Oracle Errata System Oracle Linux 5.11 2024-09-21T19:10:12 Oracle Linux 8 [7.5.9-5] - resolve CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-44716 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [1.20.4-17] - CVE fix for: CVE-2021-4008 (#2030161), CVE-2021-4009 (#2030171), CVE-2021-4010 (#2030176), CVE-2021-4011 (#2030180) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-4010 CVE-2021-4008 CVE-2021-4009 CVE-2021-4011 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [2.28.2-3] - Fix CVE-2021-30858 - Resolves: #2006421 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-30858 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [3.10.0-1160.53.1.OL7] - Update Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.9 - Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin) [3.10.0-1160.53.1] - fuse: fix live lock in fuse_iget() (Miklos Szeredi) [1952046] - fuse: fix bad inode (Miklos Szeredi) [1952046] - GFS2: Truncate address space mapping when deleting an inode (Bob Peterson) [1364234] - gfs2: Fix gfs2_testbit to use clone bitmaps (Bob Peterson) [1364234] - gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps (Bob Peterson) [1364234] - gfs2: Fix oversight in gfs2_ail1_flush (Bob Peterson) [1364234] - gfs2: Additional information when gfs2_ail1_flush withdraws (Bob Peterson) [1364234] - gfs2: leaf_dealloc needs to allocate one more revoke (Bob Peterson) [1364234] - gfs2: allow journal replay to hold sd_log_flush_lock (Bob Peterson) [1364234] - gfs2: don't allow releasepage to free bd still used for revokes (Bob Peterson) [1364234] - gfs2: flesh out delayed withdraw for gfs2_log_flush (Bob Peterson) [1364234] - gfs2: Do proper error checking for go_sync family of glops functions (Bob Peterson) [1364234] - gfs2: drain the ail2 list after io errors (Bob Peterson) [1364234] - gfs2: Withdraw in gfs2_ail1_flush if write_cache_pages fails (Bob Peterson) [1364234] - gfs2: Do log_flush in gfs2_ail_empty_gl even if ail list is empty (Bob Peterson) [1364234] - gfs2: Check for log write errors before telling dlm to unlock (Bob Peterson) [1364234] - gfs2: Prepare to withdraw as soon as an IO error occurs in log write (Bob Peterson) [1364234] - gfs2: Issue revokes more intelligently (Bob Peterson) [1364234] - gfs2: Add verbose option to check_journal_clean (Bob Peterson) [1364234] - gfs2: fix infinite loop when checking ail item count before go_inval (Bob Peterson) [1364234] - gfs2: Force withdraw to replay journals and wait for it to finish (Bob Peterson) [1364234] - gfs2: Allow some glocks to be used during withdraw (Bob Peterson) [1364234] - gfs2: move check_journal_clean to util.c for future use (Bob Peterson) [1364234] - gfs2: Ignore dlm recovery requests if gfs2 is withdrawn (Bob Peterson) [1364234] - gfs2: Only complain the first time an io error occurs in quota or log (Bob Peterson) [1364234] - gfs2: log error reform (Bob Peterson) [1364234] - gfs2: Rework how rgrp buffer_heads are managed (Bob Peterson) [1364234] - gfs2: clear ail1 list when gfs2 withdraws (Bob Peterson) [1364234] - gfs2: Introduce concept of a pending withdraw (Bob Peterson) [1364234] - gfs2: Return bool from gfs2_assert functions (Bob Peterson) [1364234] - gfs2: Turn gfs2_consist into void functions (Bob Peterson) [1364234] - gfs2: Remove usused cluster_wide arguments of gfs2_consist functions (Bob Peterson) [1364234] - gfs2: Report errors before withdraw (Bob Peterson) [1364234] - gfs2: Split gfs2_lm_withdraw into two functions (Bob Peterson) [1364234] - gfs2: Fix incorrect variable name (Bob Peterson) [1364234] - gfs2: Don't write log headers after file system withdraw (Bob Peterson) [1364234] - gfs2: clean up iopen glock mess in gfs2_create_inode (Bob Peterson) [1364234] - gfs2: Close timing window with GLF_INVALIDATE_IN_PROGRESS (Bob Peterson) [1364234] - gfs2: fix infinite loop in gfs2_ail1_flush on io error (Bob Peterson) [1364234] - gfs2: Introduce function gfs2_withdrawn (Bob Peterson) [1364234] - gfs2: replace more printk with calls to fs_info and friends (Bob Peterson) [1364234] - gfs2: dump fsid when dumping glock problems (Bob Peterson) [1364234] - gfs2: simplify gfs2_freeze by removing case (Bob Peterson) [1364234] - gfs2: Rename SDF_SHUTDOWN to SDF_WITHDRAWN (Bob Peterson) [1364234] - gfs2: Warn when a journal replay overwrites a rgrp with buffers (Bob Peterson) [1364234] - gfs2: log which portion of the journal is replayed (Bob Peterson) [1364234] - gfs2: slow the deluge of io error messages (Bob Peterson) [1364234] - gfs2: Don't withdraw under a spin lock (Bob Peterson) [1364234] - GFS2: Clear gl_object when deleting an inode in gfs2_delete_inode (Bob Peterson) [1364234] - gfs2: Use fs_* functions instead of pr_* function where we can (Bob Peterson) [1364234] more consistently (Bob Peterson) [1364234] [3.10.0-1160.52.1] - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (David Arcari) [2019588] - x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (David Arcari) [2019218] - x86/cpu/AMD: Fix erratum 1076 (CPB bit) (David Arcari) [2019218] - i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps (Stefan Assmann) [1977246] - i40e: Fix virtchnl_queue_select bitmap validation (Stefan Assmann) [1977246] [3.10.0-1160.51.1] - mm, fs: Fix do_generic_file_read() error return (Carlos Maiolino) [2020857] - perf/core: Fix a memory leak in perf_event_parse_addr_filter() (Michael Petlan) [1901932] [3.10.0-1160.50.1] - tcp: grow window for OOO packets only for SACK flows (Guillaume Nault) [1990665] - scsi: mpt3sas: Fix unlock imbalance (Tomas Henzl) [2006536] - pci-hyperv: Fix setting CPU affinity on Azure (Vitaly Kuznetsov) [2019272] - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (Lucas Zampieri) [1956471] {CVE-2021-42739} MODERATE Copyright 2022 Oracle, Inc. CVE-2020-25704 CVE-2020-36322 CVE-2021-42739 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1.0.2k-23] - fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings - Resolves: rhbz#1996054 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-3712 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [91.5.0-1.0.2] - Enabled aarch64 builds [91.5.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.5.0-1] - Update to 91.5.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-22740 CVE-2022-22747 CVE-2022-22748 CVE-2022-22743 CVE-2022-22737 CVE-2022-22738 CVE-2022-22741 CVE-2022-22742 CVE-2022-22751 CVE-2022-22739 CVE-2022-22745 CVE-2021-4140 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [91.5.0-1.0.2] - Removed aarch64 exclusion. [91.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [91.5.0-1] - Update to 91.5.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-22741 CVE-2022-22742 CVE-2022-22740 CVE-2022-22737 CVE-2022-22748 CVE-2021-4140 CVE-2022-22743 CVE-2022-22751 CVE-2022-22739 CVE-2022-22745 CVE-2022-22747 CVE-2022-22738 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [91.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [91.5.0-1] - Update to 91.5.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-22741 CVE-2022-22745 CVE-2022-22748 CVE-2022-22751 CVE-2022-22740 CVE-2022-22743 CVE-2022-22738 CVE-2022-22742 CVE-2021-4140 CVE-2022-22739 CVE-2022-22737 CVE-2022-22747 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [91.5.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.5.0-1] - Update to 91.5.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-22747 CVE-2022-22737 CVE-2022-22751 CVE-2021-4140 CVE-2022-22740 CVE-2022-22739 CVE-2022-22741 CVE-2022-22748 CVE-2022-22742 CVE-2022-22743 CVE-2022-22738 CVE-2022-22745 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [2.4.6-97.0.5.4] - mod_session: save one apr_strtok() [Orabug: 33338149][CVE-2021-26690] - replace index.html with Oracle's index page oracle_index.html [2.4.6-97.4] - Resolves: #2031072 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests - Resolves: #2031074 - CVE-2021-39275 httpd: out-of-bounds write in ap_escape_quotes() via malicious input - Resolves: #1969226 - CVE-2021-26691 httpd: Heap overflow in mod_session [2.4.6-97.3] - Resolves: #2035058 - CVE-2021-44790 httpd: mod_lua: possible buffer overflow when parsing multipart content IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-26691 CVE-2021-44790 CVE-2021-34798 CVE-2021-39275 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [1:17.0.2.0.8-4] - Fix FIPS issues in native code and with initialisation of