras, which was returning match objects and not the extras strings. - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4) - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically determine size of signal handler stack size CPython allocates using getauxval(AT_MINSIGSTKSZ). This changes allows for Python extension's request to Linux kernel to use AMX_TILE instruction set on Sapphire Rapids Xeon processor to succeed, unblocking use of the ISA in frameworks. - bpo-46955: Expose asyncio.base_events.Server as asyncio.Server. Patch by Stefan Zabka. - bpo-46932: Update bundled libexpat to 2.4.7 - bpo-25707: Fixed a file leak in xml.etree.ElementTree.iterparse() when the iterator is not exhausted. Patch by Jacob Walls. - bpo-44886: Inherit asyncio proactor datagram transport from asyncio.DatagramTransport. - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() for selector-based event loops. Patch by Thomas Grainger. - bpo-46811: Make test suite support Expat >=2.4.5 - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to transport-based APIs. - bpo-46784: Fix libexpat symbols collisions with user dynamically loaded or statically linked libexpat in embedded Python. - bpo-39327: shutil.rmtree() can now work with VirtualBox shared folders when running from the guest operating-system. - bpo-46756: Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which allowed to bypass authorization. For example, access to URI example.org/foobar was allowed if the user was authorized for URI example.org/foo. - bpo-45863: When the tarfile module creates a pax format archive, it will put an integer representation of timestamps in the ustar header (if possible) for the benefit of older unarchivers, in addition to the existing full-precision timestamps in the pax extended header. - bpo-46672: Fix NameError in asyncio.gather() when initial type check fails. - bpo-45948: Fixed a discrepancy in the C implementation of the xml.etree.ElementTree module. Now, instantiating an xml.etree.ElementTree.XMLParser with a target=None keyword provides a default xml.etree.ElementTree.TreeBuilder target as the Python implementation does. - bpo-46591: Make the IDLE doc URL on the About IDLE dialog clickable. - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 - bpo-46487: Add the get_write_buffer_limits method to asyncio.transports.WriteTransport and to the SSL transport. - bpo-46539: In typing.get_type_hints(), support evaluating stringified ClassVar and Final annotations inside Annotated. Patch by Gregory Beauregard. - bpo-46491: Allow typing.Annotated to wrap typing.Final and typing.ClassVar. Patch by Gregory Beauregard. - bpo-46436: Fix command-line option -d/--directory in module http.server which is ignored when combined with command-line option --cgi. Patch by Géry Ogam. - bpo-41403: Make mock.patch() raise a TypeError with a relevant error message on invalid arg. Previously it allowed a cryptic AttributeError to escape. - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid potential REDoS by limiting ambiguity in consecutive whitespace. - bpo-46469: asyncio generic classes now return types.GenericAlias in __class_getitem__ instead of the same class. - bpo-46434: pdb now gracefully handles help when __doc__ is missing, for example when run with pregenerated optimized .pyc files. - bpo-46333: The __eq__() and __hash__() methods of typing.ForwardRef now honor the module parameter of typing.ForwardRef. Forward references from different modules are now differentiated. - bpo-43118: Fix a bug in inspect.signature() that was causing it to fail on some subclasses of classes with a __text_signature__ referencing module globals. Patch by Weipeng Hong. - bpo-21987: Fix an issue with tarfile.TarFile.getmember() getting a directory name with a trailing slash. - bpo-20392: Fix inconsistency with uppercase file extensions in MimeTypes.guess_type(). Patch by Kumar Aditya. - bpo-46080: Fix exception in argparse help text generation if a argparse.BooleanOptionalAction argument's default is argparse.SUPPRESS and it has help specified. Patch by Felix Fontein. - bpo-44439: Fix .write() method of a member file in ZipFile, when the input data is an object that supports the buffer protocol, the file length may be wrong. - bpo-45703: When a namespace package is imported before another module from the same namespace is created/installed in a different sys.path location while the program is running, calling the importlib.invalidate_caches() function will now also guarantee the new module is noticed. - bpo-24959: Fix bug where unittest sometimes drops frames from tracebacks of exceptions raised in tests. - bpo-46463: Fixes escape4chm.py script used when building the CHM documentation file - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is built with undefined behavior sanitizer (UBSAN): disable UBSAN on the faulthandler_sigfpe() function. Patch by Victor Stinner. - bpo-46708: Prevent default asyncio event loop policy modification warning after test_asyncio execution. - bpo-46616: Ensures test_importlib.test_windows cleans up registry keys after completion. - bpo-44359: test_ftplib now silently ignores socket errors to prevent logging unhandled threading exceptions. Patch by Victor Stinner. - bpo-46542: Fix a Python crash in test_lib2to3 when using Python built in debug mode: limit the recursion limit. Patch by Victor Stinner. - bpo-46576: test_peg_generator now disables compiler optimization when testing compilation of its own C extensions to significantly speed up the testing on non-debug builds of CPython. - bpo-46542: Fix test_json tests checking for RecursionError: modify these tests to use support.infinite_recursion(). Patch by Victor Stinner. - bpo-13886: Skip test_builtin PTY tests on non-ASCII characters if the readline module is loaded. The readline module changes input() behavior, but test_builtin is not intented to test the readline module. Patch by Victor Stinner. - bpo-38472: Fix GCC detection in setup.py when cross-compiling. The C compiler is now run with LC_ALL=C. Previously, the detection failed with a German locale. - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro and pyconfig.h no longer defines reserved symbol __CHAR_UNSIGNED__. - bpo-45925: Update Windows installer to use SQLite 3.37.2. - bpo-45296: Clarify close, quit, and exit in IDLE. In the File menu, 'Close' and 'Exit' are now 'Close Window' (the current one) and 'Exit' is now 'Exit IDLE' (by closing all windows). In Shell, 'quit()' and 'exit()' mean 'close Shell'. If there are no other windows, this also exits IDLE. - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch by Alex Waygood and Terry Jan Reedy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2178-1 Released: Fri Jun 24 14:04:25 2022 Summary: Security update for salt Type: security Severity: important References: 1200566,CVE-2022-22967 This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAM_ACCT_MGM return value that could be used to bypass PAM authentication (bsc#1200566) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2184-1 Released: Fri Jun 24 17:04:39 2022 Summary: Security update for liblouis Type: security Severity: important References: 1197085,1200120,CVE-2022-26981,CVE-2022-31783 This update for liblouis fixes the following issues: - CVE-2022-26981: fix buffer overrun in compilePassOpcode (bsc#1197085). - CVE-2022-31783: prevent an invalid memory write in compileRule (bsc#1200120). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2185-1 Released: Fri Jun 24 17:06:45 2022 Summary: Security update for php7 Type: security Severity: important References: 1200628,1200645,CVE-2022-31625,CVE-2022-31626 This update for php7 fixes the following issues: - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. (bsc#1200645) - CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdo_mysql extension with mysqlnd driver. (bsc#1200628). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2192-1 Released: Mon Jun 27 17:13:25 2022 Summary: Security update for rubygem-rack Type: security Severity: critical References: 1200748,1200750,CVE-2022-30122,CVE-2022-30123 This update for rubygem-rack fixes the following issues: - CVE-2022-30122: Fixed crafted multipart POST request may cause a DoS (bsc#1200748) - CVE-2022-30123: Fixed crafted requests can cause shell escape sequences (bsc#1200750) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2251-1 Released: Mon Jul 4 09:52:25 2022 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2254-1 Released: Mon Jul 4 12:12:51 2022 Summary: Security update for qemu Type: security Severity: important References: 1197084,1198035,1198037,1198712,1199018,1199924,CVE-2021-4206,CVE-2021-4207,CVE-2022-26354 This update for qemu fixes the following issues: - CVE-2022-26354: Fixed missing virtqueue detach on error can lead to memory leak (bsc#1198712) - CVE-2021-4207: Fixed double fetch in qxl_cursor() can lead to heap buffer overflow (bsc#1198037) - CVE-2021-4206: Fixed integer overflow in cursor_alloc() can lead to heap buffer overflow (bsc#1198035) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2259-1 Released: Mon Jul 4 14:49:06 2022 Summary: Security update for ImageMagick Type: security Severity: moderate References: 1153866,1200387,1200388,1200389,CVE-2019-17540,CVE-2022-32545,CVE-2022-32546,CVE-2022-32547 This update for ImageMagick fixes the following issues: - CVE-2019-17540: Fixed heap-based buffer overflow in ReadPSInfo in coders/ps.c. (bsc#1153866) - CVE-2022-32545: Fixed an outside the range of representable values of type. (bsc#1200388) - CVE-2022-32546: Fixed an outside the range of representable values of type. (bsc#1200389) - CVE-2022-32547: Fixed a load of misaligned address at MagickCore/property.c. (bsc#1200387) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2267-1 Released: Tue Jul 5 14:04:46 2022 Summary: Security update for dpdk Type: security Severity: important References: 1198581 This update of dpdk fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2269-1 Released: Tue Jul 5 15:34:04 2022 Summary: Recommended update for virt-manager Type: recommended Severity: moderate References: 1027942 This update for virt-manager fixes the following issues: - Upstream bug fixes: (bsc#1027942) Volume upload use 1MiB read size. Console: fix error with old pygobject. Virtinst: fix message format string. Createnet: Remove some unnecessary annotations. Fix forgetting password from keyring. - Add support for detecting SUSE Linux Enterprise Micro. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2270-1 Released: Tue Jul 5 15:35:05 2022 Summary: Recommended update for python-M2Crypto and SUSEConnect Type: recommended Severity: low References: This updates for python-M2Crypto and SUSEConnect fixes the following issues: - This is a re-release, no souce changes. This releases the packages to some extra repositories. (jsc#PM-3081) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2313-1 Released: Wed Jul 6 16:13:05 2022 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1200793,CVE-2022-2200,CVE-2022-31744,CVE-2022-34468,CVE-2022-34470,CVE-2022-34472,CVE-2022-34478,CVE-2022-34479,CVE-2022-34481,CVE-2022-34484 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 91.11.0 ESR (MFSA 2022-25) (bsc#1200793): - CVE-2022-2200: Undesired attributes could be set as part of prototype pollution (bmo#1771381) - CVE-2022-31744: CSP bypass enabling stylesheet injection (bmo#1757604) - CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI (bmo#1768537) - CVE-2022-34470: Use-after-free in nsSHistory (bmo#1765951) - CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked (bmo#1770123) - CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt (bmo#1773717) - CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content (bmo#1745595) - CVE-2022-34481: Potential integer overflow in ReplaceElementsAt (bmo#1497246) - CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 (bmo#1763634, bmo#1772651) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2320-1 Released: Thu Jul 7 10:04:33 2022 Summary: Security update for MozillaThunderbird Type: security Severity: important References: 1200793,CVE-2022-2200,CVE-2022-2226,CVE-2022-31744,CVE-2022-34468,CVE-2022-34470,CVE-2022-34472,CVE-2022-34478,CVE-2022-34479,CVE-2022-34481,CVE-2022-34484 This update for MozillaThunderbird fixes the following issues: - CVE-2022-2200: Undesired attributes could be set as part of prototype pollution (bmo#1771381) - CVE-2022-2226: An email with a mismatching OpenPGP signature date was accepted as valid (bmo#1775441) - CVE-2022-31744: CSP bypass enabling stylesheet injection (bmo#1757604) - CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI (bmo#1768537) - CVE-2022-34470: Use-after-free in nsSHistory (bmo#1765951) - CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked (bmo#1770123) - CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt (bmo#1773717) - CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content (bmo#1745595) - CVE-2022-34481: Potential integer overflow in ReplaceElementsAt (bmo#1497246) - CVE-2022-34484: Memory safety bugs fixed in Thunderbird 91.11 and Thunderbird 102 (bmo#1763634, bmo#1772651) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2321-1 Released: Thu Jul 7 11:02:05 2022 Summary: Security update for openssl-1_0_0 Type: security Severity: moderate References: 1199166,1200550,CVE-2022-1292,CVE-2022-2068 This update for openssl-1_0_0 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2322-1 Released: Thu Jul 7 11:34:54 2022 Summary: Security update for fwupd Type: security Severity: important References: 1198581 This update of fwupd fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2326-1 Released: Thu Jul 7 13:53:48 2022 Summary: Security update for resource-agents Type: security Severity: important References: 1146691,1196164,1199766 This update for resource-agents fixes the following issues: - Predictable log file in /tmp in mariadb.in (bsc#1146691). - Allow aws-vpc-move-ip to specify an interface label to distinguish the IP address (bsc#1199766) - Implement options to disable DAD and to allow sending NA in the background (bsc#1196164) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2327-1 Released: Thu Jul 7 15:06:13 2022 Summary: Security update for curl Type: security Severity: important References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2328-1 Released: Thu Jul 7 15:07:35 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2330-1 Released: Thu Jul 7 15:32:05 2022 Summary: Recommended update for lifecycle-data-sle-module-live-patching Type: recommended Severity: low References: 1020320 This update for lifecycle-data-sle-module-live-patching fixes the following issues: - Added data for 4_12_14-150000_150_89, 4_12_14-150100_197_111, 5_3_18-150200_24_112, 5_3_18-150300_59_60, 5_3_18-150300_59_63. (bsc#1020320) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2339-1 Released: Fri Jul 8 15:47:43 2022 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1198939 This update for rsyslog fixes the following issues: - Remove inotify watch descriptor in imfile on inode change detected. (bsc#1198939) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2340-1 Released: Fri Jul 8 16:04:13 2022 Summary: Security update for fwupdate Type: security Severity: important References: 1198581 This update of fwupdate fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2341-1 Released: Fri Jul 8 16:09:12 2022 Summary: Security update for containerd, docker and runc Type: security Severity: important References: 1192051,1199460,1199565,1200088,1200145,CVE-2022-29162,CVE-2022-31030 This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145) docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145) runc: Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. - Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565) Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. Security issue fixed: - CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. (bsc#1199460) - `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported' error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) Update to runc v1.1.0~rc1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + Add support for RDMA cgroup added in Linux 4.11. * runc exec now produces exit code of 255 when the exec failed. This may help in distinguishing between runc exec failures (such as invalid options, non-running container or non-existent binary etc.) and failures of the command being executed. + runc run: new --keep option to skip removal exited containers artefacts. This might be useful to check the state (e.g. of cgroup controllers) after the container hasexited. + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD (the latter is just an alias for SCMP_ACT_KILL). + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows users to create sophisticated seccomp filters where syscalls can be efficiently emulated by privileged processes on the host. + checkpoint/restore: add an option (--lsm-mount-context) to set a different LSM mount context on restore. + intelrdt: support ClosID parameter. + runc exec --cgroup: an option to specify a (non-top) in-container cgroup to use for the process being executed. + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc run/exec now adds the container to the appropriate cgroup under it). + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s behaviour. + mounts: add support for bind-mounts which are inaccessible after switching the user namespace. Note that this does not permit the container any additional access to the host filesystem, it simply allows containers to have bind-mounts configured for paths the user can access but have restrictive access control settings for other users. + Add support for recursive mount attributes using mount_setattr(2). These have the same names as the proposed mount(8) options -- just prepend r to the option name (such as rro). + Add runc features subcommand to allow runc users to detect what features runc has been built with. This includes critical information such as supported mount flags, hook names, and so on. Note that the output of this command is subject to change and will not be considered stable until runc 1.2 at the earliest. The runtime-spec specification for this feature is being developed in opencontainers/runtime-spec#1130. * system: improve performance of /proc/$pid/stat parsing. * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change the ownership of certain cgroup control files (as per /sys/kernel/cgroup/delegate) to allow for proper deferral to the container process. * runc checkpoint/restore: fixed for containers with an external bind mount which destination is a symlink. * cgroup: improve openat2 handling for cgroup directory handle hardening. runc delete -f now succeeds (rather than timing out) on a paused container. * runc run/start/exec now refuses a frozen cgroup (paused container in case of exec). Users can disable this using --ignore-paused. - Update version data embedded in binary to correctly include the git commit of the release. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2342-1 Released: Fri Jul 8 16:12:09 2022 Summary: Security update for apache2 Type: security Severity: important References: 1200338,1200340,1200341,1200345,1200348,1200350,1200352,CVE-2022-26377,CVE-2022-28614,CVE-2022-28615,CVE-2022-29404,CVE-2022-30522,CVE-2022-30556,CVE-2022-31813 This update for apache2 fixes the following issues: - CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338) - CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340) - CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341) - CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345) - CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350) - CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352) - CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2344-1 Released: Fri Jul 8 17:37:17 2022 Summary: Security update for python Type: security Severity: important References: 1198511,CVE-2015-20107 This update for python fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2348-1 Released: Mon Jul 11 10:33:20 2022 Summary: Security update for crash Type: security Severity: important References: 1198581 This update of crash fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2353-1 Released: Mon Jul 11 12:20:52 2022 Summary: Security update for freerdp Type: security Severity: critical References: 1198919,1198921,CVE-2022-24882,CVE-2022-24883 This update for freerdp fixes the following issues: - CVE-2022-24882: Fixed incorrect check parameters in NTLM (bsc#1198919). - CVE-2022-24883: Fixed authentication against invalid SAM files (bsc#1198921). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2357-1 Released: Mon Jul 11 20:34:20 2022 Summary: Security update for python3 Type: security Severity: important References: 1198511,CVE-2015-20107 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2363-1 Released: Tue Jul 12 13:27:39 2022 Summary: Recommended update for rust1.59 Type: recommended Severity: moderate References: 1196496 This update for rust1.59 fixes the following issues: - For building requires gcc by default to enable linking to work correctly (bsc#1196496) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2364-1 Released: Tue Jul 12 13:55:20 2022 Summary: Recommended update for mdadm Type: recommended Severity: moderate References: 1197158 This update for mdadm fixes the following issue: - Resource RAID failed during cluster patch, Mdadm gets floating point error (bsc#1197158) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2375-1 Released: Tue Jul 12 15:26:43 2022 Summary: Security update for xorg-x11-server Type: security Severity: important References: 1194179,1194181,CVE-2022-2319,CVE-2022-2320 This update for xorg-x11-server fixes the following issues: - CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179). - CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2376-1 Released: Tue Jul 12 18:22:56 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1179195,1180814,1185762,1192761,1193629,1194013,1195504,1195775,1196901,1197362,1197754,1198020,1199487,1199489,1199657,1200217,1200263,1200442,1200571,1200599,1200600,1200608,1200619,1200622,1200692,1200806,1200807,1200809,1200810,1200813,1200816,1200820,1200821,1200822,1200825,1200828,1200829,1200925,1201050,1201080,1201143,1201147,1201149,1201160,1201171,1201177,1201193,1201222,CVE-2021-26341,CVE-2021-4157,CVE-2022-1679,CVE-2022-20132,CVE-2022-20154,CVE-2022-29900,CVE-2022-29901,CVE-2022-33981,CVE-2022-34918 The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). The following non-security bugs were fixed: - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - arm64: ftrace: fix branch range checks (git-fixes) - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bio: fix page leak bio_add_hw_page failure (git-fixes). - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762) - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes). - block: advance iov_iter on bio_add_hw_page failure (git-fixes). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762). - block: Fix kABI in blk-merge.c (bsc#1198020). - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - ceph: add some lockdep assertions around snaprealm handling (bsc#1201147). - ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217). - cifs: avoid parallel session setups on same channel (bsc#1200217). - cifs: avoid race during socket reconnect between send and recv (bsc#1200217). - cifs: call cifs_reconnect when a connection is marked (bsc#1200217). - cifs: call helper functions for marking channels for reconnect (bsc#1200217). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217). - cifs: check for smb1 in open_cached_dir() (bsc#1200217). - cifs: check reconnects for channels of active tcons too (bsc#1200217). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217). - cifs: clean up an inconsistent indenting (bsc#1200217). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217). - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217). - cifs: do not use tcpStatus after negotiate completes (bsc#1200217). - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217). - cifs: fix handlecache and multiuser (bsc#1200217). - cifs: fix hang on cifs_get_next_mid() (bsc#1200217). - cifs: fix incorrect use of list iterator after the loop (bsc#1200217). - cifs: fix minor compile warning (bsc#1200217). - cifs: fix missed refcounting of ipc tcon (bsc#1200217). - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217). - cifs: fix potential deadlock in direct reclaim (bsc#1200217). - cifs: fix potential double free during failed mount (bsc#1200217). - cifs: fix potential race with cifsd thread (bsc#1200217). - cifs: fix set of group SID via NTSD xattrs (bsc#1200217). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217). - cifs: fix the cifs_reconnect path for DFS (bsc#1200217). - cifs: fix the connection state transitions with multichannel (bsc#1200217). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217). - cifs: fix workstation_name for multiuser mounts (bsc#1200217). - cifs: force new session setup and tcon for dfs (bsc#1200217). - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217). - cifs: ignore resource_id while getting fscache super cookie (bsc#1200217). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217). - cifs: make status checks in version independent callers (bsc#1200217). - cifs: mark sessions for reconnection in helper function (bsc#1200217). - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217). - cifs: move superblock magic defitions to magic.h (bsc#1200217). - cifs: potential buffer overflow in handling symlinks (bsc#1200217). - cifs: print TIDs as hex (bsc#1200217). - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217). - cifs: reconnect only the connection and not smb session where possible (bsc#1200217). - cifs: release cached dentries only if mount is complete (bsc#1200217). - cifs: remove check of list iterator against head past the loop body (bsc#1200217). - cifs: remove redundant assignment to pointer p (bsc#1200217). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217). - cifs: remove repeated state change in dfs tree connect (bsc#1200217). - cifs: remove unused variable ses_selected (bsc#1200217). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217). - cifs: return the more nuanced writeback error on close() (bsc#1200217). - cifs: sanitize multiple delimiters in prepath (bsc#1200217). - cifs: serialize all mount attempts (bsc#1200217). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217). - cifs: skip trailing separators of prefix paths (bsc#1200217). - cifs: smbd: fix typo in comment (bsc#1200217). - cifs: Split the smb3_add_credits tracepoint (bsc#1200217). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217). - cifs: track individual channel status using chans_need_reconnect (bsc#1200217). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217). - cifs: update internal module number (bsc#1193629). - cifs: update internal module number (bsc#1200217). - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217). - cifs: use correct lock type in cifs_reconnect() (bsc#1200217). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217). - cifs: use new enum for ses_status (bsc#1200217). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217). - cifs: wait for tcon resource_id before getting fscache super (bsc#1200217). - cifs: we do not need a spinlock around the tree access during umount (bsc#1200217). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - exec: Force single empty string when argv is empty (bsc#1200571). - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable 'count' signed (bsc#1200820). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gtp: use icmp_ndo_send helper (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - iomap: iomap_write_failed fix (bsc#1200829). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI fix of sysctl_run_estimation (git-fixes). - kabi: nvme workaround header include (bsc#1201193). - kabi/severities: ignore KABI for NVMe target (bsc#1192761) - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - move devm_allocate to end of structure for kABI (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: lantiq: Add locking for TX DMA channel (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm/region: Fix default alignment for small regions (git-fixes). - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761). - nvme: Add connect option 'discovery' (bsc#1192761). - nvme: add new discovery log page entry definitions (bsc#1192761). - nvme: display correct subsystem NQN (bsc#1192761). - nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761). - nvme: kabi fix nvme subsystype change (bsc#1192761) - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761). - nvmet: add nvmet_req_subsys() helper (bsc#1192761). - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes). - nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761). - nvmet: fix freeing unallocated p2pmem (git-fixes). - nvmet: make discovery NQN configurable (bsc#1192761). - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes). - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes). - nvmet: register discovery subsystem as 'current' (bsc#1192761). - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761). - nvmet: switch check for subsystem type (bsc#1192761). - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - Revert 'block: Fix a lockdep complaint triggered by request queue flushing' (git-fixes). - scsi: core: Show SCMD_LAST in text form (git-fixes). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes). - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes). - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes). - scsi: sd: Signal drive managed SMR disks (git-fixes). - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes). - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes). - scsi: sd_zbc: Improve zone revalidation (git-fixes). - scsi: sd_zbc: Remove unused inline functions (git-fixes). - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes). - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622). - smb3: add mount parm nosparse (bsc#1200217). - smb3: add trace point for lease not found issue (bsc#1200217). - smb3: add trace point for oplock not found (bsc#1200217). - smb3: check for null tcon (bsc#1200217). - smb3: cleanup and clarify status of tree connections (bsc#1200217). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217). - smb3: fix snapshot mount option (bsc#1200217). - smb3 improve error message when mount options conflict with posix (bsc#1200217). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217). - smb3 move more common protocol header definitions to smbfs_common (bsc#1200217). - smb3: send NTLMSSP version information (bsc#1200217). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - sunvnet: use icmp_ndo_send helper (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - xhci: Add reset resume quirk for AMD xhci controller (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2386-1 Released: Wed Jul 13 14:48:19 2022 Summary: - Update in SLE-15 (bsc#1189411, bsc#1191482) Type: recommended Severity: important References: This update for azure-cli, azurecli-core, python-azure-core, python-azure-batch, python-azure-mgmt-compute, python-azure-mgmt-containerregistry, python-azure-mgmt-databoxedge, python-azure-mgmt-network, python-azure-mgmt-security, python-azure-sdk, python-msrest, python-azure-ai-formrecognizer, python-azure-synapse-managedprivateendpoints, python-azure-synapse-monitoring, python-azure-template contains the following fixes: Changes in azure-cli, azurecli-core: - Update in SLE-15. (bsc#1189411, bsc#1191482) - Fix regression in patch to disable update check. (bsc#1192671) - New upstream release 2.17.1: - For detailed information about changes see the HISTORY.rst file provided with this package Changes in python-azure-core: - Update from 1.9.0 to 1.22.1. (bsc#1189411, bsc#1191482) For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-batch: - Update in SLE-15 (bsc#1189411, bsc#1191482) - New upstream release - Version 10.0.0 - For detailed information about changes see the CHANGELOG.md file provided with this package - Only build Python3 flavors for distributions 15 and greater Changes in python-azure-ai-formrecognizer: - Inclusion in SLE-15 .