Advisories

SUSE Image Update Advisory: sles-15-sp2-chost-byos-v20210506
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2021:444-1
Image Tags        : sles-15-sp2-chost-byos-v20210506:20210506
Image Release     : 
Severity          : important
Type              : security
References        : 1027519 1047233 1065729 1113295 1152472 1152489 1153274 1154353
                        1155518 1156256 1156395 1159280 1160634 1161276 1165780 1167574
                        1167773 1168777 1169514 1169709 1171295 1173485 1174166 1174304
                        1174306 1175740 1175741 1175960 1175995 1177047 1177204 1177326
                        1178163 1178181 1178219 1178219 1178330 1178469 1178490 1178680
                        1179031 1179032 1179148 1179156 1179454 1179908 1180197 1180304
                        1180690 1180713 1180836 1180980 1181254 1181383 1181507 1181674
                        1181696 1181862 1181976 1181989 1182011 1182012 1182077 1182485
                        1182552 1182574 1182576 1182591 1182595 1182715 1182716 1182717
                        1182770 1182791 1182793 1182899 1182989 1183015 1183018 1183022
                        1183023 1183048 1183064 1183072 1183239 1183252 1183277 1183278
                        1183279 1183280 1183281 1183282 1183283 1183284 1183285 1183286
                        1183287 1183288 1183366 1183369 1183386 1183405 1183412 1183414
                        1183415 1183416 1183421 1183427 1183428 1183445 1183447 1183453
                        1183501 1183509 1183530 1183534 1183540 1183572 1183574 1183593
                        1183596 1183598 1183637 1183646 1183662 1183686 1183692 1183696
                        1183750 1183757 1183775 1183791 1183800 1183801 1183843 1183859
                        1183871 1183936 1184074 1184120 1184136 1184161 1184167 1184168
                        1184170 1184176 1184192 1184193 1184194 1184196 1184198 1184211
                        1184217 1184218 1184219 1184220 1184224 1184310 1184388 1184391
                        1184393 1184401 1184485 1184509 1184511 1184512 1184514 1184521
                        1184583 1184585 1184644 1184647 1184677 1184690 1184815 1185020
                        1185345 1185408 1185409 1185410 CVE-2019-18814 CVE-2019-19769
                        CVE-2020-13987 CVE-2020-13988 CVE-2020-17437 CVE-2020-17438 CVE-2020-25670
                        CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171
                        CVE-2020-27815 CVE-2020-27840 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311
                        CVE-2020-36312 CVE-2020-36322 CVE-2021-20208 CVE-2021-20254 CVE-2021-20277
                        CVE-2021-20305 CVE-2021-25214 CVE-2021-25215 CVE-2021-25317 CVE-2021-27363
                        CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28375 CVE-2021-28660
                        CVE-2021-28687 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28965
                        CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29264 CVE-2021-29265
                        CVE-2021-29647 CVE-2021-30002 CVE-2021-3156 CVE-2021-3308 CVE-2021-3428
                        CVE-2021-3444 CVE-2021-3468 CVE-2021-3483 CVE-2021-3516 CVE-2021-3517
                        CVE-2021-3518 
-----------------------------------------------------------------

The container sles-15-sp2-chost-byos-v20210506 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1018-1
Released:    Tue Apr  6 14:29:13 2021
Summary:     Recommended update for gzip
Type:        recommended
Severity:    moderate
References:  1180713
This update for gzip fixes the following issues:

- Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1021-1
Released:    Tue Apr  6 14:30:30 2021
Summary:     Recommended update for cups
Type:        recommended
Severity:    moderate
References:  1175960
This update for cups fixes the following issues:

- Fixed the web UI kerberos authentication (bsc#1175960)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1028-1
Released:    Tue Apr  6 17:54:37 2021
Summary:     Security update for xen
Type:        security
Severity:    important
References:  1027519,1177204,1179148,1180690,1181254,1181989,1182576,1183072,CVE-2021-28687,CVE-2021-3308
This update for xen fixes the following issues:

- CVE-2021-3308: VUL-0: xen: IRQ vector leak on x86 (bsc#1181254, XSA-360)
- CVE-2021-28687: HVM soft-reset crashes toolstack (bsc#1183072, XSA-368)
- L3: conring size for XEN HV's with huge memory to small. Inital Xen logs cut (bsc#1177204)
- L3: XEN domU crashed on resume when using the xl unpause command (bsc#1182576)
- L3: xen: no needsreboot flag set (bsc#1180690)
- kdump of HVM fails, soft-reset not handled by libxl (bsc#1179148)
- openQA job causes libvirtd to dump core when running kdump inside domain (bsc#1181989)
- Upstream bug fixes (bsc#1027519)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1141-1
Released:    Mon Apr 12 13:13:36 2021
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    low
References:  1182791
This update for openldap2 fixes the following issues:

- Improved the proxy connection timeout options to prune connections properly (bsc#1182791)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1161-1
Released:    Tue Apr 13 11:35:57 2021
Summary:     Security update for cifs-utils
Type:        security
Severity:    moderate
References:  1183239,CVE-2021-20208
This update for cifs-utils fixes the following issues:

- CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container (bsc#1183239)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1169-1
Released:    Tue Apr 13 15:01:42 2021
Summary:     Recommended update for procps
Type:        recommended
Severity:    low
References:  1181976
This update for procps fixes the following issues:

- Corrected a statement in the man page about processor pinning via taskset (bsc#1181976)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1205-1
Released:    Thu Apr 15 15:14:31 2021
Summary:     Recommended update for rsyslog
Type:        recommended
Severity:    moderate
References:  1178490
This update for rsyslog fixes the following issues:

- Fix groupname retrieval for large groups. (bsc#1178490)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1238-1
Released:    Fri Apr 16 10:58:27 2021
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1047233,1065729,1113295,1152472,1152489,1153274,1154353,1155518,1156256,1156395,1159280,1160634,1167574,1167773,1168777,1169514,1169709,1171295,1173485,1175995,1177326,1178163,1178181,1178330,1179454,1180197,1180980,1181383,1181507,1181674,1181862,1182011,1182077,1182485,1182552,1182574,1182591,1182595,1182715,1182716,1182717,1182770,1182989,1183015,1183018,1183022,1183023,1183048,1183252,1183277,1183278,1183279,1183280,1183281,1183282,1183283,1183284,1183285,1183286,1183287,1183288,1183366,1183369,1183386,1183405,1183412,1183416,1183427,1183428,1183445,1183447,1183501,1183509,1183530,1183534,1183540,1183593,1183596,1183598,1183637,1183646,1183662,1183686,1183692,1183696,1183750,1183757,1183775,1183843,1183859,1183871,1184074,1184120,1184167,1184168,1184170,1184176,1184192,1184193,1184194,1184196,1184198,1184211,1184217,1184218,1184219,1184220,1184224,1184388,1184391,1184393,1184485,1184509,1184511,1184512,1184514,1184583,1184585,1184647,CVE-2019-18814,CVE-2019-19769,CVE
 -2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-27170,CVE-2020-27171,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2020-36322,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28375,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-30002,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read  (bsc#1184170).
- CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).
- CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).
- CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).
- CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).
- CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).
- CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).
- CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).
- CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).
- CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).
- CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596).
- CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).
- CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).
- CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).
- CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).
- CVE-2020-35519: Fixed an out-of-bounds memory access  was found in x25_bind (bsc#1183696).
- CVE-2020-27815: Fixed an issue in JFS filesystem  where could have allowed an attacker to execute code (bsc#1179454).
- CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).
- CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).
- CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ).
- CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256).
- CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).
- CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120).
- CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391).
- CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194).
- CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ).
- CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511).
- CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512).
- CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181).
- CVE-2020-36322: Fixed an issue was discovered in FUSE filesystem implementation which could have caused a system crash (bsc#1184211).

The following non-security bugs were fixed:

- 0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch: (bsc#1171295, git fixes (block drivers)).
- 0008-block-revert-back-to-synchronous-request_queue-remov.patch: (bsc#1171295, git fixes (block drivers)).
- 0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes (block drivers)). 
- ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes).
- ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes).
- ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383).
- ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes).
- ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes).
- ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes).
- ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes).
- ALSA: aloop: Fix initialization of controls (git-fixes).
- ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes).
- ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes).
- ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes).
- ALSA: hda: generic: Fix the micmute led init state (git-fixes).
- ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes).
- ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes).
- ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes).
- ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes).
- ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes).
- ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes).
- ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes).
- ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes).
- ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552).
- ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552).
- ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes).
- ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552).
- ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552).
- ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552).
- ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552).
- ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell AE515 sound bar (bsc#1182552).
- ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552).
- ALSA: usb-audio: Fix 'RANGE setting not yet supported' errors (git-fixes).
- ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552).
- ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes).
- ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes).
- amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes).
- apparmor: check/put label on apparmor_sk_clone_security() (git-fixes).
- appletalk: Fix skb allocation size in loopback case (git-fixes).
- arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862).
- ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes).
- ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes).
- ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes).
- ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes).
- ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes).
- ASoC: cs42l42: Fix channel width support (git-fixes).
- ASoC: cs42l42: Fix mixer volume control (git-fixes).
- ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes).
- ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes).
- ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes).
- ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes).
- ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes).
- ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes).
- ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes).
- ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes).
- ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes).
- ASoC: max98373: Added 30ms turn on/off time delay (git-fixes).
- ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).
- ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).
- ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes).
- ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes).
- ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes).
- ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes).
- ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes).
- ASoC: simple-card-utils: Do not handle device clock (git-fixes).
- ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes).
- ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes).
- ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes).
- ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes).
- ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes).
- atl1c: fix error return code in atl1c_probe() (git-fixes).
- atl1e: fix error return code in atl1e_probe() (git-fixes).
- batman-adv: initialize 'struct batadv_tvlv_tt_vlan_data'->reserved field (git-fixes).
- binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).
- binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).
- blktrace-annotate-required-lock-on-do_blk_trace_setu.patch: (bsc#1171295).
- blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch: (bsc#1171295).
- blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch: (bsc#1171295).
- block-clarify-context-for-refcount-increment-helpers.patch: (bsc#1171295).
- block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes).
- Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes).
- Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes).
- bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274).
- bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).
- bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518).
- bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518).
- bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518).
- bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170).
- bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518).
- bpf_lru_list: Read double-checked variable once without lock (bsc#1155518).
- bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518).
- bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775).
- bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518).
- bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163).
- brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes).
- brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes).
- brcmfmac: clear EAP/association status bits on linkdown events (git-fixes).
- btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217).
- btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224).
- btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386).
- btrfs: fix extent buffer leak on failure to copy root (bsc#1184218).
- btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193).
- btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220).
- btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219).
- bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes).
- bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes).
- can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes).
- can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes).
- can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes).
- can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes).
- can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes).
- can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes).
- can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes).
- can: peak_usb: add forgotten supported devices (git-fixes).
- can: peak_usb: Revert 'can: peak_usb: add forgotten supported devices' (git-fixes).
- can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes).
- cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes).
- cifs: change noisy error message to FYI (bsc#1181507).
- cifs: check pointer before freeing (bsc#1183534).
- cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507).
- cifs: do not send close in compound create+close requests (bsc#1181507).
- cifs: New optype for session operations (bsc#1181507).
- cifs: print MIDs in decimal notation (bsc#1181507).
- cifs: return proper error code in statfs(2) (bsc#1181507).
- cifs: Tracepoints and logs for tracing credit changes (bsc#1181507).
- clk: fix invalid usage of list cursor in register (git-fixes).
- clk: fix invalid usage of list cursor in unregister (git-fixes).
- clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes).
- completion: Drop init_completion define (git-fixes).
- configfs: fix a use-after-free in __configfs_open_file (git-fixes).
- config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595
- crypto: aesni - prevent misaligned buffers on the stack (git-fixes).
- crypto: arm64/sha - add missing module aliases (git-fixes).
- crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes).
- crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes).
- crypto: tcrypt - avoid signed overflow in byte count (git-fixes).
- Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield.patch (bsc#1183530) 
- dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485).
- drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes).
- drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes).
- drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes).
- drm/amdgpu: Add check to prevent IH overflow (git-fixes).
- drm/amdgpu: check alignment on CPU page for bo map (git-fixes).
- drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes).
- drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes).
- drm/amdkfd: Put ACPI table after using it (bsc#1152489) 
- drm/amd/powerplay: fix spelling mistake 'smu_state_memroy_block' -> (bsc#1152489) 
- drm/compat: Clear bounce structures (git-fixes).
- drm/hisilicon: Fix use-after-free (git-fixes).
- drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074).
- drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes).
- drm/mediatek: Fix aal size config (bsc#1152489) 
- drm: meson_drv add shutdown function (git-fixes).
- drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes).
- drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes).
- drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes).
- drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) 
- drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes).
- drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) 
- drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) 
- drm/msm/gem: Add obj->lock wrappers (bsc#1152489) 
- drm/msm: Ratelimit invalid-fence message (git-fixes).
- drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes).
- drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489) 
- drm/nouveau/kms: handle mDP connectors (git-fixes).
- drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472) 
- drm/panfrost: Fix job timeout handling (bsc#1152472) 
- drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472)
- drm/radeon: fix AGP dependency (git-fixes).
- drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) 
- drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes).
- drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) 
- drm/tegra: sor: Grab runtime PM reference across reset (git-fixes).
- drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) 
- efi: use 32-bit alignment for efi_guid_t literals (git-fixes).
- enetc: Fix reporting of h/w packet counters (git-fixes).
- epoll: check for events when removing a timed out thread from the wait queue (git-fixes).
- ethernet: alx: fix order of calls on resume (git-fixes).
- exec: Move would_dump into flush_old_exec (git-fixes).
- exfat: add missing MODULE_ALIAS_FS() (bsc#1182989).
- exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989).
- extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes).
- extcon: Fix error handling in extcon_dev_register (git-fixes).
- fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes).
- firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes).
- flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353).
- fsl/fman: check dereferencing null pointer (git-fixes).
- fsl/fman: fix dereference null return value (git-fixes).
- fsl/fman: fix eth hash table allocation (git-fixes).
- fsl/fman: fix unreachable code (git-fixes).
- fsl/fman: use 32-bit unsigned integer (git-fixes).
- fuse: fix bad inode (bsc#1184211).
- fuse: fix live lock in fuse_iget() (bsc#1184211).
- fuse: verify write return (git-fixes).
- gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862).
- gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862).
- gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862).
- gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes).
- gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes).
- gianfar: Handle error code at MAC address change (git-fixes).
- gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes).
- Goodix Fingerprint device is not a modem (git-fixes).
- gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes).
- gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes).
- gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes).
- HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes).
- HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes).
- HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes).
- hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes).
- i2c: rcar: faster irq code to minimize HW race condition (git-fixes).
- i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes).
- i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025).
- i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025).
- iavf: Fix incorrect adapter get in iavf_resume (git-fixes).
- iavf: use generic power management (git-fixes).
- ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139).
- ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844).
- ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139).
- ibmvnic: fix block comments (bsc#1183871 ltc#192139).
- ibmvnic: fix braces (bsc#1183871 ltc#192139).
- ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139).
- ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc#SLE-17268).
- ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139).
- ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139).
- ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139).
- ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591).
- ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139).
- ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139).
- ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139).
- ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791).
- ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791).
- ice: fix memory leak if register_netdev_fails (git-fixes).
- ice: fix memory leak in ice_vsi_setup (git-fixes).
- ice: Fix state bits on LLDP mode switch (jsc#SLE-7926).
- ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926).
- ice: renegotiate link after FW DCB on (jsc#SLE-8464).
- ice: report correct max number of TCs (jsc#SLE-7926).
- ice: update the number of available RSS queues (jsc#SLE-7926).
- igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634).
- iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes).
- iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes).
- iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes).
- iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes).
- iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes).
- iio: hid-sensor-prox: Fix scale not correct issue (git-fixes).
- iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes).
- include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes).
- Input: applespi - do not wait for responses to commands indefinitely (git-fixes).
- Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes).
- Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes).
- Input: raydium_ts_i2c - do not send zero length (git-fixes).
- Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes).
- iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277).
- iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278).
- iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637).
- iommu/vt-d: Add get_domain_info() helper (bsc#1183279).
- iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280).
- iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281).
- iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282).
- iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283).
- iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284).
- iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285).
- iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286).
- iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585).
- ionic: linearize tso skb with too many frags (bsc#1167773).
- kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).
- kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862).
- kbuild: change *FLAGS_.o to take the path relative to $(obj) (bcs#1181862).
- kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862).
- kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862).
- kbuild: Fail if gold linker is detected (bcs#1181862).
- kbuild: improve cc-option to clean up all temporary files (bsc#1178330).
- kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862).
- kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862).
- kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862).
- kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330).
- kconfig: introduce m32-flag and m64-flag (bcs#1181862).
- KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427).
- KVM: SVM: Clear the CR4 register on reset (bsc#1183252).
- KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445). 
- KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ('kvm: tracing: Fix unmatched kvm_entry and kvm_exit events', bsc#1182770).
- KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287).
- KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412).
- KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447).
- KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369).
- KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428).
- KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288).
- libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518).
- libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518).
- libbpf: Fix INSTALL flag order (bsc#1155518).
- libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518).
- libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518).
- lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes).
- locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes).
- loop-be-paranoid-on-exit-and-prevent-new-additions-r.patch: (bsc#1171295).
- mac80211: choose first enabled channel for monitor (git-fixes).
- mac80211: fix double free in ibss_leave (git-fixes).
- mac80211: fix rate mask reset (git-fixes).
- mac80211: fix TXQ AC confusion (git-fixes).
- mdio: fix mdio-thunder.c dependency & build error (git-fixes).
- media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes).
- media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes).
- media: mceusb: Fix potential out-of-bounds shift (git-fixes).
- media: mceusb: sanity check for prescaler value (git-fixes).
- media: rc: compile rc-cec.c into rc-core (git-fixes).
- media: usbtv: Fix deadlock on suspend (git-fixes).
- media: uvcvideo: Allow entities with no pads (git-fixes).
- media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes).
- media: v4l: vsp1: Fix bru null pointer access (git-fixes).
- media: v4l: vsp1: Fix uif null pointer access (git-fixes).
- media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes).
- misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes).
- misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes).
- misc/pvpanic: Export module FDT device table (git-fixes).
- misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes).
- mISDN: fix crash in fritzpci (git-fixes).
- mmc: core: Fix partition switch time for eMMC (git-fixes).
- mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes).
- mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes).
- mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes).
- mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes).
- mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes).
- mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777).
- mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes).
- mt76: dma: do not report truncated frames to mac80211 (git-fixes).
- mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes).
- net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes).
- net: atheros: switch from 'pci_' to 'dma_' API (git-fixes).
- net: b44: fix error return code in b44_init_one() (git-fixes).
- net: bonding: fix error return code of bond_neigh_init() (bsc#1154353).
- net: cdc-phonet: fix data-interface release on probe failure (git-fixes).
- net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139).
- netdevsim: init u64 stats for 32bit hardware (git-fixes).
- net: dsa: rtl8366: Fix VLAN semantics (git-fixes).
- net: dsa: rtl8366: Fix VLAN set-up (git-fixes).
- net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes).
- net: enic: Cure the enic api locking trainwreck (git-fixes).
- net: ethernet: aquantia: Fix wrong return value (git-fixes).
- net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes).
- net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139).
- net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes).
- net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes).
- net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes).
- net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes).
- net: fec: Fix reference count leak in fec series ops (git-fixes).
- net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes).
- net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes).
- net: gianfar: Add of_node_put() before goto statement (git-fixes).
- net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes).
- net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes).
- net: hns3: Remove the left over redundant check & assignment (bsc#1154353).
- net: korina: cast KSEG0 address to pointer in kfree (git-fixes).
- net: korina: fix kfree of rx/tx descriptor array (git-fixes).
- net: lantiq: Wait for the GPHY firmware to be ready (git-fixes).
- net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464).
- net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464).
- net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464).
- net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464).
- net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464).
- net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464).
- net/mlx5: Fix PPLM register mapping (jsc#SLE-8464).
- net: mvneta: fix double free of txq->buf (git-fixes).
- net: mvneta: make tx buffer array agnostic (git-fixes).
- net: pasemi: fix error return code in pasemi_mac_open() (git-fixes).
- net: phy: broadcom: Only advertise EEE for supported modes (git-fixes).
- net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes).
- net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes).
- net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)
- netsec: restore phy power state after controller reset (bsc#1183757).
- net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes).
- net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes).
- net: stmmac: removed enabling eee in EEE set callback (git-fixes).
- net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes).
- net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes).
- net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes).
- net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes).
- net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).
- net: wan/lmc: unregister device when no matching device is found (git-fixes).
- nfp: flower: fix pre_tun mask id allocation (bsc#1154353).
- nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077).
- nvme-fabrics: fix kato initialization (bsc#1182591).
- nvme-fabrics: only reserve a single tag (bsc#1182077).
- nvme-fc: fix racing controller reset and create association (bsc#1183048).
- nvme-hwmon: Return error code when registration fails (bsc#1177326).
- nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077).
- nvme: return an error if nvme_set_queue_count() fails (bsc#1180197).
- nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501).
- objtool: Fix '.cold' section suffix check for newer versions of GCC (bsc#1169514).
- objtool: Fix error handling for STD/CLD warnings (bsc#1169514).
- objtool: Fix retpoline detection in asm code (bsc#1169514).
- ovl: fix dentry leak in ovl_get_redirect (bsc#1184176).
- ovl: fix out of date comment and unreachable code (bsc#1184176).
- ovl: fix regression with re-formatted lower squashfs (bsc#1184176).
- ovl: fix unneeded call to ovl_change_flags() (bsc#1184176).
- ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176).
- ovl: initialize error in ovl_copy_xattr (bsc#1184176).
- ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176).
- PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes).
- PCI: Align checking of syscall user config accessors (git-fixes).
- PCI: Decline to resize resources if boot config must be preserved (git-fixes).
- PCI: Fix pci_register_io_range() memory leak (git-fixes).
- PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes).
- PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes).
- PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes).
- pinctrl: rockchip: fix restore error in resume (git-fixes).
- Platform: OLPC: Fix probe error handling (git-fixes).
- platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes).
- platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes).
- platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes).
- platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes).
- platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes).
- platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes).
- platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes).
- platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes).
- platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes).
- PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes).
- PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366).
- PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes).
- PM: runtime: Fix race getting/putting suppliers at probe (git-fixes).
- post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388).
- powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729).
- powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963).
- powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).
- powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).
- powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).
- powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729).
- powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395).
- powerpc/sstep: Fix darn emulation (bsc#1156395).
- powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395).
- powerpc/sstep: Fix load-store and update emulation (bsc#1156395).
- printk: fix deadlock when kernel panic (bsc#1183018).
- proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes).
- pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes).
- qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes).
- qxl: Fix uninitialised struct field head.surface_id (git-fixes).
- random: fix the RNDRESEEDCRNG ioctl (git-fixes).
- RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489).
- RDMA/hns: Disable RQ inline by default (jsc#SLE-8449).
- RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449).
- RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709)
- regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes).
- Revert 'net: bonding: fix error return code of bond_neigh_init()' (bsc#1154353).
- rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079).
- rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream.
- rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12.
- rpm/check-for-config-changes: comment on the list To explain what it actually is.
- rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended.
- rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list
- rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans.
- rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally.
- rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes).
- rsi: Move card interrupt handling to RX thread (git-fixes).
- rsxx: Return -EFAULT if copy_to_user() fails (git-fixes).
- s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes).
- s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes).
- s390/qeth: fix notification for pending buffers during teardown (git-fixes).
- s390/qeth: improve completion of pending TX buffers (git-fixes).
- s390/qeth: schedule TX NAPI on QAOB completion (git-fixes).
- s390/vtime: fix increased steal time accounting (bsc#1183859).
- samples, bpf: Add missing munmap in xdpsock (bsc#1155518).
- samples/bpf: Fix possible hang in xdpsock with multiple threads (bsc#1155518).
- scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231).
- scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574).
- scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574).
- scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574).
- scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574).
- scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574).
- scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574).
- scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574).
- scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574).
- scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574).
- scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574).
- scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574).
- scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574).
- scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574).
- scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574).
- scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574).
- scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574).
- scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574).
- scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574).
- scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574).
- scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574).
- scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574).
- scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574).
- scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843).
- scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843).
- selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518).
- selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518).
- selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518).
- selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes).
- selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes).
- selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes).
- smb3: add dynamic trace point to trace when credits obtained (bsc#1181507).
- smb3: fix crediting for compounding when only one request in flight (bsc#1181507).
- smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540).
- soc/fsl: qbman: fix conflicting alignment attributes (git-fixes).
- software node: Fix node registration (git-fixes).
- spi: stm32: make spurious and overrun interrupts visible (git-fixes).
- squashfs: fix inode lookup sanity checks (bsc#1183750).
- squashfs: fix xattr id and id lookup sanity checks (bsc#1183750).
- stop_machine: mark helpers __always_inline (git-fixes).
- thermal/core: Add NULL pointer check before using cooling device stats (git-fixes).
- udlfb: Fix memory leak in dlfb_usb_probe (git-fixes).
- Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598)
- USB: cdc-acm: downgrade message to debug (git-fixes).
- USB: cdc-acm: fix double free on probe failure (git-fixes).
- USB: cdc-acm: fix use-after-free after probe failure (git-fixes).
- USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes).
- USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes).
- USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes).
- USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes).
- USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes).
- USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes).
- USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes).
- USB: gadget: configfs: Fix KASAN use-after-free (git-fixes).
- USB: gadget: f_uac1: stop playback on function disable (git-fixes).
- USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes).
- USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes).
- USB: gadget: u_ether: Fix a configfs return code (git-fixes).
- USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes).
- USBip: fix stub_dev to check for stream socket (git-fixes).
- USBip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes).
- USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes).
- USBip: fix vhci_hcd to check for stream socket (git-fixes).
- USBip: fix vudc to check for stream socket (git-fixes).
- USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes).
- USBip: tools: fix build error for multiple definition (git-fixes).
- USBip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes).
- USB: musb: Fix suspend with devices connected for a64 (git-fixes).
- USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes).
- USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes).
- USB: replace hardcode maximum usb string length by definition (git-fixes).
- USB: serial: ch341: add new Product ID (git-fixes).
- USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes).
- USB: serial: cp210x: add some more GE USB IDs (git-fixes).
- USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes).
- USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes).
- USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes).
- USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes).
- USB: usblp: fix a hang in poll() if disconnected (git-fixes).
- USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes).
- USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes).
- USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes).
- use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139).
- video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489)
- video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes).
- VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes).
- vt/consolemap: do font sum unsigned (git-fixes).
- watchdog: mei_wdt: request stop on unregister (git-fixes).
- wireguard: device: do not generate ICMP for non-IP packets (git-fixes).
- wireguard: kconfig: use arm chacha even with no neon (git-fixes).
- wireguard: selftests: test multiple parallel streams (git-fixes).
- wlcore: Fix command execute failure 19 for wl12xx (git-fixes).
- x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489).
- x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489).
- x86/ioapic: Ignore IRQ2 again (bsc#1152489).
- x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489).
- xen/events: avoid handling the same event on two cpus at the same time (git-fixes).
- xen/events: do not unmask an event channel when an eoi is pending (git-fixes).
- xen/events: fix setting irq affinity (bsc#1184583).
- xen/events: reset affinity of 2-level event when tearing it down (git-fixes).
- Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367).
- xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367).
- xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980).
- xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes).
- xhci: Improve detection of device initiated wake signal (git-fixes).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1269-1
Released:    Tue Apr 20 14:00:20 2021
Summary:     Recommended update for grub2
Type:        recommended
Severity:    important
References:  1174166,1181696,1182012
This update for grub2 fixes the following issues:

- Fix error `grub_file_filters not found` in Azure virtual machine. (bsc#1182012)
- Fix executable stack marking in `grub-emu`. (bsc#1181696)
- Remove `95_textmode` for PowerPC given that there's no efi port on that architecture. (bsc#1174166)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1275-1
Released:    Tue Apr 20 14:31:26 2021
Summary:     Security update for sudo
Type:        security
Severity:    important
References:  1183936,CVE-2021-3156
This update for sudo fixes the following issues:

- L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1280-1
Released:    Tue Apr 20 14:34:19 2021
Summary:     Security update for ruby2.5
Type:        security
Severity:    moderate
References:  1184644,CVE-2021-28965
This update for ruby2.5 fixes the following issues:

- Update to 2.5.9
- CVE-2021-28965: XML round-trip vulnerability in REXML (bsc#1184644)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1286-1
Released:    Tue Apr 20 20:10:21 2021
Summary:     Recommended update for SLES-release
Type:        recommended
Severity:    moderate
References:  1180836
This recommended update for SLES-release provides the following fix:

- Revert the problematic changes previously released and make sure the version is high
  enough to obsolete the package on containers and images. (bsc#1180836)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1289-1
Released:    Wed Apr 21 14:02:46 2021
Summary:     Recommended update for gzip
Type:        recommended
Severity:    moderate
References:  1177047
This update for gzip fixes the following issues:

- Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1295-1
Released:    Wed Apr 21 14:08:19 2021
Summary:     Recommended update for systemd-presets-common-SUSE
Type:        recommended
Severity:    moderate
References:  1184136
This update for systemd-presets-common-SUSE fixes the following issues:

- Enabled hcn-init.service for HNV on POWER (bsc#1184136)

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:1296-1
Released:    Wed Apr 21 14:09:28 2021
Summary:     Optional update for e2fsprogs
Type:        optional
Severity:    low
References:  1183791
This update for e2fsprogs fixes the following issues:

- Fixed an issue when building e2fsprogs (bsc#1183791)

This patch does not fix any user visible issues and is therefore optional to install.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1297-1
Released:    Wed Apr 21 14:10:10 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1178219
This update for systemd fixes the following issues:

- Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot
  be stopped properly and would leave mount points mounted.