java.security.Security - Related: rhbz#2039366 [1:17.0.2.0.8-3] - Update tapsets from IcedTea 6.x repository with fix for JDK-8015774 changes (_heap->_heaps) and @JAVA_SPEC_VER@ - Update icedtea_sync.sh with a VCS mode that retrieves sources from a Mercurial repository - Related: rhbz#2039366 [1:17.0.2.0.8-2] - Sync desktop files with upstream IcedTea release 3.15.0 using new script - Related: rhbz#2039366 [1:17.0.2.0.8-1] - January 2022 security update to jdk 17.0.2+8 - Rebase RH1995150 & RH1996182 patches following JDK-8275863 addition to module-info.java - Rename libsvml.so to libjsvml.so following JDK-8276025 - ** This tarball is embargoed until 2022-01-18 @ 1pm PT. ** - Resolves: rhbz#2039366 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-21294 CVE-2022-21299 CVE-2022-21283 CVE-2022-21248 CVE-2022-21291 CVE-2022-21340 CVE-2022-21305 CVE-2022-21277 CVE-2022-21282 CVE-2022-21365 CVE-2022-21296 CVE-2022-21293 CVE-2022-21341 CVE-2022-21360 CVE-2022-21366 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 7 [0.2.0-19.1] - fix CVE-2021-45463 (#2035416) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-45463 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [0.4.4-6.2] - spec bump because of build pipeline issues [0.4.4-6.1] - Fix CVE-2021-45463 (#2035423) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-45463 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1:11.0.14.0.9-2] - Fix FIPS issues in native code and with initialisation of java.security.Security - Related: rhbz#2039366 [1:11.0.14.0.9-1] - Update to jdk-11.0.14.0+9 - Update release notes to 11.0.14.0+9 - Switch to GA mode for final release. - This tarball is embargoed until 2022-01-18 @ 1pm PT. - Resolves: rhbz#2039366 [1:11.0.14.0.8-0.1.ea] - Update to jdk-11.0.14.0+8 - Update release notes to 11.0.14.0+8 - Switch to EA mode for 11.0.14 pre-release builds. - Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le. - Rename blacklisted.certs to blocked.certs following JDK-8253866 - Rebase RH1996182 login patch and drop redundant security policy extension after JDK-8269034 - Related: rhbz#2039366 [1:11.0.14.0.8-0.1.ea] - Replaced hardcoded 11 by featurever where appropriate - Fixed comment of to correct - Related: rhbz#2039366 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-21248 CVE-2022-21277 CVE-2022-21305 CVE-2022-21282 CVE-2022-21340 CVE-2022-21365 CVE-2022-21341 CVE-2022-21293 CVE-2022-21294 CVE-2022-21291 CVE-2022-21299 CVE-2022-21360 CVE-2022-21366 CVE-2022-21283 CVE-2022-21296 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [4.18.0-348.12.2_5.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-11.0.5 [4.18.0-348.12.2_5] - vfs: Out-of-bounds write of heap buffer in fs_context.c (Frantisek Hrbata) [2040585 2040586] {CVE-2022-0185} - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Bruno Meneguele) [2034864 2034865] {CVE-2021-4155} [4.18.0-348.12.1_5] - tcp: don't free a FIN sk_buff in tcp_remove_empty_skb() (Guillaume Nault) [2021574 2016210] - kernel.spec: Add support to use vmlinux.h (Jiri Olsa) [2031053 1989087] - spec: Add vmlinux.h to kernel-devel package (Jiri Olsa) [2031053 1989087] - x86/mce: Avoid infinite loop for copy from user recovery (Prarit Bhargava) [2008789 1999550] - x86/mce: Rename kill_it to kill_current_task (Prarit Bhargava) [2008789 1999550] - x86/mce: Recover from poison found while copying from user space (Prarit Bhargava) [2008789 1999550] - x86/mce: Delay clearing IA32_MCG_STATUS to the end of do_machine_check() (Prarit Bhargava) [2008789 1999550] - x86/mce: Send #MC singal from task work (Prarit Bhargava) [2008789 1999550] [4.18.0-348.11.1_5] - blk-mq: avoid to iterate over stale request (Ming Lei) [2034396 1997338] - rcu: Tighten rcu_advance_cbs_nowake() checks (Daniel Vacek) [2032579 2013408] [4.18.0-348.10.1_5] - selftests: add a test case for mirred egress to ingress (Xin Long) [2024411 1983894] - net: sched: act_mirred: drop dst for the direction from egress to ingress (Xin Long) [2024411 1983894] [4.18.0-348.9.1_5] - ixgbe: Revert 'bpf, devmap: Move drop error path to devmap for XDP_REDIRECT' (Ken Cox) [2029845 2024240] - i40e: Revert 'bpf, devmap: Move drop error path to devmap for