(bsc#1189411, bsc#1191482) Changes in python-azure-mgmt-compute: - Update in SLE-15 (bsc#1189411, bsc#1191482) - New upstream release - Version 18.0.0 - For detailed information about changes see the CHANGELOG.md file provided with this package - Version 17.0.0 Changes in python-azure-mgmt-containerregistry: - Update in SLE-15 (bsc#1189411, bsc#1191482) - New upstream release - Version 3.0.0rc16 - For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-mgmt-databoxedge: - Update in SLE-15 (bsc#1189411, bsc#1191482) - New upstream release - Version 0.2.0 - For detailed information about changes see the CHANGELOG.md file provided with this package - Rename HISTORY.rst to CHANGELOG.md in %files section - Rename README.rst to README.md in %files section - Changes in python-azure-mgmt-network: - Update in SLE-15 (bsc#1189411, bsc#1191482) - New upstream release - Version 17.0.0 - For detailed information about changes see the CHANGELOG.md file provided with this package - Changes in python-azure-mgmt-security: - Update in SLE-15 (bsc#1189411, bsc#1191482) - New upstream release - Version 0.6.0 - For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-synapse-managedprivateendpoints: - Inclusion in SLE-15 .(bsc#1189411, bsc#1191482) Changes in python-azure-synapse-monitoring: - Inclusion in SLE-15 .(bsc#1189411, bsc#1191482) Changes in python-azure-template: - Inclusion in SLE-15 .(bsc#1189411, bsc#1191482) Changes in python-azure-sdk: Update in SLE-15 (bsc#1189411, bsc#1191482) - Add python-azure-sdk (Python2) to Obsoletes - Add additional packages from the Azure SDK to Requires - python-azure-ai-formrecognizer - python-azure-synapse-managedprivateendpoints - python-azure-synapse-monitoring - python-azure-template - Remove all version constraints in Requires Only build Python3 flavors for distributions 15 and greater Changes in python-msrest: - Update from 0.6.19 to 0.6.21. (bsc#1189411, bsc#1191482) For detailed information about changes see the CHANGELOG.md file provided with this package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2387-1 Released: Wed Jul 13 15:41:33 2022 Summary: Recommended update for rust, rust1.61 Type: recommended Severity: moderate References: This update for rust, rust1.61 fixes the following issues: This updates ships rust1.61. Version 1.61.0 (2022-05-19) ========================== Language -------- - `const fn` signatures can now include generic trait bounds - `const fn` signatures can now use `impl Trait` in argument and return position - Function pointers can now be created, cast, and passed around in a `const fn` - Recursive calls can now set the value of a function's opaque `impl Trait` return type Compiler -------- - Linking modifier syntax in `#[link]` attributes and on the command line, as well as the `whole-archive` modifier specifically, are now supported - The `char` type is now described as UTF-32 in debuginfo - he [`#[target_feature]`][target_feature] attribute [can now be used with aarch64 features - X86 [`#[target_feature = 'adx']` is now stable Libraries --------- - `ManuallyDrop` is now documented to have the same layout as `T` - `#[ignore = '…']` messages are printed when running tests - Consistently show absent stdio handles on Windows as NULL handles - Make `std::io::stdio::lock()` return `'static` handles. Previously, the creation of locked handles to stdin/stdout/stderr would borrow the handles being locked, which prevented writing `let out = std::io::stdout().lock();` because `out` would outlive the return value of `stdout()`. Such code now works, eliminating a common pitfall that affected many Rust users. - `Vec::from_raw_parts` is now less restrictive about its inputs - `std::thread::available_parallelism` now takes cgroup quotas into account. Since `available_parallelism` is often used to create a thread pool for parallel computation, which may be CPU-bound for performance, `available_parallelism` will return a value consistent with the ability to use that many threads continuously, if possible. For instance, in a container with 8 virtual CPUs but quotas only allowing for 50% usage, `available_parallelism` will return 4. Stabilized APIs --------------- - `Pin::static_mut` - `Pin::static_ref` - `Vec::retain_mut` - `VecDeque::retain_mut` - `Write` for `Cursor<[u8; N]>` - `std::os::unix::net::SocketAddr::from_pathname` - `std::process::ExitCode` and `std::process::Termination`. The stabilization of these two APIs now makes it possible for programs to return errors from `main` with custom exit codes. - `std::thread::JoinHandle::is_finished`] These APIs are now usable in const contexts: - `<*const T>::offset` and `<*mut T>::offset` - `<*const T>::wrapping_offset` and `<*mut T>::wrapping_offset` - `<*const T>::add` and `<*mut T>::add` - `<*const T>::sub` and `<*mut T>::sub` - `<*const T>::wrapping_add` and `<*mut T>::wrapping_add` - `<*const T>::wrapping_sub` and `<*mut T>::wrapping_sub` - `<[T]>::as_mut_ptr` - `<[T]>::as_ptr_range` - `<[T]>::as_mut_ptr_range` Cargo ----- No feature changes, but see compatibility notes. Compatibility Notes ------------------- - Previously native static libraries were linked as `whole-archive` in some cases, but now rustc tries not to use `whole-archive` unless explicitly requested. This change may result in linking errors in some cases. To fix such errors, native libraries linked from the command line, build scripts, or [`#[link]` attributes][link-attr] need to - (more common) either be reordered to respect dependencies between them (if `a` depends on `b` then `a` should go first and `b` second) - (less common) or be updated to use the [`+whole-archive`] modifier. - Catching a second unwind from FFI code while cleaning up from a Rust panic now causes the process to abort - Proc macros no longer see `ident` matchers wrapped in groups - The number of `#` in `r#` raw string literals is now required to be less than 256 - When checking that a dyn type satisfies a trait bound, supertrait bounds are now enforced - `cargo vendor` now only accepts one value for each `--sync` flag - `cfg` predicates in `all()` and `any()` are always evaluated to detect errors, instead of short-circuiting. The compatibility considerations here arise in nightly-only code that used the short-circuiting behavior of `all` to write something like `cfg(all(feature = 'nightly', syntax-requiring-nightly))`, which will now fail to compile. Instead, use either `cfg_attr(feature = 'nightly', ...)` or nested uses of `cfg`. - bootstrap: static-libstdcpp is now enabled by default, and can now be disabled when llvm-tools is enabled ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:2390-1 Released: Wed Jul 13 16:52:47 2022 Summary: Feature update for build, obs-scm-bridge, obs-service-tar_scm, osc Type: feature Severity: moderate References: 1197298,1197699,1198740,1200148 This feature update for build, obs-scm-bridge, obs-service-tar_scm, osc fixes the following issues: Support the Multi Factor Authentication and the git based workflow. (jsc#SLE-24657, jsc#SLE-24652, jsc#SLE-24653) Please, see the following details changes for more information. Upgrade build from version 20210120 to 20220613 as obs-scm-bridge dependency (jsc#SLE-24657, jsc#SLE-24652, jsc#SLE-24653) - Stop building aarch64_ilp32 baselibs for aarch64 - avod aio=io_uring for now on SLE15-SP4 workers - Update SLE 15 SP4 and Leap 15.4 build config (bsc#1198740) - Use aio=io_uring if available (bsc#1197699) - debian cross build support via multi-arch (obsoleting cbinstall remnants) - Tumbleweed config synced - documentation updates - rename --debug to --debuginfo to be more exact. - docu: add buildflags:ccachtype and OBS-DoNotAppendProfileToContainername - Use git+https instead of git-https as url schema - add oops=panic kernel parameter - Updated distribution configurations (esp. Leap 15.4 and Tumbleweed) - new preinstallimages are using zstd by default - source subdirectories are used in git managed sources - supporting kvm builds as non-root user - Extend stage selection support for rpm builds - various distribution config updates - Support 'BuildFlags: cumulaterpms' (was done only via suse_version before) - docker: * Add support for --root and --installroot global zypper options * improve registry handling * initial Dockerfile.dapper support * support 'curl' commands in docker builds * strip known domains from container name * support container alias names - pbuild: * add --debug option for building debuginfo packages * Use /.dockerenv as marker for docker environment * support privileged docker/nspawn mode * move --cap-add=SYS_ADMIN --cap-add=MKNOD to privileged mode * initvm: do not attempt to mount /proc and binfmt_misc handler if present * rename --hide-timestamps to --no-timestamps * reuse options from older builds * revised --single build mode * support ccache * Implement SCC calculation * Improve --shell-after-build and --single options * initial documentation of pbuild - Kiwi: * always append the profile name to kiwi container names * Add support for OBS-RemoteAsset and OBS-CopyToImage directives - container builds: * support newer podman versions * supporting multiple containers for multi-stage builds * FROM scratch build support - Other fixes: * Avoid shutdown of host when using nspawn * change sccache default size limit * speed up improvements in - vm shutdown - rpm preinstall - avoid calling external commands in a loop - using zstd for preinstallimages - no more unpacking progress indicators to avoid slowdown - virtio handling * fixed vm-type=qemu * multiple smaller bugfixes and speed improvements * Load selinux policy when using a preinstall image * Use the pax format for preinstall images if bsdtar is available * Add %riscv to std_macros * Fix combine_configs dropping newlines * epoch handling in debian builds * catch more cases where a failed build is marked as host error * fixing wrong status reporting when a job got killed * hugetlbfs handling fixes * try mounting selinuxfs in VM * Create the /sys dir when preinstalling (to satisfy dracut) - Features: * Add arm32 and loongarch definitions * Add compatibility code to initvm * Use upstream way of binfmt argv0 preservation (bsc#1197298) * Add template support for Build::SimpleJSON * download_assets: add --outdir --clean --show-dir-srcmd5 parameters support multiple --arch arguments * asset support for golang modules * add support for LXC 4. * new shortcuts for rpm building: --rpm-noprep, --rpm-build-in-place, --rpm-build-in-place-noprep for building directly from upstream git repositories without any tar ball. * mount securityfs if not mounted by kernel-obs-build * collect steal time during VM builds in statistics. * declare armv8 and armv7 compatible * support OBS Debuginfo build flag for Red Hat variants * setup rpmmacros for all build types and earlier * introducing --verbose option, currently only showing kernel messages. * support cpio creation for special files * handle QEMU >= 6.0 on POWER9 * deb zstd support (for Ubuntu 21.10) * support KVM builds with enabled network * modulemd support improvements * Support a 'Distmacro' directive for recipe parser-only macros * initial config for Leap 15.4 * Unify ccache and sccache handling * Fix unpacking of deb/arch archives without bsdtar * cross architecture build support (for rpm and kiwi) * modulemd meta data support * supporting external asset stores for source files * support multiple post build checks placed in the directory: /usr/lib/build/post-build-checks/ * sccache support * New --shell-after-fail option * allow to disable squashfs in SimpleImage * supporting aarch64 kernel on armv?l distributions * Supporting URL's in Flatpak manifests Provide obs-scm-bridge on version 0.2: (jsc#SLE-24657, jsc#SLE-24652, jsc#SLE-24653) * no shallow clone when used with osc * support for LFS fetch * Fixes for _config file export and path handling * Fix a traceback when a project or a package is managed in scm, print a warning instead. Update osc from version 0.172.0 to 0.179.0 (jsc#SLE-24657, jsc#SLE-24652, jsc#SLE-24653) - 0.179.0 - signature (ssh key) authetication fixes (RSA key support, skip binary files) - commandline: handle calls without arguments gracefully - use percent-quoted url for download url generation - osc co/up: highlight pending requests' header - get_results(): fix check for empty details - another exception for github URLs for 'osc add' - update Sphinx configuration, documentation fixes - make Sphinx optional in setup.py not to break package builds - support flavors in aggregatepac - check if repos provided to aggregatepac command exist - several coding style fixes - 0.178.0 - EXPERIMENTAL: git repository handling * init command is working inside of a git repository * downloadassets command fetches references assets from build description * checkout is cloning from git - EXPERIMENTAL: signature (ssh key) authetication * allow to configure 'sshkey' option in the config * try to guess ssh key from the keys added to ssh-agent * rename OscHTTPBasicAuthHandler to OscHTTPAuthHandler * simplify bad auth retry workaround needed for old python versions - add support for building preinstall images - add support for building Helm charts - show the md5s that are failing to validate after fetching a package - add missing space to copypac completion - never require login in the help command - linkdiff: raise an exception when an added file is missing - run tests via calling 'setup.py test' - several coding style fixes - spec file: - run tests via calling 'setup.py test' - disabled tests in debian.rules - 0.177.0 * switch to python3 in osc-wrapper and make python3 explicit * allow formatting of the sccache uri * show repository state and details * a few minor fixes and improvements in credentials handling * order credential managers by priority * kernel keyring is now supported as credential manager * support regex based name filtering in core.get_prj_results() * revision parsing parseRevisionOption(): cleanup and make logic consistent * use sr_ids[0] for superseding (fixes issues with superseding requests containing many packages * download logs and metadata in subdirs named by packages when osc getbinaries is issued on project level or in multibuild case - spec file: * recommed python-keyring-keyutils for new kernel keyring backend - 0.176.0 * add -F option to osc submitreq * add --verbose option to build command * fix getbinaries command to fetch also multibuild packages * fix getbinaries -M/--multibuild-package option usage * skip fetching metadata and logs in the getbinaries command * do not download a bdep with a hdrmd5 from the api by default * re-download file from API when hdrmd5 doesn't match * honor --download-api-only option * remove Windows from the supported operating systems * fix license in setup.py * add py3.10 and py3.11 to the classifiers in setup.py * use the latest version of COPYING file from gnu.org * fix crash on terminal resize during download * do not fail with a traceback in case of a config error * preserve oscrc symlink when writing conf file * escape % character in binary download URLs * fix printing paths to built debian packages - 0.175.1: * Modified SPEC file to be more compatible with KOJI and COPR. ** Modified SPEC file to use python3 for CentOS/RHEL 7 ** Modified SPEC file use fedora/rhel version macros. ** Changed perl to sed in %install section of SPEC file. - 0.175.0: * do not crash when running 'osc search --binary --verbose foo' * don't run source services when building outside of an OSC package working copy * fix XDG_CONFIG_HOME * offer a force ('f') choice in metafile.edit's error handling code path * fix XPath used in search requests * add support for creating a workflow token via 'osc token' * handle missing os.sysconf more gracefully * detachbranch: remove _link when link target got removed * improve error message in case of an URLError * fix downloading from mirrors * avoid sending entire projects on 'osc mr' * fix hdmrd5 check of local cached files * improve logic for conffile mode handling - 0.174.0: * fix password deletion via 'osc config -d pass' * support changing the password store via 'osc config --select-password-store') * support slash syntax in osc browse ('osc browse prj/pkg' is equivalent to 'osc browse prj pkg') * fix the commit of a frozen package wc * fix local product builds using obsrepositories:/ directives * print a meaningful message when trying to a commit a non-existent package - force Mageia >= 8 builds to python3; python2 is deprecated in Mageia 8 and up. - 0.173.0: * add showlinked command to show all references of packages linking to a given one * add build --shell-after-build flag. It can also be set via .oscrc. * add build --stage flag. Useful for example for fixing file lists and just running the install section to see the result of it (use --stage=i=). Check the help for more details. * allow to run build script as non-root, by setting su-wrapper empty => osc is not guessing anymore if user builds are wanted * add support for cross arch local build using a sysroot * support slash notation in 'osc creq -a args' * add '--force' option to the 'osc add' command (can be used to override the exclude_glob config option) * support the commit of arbitrary sized files * add support for sccache - Install macros.osc to %{_rpmmacrodir}, not to /etc/rpm. Update obs-service-tar_scm from version 0.10.22.1615538418.07a353d to version 0.10.30.1641990734.bdad8f9 (bsc#1200148) - Update to version 0.10.30.1641990734.bdad8f9: * fixes for python2.7 compatibility * fix test cases * fix various linter problems with pylint 2.11.1 * disable consider-using-f-string in pylint * added TC for _stash_pop_required * assertTarIsDeeply now more verbose in case of failure * remove tearDown/Trace from testenv.py * fix regression to keep local changes when running in osc * various fixes to make linter happy * fix tests for python 2.7 - Update to version 0.10.29.1634038025.85bfc3f: * fix test cases * fix various linter problems with pylint 2.11.1 * disable consider-using-f-string in pylint * added TC for _stash_pop_required * assertTarIsDeeply now more verbose in case of failure * remove tearDown/Trace from testenv.py * fix regression to keep local changes when running in osc - Update to version 0.10.28.1632141620.a8837d3: * fix missing 'checkout' when running in osc * fix breakage on version detection * change locale - Update to version 0.10.27.1626072657.0fb7a03: * [ci] enhanced github actions for multiple python versions * Create main.yml * Change date format from short to %Y%m%d. - Update to version 0.10.26.1624258505.aed4969: * almalinux in spec file * fix include filters for obscpio files * fix python interpreter for mageia 8 * TarScm: use owner/group root in .obscpio files - Update to version 0.10.26.1623775884.87f49a8: * fixed include/exclude filtering * add '--' to git log command if file/dir equal revision exists * add '--source' to git log command * disabled consider-using-with in .pylint*rc * package .gitignore files * Fix version _none_ generate tarball with '-' * Prevent KeyError in check_for_branch_request method * removed skipped test case (obsolete since 5 yrs) * testing for obscpio/obsinfo * fix regression - obsinfo included the version string * Revert 'remove useless variables' * remove useless variables * added param --without-version * extracted dstname to _dstname * cleanup TarSCM/tasks.py for pylint * add date/time to logging output for better debugging * Fix typos ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2394-1 Released: Thu Jul 14 10:17:30 2022 Summary: Recommended update for sle-module-python2-release Type: recommended Severity: low References: This update for sle-module-python2-release provides the following fix: - Change EOL to 2023-12-31 [jsc#SLE-22357] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2399-1 Released: Thu Jul 14 15:47:55 2022 Summary: Recommended update for scap-security-guide Type: recommended Severity: moderate References: This update for scap-security-guide fixes the following issues: ComplianceAsCode was updated to 0.1.62 (jsc#ECO-3319): - Update rhel8 stig to v1r6 - OL7 STIG v2r7 update - Initial definition of ANSSI BP28 minmal profile for SUSE Linux Enterprise ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2400-1 Released: Thu Jul 14 16:56:39 2022 Summary: Security update for oracleasm Type: security Severity: important References: 1198581 This update of oracleasm fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2402-1 Released: Thu Jul 14 16:58:22 2022 Summary: Security update for python-PyJWT Type: security Severity: important References: 1199756,CVE-2022-29217 This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed key confusion through non-blocklisted public key format (bsc#1199756). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2419-1 Released: Fri Jul 15 17:36:33 2022 Summary: Recommended update for release-notes-sles-for-sap Type: recommended Severity: low References: 1197511,1201315 This update for release-notes-sles-for-sap fixes the following issues: - Trento is fully supported, remove it from tech preview section. (bsc#1201315) - Added note about native systemd integration. (bsc#1197511) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2425-1 Released: Mon Jul 18 09:04:24 2022 Summary: Security update for nodejs14 Type: security Severity: important References: 1201325,1201326,1201327,1201328,CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215 This update for nodejs14 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses (bsc#1201328). - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325). - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326). - CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2430-1 Released: Mon Jul 18 17:34:41 2022 Summary: Security update for nodejs12 Type: security Severity: important References: 1201325,1201326,1201327,1201328,CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215 This update for nodejs12 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses (bsc#1201328). - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325). - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326). - CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2448-1 Released: Wed Jul 20 10:15:30 2022 Summary: Security update for dovecot23 Type: security Severity: important References: 1201267,CVE-2022-30550 This update for dovecot23 fixes the following issues: - CVE-2022-30550: Fixed privilege escalation in dovecot when similar master and non-master passdbs are used (bsc#1201267). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2454-1 Released: Wed Jul 20 15:28:09 2022 Summary: Recommended update for SAPHanaSR Type: recommended Severity: important References: 1198780,1198897 This update for SAPHanaSR fixes the following issues: - Version bump to 0.160.1 - fix HANA_CALL function to support MCOS environments again (bsc#1198780) - fix SAPHanaSR-replay-archive to handle hb_report archives again (bsc#1198897) - add HANA_CALL_TIMEOUT parameter back to the resource agents and read the setting from the cluster configuration, if available. Defaults to '60'. Related to github issue#36 - add new HA/DR provider hook susTkOver (jsc#SLE-16347) - add new hook script for SAP HANA System Replication Scale-Up Cost Optimized Scenario. (jsc#SLE-18613) - add a new instance parameter 'REMOVE_SAP_SOCKETS'. It is an optional parameter and defaults to 'true'. Now you can control, if the RA should remove the unix domain sockets related to sapstartsrv before (re-)start sapstartsrv or if it should try to adjust the permissions and ownership of these files instead. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2455-1 Released: Wed Jul 20 15:29:00 2022 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1192764,1198197,1198828 This update for perl-Bootloader fixes the following issues: - fix sysconfig parsing (bsc#1198828) - grub2/install: reset error code when passing through recover code (bsc#1198197) - grub2 install: Support secure boot on powerpc (bsc#1192764, jsc#SLE-18271) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2456-1 Released: Wed Jul 20 15:29:59 2022 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: moderate References: 1199668 This update for cloud-regionsrv-client fixes the following issues: - Update to version 10.0.4 (bsc#1199668) - Store the update server certs in the '/etc' path instead of '/usr' to accomodate read only setup of SLE-Micro ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2458-1 Released: Wed Jul 20 16:15:15 2022 Summary: Recommended update for regionServiceClientConfigEC2 Type: recommended Severity: moderate References: 1199668 This update for regionServiceClientConfigEC2 fixes the following issues: - Update to version 4.0.0 (bsc#1199668) - Move cert location to usr form var to accomodate ro filesystem of SLE-Micro - Fix source location in spec file ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2459-1 Released: Wed Jul 20 16:16:13 2022 Summary: Recommended update for regionServiceClientConfigGCE Type: recommended Severity: moderate References: 1199668 This update for regionServiceClientConfigGCE fixes the following issues: - Update to version 4.0.0 (bsc#1199668) - Move the cert location to /usr for compatibility with ro setup of SLE-Micro - Fix url in spec file to pint to the proper location of the source ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2470-1 Released: Thu Jul 21 04:40:14 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170 This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - Call pam_loginuid when creating user@.service (bsc#1198507) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit - Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed' - basic/env-util: (mostly) follow POSIX for what variable names are allowed - basic/env-util: make function shorter - basic/escape: add mode where empty arguments are still shown as '' - basic/escape: always escape newlines in shell_escape() - basic/escape: escape control characters, but not utf-8, in shell quoting - basic/escape: use consistent location for '*' in function declarations - basic/string-util: inline iterator variable declarations - basic/string-util: simplify how str_realloc() is used - basic/string-util: split out helper function - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition - string-util: explicitly cast character to unsigned - string-util: fix build error on aarch64 - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2471-1 Released: Thu Jul 21 04:42:58 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1148309,1191502,1195529,1200170 This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - basic/env-util: Allow newlines in values of environment variables - man: tweak description of auto/noauto (bsc#1191502) - shared/install: avoid overwriting 'r' counter with a partial result (bsc#1148309) - shared/install: fix error codes returned by install_context_apply() - shared/install: ignore failures for auxiliary files - systemctl: suppress enable/disable messages when `-q` is given - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2516-1 Released: Thu Jul 21 17:37:19 2022 Summary: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP3) Type: security Severity: important References: 1196959,1199648,1200608,CVE-2021-39698,CVE-2022-1116,CVE-2022-20154 This update for the Linux Kernel 5.3.18-150300_59_76 fixes several issues. The following security issues were fixed: - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-1116: Fixed an integer overflow in io_uring which may lead to local privilege escalation (bsc#1199647). - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2525-1 Released: Fri Jul 22 09:40:12 2022 Summary: Security update for webkit2gtk3 Type: security Severity: important References: 1201221,CVE-2022-22662,CVE-2022-22677,CVE-2022-26710 This update for webkit2gtk3 fixes the following issues: Update to version 2.36.4 (bsc#1201221): - CVE-2022-22662: Processing maliciously crafted web content may disclose sensitive user information. - CVE-2022-22677: The video in a webRTC call may be interrupted if the audio capture gets interrupted. - CVE-2022-26710: Processing maliciously crafted web content may lead to arbitrary code execution. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2528-1 Released: Fri Jul 22 12:09:44 2022 Summary: Recommended update for nvme-cli Type: recommended Severity: low References: 1192761,1198158,1199670,1199865 This update for nvme-cli fixes the following issues: - Don't print error on failed to open in nvme-topology.c (bsc#1198158) - Allow selecting the network interface for connections (bsc#1199670) - Support unique discovery subsystem NQN (bsc#1199865 bsc#1192761) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2530-1 Released: Fri Jul 22 16:00:44 2022 Summary: Security update for java-1_8_0-openjdk Type: security Severity: important References: 1198671,1198672,1198673,1198674,1198675,CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21476,CVE-2022-21496 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u332 - April 2022 CPU (icedtea-3.23.0) - CVE-2022-21426: Better XPath expression handling (bsc#1198672) - CVE-2022-21443: Improved Object Identification (bsc#1198675) - CVE-2022-21434: Better invocation handler handling (bsc#1198674) - CVE-2022-21476: Improve Santuario processing (bsc#1198671) - CVE-2022-21496: Improve URL supports (bsc#1198673) And further Security fixes, Import of OpenJDK 8 u332, Backports and Bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2533-1 Released: Fri Jul 22 17:37:15 2022 Summary: Security update for mozilla-nss Type: security Severity: important References: 1192079,1192080,1192086,1192087,1192228,1198486,1200027,CVE-2022-31741 This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) Mozilla NSPR was updated to version 4.34: * add an API that returns a preferred loopback IP on hosts that have two IP stacks available. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1196125,1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2547-1 Released: Mon Jul 25 19:57:38 2022 Summary: Security update for logrotate Type: security Severity: important References: 1192449,1200278,1200802 This update for logrotate fixes the following issues: Security issues fixed: - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2548-1 Released: Tue Jul 26 13:48:28 2022 Summary: Critical update for python-cssselect Type: recommended Severity: critical References: This update for python-cssselect implements packages to the unrestrictied repository. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2549-1 Released: Tue Jul 26 13:58:28 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1179195,1180814,1184924,1185762,1192761,1193629,1194013,1195504,1195775,1196901,1197362,1197754,1198020,1198924,1199482,1199487,1199489,1199657,1200217,1200263,1200343,1200442,1200571,1200599,1200600,1200604,1200605,1200608,1200619,1200622,1200692,1200806,1200807,1200809,1200810,1200813,1200816,1200820,1200821,1200822,1200825,1200828,1200829,1200925,1201050,1201080,1201143,1201147,1201149,1201160,1201171,1201177,1201193,1201222,1201644,1201664,1201672,1201673,1201676,CVE-2021-26341,CVE-2021-4157,CVE-2022-1012,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-29900,CVE-2022-29901,CVE-2022-33981,CVE-2022-34918 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). The following non-security bugs were fixed: - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes) - arm64: ftrace: fix branch range checks (git-fixes) - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bio: fix page leak bio_add_hw_page failure (git-fixes). - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762) - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes). - block: advance iov_iter on bio_add_hw_page failure (git-fixes). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762). - block: Fix kABI in blk-merge.c (bsc#1198020). - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - ceph: add some lockdep assertions around snaprealm handling (bsc#1201147). - ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217). - cifs: avoid parallel session setups on same channel (bsc#1200217). - cifs: avoid race during socket reconnect between send and recv (bsc#1200217). - cifs: call cifs_reconnect when a connection is marked (bsc#1200217). - cifs: call helper functions for marking channels for reconnect (bsc#1200217). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217). - cifs: check for smb1 in open_cached_dir() (bsc#1200217). - cifs: check reconnects for channels of active tcons too (bsc#1200217). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217). - cifs: clean up an inconsistent indenting (bsc#1200217). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217). - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217). - cifs: do not use tcpStatus after negotiate completes (bsc#1200217). - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217). - cifs: fix handlecache and multiuser (bsc#1200217). - cifs: fix hang on cifs_get_next_mid() (bsc#1200217). - cifs: fix incorrect use of list iterator after the loop (bsc#1200217). - cifs: fix minor compile warning (bsc#1200217). - cifs: fix missed refcounting of ipc tcon (bsc#1200217). - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217). - cifs: fix potential deadlock in direct reclaim (bsc#1200217). - cifs: fix potential double free during failed mount (bsc#1200217). - cifs: fix potential race with cifsd thread (bsc#1200217). - cifs: fix set of group SID via NTSD xattrs (bsc#1200217). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217). - cifs: fix the cifs_reconnect path for DFS (bsc#1200217). - cifs: fix the connection state transitions with multichannel (bsc#1200217). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217). - cifs: fix workstation_name for multiuser mounts (bsc#1200217). - cifs: force new session setup and tcon for dfs (bsc#1200217). - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217). - cifs: ignore resource_id while getting fscache super cookie (bsc#1200217). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217). - cifs: make status checks in version independent callers (bsc#1200217). - cifs: mark sessions for reconnection in helper function (bsc#1200217). - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217). - cifs: move superblock magic defitions to magic.h (bsc#1200217). - cifs: potential buffer overflow in handling symlinks (bsc#1200217). - cifs: print TIDs as hex (bsc#1200217). - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217). - cifs: reconnect only the connection and not smb session where possible (bsc#1200217). - cifs: release cached dentries only if mount is complete (bsc#1200217). - cifs: remove check of list iterator against head past the loop body (bsc#1200217). - cifs: remove redundant assignment to pointer p (bsc#1200217). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217). - cifs: remove repeated state change in dfs tree connect (bsc#1200217). - cifs: remove unused variable ses_selected (bsc#1200217). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217). - cifs: return the more nuanced writeback error on close() (bsc#1200217). - cifs: sanitize multiple delimiters in prepath (bsc#1200217). - cifs: serialize all mount attempts (bsc#1200217). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217). - cifs: skip trailing separators of prefix paths (bsc#1200217). - cifs: smbd: fix typo in comment (bsc#1200217). - cifs: Split the smb3_add_credits tracepoint (bsc#1200217). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217). - cifs: track individual channel status using chans_need_reconnect (bsc#1200217). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217). - cifs: update internal module number (bsc#1193629). - cifs: update internal module number (bsc#1200217). - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217). - cifs: use correct lock type in cifs_reconnect() (bsc#1200217). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217). - cifs: use new enum for ses_status (bsc#1200217). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217). - cifs: wait for tcon resource_id before getting fscache super (bsc#1200217). - cifs: we do not need a spinlock around the tree access during umount (bsc#1200217). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - exec: Force single empty string when argv is empty (bsc#1200571). - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable 'count' signed (bsc#1200820). - Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gtp: use icmp_ndo_send helper (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - iomap: iomap_write_failed fix (bsc#1200829). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI fix of sysctl_run_estimation (git-fixes). - kabi: nvme workaround header include (bsc#1201193). - kabi/severities: ignore KABI for NVMe target (bsc#1192761) - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - move devm_allocate to end of structure for kABI (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: lantiq: Add locking for TX DMA channel (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm/region: Fix default alignment for small regions (git-fixes). - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761). - nvme: Add connect option 'discovery' (bsc#1192761). - nvme: add new discovery log page entry definitions (bsc#1192761). - nvme: display correct subsystem NQN (bsc#1192761). - nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761). - nvme: kabi fix nvme subsystype change (bsc#1192761) - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761). - nvmet: add nvmet_req_subsys() helper (bsc#1192761). - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes). - nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761). - nvmet: fix freeing unallocated p2pmem (git-fixes). - nvmet: make discovery NQN configurable (bsc#1192761). - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes). - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes). - nvmet: register discovery subsystem as 'current' (bsc#1192761). - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761). - nvmet: switch check for subsystem type (bsc#1192761). - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - random: Add and use pr_fmt() (bsc#1184924). - random: remove unnecessary unlikely() (bsc#1184924). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - Revert 'block: Fix a lockdep complaint triggered by request queue flushing' (git-fixes). - scsi: core: Show SCMD_LAST in text form (git-fixes). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes). - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes). - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes). - scsi: sd: Signal drive managed SMR disks (git-fixes). - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes). - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes). - scsi: sd_zbc: Improve zone revalidation (git-fixes). - scsi: sd_zbc: Remove unused inline functions (git-fixes). - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes). - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622). - smb3: add mount parm nosparse (bsc#1200217). - smb3: add trace point for lease not found issue (bsc#1200217). - smb3: add trace point for oplock not found (bsc#1200217). - smb3: check for null tcon (bsc#1200217). - smb3: cleanup and clarify status of tree connections (bsc#1200217). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217). - smb3: fix snapshot mount option (bsc#1200217). - smb3 improve error message when mount options conflict with posix (bsc#1200217). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217). - smb3: move more common protocol header definitions to smbfs_common (bsc#1200217). - smb3: send NTLMSSP version information (bsc#1200217). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - sunvnet: use icmp_ndo_send helper (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - xhci: Add reset resume quirk for AMD xhci controller (git-fixes). - x86/entry: Remove skip_r11rcx (bsc#1201644). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2550-1 Released: Tue Jul 26 14:00:21 2022 Summary: Security update for git Type: security Severity: important References: 1201431,CVE-2022-29187 This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2551-1 Released: Tue Jul 26 14:05:05 2022 Summary: Security update for nodejs16 Type: security Severity: important References: 1192489,1201325,1201326,1201327,1201328,CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215 This update for nodejs16 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses (bsc#1201328). - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325). - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326). - CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327). The following non-security bug was fixed: - Add buildtime version check to determine if we need patched openssl Requires: or already in upstream. (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2553-1 Released: Tue Jul 26 15:14:32 2022 Summary: Security update for squid Type: security Severity: important References: 1185923,1186654,1200907,CVE-2021-33620,CVE-2021-46784 This update for squid fixes the following issues: - CVE-2021-46784: Fixed DoS when processing gopher server responses. (bsc#1200907) - CVE-2021-33620: Fixed DoS in HTTP Response processing (bsc#1185923, bsc#1186654) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2562-1 Released: Wed Jul 27 14:35:31 2022 Summary: Security update for python-M2Crypto Type: security Severity: important References: 1178829,CVE-2020-25657 This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2568-1 Released: Wed Jul 27 15:44:31 2022 Summary: Maintenance update for SUSE Manager 4.2: Server and Proxy Type: recommended Severity: important References: 1179962,1182742,1189501,1192850,1193032,1193238,1194262,1194394,1196977,1197429,1197507,1198191,1198356,1198358,1198429,1198646,1198686,1198914,1198944,1198999,1199019,1199036,1199049,1199401,1199438,1199466,1199523,1199528,1199577,1199596,1199629,1199646,1199656,1199677,1199679,1199727,1199874,1199888,1200087,1200703,1200707,1200863,1201782,1201842,CVE-2022-31248 Maintenance update for SUSE Manager 4.2: Server and Proxy ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2572-1 Released: Thu Jul 28 04:22:33 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2583-1 Released: Fri Jul 29 10:42:06 2022 Summary: Security update for aws-iam-authenticator Type: security Severity: important References: 1201395,CVE-2022-2385 This update for aws-iam-authenticator fixes the following issues: - CVE-2022-2385: Fixed AccessKeyID validation bypass (bsc#1201395). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2586-1 Released: Fri Jul 29 12:01:06 2022 Summary: Security update for ldb, samba Type: security Severity: important References: 1196224,1198255,1199247,1199734,1200556,1200964,1201490,1201492,1201493,1201495,1201496,CVE-2022-2031,CVE-2022-32742,CVE-2022-32744,CVE-2022-32745,CVE-2022-32746 This update for ldb, samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496). - CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493). The following security bugs were fixed: samba was updated to 4.15.8: * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); - Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556). ldb was updated to version 2.4.3 * Fix build problems, waf produces incorrect names for python extensions; (bso#15071); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2588-1 Released: Fri Jul 29 12:08:18 2022 Summary: Recommended update for fence-agents Type: recommended Severity: moderate References: 1195891 This update for fence-agents fixes the following issue: - Azure fence agent doesn't work correctly on SLES15 SP3 - fence_azure_arm fails with error 'MSIAuthentication' object has no attribute 'get_token' (bsc#1195891) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2592-1 Released: Fri Jul 29 13:34:21 2022 Summary: Security update for rubygem-tzinfo Type: security Severity: important References: 1201835,CVE-2022-31163 This update for rubygem-tzinfo fixes the following issues: - CVE-2022-31163: Fixed relative path traversal vulnerability that allows TZInfo::Timezone.get to load arbitrary files (bsc#1201835). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2599-1 Released: Fri Jul 29 16:13:17 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1199965,1199966,1200549,1201394,1201469,CVE-2022-21123,CVE-2022-21125,CVE-2022-21166,CVE-2022-23816,CVE-2022-23825,CVE-2022-26362,CVE-2022-26363,CVE-2022-26364,CVE-2022-29900,CVE-2022-33745 This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Fixed several upstream bugs (bsc#1027519). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2608-1 Released: Mon Aug 1 09:47:44 2022 Summary: Security update for booth Type: security Severity: important References: 1201946,CVE-2022-2553 This update for booth fixes the following issues: - CVE-2022-2553: authfile directive in booth config file is completely ignored (bsc#1201946). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2611-1 Released: Mon Aug 1 09:57:27 2022 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1201758,CVE-2022-36318,CVE-2022-36319 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.12.0 ESR (bsc#1201758): - CVE-2022-36319: Mouse Position spoofing with CSS transforms - CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2613-1 Released: Mon Aug 1 10:28:50 2022 Summary: Recommended update for python-parallax Type: recommended Severity: moderate References: 1200833 This update for python-parallax fixes the following issues: - Don't use ssh if a command is running on local (bsc#1200833) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2614-1 Released: Mon Aug 1 10:41:04 2022 Summary: Security update for dwarves and elfutils Type: security Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665 This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 (jsc#SLE-24501): - elfclassify: New tool to analyze ELF objects. - readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. - libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias. - libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned. - backends: Add support for C-SKY. Update to version 0.176: - build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h). - backends: riscv improved core file and return value location support. - Fixes: - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007) Update to version 0.175: - readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes. - strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections. - libdwelf: New function dwelf_elf_begin. - libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726) Update to version 0.174: - libelf, libdw and all tools now handle extended shnum and shstrndx correctly. - elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. - strip: Handle mixed (out of order) allocated/non-allocated sections. - unstrip: Handle SHT_GROUP sections. - backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. - Fixes: - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067) - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) Update to version 0.173: - More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles. - readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded). - libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented. - backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names. Update to version 0.172: - Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases. Update to version 0.171: - DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die). - Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled. - readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc. - libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays. - libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend. There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used. Update to version 0.170: - libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. - strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. - backends: The bpf disassembler is now always build on all platforms. Update to version 0.169: - backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. - translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084) - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089) - Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils. dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2616-1 Released: Mon Aug 1 10:43:46 2022 Summary: Recommended update for scap-security-guide Type: recommended Severity: moderate References: This update for scap-security-guide fixes the following issues: - Fix the build for RHEL 7 and clones (python-setuptools is used) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2620-1 Released: Mon Aug 1 16:52:38 2022 Summary: Security update for gimp Type: security Severity: moderate References: 1199653,CVE-2022-30067 This update for gimp fixes the following issues: - CVE-2022-30067: Fixed uncontrolled memory consumption via crafted XCF file (bsc#1199653). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2628-1 Released: Tue Aug 2 12:21:23 2022 Summary: Recommended update for apparmor Type: recommended Severity: important References: 1195463,1196850 This update for apparmor fixes the following issues: - Add new rule to fix reported 'DENIED' audit records with Apparmor profile 'usr.sbin.smbd' (bsc#1196850) - Add new rule to allow reading of openssl.cnf (bsc#1195463) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2638-1 Released: Wed Aug 3 10:35:14 2022 Summary: Security update for mokutil Type: security Severity: moderate References: 1198458 This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. (bsc#1198458) New options added (see manpage): - mokutil --sbat List all entries in SBAT. - mokutil --set-sbat-policy (latest | previous | delete) To set the SBAT acceptance policy. - mokutil --list-sbat-revocations To list the current SBAT revocations. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2641-1 Released: Wed Aug 3 11:37:34 2022 Summary: Security update for xscreensaver Type: security Severity: moderate References: 1186918,CVE-2021-34557 This update for xscreensaver fixes the following issues: - CVE-2021-34557: Fixed potential crash and unlock while disconnecting video output with more than 10 monitors (bsc#1186918) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2644-1 Released: Wed Aug 3 12:34:12 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1177461,1184970 This update for dracut fixes the following issues: - Fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970) - Fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2647-1 Released: Wed Aug 3 13:44:01 2022 Summary: Security update for tiff Type: security Severity: low References: 1201174,1201175,1201176,CVE-2022-2056,CVE-2022-2057,CVE-2022-2058 This update for tiff fixes the following issues: - CVE-2022-2056: Fixed a division by zero denial of service (bsc#1201176). - CVE-2022-2057: Fixed a division by zero denial of service (bsc#1201175). - CVE-2022-2058: Fixed a division by zero denial of service (bsc#1201174). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2649-1 Released: Wed Aug 3 15:06:21 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1164384,1199235,CVE-2019-20454,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384). - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2650-1 Released: Wed Aug 3 15:09:21 2022 Summary: Security update for java-1_8_0-ibm Type: security Severity: important References: 1191912,1194931,1198670,1198671,1198672,1198673,1198674,1198675,1201643,CVE-2021-35561,CVE-2022-21299,CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21449,CVE-2022-21476,CVE-2022-21496 This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 7 Fix Pack 10 [bsc#1201643] - CVE-2022-21476 (bsc#1198671), CVE-2022-21449 (bsc#1198670), CVE-2022-21496 (bsc#1198673), CVE-2022-21434 (bsc#1198674), CVE-2022-21426 (bsc#1198672), CVE-2022-21443 (bsc#1198675), CVE-2021-35561 (bsc#1191912), CVE-2022-21299 (bsc#1194931). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2653-1 Released: Wed Aug 3 15:33:44 2022 Summary: Security update for u-boot Type: security Severity: important References: 1201214,1201745,CVE-2022-33967,CVE-2022-34835 This update for u-boot fixes the following issues: - CVE-2022-33967: Fixed heap overflow in squashfs filesystem implementation (bsc#1201745). - CVE-2022-34835: Fixed stack buffer overflow vulnerability in i2c md command (bsc#1201214). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2663-1 Released: Thu Aug 4 09:21:21 2022 Summary: Security update for harfbuzz Type: security Severity: important References: 1200900,CVE-2022-33068 This update for harfbuzz fixes the following issues: - CVE-2022-33068: Fixed a integer overflow in hb-ot-shape-fallback.cc (bsc#1200900). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2668-1 Released: Thu Aug 4 10:23:44 2022 Summary: Recommended update for ldns Type: recommended Severity: moderate References: 1200843 This update of ldns fixes the following issue: - ldns is shipped to the unsupported packagehub module as dependency of unbound. (bsc#1200843) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2671-1 Released: Thu Aug 4 14:05:32 2022 Summary: Security update for go1.17 Type: security Severity: important References: 1190649,1201434,1201436,1201437,1201440,1201443,1201444,1201445,1201447,1201448,1202035,CVE-2022-1705,CVE-2022-1962,CVE-2022-28131,CVE-2022-30630,CVE-2022-30631,CVE-2022-30632,CVE-2022-30633,CVE-2022-30635,CVE-2022-32148,CVE-2022-32189 This update for go1.17 fixes the following issues: Update to go version 1.17.13 (bsc#1190649): - CVE-2022-32189: encoding/gob, math/big: decoding big.Float and big.Rat can panic (bsc#1202035). - CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode (bsc#1201444). - CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read (bsc#1201437). - CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions (bsc#1201448). - CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip (bsc#1201443). - CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding header (bsc#1201434) - CVE-2022-30630: io/fs: stack exhaustion in Glob (bsc#1201447). - CVE-2022-32148: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (bsc#1201436) - CVE-2022-30632: path/filepath: stack exhaustion in Glob (bsc#1201445). - CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal (bsc#1201440). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2672-1 Released: Thu Aug 4 14:06:24 2022 Summary: Security update for go1.18 Type: security Severity: important References: 1193742,1201434,1201436,1201437,1201440,1201443,1201444,1201445,1201447,1201448,1202035,CVE-2022-1705,CVE-2022-1962,CVE-2022-28131,CVE-2022-30630,CVE-2022-30631,CVE-2022-30632,CVE-2022-30633,CVE-2022-30635,CVE-2022-32148,CVE-2022-32189 This update for go1.18 fixes the following issues: Update to go version 1.18.5 (bsc#1193742): - CVE-2022-32189: encoding/gob, math/big: decoding big.Float and big.Rat can panic (bsc#1202035). - CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding header (bsc#1201434) - CVE-2022-32148: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (bsc#1201436) - CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read (bsc#1201437). - CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal (bsc#1201440). - CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip (bsc#1201443). - CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode (bsc#1201444). - CVE-2022-30632: path/filepath: stack exhaustion in Glob (bsc#1201445). - CVE-2022-30630: io/fs: stack exhaustion in Glob (bsc#1201447). - CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions (bsc#1201448). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2673-1 Released: Thu Aug 4 14:07:09 2022 Summary: Security update for python-ujson Type: security Severity: moderate References: 1201254,1201255,CVE-2022-31116,CVE-2022-31117 This update for python-ujson fixes the following issues: - CVE-2022-31116: Fixed improper decoding of escaped surrogate characters (bsc#1201255). - CVE-2022-31117: Fixed a double free while reallocating a buffer for string decoding (bsc#1201254). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2678-1 Released: Fri Aug 5 04:01:19 2022 Summary: Recommended update for hwinfo Type: recommended Severity: important References: 1184339,1198043,1199948 This update for hwinfo fixes the following issues: - Keep NVMe's namespace output consistency when the option `nvme_core.multipath=1` (bsc#1199948) - Fix bug in determining serial console device name (bsc#1198043) - Don't rely on select() updating its timeout argument (bsc#1184339) - Fix logic around CD-ROM detection - Prevent closing of the open CD-ROM tray after read - Always read numerical 32bit serial number from EDID header. Override this with ASCII serial number from display descriptor, if available. - Display numerical 32bit serial number for monitors without serial number display descriptor - Fix timezone issue in SOURCE_DATE_EPOCH code - Recognize loongarch64 architecture - Update PCI and USB ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2681-1 Released: Fri Aug 5 11:19:46 2022 Summary: Security update for wavpack Type: security Severity: low References: 1201716,CVE-2022-2476 This update for wavpack fixes the following issues: - CVE-2022-2476: Fixed a Null pointer dereference in wvunpack (bsc#1201716). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2690-1 Released: Fri Aug 5 17:05:42 2022 Summary: Recommended update for rust, rust1.62 Type: recommended Severity: moderate References: This update for rust, rust1.62 fixes the following issues: This update delivers rust1.62. - Improve support for wasi targets Version 1.62.1 (2022-07-19) ========================== Rust 1.62.1 addresses a few recent regressions in the compiler and standard library, and also mitigates a CPU vulnerability on Intel SGX. * The compiler fixed unsound function coercions involving `impl Trait` return types. * The compiler fixed an incremental compilation bug with `async fn` lifetimes. * Windows added a fallback for overlapped I/O in synchronous reads and writes. * The `x86_64-fortanix-unknown-sgx` target added a mitigation for the MMIO stale data vulnerability, advisory [INTEL-SA-00615]. - Experimental support for wasi targets Version 1.62.0 (2022-06-30) ========================== Language -------- - Stabilize `#[derive(Default)]` on enums with a `#[default]` variant - Teach flow sensitive checks that visibly uninhabited call expressions never return - Fix constants not getting dropped if part of a diverging expression - Support unit struct/enum variant in destructuring assignment][95380 - Remove mutable_borrow_reservation_conflict lint and allow the code pattern Compiler -------- - linker: Stop using whole-archive on dependencies of dylibs - Make `unaligned_references` lint deny-by-default This lint is also a future compatibility lint, and is expected to eventually become a hard error. - Only add codegen backend to dep info if -Zbinary-dep-depinfo is used - Reject `#[thread_local]` attribute on non-static items - Add tier 3 `aarch64-pc-windows-gnullvm` and `x86_64-pc-windows-gnullvm` targets\* - Implement a lint to warn about unused macro rules - Promote `x86_64-unknown-none` target to Tier 2 * Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support. Libraries --------- - Windows: Use a pipe relay for chaining pipes - Replace Linux Mutex and Condvar with futex based ones. - Replace RwLock by a futex based one on Linux - std: directly use pthread in UNIX parker implementation Stabilized APIs --------------- - `bool::then_some` - `f32::total_cmp` - `f64::total_cmp` - `Stdin::lines` - `windows::CommandExt::raw_arg` - `impl Default for AssertUnwindSafe` - `From> for Rc<[u8]>` rc-u8-from-str - `From> for Arc<[u8]>` arc-u8-from-str - `FusedIterator for EncodeWide` - RDM intrinsics on aarch64 stdarch/1285 Clippy ------ - Create clippy lint against unexpectedly late drop for temporaries in match scrutinee expressions Cargo ----- - Added the `cargo add` command for adding dependencies to `Cargo.toml` from the command-line. [docs](https://doc.rust-lang.org/nightly/cargo/commands/cargo-add.html) - Package ID specs now support `name@version` syntax in addition to the previous `name:version` to align with the behavior in `cargo add` and other tools. `cargo install` and `cargo yank` also now support this syntax so the version does not need to passed as a separate flag. - The `git` and `registry` directories in Cargo's home directory (usually `~/.cargo`) are now marked as cache directories so that they are not included in backups or content indexing (on Windows). - Added automatic `@` argfile support, which will use 'response files' if the command-line to `rustc` exceeds the operating system's limit. Compatibility Notes ------------------- - `cargo test` now passes `--target` to `rustdoc` if the specified target is the same as the host target. - rustdoc: doctests are now run on unexported `macro_rules!` macros, matching other private items - rustdoc: Remove .woff font files - Enforce Copy bounds for repeat elements while considering lifetimes - Windows: Fix potentinal unsoundness by aborting if `File` reads or writes cannot complete synchronously. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2695-1 Released: Mon Aug 8 20:56:01 2022 Summary: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP3) Type: security Severity: important References: 1200605,1201080,1201222,CVE-2022-1679,CVE-2022-20141,CVE-2022-34918 This update for the Linux Kernel 5.3.18-150300_59_76 fixes several issues. The following security issues were fixed: - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2703-1 Released: Tue Aug 9 09:09:13 2022 Summary: Recommended update for python-google-resumable-media Type: recommended Severity: moderate References: 1197841 This update for python-google-resumable-media fixes the following issues: - Fix testsuite invocation (bsc#1197841) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2705-1 Released: Tue Aug 9 09:10:15 2022 Summary: Recommended update for yast2-sap-ha Type: recommended Severity: moderate References: 1158843,1186618,1190774,1197290,1199029,1200427 This update for yast2-sap-ha fixes the following issues: - Introduce a new function refresh_all_proposals. This reads the proposal for the modules watchdog and fence. This is neccessary when reading an earlier configuration. - Use .gsub instead of File.basename to find all modules files. (bsc#1197290) - system/watchdog.rb searches watchdog modules with .ko extension but we ship .ko.xz (bsc#1197290) - softdog missing in Yast while configuring HA for SAP Products (bsc#1199029) - kmod-compat has broken dependencies (bsc#1186618) - 'SUSE SAP HA Yast wizard for HANA does not configure the HANA hooks. (bsc#1190774) - Add SAPHanaSR via global.ini as proposoed. - Fix for broken gettext support (bsc#1158843) - YaST2 sap_ha tool does not allow digits at the beginning of site names (bsc#1200427) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2707-1 Released: Tue Aug 9 10:18:18 2022 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1201684,1201692,1201694,CVE-2022-21540,CVE-2022-21541,CVE-2022-34169 This update for java-11-openjdk fixes the following issues: Update to upstream tag jdk-11.0.16+8 (July 2022 CPU) - CVE-2022-21540: Improve class compilation (bsc#1201694) - CVE-2022-21541: Enhance MethodHandle invocations (bsc#1201692) - CVE-2022-34169: Improve Xalan supports (bsc#1201684) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2735-1 Released: Wed Aug 10 04:31:41 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657 This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2741-1 Released: Wed Aug 10 09:23:02 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1178134,1198829,1199364,1199647,1199665,1199670,1200521,1200598,1200644,1200651,1200762,1200910,1201196,1201206,1201251,1201381,1201429,1201458,1201635,1201636,1201644,1201664,1201672,1201673,1201676,1201846,1201930,1201940,1201954,1201956,1201958,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1116,CVE-2022-1462,CVE-2022-20166,CVE-2022-21505,CVE-2022-2318,CVE-2022-26365,CVE-2022-29581,CVE-2022-32250,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-36946: Fixed an incorrect packet trucation operation which could lead to denial of service (bnc#1201940). - CVE-2022-29581: Fixed improper update of reference count in net/sched that could cause root privilege escalation (bnc#1199665). - CVE-2022-20166: Fixed several possible memory safety issues due to unsafe operations (bsc#1200598). - CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of TTYs that could lead to a use-after-free (bnc#1201429). - CVE-2021-33655: Fixed an out of bounds write by ioctl cmd FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2021-33656: Fixed an out of bounds write related to ioctl cmd PIO_FONT (bnc#1201636). - CVE-2022-21505: Fixed a kernel lockdown bypass via IMA policy (bsc#1201458). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TTY subsystem (bnc#1198829). - CVE-2022-1116: Fixed an integer overflow vulnerability in io_uring which allowed a local attacker to escalate privileges to root (bnc#1199647).- CVE-2022-2318: Fixed a use-after-free vulnerability in the timer handler in Rose subsystem that allowed unprivileged attackers to crash the system (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). The following non-security bugs were fixed: - Fixed a system crash related to the recent RETBLEED mitigation (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676). - qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958). - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#1199364). - bpf: enable BPF type format (BTF) (jsc#SLE-24559). - nfs: avoid NULL pointer dereference when there is unflushed data (bsc#1201196). - hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#1199364). - hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364). - hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364). - hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#1199364). - hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364). - kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - lkdtm: Disable return thunks in rodata.c (bsc#1178134). - net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#1199364). - net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364). - nvme: consider also host_iface when checking ip options (bsc#1199670). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956). - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956). - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956 bsc#1200521). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956). - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956). - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956). - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956). - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956). - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - x86/bugs: Remove apostrophe typo (bsc#1178134). - x86/entry: Remove skip_r11rcx (bsc#1201644). - x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2748-1 Released: Wed Aug 10 13:30:07 2022 Summary: Security update for MozillaThunderbird Type: security Severity: important References: 1201758,CVE-2022-36318,CVE-2022-36319 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 91.12 * changed: Support for Google Talk chat accounts removed * fixed: OpenPGP signatures were broken when 'Primary Password' dialog remained open * fixed: Various security fixes - Security fixes (MFSA 2022-31) (bsc#1201758): - CVE-2022-36319: Fixed mouse Position spoofing with CSS transforms (bmo#1737722) - CVE-2022-36318: Fixed directory indexes for bundled resources reflected URL parameters (bmo#1771774) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2758-1 Released: Wed Aug 10 14:05:17 2022 Summary: Recommended update for clamsap Type: recommended Severity: moderate References: This update for clamsap fixes the following issues: clamsap was updated to version 0.104 (jsc#PED-805) * Relax javascript check in PDF * use https source url, also https URL * Wildcard support for MIME type lists * Fix SAR file content scan * Add option for PDF active content * Remove own default settings from VsaGetConfig and rely on clamav defaults * Change default virusname in case clamav does not return any virus name. * Limit pcre calls * Increase Version because tested with latest clam engine * Support new parameter SCANHEURISTICLEVEL ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2790-1 Released: Fri Aug 12 10:11:24 2022 Summary: Recommended update for supportutils-plugin-ha-sap Type: recommended Severity: moderate References: 1201831 This update for supportutils-plugin-ha-sap fixes the following issues: - Update to version 0.0.3+git.1659022100.39bfcd6: * Update README.md * Replace spaces to tabs. * Search for other groups too. * Include /etc/group in plugin-ha_sap.txt (bsc#1201831) * Update ha_sap * Update pacemaker.log location change * suppress link path in Readme.md * add section 'Additional information' to the Readme.md * change release status of the project ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2801-1 Released: Fri Aug 12 16:28:11 2022 Summary: Security update for cifs-utils Type: security Severity: moderate References: 1198976,CVE-2022-29869 This update for cifs-utils fixes the following issues: - CVE-2022-29869: Fixed verbose messages on option parsing causing information leak (bsc#1198976). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2805-1 Released: Mon Aug 15 07:00:21 2022 Summary: Recommended update for gvfs Type: recommended Severity: moderate References: 1198718 This update for gvfs fixes the following issues: - Fix inability to mount smb share with samba 4.16 (bsc#1198718) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2810-1 Released: Tue Aug 16 09:03:20 2022 Summary: Recommended update for python-kiwi Type: recommended Severity: moderate References: 1194992,1197616,1197783 This update for python-kiwi fixes the following issues: - Preserve the LABEL= setting when the grub config file is re-generated. (bsc#1197616) - Add ensure empty tmpdirs option for OCI containers. (bsc#1197783) - Set /.snapshots subvolume to mode 0700 (bsc#1194992) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2820-1 Released: Tue Aug 16 13:34:10 2022 Summary: Security update for webkit2gtk3 Type: security Severity: important References: 1201980,CVE-2022-32792,CVE-2022-32816 This update for webkit2gtk3 fixes the following issues: - Update to version 2.36.5 (bsc#1201980): - Add support for PAC proxy in the WebDriver implementation. - Fix video playback when loaded through custom URIs, this fixes video playback in the Yelp documentation browser. - Fix WebKitWebView::context-menu when using GTK4. - Fix LTO builds with GCC. - Fix several crashes and rendering issues. - Security fixes: - CVE-2022-32792: Fixed processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2022-32816: Fixed visiting a website that frames malicious content may lead to UI spoofing. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2822-1 Released: Tue Aug 16 13:47:57 2022 Summary: Security update for python-Twisted Type: security Severity: important References: 1166458,CVE-2020-10109 This update for python-Twisted fixes the following issues: - CVE-2020-10109: Fixed an HTTP request smuggling issue (bsc#1166458). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2831-1 Released: Wed Aug 17 14:41:07 2022 Summary: Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins Type: security Severity: moderate References: 1195916,1196696,CVE-2020-29651 This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues: - Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972) - Remove redundant python3 dependency from Requires - Update regular expression to fix python shebang - Style is enforced upstream and triggers unnecessary build version requirements - Allow specifying fs_id in cloudwatch log group name - Includes fix for stunnel path - Added hardening to systemd service(s). - Raise minimal pytest version - Fix typo in the ansi2html Requires - Cleanup with spec-cleaner - Make sure the tests are really executed - Remove useless devel dependency - Multiprocessing support in Python 3.8 was broken, but is now fixed - Bumpy the URL to point to github rather than to docs ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2835-1 Released: Wed Aug 17 16:52:22 2022 Summary: Security update for ntfs-3g_ntfsprogs Type: security Severity: important References: 1199978,CVE-2021-46790,CVE-2022-30783,CVE-2022-30784,CVE-2022-30785,CVE-2022-30786,CVE-2022-30787,CVE-2022-30788,CVE-2022-30789 This update for ntfs-3g_ntfsprogs fixes the following issues: Updated to version 2022.5.17 (bsc#1199978): - CVE-2022-30783: Fixed an issue where messages between NTFS-3G and the kernel could be intercepted when using libfuse-lite. - CVE-2022-30784: Fixed a memory exhaustion issue when opening a crafted NTFS image. - CVE-2022-30785: Fixed a bug where arbitrary memory read and write operations could be achieved whe using libfuse-lite. - CVE-2022-30786: Fixed a memory corruption issue when opening a crafted NTFS image. - CVE-2022-30787: Fixed an integer underflow which enabled arbitrary memory read operations when using libfuse-lite. - CVE-2022-30788: Fixed a memory corruption issue when opening a crafted NTFS image. - CVE-2022-30789: Fixed a memory corruption issue when opening a crafted NTFS image. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2839-1 Released: Thu Aug 18 07:39:01 2022 Summary: Security update for podman Type: security Severity: important References: 1182428,1196338,1197284,CVE-2022-1227,CVE-2022-21698,CVE-2022-27191 This update for podman fixes the following issues: Updated to version 3.4.7: - CVE-2022-1227: Fixed an issue that could allow an attacker to publish a malicious image to a public registry and run arbitrary code in the victim's context via the 'podman top' command (bsc#1182428). - CVE-2022-27191: Fixed a potential crash via SSH under specific configurations (bsc#1197284). - CVE-2022-21698: Fixed a potential denial of service that affected servers that used Prometheus instrumentation (bsc#1196338). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2844-1 Released: Thu Aug 18 14:41:25 2022 Summary: Recommended update for tar Type: recommended Severity: important References: 1202436 This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2850-1 Released: Fri Aug 19 09:56:58 2022 Summary: Recommended update for rustup Type: recommended Severity: moderate References: 1200499 This update for rustup fixes the following issues: - added correct provides to the obsoletes of older rust subpackages, to get correct provides obsoletes pairs and allow better transition between RPMs. (bsc#1200499) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2856-1 Released: Fri Aug 19 16:10:43 2022 Summary: Security update for java-1_8_0-openjdk Type: security Severity: important References: 1195163,1201684,1201692,1201694,CVE-2022-21540,CVE-2022-21541,CVE-2022-34169 This update for java-1_8_0-openjdk fixes the following issues: - Updated to version jdk8u345 (icedtea-3.24.0) - CVE-2022-21540: Fixed a potential Java sandbox bypass (bsc#1201694). - CVE-2022-21541: Fixed a potential Java sandbox bypass (bsc#1201692). - CVE-2022-34169: Fixed an issue where arbitrary bytecode could be executed via a malicious stylesheet (bsc#1201684). - Non-security fixes: - Allowed for customization of PKCS12 keystores (bsc#1195163). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2860-1 Released: Mon Aug 22 03:23:35 2022 Summary: Recommended update for crmsh Type: recommended Severity: moderate References: 1199325,1199412,1199634 This update for crmsh fixes the following issues: - Fix 'unexpected output' error when using `crmadmin -S` (bsc#1199412) - Stop and disable csync2.socket on removed node (bsc#1199325) - crm report: use sudo when under non root and hacluster user (bsc#1199634) - crm report: put info/warning/debug messages into stdout ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2866-1 Released: Mon Aug 22 15:36:30 2022 Summary: Security update for systemd-presets-common-SUSE Type: security Severity: moderate References: 1199524,1200485,CVE-2022-1706 This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter 'user', the save/apply-changes commands now work with user services instead of system ones (bsc#1200485) - Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (bsc#1200485) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2868-1 Released: Mon Aug 22 17:08:34 2022 Summary: Security update for u-boot Type: security Severity: important References: 1201213,CVE-2022-33103 This update for u-boot fixes the following issues: - CVE-2022-33103: Fixed a flaw in the squashfs subsystem that could lead to arbitrary code execution (bsc#1201213). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2870-1 Released: Mon Aug 22 23:02:55 2022 Summary: Security update for rubygem-rails-html-sanitizer Type: security Severity: moderate References: 1201183,CVE-2022-32209 This update for rubygem-rails-html-sanitizer fixes the following issues: - CVE-2022-32209: Fixed a potential content injection under specific configurations (bsc#1201183). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2874-1 Released: Tue Aug 23 10:33:35 2022 Summary: Security update for perl-HTTP-Daemon Type: security Severity: moderate References: 1201157,CVE-2022-31081 This update for perl-HTTP-Daemon fixes the following issues: - CVE-2022-31081: Fixed request smuggling in HTTP::Daemon (bsc#1201157). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2875-1 Released: Tue Aug 23 13:19:13 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1178134,1196616,1198829,1199364,1199647,1199665,1199670,1200015,1200521,1200598,1200644,1200651,1200762,1200910,1201196,1201206,1201251,1201381,1201429,1201442,1201458,1201635,1201636,1201644,1201645,1201664,1201672,1201673,1201676,1201846,1201930,1201940,1201954,1201956,1201958,1202154,CVE-2020-36516,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1116,CVE-2022-1462,CVE-2022-20166,CVE-2022-21505,CVE-2022-2318,CVE-2022-26365,CVE-2022-2639,CVE-2022-29581,CVE-2022-32250,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36516: Fixed TCP session data injection vulnerability via the mixed IPID assignment method (bnc#1196616). - CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could lead to a use-after-free (bnc#1201429). - CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636). - CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which allowed a local attacker to cause memory corruption and escalate privileges to root (bnc#1199647). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds write in reserve_sfa_size() (bsc#1202154). - CVE-2022-20166: Fixed possible out of bounds write due to sprintf unsafety that could cause local escalation of privilege (bnc#1200598) - CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665). - CVE-2022-32250: Fixed user-after-free in net/netfilter/nf_tables_api.c that could allow local privilege escalation (bnc#1200015). - CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940). The following non-security bugs were fixed: - ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes). - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes). - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes). - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes). - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes). - ASoC: Remove unused hw_write_t type (git-fixes). - ASoC: cs47l15: Fix event generation for low power mux control (git-fixes). - ASoC: madera: Fix event generation for OUT1 demux (git-fixes). - ASoC: madera: Fix event generation for rate controls (git-fixes). - ASoC: ops: Fix off by one in range control validation (git-fixes). - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes). - ASoC: wm5110: Fix DRE control (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes). - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes). - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR (git-fixes). - FDDI: defxx: Make MMIO the configuration default except for EISA (git-fixes). - Fixed a system crash related to the recent RETBLEED mitigation (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676). - Fixed battery detection problem on macbooks (bnc#1201206). - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes). - KVM/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - KVM: VMX: Add non-canonical check on writes to RTIT address MSRs (git-fixes). - KVM: VMX: Do not freeze guest when event delivery causes an APIC-access exit (git-fixes). - KVM: apic: avoid calculating pending eoi from an uninitialized val (git-fixes). - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442) - KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes) - KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs (git-fixes). - KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1 (git-fixes). - KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh() (git-fixes). - KVM: x86: Do not let userspace set host-reserved cr4 bits (git-fixes). - KVM: x86: Fix split-irqchip vs interrupt injection window request (git-fixes). - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (git-fixes). - KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted (git-fixes). - KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint (git-fixes). - NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes). - PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes). - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes). - PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes). - PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes). - PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes). - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes). - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes). - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes). - PCI: tegra194: Fix Root Port interrupt handling (git-fixes). - PCI: tegra194: Fix link up retry sequence (git-fixes). - PM: runtime: Remove link state checks in rpm_get/put_supplier() (git-fixes). - Sort in RETbleed backport into the sorted section Now that it is upstream.. - USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes). - USB: serial: fix tty-port initialized comments (git-fixes). - USB: serial: ftdi_sio: add Belimo device ids (git-fixes). - amd-xgbe: Update DMA coherency values (git-fixes). - arm64 module: set plt* section addresses to 0x0 (git-fixes) - arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes) - arm64: asm: Add new-style position independent function annotations (git-fixes) - arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (git-fixes) - arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (git-fixes) - arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes) - arm64: dts: marvell: espressobin: add ethernet alias (git-fixes) - arm64: dts: mcbin: support 2W SFP modules (git-fixes) - arm64: fix compat syscall return truncation (git-fixes) - arm64: fix inline asm in load_unaligned_zeropad() (git-fixes) - arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA (git-fixes) - arm64: module: remove (NOLOAD) from linker script (git-fixes) - arm64: module: rework special section handling (git-fixes) - arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes) - arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes) - arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes) - arm64: stackleak: fix current_top_of_stack() (git-fixes) - arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes) - arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes) - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes). - ath10k: do not enforce interrupt trigger type (git-fixes). - ax88179_178a: add ethtool_op_get_ts_info() (git-fixes). - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (git-fixes). - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN (git-fixes). - block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes). - block: Fix fsync always failed if once failed (git-fixes). - block: Fix wrong offset in bio_truncate() (git-fixes). - block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes). - block: do not delete queue kobject before its children (git-fixes). - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit (git-fixes). - bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#1199364). - bpf: Add config to allow loading modules with BTF mismatches (jsc#SLE-24559). - bpf: Add in-kernel split BTF support (jsc#SLE-24559). - bpf: Assign ID to vmlinux BTF and return extra info for BTF in GET_OBJ_INFO (jsc#SLE-24559). - bpf: Keep module's btf_data_size intact after load (jsc#SLE-24559). - bpf: Load and verify kernel module BTFs (jsc#SLE-24559). - bpf: Provide function to get vmlinux BTF information (jsc#SLE-24559). - bpf: Sanitize BTF data pointer after module is loaded (jsc#SLE-24559). - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes). - can: Break loopback loop on loopback documentation (git-fixes). - can: error: specify the values of data[5..7] of CAN error frames (git-fixes). - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes). - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: pch_can_error(): initialize errc before using it (git-fixes). - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes). - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes). - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes). - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes). - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes). - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes). - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes). - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes). - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes). - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes). - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes). - config: enable DEBUG_INFO_BTF This option allows users to access the btf type information for vmlinux but not kernel modules. - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes) - crypto: qat - disable registration of algorithms (git-fixes). - crypto: qat - fix memory leak in RSA (git-fixes). - crypto: qat - remove dma_free_coherent() for DH (git-fixes). - crypto: qat - remove dma_free_coherent() for RSA (git-fixes). - crypto: qat - set to zero DH parameters before free (git-fixes). - cxgb4: Fix the -Wmisleading-indentation warning (git-fixes). - dm btree remove: assign new_root only when removal succeeds (git-fixes). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size (git-fixes). - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (git-fixes). - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm integrity: conditionally disable 'recalculate' feature (git-fixes). - dm integrity: fix a crash if 'recalculate' used without 'internal_hash' (git-fixes). - dm integrity: fix error code in dm_integrity_ctr() (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm integrity: fix the maximum number of arguments (git-fixes). - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes). - dm persistent data: packed struct should have an aligned() attribute too (git-fixes). - dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences (git-fixes). - dm snapshot: fix crash with transient storage and zero chunk size (git-fixes). - dm snapshot: flush merged data before committing metadata (git-fixes). - dm snapshot: properly fix a crash when an origin has no snapshots (git-fixes). - dm space map common: fix division bug in sm_ll_find_free_block() (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm verity: fix FEC for RS roots unaligned to block size (git-fixes). - dm: fix mempool NULL pointer race when completing IO (git-fixes). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes). - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes). - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes). - do not call utsname() after ->nsproxy is NULL (bsc#1201196). - drbd: fix potential silent data corruption (git-fixes). - driver core: fix potential deadlock in __driver_attach (git-fixes). - drivers/net: Fix kABI in tun.c (git-fixes). - drivers: net: fix memory leak in atusb_probe (git-fixes). - drivers: net: fix memory leak in peak_usb_create_dev (git-fixes). - drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes). - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes). - drm/doc: Fix comment typo (git-fixes). - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes). - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes). - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes). - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes). - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes). - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes). - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes). - drm/mediatek: dpi: Remove output format of YUV (git-fixes). - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes). - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes). - drm/msm/mdp5: Fix global state lock backoff (git-fixes). - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes). - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes). - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes). - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes). - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes). - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes). - drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes). - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes). - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes). - drm/vc4: dsi: Correct DSI divider calculations (git-fixes). - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes). - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes). - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes). - drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes). - drm/vc4: plane: Remove subpixel positioning check (git-fixes). - drm: adv7511: override i2c address of cec before accessing it (git-fixes). - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes). - drm: bridge: sii8620: fix possible off-by-one (git-fixes). - fbcon: Disallow setting font bigger than screen size (git-fixes). - fbcon: Prevent that screen size is smaller than font size (git-fixes). - fbdev: fbmem: Fix logo center image dx issue (git-fixes). - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes). - fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes). - ftgmac100: Restart MAC HW once (git-fixes). - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes). - gpio: pca953x: only use single read/write for No AI mode (git-fixes). - gpio: pca953x: use the correct range when do regmap sync (git-fixes). - gpio: pca953x: use the correct register address when regcache sync during init (git-fixes). - hex2bin: make the function hex_to_bin constant-time (git-fixes). - hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#1199364). - hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364). - hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364). - hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#1199364). - hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364). - i2c: Fix a potential use after free (git-fixes). - i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes). - i2c: cadence: Support PEC for SMBus block read (git-fixes). - i2c: cadence: Unregister the clk notifier in error path (git-fixes). - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes). - ida: do not use BUG_ON() for debugging (git-fixes). - igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes). - iio: accel: bma220: Fix alignment for DMA safety (git-fixes). - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes). - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes). - iio: adc: max1027: Fix alignment for DMA safety (git-fixes). - iio: adc: max11100: Fix alignment for DMA safety (git-fixes). - iio: adc: max1118: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes). - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes). - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes). - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes). - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes). - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes). - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes). - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes). - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes). - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes). - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes). - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes). - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes). - ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes). - ima: Fix potential memory leak in ima_init_crypto() (git-fixes). - intel_th: Fix a resource leak in an error handling path (git-fixes). - intel_th: msu-sink: Potential dereference of null pointer (git-fixes). - intel_th: msu: Fix vmalloced buffers (git-fixes). - kABI workaround for rtsx_usb (git-fixes). - kabi: create module private struct to hold btf size/data (jsc#SLE-24559). - kbuild: Build kernel module BTFs if BTF is enabled and pahole supports it (jsc#SLE-24559). - kbuild: Skip module BTF generation for out-of-tree external modules (jsc#SLE-24559). - kbuild: add marker for build log of *.mod.o (jsc#SLE-24559). - kbuild: drop $(wildcard $^) check in if_changed* for faster rebuild (jsc#SLE-24559). - kbuild: rebuild modules when module linker scripts are updated (jsc#SLE-24559). - kbuild: rename any-prereq to newer-prereqs (jsc#SLE-24559). - kbuild: split final module linking out into Makefile.modfinal (jsc#SLE-24559). - lib/string.c: implement stpcpy (git-fixes). - linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (git-fixes). - linux/random.h: Remove arch_has_random, arch_has_random_seed (git-fixes). - linux/random.h: Use false with bool (git-fixes). - lkdtm: Disable return thunks in rodata.c (bsc#1178134). - macvlan: remove redundant null check on data (git-fixes). - md/bitmap: wait for external bitmap writes to complete during tear down (git-fixes). - md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes). - md: Set prev_flush_start and flush_bio in an atomic way (git-fixes). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - media: hdpvr: fix error value returns in hdpvr_read (git-fixes). - media: rc: increase rc-mm tolerance and add debug message (git-fixes). - media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle (git-fixes). - media: rtl28xxu: add missing sleep before probing slave demod (git-fixes). - media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes). - media: smipcie: fix interrupt handling and IR timeout (git-fixes). - media: tw686x: Register the irq at the end of probe (git-fixes). - media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device() (git-fixes). - media: v4l2-mem2mem: always consider OUTPUT queue during poll (git-fixes). - media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes). - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes). - memregion: Fix memregion_free() fallback definition (git-fixes). - memstick/ms_block: Fix a memory leak (git-fixes). - memstick/ms_block: Fix some incorrect memory allocation (git-fixes). - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes). - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes). - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes). - misc: rtsx_usb: use separate command and response buffers (git-fixes). - mm/slub: add missing TID updates on slab deactivation (git-fixes). - mm: fix page reference leak in soft_offline_page() (git fixes (mm/memory-failure)). - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes). - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes). - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes). - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes). - mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle (git-fixes). - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes). - net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#1199364). - net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364). - net/mlx5e: When changing XDP program without reset, take refs for XSK RQs (git-fixes). - net/sonic: Fix some resource leaks in error handling paths (git-fixes). - net: ag71xx: remove unnecessary MTU reservation (git-fixes). - net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function (git-fixes). - net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning (git-fixes). - net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP (git-fixes). - net: amd-xgbe: Reset link when the link never comes back (git-fixes). - net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout (git-fixes). - net: axienet: Handle deferred probe on clock properly (git-fixes). - net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port (git-fixes). - net: dsa: bcm_sf2: put device node before return (git-fixes). - net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE (git-fixes). - net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock (git-fixes). - net: enetc: fix incorrect TPID when receiving 802.1ad tagged packets (git-fixes). - net: enetc: keep RX ring consumer index in sync with hardware (git-fixes). - net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes). - net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown (git-fixes). - net: hns3: fix error mask definition of flow director (git-fixes). - net: hso: bail out on interrupt URB allocation failure (git-fixes). - net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes). - net: ll_temac: Fix potential NULL dereference in temac_probe() (git-fixes). - net: ll_temac: Use devm_platform_ioremap_resource_byname() (git-fixes). - net: macb: add function to disable all macb clocks (git-fixes). - net: macb: restore cmp registers on resume path (git-fixes). - net: macb: unprepare clocks in case of failure (git-fixes). - net: mscc: Fix OF_MDIO config check (git-fixes). - net: mvneta: Remove per-cpu queue mapping for Armada 3700 (git-fixes). - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes). - net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes (git-fixes). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: stmmac: fix CBS idleslope and sendslope calculation (git-fixes). - net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10 (git-fixes). - net: stmmac: fix watchdog timeout during suspend/resume stress test (git-fixes). - net: stmmac: stop each tx channel independently (git-fixes). - net: tun: set tun->dev->addr_len during TUNSETLINK processing (git-fixes). - net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes). - net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes). - net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes). - net: usb: ax88179_178a: remove redundant assignment to variable ret (git-fixes). - net: usb: ax88179_178a: write mac to hardware in get_mac_addr (git-fixes). - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - nvme: consider also host_iface when checking ip options (bsc#1199670). - octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes). - platform/olpc: Fix uninitialized data in debugfs write (git-fixes). - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes). - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - profiling: fix shift-out-of-bounds bugs (git fixes). - qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958). - r8169: fix accessing unset transport header (git-fixes). - random: document add_hwgenerator_randomness() with other input functions (git-fixes). - random: fix typo in comments (git-fixes). - random: remove useless header comment (git fixes). - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes). - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes). - rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer Dwarves 1.22 or newer is required to build kernels with BTF information embedded in modules. - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - sched/fair: Revise comment about lb decision matrix (git fixes (sched/fair)). - sched/membarrier: fix missing local execution of ipi_sync_rq_state() (git fixes (sched/membarrier)). - scripts: dummy-tools, add pahole (jsc#SLE-24559). - scsi: core: Fix error handling of scsi_host_alloc() (git-fixes). - scsi: core: Fix failure handling of scsi_add_host_with_dma() (git-fixes). - scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes). - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes). - scsi: core: Put LLD module refcnt after SCSI device is released (git-fixes). - scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956). - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956). - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956 bsc#1200521). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956). - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956). - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956). - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956). - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956). - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: sd: Fix potential NULL pointer dereference (git-fixes). - scsi: ufs: Release clock if DMA map fails (git-fixes). - scsi: ufs: handle cleanup correctly on devm_reset_control_get error (git-fixes). - serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes). - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes). - serial: stm32: Clear prev values before setting RTS delays (git-fixes). - soc: fsl: guts: machine variable might be unset (git-fixes). - soc: ixp4xx/npe: Fix unused match warning (git-fixes). - soundwire: bus_type: fix remove and shutdown support (git-fixes). - spi: <linux/spi/spi.h>: add missing struct kernel-doc entry (git-fixes). - spi: amd: Limit max transfer and message size (git-fixes). - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes). - sysctl: Fix data races in proc_dointvec() (git-fixes). - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes). - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes). - sysctl: Fix data races in proc_douintvec() (git-fixes). - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes). - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes). - thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes (kernel/time)). - usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes). - usb: dwc3: gadget: Fix event pending check (git-fixes). - usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes). - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). - usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes). - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). - usb: typec: add missing uevent when partner support PD (git-fixes). - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes). - usb: xhci: tegra: Fix error check (git-fixes). - usbnet: fix memory leak in error case (git-fixes). - video: of_display_timing.h: include errno.h (git-fixes). - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). - virtio-net: fix the race between refill work and close (git-fixes). - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). - virtio_mmio: Restore guest page size on resume (git-fixes). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes). - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes). - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes). - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes). - wifi: p54: add missing parentheses in p54_flush() (git-fixes). - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes). - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes). - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes). - x86/bugs: Remove apostrophe typo (bsc#1178134). - x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes). - x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). - xen: detect uninitialized xenbus in xenbus_init (git-fixes). - xen: do not continue xenstore initialization in case of errors (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2876-1 Released: Tue Aug 23 13:31:02 2022 Summary: Security update for gfbgraph Type: security Severity: important References: 1189850,CVE-2021-39358 This update for gfbgraph fixes the following issues: - CVE-2021-39358: Fixed missing TLS certificate verification (bsc#1189850). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2879-1 Released: Tue Aug 23 14:49:17 2022 Summary: Recommended update for scap-security-guide Type: recommended Severity: moderate References: 1200122,1200149,1200163 This update for scap-security-guide fixes the following issues: scap-security-guide was updated to 0.1.63 (jsc#ECO-3319): - multiple bugfixes in SUSE profiles - Expand project guidelines - Add Draft OCP4 STIG profile - Add anssi_bp28_intermediary profile - add products/uos20 to support UnionTech OS Server 20 - products/alinux3: Add CIS Alibaba Cloud Linux 3 profiles - Remove WRLinux Products - Update CIS RHEL8 Benchmark for v2.0.0 SUSE specific issues fixed: - stig: /etc/shadow group owner should not be root but shadow (bsc#1200149) - sles15_script-stig.sh: remediation_functions: No such file or directory (bsc#1200163) - SLES-15-010130 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity (bsc#1200122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2881-1 Released: Wed Aug 24 09:47:48 2022 Summary: Security update for spice Type: security Severity: important References: 1181686,CVE-2021-20201 This update for spice fixes the following issues: - CVE-2021-20201: Fixed an issue which could allow clients to cause a denial of service by repeatedly renegotiating a connection (bsc#1181686). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2882-1 Released: Wed Aug 24 10:34:31 2022 Summary: Security update for gnutls Type: security Severity: important References: 1202020,CVE-2022-2509 This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2883-1 Released: Wed Aug 24 10:35:29 2022 Summary: Security update for bluez Type: security Severity: important References: 1194704,CVE-2022-0204 This update for bluez fixes the following issues: - CVE-2022-0204: Fixed a buffer overflow in the implementation of the gatt protocol (bsc#1194704). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2889-1 Released: Thu Aug 25 04:11:03 2022 Summary: Recommended update for emacs-apel Type: recommended Severity: important References: 1197714 This update for emacs-apel fixes the following issues: - Fix build issue on SUSE Linux Enterprise 15 Service Pack 4 (bsc#1197714) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2891-1 Released: Thu Aug 25 08:02:48 2022 Summary: Security update for freerdp Type: security Severity: important References: 1191895,CVE-2021-41159,CVE-2022-41160 This update for freerdp fixes the following issues: - CVE-2021-41159: Fixed improper validation of client input (bsc#1191895). - CVE-2022-41160: Fixed improper region checks (bsc#1191895). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2896-1 Released: Thu Aug 25 11:09:47 2022 Summary: Security update for raptor Type: security Severity: moderate References: 1178903,CVE-2020-25713 This update for raptor fixes the following issues: - CVE-2020-25713: Fixed an out of bounds access triggered via a malformed input file (bsc#1178903). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2902-1 Released: Fri Aug 26 05:25:16 2022 Summary: Recommended update for Mesa Type: recommended Severity: moderate References: 1197045,1197046,1200965 This update for Mesa fixes the following issues: - Change default driver from 'iris' back to 'i965' for Intel Gen8-11 hardware; that way we also use the same driver used by X and Mesa (bsc#1200965, bsc#1197045, bsc#1197046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2908-1 Released: Fri Aug 26 11:36:03 2022 Summary: Security update for python-lxml Type: security Severity: important References: 1201253,CVE-2022-2309 This update for python-lxml fixes the following issues: - CVE-2022-2309: Fixed NULL pointer dereference due to state leak between parser runs (bsc#1201253). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2916-1 Released: Fri Aug 26 12:51:21 2022 Summary: Recommended update for aws-efs-utils Type: recommended Severity: critical References: This update for aws-efs-utils fixes the following issues: - Fix missing binaries from the previous update ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2921-1 Released: Fri Aug 26 15:17:43 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059 This update for systemd fixes the following issues: - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - tmpfiles: check for the correct directory ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2922-1 Released: Fri Aug 26 16:19:47 2022 Summary: Security update for libyang Type: security Severity: important References: 1186377,CVE-2021-28905 This update for libyang fixes the following issues: - CVE-2021-28905: Fixed a reachable assertion which could be exploited by an attacker to cause a denial of service (bsc#1186377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2923-1 Released: Fri Aug 26 16:20:26 2022 Summary: Security update for keepalived Type: security Severity: important References: 1193115,CVE-2021-44225 This update for keepalived fixes the following issues: - CVE-2021-44225: Fix a potential privilege escalation due to insufficient control in the D-Bus policy (bsc#1193115). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2924-1 Released: Sat Aug 27 10:08:23 2022 Summary: Recommended update for gcc10 Type: recommended Severity: moderate References: 1188076,1195628 This update for gcc10 fixes the following issues: Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794 * includes remaining regression fixes from the branch * Removes cyclades header use from libsanitizer. [bsc#1188076] - Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628] - Remove sys/rseq.h from include-fixed - Put libstdc++6-pp Requires on the shared library and drop to Recoomends. - Properly adjust license GPL-3.0 WITH GCC-exception-3.1 to GPL-3.0-or-later WITH GCC-exception-3.1 - Remove bits/unistd_ext.h from include-fixed - Force using llvm11 for amdgcn offloading since llvm12 doesn't yet work. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:2926-1 Released: Mon Aug 29 10:38:52 2022 Summary: Feature update for LibreOffice Type: feature Severity: moderate References: 1041090,1183308,1192616,1195881,1196017,1196212,1196499,1197017 This feature update for LibreOffice provides the following fixes: abseil-cpp: - Provide abseil-cpp version 20211102.0 as LibreOffice 7.3 dependency. (jsc#SLE-23447) - Mention already fixed issues. (fate#326485, bsc#1041090) libcuckoo: - Provide libcuckoo version 0.3 as LibreOffice dependency. (jsc#SLE-23447) libixion: - Update libixion from version 0.16.1 to version 0.17.0. (jsc#SLE-23447) - Build with mdds-2_0 instead of mdds-1.5. (jsc#SLE-23447) - Build with gcc11 and gcc11-c++. (jsc#SLE-23447) - Remove unneeded vulkan dependency - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303) libreoffice: - Update LibreOffice from version 7.2.5.1 to version 7.3.3.1. (jsc#SLE-23447, jsc#SLE-24021) * Update bundled dependencies: * gpgme from version 1.13.1 to version 1.16.0 * libgpg-error from version 1.37 to version 1.43 * libassuan from version 2.5.3 to version 2.5.5 * pdfium from version 4500 to version 4699 * skia from version m90-45c57e116ee0ce214bdf78405a4762722e4507d9 to version m97-a7230803d64ae9d44f4e1282444801119a3ae967 * boost from version 1_75 to version 1_77 * icu4c from version 69_1 to version 70_1 * On SUSE Linux Enterprise 15 SP3 and newer require curl-devel 7.68.0 or newer * New build dependencies: * abseil-cpp-devel * libassuan0 * libcuckoo-devel * libopenjp2 * requrire liborcus-0.17 instead of liborcus-0.16 * requrire mdds-2.0 instead of mdds-1.5 * Do not use serf-1 anymore but use curl instead. * Other fixes: * Extraneous/missing lines in table in Impress versus PowerPoint (bsc#1192616) * Text with tabs appears quite different in Impress than in PowerPoint (bsc#1196212) * Bullets appear larger and green instead of black. (bsc#1195881) * Enable gtk3_kde5 and make it possible to use gtk3 in kde with the kde filepicker (bsc#1197017) * Mention already fixed issues. (bsc#1183308, bsc#1196017, bsc#1196499) liborcus: - Update liborcus from version 0.16.1 to version 0.17.2. (jsc#SLE-23447) - Require mdds-2_0 instead of mdds-1.5. (jsc#SLE-23447) - Require libixion-0.17 instead of libixion-0.16. (jsc#SLE-23447) - Build with libtool and use autotools. (jsc#SLE-23447) - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303) mdds-2_0: - Provide mdds-2_0 version 2.0.2 as LibreOffice dependency. (jsc#SLE-23447) myspell-dictionaries: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303) - There are no visible changes for the final user. ucpp: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303) - There are no visible changes for the final user. xmlsec1: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303) - There are no visible changes for the final user. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2934-1 Released: Mon Aug 29 12:41:38 2022 Summary: Recommended update for kernel-livepatch-tools Type: recommended Severity: moderate References: 1200407 This update for kernel-livepatch-tools fixes the following issues: - Add patch expiration info to klp -vv patches output (jsc#SLE-23644) - Avoid error messages in the absence of the sysconfig file (bsc#1200407) - Add 'downgrade' command (jsc#SLE-23644) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2936-1 Released: Mon Aug 29 14:34:13 2022 Summary: Security update for open-vm-tools Type: security Severity: important References: 1202657,1202733,CVE-2022-31676 This update for open-vm-tools fixes the following issues: - Updated to version 12.1.0 (build 20219665) (bsc#1202733): - CVE-2022-31676: Fixed an issue that could allow unprivileged users inside a virtual machine to escalate privileges (bsc#1202657). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2941-1 Released: Tue Aug 30 10:51:09 2022 Summary: Security update for libslirp Type: security Severity: moderate References: 1187365,1201551,CVE-2021-3593 This update for libslirp fixes the following issues: - CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365). Non-security fixes: - Fix the version header (bsc#1201551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important References: 1181475 This update for procps fixes the following issues: - Fix 'free' command reporting misleading 'used' value (bsc#1181475) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2946-1 Released: Wed Aug 31 09:12:50 2022 Summary: Security update for postgresql10 Type: security Severity: important References: 1202368,CVE-2022-2625 This update for postgresql10 fixes the following issues: - Upgrade to 10.22: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2949-1 Released: Wed Aug 31 09:20:16 2022 Summary: Security update for java-1_8_0-ibm Type: security Severity: important References: 1201684,1201685,1201692,1201694,1202427,CVE-2022-21540,CVE-2022-21541,CVE-2022-21549,CVE-2022-34169 This update for java-1_8_0-ibm fixes the following issues: - Updated to Java 8.0 Service Refresh 7 Fix Pack 11 (bsc#1202427): - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets (bsc#1201684). - CVE-2022-21549: Fixed an issue that could lead to computing negative random exponentials (bsc#1201685). - CVE-2022-21541: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201692). - CVE-2022-21540: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201694). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2953-1 Released: Wed Aug 31 10:36:20 2022 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: moderate References: 1201612,1202706 This update for cloud-regionsrv-client fixes the following issues: - While the source code was updated to support SLE Micro the spec file was not updated for the new locations of the cache and the certs. Update the spec file to be consistent with the code implementation. (bsc#1202706) - Handle exception when trying to deregister a system form the server. (bsc#1201612) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2955-1 Released: Wed Aug 31 10:53:50 2022 Summary: Recommended update for bpftrace Type: recommended Severity: moderate References: 1200630 This update for bpftrace fixes the following issues: - do not link against the shared BFD libraries to avoid explicit binutils dependency (bsc#1200630) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2957-1 Released: Wed Aug 31 13:07:02 2022 Summary: Security update for gstreamer-plugins-good Type: security Severity: important References: 1201688,1201693,1201702,1201704,1201706,1201707,1201708,CVE-2022-1920,CVE-2022-1921,CVE-2022-1922,CVE-2022-1923,CVE-2022-1924,CVE-2022-1925,CVE-2022-2122 This update for gstreamer-plugins-good fixes the following issues: - CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688). - CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693). - CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702). - CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704). - CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706). - CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707). - CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2959-1 Released: Wed Aug 31 13:10:15 2022 Summary: Security update for rsync Type: security Severity: important References: 1201840,CVE-2022-29154 This update for rsync fixes the following issues: - CVE-2022-29154: Fixed an arbitrary file write issue that could be triggered by a malicious remote server (bsc#1201840). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2960-1 Released: Wed Aug 31 13:11:50 2022 Summary: Security update for ucode-intel Type: security Severity: moderate References: 1201727,CVE-2022-21233 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release (bsc#1201727): - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave (INTEL-SA-00657). See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html Other fixes: - Update for functional issues. See also: https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scalable-spec-update.html?wapkw=processor+specification+update - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx | ICX-SP | D0 | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile | RKL-S | B0 | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11 | ADL | C0 | 06-97-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-97-05/03 | 0000001f | 00000022 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12 | ADL | C0 | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12 ------------------------------------------------------------------ ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:2972-1 Released: Thu Sep 1 11:08:16 2022 Summary: Feature update for python-kubernetes Type: feature Severity: moderate References: This feature update for python-kubernetes provides: - Deliver python3-kubernetes to the Containers Module 15 SP4. (jsc#SLE-17904, MSC-443) * Deliver python3-google-auth to Basesystem Module 15 SP4 as dependency of python3-kubernetes. * Deliver python3-cachetools to Basesystem Module 15 SP4 as dependency of python3-google-auth. - There are no visible changes for the final user. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2974-1 Released: Thu Sep 1 12:24:13 2022 Summary: Recommended update for btrfsprogs Type: recommended Severity: moderate References: 1199391 This update for btrfsprogs fixes the following issues: - Build btrfsprogs against libudev-devel properly - Ignore path devices when scanning btrfs filesystem (bsc#1199391) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:2980-1 Released: Thu Sep 1 12:32:23 2022 Summary: Feature update for clamsap Type: feature Severity: moderate References: This update for clamsap provides: Update clamsap to version 0.104.3 (jsc#PED-805) - Fix XML MIME type detection using libmagic ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2982-1 Released: Thu Sep 1 12:33:47 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731,1200842 This update for util-linux fixes the following issues: - su: Change owner and mode for pty (bsc#1200842) - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) - mesg: use only stat() to get the current terminal status (bsc#1200842) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2987-1 Released: Thu Sep 1 14:20:06 2022 Summary: Security update for postgresql13 Type: security Severity: important References: 1198166,1202368,CVE-2022-2625 This update for postgresql13 fixes the following issues: - Update to 13.8: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2988-1 Released: Thu Sep 1 14:22:13 2022 Summary: Security update for postgresql12 Type: security Severity: important References: 1198166,1202368,CVE-2022-2625 This update for postgresql12 fixes the following issues: - Update to 12.12: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2989-1 Released: Thu Sep 1 14:24:28 2022 Summary: Security update for postgresql14 Type: security Severity: important References: 1198166,1200437,1202368,CVE-2022-2625 This update for postgresql14 fixes the following issues: - Upgrade to version 14.5: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). - Upgrade to version 14.4 (bsc#1200437) - Release notes: https://www.postgresql.org/docs/release/14.4/ - Release announcement: https://www.postgresql.org/about/news/p-2470/ - Prevent possible corruption of indexes created or rebuilt with the CONCURRENTLY option (bsc#1200437) - Pin to llvm13 until the next patchlevel update (bsc#1198166) The following package changes have been done: - apparmor-abstractions-2.13.6-150300.3.15.1 updated - apparmor-docs-2.13.6-150300.3.15.1 updated - apparmor-parser-lang-2.13.6-150300.3.15.1 updated - apparmor-profiles-2.13.6-150300.3.15.1 updated - apparmor-utils-2.13.6-150300.3.15.1 updated - apparmor-utils-lang-2.13.6-150300.3.15.1 updated - autoyast2-4.3.102-150300.3.47.1 updated - autoyast2-installation-4.3.102-150300.3.47.1 updated - btrfsprogs-udev-rules-4.19.1-150300.18.5.1 updated - elfutils-lang-0.177-150300.11.3.1 updated - firewall-macros-0.9.3-150300.3.9.1 updated - firewalld-0.9.3-150300.3.9.1 updated - firewalld-lang-0.9.3-150300.3.9.1 updated - gio-branding-SLE-15-150300.19.3.1 updated - glib2-lang-2.62.6-150200.3.9.1 updated - glibc-i18ndata-2.31-150300.37.1 updated - glibc-info-2.31-150300.37.1 updated - glibc-lang-2.31-150300.37.1 updated - gpg2-lang-2.2.27-150300.3.5.1 updated - grep-lang-3.1-150000.4.6.1 updated - grub2-arm64-efi-2.04-150300.22.20.2 updated - grub2-i386-pc-2.04-150300.22.20.2 updated - grub2-powerpc-ieee1275-2.04-150300.22.20.2 updated - grub2-snapper-plugin-2.04-150300.22.20.2 updated - grub2-systemd-sleep-plugin-2.04-150300.22.20.2 updated - grub2-x86_64-efi-2.04-150300.22.20.2 updated - gstreamer-plugins-good-lang-1.16.3-150200.3.9.1 updated - hwdata-0.358-150000.3.45.1 updated - icewm-lang-1.4.2-150000.7.15.1 updated - jackson-annotations-2.13.0-150200.3.6.1 updated - jackson-annotations-javadoc-2.13.0-150200.3.6.1 updated - jackson-core-2.13.0-150200.3.6.1 updated - jackson-core-javadoc-2.13.0-150200.3.6.1 updated - jackson-databind-2.13.0-150200.3.9.1 updated - jackson-databind-javadoc-2.13.0-150200.3.9.1 updated - kernel-devel-5.3.18-150300.59.90.1 updated - kernel-firmware-20210208-150300.4.10.1 updated - kernel-macros-5.3.18-150300.59.90.1 updated - libldap-data-2.4.46-150200.14.11.2 updated - libwebkit2gtk3-lang-2.36.5-150200.41.1 updated - mutt-doc-1.10.1-150000.3.23.1 updated - mutt-lang-1.10.1-150000.3.23.1 updated - myspell-de-20191219-150000.3.23.1 updated - myspell-de_AT-20191219-150000.3.23.1 updated - myspell-de_CH-20191219-150000.3.23.1 updated - myspell-de_DE-20191219-150000.3.23.1 updated - myspell-en-20191219-150000.3.23.1 updated - myspell-en_US-20191219-150000.3.23.1 updated - myspell-es-20191219-150000.3.23.1 updated - myspell-es_ES-20191219-150000.3.23.1 updated - myspell-hu_HU-20191219-150000.3.23.1 updated - myspell-nb_NO-20191219-150000.3.23.1 updated - myspell-no-20191219-150000.3.23.1 updated - myspell-pt_BR-20191219-150000.3.23.1 updated - myspell-ro-20191219-150000.3.23.1 updated - myspell-ro_RO-20191219-150000.3.23.1 updated - myspell-ru_RU-20191219-150000.3.23.1 updated - oath-toolkit-xml-2.6.2-150000.3.3.1 updated - osinfo-db-20220214-150300.3.5.1 updated - pam-doc-1.3.0-150000.6.58.3 updated - perl-HTTP-Daemon-6.01-150000.3.5.1 updated - postgresql-14-150300.10.9.12 updated - psmisc-lang-23.0-150000.6.22.1 updated - publicsuffix-20220405-150000.3.9.1 updated - python-rtslib-fb-common-2.1.74-150300.3.3.1 updated - python3-PyJWT-1.7.1-150200.3.3.1 updated - python3-apipkg-1.4-150000.3.2.1 added - python3-cachetools-4.1.0-150200.3.4.1 updated - python3-contextvars-2.4-150000.1.3.1 added - python3-cssselect-1.0.3-150000.3.3.1 updated - python3-dnspython-1.15.0-150000.3.2.1 updated - python3-firewall-0.9.3-150300.3.9.1 updated - python3-google-auth-1.21.2-150300.3.6.1 updated - python3-paramiko-2.4.2-150100.6.12.1 updated - python3-pip-20.0.2-150100.6.18.1 updated - python3-pip-wheel-20.0.2-150100.6.18.1 updated - python3-py-1.10.0-150000.5.9.2 updated - python3-python3-saml-1.7.0-150200.3.3.2 updated - python3-rtslib-fb-2.1.74-150300.3.3.1 updated - python3-zypp-plugin-0.6.3-150000.4.2.1 updated - salt-bash-completion-3004-150300.53.24.1 updated - salt-zsh-completion-3004-150300.53.24.1 updated - scap-security-guide-0.1.63-150000.1.45.1 updated - scap-security-guide-debian-0.1.63-150000.1.45.1 updated - scap-security-guide-redhat-0.1.63-150000.1.45.1 updated - scap-security-guide-ubuntu-0.1.63-150000.1.45.1 updated - strongswan-doc-5.8.2-150200.11.27.1 updated - supportutils-plugin-salt-1.2.0-150300.3.3.1 updated - suse-build-key-12.0-150000.8.25.1 updated - systemd-bash-completion-234-150000.24.111.1 updated - systemd-lang-246.16-150300.7.51.1 updated - systemd-presets-branding-SLE-15.1-150100.20.11.1 updated - systemd-presets-common-SUSE-15-150100.8.17.1 updated - tar-lang-1.34-150000.3.18.1 updated - tftpboot-installation-SLE-15-SP3-aarch64-16.56.15-150300.3.17.21 updated - tftpboot-installation-SLE-15-SP3-ppc64le-16.56.15-150300.3.17.21 updated - tftpboot-installation-SLE-15-SP3-s390x-16.56.15-150300.3.17.21 updated - tftpboot-installation-SLE-15-SP3-x86_64-16.56.15-150300.3.17.21 updated - timezone-java-2022a-150000.75.10.1 updated - ucode-amd-20210208-150300.4.10.1 updated - util-linux-lang-2.36.2-150300.4.23.1 updated - vim-data-8.2.5038-150000.5.21.1 updated - vim-data-common-8.2.5038-150000.5.21.1 updated - xkeyboard-config-2.23.1-150000.3.12.1 updated - xkeyboard-config-lang-2.23.1-150000.3.12.1 updated - xorg-x11-Xvnc-novnc-1.9.0-150100.19.17.1 updated - xscreensaver-lang-5.44-150000.5.6.1 updated - yast2-installation-4.3.52-150300.3.30.1 updated - yast2-network-4.3.82-150300.3.28.1 updated - yast2-online-update-configuration-4.3.3-150300.3.3.1 updated - yast2-samba-client-4.3.5-150300.3.9.1 updated - zypper-log-1.14.53-150200.33.1 updated - zypper-needs-restarting-1.14.53-150200.33.1 updated - Mesa-20.2.4-150300.59.3.1 updated - Mesa-32bit-20.2.4-150300.59.3.1 updated - Mesa-KHR-devel-20.2.4-150300.59.3.1 updated - Mesa-devel-20.2.4-150300.59.3.1 updated - Mesa-dri-20.2.4-150300.59.3.1 updated - Mesa-dri-32bit-20.2.4-150300.59.3.1 updated - Mesa-dri-devel-20.2.4-150300.59.3.1 updated - Mesa-gallium-20.2.4-150300.59.3.1 updated - Mesa-gallium-32bit-20.2.4-150300.59.3.1 updated - Mesa-libEGL-devel-20.2.4-150300.59.3.1 updated - Mesa-libEGL1-20.2.4-150300.59.3.1 updated - Mesa-libEGL1-32bit-20.2.4-150300.59.3.1 updated - Mesa-libGL-devel-20.2.4-150300.59.3.1 updated - Mesa-libGL1-20.2.4-150300.59.3.1 updated - Mesa-libGL1-32bit-20.2.4-150300.59.3.1 updated - Mesa-libGLESv1_CM-devel-20.2.4-150300.59.3.1 updated - Mesa-libGLESv2-devel-20.2.4-150300.59.3.1 updated - Mesa-libGLESv3-devel-20.2.4-150300.59.3.1 updated - Mesa-libVulkan-devel-20.2.4-150300.59.3.1 updated - Mesa-libd3d-20.2.4-150300.59.3.1 updated - Mesa-libd3d-devel-20.2.4-150300.59.3.1 updated - Mesa-libglapi-devel-20.2.4-150300.59.3.1 updated - Mesa-libglapi0-20.2.4-150300.59.3.1 updated - Mesa-libglapi0-32bit-20.2.4-150300.59.3.1 updated - Mesa-libva-20.2.4-150300.59.3.1 updated - Mesa-vulkan-device-select-20.2.4-150300.59.3.1 updated - Mesa-vulkan-overlay-20.2.4-150300.59.3.1 updated - SUSEConnect-0.3.34-150300.20.3.3 updated - amavisd-new-2.11.1-150000.6.6.1 updated - amavisd-new-docs-2.11.1-150000.6.6.1 updated - apache2-2.4.51-150200.3.48.1 updated - apache2-prefork-2.4.51-150200.3.48.1 updated - apache2-utils-2.4.51-150200.3.48.1 updated - apparmor-parser-2.13.6-150300.3.15.1 updated - augeas-1.10.1-150000.3.12.1 updated - augeas-devel-1.10.1-150000.3.12.1 updated - augeas-lenses-1.10.1-150000.3.12.1 updated - autofs-5.1.3-150000.7.11.1 updated - binutils-2.37-150100.7.37.1 updated - binutils-devel-2.37-150100.7.37.1 updated - bluez-5.55-150300.3.11.1 updated - bluez-deprecated-5.55-150300.3.11.1 updated - btrfsprogs-4.19.1-150300.18.5.1 updated - ceph-common-15.2.16.99+g96ce9b152f5-150200.3.37.1 updated - cifs-utils-6.9-150100.5.18.1 updated - cifs-utils-devel-6.9-150100.5.18.1 updated - ckermit-9.0.302-150000.3.3.1 updated - clamav-0.103.6-150000.3.38.1 updated - clamav-devel-0.103.6-150000.3.38.1 updated - clang7-7.0.1-150100.3.22.2 updated - clang7-devel-7.0.1-150100.3.22.2 updated - collectd-5.10.0-150200.3.3.1 updated - collectd-plugin-connectivity-5.10.0-150200.3.3.1 updated - collectd-plugin-dbi-5.10.0-150200.3.3.1 updated - collectd-plugin-ipmi-5.10.0-150200.3.3.1 updated - collectd-plugin-java-5.10.0-150200.3.3.1 updated - collectd-plugin-lua-5.10.0-150200.3.3.1 updated - collectd-plugin-mcelog-5.10.0-150200.3.3.1 updated - collectd-plugin-memcachec-5.10.0-150200.3.3.1 updated - collectd-plugin-mysql-5.10.0-150200.3.3.1 updated - collectd-plugin-notify-desktop-5.10.0-150200.3.3.1 updated - collectd-plugin-nut-5.10.0-150200.3.3.1 updated - collectd-plugin-openldap-5.10.0-150200.3.3.1 updated - collectd-plugin-ovs-5.10.0-150200.3.3.1 updated - collectd-plugin-pcie-5.10.0-150200.3.3.1 updated - collectd-plugin-pinba-5.10.0-150200.3.3.1 updated - collectd-plugin-postgresql-5.10.0-150200.3.3.1 updated - collectd-plugin-procevent-5.10.0-150200.3.3.1 updated - collectd-plugin-python3-5.10.0-150200.3.3.1 updated - collectd-plugin-smart-5.10.0-150200.3.3.1 updated - collectd-plugin-snmp-5.10.0-150200.3.3.1 updated - collectd-plugin-synproxy-5.10.0-150200.3.3.1 updated - collectd-plugin-sysevent-5.10.0-150200.3.3.1 updated - collectd-plugin-uptime-5.10.0-150200.3.3.1 updated - collectd-plugin-virt-5.10.0-150200.3.3.1 updated - collectd-plugin-write_stackdriver-5.10.0-150200.3.3.1 updated - collectd-plugin-write_syslog-5.10.0-150200.3.3.1 updated - collectd-plugins-all-5.10.0-150200.3.3.1 updated - collectd-spamassassin-5.10.0-150200.3.3.1 updated - collectd-web-5.10.0-150200.3.3.1 updated - collectd-web-js-5.10.0-150200.3.3.1 updated - cups-2.2.7-150000.3.32.1 updated - cups-client-2.2.7-150000.3.32.1 updated - cups-config-2.2.7-150000.3.32.1 updated - cups-devel-2.2.7-150000.3.32.1 updated - curl-7.66.0-150200.4.36.1 updated - dhcp-4.3.6.P1-150000.6.14.1 updated - dhcp-client-4.3.6.P1-150000.6.14.1 updated - dhcp-devel-4.3.6.P1-150000.6.14.1 updated - dirmngr-2.2.27-150300.3.5.1 updated - dnsmasq-2.86-150100.7.20.1 updated - dracut-049.1+suse.238.gd8dbb075-150200.3.60.1 updated - dracut-fips-049.1+suse.238.gd8dbb075-150200.3.60.1 updated - dracut-ima-049.1+suse.238.gd8dbb075-150200.3.60.1 updated - e2fsprogs-1.43.8-150000.4.33.1 updated - e2fsprogs-devel-1.43.8-150000.4.33.1 updated - elfutils-0.177-150300.11.3.1 updated - fbiterm-0.5.20040304-150000.5.6.1 updated - fribidi-1.0.5-150200.3.6.1 updated - fribidi-devel-1.0.5-150200.3.6.1 updated - fwupdate-12-150100.11.10.1 updated - fwupdate-devel-12-150100.11.10.1 updated - fwupdate-efi-12-150100.11.10.1 updated - giflib-devel-5.2.1-150000.4.8.1 updated - git-core-2.35.3-150300.10.15.1 updated - glib2-devel-2.62.6-150200.3.9.1 updated - glib2-tools-2.62.6-150200.3.9.1 updated - glibc-2.31-150300.37.1 updated - glibc-32bit-2.31-150300.37.1 updated - glibc-devel-2.31-150300.37.1 updated - glibc-extra-2.31-150300.37.1 updated - glibc-locale-2.31-150300.37.1 updated - glibc-locale-base-2.31-150300.37.1 updated - glibc-locale-base-32bit-2.31-150300.37.1 updated - glibc-profile-2.31-150300.37.1 updated - gnutls-3.6.7-150200.14.19.2 updated - golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1 updated - gpg2-2.2.27-150300.3.5.1 updated - grep-3.1-150000.4.6.1 updated - grub2-2.04-150300.22.20.2 updated - gstreamer-plugins-good-1.16.3-150200.3.9.1 updated - gzip-1.10-150200.10.1 updated - harfbuzz-devel-2.6.4-150200.3.3.1 updated - hunspell-1.6.2-150000.3.11.1 updated - hunspell-devel-1.6.2-150000.3.11.1 updated - hunspell-tools-1.6.2-150000.3.11.1 updated - hwinfo-21.82-150300.3.3.1 updated - hwinfo-devel-21.82-150300.3.3.1 updated - icewm-1.4.2-150000.7.15.1 updated - icewm-default-1.4.2-150000.7.15.1 updated - icewm-lite-1.4.2-150000.7.15.1 updated - iscsiuio-0.7.8.6-150300.32.18.1 updated - java-11-openjdk-11.0.16.0-150000.3.83.1 updated - java-11-openjdk-demo-11.0.16.0-150000.3.83.1 updated - java-11-openjdk-devel-11.0.16.0-150000.3.83.1 updated - java-11-openjdk-headless-11.0.16.0-150000.3.83.1 updated - kernel-default-5.3.18-150300.59.90.1 updated - kernel-default-base-5.3.18-150300.59.90.1.150300.18.52.1 updated - kernel-default-devel-5.3.18-150300.59.90.1 updated - kernel-preempt-5.3.18-150300.59.90.1 updated - ldb-tools-2.4.3-150300.3.20.1 updated - ldns-devel-1.7.0-150000.4.8.1 updated - libLLVM7-32bit-7.0.1-150100.3.22.2 updated - libLLVM7-7.0.1-150100.3.22.2 updated - libLTO7-7.0.1-150100.3.22.2 updated - libOSMesa-devel-20.2.4-150300.59.3.1 updated - libOSMesa8-20.2.4-150300.59.3.1 updated - libXvnc1-1.9.0-150100.19.17.1 updated - libada10-10.4.0+git2794-150000.1.9.1 updated - libada10-32bit-10.4.0+git2794-150000.1.9.1 updated - libada11-11.3.0+git1637-150000.1.9.1 updated - libada11-32bit-11.3.0+git1637-150000.1.9.1 updated - libapparmor-devel-2.13.6-150300.3.15.1 updated - libapparmor1-2.13.6-150300.3.15.1 updated - libapparmor1-32bit-2.13.6-150300.3.15.1 updated - libarchive-devel-3.4.2-150200.4.6.1 updated - libarchive13-3.4.2-150200.4.6.1 updated - libasan6-11.3.0+git1637-150000.1.9.1 updated - libasan6-32bit-11.3.0+git1637-150000.1.9.1 updated - libasm-devel-0.177-150300.11.3.1 updated - libasm1-0.177-150300.11.3.1 updated - libatomic1-11.3.0+git1637-150000.1.9.1 updated - libatomic1-32bit-11.3.0+git1637-150000.1.9.1 updated - libaugeas0-1.10.1-150000.3.12.1 updated - libblkid-devel-2.36.2-150300.4.23.1 updated - libblkid-devel-static-2.36.2-150300.4.23.1 updated - libblkid1-2.36.2-150300.4.23.1 updated - libblkid1-32bit-2.36.2-150300.4.23.1 updated - libbluetooth3-5.55-150300.3.11.1 updated - libbtrfs-devel-4.19.1-150300.18.5.1 updated - libbtrfs0-4.19.1-150300.18.5.1 updated - libcaca-devel-0.99.beta19.git20171003-150200.11.6.1 updated - libcaca0-0.99.beta19.git20171003-150200.11.6.1 updated - libcaca0-plugins-0.99.beta19.git20171003-150200.11.6.1 updated - libcbor0-0.5.0-150100.4.6.1 updated - libcephfs-devel-15.2.16.99+g96ce9b152f5-150200.3.37.1 updated - libcephfs2-15.2.16.99+g96ce9b152f5-150200.3.37.1 updated - libclamav9-0.103.6-150000.3.38.1 updated - libclang7-7.0.1-150100.3.22.2 updated - libcollectdclient-devel-5.10.0-150200.3.3.1 updated - libcollectdclient1-5.10.0-150200.3.3.1 updated - libcom_err-devel-1.43.8-150000.4.33.1 updated - libcom_err-devel-static-1.43.8-150000.4.33.1 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libcom_err2-32bit-1.43.8-150000.4.33.1 updated - libcrypt1-32bit-4.4.15-150300.4.4.3 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libctf-nobfd0-2.37-150100.7.37.1 updated - libctf0-2.37-150100.7.37.1 updated - libcups2-2.2.7-150000.3.32.1 updated - libcups2-32bit-2.2.7-150000.3.32.1 updated - libcupscgi1-2.2.7-150000.3.32.1 updated - libcupsimage2-2.2.7-150000.3.32.1 updated - libcupsmime1-2.2.7-150000.3.32.1 updated - libcupsppdc1-2.2.7-150000.3.32.1 updated - libcurl-devel-7.66.0-150200.4.36.1 updated - libcurl4-32bit-7.66.0-150200.4.36.1 updated - libcurl4-7.66.0-150200.4.36.1 updated - libdw-devel-0.177-150300.11.3.1 updated - libdw1-0.177-150300.11.3.1 updated - libdw1-32bit-0.177-150300.11.3.1 updated - libebl-devel-0.177-150300.11.3.1 updated - libebl-plugins-0.177-150300.11.3.1 updated - libebl-plugins-32bit-0.177-150300.11.3.1 updated - libelf-devel-0.177-150300.11.3.1 updated - libelf1-0.177-150300.11.3.1 updated - libelf1-32bit-0.177-150300.11.3.1 updated - libext2fs-devel-1.43.8-150000.4.33.1 updated - libext2fs-devel-static-1.43.8-150000.4.33.1 updated - libext2fs2-1.43.8-150000.4.33.1 updated - libfdisk-devel-2.36.2-150300.4.23.1 updated - libfdisk1-2.36.2-150300.4.23.1 updated - libfreebl3-3.79-150000.3.74.1 updated - libfreebl3-32bit-3.79-150000.3.74.1 updated - libfreebl3-hmac-3.79-150000.3.74.1 updated - libfreebl3-hmac-32bit-3.79-150000.3.74.1 updated - libfreshclam2-0.103.6-150000.3.38.1 updated - libfribidi0-1.0.5-150200.3.6.1 updated - libfwup1-12-150100.11.10.1 updated - libgbm-devel-20.2.4-150300.59.3.1 updated - libgbm1-20.2.4-150300.59.3.1 updated - libgbm1-32bit-20.2.4-150300.59.3.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libgcc_s1-32bit-11.3.0+git1637-150000.1.9.1 updated - libgdruntime2-11.3.0+git1637-150000.1.9.1 updated - libgdruntime2-32bit-11.3.0+git1637-150000.1.9.1 updated - libgfortran5-11.3.0+git1637-150000.1.9.1 updated - libgfortran5-32bit-11.3.0+git1637-150000.1.9.1 updated - libgif7-5.2.1-150000.4.8.1 updated - libgio-2_0-0-2.62.6-150200.3.9.1 updated - libgio-2_0-0-32bit-2.62.6-150200.3.9.1 updated - libglib-2_0-0-2.62.6-150200.3.9.1 updated - libglib-2_0-0-32bit-2.62.6-150200.3.9.1 updated - libgmodule-2_0-0-2.62.6-150200.3.9.1 updated - libgmodule-2_0-0-32bit-2.62.6-150200.3.9.1 updated - libgnutls-devel-3.6.7-150200.14.19.2 updated - libgnutls30-3.6.7-150200.14.19.2 updated - libgnutls30-32bit-3.6.7-150200.14.19.2 updated - libgnutls30-hmac-3.6.7-150200.14.19.2 updated - libgnutls30-hmac-32bit-3.6.7-150200.14.19.2 updated - libgnutlsxx-devel-3.6.7-150200.14.19.2 updated - libgnutlsxx28-3.6.7-150200.14.19.2 updated - libgo16-10.4.0+git2794-150000.1.9.1 updated - libgo16-32bit-10.4.0+git2794-150000.1.9.1 updated - libgo19-11.3.0+git1637-150000.1.9.1 updated - libgo19-32bit-11.3.0+git1637-150000.1.9.1 updated - libgobject-2_0-0-2.62.6-150200.3.9.1 updated - libgobject-2_0-0-32bit-2.62.6-150200.3.9.1 updated - libgomp1-11.3.0+git1637-150000.1.9.1 updated - libgomp1-32bit-11.3.0+git1637-150000.1.9.1 updated - libgphobos2-11.3.0+git1637-150000.1.9.1 updated - libgphobos2-32bit-11.3.0+git1637-150000.1.9.1 updated - libgthread-2_0-0-2.62.6-150200.3.9.1 updated - libharfbuzz-gobject0-2.6.4-150200.3.3.1 updated - libharfbuzz-icu0-2.6.4-150200.3.3.1 updated - libharfbuzz-subset0-2.6.4-150200.3.3.1 updated - libharfbuzz0-2.6.4-150200.3.3.1 updated - libharfbuzz0-32bit-2.6.4-150200.3.3.1 updated - libhunspell-1_6-0-1.6.2-150000.3.11.1 updated - libinput-devel-1.10.5-150000.3.3.1 updated - libinput-tools-1.10.5-150000.3.3.1 updated - libinput-udev-1.10.5-150000.3.3.1 updated - libinput10-1.10.5-150000.3.3.1 updated - libipa_hbac-devel-1.16.1-150300.23.31.1 updated - libipa_hbac0-1.16.1-150300.23.31.1 updated - libiterm1-0.5.20040304-150000.5.6.1 updated - libitm1-11.3.0+git1637-150000.1.9.1 updated - libitm1-32bit-11.3.0+git1637-150000.1.9.1 updated - libjasper4-2.0.14-150000.3.25.1 updated - libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libldap-2_4-2-32bit-2.4.46-150200.14.11.2 updated - libldb-devel-2.4.3-150300.3.20.1 updated - libldb2-2.4.3-150300.3.20.1 updated - libldb2-32bit-2.4.3-150300.3.20.1 updated - libldns2-1.7.0-150000.4.8.1 updated - libleveldb1-1.18-150000.3.3.1 updated - liblsan0-11.3.0+git1637-150000.1.9.1 updated - libminizip1-1.2.11-150000.3.33.1 updated - libmount-devel-2.36.2-150300.4.23.1 updated - libmount1-2.36.2-150300.4.23.1 updated - libmount1-32bit-2.36.2-150300.4.23.1 updated - libmpx2-8.2.1+r264010-150000.1.6.4 updated - libmpxwrappers2-8.2.1+r264010-150000.1.6.4 updated - libncurses6-32bit-6.1-150000.5.12.1 updated - libncurses6-6.1-150000.5.12.1 updated - libnftables1-0.9.8-150300.3.3.1 updated - libnm0-1.22.10-150200.3.18.1 updated - libnss_nis2-3.0-150000.3.3.1 updated - libnss_nis2-32bit-3.0-150000.3.3.1 updated - liboath-devel-2.6.2-150000.3.3.1 updated - liboath0-2.6.2-150000.3.3.1 updated - libobjc4-11.3.0+git1637-150000.1.9.1 updated - libobjc4-32bit-11.3.0+git1637-150000.1.9.1 updated - libomp7-devel-7.0.1-150100.3.22.2 updated - libopeniscsiusr0_2_0-2.1.7-150300.32.18.1 updated - libopenssl-1_1-devel-1.1.1d-150200.11.51.1 updated - libopenssl1_1-1.1.1d-150200.11.51.1 updated - libopenssl1_1-32bit-1.1.1d-150200.11.51.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated - libopenssl1_1-hmac-32bit-1.1.1d-150200.11.51.1 updated - libp11-kit0-0.23.2-150000.4.16.1 updated - libp11-kit0-32bit-0.23.2-150000.4.16.1 updated - libpcre1-32bit-8.45-150000.20.13.1 updated - libpcre1-8.45-150000.20.13.1 updated - libpcre16-0-8.45-150000.20.13.1 updated - libpcre2-16-0-10.31-150000.3.12.1 updated - libpcre2-32-0-10.31-150000.3.12.1 updated - libpcre2-8-0-10.31-150000.3.12.1 updated - libpcre2-posix2-10.31-150000.3.12.1 updated - libpcrecpp0-32bit-8.45-150000.20.13.1 updated - libpcrecpp0-8.45-150000.20.13.1 updated - libpcreposix0-8.45-150000.20.13.1 updated - libpq5-14.5-150200.5.17.1 updated - libprocps7-3.3.15-150000.7.25.1 updated - libpsl-devel-0.20.1-150000.3.3.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libpsl5-32bit-0.20.1-150000.3.3.1 updated - libpython2_7-1_0-2.7.18-150000.41.1 updated - libpython3_6m1_0-3.6.15-150300.10.27.1 updated - libpython3_9-1_0-3.9.13-150300.4.13.1 updated - libquadmath0-11.3.0+git1637-150000.1.9.1 updated - libquadmath0-32bit-11.3.0+git1637-150000.1.9.1 updated - librados-devel-15.2.16.99+g96ce9b152f5-150200.3.37.1 updated - librados2-15.2.16.99+g96ce9b152f5-150200.3.37.1 updated - libradospp-devel-15.2.16.99+g96ce9b152f5-150200.3.37.1 updated - librbd-devel-15.2.16.99+g96ce9b152f5-150200.3.37.1 updated - librbd1-15.2.16.99+g96ce9b152f5-150200.3.37.1 updated - librgw-devel-15.2.16.99+g96ce9b152f5-150200.3.37.1 updated - librgw2-15.2.16.99+g96ce9b152f5-150200.3.37.1 updated - libruby2_5-2_5-2.5.9-150000.4.23.1 updated - libsamba-policy-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - libsamba-policy-python3-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - libsamba-policy0-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - libsmartcols-devel-2.36.2-150300.4.23.1 updated - libsmartcols1-2.36.2-150300.4.23.1 updated - libsoftokn3-3.79-150000.3.74.1 updated - libsoftokn3-32bit-3.79-150000.3.74.1 updated - libsoftokn3-hmac-3.79-150000.3.74.1 updated - libsoftokn3-hmac-32bit-3.79-150000.3.74.1 updated - libsss_certmap-devel-1.16.1-150300.23.31.1 updated - libsss_certmap0-1.16.1-150300.23.31.1 updated - libsss_idmap-devel-1.16.1-150300.23.31.1 updated - libsss_idmap0-1.16.1-150300.23.31.1 updated - libsss_nss_idmap-devel-1.16.1-150300.23.31.1 updated - libsss_nss_idmap0-1.16.1-150300.23.31.1 updated - libsss_simpleifp-devel-1.16.1-150300.23.31.1 updated - libsss_simpleifp0-1.16.1-150300.23.31.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-32bit-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-devel-gcc10-10.4.0+git2794-150000.1.9.1 updated - libstdc++6-devel-gcc11-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-locale-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-pp-gcc10-10.4.0+git2794-150000.1.9.1 updated - libstdc++6-pp-gcc10-32bit-10.4.0+git2794-150000.1.9.1 updated - libstdc++6-pp-gcc11-11.3.0+git1637-150000.1.9.1 updated - libstdc++6-pp-gcc11-32bit-11.3.0+git1637-150000.1.9.1 updated - libsystemd0-246.16-150300.7.51.1 updated - libsystemd0-32bit-246.16-150300.7.51.1 updated - libtiff-devel-4.0.9-150000.45.11.1 updated - libtiff5-4.0.9-150000.45.11.1 updated - libtirpc-devel-1.2.6-150300.3.6.1 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - libtirpc3-32bit-1.2.6-150300.3.6.1 updated - libtsan0-11.3.0+git1637-150000.1.9.1 updated - libubsan1-11.3.0+git1637-150000.1.9.1 updated - libubsan1-32bit-11.3.0+git1637-150000.1.9.1 updated - libudev-devel-246.16-150300.7.51.1 updated - libudev1-246.16-150300.7.51.1 updated - libudev1-32bit-246.16-150300.7.51.1 updated - libunbound2-1.6.8-150100.10.8.1 updated - libupsclient1-2.7.4-150000.6.3.1 updated - libuuid-devel-2.36.2-150300.4.23.1 updated - libuuid-devel-static-2.36.2-150300.4.23.1 updated - libuuid1-2.36.2-150300.4.23.1 updated - libuuid1-32bit-2.36.2-150300.4.23.1 updated - libv4l-1.14.1-150000.3.3.1 updated - libv4l1-0-1.14.1-150000.3.3.1 updated - libv4l2-0-1.14.1-150000.3.3.1 updated - libv4lconvert0-1.14.1-150000.3.3.1 updated - libvdpau_r300-20.2.4-150300.59.3.1 updated - libvdpau_r600-20.2.4-150300.59.3.1 updated - libvdpau_radeonsi-20.2.4-150300.59.3.1 updated - libvirt-libs-7.1.0-150300.6.29.1 updated - libvmtools-devel-12.1.0-150300.19.1 updated - libvmtools0-12.1.0-150300.19.1 updated - libvulkan_intel-20.2.4-150300.59.3.1 updated - libvulkan_radeon-20.2.4-150300.59.3.1 updated - libwavpack1-5.4.0-150000.4.15.1 updated - libwebkit2gtk-4_0-37-2.36.5-150200.41.1 updated - libwsman3-2.6.7-150000.3.12.2 updated - libxatracker-devel-1.0.0-150300.59.3.1 updated - libxatracker2-1.0.0-150300.59.3.1 updated - libxcrypt-devel-4.4.15-150300.4.4.3 updated - libxml2-2-2.9.7-150000.3.46.1 updated - libxml2-2-32bit-2.9.7-150000.3.46.1 updated - libxml2-devel-2.9.7-150000.3.46.1 updated - libxml2-tools-2.9.7-150000.3.46.1 updated - libxmlsec1-1-1.2.28-150100.7.11.1 updated - libxmlsec1-nss1-1.2.28-150100.7.11.1 updated - libxmlsec1-openssl1-1.2.28-150100.7.11.1 updated - libz1-1.2.11-150000.3.33.1 updated - libz1-32bit-1.2.11-150000.3.33.1 updated - libzypp-17.30.2-150200.39.1 updated - libzypp-devel-17.30.2-150200.39.1 updated - lksctp-tools-1.0.17-150000.3.3.1 updated - lksctp-tools-devel-1.0.17-150000.3.3.1 updated - llvm7-7.0.1-150100.3.22.2 updated - llvm7-LTO-devel-7.0.1-150100.3.22.2 updated - llvm7-devel-7.0.1-150100.3.22.2 updated - llvm7-gold-7.0.1-150100.3.22.2 updated - llvm7-polly-7.0.1-150100.3.22.2 updated - llvm7-polly-devel-7.0.1-150100.3.22.2 updated - logrotate-3.13.0-150000.4.7.1 updated - mdadm-4.1-150300.24.15.1 updated - minizip-devel-1.2.11-150000.3.33.1 updated - mokutil-0.4.0-150200.4.6.1 updated - mozilla-nspr-32bit-4.34-150000.3.23.1 updated - mozilla-nspr-4.34-150000.3.23.1 updated - mozilla-nspr-devel-4.34-150000.3.23.1 updated - mozilla-nss-3.79-150000.3.74.1 updated - mozilla-nss-32bit-3.79-150000.3.74.1 updated - mozilla-nss-certs-3.79-150000.3.74.1 updated - mozilla-nss-certs-32bit-3.79-150000.3.74.1 updated - mozilla-nss-devel-3.79-150000.3.74.1 updated - mozilla-nss-sysinit-3.79-150000.3.74.1 updated - mozilla-nss-tools-3.79-150000.3.74.1 updated - mutt-1.10.1-150000.3.23.1 updated - myspell-dictionaries-20191219-150000.3.23.1 updated - myspell-lightproof-en-20191219-150000.3.23.1 updated - myspell-lightproof-hu_HU-20191219-150000.3.23.1 updated - myspell-lightproof-pt_BR-20191219-150000.3.23.1 updated - myspell-lightproof-ru_RU-20191219-150000.3.23.1 updated - ncurses-devel-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - nftables-0.9.8-150300.3.3.1 updated - nscd-2.31-150300.37.1 updated - nvme-cli-1.13-150300.3.17.1 updated - open-iscsi-2.1.7-150300.32.18.1 updated - open-iscsi-devel-2.1.7-150300.32.18.1 updated - open-vm-tools-12.1.0-150300.19.1 updated - open-vm-tools-sdmp-12.1.0-150300.19.1 updated - openldap2-client-2.4.46-150200.14.11.2 updated - openldap2-devel-2.4.46-150200.14.11.2 updated - openldap2-devel-static-2.4.46-150200.14.11.2 updated - openssl-1_1-1.1.1d-150200.11.51.1 updated - p11-kit-0.23.2-150000.4.16.1 updated - p11-kit-devel-0.23.2-150000.4.16.1 updated - p11-kit-nss-trust-0.23.2-150000.4.16.1 updated - p11-kit-tools-0.23.2-150000.4.16.1 updated - pam-1.3.0-150000.6.58.3 updated - pam-32bit-1.3.0-150000.6.58.3 updated - pam-devel-1.3.0-150000.6.58.3 updated - pam-extra-1.3.0-150000.6.58.3 updated - pam-extra-32bit-1.3.0-150000.6.58.3 updated - pam_apparmor-2.13.6-150300.3.15.1 updated - pam_apparmor-32bit-2.13.6-150300.3.15.1 updated - patch-2.7.6-150000.5.3.1 updated - pcre-devel-8.45-150000.20.13.1 updated - pcre-tools-8.45-150000.20.13.1 updated - pcre2-devel-10.31-150000.3.12.1 updated - perl-5.26.1-150300.17.3.1 updated - perl-Bootloader-0.939-150300.3.6.1 updated - perl-Git-2.35.3-150300.10.15.1 updated - perl-XML-LibXML-2.0132-150000.3.3.1 updated - perl-apparmor-2.13.6-150300.3.15.1 updated - perl-base-32bit-5.26.1-150300.17.3.1 updated - perl-base-5.26.1-150300.17.3.1 updated - perl-core-DB_File-5.26.1-150300.17.3.1 updated - postgresql13-13.8-150200.5.31.1 updated - postgresql14-14.5-150200.5.17.1 updated - procps-3.3.15-150000.7.25.1 updated - procps-devel-3.3.15-150000.7.25.1 updated - psmisc-23.0-150000.6.22.1 updated - python-2.7.18-150000.41.1 updated - python-base-2.7.18-150000.41.1 updated - python-dmidecode-3.12.2-2.74 updated - python3-3.6.15-150300.10.27.1 updated - python3-M2Crypto-0.35.2-150000.3.14.1 updated - python3-apparmor-2.13.6-150300.3.15.1 updated - python3-base-3.6.15-150300.10.27.1 updated - python3-ceph-argparse-15.2.16.99+g96ce9b152f5-150200.3.37.1 updated - python3-ceph-common-15.2.16.99+g96ce9b152f5-150200.3.37.1 updated - python3-cephfs-15.2.16.99+g96ce9b152f5-150200.3.37.1 updated - python3-curses-3.6.15-150300.10.27.1 updated - python3-dbm-3.6.15-150300.10.27.1 updated - python3-devel-3.6.15-150300.10.27.1 updated - python3-dmidecode-3.12.2-2.74 updated - python3-idle-3.6.15-150300.10.27.1 updated - python3-immutables-0.11-150000.1.3.1 added - python3-ldb-2.4.3-150300.3.20.1 updated - python3-ldb-devel-2.4.3-150300.3.20.1 updated - python3-libxml2-python-2.9.7-150000.3.46.1 updated - python3-lxml-4.7.1-150200.3.10.1 updated - python3-lxml-devel-4.7.1-150200.3.10.1 updated - python3-nftables-0.9.8-150300.3.3.1 updated - python3-rados-15.2.16.99+g96ce9b152f5-150200.3.37.1 updated - python3-rbd-15.2.16.99+g96ce9b152f5-150200.3.37.1 updated - python3-rgw-15.2.16.99+g96ce9b152f5-150200.3.37.1 updated - python3-salt-3004-150300.53.24.1 updated - python3-sssd-config-1.16.1-150300.23.31.1 updated - python3-tk-3.6.15-150300.10.27.1 updated - python39-3.9.13-150300.4.13.1 updated - python39-base-3.9.13-150300.4.13.1 updated - python39-curses-3.9.13-150300.4.13.1 updated - python39-dbm-3.9.13-150300.4.13.1 updated - python39-devel-3.9.13-150300.4.13.1 updated - python39-idle-3.9.13-150300.4.13.1 updated - python39-tk-3.9.13-150300.4.13.1 updated - qemu-tools-5.2.0-150300.115.2 updated - rados-objclass-devel-15.2.16.99+g96ce9b152f5-150200.3.37.1 updated - rbd-nbd-15.2.16.99+g96ce9b152f5-150200.3.37.1 updated - rsync-3.1.3-150000.4.13.1 updated - rsyslog-8.2106.0-150200.4.29.1 updated - ruby2.5-2.5.9-150000.4.23.1 updated - ruby2.5-devel-2.5.9-150000.4.23.1 updated - ruby2.5-devel-extra-2.5.9-150000.4.23.1 updated - ruby2.5-stdlib-2.5.9-150000.4.23.1 updated - rzsz-0.12.21~rc-150000.3.3.2 updated - salt-3004-150300.53.24.1 updated - salt-doc-3004-150300.53.24.1 updated - salt-minion-3004-150300.53.24.1 updated - samba-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - samba-ad-dc-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - samba-ad-dc-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - samba-ceph-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - samba-client-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - samba-client-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - samba-client-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - samba-devel-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - samba-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - samba-dsdb-modules-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - samba-gpupdate-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - samba-ldb-ldap-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - samba-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - samba-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - samba-libs-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - samba-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - samba-tool-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - samba-winbind-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - samba-winbind-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - samba-winbind-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - sssd-1.16.1-150300.23.31.1 updated - sssd-ad-1.16.1-150300.23.31.1 updated - sssd-common-1.16.1-150300.23.31.1 updated - sssd-common-32bit-1.16.1-150300.23.31.1 updated - sssd-dbus-1.16.1-150300.23.31.1 updated - sssd-ipa-1.16.1-150300.23.31.1 updated - sssd-krb5-1.16.1-150300.23.31.1 updated - sssd-krb5-common-1.16.1-150300.23.31.1 updated - sssd-ldap-1.16.1-150300.23.31.1 updated - sssd-proxy-1.16.1-150300.23.31.1 updated - sssd-tools-1.16.1-150300.23.31.1 updated - sssd-winbind-idmap-1.16.1-150300.23.31.1 updated - strongswan-5.8.2-150200.11.27.1 updated - strongswan-hmac-5.8.2-150200.11.27.1 updated - strongswan-ipsec-5.8.2-150200.11.27.1 updated - strongswan-libs0-5.8.2-150200.11.27.1 updated - systemd-246.16-150300.7.51.1 updated - systemd-32bit-246.16-150300.7.51.1 updated - systemd-container-246.16-150300.7.51.1 updated - systemd-coredump-246.16-150300.7.51.1 updated - systemd-devel-246.16-150300.7.51.1 updated - systemd-doc-246.16-150300.7.51.1 updated - systemd-journal-remote-246.16-150300.7.51.1 updated - systemd-sysvinit-246.16-150300.7.51.1 updated - tack-6.1-150000.5.12.1 updated - tar-1.34-150000.3.18.1 updated - tar-rmt-1.34-150000.3.18.1 updated - terminfo-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - terminfo-iterm-6.1-150000.5.12.1 updated - terminfo-screen-6.1-150000.5.12.1 updated - tigervnc-1.9.0-150100.19.17.1 updated - timezone-2022a-150000.75.10.1 updated - typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.3.1 updated - typelib-1_0-NM-1_0-1.22.10-150200.3.18.1 updated - u-boot-tools-2021.01-150300.7.18.1 updated - ucode-intel-20220809-150200.18.1 updated - udev-246.16-150300.7.51.1 updated - unbound-anchor-1.6.8-150100.10.8.1 updated - unbound-devel-1.6.8-150100.10.8.1 updated - util-linux-2.36.2-150300.4.23.1 updated - util-linux-systemd-2.36.2-150300.4.23.1 updated - vim-8.2.5038-150000.5.21.1 updated - vim-small-8.2.5038-150000.5.21.1 updated - vulkan-1.0.65.0-150000.5.3.1 updated - webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1 updated - xen-libs-4.14.5_04-150300.3.32.1 updated - xen-tools-domU-4.14.5_04-150300.3.32.1 updated - xf86-video-vesa-2.4.0-150100.5.3.1 updated - xmlsec1-devel-1.2.28-150100.7.11.1 updated - xmlsec1-nss-devel-1.2.28-150100.7.11.1 updated - xmlsec1-openssl-devel-1.2.28-150100.7.11.1 updated - xorg-x11-Xvnc-1.9.0-150100.19.17.1 updated - xorg-x11-Xvnc-module-1.9.0-150100.19.17.1 updated - xorg-x11-server-1.20.3-150200.22.5.55.1 updated - xorg-x11-server-extra-1.20.3-150200.22.5.55.1 updated - xscreensaver-5.44-150000.5.6.1 updated - xscreensaver-data-5.44-150000.5.6.1 updated - yast2-bootloader-4.3.31-150300.3.8.2 updated - yast2-schema-4.3.29-150300.3.15.1 updated - yast2-storage-ng-4.3.60-150300.3.21.1 updated - zlib-devel-1.2.11-150000.3.33.1 updated - zlib-devel-static-1.2.11-150000.3.33.1 updated - zypper-1.14.53-150200.33.1 updated - docker-bash-completion-20.10.17_ce-150000.166.1 updated - docker-fish-completion-20.10.17_ce-150000.166.1 updated - helm-bash-completion-3.8.0-150000.1.3.1 added - helm-zsh-completion-3.8.0-150000.1.3.1 added - podman-cni-config-3.4.7-150300.9.9.2 updated - python3-kubernetes-8.0.1-150100.3.7.1 updated - buildah-1.25.1-150300.8.6.1 updated - containerd-1.6.6-150000.73.2 updated - containerd-ctr-1.6.6-150000.73.2 added - docker-20.10.17_ce-150000.166.1 updated - helm-3.8.0-150000.1.3.1 added - helm-mirror-0.3.1-150000.1.13.1 updated - podman-3.4.7-150300.9.9.2 updated - runc-1.1.3-150000.30.1 updated - clutter-gtk-lang-1.8.4-150000.4.2.1 updated - clutter-lang-1.26.2-150000.4.2.1 updated - cogl-lang-1.22.2-150200.10.2.1 updated - emacs-apel-10.8-150000.3.3.1 updated - firewall-applet-0.9.3-150300.3.9.1 updated - firewall-config-0.9.3-150300.3.9.1 updated - fwupd-lang-1.5.8-150300.3.5.1 updated - gnome-packagekit-lang-3.32.0-150200.10.1 updated - gvfs-lang-1.42.2-150200.6.3.1 updated - liblouis-data-3.11.0-150200.3.3.1 updated - mutter-lang-3.34.6-150200.3.12.1 updated - upower-lang-0.99.11-150200.4.2.1 updated - ImageMagick-7.0.7.34-150200.10.31.1 updated - ImageMagick-config-7-SUSE-7.0.7.34-150200.10.31.1 updated - ImageMagick-config-7-upstream-7.0.7.34-150200.10.31.1 updated - ImageMagick-devel-7.0.7.34-150200.10.31.1 updated - MozillaFirefox-91.12.0-150200.152.53.1 updated - MozillaFirefox-devel-91.12.0-150200.152.53.1 updated - MozillaFirefox-translations-common-91.12.0-150200.152.53.1 updated - MozillaFirefox-translations-other-91.12.0-150200.152.53.1 updated - NetworkManager-1.22.10-150200.3.18.1 updated - atkmm1_6-devel-2.28.0-150200.3.2.1 updated - bluez-devel-5.55-150300.3.11.1 updated - cairomm1_0-devel-1.12.2-150000.3.2.1 updated - clutter-devel-1.26.2-150000.4.2.1 updated - clutter-gtk-devel-1.8.4-150000.4.2.1 updated - cogl-devel-1.22.2-150200.10.2.1 updated - dvd+rw-tools-7.1-150000.3.3.1 updated - fwupd-1.5.8-150300.3.5.1 updated - fwupd-devel-1.5.8-150300.3.5.1 updated - fwupdtpmevlog-1.5.8-150300.3.5.1 updated - gnome-packagekit-3.32.0-150200.10.1 updated - gstreamer-plugins-cogl-1.22.2-150200.10.2.1 updated - gvfs-1.42.2-150200.6.3.1 updated - gvfs-backend-afc-1.42.2-150200.6.3.1 updated - gvfs-backend-samba-1.42.2-150200.6.3.1 updated - gvfs-backends-1.42.2-150200.6.3.1 updated - gvfs-devel-1.42.2-150200.6.3.1 updated - gvfs-fuse-1.42.2-150200.6.3.1 updated - gvim-8.2.5038-150000.5.21.1 updated - leveldb-devel-1.18-150000.3.3.1 updated - libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.31.1 updated - libMagick++-devel-7.0.7.34-150200.10.31.1 updated - libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.31.1 updated - libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.31.1 updated - libMrm4-2.3.4-150000.3.5.1 updated - libMrm4-32bit-2.3.4-150000.3.5.1 updated - libUil4-2.3.4-150000.3.5.1 updated - libUil4-32bit-2.3.4-150000.3.5.1 updated - libXm4-2.3.4-150000.3.5.1 updated - libXm4-32bit-2.3.4-150000.3.5.1 updated - libXvnc-devel-1.9.0-150100.19.17.1 updated - libaom0-1.0.0-150200.3.12.1 updated - libatkmm-1_6-1-2.28.0-150200.3.2.1 updated - libatm1-2.5.2-150000.3.2.1 updated - libbluray-devel-1.3.0-150300.10.7.1 updated - libbluray2-1.3.0-150300.10.7.1 updated - libcairomm-1_0-1-1.12.2-150000.3.2.1 updated - libclutter-1_0-0-1.26.2-150000.4.2.1 updated - libclutter-gtk-1_0-0-1.8.4-150000.4.2.1 updated - libcogl-gles2-20-1.22.2-150200.10.2.1 updated - libcogl-pango20-1.22.2-150200.10.2.1 updated - libcogl20-1.22.2-150200.10.2.1 updated - libdvbv5-0-1.14.1-150000.3.3.1 updated - libdvbv5-devel-1.14.1-150000.3.3.1 updated - libfribidi0-32bit-1.0.5-150200.3.6.1 updated - libfwupd2-1.5.8-150300.3.5.1 updated - libfwupdplugin1-1.5.8-150300.3.5.1 updated - libjasper-devel-2.0.14-150000.3.25.1 updated - liblouis-devel-3.11.0-150200.3.3.1 updated - liblouis19-3.11.0-150200.3.3.1 updated - libmutter-5-0-3.34.6-150200.3.12.1 updated - libpangomm-1_4-1-2.42.0-150200.3.2.1 updated - libraptor-devel-2.0.15-150200.9.12.1 updated - libraptor2-0-2.0.15-150200.9.12.1 updated - libtiff5-32bit-4.0.9-150000.45.11.1 updated - libupower-glib-devel-0.99.11-150200.4.2.1 updated - libupower-glib3-0.99.11-150200.4.2.1 updated - libv4l-devel-1.14.1-150000.3.3.1 updated - libv4l2rds0-1.14.1-150000.3.3.1 updated - linux-atm-devel-2.5.2-150000.3.2.1 updated - motif-2.3.4-150000.3.5.1 updated - motif-devel-2.3.4-150000.3.5.1 updated - mutter-3.34.6-150200.3.12.1 updated - mutter-data-3.34.6-150200.3.12.1 updated - mutter-devel-3.34.6-150200.3.12.1 updated - open-vm-tools-desktop-12.1.0-150300.19.1 updated - pangomm1_4-devel-2.42.0-150200.3.2.1 updated - ppp-2.4.7-150000.5.8.1 updated - ppp-devel-2.4.7-150000.5.8.1 updated - python-tk-2.7.18-150000.41.1 updated - python3-louis-3.11.0-150200.3.3.1 updated - raptor-2.0.15-150200.9.12.1 updated - typelib-1_0-Clutter-1_0-1.26.2-150000.4.2.1 updated - typelib-1_0-Cogl-1_0-1.22.2-150200.10.2.1 updated - typelib-1_0-Cogl-2_0-1.22.2-150200.10.2.1 updated - typelib-1_0-CoglGst-2_0-1.22.2-150200.10.2.1 updated - typelib-1_0-CoglPango-1_0-1.22.2-150200.10.2.1 updated - typelib-1_0-CoglPango-2_0-1.22.2-150200.10.2.1 updated - typelib-1_0-Fwupd-2_0-1.5.8-150300.3.5.1 updated - typelib-1_0-FwupdPlugin-1_0-1.5.8-150300.3.5.1 updated - typelib-1_0-GtkClutter-1_0-1.8.4-150000.4.2.1 updated - typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1 updated - typelib-1_0-UpowerGlib-1_0-0.99.11-150200.4.2.1 updated - typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1 updated - typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1 updated - upower-0.99.11-150200.4.2.1 updated - wavpack-5.4.0-150000.4.15.1 updated - wavpack-devel-5.4.0-150000.4.15.1 updated - webkit2gtk3-devel-2.36.5-150200.41.1 updated - ant-1.10.7-150200.4.6.1 updated - ant-antlr-1.10.7-150200.4.6.1 updated - ant-apache-bcel-1.10.7-150200.4.6.1 updated - ant-apache-bsf-1.10.7-150200.4.6.1 updated - ant-apache-log4j-1.10.7-150200.4.6.1 updated - ant-apache-oro-1.10.7-150200.4.6.1 updated - ant-apache-regexp-1.10.7-150200.4.6.1 updated - ant-apache-resolver-1.10.7-150200.4.6.1 updated - ant-commons-logging-1.10.7-150200.4.6.1 updated - ant-javamail-1.10.7-150200.4.6.1 updated - ant-jdepend-1.10.7-150200.4.6.1 updated - ant-jmf-1.10.7-150200.4.6.1 updated - ant-junit-1.10.7-150200.4.6.1 updated - ant-manual-1.10.7-150200.4.6.1 updated - ant-scripts-1.10.7-150200.4.6.1 updated - ant-swing-1.10.7-150200.4.6.1 updated - bpftrace-tools-0.11.4-150300.3.14.1 updated - build-20220613-150200.12.1 updated - build-mkbaselibs-20220613-150200.12.1 updated - gcc10-info-10.4.0+git2794-150000.1.9.1 updated - gcc11-info-11.3.0+git1637-150000.1.9.1 updated - geronimo-annotation-1_0-api-1.2-150200.15.2.1 updated - geronimo-jms-1_1-api-1.2-150200.15.2.1 updated - geronimo-stax-1_0-api-1.2-150200.15.2.1 updated - git-doc-2.35.3-150300.10.15.1 updated - google-gson-2.8.9-150200.3.6.3 updated - guava-27.0.1-2.51 updated - jackson-dataformat-cbor-2.13.0-150200.3.3.3 updated - jeos-firstboot-1.0.1-150300.3.5.1 updated - jsch-0.1.55-4.53 updated - kernel-docs-5.3.18-150300.59.90.1 updated - kernel-source-5.3.18-150300.59.90.1 updated - netty3-3.10.6-150200.3.3.2 updated - obs-scm-bridge-0.2-150100.3.3.1 added - osc-0.179.0-150100.3.29.1 updated - perl-doc-5.26.1-150300.17.3.1 updated - rpmlint-1.10-150000.7.53.1 updated - binutils-devel-32bit-2.37-150100.7.37.1 updated - bpftrace-0.11.4-150300.3.14.1 updated - bsdtar-3.4.2-150200.4.6.1 updated - cargo-1.62.0-150300.21.29.1 updated - cargo1.59-1.59.0-150300.7.7.2 updated - cargo1.60-1.60.0-150300.7.6.1 added - cargo1.61-1.61.0-150300.7.3.1 added - clang7-checker-7.0.1-150100.3.22.2 updated - cpp10-10.4.0+git2794-150000.1.9.1 updated - cpp11-11.3.0+git1637-150000.1.9.1 updated - crash-7.2.9-150300.23.10.1 updated - crash-devel-7.2.9-150300.23.10.1 updated - crash-kmp-default-7.2.9_k5.3.18_150300.59.76-150300.23.10.1 updated - cross-nvptx-gcc10-10.4.0+git2794-150000.1.9.1 updated - cross-nvptx-newlib10-devel-10.4.0+git2794-150000.1.9.1 updated - cross-nvptx-newlib11-devel-11.3.0+git1637-150000.1.9.1 updated - cups-ddk-2.2.7-150000.3.32.1 updated - dracut-kiwi-lib-9.24.36-150100.3.53.2 updated - dracut-kiwi-live-9.24.36-150100.3.53.2 updated - dracut-kiwi-oem-dump-9.24.36-150100.3.53.2 updated - dracut-kiwi-oem-repart-9.24.36-150100.3.53.2 updated - dracut-kiwi-overlay-9.24.36-150100.3.53.2 updated - gcc10-10.4.0+git2794-150000.1.9.1 updated - gcc10-32bit-10.4.0+git2794-150000.1.9.1 updated - gcc10-ada-10.4.0+git2794-150000.1.9.1 updated - gcc10-ada-32bit-10.4.0+git2794-150000.1.9.1 updated - gcc10-c++-10.4.0+git2794-150000.1.9.1 updated - gcc10-c++-32bit-10.4.0+git2794-150000.1.9.1 updated - gcc10-fortran-10.4.0+git2794-150000.1.9.1 updated - gcc10-fortran-32bit-10.4.0+git2794-150000.1.9.1 updated - gcc10-go-10.4.0+git2794-150000.1.9.1 updated - gcc10-go-32bit-10.4.0+git2794-150000.1.9.1 updated - gcc10-locale-10.4.0+git2794-150000.1.9.1 updated - gcc11-11.3.0+git1637-150000.1.9.1 updated - gcc11-32bit-11.3.0+git1637-150000.1.9.1 updated - gcc11-PIE-11.3.0+git1637-150000.1.9.1 added - gcc11-ada-11.3.0+git1637-150000.1.9.1 updated - gcc11-ada-32bit-11.3.0+git1637-150000.1.9.1 updated - gcc11-c++-11.3.0+git1637-150000.1.9.1 updated - gcc11-c++-32bit-11.3.0+git1637-150000.1.9.1 updated - gcc11-d-11.3.0+git1637-150000.1.9.1 updated - gcc11-d-32bit-11.3.0+git1637-150000.1.9.1 updated - gcc11-fortran-11.3.0+git1637-150000.1.9.1 updated - gcc11-fortran-32bit-11.3.0+git1637-150000.1.9.1 updated - gcc11-go-11.3.0+git1637-150000.1.9.1 updated - gcc11-go-32bit-11.3.0+git1637-150000.1.9.1 updated - gcc11-locale-11.3.0+git1637-150000.1.9.1 updated - gcc11-obj-c++-11.3.0+git1637-150000.1.9.1 updated - gcc11-obj-c++-32bit-11.3.0+git1637-150000.1.9.1 updated - gcc11-objc-11.3.0+git1637-150000.1.9.1 updated - gcc11-objc-32bit-11.3.0+git1637-150000.1.9.1 updated - gcc11-testresults-11.3.0+git1637-150000.1.9.1 updated - git-2.35.3-150300.10.15.1 updated - git-arch-2.35.3-150300.10.15.1 updated - git-cvs-2.35.3-150300.10.15.1 updated - git-daemon-2.35.3-150300.10.15.1 updated - git-email-2.35.3-150300.10.15.1 updated - git-gui-2.35.3-150300.10.15.1 updated - git-svn-2.35.3-150300.10.15.1 updated - git-web-2.35.3-150300.10.15.1 updated - gitk-2.35.3-150300.10.15.1 updated - glibc-devel-32bit-2.31-150300.37.1 updated - glibc-devel-static-2.31-150300.37.1 updated - glibc-utils-2.31-150300.37.1 updated - glm-devel-0.9.9.8-150000.3.6.1 updated - go-1.18-150000.3.23.1 added - go-doc-1.18-150000.3.23.1 added - go-race-1.18-150000.3.23.1 added - go1.17-1.17.13-150000.1.42.1 updated - go1.17-doc-1.17.13-150000.1.42.1 updated - go1.17-race-1.17.13-150000.1.42.1 updated - go1.18-1.18.5-150000.1.25.1 updated - go1.18-doc-1.18.5-150000.1.25.1 updated - go1.18-race-1.18.5-150000.1.25.1 updated - kernel-obs-build-5.3.18-150300.59.90.1 updated - kernel-preempt-devel-5.3.18-150300.59.90.1 updated - kernel-syms-5.3.18-150300.59.90.1 updated - kiwi-man-pages-9.24.36-150100.3.53.2 updated - kiwi-pxeboot-9.24.36-150100.3.53.2 updated - kiwi-systemdeps-9.24.36-150100.3.53.2 updated - kiwi-systemdeps-bootloaders-9.24.36-150100.3.53.2 updated - kiwi-systemdeps-containers-9.24.36-150100.3.53.2 updated - kiwi-systemdeps-core-9.24.36-150100.3.53.2 updated - kiwi-systemdeps-disk-images-9.24.36-150100.3.53.2 updated - kiwi-systemdeps-filesystems-9.24.36-150100.3.53.2 updated - kiwi-systemdeps-image-validation-9.24.36-150100.3.53.2 updated - kiwi-systemdeps-iso-media-9.24.36-150100.3.53.2 updated - kiwi-tools-9.24.36-150100.3.53.2 updated - libcbor-devel-0.5.0-150100.4.6.1 updated - libiterm-devel-0.5.20040304-150000.5.6.1 updated - libmpx2-32bit-8.2.1+r264010-150000.1.6.4 updated - libmpxwrappers2-32bit-8.2.1+r264010-150000.1.6.4 updated - libopagent1-1.3.0-150100.8.3.1 updated - libopagent1-32bit-1.3.0-150100.8.3.1 updated - libstdc++6-devel-gcc10-32bit-10.4.0+git2794-150000.1.9.1 updated - libstdc++6-devel-gcc11-32bit-11.3.0+git1637-150000.1.9.1 updated - libucpp13-1.3.4-150000.3.6.1 updated - libxcrypt-devel-static-4.4.15-150300.4.4.3 updated - linuxrc-7.0.30.6-150300.3.9.1 updated - ncurses-devel-32bit-6.1-150000.5.12.1 updated - openldap2-devel-32bit-2.4.46-150200.14.11.2 updated - oprofile-1.3.0-150100.8.3.1 updated - oprofile-32bit-1.3.0-150100.8.3.1 updated - oprofile-devel-1.3.0-150100.8.3.1 updated - pam-devel-32bit-1.3.0-150000.6.58.3 updated - perf-5.3.18-150300.38.3.1 updated - perl-Bootloader-YAML-0.939-150300.3.6.1 updated - perl-Crypt-SSLeay-0.72-150000.5.5.1 updated - perl-DNS-LDNS-1.7.0-150000.4.8.1 updated - perl-PerlMagick-7.0.7.34-150200.10.31.1 updated - perl-YAML-LibYAML-0.69-150000.3.5.1 updated - python3-coverage-4.5.4-150000.3.3.2 updated - python3-kiwi-9.24.36-150100.3.53.2 updated - python3-tools-3.6.15-150300.10.27.1 updated - python3-ujson-1.35-150100.3.5.1 updated - python39-tools-3.9.13-150300.4.13.1 updated - rust-1.62.0-150300.21.29.1 updated - rust1.59-1.59.0-150300.7.7.2 updated - rust1.60-1.60.0-150300.7.6.1 added - rust1.61-1.61.0-150300.7.3.1 added - rustup-1.24.3~git1.0a74fef5-150300.7.10.1 updated - ucpp-1.3.4-150000.3.6.1 updated - xorg-x11-server-sdk-1.20.3-150200.22.5.55.1 updated - zlib-devel-32bit-1.2.11-150000.3.33.1 updated - hdf5-gnu-hpc-1.10.8-150300.4.3.1 updated - hdf5-gnu-hpc-devel-1.10.8-150300.4.3.1 updated - hdf5-gnu-mpich-hpc-1.10.8-150300.4.3.2 updated - hdf5-gnu-mpich-hpc-devel-1.10.8-150300.4.3.2 updated - hdf5-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 updated - hdf5-gnu-mvapich2-hpc-devel-1.10.8-150300.4.3.1 updated - hdf5-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 updated - hdf5-gnu-openmpi3-hpc-devel-1.10.8-150300.4.3.2 updated - hdf5-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 updated - hdf5-gnu-openmpi4-hpc-devel-1.10.8-150300.4.3.2 updated - hdf5-hpc-examples-1.10.8-150300.4.3.1 updated - openmpi3-gnu-hpc-devel-3.1.6-150200.3.3.1 updated - openmpi3-gnu-hpc-docs-3.1.6-150200.3.3.1 updated - openmpi3-gnu-hpc-macros-devel-3.1.6-150200.3.3.1 updated - hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.3.1 added - hdf5_1_10_8-gnu-hpc-devel-1.10.8-150300.4.3.1 added - hdf5_1_10_8-gnu-hpc-devel-static-1.10.8-150300.4.3.1 added - hdf5_1_10_8-gnu-hpc-module-1.10.8-150300.4.3.1 added - hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.3.2 added - hdf5_1_10_8-gnu-mpich-hpc-devel-1.10.8-150300.4.3.2 added - hdf5_1_10_8-gnu-mpich-hpc-devel-static-1.10.8-150300.4.3.2 added - hdf5_1_10_8-gnu-mpich-hpc-module-1.10.8-150300.4.3.2 added - hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 added - hdf5_1_10_8-gnu-mvapich2-hpc-devel-1.10.8-150300.4.3.1 added - hdf5_1_10_8-gnu-mvapich2-hpc-devel-static-1.10.8-150300.4.3.1 added - hdf5_1_10_8-gnu-mvapich2-hpc-module-1.10.8-150300.4.3.1 added - hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 added - hdf5_1_10_8-gnu-openmpi3-hpc-devel-1.10.8-150300.4.3.2 added - hdf5_1_10_8-gnu-openmpi3-hpc-devel-static-1.10.8-150300.4.3.2 added - hdf5_1_10_8-gnu-openmpi3-hpc-module-1.10.8-150300.4.3.2 added - hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 added - hdf5_1_10_8-gnu-openmpi4-hpc-devel-1.10.8-150300.4.3.2 added - hdf5_1_10_8-gnu-openmpi4-hpc-devel-static-1.10.8-150300.4.3.2 added - hdf5_1_10_8-gnu-openmpi4-hpc-module-1.10.8-150300.4.3.2 added - hdf5_1_10_8-hpc-examples-1.10.8-150300.4.3.1 added - libhdf5-gnu-hpc-1.10.8-150300.4.3.1 updated - libhdf5-gnu-mpich-hpc-1.10.8-150300.4.3.2 updated - libhdf5-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 updated - libhdf5-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 updated - libhdf5-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 updated - libhdf5_1_10_8-gnu-hpc-1.10.8-150300.4.3.1 added - libhdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.3.2 added - libhdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 added - libhdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 added - libhdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 added - libhdf5_cpp-gnu-hpc-1.10.8-150300.4.3.1 updated - libhdf5_cpp-gnu-mpich-hpc-1.10.8-150300.4.3.2 updated - libhdf5_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 updated - libhdf5_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 updated - libhdf5_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 updated - libhdf5_cpp_1_10_8-gnu-hpc-1.10.8-150300.4.3.1 added - libhdf5_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.3.2 added - libhdf5_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 added - libhdf5_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 added - libhdf5_cpp_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 added - libhdf5_fortran-gnu-hpc-1.10.8-150300.4.3.1 updated - libhdf5_fortran-gnu-mpich-hpc-1.10.8-150300.4.3.2 updated - libhdf5_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 updated - libhdf5_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 updated - libhdf5_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 updated - libhdf5_fortran_1_10_8-gnu-hpc-1.10.8-150300.4.3.1 added - libhdf5_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.3.2 added - libhdf5_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 added - libhdf5_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 added - libhdf5_fortran_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 added - libhdf5_hl-gnu-hpc-1.10.8-150300.4.3.1 updated - libhdf5_hl-gnu-mpich-hpc-1.10.8-150300.4.3.2 updated - libhdf5_hl-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 updated - libhdf5_hl-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 updated - libhdf5_hl-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 updated - libhdf5_hl_1_10_8-gnu-hpc-1.10.8-150300.4.3.1 added - libhdf5_hl_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.3.2 added - libhdf5_hl_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 added - libhdf5_hl_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 added - libhdf5_hl_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 added - libhdf5_hl_cpp-gnu-hpc-1.10.8-150300.4.3.1 updated - libhdf5_hl_cpp-gnu-mpich-hpc-1.10.8-150300.4.3.2 updated - libhdf5_hl_cpp-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 updated - libhdf5_hl_cpp-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 updated - libhdf5_hl_cpp-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 updated - libhdf5_hl_cpp_1_10_8-gnu-hpc-1.10.8-150300.4.3.1 added - libhdf5_hl_cpp_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.3.2 added - libhdf5_hl_cpp_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 added - libhdf5_hl_cpp_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 added - libhdf5_hl_cpp_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 added - libhdf5_hl_fortran-gnu-hpc-1.10.8-150300.4.3.1 updated - libhdf5_hl_fortran-gnu-mpich-hpc-1.10.8-150300.4.3.2 updated - libhdf5_hl_fortran-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 updated - libhdf5_hl_fortran-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 updated - libhdf5_hl_fortran-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 updated - libhdf5hl_fortran_1_10_8-gnu-hpc-1.10.8-150300.4.3.1 added - libhdf5hl_fortran_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.3.2 added - libhdf5hl_fortran_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.3.1 added - libhdf5hl_fortran_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.3.2 added - libhdf5hl_fortran_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.3.2 added - libnss_slurm2-20.11.9-150300.4.6.1 updated - libopenmpi3-gnu-hpc-3.1.6-150200.3.3.1 updated - libopenmpi_3_1_6-gnu-hpc-3.1.6-150200.3.3.1 updated - libpmi0-20.11.9-150300.4.6.1 updated - libslurm36-20.11.9-150300.4.6.1 updated - openmpi3-gnu-hpc-3.1.6-150200.3.3.1 updated - openmpi3-gnu-hpc-devel-static-3.1.6-150200.3.3.1 updated - openmpi_3_1_6-gnu-hpc-3.1.6-150200.3.3.1 updated - openmpi_3_1_6-gnu-hpc-devel-3.1.6-150200.3.3.1 updated - openmpi_3_1_6-gnu-hpc-devel-static-3.1.6-150200.3.3.1 updated - openmpi_3_1_6-gnu-hpc-docs-3.1.6-150200.3.3.1 updated - openmpi_3_1_6-gnu-hpc-macros-devel-3.1.6-150200.3.3.1 updated - perl-slurm-20.11.9-150300.4.6.1 updated - slurm-20.11.9-150300.4.6.1 updated - slurm-auth-none-20.11.9-150300.4.6.1 updated - slurm-config-20.11.9-150300.4.6.1 updated - slurm-config-man-20.11.9-150300.4.6.1 updated - slurm-devel-20.11.9-150300.4.6.1 updated - slurm-doc-20.11.9-150300.4.6.1 updated - slurm-lua-20.11.9-150300.4.6.1 updated - slurm-munge-20.11.9-150300.4.6.1 updated - slurm-node-20.11.9-150300.4.6.1 updated - slurm-pam_slurm-20.11.9-150300.4.6.1 updated - slurm-plugins-20.11.9-150300.4.6.1 updated - slurm-rest-20.11.9-150300.4.6.1 updated - slurm-slurmdbd-20.11.9-150300.4.6.1 updated - slurm-sql-20.11.9-150300.4.6.1 updated - slurm-sview-20.11.9-150300.4.6.1 updated - slurm-torque-20.11.9-150300.4.6.1 updated - slurm-webdoc-20.11.9-150300.4.6.1 updated - suse-hpc-0.5.20220206.0c6b168-150300.6.3.1 updated - postgresql12-docs-12.12-150200.8.35.1 updated - java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 updated - java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 updated - java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 updated - java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 updated - java-1_8_0-openjdk-1.8.0.345-150000.3.70.1 updated - java-1_8_0-openjdk-demo-1.8.0.345-150000.3.70.1 updated - java-1_8_0-openjdk-devel-1.8.0.345-150000.3.70.1 updated - java-1_8_0-openjdk-headless-1.8.0.345-150000.3.70.1 updated - libncurses5-32bit-6.1-150000.5.12.1 updated - libncurses5-6.1-150000.5.12.1 updated - libopenssl-1_0_0-devel-1.0.2p-150000.3.56.1 updated - libopenssl10-1.0.2p-150000.3.56.1 updated - libopenssl1_0_0-1.0.2p-150000.3.56.1 updated - ncurses5-devel-6.1-150000.5.12.1 updated - openldap2-2.4.46-150200.14.11.2 updated - openldap2-back-meta-2.4.46-150200.14.11.2 updated - openldap2-back-perl-2.4.46-150200.14.11.2 updated - openldap2-contrib-2.4.46-150200.14.11.2 updated - openldap2-ppolicy-check-password-1.2-150200.14.11.2 updated - openssl-1_0_0-1.0.2p-150000.3.56.1 updated - pam-modules-12.1-150000.5.3.2 updated - pam-modules-32bit-12.1-150000.5.3.2 updated - postgresql10-10.22-150100.8.50.1 updated - postgresql10-contrib-10.22-150100.8.50.1 updated - postgresql10-devel-10.22-150100.8.50.1 updated - postgresql10-plperl-10.22-150100.8.50.1 updated - postgresql10-plpython-10.22-150100.8.50.1 updated - postgresql10-pltcl-10.22-150100.8.50.1 updated - postgresql10-server-10.22-150100.8.50.1 updated - postgresql12-12.12-150200.8.35.1 updated - postgresql12-contrib-12.12-150200.8.35.1 updated - postgresql12-devel-12.12-150200.8.35.1 updated - postgresql12-plperl-12.12-150200.8.35.1 updated - postgresql12-plpython-12.12-150200.8.35.1 updated - postgresql12-pltcl-12.12-150200.8.35.1 updated - postgresql12-server-12.12-150200.8.35.1 updated - postgresql12-server-devel-12.12-150200.8.35.1 updated - reiserfs-kmp-default-5.3.18-150300.59.90.1 updated - sle-module-legacy-release-15.3-150300.122.3.1 updated - lifecycle-data-sle-module-live-patching-15-150000.4.75.1 updated - kernel-default-livepatch-5.3.18-150300.59.90.1 updated - kernel-default-livepatch-devel-5.3.18-150300.59.90.1 updated - kernel-livepatch-5_3_18-150300_59_76-default-3-150300.2.1 added - kernel-livepatch-tools-1.2-150200.7.9.1 updated - kernel-livepatch-tools-devel-1.2-150200.7.9.1 updated - aws-efs-utils-1.31.3-150100.4.5.1 updated - azure-cli-2.17.1-150100.6.11.2 updated - azure-cli-core-2.17.1-150100.6.14.2 updated - cloud-regionsrv-client-10.0.5-150000.6.76.1 updated - cloud-regionsrv-client-addon-azure-1.0.5-150000.6.76.1 updated - cloud-regionsrv-client-generic-config-1.0.0-150000.6.76.1 updated - cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.76.1 updated - cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.76.1 updated - cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.76.1 updated - google-guest-configs-20220211.00-150000.1.19.1 updated - kernel-devel-azure-5.3.18-150300.38.75.1 updated - kernel-source-azure-5.3.18-150300.38.75.1 updated - python-azure-agent-2.2.49.2-150100.3.23.1 updated - python3-Whoosh-2.7.4-150100.3.3.2 updated - python3-atomicwrites-1.1.5-150000.3.2.1 updated - python3-azure-ai-formrecognizer-3.1.2-150100.3.3.2 added - python3-azure-batch-10.0.0-150100.7.8.2 updated - python3-azure-core-1.22.1-150100.3.7.2 updated - python3-azure-mgmt-compute-18.0.0-150100.6.11.2 updated - python3-azure-mgmt-containerregistry-3.0.0rc16-150100.6.8.2 updated - python3-azure-mgmt-databoxedge-0.2.0-150100.3.7.2 updated - python3-azure-mgmt-network-17.0.0-150100.6.8.2 updated - python3-azure-mgmt-security-0.6.0-150100.3.7.2 updated - python3-azure-sdk-4.0.0-150100.3.10.2 updated - python3-azure-synapse-managedprivateendpoints-0.4.0-150100.3.3.2 added - python3-azure-synapse-monitoring-0.2.0-150100.3.3.2 added - python3-azure-template-0.1.0b1293622-150100.3.3.2 added - python3-google-resumable-media-0.5.0-150200.5.6.1 updated - python3-msrest-0.6.21-150100.6.8.2 updated - regionServiceClientConfigAzure-2.0.0-150000.3.16.1 updated - regionServiceClientConfigEC2-4.0.0-150000.3.21.1 updated - regionServiceClientConfigGCE-4.0.0-150000.4.9.1 updated - amazon-ssm-agent-3.1.1260.0-150000.5.9.2 updated - aws-iam-authenticator-0.5.3-150000.1.9.1 updated - google-guest-agent-20220204.00-150000.1.26.1 updated - google-guest-oslogin-20220205.00-150000.1.27.1 updated - google-osconfig-agent-20220209.00-150000.1.17.1 updated - kernel-azure-5.3.18-150300.38.75.1 updated - kernel-azure-devel-5.3.18-150300.38.75.1 updated - kernel-syms-azure-5.3.18-150300.38.75.1 updated - patterns-public-cloud-15-Amazon-Web-Services-15.1-150100.8.3.1 updated - patterns-public-cloud-15-Amazon-Web-Services-Instance-Init-15.1-150100.8.3.1 updated - patterns-public-cloud-15-Amazon-Web-Services-Instance-Tools-15.1-150100.8.3.1 updated - patterns-public-cloud-15-Amazon-Web-Services-Tools-15.1-150100.8.3.1 updated - patterns-public-cloud-15-Google-Cloud-Platform-15.1-150100.8.3.1 updated - patterns-public-cloud-15-Google-Cloud-Platform-Instance-Init-15.1-150100.8.3.1 updated - patterns-public-cloud-15-Google-Cloud-Platform-Instance-Tools-15.1-150100.8.3.1 updated - patterns-public-cloud-15-Google-Cloud-Platform-Tools-15.1-150100.8.3.1 updated - patterns-public-cloud-15-Microsoft-Azure-15.1-150100.8.3.1 updated - patterns-public-cloud-15-Microsoft-Azure-Instance-Init-15.1-150100.8.3.1 updated - patterns-public-cloud-15-Microsoft-Azure-Instance-Tools-15.1-150100.8.3.1 updated - patterns-public-cloud-15-Microsoft-Azure-Tools-15.1-150100.8.3.1 updated - patterns-public-cloud-15-OpenStack-15.1-150100.8.3.1 updated - patterns-public-cloud-15-OpenStack-Instance-Init-15.1-150100.8.3.1 updated - patterns-public-cloud-15-OpenStack-Instance-Tools-15.1-150100.8.3.1 updated - patterns-public-cloud-15-OpenStack-Tools-15.1-150100.8.3.1 updated - python3-grpcio-1.25.0-150200.3.5.1 updated - python3-uamqp-1.5.3-150100.4.7.1 updated - rmt-server-pubcloud-2.8.0-150300.3.15.1 updated - s3fs-1.91-150000.3.9.1 updated - python2-apipkg-1.4-150000.3.2.1 added - python2-cssselect-1.0.3-150000.3.3.1 updated - python2-paramiko-2.4.2-150100.6.12.1 updated - python2-pip-20.0.2-150100.6.18.1 updated - python2-py-1.10.0-150000.5.9.2 updated - python2-rtslib-fb-2.1.74-150300.3.3.1 updated - python2-zypp-plugin-0.6.3-150000.4.2.1 updated - python-curses-2.7.18-150000.41.1 updated - python-devel-2.7.18-150000.41.1 updated - python-gdbm-2.7.18-150000.41.1 updated - python-xml-2.7.18-150000.41.1 updated - python2-M2Crypto-0.35.2-150000.3.14.1 updated - python2-dmidecode-3.12.2-2.74 updated - python2-libxml2-python-2.9.7-150000.3.46.1 updated - python2-lxml-4.7.1-150200.3.10.1 updated - python2-lxml-devel-4.7.1-150200.3.10.1 updated - samba-ad-dc-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - sle-module-python2-release-15.3-150300.59.4.1 updated - SAPHanaSR-0.160.1-150000.4.20.1 updated - SAPHanaSR-doc-0.160.1-150000.4.20.1 updated - release-notes-sles-for-sap-15.3.20220712-150300.3.15.1 updated - supportutils-plugin-ha-sap-0.0.3+git.1659022100.39bfcd6-150000.1.9.1 updated - yast2-sap-ha-1.0.15-150000.3.11.1 updated - clamsap-0.104.3-150000.4.9.1 updated - sapwmp-0.1+git.1645197740.6b06c5c-150200.3.9.2 updated - apache2-doc-2.4.51-150200.3.48.1 updated - grub2-x86_64-xen-2.04-150300.22.20.2 updated - kvm_stat-5.3.18-150300.19.3.1 updated - libvirt-bash-completion-7.1.0-150300.6.29.1 updated - libvirt-doc-7.1.0-150300.6.29.1 updated - mariadb-errormessages-10.5.16-150300.3.18.1 updated - ongres-scram-2.1-150300.3.3.4 updated - ongres-scram-client-2.1-150300.3.3.4 updated - pgadmin4-doc-4.30-150300.3.3.1 updated - pgadmin4-web-4.30-150300.3.3.1 updated - postgresql-contrib-14-150300.10.9.12 updated - postgresql-devel-14-150300.10.9.12 updated - postgresql-docs-14-150300.10.9.12 updated - postgresql-jdbc-42.2.25-150300.3.5.2 updated - postgresql-llvmjit-14-150300.10.9.12 updated - postgresql-plperl-14-150300.10.9.12 updated - postgresql-plpython-14-150300.10.9.12 updated - postgresql-pltcl-14-150300.10.9.12 updated - postgresql-server-14-150300.10.9.12 updated - postgresql-server-devel-14-150300.10.9.12 updated - postgresql-test-14-150300.10.9.12 updated - postgresql13-docs-13.8-150200.5.31.1 updated - postgresql14-docs-14.5-150200.5.17.1 updated - qemu-ipxe-1.0.0+-150300.115.2 updated - qemu-ovmf-x86_64-202008-150300.10.14.1 updated - qemu-seabios-1.14.0_0_g155821a-150300.115.2 updated - qemu-sgabios-8-150300.115.2 updated - qemu-vgabios-1.14.0_0_g155821a-150300.115.2 updated - salt-fish-completion-3004-150300.53.24.1 updated - sapconf-5.0.4-150000.7.21.1 updated - xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1 updated - 389-ds-1.4.4.19~git38.9951c1101-150300.3.17.1 updated - 389-ds-devel-1.4.4.19~git38.9951c1101-150300.3.17.1 updated - apache2-devel-2.4.51-150200.3.48.1 updated - apache2-mod_apparmor-2.13.6-150300.3.15.1 updated - apache2-mod_auth_mellon-0.17.0-150200.5.7.1 updated - apache2-mod_auth_mellon-diagnostics-0.17.0-150200.5.7.1 updated - apache2-mod_auth_mellon-doc-0.17.0-150200.5.7.1 updated - apache2-worker-2.4.51-150200.3.48.1 updated - dhcp-relay-4.3.6.P1-150000.6.14.1 updated - dhcp-server-4.3.6.P1-150000.6.14.1 updated - dovecot23-2.3.15-150200.62.1 updated - dovecot23-backend-mysql-2.3.15-150200.62.1 updated - dovecot23-backend-pgsql-2.3.15-150200.62.1 updated - dovecot23-backend-sqlite-2.3.15-150200.62.1 updated - dovecot23-devel-2.3.15-150200.62.1 updated - dovecot23-fts-2.3.15-150200.62.1 updated - dovecot23-fts-lucene-2.3.15-150200.62.1 updated - dovecot23-fts-solr-2.3.15-150200.62.1 updated - dovecot23-fts-squat-2.3.15-150200.62.1 updated - dpdk-19.11.4-150300.13.3 updated - dpdk-devel-19.11.4-150300.13.3 updated - dpdk-kmp-default-19.11.4_k5.3.18_150300.59.76-150300.13.3 updated - dpdk-tools-19.11.4-150300.13.3 updated - lib389-1.4.4.19~git38.9951c1101-150300.3.17.1 updated - libdpdk-20_0-19.11.4-150300.13.3 updated - libecpg6-14.5-150200.5.17.1 updated - libgrpc++1-1.25.0-150200.3.5.1 updated - libgrpc8-1.25.0-150200.3.5.1 updated - libmariadbd-devel-10.5.16-150300.3.18.1 updated - libmariadbd19-10.5.16-150300.3.18.1 updated - librabbitmq-devel-0.10.0-150300.5.3.1 updated - librabbitmq4-0.10.0-150300.5.3.1 updated - libsanlock1-3.6.0-150000.4.3.1 updated - libslirp-devel-4.3.1-150300.11.1 updated - libslirp0-4.3.1-150300.11.1 updated - libspice-server-devel-0.14.3-150300.3.3.1 updated - libspice-server1-0.14.3-150300.3.3.1 updated - libsvrcore0-1.4.4.19~git38.9951c1101-150300.3.17.1 updated - libvirt-7.1.0-150300.6.29.1 updated - libvirt-admin-7.1.0-150300.6.29.1 updated - libvirt-client-7.1.0-150300.6.29.1 updated - libvirt-daemon-7.1.0-150300.6.29.1 updated - libvirt-daemon-config-network-7.1.0-150300.6.29.1 updated - libvirt-daemon-config-nwfilter-7.1.0-150300.6.29.1 updated - libvirt-daemon-driver-interface-7.1.0-150300.6.29.1 updated - libvirt-daemon-driver-libxl-7.1.0-150300.6.29.1 updated - libvirt-daemon-driver-lxc-7.1.0-150300.6.29.1 updated - libvirt-daemon-driver-network-7.1.0-150300.6.29.1 updated - libvirt-daemon-driver-nodedev-7.1.0-150300.6.29.1 updated - libvirt-daemon-driver-nwfilter-7.1.0-150300.6.29.1 updated - libvirt-daemon-driver-qemu-7.1.0-150300.6.29.1 updated - libvirt-daemon-driver-secret-7.1.0-150300.6.29.1 updated - libvirt-daemon-driver-storage-7.1.0-150300.6.29.1 updated - libvirt-daemon-driver-storage-core-7.1.0-150300.6.29.1 updated - libvirt-daemon-driver-storage-disk-7.1.0-150300.6.29.1 updated - libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.29.1 updated - libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.29.1 updated - libvirt-daemon-driver-storage-logical-7.1.0-150300.6.29.1 updated - libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.29.1 updated - libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.29.1 updated - libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.29.1 updated - libvirt-daemon-hooks-7.1.0-150300.6.29.1 updated - libvirt-daemon-lxc-7.1.0-150300.6.29.1 updated - libvirt-daemon-qemu-7.1.0-150300.6.29.1 updated - libvirt-daemon-xen-7.1.0-150300.6.29.1 updated - libvirt-devel-7.1.0-150300.6.29.1 updated - libvirt-lock-sanlock-7.1.0-150300.6.29.1 updated - libvirt-nss-7.1.0-150300.6.29.1 updated - libwsman-devel-2.6.7-150000.3.12.2 updated - libyang-extentions-1.0.184-150300.3.3.1 updated - libyang1-1.0.184-150300.3.3.1 updated - mariadb-10.5.16-150300.3.18.1 updated - mariadb-client-10.5.16-150300.3.18.1 updated - mariadb-tools-10.5.16-150300.3.18.1 updated - nut-2.7.4-150000.6.3.1 updated - nut-devel-2.7.4-150000.6.3.1 updated - nut-drivers-net-2.7.4-150000.6.3.1 updated - openCryptoki-3.15.1-150300.5.9.1 updated - openCryptoki-devel-3.15.1-150300.5.9.1 updated - openmpi3-3.1.6-150200.3.3.1 updated - openmpi3-config-3.1.6-150200.3.3.1 updated - openmpi3-devel-3.1.6-150200.3.3.1 updated - openmpi3-docs-3.1.6-150200.3.3.1 updated - openmpi3-libs-3.1.6-150200.3.3.1 updated - openwsman-server-2.6.7-150000.3.12.2 updated - oracleasm-kmp-default-2.0.8_k5.3.18_150300.59.76-150300.19.5.3 updated - ovmf-202008-150300.10.14.1 updated - ovmf-tools-202008-150300.10.14.1 updated - pgadmin4-4.30-150300.3.3.1 updated - postgresql13-contrib-13.8-150200.5.31.1 updated - postgresql13-devel-13.8-150200.5.31.1 updated - postgresql13-llvmjit-13.8-150200.5.31.1 updated - postgresql13-plperl-13.8-150200.5.31.1 updated - postgresql13-plpython-13.8-150200.5.31.1 updated - postgresql13-pltcl-13.8-150200.5.31.1 updated - postgresql13-server-13.8-150200.5.31.1 updated - postgresql13-server-devel-13.8-150200.5.31.1 updated - postgresql14-contrib-14.5-150200.5.17.1 updated - postgresql14-devel-14.5-150200.5.17.1 updated - postgresql14-plperl-14.5-150200.5.17.1 updated - postgresql14-plpython-14.5-150200.5.17.1 updated - postgresql14-pltcl-14.5-150200.5.17.1 updated - postgresql14-server-14.5-150200.5.17.1 updated - postgresql14-server-devel-14.5-150200.5.17.1 updated - postgresql14-test-14.5-150200.5.17.1 updated - python3-Twisted-19.10.0-150200.3.15.1 updated - qemu-5.2.0-150300.115.2 updated - qemu-audio-alsa-5.2.0-150300.115.2 updated - qemu-audio-pa-5.2.0-150300.115.2 updated - qemu-audio-spice-5.2.0-150300.115.2 updated - qemu-block-curl-5.2.0-150300.115.2 updated - qemu-block-iscsi-5.2.0-150300.115.2 updated - qemu-block-rbd-5.2.0-150300.115.2 updated - qemu-block-ssh-5.2.0-150300.115.2 updated - qemu-chardev-baum-5.2.0-150300.115.2 updated - qemu-chardev-spice-5.2.0-150300.115.2 updated - qemu-guest-agent-5.2.0-150300.115.2 updated - qemu-hw-display-qxl-5.2.0-150300.115.2 updated - qemu-hw-display-virtio-gpu-5.2.0-150300.115.2 updated - qemu-hw-display-virtio-gpu-pci-5.2.0-150300.115.2 updated - qemu-hw-display-virtio-vga-5.2.0-150300.115.2 updated - qemu-hw-usb-redirect-5.2.0-150300.115.2 updated - qemu-ksm-5.2.0-150300.115.2 updated - qemu-kvm-5.2.0-150300.115.2 updated - qemu-lang-5.2.0-150300.115.2 updated - qemu-ui-curses-5.2.0-150300.115.2 updated - qemu-ui-gtk-5.2.0-150300.115.2 updated - qemu-ui-opengl-5.2.0-150300.115.2 updated - qemu-ui-spice-app-5.2.0-150300.115.2 updated - qemu-ui-spice-core-5.2.0-150300.115.2 updated - qemu-x86-5.2.0-150300.115.2 updated - redis-6.0.14-150200.6.11.1 updated - rmt-server-2.8.0-150300.3.15.1 updated - rmt-server-config-2.8.0-150300.3.15.1 updated - rsyslog-module-gssapi-8.2106.0-150200.4.29.1 updated - rsyslog-module-gtls-8.2106.0-150200.4.29.1 updated - rsyslog-module-mmnormalize-8.2106.0-150200.4.29.1 updated - rsyslog-module-mysql-8.2106.0-150200.4.29.1 updated - rsyslog-module-pgsql-8.2106.0-150200.4.29.1 updated - rsyslog-module-relp-8.2106.0-150200.4.29.1 updated - rsyslog-module-snmp-8.2106.0-150200.4.29.1 updated - rsyslog-module-udpspoof-8.2106.0-150200.4.29.1 updated - salt-api-3004-150300.53.24.1 updated - salt-cloud-3004-150300.53.24.1 updated - salt-master-3004-150300.53.24.1 updated - salt-proxy-3004-150300.53.24.1 updated - salt-ssh-3004-150300.53.24.1 updated - salt-standalone-formulas-configuration-3004-150300.53.24.1 updated - salt-syndic-3004-150300.53.24.1 updated - sanlock-3.6.0-150000.4.3.1 updated - sanlock-devel-3.6.0-150000.4.3.1 updated - sblim-sfcb-1.4.9-150000.5.9.4 updated - squid-4.17-150000.5.32.1 updated - uuidd-2.36.2-150300.4.23.1 updated - xen-4.14.5_04-150300.3.32.1 updated - xen-devel-4.14.5_04-150300.3.32.1 updated - xen-tools-4.14.5_04-150300.3.32.1 updated - read-only-root-fs-1.0+git20190206.586e9f1-150100.3.3.1 updated - read-only-root-fs-volatile-1.0+git20190206.586e9f1-150100.3.3.1 updated - salt-transactional-update-3004-150300.53.24.1 updated - geronimo-jta-1_1-api-1.2-150200.15.2.1 updated - nodejs12-docs-12.22.12-150200.4.35.1 updated - nodejs14-docs-14.20.0-150200.15.34.1 updated - nodejs16-docs-16.16.0-150300.7.6.2 updated - tomcat-9.0.36-150200.22.1 updated - tomcat-admin-webapps-9.0.36-150200.22.1 updated - tomcat-el-3_0-api-9.0.36-150200.22.1 updated - tomcat-jsp-2_3-api-9.0.36-150200.22.1 updated - tomcat-lib-9.0.36-150200.22.1 updated - tomcat-servlet-4_0-api-9.0.36-150200.22.1 updated - tomcat-webapps-9.0.36-150200.22.1 updated - apache2-mod_php7-7.4.6-150200.3.41.1 updated - nodejs12-12.22.12-150200.4.35.1 updated - nodejs12-devel-12.22.12-150200.4.35.1 updated - nodejs14-14.20.0-150200.15.34.1 updated - nodejs14-devel-14.20.0-150200.15.34.1 updated - nodejs16-16.16.0-150300.7.6.2 updated - nodejs16-devel-16.16.0-150300.7.6.2 updated - npm12-12.22.12-150200.4.35.1 updated - npm14-14.20.0-150200.15.34.1 updated - npm16-16.16.0-150300.7.6.2 updated - php7-7.4.6-150200.3.41.1 updated - php7-bcmath-7.4.6-150200.3.41.1 updated - php7-bz2-7.4.6-150200.3.41.1 updated - php7-calendar-7.4.6-150200.3.41.1 updated - php7-ctype-7.4.6-150200.3.41.1 updated - php7-curl-7.4.6-150200.3.41.1 updated - php7-dba-7.4.6-150200.3.41.1 updated - php7-devel-7.4.6-150200.3.41.1 updated - php7-dom-7.4.6-150200.3.41.1 updated - php7-enchant-7.4.6-150200.3.41.1 updated - php7-exif-7.4.6-150200.3.41.1 updated - php7-fastcgi-7.4.6-150200.3.41.1 updated - php7-fileinfo-7.4.6-150200.3.41.1 updated - php7-fpm-7.4.6-150200.3.41.1 updated - php7-ftp-7.4.6-150200.3.41.1 updated - php7-gd-7.4.6-150200.3.41.1 updated - php7-gettext-7.4.6-150200.3.41.1 updated - php7-gmp-7.4.6-150200.3.41.1 updated - php7-iconv-7.4.6-150200.3.41.1 updated - php7-intl-7.4.6-150200.3.41.1 updated - php7-json-7.4.6-150200.3.41.1 updated - php7-ldap-7.4.6-150200.3.41.1 updated - php7-mbstring-7.4.6-150200.3.41.1 updated - php7-mysql-7.4.6-150200.3.41.1 updated - php7-odbc-7.4.6-150200.3.41.1 updated - php7-opcache-7.4.6-150200.3.41.1 updated - php7-openssl-7.4.6-150200.3.41.1 updated - php7-pcntl-7.4.6-150200.3.41.1 updated - php7-pdo-7.4.6-150200.3.41.1 updated - php7-pgsql-7.4.6-150200.3.41.1 updated - php7-phar-7.4.6-150200.3.41.1 updated - php7-posix-7.4.6-150200.3.41.1 updated - php7-readline-7.4.6-150200.3.41.1 updated - php7-shmop-7.4.6-150200.3.41.1 updated - php7-snmp-7.4.6-150200.3.41.1 updated - php7-soap-7.4.6-150200.3.41.1 updated - php7-sockets-7.4.6-150200.3.41.1 updated - php7-sodium-7.4.6-150200.3.41.1 updated - php7-sqlite-7.4.6-150200.3.41.1 updated - php7-sysvmsg-7.4.6-150200.3.41.1 updated - php7-sysvsem-7.4.6-150200.3.41.1 updated - php7-sysvshm-7.4.6-150200.3.41.1 updated - php7-tidy-7.4.6-150200.3.41.1 updated - php7-tokenizer-7.4.6-150200.3.41.1 updated - php7-xmlreader-7.4.6-150200.3.41.1 updated - php7-xmlrpc-7.4.6-150200.3.41.1 updated - php7-xmlwriter-7.4.6-150200.3.41.1 updated - php7-xsl-7.4.6-150200.3.41.1 updated - php7-zip-7.4.6-150200.3.41.1 updated - php7-zlib-7.4.6-150200.3.41.1 updated - crmsh-4.3.1+20220610.733357e2-150200.5.83.1 updated - crmsh-scripts-4.3.1+20220610.733357e2-150200.5.83.1 updated - monitoring-plugins-metadata-4.8.0+git30.d0077df0-150300.8.28.1 updated - pacemaker-cts-2.0.5+20201202.ba59be712-150300.4.21.1 updated - python3-parallax-1.0.6-150200.4.6.1 updated - booth-1.0-150300.18.3.1 updated - cluster-glue-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 updated - cluster-md-kmp-default-5.3.18-150300.59.90.1 updated - ctdb-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - dlm-kmp-default-5.3.18-150300.59.90.1 updated - drbd-9.0.29~0+git.9a7bc817-150300.3.5.1 updated - drbd-kmp-default-9.0.29~0+git.9a7bc817_k5.3.18_150300.59.71-150300.3.5.1 updated - fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.14.1 updated - fence-agents-devel-4.9.0+git.1624456340.8d746be9-150300.3.14.1 updated - gfs2-kmp-default-5.3.18-150300.59.90.1 updated - keepalived-2.0.19-150100.3.6.1 updated - ldirectord-4.8.0+git30.d0077df0-150300.8.28.1 updated - libglue-devel-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 updated - libglue2-1.0.12+v1.git.1587474580.a5fda2bc-150000.3.14.1 updated - libpacemaker-devel-2.0.5+20201202.ba59be712-150300.4.21.1 updated - libpacemaker3-2.0.5+20201202.ba59be712-150300.4.21.1 updated - ocfs2-kmp-default-5.3.18-150300.59.90.1 updated - ocfs2-tools-1.8.5-150100.12.14.1 updated - ocfs2-tools-o2cb-1.8.5-150100.12.14.1 updated - pacemaker-2.0.5+20201202.ba59be712-150300.4.21.1 updated - pacemaker-cli-2.0.5+20201202.ba59be712-150300.4.21.1 updated - pacemaker-remote-2.0.5+20201202.ba59be712-150300.4.21.1 updated - resource-agents-4.8.0+git30.d0077df0-150300.8.28.1 updated - ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1 updated - ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1 updated - ruby2.5-rubygem-puma-4.3.11-150000.3.6.2 updated - ruby2.5-rubygem-rack-2.0.8-150000.3.6.1 updated - ruby2.5-rubygem-rails-html-sanitizer-1.0.4-150000.4.3.1 updated - ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1 updated - release-notes-sle_hpc-15.300000000.20210505-1.1 added - release-notes-sle_rt-15.2.20191020-5.117 added - release-notes-sles-15.3.20220407-150300.3.26.3 updated - release-notes-susemanager-proxy-4.2.0.1-3.1 updated - release-notes-susemanager-proxy-4.2.0.1-3.1 added - release-notes-susemanager-4.2.0.5-6.1 updated - NetworkManager-lang-1.22.10-150200.3.18.1 