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:1299-1
Released:    Wed Apr 21 14:11:41 2021
Summary:     Optional update for gpgme
Type:        optional
Severity:    low
References:  1183801
This update for gpgme fixes the following issues:

- Fixed a bug in test cases (bsc#1183801)

This patch is optional to install and does not provide any user visible bug fixes.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1407-1
Released:    Wed Apr 28 15:49:02 2021
Summary:     Recommended update for libcap
Type:        recommended
Severity:    important
References:  1184690
This update for libcap fixes the following issues:

- Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1412-1
Released:    Wed Apr 28 17:09:28 2021
Summary:     Security update for libnettle
Type:        security
Severity:    important
References:  1184401,CVE-2021-20305
This update for libnettle fixes the following issues:

- CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1419-1
Released:    Thu Apr 29 06:20:30 2021
Summary:     Recommended update for dracut
Type:        recommended
Severity:    moderate
References:  1178219
This update for dracut fixes the following issues:

- Fix for adding timeout to umount calls. (bsc#1178219)

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:1425-1
Released:    Thu Apr 29 06:23:08 2021
Summary:     Optional update for tcpdump
Type:        optional
Severity:    low
References:  1183800
This update for tcpdump fixes the following issues:

- Disabled five regression tests that fail with libpcap > 1.8.1 (bsc#1183800)

This patch does not fix any user visible issues and is therefore optional to install.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1426-1
Released:    Thu Apr 29 06:23:13 2021
Summary:     Recommended update for libsolv
Type:        recommended
Severity:    moderate
References:  
This update for libsolv fixes the following issues:

- Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt.
- Fix a couple of memory leaks in error cases.
- Fix error handling in solv_xfopen_fd()
- Fixed 'regex' code on win32.
- Fixed memory leak in choice rule generation

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1444-1
Released:    Thu Apr 29 16:17:34 2021
Summary:     Security update for samba
Type:        security
Severity:    important
References:  1178469,1179156,1183572,1183574,1184310,1184677,CVE-2020-27840,CVE-2021-20254,CVE-2021-20277
This update for samba fixes the following issues:

- CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574).
- CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677).
- CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572).
- Avoid free'ing our own pointer in memcache when memcache_trim attempts to reduce cache size (bsc#1179156).
- s3-libads: use dns name to open a ldap session (bsc#1184310).
- Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1449-1
Released:    Fri Apr 30 08:08:25 2021
Summary:     Recommended update for systemd-presets-branding-SLE
Type:        recommended
Severity:    moderate
References:  1165780
This update for systemd-presets-branding-SLE fixes the following issues:

- Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1454-1
Released:    Fri Apr 30 09:22:26 2021
Summary:     Security update for cups
Type:        security
Severity:    important
References:  1184161,CVE-2021-25317
This update for cups fixes the following issues:

- CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1456-1
Released:    Fri Apr 30 12:00:01 2021
Summary:     Recommended update for cifs-utils
Type:        recommended
Severity:    important
References:  1184815
This update for cifs-utils fixes the following issues:

- Fixed a bug where it was no longer possible to mount CIFS filesystem after the
  last maintenance update (bsc#1184815)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1466-1
Released:    Tue May  4 08:30:57 2021
Summary:     Security update for permissions
Type:        security
Severity:    important
References:  1182899
This update for permissions fixes the following issues:

- etc/permissions: remove unnecessary entries (bsc#1182899)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1471-1
Released:    Tue May  4 08:36:57 2021
Summary:     Security update for bind
Type:        security
Severity:    important
References:  1183453,1185345,CVE-2021-25214,CVE-2021-25215
This update for bind fixes the following issues:

- CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345).
- CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345).
- make /usr/bin/delv in bind-tools position independent (bsc#1183453).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1481-1
Released:    Tue May  4 14:18:32 2021
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1178680
This update for lvm2 fixes the following issues:

- Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1493-1
Released:    Tue May  4 17:13:34 2021
Summary:     Security update for avahi
Type:        security
Severity:    moderate
References:  1184521,CVE-2021-3468
This update for avahi fixes the following issues:

- CVE-2021-3468: avoid infinite loop by handling  HUP event in client_work (bsc#1184521).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1517-1
Released:    Wed May  5 17:43:54 2021
Summary:     Recommended update for open-iscsi
Type:        recommended
Severity:    moderate
References:  1179908,1183421,CVE-2020-13987,CVE-2020-13988,CVE-2020-17437,CVE-2020-17438
This update for open-iscsi fixes the following issues:

- Enabled asynchronous logins for iscsi.service (bsc#1183421)
- Fixed a login issue when target is delayed

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1523-1
Released:    Wed May  5 18:24:20 2021
Summary:     Security update for libxml2
Type:        security
Severity:    moderate
References:  1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518
This update for libxml2 fixes the following issues:

- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).
- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).
- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1527-1
Released:    Thu May  6 08:58:53 2021
Summary:     Recommended update for bash
Type:        recommended
Severity:    important
References:  1183064
This update for bash fixes the following issues:

- Fixed a segmentation fault that used to occur when bash read a history file
  that was malformed in a very specific way. (bsc#1183064)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1528-1
Released:    Thu May  6 15:31:23 2021
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1161276
This update for openssl-1_1 fixes the following issues:

- Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1533-1
Released:    Thu May  6 17:04:28 2021
Summary:     Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent
Type:        recommended
Severity:    moderate
References:  1174304,1174306,1175740,1175741,1179031,1179032,1180304,1182793,1183414,1183415
This update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent contains the following fixes:

Changes in google-guest-agent:
- Update to version 20210223.01 (bsc#1183414, bsc#1183415)
  * add a match block to sshd_config for SAs (#99)
  * add ipv6 forwarded ip support (#101)
  * call restorecon on ssh host keys (#98)
  * Include startup and shutdown in preset (#96)
  * set metadata URL earlier (#94)
- Fix activation logic of systemd services (bsc#1182793)

- Update to version 20201211.00
  * Require snapshot scripts to live under /etc/google/snapshots (#90)
  * Adding support for Windows user account password lengths
    between 15 and 255 characters. (#91)
  * Adding bkatyl to OWNERS (#92)

Changes in google-guest-configs:
- Update to version 20210317.00 (bsc#1183414, bsc#1183415)
  * dracut.conf wants spaces around values (#19)
  * make the same change for debian (#18)
  * change path back for google_nvme_id (#17)
  * move google_nvme_id to /usr/bin (#16)
  * correct udev rule syntax (#15)
  * prune el6 spec (#13)
  * Updated udev rules (#11)
- Remove empty %{_sbindir} from %install and %files section

- Remove service files (bsc#1180304)
  + google-optimize-local-ssd.service, google-set-multiqueue.service
    scripts are called from within the guest agent

Changes in google-guest-oslogin:
- Update to version 20210316.00 (bsc#1183414, bsc#1183415)
  * call correct function in pwenthelper (#53)

- Update to version 20210108.00
  * Update logic in the cache_refresh binary (#52)
  * remove old unused workflow files (#49)

  * add getpwnam,getpwuid,getgrnam,getgrgid (#42)
  * Change requires to not require the python library for policycoreutils. (#44)
  * add dial and recvline (#41)
  * PR feedback
  * new client component and tests

Changes in google-osconfig-agent:

- Update to version 20210316.00 (bsc#1183414, bsc#1183415)
  * call correct function in pwenthelper (#53)

- Update to version 20210108.00
  * Update logic in the cache_refresh binary (#52)
  * remove old unused workflow files (#49)

- Update to version 20200925.00 (bsc#1179031, bsc#1179032)
  * add getpwnam,getpwuid,getgrnam,getgrgid (#42)
  * Change requires to not require the python library for policycoreutils. (#44)
  * add dial and recvline (#41)
  * PR feedback
  * new client component and tests

- Update to version 20200819.00 (bsc#1175740, bsc#1175741)
  * deny non-2fa users (#37)
  * use asterisks instead (#39)
  * set passwords to ! (#38)
  * correct index 0 bug (#36)
  * Support security key generated OTP challenges. (#35)

- No post action for ssh

- Initial build (bsc#1174304, bsc#1174306, jsc#ECO-2099, jsc#PM-1945)
  + Version 20200507.00
  + Replaces google-compute-engine-oslogin package
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1534-1
Released:    Thu May  6 17:05:07 2021
Summary:     Recommended update for kexec-tools
Type:        recommended
Severity:    moderate
References:  1185020
This update for kexec-tools fixes the following issue:

- Hardening: link as Position-Independent Executable PIE (bsc#1185020).

Warning: getimagesize(/images/distros-large/suse-large.png): failed to open stream: No such file or directory in /var/www/webstage.linuxsecurity.com-443/html/templates/newsberg/html/com_content/article/default.php on line 107

Warning: Division by zero in /var/www/webstage.linuxsecurity.com-443/html/templates/newsberg/html/com_content/article/default.php on line 110

SUSE: 2021:444-1 sles-15-sp2-chost-byos-v20210506 Security Update

The container sles-15-sp2-chost-byos-v20210506 was updated. The following patches have been included in this update:
SUSE Image Update Advisory: sles-15-sp2-chost-byos-v20210506
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2021:444-1
Image Tags        : sles-15-sp2-chost-byos-v20210506:20210506
Image Release     : 
Severity          : important
Type              : security
References        : 1027519 1047233 1065729 1113295 1152472 1152489 1153274 1154353
                        1155518 1156256 1156395 1159280 1160634 1161276 1165780 1167574
                        1167773 1168777 1169514 1169709 1171295 1173485 1174166 1174304
                        1174306 1175740 1175741 1175960 1175995 1177047 1177204 1177326
                        1178163 1178181 1178219 1178219 1178330 1178469 1178490 1178680
                        1179031 1179032 1179148 1179156 1179454 1179908 1180197 1180304
                        1180690 1180713 1180836 1180980 1181254 1181383 1181507 1181674
                        1181696 1181862 1181976 1181989 1182011 1182012 1182077 1182485
                        1182552 1182574 1182576 1182591 1182595 1182715 1182716 1182717
                        1182770 1182791 1182793 1182899 1182989 1183015 1183018 1183022
                        1183023 1183048 1183064 1183072 1183239 1183252 1183277 1183278
                        1183279 1183280 1183281 1183282 1183283 1183284 1183285 1183286
                        1183287 1183288 1183366 1183369 1183386 1183405 1183412 1183414
                        1183415 1183416 1183421 1183427 1183428 1183445 1183447 1183453
                        1183501 1183509 1183530 1183534 1183540 1183572 1183574 1183593
                        1183596 1183598 1183637 1183646 1183662 1183686 1183692 1183696
                        1183750 1183757 1183775 1183791 1183800 1183801 1183843 1183859
                        1183871 1183936 1184074 1184120 1184136 1184161 1184167 1184168
                        1184170 1184176 1184192 1184193 1184194 1184196 1184198 1184211
                        1184217 1184218 1184219 1184220 1184224 1184310 1184388 1184391
                        1184393 1184401 1184485 1184509 1184511 1184512 1184514 1184521
                        1184583 1184585 1184644 1184647 1184677 1184690 1184815 1185020
                        1185345 1185408 1185409 1185410 CVE-2019-18814 CVE-2019-19769
                        CVE-2020-13987 CVE-2020-13988 CVE-2020-17437 CVE-2020-17438 CVE-2020-25670
                        CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171
                        CVE-2020-27815 CVE-2020-27840 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311
                        CVE-2020-36312 CVE-2020-36322 CVE-2021-20208 CVE-2021-20254 CVE-2021-20277
                        CVE-2021-20305 CVE-2021-25214 CVE-2021-25215 CVE-2021-25317 CVE-2021-27363
                        CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28375 CVE-2021-28660
                        CVE-2021-28687 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28965
                        CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29264 CVE-2021-29265
                        CVE-2021-29647 CVE-2021-30002 CVE-2021-3156 CVE-2021-3308 CVE-2021-3428
                        CVE-2021-3444 CVE-2021-3468 CVE-2021-3483 CVE-2021-3516 CVE-2021-3517
                        CVE-2021-3518 
-----------------------------------------------------------------