XDP_REDIRECT' (Stefan Assmann) [2029845 2024225] - rcu/nocb: Perform deferred wake up before last idle's need_resched() check (Waiman Long) [2029449 2008340] [4.18.0-348.8.1_5] - ice: Fix VF true promiscuous mode (Jonathan Toppins) [2026698 1970643] - ice: Remove toggling of antispoof for VF trusted promiscuous mode (Jonathan Toppins) [2026698 1970643] - ice: Fix replacing VF hardware MAC to existing MAC filter (Jonathan Toppins) [2026698 1970643] - ice: Fix not stopping Tx queues for VFs (Jonathan Toppins) [2026698 1970643] - ice: Fix race conditions between virtchnl handling and VF ndo ops (Jonathan Toppins) [2026698 1970643] - net/netif_receive_skb_core: Use migrate_disable() (Luis Claudio R. Goncalves) [2027689 2024168] - crypto: jitter - consider 32 LSB for APT (Herbert Xu) [2029365 1994390] - xfs: fix I_DONTCACHE (Carlos Maiolino) [2028534 2024969] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-4155 CVE-2022-0185 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::codeready_builder cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 8 [4.4-4.0.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.4-4] - Resolves: rhbz#2036902 rebuild to enable rpminspect [4.4-3] - Resolves: rhbz#2036902: fix patch application [4.4-2] - Resolves: rhbz#2036902 ikev1: disable diagnostics logging on receiving malformed packets IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-23094 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [1:11.0.14.0.9-1.0.1] - link atomic for ix86 build [1:11.0.14.0.9-1] - Update to jdk-11.0.14.0+9 - Update release notes to 11.0.14.0+9 - Switch to GA mode for final release. - This tarball is embargoed until 2022-01-18 @ 1pm PT. - Resolves: rhbz#2039366 [1:11.0.14.0.8-0.1.ea] - Update to jdk-11.0.14.0+8 - Update release notes to 11.0.14.0+8 - Switch to EA mode for 11.0.14 pre-release builds. - Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le. - Rename blacklisted.certs to blocked.certs following JDK-8253866 - Resolves: rhbz#2022810 [1:11.0.14.0.8-0.1.ea] - Replaced hardcoded 11 by featurever where appropriate - Fixed comment of to correct - Related: rhbz#2022810 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-21291 CVE-2022-21340 CVE-2022-21248 CVE-2022-21294 CVE-2022-21305 CVE-2022-21365 CVE-2022-21366 CVE-2022-21277 CVE-2022-21299 CVE-2022-21283 CVE-2022-21296 CVE-2022-21341 CVE-2022-21282 CVE-2022-21293 CVE-2022-21360 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 httpd [2.4.37-43.1.0.1] - scoreboard: fix null pointer deference [Orabug: 33690670][CVE-2021-34798] - fix ap_escape_quote logic [Orabug: 33690686][CVE-2021-39275] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracle's index page oracle_index.html. [2.4.37-43.1] - Resolves: #2035062 - CVE-2021-44790 httpd:2.4/httpd: mod_lua: possible buffer overflow when parsing multipart content mod_http2 [1.15.7-3] - Resolves: #1869077 - CVE-2020-11993 httpd:2.4/mod_http2: httpd: mod_http2 concurrent pool usage IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-44790 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [0.115-13.0.1] - Increase timeout to avoid defunct processes [Orabug: 26930744] [0.115-13.el8_5.1] - pkexec: argv overflow results in local privilege esc. - Resolves: CVE-2021-4034 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-4034 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 7 [0.112-26.0.1] - Increase timeout to avoid defunct processes [Orabug: 26930744] [0.112-26.1] - pkexec: argv overflow results in local privilege esc. - Resolves: CVE-2021-4034 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-4034 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 8 parfait [0.5.4-4] - Obsolete (remove) vulnerable versions of log4j12 (NVR < 1.2.17-23) when upgrading to parfait 0.5.4-4 (CVE-2021-4104) [0.5.4-3] - Drop all code explicitly using Log4J (BZ 2032158) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-23305 CVE-2022-23302 CVE-2022-23307 CVE-2021-4104 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_beta cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 7 [1:1.8.0.322.b06-1] - Update to aarch64-shenandoah-jdk8u322-b06 (EA) - Update release notes for 8u322-b06. - Switch