Removed rpms ============ - aaa_base-malloccheck Added rpms ========== - dhcp - dhcp-client - libguestfs-winsupport - libnbd Package Source Changes ====================== breeze +- Add patch to fix the version number (boo#1223149): + * 0001-Update-version-number-for-5.27.11.patch + kernel-default +- Refresh + patches.suse/kdump-implement-reserve_crashkernel_cma.patch. + (don't print about zero-sized CMA reservation) +- commit 14e6598 + +- Update + patches.suse/usb-roles-fix-NULL-pointer-issue-when-put-module-s-r.patch + (bsc#1222609 CVE-2024-26747). + Added CVE reference +- commit 5db3e1d + +- powerpc/pseries/iommu: LPAR panics when rebooted with a frozen + PE (bsc#1222011 ltc#205900). +- commit a6aad75 + +- Update + patches.suse/0001-s390-cio-fix-race-condition-during-online-processing.patch + (bsc#1219485 bsc#1219451). +- Update patches.suse/0001-s390-qdio-handle-deferred-cc1.patch + (bsc#1219485 bsc#1219451). +- Update + patches.suse/s390-cio-fix-invalid-EBUSY-on-ccw_device_start.patch + (git-fixes bsc#1220360 bsc#1219485 bsc#1219451). +- Update patches.suse/s390-qeth-handle-deferred-cc1.patch + (bsc#1219485 git-fixes bsc#1219451). +- commit 097f888 + +- Update + patches.suse/fbdev-savage-Error-out-if-pixclock-equals-zero.patch + (git-fixes CVE-2024-26778 bsc#1222770). +- commit fbfa53e + +- Update + patches.suse/fbdev-sis-Error-out-if-pixclock-equals-zero.patch + (git-fixes CVE-2024-26777 bsc#1222765). +- commit 4648979 + +- Update + patches.suse/tls-fix-use-after-free-on-failed-backlog-decryption.patch + (CVE-2024-26584 bsc#1220186 CVE-2024-26800 bsc#1222728). +- commit 6cb76c6 + +- crash: use macro to add crashk_res into iomem early for specific + arch (jsc#PED-7249, bsc#1222742). + Refresh patches.suse/kdump-implement-reserve_crashkernel_cma.patch. +- commit b256f70 + +- blacklist.conf: Disable irrelevant patch + We don't have syscall hardening in our kernels. +- commit 36739c9 + +- x86/bugs: Fix BHI documentation (git-fixes). +- commit b981493 + +- kprobes: Fix double free of kretprobe_holder (bsc#1220901). +- commit 6f75bb6 + +- "nouveau: offload fence uevents work to workqueue" + Reference bug report and CVE number. +- commit 92c99bd + +- Update patches.suse/RDMA-srpt-Support-specifying-the-srpt_service_guid-p.patch + (git-fixes bsc#1222449 CVE-2024-26744) +- Update patches.suse/RDMA-qedr-Fix-qedr_create_user_qp-error-flow.patch + (git-fixes bsc#1222677 CVE-2024-26743) +- Update patches.suse/IB-hfi1-Fix-sdma.h-tx-num_descs-off-by-one-error.patch + (git-fixes bsc#1222726 CVE-2024-26766) +- commit 3b16fea + +- Revert patches.suse/tcp-get-rid-of-sysctl_tcp_adv_win_scale.patch + (bsc#1220419 bsc#1222656). +- Revert patches.suse/mptcp-fix-rcv-buffer-auto-tuning.patch + (bsc#1220419 bsc#1222656). +- Refresh + patches.suse/tcp-reorganize-tcp_sock-fast-path-variables.patch. + Revert dfa2f0483360 ("tcp: get rid of sysctl_tcp_adv_win_scale") to + resolve a performance regression in HTML traffic. +- commit e2e7d0b + +- udp: Avoid call to compute_score on multiple sites + (bsc#1220709). +- commit 78244c6 + +- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes). +- commit 3d18f9a + +- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes). +- Update config files. +- commit b2f373b + +- x86/bugs: Fix BHI handling of RRSBA (git-fixes). +- commit 66c46fb + +- x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (git-fixes). +- commit 6aec207 + +- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes). +- commit 1fdb38f + +- x86/bugs: Fix return type of spectre_bhi_state() (git-fixes). +- commit 13662e2 + +- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (bsc#1222823). +- Refresh