The container sles-15-sp2-chost-byos-v20210506 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1018-1
Released:    Tue Apr  6 14:29:13 2021
Summary:     Recommended update for gzip
Type:        recommended
Severity:    moderate
References:  1180713
This update for gzip fixes the following issues:

- Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1021-1
Released:    Tue Apr  6 14:30:30 2021
Summary:     Recommended update for cups
Type:        recommended
Severity:    moderate
References:  1175960
This update for cups fixes the following issues:

- Fixed the web UI kerberos authentication (bsc#1175960)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1028-1
Released:    Tue Apr  6 17:54:37 2021
Summary:     Security update for xen
Type:        security
Severity:    important
References:  1027519,1177204,1179148,1180690,1181254,1181989,1182576,1183072,CVE-2021-28687,CVE-2021-3308
This update for xen fixes the following issues:

- CVE-2021-3308: VUL-0: xen: IRQ vector leak on x86 (bsc#1181254, XSA-360)
- CVE-2021-28687: HVM soft-reset crashes toolstack (bsc#1183072, XSA-368)
- L3: conring size for XEN HV's with huge memory to small. Inital Xen logs cut (bsc#1177204)
- L3: XEN domU crashed on resume when using the xl unpause command (bsc#1182576)
- L3: xen: no needsreboot flag set (bsc#1180690)
- kdump of HVM fails, soft-reset not handled by libxl (bsc#1179148)
- openQA job causes libvirtd to dump core when running kdump inside domain (bsc#1181989)
- Upstream bug fixes (bsc#1027519)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1141-1
Released:    Mon Apr 12 13:13:36 2021
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    low
References:  1182791
This update for openldap2 fixes the following issues:

- Improved the proxy connection timeout options to prune connections properly (bsc#1182791)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1161-1
Released:    Tue Apr 13 11:35:57 2021
Summary:     Security update for cifs-utils
Type:        security
Severity:    moderate
References:  1183239,CVE-2021-20208
This update for cifs-utils fixes the following issues:

- CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container (bsc#1183239)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1169-1
Released:    Tue Apr 13 15:01:42 2021
Summary:     Recommended update for procps
Type:        recommended
Severity:    low
References:  1181976
This update for procps fixes the following issues:

- Corrected a statement in the man page about processor pinning via taskset (bsc#1181976)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1205-1
Released:    Thu Apr 15 15:14:31 2021
Summary:     Recommended update for rsyslog
Type:        recommended
Severity:    moderate
References:  1178490
This update for rsyslog fixes the following issues:

- Fix groupname retrieval for large groups. (bsc#1178490)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1238-1
Released:    Fri Apr 16 10:58:27 2021
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1047233,1065729,1113295,1152472,1152489,1153274,1154353,1155518,1156256,1156395,1159280,1160634,1167574,1167773,1168777,1169514,1169709,1171295,1173485,1175995,1177326,1178163,1178181,1178330,1179454,1180197,1180980,1181383,1181507,1181674,1181862,1182011,1182077,1182485,1182552,1182574,1182591,1182595,1182715,1182716,1182717,1182770,1182989,1183015,1183018,1183022,1183023,1183048,1183252,1183277,1183278,1183279,1183280,1183281,1183282,1183283,1183284,1183285,1183286,1183287,1183288,1183366,1183369,1183386,1183405,1183412,1183416,1183427,1183428,1183445,1183447,1183501,1183509,1183530,1183534,1183540,1183593,1183596,1183598,1183637,1183646,1183662,1183686,1183692,1183696,1183750,1183757,1183775,1183843,1183859,1183871,1184074,1184120,1184167,1184168,1184170,1184176,1184192,1184193,1184194,1184196,1184198,1184211,1184217,1184218,1184219,1184220,1184224,1184388,1184391,1184393,1184485,1184509,1184511,1184512,1184514,1184583,1184585,1184647,CVE-2019-18814,CVE-2019-19769,CVE
 -2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-27170,CVE-2020-27171,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2020-36322,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28375,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-30002,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read  (bsc#1184170).
- CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).
- CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).
- CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).
- CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).
- CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).
- CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).
- CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).
- CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).
- CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).
- CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596).
- CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).
- CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).
- CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).
- CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).
- CVE-2020-35519: Fixed an out-of-bounds memory access  was found in x25_bind (bsc#1183696).
- CVE-2020-27815: Fixed an issue in JFS filesystem  where could have allowed an attacker to execute code (bsc#1179454).
- CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).
- CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).
- CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ).
- CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256).
- CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).
- CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120).
- CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391).
- CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194).
- CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ).
- CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511).
- CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512).
- CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181).
- CVE-2020-36322: Fixed an issue was discovered in FUSE filesystem implementation which could have caused a system crash (bsc#1184211).

The following non-security bugs were fixed:

- 0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch: (bsc#1171295, git fixes (block drivers)).
- 0008-block-revert-back-to-synchronous-request_queue-remov.patch: (bsc#1171295, git fixes (block drivers)).
- 0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes (block drivers)). 
- ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes).
- ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes).
- ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383).
- ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes).
- ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes).
- ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes).
- ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes).
- ALSA: aloop: Fix initialization of controls (git-fixes).
- ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes).
- ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes).
- ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes).
- ALSA: hda: generic: Fix the micmute led init state (git-fixes).
- ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes).
- ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes).
- ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes).
- ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes).
- ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes).
- ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes).
- ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes).
- ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes).
- ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552).
- ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552).
- ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes).
- ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552).
- ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552).
- ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552).
- ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552).
- ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell AE515 sound bar (bsc#1182552).
- ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552).
- ALSA: usb-audio: Fix 'RANGE setting not yet supported' errors (git-fixes).
- ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552).
- ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes).
- ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes).
- amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes).
- apparmor: check/put label on apparmor_sk_clone_security() (git-fixes).
- appletalk: Fix skb allocation size in loopback case (git-fixes).
- arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862).
- ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes).
- ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes).
- ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes).
- ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes).
- ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes).
- ASoC: cs42l42: Fix channel width support (git-fixes).
- ASoC: cs42l42: Fix mixer volume control (git-fixes).
- ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes).
- ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes).
- ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes).
- ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes).
- ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes).
- ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes).
- ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes).
- ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes).
- ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes).
- ASoC: max98373: Added 30ms turn on/off time delay (git-fixes).
- ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).
- ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).
- ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes).
- ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes).
- ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes).
- ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes).
- ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes).
- ASoC: simple-card-utils: Do not handle device clock (git-fixes).
- ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes).
- ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes).
- ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes).
- ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes).
- ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes).
- atl1c: fix error return code in atl1c_probe() (git-fixes).
- atl1e: fix error return code in atl1e_probe() (git-fixes).
- batman-adv: initialize 'struct batadv_tvlv_tt_vlan_data'->reserved field (git-fixes).
- binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).
- binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).
- blktrace-annotate-required-lock-on-do_blk_trace_setu.patch: (bsc#1171295).
- blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch: (bsc#1171295).
- blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch: (bsc#1171295).
- block-clarify-context-for-refcount-increment-helpers.patch: (bsc#1171295).
- block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes).
- Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes).
- Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes).
- bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274).
- bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).
- bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518).
- bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518).
- bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518).
- bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170).
- bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518).
- bpf_lru_list: Read double-checked variable once without lock (bsc#1155518).
- bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518).
- bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775).
- bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518).
- bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163).
- brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes).
- brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes).
- brcmfmac: clear EAP/association status bits on linkdown events (git-fixes).
- btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217).
- btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224).
- btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386).
- btrfs: fix extent buffer leak on failure to copy root (bsc#1184218).
- btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193).
- btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220).
- btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219).
- bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes).
- bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes).
- can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes).
- can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes).
- can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes).
- can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes).
- can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes).
- can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes).
- can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes).
- can: peak_usb: add forgotten supported devices (git-fixes).
- can: peak_usb: Revert 'can: peak_usb: add forgotten supported devices' (git-fixes).
- can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes).
- cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes).
- cifs: change noisy error message to FYI (bsc#1181507).
- cifs: check pointer before freeing (bsc#1183534).
- cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507).
- cifs: do not send close in compound create+close requests (bsc#1181507).
- cifs: New optype for session operations (bsc#1181507).
- cifs: print MIDs in decimal notation (bsc#1181507).
- cifs: return proper error code in statfs(2) (bsc#1181507).
- cifs: Tracepoints and logs for tracing credit changes (bsc#1181507).
- clk: fix invalid usage of list cursor in register (git-fixes).
- clk: fix invalid usage of list cursor in unregister (git-fixes).
- clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes).
- completion: Drop init_completion define (git-fixes).
- configfs: fix a use-after-free in __configfs_open_file (git-fixes).
- config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595
- crypto: aesni - prevent misaligned buffers on the stack (git-fixes).
- crypto: arm64/sha - add missing module aliases (git-fixes).
- crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes).
- crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes).
- crypto: tcrypt - avoid signed overflow in byte count (git-fixes).
- Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield.patch (bsc#1183530) 
- dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485).
- drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes).
- drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes).
- drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes).
- drm/amdgpu: Add check to prevent IH overflow (git-fixes).
- drm/amdgpu: check alignment on CPU page for bo map (git-fixes).
- drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes).
- drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes).
- drm/amdkfd: Put ACPI table after using it (bsc#1152489) 
- drm/amd/powerplay: fix spelling mistake 'smu_state_memroy_block' -> (bsc#1152489) 
- drm/compat: Clear bounce structures (git-fixes).
- drm/hisilicon: Fix use-after-free (git-fixes).
- drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074).
- drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes).
- drm/mediatek: Fix aal size config (bsc#1152489) 
- drm: meson_drv add shutdown function (git-fixes).
- drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes).
- drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes).
- drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes).
- drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) 
- drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes).
- drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) 
- drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) 
- drm/msm/gem: Add obj->lock wrappers (bsc#1152489) 
- drm/msm: Ratelimit invalid-fence message (git-fixes).
- drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes).
- drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489) 
- drm/nouveau/kms: handle mDP connectors (git-fixes).
- drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472) 
- drm/panfrost: Fix job timeout handling (bsc#1152472) 
- drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472)
- drm/radeon: fix AGP dependency (git-fixes).
- drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) 
- drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes).
- drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) 
- drm/tegra: sor: Grab runtime PM reference across reset (git-fixes).
- drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) 
- efi: use 32-bit alignment for efi_guid_t literals (git-fixes).
- enetc: Fix reporting of h/w packet counters (git-fixes).
- epoll: check for events when removing a timed out thread from the wait queue (git-fixes).
- ethernet: alx: fix order of calls on resume (git-fixes).
- exec: Move would_dump into flush_old_exec (git-fixes).
- exfat: add missing MODULE_ALIAS_FS() (bsc#1182989).
- exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989).
- extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes).
- extcon: Fix error handling in extcon_dev_register (git-fixes).
- fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes).
- firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes).
- flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353).
- fsl/fman: check dereferencing null pointer (git-fixes).
- fsl/fman: fix dereference null return value (git-fixes).
- fsl/fman: fix eth hash table allocation (git-fixes).
- fsl/fman: fix unreachable code (git-fixes).
- fsl/fman: use 32-bit unsigned integer (git-fixes).
- fuse: fix bad inode (bsc#1184211).
- fuse: fix live lock in fuse_iget() (bsc#1184211).
- fuse: verify write return (git-fixes).
- gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862).
- gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862).
- gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862).
- gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes).
- gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes).
- gianfar: Handle error code at MAC address change (git-fixes).
- gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes).
- Goodix Fingerprint device is not a modem (git-fixes).
- gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes).
- gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes).
- gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes).
- HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes).
- HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes).
- HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes).
- hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes).
- i2c: rcar: faster irq code to minimize HW race condition (git-fixes).
- i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes).
- i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025).
- i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025).
- iavf: Fix incorrect adapter get in iavf_resume (git-fixes).
- iavf: use generic power management (git-fixes).
- ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139).
- ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844).
- ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139).
- ibmvnic: fix block comments (bsc#1183871 ltc#192139).
- ibmvnic: fix braces (bsc#1183871 ltc#192139).
- ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139).
- ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc#SLE-17268).
- ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139).
- ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139).
- ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139).
- ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591).
- ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139).
- ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139).
- ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139).
- ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791).
- ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791).
- ice: fix memory leak if register_netdev_fails (git-fixes).
- ice: fix memory leak in ice_vsi_setup (git-fixes).
- ice: Fix state bits on LLDP mode switch (jsc#SLE-7926).
- ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926).
- ice: renegotiate link after FW DCB on (jsc#SLE-8464).
- ice: report correct max number of TCs (jsc#SLE-7926).
- ice: update the number of available RSS queues (jsc#SLE-7926).
- igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634).
- iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes).
- iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes).
- iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes).
- iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes).
- iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes).
- iio: hid-sensor-prox: Fix scale not correct issue (git-fixes).
- iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes).
- include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes).
- Input: applespi - do not wait for responses to commands indefinitely (git-fixes).
- Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes).
- Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes).
- Input: raydium_ts_i2c - do not send zero length (git-fixes).
- Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes).
- iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277).
- iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278).
- iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637).
- iommu/vt-d: Add get_domain_info() helper (bsc#1183279).
- iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280).
- iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281).
- iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282).
- iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283).
- iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284).
- iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285).
- iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286).
- iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585).
- ionic: linearize tso skb with too many frags (bsc#1167773).
- kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).
- kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862).
- kbuild: change *FLAGS_.o to take the path relative to $(obj) (bcs#1181862).
- kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862).
- kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862).
- kbuild: Fail if gold linker is detected (bcs#1181862).
- kbuild: improve cc-option to clean up all temporary files (bsc#1178330).
- kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862).
- kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862).
- kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862).
- kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330).
- kconfig: introduce m32-flag and m64-flag (bcs#1181862).
- KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427).
- KVM: SVM: Clear the CR4 register on reset (bsc#1183252).
- KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445). 
- KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ('kvm: tracing: Fix unmatched kvm_entry and kvm_exit events', bsc#1182770).
- KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287).
- KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412).
- KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447).
- KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369).
- KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428).
- KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288).
- libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518).
- libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518).
- libbpf: Fix INSTALL flag order (bsc#1155518).
- libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518).
- libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518).
- lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes).
- locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes).
- loop-be-paranoid-on-exit-and-prevent-new-additions-r.patch: (bsc#1171295).
- mac80211: choose first enabled channel for monitor (git-fixes).
- mac80211: fix double free in ibss_leave (git-fixes).
- mac80211: fix rate mask reset (git-fixes).
- mac80211: fix TXQ AC confusion (git-fixes).
- mdio: fix mdio-thunder.c dependency & build error (git-fixes).
- media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes).
- media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes).
- media: mceusb: Fix potential out-of-bounds shift (git-fixes).
- media: mceusb: sanity check for prescaler value (git-fixes).
- media: rc: compile rc-cec.c into rc-core (git-fixes).
- media: usbtv: Fix deadlock on suspend (git-fixes).
- media: uvcvideo: Allow entities with no pads (git-fixes).
- media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes).
- media: v4l: vsp1: Fix bru null pointer access (git-fixes).
- media: v4l: vsp1: Fix uif null pointer access (git-fixes).
- media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes).
- misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes).
- misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes).
- misc/pvpanic: Export module FDT device table (git-fixes).
- misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes).
- mISDN: fix crash in fritzpci (git-fixes).
- mmc: core: Fix partition switch time for eMMC (git-fixes).
- mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes).
- mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes).
- mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes).
- mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes).
- mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes).
- mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777).
- mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes).
- mt76: dma: do not report truncated frames to mac80211 (git-fixes).
- mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes).
- net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes).
- net: atheros: switch from 'pci_' to 'dma_' API (git-fixes).
- net: b44: fix error return code in b44_init_one() (git-fixes).
- net: bonding: fix error return code of bond_neigh_init() (bsc#1154353).
- net: cdc-phonet: fix data-interface release on probe failure (git-fixes).
- net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139).
- netdevsim: init u64 stats for 32bit hardware (git-fixes).
- net: dsa: rtl8366: Fix VLAN semantics (git-fixes).
- net: dsa: rtl8366: Fix VLAN set-up (git-fixes).
- net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes).
- net: enic: Cure the enic api locking trainwreck (git-fixes).
- net: ethernet: aquantia: Fix wrong return value (git-fixes).
- net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes).
- net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139).
- net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes).
- net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes).
- net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes).
- net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes).
- net: fec: Fix reference count leak in fec series ops (git-fixes).
- net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes).
- net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes).
- net: gianfar: Add of_node_put() before goto statement (git-fixes).
- net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes).
- net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes).
- net: hns3: Remove the left over redundant check & assignment (bsc#1154353).
- net: korina: cast KSEG0 address to pointer in kfree (git-fixes).
- net: korina: fix kfree of rx/tx descriptor array (git-fixes).
- net: lantiq: Wait for the GPHY firmware to be ready (git-fixes).
- net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464).
- net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464).
- net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464).
- net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464).
- net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464).
- net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464).
- net/mlx5: Fix PPLM register mapping (jsc#SLE-8464).
- net: mvneta: fix double free of txq->buf (git-fixes).
- net: mvneta: make tx buffer array agnostic (git-fixes).
- net: pasemi: fix error return code in pasemi_mac_open() (git-fixes).
- net: phy: broadcom: Only advertise EEE for supported modes (git-fixes).
- net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes).
- net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes).
- net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)
- netsec: restore phy power state after controller reset (bsc#1183757).
- net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes).
- net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes).
- net: stmmac: removed enabling eee in EEE set callback (git-fixes).
- net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes).
- net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes).
- net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes).
- net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes).
- net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).
- net: wan/lmc: unregister device when no matching device is found (git-fixes).
- nfp: flower: fix pre_tun mask id allocation (bsc#1154353).
- nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077).
- nvme-fabrics: fix kato initialization (bsc#1182591).
- nvme-fabrics: only reserve a single tag (bsc#1182077).
- nvme-fc: fix racing controller reset and create association (bsc#1183048).
- nvme-hwmon: Return error code when registration fails (bsc#1177326).
- nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077).
- nvme: return an error if nvme_set_queue_count() fails (bsc#1180197).
- nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501).
- objtool: Fix '.cold' section suffix check for newer versions of GCC (bsc#1169514).
- objtool: Fix error handling for STD/CLD warnings (bsc#1169514).
- objtool: Fix retpoline detection in asm code (bsc#1169514).
- ovl: fix dentry leak in ovl_get_redirect (bsc#1184176).
- ovl: fix out of date comment and unreachable code (bsc#1184176).
- ovl: fix regression with re-formatted lower squashfs (bsc#1184176).
- ovl: fix unneeded call to ovl_change_flags() (bsc#1184176).
- ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176).
- ovl: initialize error in ovl_copy_xattr (bsc#1184176).
- ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176).
- PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes).
- PCI: Align checking of syscall user config accessors (git-fixes).
- PCI: Decline to resize resources if boot config must be preserved (git-fixes).
- PCI: Fix pci_register_io_range() memory leak (git-fixes).
- PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes).
- PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes).
- PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes).
- pinctrl: rockchip: fix restore error in resume (git-fixes).
- Platform: OLPC: Fix probe error handling (git-fixes).
- platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes).
- platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes).
- platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes).
- platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes).
- platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes).
- platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes).
- platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes).
- platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes).
- platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes).
- PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes).
- PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366).
- PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes).
- PM: runtime: Fix race getting/putting suppliers at probe (git-fixes).
- post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388).
- powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729).
- powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963).
- powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).
- powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).
- powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).
- powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729).
- powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395).
- powerpc/sstep: Fix darn emulation (bsc#1156395).
- powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395).
- powerpc/sstep: Fix load-store and update emulation (bsc#1156395).
- printk: fix deadlock when kernel panic (bsc#1183018).
- proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes).
- pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes).
- qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes).
- qxl: Fix uninitialised struct field head.surface_id (git-fixes).
- random: fix the RNDRESEEDCRNG ioctl (git-fixes).
- RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489).
- RDMA/hns: Disable RQ inline by default (jsc#SLE-8449).
- RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449).
- RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709)
- regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes).
- Revert 'net: bonding: fix error return code of bond_neigh_init()' (bsc#1154353).
- rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079).
- rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream.
- rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12.
- rpm/check-for-config-changes: comment on the list To explain what it actually is.
- rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended.
- rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list
- rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans.
- rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally.
- rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes).
- rsi: Move card interrupt handling to RX thread (git-fixes).
- rsxx: Return -EFAULT if copy_to_user() fails (git-fixes).
- s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes).
- s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes).
- s390/qeth: fix notification for pending buffers during teardown (git-fixes).
- s390/qeth: improve completion of pending TX buffers (git-fixes).
- s390/qeth: schedule TX NAPI on QAOB completion (git-fixes).
- s390/vtime: fix increased steal time accounting (bsc#1183859).
- samples, bpf: Add missing munmap in xdpsock (bsc#1155518).
- samples/bpf: Fix possible hang in xdpsock with multiple threads (bsc#1155518).
- scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231).
- scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574).
- scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574).
- scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574).
- scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574).
- scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574).
- scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574).
- scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574).
- scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574).
- scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574).
- scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574).
- scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574).
- scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574).
- scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574).
- scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574).
- scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574).
- scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574).
- scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574).
- scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574).
- scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574).
- scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574).
- scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574).
- scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574).
- scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843).
- scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843).
- selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518).
- selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518).
- selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518).
- selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes).
- selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes).
- selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes).
- smb3: add dynamic trace point to trace when credits obtained (bsc#1181507).
- smb3: fix crediting for compounding when only one request in flight (bsc#1181507).
- smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540).
- soc/fsl: qbman: fix conflicting alignment attributes (git-fixes).
- software node: Fix node registration (git-fixes).
- spi: stm32: make spurious and overrun interrupts visible (git-fixes).
- squashfs: fix inode lookup sanity checks (bsc#1183750).
- squashfs: fix xattr id and id lookup sanity checks (bsc#1183750).
- stop_machine: mark helpers __always_inline (git-fixes).
- thermal/core: Add NULL pointer check before using cooling device stats (git-fixes).
- udlfb: Fix memory leak in dlfb_usb_probe (git-fixes).
- Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598)
- USB: cdc-acm: downgrade message to debug (git-fixes).
- USB: cdc-acm: fix double free on probe failure (git-fixes).
- USB: cdc-acm: fix use-after-free after probe failure (git-fixes).
- USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes).
- USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes).
- USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes).
- USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes).
- USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes).
- USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes).
- USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes).
- USB: gadget: configfs: Fix KASAN use-after-free (git-fixes).
- USB: gadget: f_uac1: stop playback on function disable (git-fixes).
- USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes).
- USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes).
- USB: gadget: u_ether: Fix a configfs return code (git-fixes).
- USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes).
- USBip: fix stub_dev to check for stream socket (git-fixes).
- USBip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes).
- USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes).
- USBip: fix vhci_hcd to check for stream socket (git-fixes).
- USBip: fix vudc to check for stream socket (git-fixes).
- USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes).
- USBip: tools: fix build error for multiple definition (git-fixes).
- USBip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes).
- USB: musb: Fix suspend with devices connected for a64 (git-fixes).
- USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes).
- USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes).
- USB: replace hardcode maximum usb string length by definition (git-fixes).
- USB: serial: ch341: add new Product ID (git-fixes).
- USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes).
- USB: serial: cp210x: add some more GE USB IDs (git-fixes).
- USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes).
- USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes).
- USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes).
- USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes).
- USB: usblp: fix a hang in poll() if disconnected (git-fixes).
- USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes).
- USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes).
- USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes).
- use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139).
- video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489)
- video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes).
- VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes).
- vt/consolemap: do font sum unsigned (git-fixes).
- watchdog: mei_wdt: request stop on unregister (git-fixes).
- wireguard: device: do not generate ICMP for non-IP packets (git-fixes).
- wireguard: kconfig: use arm chacha even with no neon (git-fixes).
- wireguard: selftests: test multiple parallel streams (git-fixes).
- wlcore: Fix command execute failure 19 for wl12xx (git-fixes).
- x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489).
- x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489).
- x86/ioapic: Ignore IRQ2 again (bsc#1152489).
- x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489).
- xen/events: avoid handling the same event on two cpus at the same time (git-fixes).
- xen/events: do not unmask an event channel when an eoi is pending (git-fixes).
- xen/events: fix setting irq affinity (bsc#1184583).
- xen/events: reset affinity of 2-level event when tearing it down (git-fixes).
- Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367).
- xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367).
- xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980).
- xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes).
- xhci: Improve detection of device initiated wake signal (git-fixes).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1269-1
Released:    Tue Apr 20 14:00:20 2021
Summary:     Recommended update for grub2
Type:        recommended
Severity:    important
References:  1174166,1181696,1182012
This update for grub2 fixes the following issues:

- Fix error `grub_file_filters not found` in Azure virtual machine. (bsc#1182012)
- Fix executable stack marking in `grub-emu`. (bsc#1181696)
- Remove `95_textmode` for PowerPC given that there's no efi port on that architecture. (bsc#1174166)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1275-1
Released:    Tue Apr 20 14:31:26 2021
Summary:     Security update for sudo
Type:        security
Severity:    important
References:  1183936,CVE-2021-3156
This update for sudo fixes the following issues:

- L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1280-1
Released:    Tue Apr 20 14:34:19 2021
Summary:     Security update for ruby2.5
Type:        security
Severity:    moderate
References:  1184644,CVE-2021-28965
This update for ruby2.5 fixes the following issues:

- Update to 2.5.9
- CVE-2021-28965: XML round-trip vulnerability in REXML (bsc#1184644)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1286-1
Released:    Tue Apr 20 20:10:21 2021
Summary:     Recommended update for SLES-release
Type:        recommended
Severity:    moderate
References:  1180836
This recommended update for SLES-release provides the following fix:

- Revert the problematic changes previously released and make sure the version is high
  enough to obsolete the package on containers and images. (bsc#1180836)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1289-1
Released:    Wed Apr 21 14:02:46 2021
Summary:     Recommended update for gzip
Type:        recommended
Severity:    moderate
References:  1177047
This update for gzip fixes the following issues:

- Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1295-1
Released:    Wed Apr 21 14:08:19 2021
Summary:     Recommended update for systemd-presets-common-SUSE
Type:        recommended
Severity:    moderate
References:  1184136
This update for systemd-presets-common-SUSE fixes the following issues:

- Enabled hcn-init.service for HNV on POWER (bsc#1184136)

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:1296-1
Released:    Wed Apr 21 14:09:28 2021
Summary:     Optional update for e2fsprogs
Type:        optional
Severity:    low
References:  1183791
This update for e2fsprogs fixes the following issues:

- Fixed an issue when building e2fsprogs (bsc#1183791)

This patch does not fix any user visible issues and is therefore optional to install.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1297-1
Released:    Wed Apr 21 14:10:10 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1178219
This update for systemd fixes the following issues:

- Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot
  be stopped properly and would leave mount points mounted.

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:1299-1
Released:    Wed Apr 21 14:11:41 2021
Summary:     Optional update for gpgme
Type:        optional
Severity:    low
References:  1183801
This update for gpgme fixes the following issues:

- Fixed a bug in test cases (bsc#1183801)

This patch is optional to install and does not provide any user visible bug fixes.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1407-1
Released:    Wed Apr 28 15:49:02 2021
Summary:     Recommended update for libcap
Type:        recommended
Severity:    important
References:  1184690
This update for libcap fixes the following issues:

- Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1412-1
Released:    Wed Apr 28 17:09:28 2021
Summary:     Security update for libnettle
Type:        security
Severity:    important
References:  1184401,CVE-2021-20305
This update for libnettle fixes the following issues:

- CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1419-1
Released:    Thu Apr 29 06:20:30 2021
Summary:     Recommended update for dracut
Type:        recommended
Severity:    moderate
References:  1178219
This update for dracut fixes the following issues:

- Fix for adding timeout to umount calls. (bsc#1178219)

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:1425-1
Released:    Thu Apr 29 06:23:08 2021
Summary:     Optional update for tcpdump
Type:        optional
Severity:    low
References:  1183800
This update for tcpdump fixes the following issues:

- Disabled five regression tests that fail with libpcap > 1.8.1 (bsc#1183800)

This patch does not fix any user visible issues and is therefore optional to install.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1426-1
Released:    Thu Apr 29 06:23:13 2021
Summary:     Recommended update for libsolv
Type:        recommended
Severity:    moderate
References:  
This update for libsolv fixes the following issues:

- Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt.
- Fix a couple of memory leaks in error cases.
- Fix error handling in solv_xfopen_fd()
- Fixed 'regex' code on win32.
- Fixed memory leak in choice rule generation