to GA mode for final release. - Require tzdata 2021e as of JDK-8275766. - Update tarball generation script to use git following shenandoah-jdk8u's move to github - Resolves: rhbz#2039366 [1:1.8.0.322.b04-0.1.ea] - Update to aarch64-shenandoah-jdk8u322-b04 (EA) - Update release notes for 8u322-b04. - Require tzdata 2021c as of JDK-8274407. - Switch to EA mode. - Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le. - Related: rhbz#2022809 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-21248 CVE-2022-21296 CVE-2022-21305 CVE-2022-21294 CVE-2022-21341 CVE-2022-21365 CVE-2022-21283 CVE-2022-21340 CVE-2022-21299 CVE-2022-21360 CVE-2022-21282 CVE-2022-21293 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [1:1.8.0.322.b06-2] - Fix FIPS issues in native code and with initialisation of java.security.Security - Related: rhbz#2039366 [1:1.8.0.322.b06-1] - Update to aarch64-shenandoah-jdk8u322-b06 (EA) - Update release notes for 8u322-b06. - Switch to GA mode for final release. - Require tzdata 2021e as of JDK-8275766. - Update tarball generation script to use git following shenandoah-jdk8u's move to github - Resolves: rhbz#2039366 [1:1.8.0.322.b04-0.2.ea] - Add backport of JDK-8279077 to fix crash on ppc64 - Resolves: rhbz#2030399 [1:1.8.0.322.b04-0.1.ea] - Update to aarch64-shenandoah-jdk8u322-b04 (EA) - Update release notes for 8u322-b04. - Require tzdata 2021c as of JDK-8274407. - Switch to EA mode. - Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le. - Related: rhbz#2039366 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-21365 CVE-2022-21299 CVE-2022-21360 CVE-2022-21282 CVE-2022-21294 CVE-2022-21296 CVE-2022-21305 CVE-2022-21283 CVE-2022-21341 CVE-2022-21340 CVE-2022-21248 CVE-2022-21293 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.20.1-1.0.1] - Remove Red Hat references [Orabug: 29498217] [1:1.20.1-1] - rebase to 1.20.1 (addressing CVE-2021-23017) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-23017 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [4.10.16-18] - resolves: #2034800 - Fix usermap script regression caused by CVE-2020-25717 - resolves: #2036595 - Fix MIT realm regression caused by CVE-2020-25717 - resolves: #2046148 - Fix CVE-2021-44142 CRITICAL Copyright 2022 Oracle, Inc. CVE-2021-44142 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [4.14.5-9] - resolves: rhbz#2046174 - Fix username map script regression of CVE-2020-25717 - resolves: rhbz#2046160 - Fix possible segfault while joining a domain - resolves: rhbz#2046152 - Fix CVE-2021-44142 [4.14.5-8] - resolves: rhbz#2026717 - Dir containing dangling symlinks cannot be deleted CRITICAL Copyright 2022 Oracle, Inc. CVE-2021-44142 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 8 nodejs [1:14.18.2-2] - Add missing fixes - Resolves: RHBZ#2027642, RHBZ#2027635 [1:14.18.2-1] - Resolves: RHBZ#2027609 - Resolves: RHBZ#2027649, RHBZ#2027646, RHBZ#2027642, RHBZ#2027635 - Rebase to new version to fix CVEs MODERATE Copyright 2022 Oracle, Inc. CVE-2020-28469 CVE-2021-3918 CVE-2021-37701 CVE-2021-22960 CVE-2020-7788 CVE-2021-37712 CVE-2021-22959 CVE-2021-33502 CVE-2021-3807 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [8.0.1763-16.0.1.4] - - Remove upstream references [Orabug: 31197557] [2:8.0.1763-16.4] - CVE-2021-4193 vim: vulnerable to Out-of-bounds Read - CVE-2021-4192 vim: vulnerable to Use After Free [2:8.0.1763-16.3] - 2028341 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-8.6.0] - 2028430 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in src/help.c [rhel-8.6.0] [2:8.0.1763-16.2] - remove the upstream test - uses a feature which is not presented in RHEL 8 [2:8.0.1763-16.1] - CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c [rhel-8.6.0] MODERATE Copyright 2022 Oracle, Inc. CVE-2021-3872 CVE-2021-4192 CVE-2021-4193 CVE-2021-3984 CVE-2021-4019 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 8 [4.14.3-19.2] - Address covscan issues in binding sigs validation patch (#2022537) [4.14.3-19.1] - Validate and require subkey binding sigs on PGP pubkeys (#2022537) - Fixes CVE-2021-3521 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-3521 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 