updated - gimp-lang-2.10.12-150300.9.3.1 updated - libpurple-branding-upstream-2.13.0-150200.12.6.1 updated - libpurple-lang-2.13.0-150200.12.6.1 updated - libreoffice-branding-upstream-7.3.3.1-150300.14.22.21.20 updated - libreoffice-icon-themes-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-af-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-ar-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-as-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-bg-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-bn-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-br-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-ca-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-ckb-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-cs-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-cy-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-da-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-de-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-dz-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-el-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-en-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-eo-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-es-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-et-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-eu-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-fa-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-fi-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-fr-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-fur-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-ga-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-gl-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-gu-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-he-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-hi-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-hr-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-hu-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-it-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-ja-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-kk-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-kn-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-ko-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-lt-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-lv-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-mai-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-ml-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-mr-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-nb-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-nl-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-nn-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-nr-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-nso-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-or-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-pa-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-pl-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-pt_BR-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-pt_PT-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-ro-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-ru-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-si-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-sk-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-sl-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-sr-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-ss-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-st-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-sv-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-ta-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-te-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-th-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-tn-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-tr-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-ts-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-uk-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-ve-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-xh-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-zh_CN-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-zh_TW-7.3.3.1-150300.14.22.21.20 updated - libreoffice-l10n-zu-7.3.3.1-150300.14.22.21.20 updated - myspell-af_ZA-20191219-150000.3.23.1 updated - myspell-ar-20191219-150000.3.23.1 updated - myspell-bg_BG-20191219-150000.3.23.1 updated - myspell-bn_BD-20191219-150000.3.23.1 updated - myspell-br_FR-20191219-150000.3.23.1 updated - myspell-ca-20191219-150000.3.23.1 updated - myspell-cs_CZ-20191219-150000.3.23.1 updated - myspell-da_DK-20191219-150000.3.23.1 updated - myspell-el_GR-20191219-150000.3.23.1 updated - myspell-et_EE-20191219-150000.3.23.1 updated - myspell-fr_FR-20191219-150000.3.23.1 updated - myspell-gl-20191219-150000.3.23.1 updated - myspell-gu_IN-20191219-150000.3.23.1 updated - myspell-he_IL-20191219-150000.3.23.1 updated - myspell-hi_IN-20191219-150000.3.23.1 updated - myspell-hr_HR-20191219-150000.3.23.1 updated - myspell-it_IT-20191219-150000.3.23.1 updated - myspell-lt_LT-20191219-150000.3.23.1 updated - myspell-lv_LV-20191219-150000.3.23.1 updated - myspell-nl_NL-20191219-150000.3.23.1 updated - myspell-nn_NO-20191219-150000.3.23.1 updated - myspell-pl_PL-20191219-150000.3.23.1 updated - myspell-pt_PT-20191219-150000.3.23.1 updated - myspell-si_LK-20191219-150000.3.23.1 updated - myspell-sk_SK-20191219-150000.3.23.1 updated - myspell-sl_SI-20191219-150000.3.23.1 updated - myspell-sr-20191219-150000.3.23.1 updated - myspell-sv_SE-20191219-150000.3.23.1 updated - myspell-te_IN-20191219-150000.3.23.1 updated - myspell-th_TH-20191219-150000.3.23.1 updated - myspell-tr_TR-20191219-150000.3.23.1 updated - myspell-uk_UA-20191219-150000.3.23.1 updated - myspell-zu_ZA-20191219-150000.3.23.1 updated - Mesa-dri-nouveau-20.2.4-150300.59.3.1 updated - MozillaThunderbird-91.12.0-150200.8.79.1 updated - MozillaThunderbird-translations-common-91.12.0-150200.8.79.1 updated - MozillaThunderbird-translations-other-91.12.0-150200.8.79.1 updated - NetworkManager-devel-1.22.10-150200.3.18.1 updated - bluez-cups-5.55-150300.3.11.1 updated - csync-0.50.0-150000.3.8.1 updated - freerdp-2.1.2-150200.15.18.1 updated - freerdp-devel-2.1.2-150200.15.18.1 updated - freerdp-proxy-2.1.2-150200.15.18.1 updated - gfbgraph-devel-0.2.3-150000.3.5.1 updated - gimp-2.10.12-150300.9.3.1 updated - gimp-devel-2.10.12-150300.9.3.1 updated - gimp-plugins-python-2.10.12-150200.3.9.1 updated - gtkmm2-devel-2.24.5-150000.3.2.1 updated - gutenprint-5.2.14-150000.3.2.2 updated - gutenprint-devel-5.2.14-150000.3.2.2 updated - hp-drive-guard-0.3.12-150000.4.2.1 updated - kernel-default-extra-5.3.18-150300.59.90.1 updated - kernel-preempt-extra-5.3.18-150300.59.90.1 updated - libGLw-devel-8.0.0-150000.3.6.1 updated - libGLw1-8.0.0-150000.3.6.1 updated - libGLwM1-8.0.0-150000.3.6.1 updated - libXvMC_nouveau-20.2.4-150300.59.3.1 updated - liba52-0-0.7.5+svn613-150000.3.2.1 updated - liba52-devel-0.7.5+svn613-150000.3.2.1 updated - libchamplain-0_12-0-0.12.20-150200.3.2.1 updated - libcsync-plugin-sftp-0.50.0-150000.3.8.1 updated - libcsync-plugin-smb-0.50.0-150000.3.8.1 updated - libcsync0-0.50.0-150000.3.8.1 updated - libdvdread-devel-6.0.0-150000.3.2.1 updated - libdvdread4-6.0.0-150000.3.2.1 updated - libfreerdp2-2.1.2-150200.15.18.1 updated - libgadu-devel-1.12.2-150000.3.2.1 updated - libgadu3-1.12.2-150000.3.2.1 updated - libgfbgraph-0_2-0-0.2.3-150000.3.5.1 updated - libgimp-2_0-0-2.10.12-150300.9.3.1 updated - libgimpui-2_0-0-2.10.12-150300.9.3.1 updated - libgom-1_0-0-0.4-150200.3.2.1 updated - libgrss-devel-0.7.0-150000.5.2.1 updated - libgrss0-0.7.0-150000.5.2.1 updated - libgtkmm-2_4-1-2.24.5-150000.3.2.1 updated - libirrecord0-0.9.4c-150000.4.3.1 updated - liblangtag-devel-0.6.2-150000.3.6.1 updated - liblangtag1-0.6.2-150000.3.6.1 updated - liblirc0-0.9.4c-150000.4.3.1 updated - liblirc_client0-0.9.4c-150000.4.3.1 updated - liblirc_driver0-0.9.4c-150000.4.3.1 updated - liblpsolve55-0-5.5.2.0-150000.3.2.1 updated - libmeanwhile1-1.0.2-150000.3.2.1 updated - libmediaart-2_0-0-1.9.4-150000.5.2.1 updated - libmpeg2-0-0.5.1-150000.3.2.1 updated - libmysqlcppconn-devel-1.1.9-150000.4.5.1 updated - libmysqlcppconn7-1.1.9-150000.4.5.1 updated - libntfs-3g-devel-2022.5.17-150000.3.11.1 updated - libntfs-3g87-2022.5.17-150000.3.11.1 updated - liborcus-devel-0.17.2-150300.10.3.1 updated - libotr-devel-4.1.1-150000.4.2.1 updated - libotr5-4.1.1-150000.4.2.1 updated - libpskc-devel-2.6.2-150000.3.3.1 updated - libpskc0-2.6.2-150000.3.3.1 updated - libpst-devel-0.6.71-150000.3.2.1 updated - libpst4-0.6.71-150000.3.2.1 updated - libpurple-2.13.0-150200.12.6.1 updated - libpurple-devel-2.13.0-150200.12.6.1 updated - libpurple-plugin-sametime-2.13.0-150200.12.6.1 updated - librasqal-devel-0.9.33-150000.3.2.1 updated - librasqal3-0.9.33-150000.3.2.1 updated - librdf0-1.0.17-150200.10.3.1 updated - libredland-devel-1.0.17-150200.10.3.1 updated - libreoffice-7.3.3.1-150300.14.22.21.20 updated - libreoffice-base-7.3.3.1-150300.14.22.21.20 updated - libreoffice-base-drivers-postgresql-7.3.3.1-150300.14.22.21.20 updated - libreoffice-calc-7.3.3.1-150300.14.22.21.20 updated - libreoffice-calc-extensions-7.3.3.1-150300.14.22.21.20 updated - libreoffice-draw-7.3.3.1-150300.14.22.21.20 updated - libreoffice-filters-optional-7.3.3.1-150300.14.22.21.20 updated - libreoffice-gnome-7.3.3.1-150300.14.22.21.20 updated - libreoffice-gtk3-7.3.3.1-150300.14.22.21.20 updated - libreoffice-impress-7.3.3.1-150300.14.22.21.20 updated - libreoffice-mailmerge-7.3.3.1-150300.14.22.21.20 updated - libreoffice-math-7.3.3.1-150300.14.22.21.20 updated - libreoffice-officebean-7.3.3.1-150300.14.22.21.20 updated - libreoffice-pyuno-7.3.3.1-150300.14.22.21.20 updated - libreoffice-writer-7.3.3.1-150300.14.22.21.20 updated - libreoffice-writer-extensions-7.3.3.1-150300.14.22.21.20 updated - libreofficekit-7.3.3.1-150300.14.22.21.20 updated - libstoken1-0.81-150000.3.2.1 updated - libtbb2-2019_20190605-150200.3.2.1 updated - libtbbmalloc2-2019_20190605-150200.3.2.1 updated - libvdpau_nouveau-20.2.4-150300.59.3.1 updated - libwinpr2-2.1.2-150200.15.18.1 updated - libwmf-0_2-7-0.2.12-150000.4.4.1 updated - libwmf-devel-0.2.12-150000.4.4.1 updated - libwmf-gnome-0.2.12-150000.4.4.1 updated - libzapojit-0_0-0-0.0.3-150000.3.2.1 updated - lirc-devel-0.9.4c-150000.4.3.1 updated - lpsolve-devel-5.5.2.0-150000.3.2.1 updated - meanwhile-devel-1.0.2-150000.3.2.1 updated - ntfs-3g-2022.5.17-150000.3.11.1 updated - ntfsprogs-2022.5.17-150000.3.11.1 updated - os-prober-1.76-150100.4.2.1 updated - pidgin-2.13.0-150200.12.6.1 updated - pidgin-devel-2.13.0-150200.12.6.1 updated - rp-pppoe-3.12-150000.6.3.2 updated - stoken-devel-0.81-150000.3.2.1 updated - strongswan-nm-5.8.2-150200.11.27.1 updated - tbb-devel-2019_20190605-150200.3.2.1 updated - typelib-1_0-Champlain-0_12-0.12.20-150200.3.2.1 updated - typelib-1_0-GFBGraph-0_2-0.2.3-150000.3.5.1 updated - typelib-1_0-Gom-1_0-0.4-150200.3.2.1 updated - typelib-1_0-Grss-0_7-0.7.0-150000.5.2.1 updated - typelib-1_0-MediaArt-2_0-1.9.4-150000.5.2.1 updated - typelib-1_0-Zpj-0_0-0.0.3-150000.3.2.1 updated - winpr2-devel-2.1.2-150200.15.18.1 updated - xorg-x11-server-wayland-1.20.3-150200.22.5.55.1 updated - POS_Image-RPi-Bootstrap-7.0.0-Build1.60 added - ansible-2.9.21-1.10.1 added - ansible-doc-2.9.21-1.10.1 added - ansible-test-2.9.21-1.10.1 added - grub2-arm64-efi-2.04-150300.22.20.2 added - hwdata-0.358-150000.3.45.1 added - libgsasl-lang-1.8.0-1.64 added - mgr-cfg-4.2.8-150300.2.9.1 added - mgr-cfg-actions-4.2.8-150300.2.9.1 added - mgr-cfg-client-4.2.8-150300.2.9.1 added - mgr-cfg-management-4.2.8-150300.2.9.1 added - mgr-custom-info-4.2.3-150300.2.6.2 added - mgr-daemon-4.2.9-150300.2.6.3 added - mgr-osad-4.2.8-150300.2.9.1 added - mgr-push-4.2.5-150300.2.9.1 added - python3-debian-0.1.31-3.19 added - python3-hwdata-2.3.5-150000.3.6.1 added - python3-jabberpy-0.5-1.24 added - python3-mgr-cfg-4.2.8-150300.2.9.1 added - python3-mgr-cfg-actions-4.2.8-150300.2.9.1 added - python3-mgr-cfg-client-4.2.8-150300.2.9.1 added - python3-mgr-cfg-management-4.2.8-150300.2.9.1 added - python3-mgr-osa-common-4.2.8-150300.2.9.1 added - python3-mgr-osad-4.2.8-150300.2.9.1 added - python3-mgr-push-4.2.5-150300.2.9.1 added - python3-python-memcached-1.59-3.7.1 added - python3-pyvmomi-6.7.3-3.2.1 added - python3-redis-3.4.1-3.5.1 added - python3-rhnlib-4.2.6-150300.4.9.1 added - python3-spacewalk-certs-tools-4.2.17-150300.3.21.3 added - python3-spacewalk-check-4.2.19-150300.4.21.3 added - python3-spacewalk-client-setup-4.2.19-150300.4.21.3 added - python3-spacewalk-client-tools-4.2.19-150300.4.21.3 added - python3-spacewalk-oscap-4.2.4-150300.4.9.1 added - python3-suseRegisterInfo-4.2.6-150300.4.9.1 added - python3-zypp-plugin-spacewalk-1.0.12-3.29.1 added - spacecmd-4.2.18-150300.4.24.3 added - spacewalk-backend-4.2.23-150300.4.26.4 added - spacewalk-base-minimal-4.2.28-150300.3.24.3 added - spacewalk-base-minimal-config-4.2.28-150300.3.24.3 added - spacewalk-certs-tools-4.2.17-150300.3.21.3 added - spacewalk-check-4.2.19-150300.4.21.3 added - spacewalk-client-setup-4.2.19-150300.4.21.3 added - spacewalk-client-tools-4.2.19-150300.4.21.3 added - spacewalk-oscap-4.2.4-150300.4.9.1 added - spacewalk-proxy-broker-4.2.11-150300.3.18.3 added - spacewalk-proxy-common-4.2.11-150300.3.18.3 added - spacewalk-proxy-docs-4.2.2-1.1 added - spacewalk-proxy-html-4.2.3-150300.3.3.1 added - spacewalk-proxy-installer-4.2.7-3.9.3 added - spacewalk-proxy-management-4.2.11-150300.3.18.3 added - spacewalk-proxy-package-manager-4.2.11-150300.3.18.3 added - spacewalk-proxy-redirect-4.2.11-150300.3.18.3 added - spacewalk-proxy-salt-4.2.11-150300.3.18.3 added - spacewalk-remote-utils-4.2.2-150300.4.3.1 added - spacewalk-setup-jabberd-4.2.3-1.25 added - spacewalk-ssl-cert-check-4.2.2-1.45 added - supportutils-plugin-salt-1.2.0-150300.3.3.1 added - supportutils-plugin-susemanager-client-4.2.2-3.6.44 added - supportutils-plugin-susemanager-proxy-4.2.2-1.44 added - suseRegisterInfo-4.2.6-150300.4.9.1 added - susemanager-build-keys-15.3.5-3.3.1 added - susemanager-build-keys-web-15.3.5-3.3.1 added - susemanager-tftpsync-recv-4.2.4-3.3.2 added - system-user-prometheus-1.0.0-6.1 added - zypp-plugin-spacewalk-1.0.12-3.29.1 added - apache2-mod_wsgi-python3-4.5.18-4.3.1 added - apache2-mod_wsgi-python3-debuginfo-4.5.18-4.3.1 added - apache2-mod_wsgi-python3-debugsource-4.5.18-4.3.1 added - dwz-0.12-1.483 added - dwz-debuginfo-0.12-1.483 added - dwz-debugsource-0.12-1.483 added - golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.12.1 added - golang-github-boynux-squid_exporter-1.6-1.6.1 added - golang-github-boynux-squid_exporter-debuginfo-1.6-1.6.1 added - golang-github-lusitaniae-apache_exporter-0.7.0-1.9.1 added - golang-github-lusitaniae-apache_exporter-debuginfo-0.7.0-1.9.1 added - golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1 added - golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1 added - golang-github-prometheus-prometheus-2.32.1-150100.4.9.2 added - jabberd-2.7.0-2.27 added - jabberd-db-2.7.0-2.27 added - jabberd-db-debuginfo-2.7.0-2.27 added - jabberd-debuginfo-2.7.0-2.27 added - jabberd-debugsource-2.7.0-2.27 added - jabberd-sqlite-2.7.0-2.27 added - jabberd-sqlite-debuginfo-2.7.0-2.27 added - libgsasl-debugsource-1.8.0-1.64 added - libgsasl7-1.8.0-1.64 added - libgsasl7-debuginfo-1.8.0-1.64 added - libntlm-debugsource-1.4-1.66 added - libntlm0-1.4-1.66 added - libntlm0-debuginfo-1.4-1.66 added - libudns0-0.4-0.9.66 added - libudns0-debuginfo-0.4-0.9.66 added - patterns-suma_proxy-4.2-150300.4.9.1 added - prometheus-blackbox_exporter-0.19.0-150000.1.8.2 added - prometheus-blackbox_exporter-debuginfo-0.19.0-1.3.1 added - python3-uyuni-common-libs-4.2.6-150300.3.6.1 added - rpm-build-4.14.3-150300.46.1 added - rpm-build-debuginfo-4.14.3-150300.46.1 added - rpm-debuginfo-4.14.3-150300.46.1 added - rpm-debugsource-4.14.3-150300.46.1 added - sle-module-suse-manager-proxy-release-4.2-8.5 added - udns-0.4-0.9.66 added - udns-debuginfo-0.4-0.9.66 added - udns-debugsource-0.4-0.9.66 added - uyuni-base-common-4.2.3-1.21 added - uyuni-base-proxy-4.2.3-1.21 added - sle-module-suse-manager-retail-branch-server-release-4.2-8.5 added - antlr-java-2.7.7-16.63 added - antlr3-runtime-3.5.2-1.79 added - apache-commons-cli-1.4-1.63 added - apache-commons-codec-1.11-1.63 added - apache-commons-csv-1.2-150300.3.3.2 added - apache-commons-el-1.0-3.3.1 added - apache-commons-jexl-2.1.1-1.68 added - apache-commons-lang3-3.8.1-1.63 added - apache-commons-math3-3.2-150300.3.3.2 added - apache-mybatis-3.2.3-1.79 added - base64coder-20101219-1.63 added - bind-formula-0.1.1615805990.f15c8d9-1.1 added - branch-network-formula-0.1.1628156312.dbd0dec-3.3.1 added - byte-buddy-1.8.17-1.77 added - c3p0-0.9.5.5-150300.4.6.1 added - caasp-management-node-formula-4.2.1-1.45 added - caasp-management-settings-formula-4.2.1-1.45 added - cal10n-0.7.7-9.64 added - classmate-1.3.4-1.78 added - cobbler-3.1.2-150300.5.14.1 added - concurrent-1.3.4-277.278.52 added - concurrentlinkedhashmap-lru-1.3.1-1.78 added - cpu-mitigations-formula-0.4.0-3.3.1 added - dhcpd-formula-0.1.1641480250.d5bd14c-150300.3.3.1 added - dom4j-1.6.1-10.12 added - drbd-formula-0.4.2+git.1616116365.1e3ab34-3.6.1 added - drools-7.17.0-150300.4.3.2 added - dwr-3.0.2-0.11.24 added - ehcache-2.10.1-2.27 added - geronimo-annotation-1_0-api-1.2-150200.15.2.1 added - geronimo-stax-1_0-api-1.2-150200.15.2.1 added - google-gson-2.8.9-150200.3.6.3 added - grafana-formula-0.7.0-150300.3.6.1 added - guava-27.0.1-2.51 added - habootstrap-formula-0.4.4+git.1632747498.2caa677-3.20.1 added - hadoop-0.18.1-1.80 added - hibernate-commons-annotations-5.0.4-1.71 added - hibernate5-5.3.7-150300.5.3.1 added - httpcomponents-asyncclient-4.1.4-1.76 added - httpcomponents-client-4.5.6-3.2.6 added - httpcomponents-core-4.4.10-3.2.6 added - hwdata-0.358-150000.3.45.1 added - ical4j-3.0.18-2.50 added - icu4j-63.1-1.63 added - image-sync-formula-0.1.1614159840.ef7cad5-1.1 added - isorelax-0.1-9.63 added - jade4j-1.2.5-1.24 added - jakarta-commons-validator-1.1.4-21.150300.21.3.3 added - java-saml-2.4.0-1.77 added - javassist-3.23.1-1.63 added - jaxen-1.1.1-10.63 added - jboss-logging-3.4.1-150200.3.3.1 added - jcommon-1.0.16-0.10.55 added - jdom-1.1.3-10.63 added - joda-time-2.10.1-1.63 added - jose4j-0.5.1-150300.3.3.2 added - jpa-api-2.2.2-1.78 added - jsch-0.1.55-4.53 added - jzlib-1.1.3-9.63 added - kie-api-7.17.0-150300.4.3.2 added - kie-soup-7.17.0.Final-2.50 added - libgsasl-lang-1.8.0-1.64 added - locale-formula-0.2-1.63 added - lucene-2.4.1-1.79 added - mgr-libmod-4.2.7-150300.3.6.1 added - mgr-osa-dispatcher-4.2.8-150300.2.9.1 added - mgr-push-4.2.5-150300.2.9.1 added - mvel2-2.2.6.Final-150300.3.3.2 added - nekohtml-1.9.22-1.71 added - netty-4.1.44.Final-2.48 added - nutch-core-1.0.1-2.26 added - objectweb-asm-7.2-1.63 added - ongres-scram-2.1-150300.3.3.4 added - ongres-scram-client-2.1-150300.3.3.4 added - ongres-stringprep-1.1-150300.7.3.4 added - ongres-stringprep-saslprep-1.1-150300.7.3.4 added - openvpn-formula-0.1.2-3.3.1 added - optaplanner-7.17.0-150300.4.3.2 added - perl-Frontier-RPC-0.07b4-1.63 added - perl-Net-Telnet-3.04-1.25 added - perl-Satcon-4.2.2-1.22 added - perl-Term-Completion-1.00-2.22 added - pgjdbc-ng-0.8.3-1.75 added - picocontainer-1.3.7-1.79 added - postgresql-jdbc-42.2.25-150300.3.5.2 added - prometheus-client-java-0.3.0-1.77 added - prometheus-exporters-formula-1.2.0-150300.3.9.1 added - prometheus-formula-0.6.2-150300.3.14.1 added - prometheus-jmx_exporter-0.3.1-2.9 added - prometheus-jmx_exporter-tomcat-0.3.1-2.9 added - pxe-default-image-sle15-4.1.0-Build2.271 added - pxe-formula-0.1.1615805990.f15c8d9-1.1 added - pxe-yomi-image-sle15-1.0.0-Build3.70 added - py26-compat-salt-2016.11.10-11.28.9.1 added - py27-compat-salt-3000.3-150300.7.7.20.2 added - python3-cachetools-4.1.0-150200.3.4.1 added - python3-debian-0.1.31-3.19 added - python3-google-auth-1.21.2-150300.3.6.1 added - python3-hwdata-2.3.5-150000.3.6.1 added - python3-jabberpy-0.5-1.24 added - python3-kubernetes-8.0.1-150100.3.7.1 added - python3-mgr-osa-common-4.2.8-150300.2.9.1 added - python3-mgr-osa-dispatcher-4.2.8-150300.2.9.1 added - python3-mgr-push-4.2.5-150300.2.9.1 added - python3-oauth2client-gce-4.1.3-3.2.1 added - python3-python-pam-1.8.4-1.24 added - python3-pyvmomi-6.7.3-3.2.1 added - python3-rhnlib-4.2.6-150300.4.9.1 added - python3-spacewalk-certs-tools-4.2.17-150300.3.21.3 added - python3-spacewalk-client-tools-4.2.19-150300.4.21.3 added - python3-suseRegisterInfo-4.2.6-150300.4.9.1 added - python3-susemanager-retail-1.0.1653987003.92d4870-150300.3.3.2 added - python3-urlgrabber-3.10.2.1py2_3-3.10 added - python3-vcrpy-2.1.1-1.26 added - python3-ws4py-0.5.1-1.24 added - quartz-2.3.0-1.84 added - redstone-xmlrpc-1.1_20071120-0.9.78 added - reflections-0.9.10-1.79 added - relaxngDatatype-2011.1-8.63 added - salt-netapi-client-0.19.0-150300.3.6.1 added - salt-shaptools-0.3.11+git.1605797958.ae2f08a-3.6.1 added - saltboot-formula-0.1.1645440615.7f1328c-150300.3.9.1 added - saphanabootstrap-formula-0.7.1+git.1619008686.8600866-3.11.1 added - sapnwbootstrap-formula-0.6.4+git.1621842068.a86c37c-10.1 added - simple-xml-2.6.2-0.11.25 added - sitemesh-2.1-0.9.23 added - slf4j-1.7.30-1.34 added - slf4j-log4j12-1.7.30-1.34 added - snakeyaml-1.28-3.5.1 added - spacecmd-4.2.18-150300.4.24.3 added - spacewalk-admin-4.2.11-150300.3.12.3 added - spacewalk-backend-4.2.23-150300.4.26.4 added - spacewalk-backend-app-4.2.23-150300.4.26.4 added - spacewalk-backend-applet-4.2.23-150300.4.26.4 added - spacewalk-backend-config-files-4.2.23-150300.4.26.4 added - spacewalk-backend-config-files-common-4.2.23-150300.4.26.4 added - spacewalk-backend-config-files-tool-4.2.23-150300.4.26.4 added - spacewalk-backend-iss-4.2.23-150300.4.26.4 added - spacewalk-backend-iss-export-4.2.23-150300.4.26.4 added - spacewalk-backend-package-push-server-4.2.23-150300.4.26.4 added - spacewalk-backend-server-4.2.23-150300.4.26.4 added - spacewalk-backend-sql-4.2.23-150300.4.26.4 added - spacewalk-backend-sql-postgresql-4.2.23-150300.4.26.4 added - spacewalk-backend-tools-4.2.23-150300.4.26.4 added - spacewalk-backend-xml-export-libs-4.2.23-150300.4.26.4 added - spacewalk-backend-xmlrpc-4.2.23-150300.4.26.4 added - spacewalk-base-4.2.28-150300.3.24.3 added - spacewalk-base-minimal-4.2.28-150300.3.24.3 added - spacewalk-base-minimal-config-4.2.28-150300.3.24.3 added - spacewalk-certs-tools-4.2.17-150300.3.21.3 added - spacewalk-client-tools-4.2.19-150300.4.21.3 added - spacewalk-common-4.2.3-1.19 added - spacewalk-config-4.2.6-150300.3.6.1 added - spacewalk-html-4.2.28-150300.3.24.3 added - spacewalk-java-4.2.40-150300.3.40.2 added - spacewalk-java-config-4.2.40-150300.3.40.2 added - spacewalk-java-lib-4.2.40-150300.3.40.2 added - spacewalk-java-postgresql-4.2.40-150300.3.40.2 added - spacewalk-postgresql-4.2.3-1.19 added - spacewalk-reports-4.2.7-150300.3.9.1 added - spacewalk-search-4.2.7-150300.3.9.4 added - spacewalk-setup-4.2.11-150300.3.15.2 added - spacewalk-setup-jabberd-4.2.3-1.25 added - spacewalk-taskomatic-4.2.40-150300.3.40.2 added - spacewalk-usix-4.0.9-3.3.16 added - spacewalk-utils-4.2.17-150300.3.18.2 added - spacewalk-utils-extras-4.2.17-150300.3.18.2 added - spark-core-2.7.2-1.76 added - spark-template-jade-2.3-1.77 added - statistics-1.0.2-1.74 added - stringtree-json-2.0.9-0.12.77 added - struts-1.2.9-162.34.26 added - subscription-matcher-0.29-150300.6.9.1 added - supportutils-plugin-salt-1.2.0-150300.3.3.1 added - supportutils-plugin-susemanager-4.2.4-150300.3.6.1 added - suseRegisterInfo-4.2.6-150300.4.9.1 added - susemanager-branding-oss-4.2.1-1.56 added - susemanager-build-keys-15.3.5-3.3.1 added - susemanager-build-keys-web-15.3.5-3.3.1 added - susemanager-doc-indexes-4.2-150300.12.30.3 added - susemanager-docs_en-4.2-150300.12.30.2 added - susemanager-docs_en-pdf-4.2-150300.12.30.2 added - susemanager-frontend-libs-4.2.1-2.1 added - susemanager-retail-tools-1.0.1653987003.92d4870-150300.3.3.2 added - susemanager-schema-4.2.23-150300.3.24.3 added - susemanager-sls-4.2.26-150300.3.30.1 added - susemanager-sync-data-4.2.13-150300.3.21.2 added - susemanager-web-libs-4.2.25-150300.3.15.2 added - system-lock-formula-0.2-1.61 added - tagsoup-1.2.1-8.63 added - tftpd-formula-0.1.1614170819.014d6e5-1.1 added - tika-core-1.26-2.1 added - tiny-sqlmap-0.1+git.1404893432.d478c0e-1.77 added - tomcat-taglibs-standard-1_2_5-1.2.5-2.24 added - uyuni-cluster-provider-caasp-4.2.3-1.69 added - uyuni-config-formula-0.2-150300.3.3.1 added - uyuni-config-modules-4.2.26-150300.3.30.1 added - virtual-host-gatherer-1.0.23-150300.3.6.2 added - virtual-host-gatherer-Kubernetes-1.0.23-150300.3.6.2 added - virtual-host-gatherer-Nutanix-1.0.23-150300.3.6.2 added - virtual-host-gatherer-VMware-1.0.23-150300.3.6.2 added - virtual-host-gatherer-libcloud-1.0.23-150300.3.6.2 added - virtualization-formulas-0.6.2-150300.8.6.1 added - virtualization-host-formula-0.5-1.71 added - vsftpd-formula-0.1.1568808472.be9f236-1.60 added - woodstox-4.4.2-150300.3.3.2 added - ws-jaxme-0.5.2-10.70 added - xmlpull-api-1.1.3.1-150300.3.3.2 added - xmlsec-2.0.7-1.76 added - xom-1.2b1-10.63 added - xpp2-2.1.10-9.64 added - xpp3-1.1.4c-11.2.2 added - xpp3-minimal-1.1.4c-11.2.2 added - xstream-1.4.19-3.18.2 added - yomi-formula-0.0.1+git.1604593202.a2c22bf-2.21 added - apache2-mod_xsendfile-0.12-2.21 added - apache2-mod_xsendfile-debuginfo-0.12-2.21 added - apache2-mod_xsendfile-debugsource-0.12-2.21 added - drbd-utils-9.18.0-4.7.2 added - drbd-utils-debuginfo-9.18.0-4.7.2 added - drbd-utils-debugsource-9.18.0-4.7.2 added - dwz-0.12-1.483 added - dwz-debuginfo-0.12-1.483 added - dwz-debugsource-0.12-1.483 added - fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.14.1 added - fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150300.3.14.1 added - fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150300.3.14.1 added - golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.12.1 added - golang-github-lusitaniae-apache_exporter-0.7.0-1.9.1 added - golang-github-lusitaniae-apache_exporter-debuginfo-0.7.0-1.9.1 added - golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1 added - golang-github-wrouesnel-postgres_exporter-0.4.7-1.3.15 added - hub-xmlrpc-api-0.7-150300.3.6.1 added - hub-xmlrpc-api-debuginfo-0.7-3.3.3 added - inter-server-sync-0.2.2-150300.8.17.1 added - inter-server-sync-debuginfo-0.2.2-150300.8.17.1 added - jabberd-2.7.0-2.27 added - jabberd-db-2.7.0-2.27 added - jabberd-db-debuginfo-2.7.0-2.27 added - jabberd-debuginfo-2.7.0-2.27 added - jabberd-debugsource-2.7.0-2.27 added - jabberd-sqlite-2.7.0-2.27 added - jabberd-sqlite-debuginfo-2.7.0-2.27 added - libgit2-28-0.28.4-1.28 added - libgit2-28-debuginfo-0.28.4-1.28 added - libgit2-debugsource-0.28.4-1.28 added - libgsasl-debugsource-1.8.0-1.64 added - libgsasl7-1.8.0-1.64 added - libgsasl7-debuginfo-1.8.0-1.64 added - libhttp_parser2_7_1-2.7.1-4.2.2 added - libhttp_parser2_7_1-debuginfo-2.7.1-4.2.2 added - libmodulemd2-2.12.0-3.8.1 added - libntlm-debugsource-1.4-1.66 added - libntlm0-1.4-1.66 added - libntlm0-debuginfo-1.4-1.66 added - libudns0-0.4-0.9.66 added - libudns0-debuginfo-0.4-0.9.66 added - patterns-suma_retail-4.2-150300.4.9.1 added - patterns-suma_server-4.2-150300.4.9.1 added - perl-DBD-Pg-3.10.4-1.21 added - perl-DBD-Pg-debuginfo-3.10.4-1.21 added - perl-DBD-Pg-debugsource-3.10.4-1.21 added - perl-Mail-RFC822-Address-0.3-0.9.22 added - perl-Term-Size-0.207-1.65 added - perl-Term-Size-debuginfo-0.207-1.65 added - perl-Term-Size-debugsource-0.207-1.65 added - prometheus-postgres_exporter-0.10.0-150000.1.8.2 added - protobuf-debugsource-3.9.2-4.12.1 added - protobuf-java-3.9.2-4.12.1 added - py26-compat-msgpack-python-0.4.6-150300.4.3.1 added - py26-compat-msgpack-python-debuginfo-0.4.6-150300.4.3.1 added - py26-compat-msgpack-python-debugsource-0.4.6-150300.4.3.1 added - py26-compat-tornado-4.2.1-3.3.1 added - py26-compat-tornado-debuginfo-4.2.1-3.3.1 added - py26-compat-tornado-debugsource-4.2.1-3.3.1 added - python-Cheetah3-debuginfo-3.2.4-1.24 added - python-Cheetah3-debugsource-3.2.4-1.24 added - python-multidict-debugsource-4.5.2-1.24 added - python-psycopg2-debuginfo-2.8.5-5.7.1 added - python-psycopg2-debugsource-2.8.5-5.7.1 added - python-pygit2-debuginfo-0.28.2-1.35 added - python-pygit2-debugsource-0.28.2-1.35 added - python-yarl-debugsource-1.3.0-3.3.1 added - python3-Cheetah3-3.2.4-1.24 added - python3-Cheetah3-debuginfo-3.2.4-1.24 added - python3-libmodulemd-2.12.0-3.8.1 added - python3-multidict-4.5.2-1.24 added - python3-multidict-debuginfo-4.5.2-1.24 added - python3-psycopg2-2.8.5-5.7.1 added - python3-psycopg2-debuginfo-2.8.5-5.7.1 added - python3-pygit2-0.28.2-1.35 added - python3-pygit2-debuginfo-0.28.2-1.35 added - python3-uyuni-common-libs-4.2.6-150300.3.6.1 added - python3-yarl-1.3.0-3.3.1 added - python3-yarl-debuginfo-1.3.0-3.3.1 added - reprepro-5.3.0-1.75 added - reprepro-debuginfo-5.3.0-1.75 added - reprepro-debugsource-5.3.0-1.75 added - rpm-build-4.14.3-150300.46.1 added - rpm-build-debuginfo-4.14.3-150300.46.1 added - rpm-debuginfo-4.14.3-150300.46.1 added - rpm-debugsource-4.14.3-150300.46.1 added - simple-core-3.1.3-0.9.53 added - sle-module-suse-manager-server-release-4.2-8.5 added - smdba-1.7.10-0.150300.3.9.2 added - spacewalk-branding-4.2.14-150300.3.12.2 added - susemanager-4.2.35-150300.3.36.1 added - susemanager-tftpsync-4.2.3-3.3.1 added - susemanager-tools-4.2.35-150300.3.36.1 added - typelib-1_0-Modulemd-2_0-2.12.0-3.8.1 added - udns-0.4-0.9.66 added - udns-debuginfo-0.4-0.9.66 added - udns-debugsource-0.4-0.9.66 added - uyuni-base-common-4.2.3-1.21 added - uyuni-base-server-4.2.3-1.21 added - adios-gnu-mpich-hpc-devel-1.13.1-10.20 removed - adios-gnu-mvapich2-hpc-devel-1.13.1-10.31 removed - adios-gnu-openmpi3-hpc-devel-1.13.1-10.17 removed - adios-gnu-openmpi4-hpc-devel-1.13.1-10.19 removed - adios_1_13_1-gnu-mpich-hpc-devel-1.13.1-10.20 removed - adios_1_13_1-gnu-mvapich2-hpc-devel-1.13.1-10.31 removed - adios_1_13_1-gnu-openmpi3-hpc-devel-1.13.1-10.17 removed - adios_1_13_1-gnu-openmpi4-hpc-devel-1.13.1-10.19 removed - hdf5_1_10_7-hpc-examples-1.10.7-2.25 removed - kernel-livepatch-5_3_18-150300_59_63-default-1-150300.7.3.1 removed - libnetcdf-cxx4-gnu-hpc-devel-4.3.1-6.67 removed - libnetcdf-cxx4_4_3_1-gnu-hpc-devel-4.3.1-6.67 removed - libnetcdf-cxx4_4_3_1-gnu-hpc-devel-static-4.3.1-6.67 removed - netcdf-fortran-gnu-mpich-hpc-devel-4.5.3-2.92 removed - netcdf-fortran-gnu-mvapich2-hpc-devel-4.5.3-2.136 removed - netcdf-fortran-gnu-openmpi3-hpc-devel-4.5.3-2.82 removed - netcdf-fortran-gnu-openmpi4-hpc-devel-4.5.3-2.95 removed - netcdf-fortran_4_5_3-gnu-mpich-hpc-devel-4.5.3-2.92 removed - netcdf-fortran_4_5_3-gnu-mvapich2-hpc-devel-4.5.3-2.136 removed - netcdf-fortran_4_5_3-gnu-openmpi3-hpc-devel-4.5.3-2.82 removed - netcdf-fortran_4_5_3-gnu-openmpi4-hpc-devel-4.5.3-2.95 removed - netcdf-gnu-hpc-devel-4.7.4-4.3.2 removed - netcdf-gnu-mpich-hpc-devel-4.7.4-4.3.2 removed - netcdf-gnu-mvapich2-hpc-devel-4.7.4-4.3.2 removed - netcdf-gnu-openmpi3-hpc-devel-4.7.4-4.3.2 removed - netcdf-gnu-openmpi4-hpc-devel-4.7.4-4.3.2 removed - netcdf_4_7_4-gnu-hpc-devel-4.7.4-4.3.2 removed - netcdf_4_7_4-gnu-hpc-devel-static-4.7.4-4.3.2 removed - netcdf_4_7_4-gnu-mpich-hpc-devel-4.7.4-4.3.2 removed - netcdf_4_7_4-gnu-mpich-hpc-devel-static-4.7.4-4.3.2 removed - netcdf_4_7_4-gnu-mvapich2-hpc-devel-4.7.4-4.3.2 removed - netcdf_4_7_4-gnu-mvapich2-hpc-devel-static-4.7.4-4.3.2 removed - netcdf_4_7_4-gnu-openmpi3-hpc-devel-4.7.4-4.3.2 removed - netcdf_4_7_4-gnu-openmpi3-hpc-devel-static-4.7.4-4.3.2 removed - netcdf_4_7_4-gnu-openmpi4-hpc-devel-4.7.4-4.3.2 removed - netcdf_4_7_4-gnu-openmpi4-hpc-devel-static-4.7.4-4.3.2 removed - petsc-gnu-mpich-hpc-devel-3.14.5-1.13 removed - petsc-gnu-mvapich2-hpc-devel-3.14.5-1.28 removed - petsc-gnu-openmpi3-hpc-devel-3.14.5-1.27 removed - petsc-gnu-openmpi4-hpc-devel-3.14.5-1.27 removed - petsc_3_14_5-gnu-mpich-hpc-devel-3.14.5-1.13 removed - petsc_3_14_5-gnu-mvapich2-hpc-devel-3.14.5-1.28 removed - petsc_3_14_5-gnu-openmpi3-hpc-devel-3.14.5-1.27 removed - petsc_3_14_5-gnu-openmpi4-hpc-devel-3.14.5-1.27 removed - trilinos-gnu-mpich-hpc-devel-13.2.0-150300.3.3.3 removed - trilinos-gnu-mvapich2-hpc-devel-13.2.0-150300.3.3.3 removed - trilinos-gnu-openmpi3-hpc-devel-13.2.0-150300.3.3.3 removed - trilinos-gnu-openmpi4-hpc-devel-13.2.0-150300.3.3.2 removed - trilinos_13_0_1-gnu-mpich-hpc-devel-13.0.1-1.1 removed - trilinos_13_0_1-gnu-mvapich2-hpc-devel-13.0.1-1.1 removed - trilinos_13_0_1-gnu-openmpi3-hpc-devel-13.0.1-1.1 removed - trilinos_13_0_1-gnu-openmpi4-hpc-devel-13.0.1-1.1 removed - trilinos_13_2_0-gnu-mpich-hpc-devel-13.2.0-150300.3.3.3 removed - trilinos_13_2_0-gnu-mvapich2-hpc-devel-13.2.0-150300.3.3.3 removed - trilinos_13_2_0-gnu-openmpi3-hpc-devel-13.2.0-150300.3.3.3 removed - trilinos_13_2_0-gnu-openmpi4-hpc-devel-13.2.0-150300.3.3.2 removed