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1444-1
Released:    Thu Apr 29 16:17:34 2021
Summary:     Security update for samba
Type:        security
Severity:    important
References:  1178469,1179156,1183572,1183574,1184310,1184677,CVE-2020-27840,CVE-2021-20254,CVE-2021-20277
This update for samba fixes the following issues:

- CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574).
- CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677).
- CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572).
- Avoid free'ing our own pointer in memcache when memcache_trim attempts to reduce cache size (bsc#1179156).
- s3-libads: use dns name to open a ldap session (bsc#1184310).
- Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1449-1
Released:    Fri Apr 30 08:08:25 2021
Summary:     Recommended update for systemd-presets-branding-SLE
Type:        recommended
Severity:    moderate
References:  1165780
This update for systemd-presets-branding-SLE fixes the following issues:

- Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1454-1
Released:    Fri Apr 30 09:22:26 2021
Summary:     Security update for cups
Type:        security
Severity:    important
References:  1184161,CVE-2021-25317
This update for cups fixes the following issues:

- CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1456-1
Released:    Fri Apr 30 12:00:01 2021
Summary:     Recommended update for cifs-utils
Type:        recommended
Severity:    important
References:  1184815
This update for cifs-utils fixes the following issues:

- Fixed a bug where it was no longer possible to mount CIFS filesystem after the
  last maintenance update (bsc#1184815)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1466-1
Released:    Tue May  4 08:30:57 2021
Summary:     Security update for permissions
Type:        security
Severity:    important
References:  1182899
This update for permissions fixes the following issues:

- etc/permissions: remove unnecessary entries (bsc#1182899)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1471-1
Released:    Tue May  4 08:36:57 2021
Summary:     Security update for bind
Type:        security
Severity:    important
References:  1183453,1185345,CVE-2021-25214,CVE-2021-25215
This update for bind fixes the following issues:

- CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345).
- CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345).
- make /usr/bin/delv in bind-tools position independent (bsc#1183453).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1481-1
Released:    Tue May  4 14:18:32 2021
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1178680
This update for lvm2 fixes the following issues:

- Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1493-1
Released:    Tue May  4 17:13:34 2021
Summary:     Security update for avahi
Type:        security
Severity:    moderate
References:  1184521,CVE-2021-3468
This update for avahi fixes the following issues:

- CVE-2021-3468: avoid infinite loop by handling  HUP event in client_work (bsc#1184521).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1517-1
Released:    Wed May  5 17:43:54 2021
Summary:     Recommended update for open-iscsi
Type:        recommended
Severity:    moderate
References:  1179908,1183421,CVE-2020-13987,CVE-2020-13988,CVE-2020-17437,CVE-2020-17438
This update for open-iscsi fixes the following issues:

- Enabled asynchronous logins for iscsi.service (bsc#1183421)
- Fixed a login issue when target is delayed

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1523-1
Released:    Wed May  5 18:24:20 2021
Summary:     Security update for libxml2
Type:        security
Severity:    moderate
References:  1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518
This update for libxml2 fixes the following issues:

- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).
- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).
- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1527-1
Released:    Thu May  6 08:58:53 2021
Summary:     Recommended update for bash
Type:        recommended
Severity:    important
References:  1183064
This update for bash fixes the following issues:

- Fixed a segmentation fault that used to occur when bash read a history file
  that was malformed in a very specific way. (bsc#1183064)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1528-1
Released:    Thu May  6 15:31:23 2021
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1161276
This update for openssl-1_1 fixes the following issues:

- Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1533-1
Released:    Thu May  6 17:04:28 2021
Summary:     Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent
Type:        recommended
Severity:    moderate
References:  1174304,1174306,1175740,1175741,1179031,1179032,1180304,1182793,1183414,1183415
This update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent contains the following fixes:

Changes in google-guest-agent:
- Update to version 20210223.01 (bsc#1183414, bsc#1183415)
  * add a match block to sshd_config for SAs (#99)
  * add ipv6 forwarded ip support (#101)
  * call restorecon on ssh host keys (#98)
  * Include startup and shutdown in preset (#96)
  * set metadata URL earlier (#94)
- Fix activation logic of systemd services (bsc#1182793)

- Update to version 20201211.00
  * Require snapshot scripts to live under /etc/google/snapshots (#90)
  * Adding support for Windows user account password lengths
    between 15 and 255 characters. (#91)
  * Adding bkatyl to OWNERS (#92)

Changes in google-guest-configs:
- Update to version 20210317.00 (bsc#1183414, bsc#1183415)
  * dracut.conf wants spaces around values (#19)
  * make the same change for debian (#18)
  * change path back for google_nvme_id (#17)
  * move google_nvme_id to /usr/bin (#16)
  * correct udev rule syntax (#15)
  * prune el6 spec (#13)
  * Updated udev rules (#11)
- Remove empty %{_sbindir} from %install and %files section

- Remove service files (bsc#1180304)
  + google-optimize-local-ssd.service, google-set-multiqueue.service
    scripts are called from within the guest agent

Changes in google-guest-oslogin:
- Update to version 20210316.00 (bsc#1183414, bsc#1183415)
  * call correct function in pwenthelper (#53)

- Update to version 20210108.00
  * Update logic in the cache_refresh binary (#52)
  * remove old unused workflow files (#49)

  * add getpwnam,getpwuid,getgrnam,getgrgid (#42)
  * Change requires to not require the python library for policycoreutils. (#44)
  * add dial and recvline (#41)
  * PR feedback
  * new client component and tests

Changes in google-osconfig-agent:

- Update to version 20210316.00 (bsc#1183414, bsc#1183415)
  * call correct function in pwenthelper (#53)

- Update to version 20210108.00
  * Update logic in the cache_refresh binary (#52)
  * remove old unused workflow files (#49)

- Update to version 20200925.00 (bsc#1179031, bsc#1179032)
  * add getpwnam,getpwuid,getgrnam,getgrgid (#42)
  * Change requires to not require the python library for policycoreutils. (#44)
  * add dial and recvline (#41)
  * PR feedback
  * new client component and tests

- Update to version 20200819.00 (bsc#1175740, bsc#1175741)
  * deny non-2fa users (#37)
  * use asterisks instead (#39)
  * set passwords to ! (#38)
  * correct index 0 bug (#36)
  * Support security key generated OTP challenges. (#35)

- No post action for ssh

- Initial build (bsc#1174304, bsc#1174306, jsc#ECO-2099, jsc#PM-1945)
  + Version 20200507.00
  + Replaces google-compute-engine-oslogin package
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1534-1
Released:    Thu May  6 17:05:07 2021
Summary:     Recommended update for kexec-tools
Type:        recommended
Severity:    moderate
References:  1185020
This update for kexec-tools fixes the following issue:

- Hardening: link as Position-Independent Executable PIE (bsc#1185020).

Print  

SUSE: 2021:444-1 sles-15-sp2-chost-byos-v20210506 Security Update

May 8, 2021
The container sles-15-sp2-chost-byos-v20210506 was updated. The following patches have been included in this update:

Summary

Advisory ID: SUSE-RU-2021:1018-1

Released: Tue Apr 6 14:29:13 2021

Summary: Recommended update for gzip

Type: recommended

Severity: moderate

References: 1180713

This update for gzip fixes the following issues:

- Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713)

Advisory ID: SUSE-RU-2021:1021-1

Released: Tue Apr 6 14:30:30 2021

Summary: Recommended update for cups

Type: recommended

Severity: moderate

References: 1175960

This update for cups fixes the following issues:

- Fixed the web UI kerberos authentication (bsc#1175960)

References

References : 1027519 1047233 1065729 1113295 1152472 1152489 1153274 1154353

1155518 1156256 1156395 1159280 1160634 1161276 1165780 1167574

1167773 1168777 1169514 1169709 1171295 1173485 1174166 1174304

1174306 1175740 1175741 1175960 1175995 1177047 1177204 1177326

1178163 1178181 1178219 1178219 1178330 1178469 1178490 1178680

1179031 1179032 1179148 1179156 1179454 1179908 1180197 1180304

1180690 1180713 1180836 1180980 1181254 1181383 1181507 1181674

1181696 1181862 1181976 1181989 1182011 1182012 1182077 1182485

1182552 1182574 1182576 1182591 1182595 1182715 1182716 1182717

1182770 1182791 1182793 1182899 1182989 1183015 1183018 1183022

1183023 1183048 1183064 1183072 1183239 1183252 1183277 1183278

1183279 1183280 1183281 1183282 1183283 1183284 1183285 1183286

1183287 1183288 1183366 1183369 1183386 1183405 1183412 1183414

1183415 1183416 1183421 1183427 1183428 1183445 1183447 1183453

1183501 1183509 1183530 1183534 1183540 1183572 1183574 1183593

1183596 1183598 1183637 1183646 1183662 1183686 1183692 1183696

1183750 1183757 1183775 1183791 1183800 1183801 1183843 1183859

1183871 1183936 1184074 1184120 1184136 1184161 1184167 1184168

1184170 1184176 1184192 1184193 1184194 1184196 1184198 1184211

1184217 1184218 1184219 1184220 1184224 1184310 1184388 1184391

1184393 1184401 1184485 1184509 1184511 1184512 1184514 1184521

1184583 1184585 1184644 1184647 1184677 1184690 1184815 1185020

1185345 1185408 1185409 1185410 CVE-2019-18814 CVE-2019-19769

CVE-2020-13987 CVE-2020-13988 CVE-2020-17437 CVE-2020-17438 CVE-2020-25670

CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171

CVE-2020-27815 CVE-2020-27840 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311

CVE-2020-36312 CVE-2020-36322 CVE-2021-20208 CVE-2021-20254 CVE-2021-20277

CVE-2021-20305 CVE-2021-25214 CVE-2021-25215 CVE-2021-25317 CVE-2021-27363

CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28375 CVE-2021-28660

CVE-2021-28687 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28965

CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29264 CVE-2021-29265

CVE-2021-29647 CVE-2021-30002 CVE-2021-3156 CVE-2021-3308 CVE-2021-3428

CVE-2021-3444 CVE-2021-3468 CVE-2021-3483 CVE-2021-3516 CVE-2021-3517

CVE-2021-3518

Severity
Image Advisory ID : SUSE-IU-2021:444-1
Image Tags : sles-15-sp2-chost-byos-v20210506:20210506
Image Release :
Severity : important
Type : security

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.