8 [2.3.3-4.1] - patch: fix CVE-2021-4122. - Resolves: #2036906 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-4122 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 8 varnish [6.0.8-1.1] - Resolves: #2047648 - CVE-2022-23959 varnish:6/varnish: Varnish HTTP/1 Request Smuggling Vulnerability varnish-modules [0.15.0-6] - Related: #1982862 - rebuild for new varnish version IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-23959 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [0.16.14.1] - backported fix for CVE-2021-45417 resolves: rhbz#2041956 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-45417 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 Oracle Linux 7 [0:1.2.17-18] - Fix Unsafe deserialization flaw in Chainsaw log viewer - Fix SQL injection when application is configured to use JDBCAppender - Fix remote code execution when application is configured to use JMSSink - Resolves: CVE-2022-23307, CVE-2022-23305, CVE-2022-23302 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [0.15.1-13.0.1] - Fix sha256 and sha512 output length [Orabug: 30820565] [0.15.1.1] - backported fix for CVE-2021-45417 resolves: rhbz#2041952 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-45417 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 8 [5.0.211-1.0.1] - Support AArch64 on Oracle Linux [Orabug: 32738620] - Include new Oracle Linux runtime IDs Add 1000-Add-missing-OL-RIDs.patch [5.0.211-1] - Update to .NET SDK 5.0.211 and Runtime 5.0.14 - Resolves: RHBZ#2047767 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21986 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [6.0.102-1.0.1] - Add missing Oracle RIDs [6.0.102-1] - Update to .NET SDK 6.0.102 and Runtime 6.0.2 - Resolves: RHBZ#2048257 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21986 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [91.6.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.6.0-1] - Update to 91.6.0 build1 [91.5.0-2] - Use default update channel to fix non working enterprise policies: rhbz#2044667 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-22761 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22764 CVE-2022-22763 CVE-2022-22754 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [91.6.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Enabled aarch64 build [91.6.0-1] - Update to 91.6.0 build1 [91.5.0-2] - Use default update channel to fix non working enterprise policies: rhbz#2044667 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-22759 CVE-2022-22761 CVE-2022-22754 CVE-2022-22756 CVE-2022-22760 CVE-2022-22763 CVE-2022-22764 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [91.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [91.6.0-1] - Update to 91.6.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-22756 CVE-2022-22760 CVE-2022-22763 CVE-2022-22754 CVE-2022-22761 CVE-2022-22764 CVE-2022-22759 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [91.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [91.6.0-1] - Update to 91.6.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-22761 CVE-2022-22763 CVE-2022-22754 CVE-2022-22760 CVE-2022-22756 CVE-2022-22764 CVE-2022-22759 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 ruby [2.6.9-108] - Upgrade to Ruby 2.6.9. - Skip JIT tests in RHEL 8. - Fix the issues required to start the 'make test-bundler' itself. - Fix Bundler dependency confusion. Resolves: CVE-2020-36327 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-32066 CVE-2021-31799 CVE-2021-41817 CVE-2020-36327 CVE-2021-41819 CVE-2021-31810 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 rubygem-bundler [1.16.1-4] - Fix Bundler dependency confusion. Resolves: CVE-2020-36327 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2020-36327 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 7 [2.0.0-23gitd1c6db8] - Fixup for CVE-2022-22817 - Security fixes for CVE-2022-22815, CVE-2022-22816 Resolves: rhbz#2042522 [2.0.0-22gitd1c6db8] - Fix for CVE-2022-22817 Resolves: rhbz#2042527 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-22816 CVE-2022-22817 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [3.10.0-1160.59.1.OL7] - Update Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.9 - Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin) [3.10.0-1160.59.1] - Revert 'Merge: Fix tasks stuck in IO waiting for buffer_head lock' (Rado Vrbovsky) [2030609] [3.10.0-1160.58.1] - Bluetooth: fix use-after-free error in lock_sock_nested() (Gopal Tiwari) [2005687] - drm/vmwgfx: Fix stale file descriptors on failed usercopy (Dave Airlie) [2047597] {CVE-2022-22942} [3.10.0-1160.57.1] - fix regression in 'epoll: Keep a reference on files added to the check list' (Carlos Maiolino) [2042760] {CVE-2020-0466} - epoll: Keep a reference on files added to the check list (Carlos Maiolino) [2042760] {CVE-2020-0466} - drm/i915: Flush TLBs before releasing backing store (Dave Airlie) [2044319] {CVE-2022-0330} [3.10.0-1160.56.1] - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (Kamal Heib) [1984070] - af_unix: fix garbage collect vs MSG_PEEK (William Zhao) [2031970] {CVE-2021-0920} - selinux: fix race condition when computing ocontext SIDs (Ondrej Mosnacek) [2040196] - Bluetooth: fix the erroneous flush_work() order (Chris von Recklinghausen) [1964556] {CVE-2021-3564} [3.10.0-1160.55.1] - SUNRPC: Fix null rpc_clnt dereference in rpc_task_queued tracepoint (Benjamin Coddington) [2039508] - buffer: eliminate the need to call free_more_memory() in __getblk_slow() (Carlos Maiolino) [2030609] - buffer: grow_dev_page() should use __GFP_NOFAIL for all cases (Carlos Maiolino) [2030609] - buffer: have alloc_page_buffers() use __GFP_NOFAIL (Carlos Maiolino) [2030609] - net: add READ_ONCE() annotation in __skb_wait_for_more_packets() (Sabrina Dubroca) [2033561] - efi: Decode IA32/X64 Context Info structure (Aristeu Rozanski) [1950302] - efi: Decode IA32/X64 MS Check structure (Aristeu Rozanski) [1950302] - efi: Decode additional IA32/X64 Bus Check fields (Aristeu Rozanski) [1950302] - efi: Decode IA32/X64 Cache, TLB, and Bus Check structures (Aristeu Rozanski) [1950302] - efi: Decode UEFI-defined IA32/X64 Error Structure GUIDs (Aristeu Rozanski) [1950302] - efi: Decode IA32/X64 Processor Error Info Structure (Aristeu Rozanski) [1950302] - efi: Decode IA32/X64 Processor Error Section (Aristeu Rozanski) [1950302] - efi: Fix IA32/X64 Processor Error Record definition (Aristeu Rozanski) [1950302] - HID: core: Sanitize event code and type when mapping input (Aristeu Rozanski) [1920848] {CVE-2020-0465} [3.10.0-1160.54.1] - block: queue lock must be acquired when iterating over rls (Ming Lei) [2029574] - Bluetooth: use correct lock to prevent UAF of hdev object (Chris von Recklinghausen) [1968211] {CVE-2021-3573} - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Carlos Maiolino) [2034857] {CVE-2021-4155} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-0920 CVE-2022-0330 CVE-2021-3752 CVE-2022-22942 CVE-2021-3573 CVE-2021-4155 CVE-2020-0465 CVE-2020-0466 CVE-2021-3564 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [2.4.44-25] - Fix CVE-2020-25709 openldap: assertion failure in Certificate List syntax validation (#2040539) - Fix CVE-2020-25710 openldap: assertion failure in CSN normalization with invalid input (#2040538) MODERATE Copyright 2022 Oracle, Inc. CVE-2020-25709 CVE-2020-25710 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 7 [1.3.10.2-15] - Bump version to 1.3.10.2-15 - Resolves: Bug 2049812 - Fix csn generator to limit time skew drift - Resolves: Bug 2048530 - CVE-2021-4091 389-ds-base: double-free of the virtual attribute context in persistent search LOW Copyright 2022 Oracle, Inc. CVE-2021-4091 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [5.1.1-18] - Fixup for CVE-2022-22817 - Security fixes for CVE-2022-22815, CVE-2022-22816 Resolves: rhbz#2042522 [5.1.1-17] - Fix for CVE-2022-22817 Resolves: rhbz#2042527 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-22817 CVE-2022-22816 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [2.1.27-6] - Fix for CVE-2022-24407 - Resolves: rhbz#2055846 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-24407 cpe:/a:oracle:linux:8::appstream_developer cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/o:oracle:linux:8:6:baseos_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:5:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/o:oracle:linux:8:8:baseos_base