patches.suse/x86-bhi-Add-BHI-mitigation-knob.patch. +- commit 1bc31f7 + +- KVM: x86: Add BHI_NO (bsc#1222823). +- commit 07366ce + +- x86/bhi: Mitigate KVM by default (bsc#1222823). +- commit 64cbcbe + +- x86/bhi: Add BHI mitigation knob (bsc#1222823). +- Update config files. +- commit 65ced6f + +- x86/bhi: Enumerate Branch History Injection (BHI) bug (bsc#1222823). +- commit 5ca568d + +- x86/bhi: Define SPEC_CTRL_BHI_DIS_S (bsc#1222823). +- commit 496b11d + +- x86/bhi: Add support for clearing branch history at syscall entry (bsc#1222823). +- commit dee5dff + +- Update + patches.suse/net-pds_core-Fix-possible-double-free-in-error-handl.patch + (git-fixes CVE-2024-26652 bsc#1222115). + Added CVE reference. +- commit 070cd49 + +- Update + patches.suse/net-atlantic-Fix-DMA-mapping-for-PTP-hwts-ring.patch + (git-fixes bsc#1222427 CVE-2024-26680). + Added CVE reference. +- commit 97f0341 + +- s390/cio: fix race condition during online processing + (bsc#1219485). +- commit 83d7614 + +- s390/qdio: handle deferred cc1 (bsc#1219485). +- commit aec0983 + +- s390/qeth: handle deferred cc1 (bsc#1219485 git-fixes). +- commit 6c10bf2 + +- Update + patches.suse/s390-cio-fix-invalid-EBUSY-on-ccw_device_start.patch + (git-fixes bsc#1220360 bsc#1219485). +- commit 174a4e8 + +- Update patches.suse/mmc-mmci-stm32-fix-DMA-API-overlapping-mappings-warn.patch (git-fixes CVE-2024-26787 bsc#1222781) +- commit 2816ca9 + +- Update patches.suse/dmaengine-fsl-qdma-fix-SoC-may-hang-on-16-byte-unali.patch (git-fixes CVE-2024-26790 bsc#1222784) +- commit 0d6086f + +- Update patches.suse/spi-hisi-sfc-v3xx-Return-IRQ_NONE-if-no-interrupts-w.patch (git-fixes CVE-2024-26776 bsc#1222764) +- commit ec068f3 + +- Update to add bsc#1222531, CVE-2024-26756 references, + patches.suse/md-Don-t-register-sync_thread-for-reshape-directly-ad39.patch + (bsc#1219596, bsc#1222531, CVE-2024-26756). +- commit de5884e + +- Update to add bsc#1222527, CVE-2024-26757 references, + patches.suse/md-Don-t-ignore-read-only-array-in-md_check_recovery-55a4.patch + (bsc#1219596, bsc#1222527, CVE-2024-26757). +- commit 0b6b491 + +- Update to add bsc# and CVE tags, + patches.suse/dm-crypt-dm-verity-disable-tasklets-0a9b.patch + (bsc#1222416, CVE-2024-26718). +- commit 59bf5a5 + +- Update to add bsc# and CVE tags, + patches.suse/dm-crypt-don-t-modify-the-data-when-using-authentica-50c7.patch + (bsc#1222720, CVE-2024-26763). +- commit 710cd5e + +- Update patches.suse/ARM-ep93xx-Add-terminator-to-gpiod_lookup_table.patch (git-fixes CVE-2024-26751 bsc#1222724) +- commit a85b7fa + +- Update patches.suse/dmaengine-ti-edma-Add-some-null-pointer-checks-to-th.patch (git-fixes CVE-2024-26771 bsc#1222610) +- commit b7bab4f + +- Update + patches.suse/gtp-fix-use-after-free-and-null-ptr-deref-in-gtp_gen.patch + (git-fixes CVE-2024-26754 bsc#1222632). +- commit 0bddcea + +- Update + patches.suse/crypto-arm64-neonbs-fix-out-of-bounds-access-on-shor.patch + (git-fixes CVE-2024-26789 bsc#1222626). +- commit 9c3828e + +- KVM: arm64: pmu: Resync EL0 state on counter rotation + (bsc#1219475). +- commit 99d8e75 + +- KVM: arm64: Always invalidate TLB for stage-2 permission faults + (bsc#1219478). +- commit 1762ca5 + +- Update + patches.suse/usb-cdns3-fixed-memory-use-after-free-at-cdns3_gadge.patch + (git-fixes CVE-2024-26749 bsc#1222680). +- commit e627f8d + +- Update + patches.suse/powerpc-pseries-iommu-IOMMU-table-is-not-initialized.patch + (bsc#1220492 ltc#205270 CVE-2024-26745 bsc#1222678). +- commit 6398fc1 + +- Update + patches.suse/l2tp-pass-correct-message-length-to-ip6_append_data.patch + (bsc#1220419 CVE-2024-26752 bsc#1222667). +- commit 1a3becd + +- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc + (bsc#1222619). +- commit a9c1ee0 + +- Update + patches.suse/crypto-arm64-neonbs-fix-out-of-bounds-access-on-shor.patch + (git-fixes CVE-2024-26789). +- commit 270f850 + +- Update + patches.suse/usb-cdns3-fix-memory-double-free-when-handle-zero-pa.patch + (bsc#1222513 CVE-2024-26748). + Added CVE references +- commit b3e425f + +- Update + patches.suse/usb-dwc3-gadget-Fix-NULL-pointer-dereference-in-dwc3.patch + (bsc#1222561 CVE-2024-26715). + Added CVE reference +- commit ebacab7 + +- Update + patches.suse/powerpc-pseries-iommu-DLPAR-add-doesn-t-completely-i.patch + (bsc#1215199 bsc#1219077 ltc#204477 CVE-2024-26738). +- commit d6e4ef3 + +- Update + patches.suse/drm-amd-display-Fix-array-index-out-of-bounds-in-dcn.patch + (git-fixes CVE-2024-26699 bsc#1222602). +- commit f52d16e + +- Update + patches.suse/crypto-virtio-akcipher-Fix-stack-overflow-on-memcpy.patch + (git-fixes CVE-2024-26753 bsc#1222601). +- commit 0099199 + +- Update + patches.suse/ceph-prevent-use-after-free-in-encode_cap_msg.patch + (bsc#1221391 CVE-2024-26689). +- commit 8a44287 + +- Update + patches.suse/btrfs-do-not-ASSERT-if-the-newly-created-subvolume-a.patch + (bsc#1219126 CVE-2024-26727 bsc#1222536). +- commit 7bb93e9 + +- Update + patches.suse/net-mlx5-DPLL-Fix-possible-use-after-free-after-dela.patch + (git-fixes CVE-2024-26724 bsc#1222523). +- commit bb60edc + +- Update + patches.suse/ASoC-rt5645-Fix-deadlock-in-rt5645_jack_detect_work.patch + (git-fixes CVE-2024-26722 bsc#1222520). +- commit f0aaca0 + +- Update + patches.suse/netdevsim-avoid-potential-loop-in-nsim_dev_trap_repo.patch + (git-fixes CVE-2024-26681 bsc#1222431). +- commit 12b3ceb + +- Update patches.suse/wifi-iwlwifi-fix-double-free-bug.patch + (git-fixes CVE-2024-26694 bsc#1222466). +- commit 5048255 + +- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super + (bsc#1219264 CVE-2024-0841). +- commit 440934e + +- Update + patches.suse/HID-i2c-hid-of-fix-NULL-deref-on-failed-power-up.patch + (git-fixes CVE-2024-26717 bsc#1222360). +- Update + patches.suse/arm64-entry-fix-ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD.patch + (git-fixes CVE-2024-26670 bsc#1222356). +- Update + patches.suse/crypto-ccp-Fix-null-pointer-dereference-in-__sev_pla.patch + (git-fixes CVE-2024-26695 bsc#1222373). +- Update + patches.suse/dpll-fix-possible-deadlock-during-netlink-dump-opera.patch + (jsc#PED-6079 CVE-2024-26725 bsc#1222369). +- Update + patches.suse/drm-amd-display-Add-NULL-test-for-timing-generator-i.patch + (git-fixes CVE-2024-26661 bsc#1222323). +- Update + patches.suse/drm-amd-display-Fix-panel_cntl-could-be-null-in-dcn2.patch + (git-fixes CVE-2024-26662 bsc#1222324). +- Update + patches.suse/drm-amd-display-Implement-bounds-check-for-stream-en.patch + (git-fixes CVE-2024-26660 bsc#1222266). +- Update + patches.suse/drm-amd-display-fix-null-pointer-dereference-on-edid.patch + (git-fixes CVE-2024-26728 bsc#1222370). +- Update + patches.suse/drm-amdgpu-Fix-variable-mca_funcs-dereferenced-befor.patch + (git-fixes CVE-2024-26672 bsc#1222358). +- Update + patches.suse/drm-i915-dsc-Fix-the-macro-that-calculates-DSCC_-DSC.patch + (git-fixes CVE-2024-26721 bsc#1222365). +- Update + patches.suse/drm-msm-dpu-check-for-valid-hw_pp-in-dpu_encoder_hel.patch + (git-fixes CVE-2024-26667 bsc#1222331). +- Update + patches.suse/hwmon-coretemp-Fix-out-of-bounds-memory-access.patch + (git-fixes CVE-2024-26664 bsc#1222355). +- Update + patches.suse/lan966x-Fix-crash-when-adding-interface-under-a-lag.patch + (git-fixes CVE-2024-26723 bsc#1222367). +- Update + patches.suse/mm-writeback-fix-possible-divide-by-zero-in-wb_dirty_limits-again.patch + (git-fixes CVE-2024-26720 bsc#1222364). +- Update + patches.suse/msft-hv-2940-hv_netvsc-Fix-race-condition-between-netvsc_probe-an.patch + (git-fixes CVE-2024-26698 bsc#1222374). +- Update + patches.suse/sr9800-Add-check-for-usbnet_get_endpoints.patch + (git-fixes CVE-2024-26651 bsc#1221337). +- Update + patches.suse/usb-core-Prevent-null-pointer-dereference-in-update_.patch + (git-fixes CVE-2024-26716 bsc#1222359). +- Update + patches.suse/wifi-mac80211-fix-RCU-use-in-TDLS-fast-xmit.patch + (git-fixes CVE-2024-26666 bsc#1222293). +- Update + patches.suse/xhci-handle-isoc-Babble-and-Buffer-Overrun-events-pr.patch + (git-fixes CVE-2024-26659 bsc#1222317). +- commit 967a843 + +- Update + patches.suse/KVM-s390-vsie-fix-race-during-shadow-creation.patch + (git-fixes bsc#1219810 CVE-2023-52639 bsc#1222300). +- Update + patches.suse/can-j1939-Fix-UAF-in-j1939_sk_match_filter-during-se.patch + (git-fixes CVE-2023-52637 bsc#1222291). +- Update + patches.suse/can-j1939-prevent-deadlock-by-changing-j1939_socks_l.patch + (git-fixes CVE-2023-52638 bsc#1222299). +- Update + patches.suse/drm-amd-display-Fix-disable_otg_wa-logic.patch + (git-fixes CVE-2023-52634 bsc#1222278). +- Update + patches.suse/drm-amd-display-Refactor-DMCUB-enter-exit-idle-inter.patch + (git-fixes CVE-2023-52625 bsc#1222085). +- Update + patches.suse/drm-amd-display-Wake-DMCUB-before-executing-GPINT-co.patch + (git-fixes CVE-2023-52624 bsc#1222083). +- Update + patches.suse/drm-amdkfd-Fix-lock-dependency-warning-with-srcu.patch + (git-fixes CVE-2023-52632 bsc#1222274). +- Update + patches.suse/libceph-just-wait-for-more-data-to-be-available-on-th.patch + (bsc#1221390 CVE-2023-52636 bsc#1222247). +- Update + patches.suse/netfilter-nftables-exthdr-fix-4-byte-stack-OOB-write.patch + (CVE-2023-4881 bsc#1215221 CVE-2023-52628 bsc#1222117). +- commit dc877fc + +- net: pds_core: Fix possible double free in error handling path + (git-fixes). +- commit 2613145 + multipath-tools +- Update to version 0.9.8+88+suse.d504d83: + * Revert "libmultipath: fix max_sectors_kb on adding path" + (bsc#1222458) + +- Update to version 0.9.8+87+suse.f72b9f3: + * fix misspelled DM_UDEV_DISABLE_OTHER_RULES_FLAG in udev rules + (bsc#1220810) + +- Remove libmpathpersist-example-old.c, which has been obsolete + since multipath-tools 0.8.6. + +- Update to version 0.9.8+83+suse.bcae610 (bsc#1220374) + * multipath-tools: added NEWS.md + openssh +- Make openssh-server recommend the openssh-server-config-rootlogin + package in SLE in order to keep the same behaviour of previous + SPs where the PermitRootLogin default was set to yes + (bsc#1221005). +- Fix crypto-policies requirement to be set by openssh-server, not + the config-rootlogin subpackage. +- Add back %config(noreplace) tag for more config files that were + already set like this in previous SPs. + +- Fix duplicate loading of dropins. (boo#1222467) + patterns-fonts +- Update patterns-fonts.spec: + Add google-noto-sans-symbols-fonts google-noto-sans-symbols2-fonts + to default installation, to enable terminal display special + characters (bsc#1219553). + plasma5-workspace +- Remove leftover %_plasma5_bugfix override (boo#1223149) + virt-v2v +- Add Requires for dhcp-client +- Add conditional x86_64 arch Requires for nbdkit-vddk-plugin + +- bsc#1223093 - virt-v2v needs nbdkit and libnbd on SLE15-SP6 to + function correctly + Add Requires on libnbd and all nbdkit packages. The nbdkit + packages are required for remote execution. + Added Requires on btrfsprogs + +- Add Requires on gptfdisk and libguestfs-winsupport for + converting windows VMs. +