cpe:/o:oracle:linux:8:9:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8:7:baseos_base cpe:/o:oracle:linux:8::baseos_developer Oracle Linux 7 [2.1.26-24.0.1] - Check against gssapi null pointer [Orabug: 33270138] [2.1.26-24] - Fix for CVE-2022-24407 - Resolves: rhbz#2055842 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-24407 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 8 ruby [2.5.9-109.0.1] - Rebuild with a dependency containing fix for Orabug: 33921593 [2.5.9-109] - Properly fix command injection vulnerability in Rdoc. Related: CVE-2021-31799 [2.5.9-108] - Fix command injection vulnerability in RDoc. Resolves: CVE-2021-31799 - Fix StartTLS stripping vulnerability in Net::IMAP Resolves: CVE-2021-32066 - Fix FTP PASV command response can cause Net::FTP to connect to arbitrary host. Resolves: CVE-2021-31810 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-32066 CVE-2021-31799 CVE-2021-31810 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 ruby [2.5.9-109] - Properly fix command injection vulnerability in Rdoc. Related: CVE-2021-31799 [2.5.9-108] - Fix command injection vulnerability in RDoc. Resolves: CVE-2021-31799 - Fix StartTLS stripping vulnerability in Net::IMAP Resolves: CVE-2021-32066 - Fix FTP PASV command response can cause Net::FTP to connect to arbitrary host. Resolves: CVE-2021-31810 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-31810 CVE-2021-31799 CVE-2021-32066 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [91.7.0-3.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.7.0-3] - Update to 91.7.0 build3 [91.7.0-2] - Added expat backports of CVE-2022-25235, CVE-2022-25236 and CVE-2022-25315 [91.7.0-1] - Update to 91.7.0 build2 [91.6.0-2] - Install langpacks to the browser/extensions to make them available in UI: rhbz#2030190 CRITICAL Copyright 2022 Oracle, Inc. CVE-2022-25315 CVE-2022-26383 CVE-2022-25236 CVE-2022-25235 CVE-2022-26381 CVE-2022-26486 CVE-2022-26387 CVE-2022-26485 CVE-2022-26384 CVE-2022-26386 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [91.7.0-3.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Enabled aarch64 build [91.7.0-3] - Update to 91.7.0 build3 [91.7.0-2] - Added expat backports of CVE-2022-25235, CVE-2022-25236 and CVE-2022-25315 [91.7.0-1] - Update to 91.7.0 build2 [91.6.0-2] - Install langpacks to the browser/extensions to make them available in UI: rhbz#2030190 CRITICAL Copyright 2022 Oracle, Inc. CVE-2022-25235 CVE-2022-25236 CVE-2022-26486 CVE-2022-26384 CVE-2022-26387 CVE-2022-26386 CVE-2022-26383 CVE-2022-25315 CVE-2022-26381 CVE-2022-26485 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [4.18.0-348.20.1_5.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-11.0.5 [4.18.0-348.20.1_5] - lib/iov_iter: initialize 'flags' in new pipe_buffer (Jan Stancek) [2060874 2060875] {CVE-2022-0847} [4.18.0-348.19.1_5] - tipc: improve size validations for received domain records (Xin Long) [2048970 2048971] {CVE-2022-0435} - smb3: do not error on fsync when readonly (Ronnie Sahlberg) [2055824 2037811] - security: implement sctp_assoc_established hook in selinux (Ondrej Mosnacek) [2054112 2054117 2015525 2048251] - security: add sctp_assoc_established hook (Ondrej Mosnacek) [2054112 2054117 2015525 2048251] - security: call security_sctp_assoc_request in sctp_sf_do_5_1D_ce (Ondrej Mosnacek) [2054112 2054117 2015525 2048251] - security: pass asoc to sctp_assoc_request and sctp_sk_clone (Bruno Meneguele) [2054112 2054117 2015525 2048251] - net: sctp: Fix some typos (Ondrej Mosnacek) [2054112 2054117 2015525 2048251] - RDMA/bnxt_re: Fix stats counters (Selvin Xavier) [2049684 2001893] - net: check skb sec_path when re-initializing slow_gro in gro_list_prepare (Xin Long) [2047427 2030476] - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (David Arcari) [2036888 2003695] [4.18.0-348.18.1_5] - selftests: kvm: Check whether SIDA memop fails for normal guests (Thomas Huth) [2050806 2050807] {CVE-2022-0516} - KVM: s390: Return error on SIDA memop on normal guest (Thomas Huth) [2050806 2050807] {CVE-2022-0516} - iommu/amd: Remove iommu_init_ga() (Jerry Snitselaar) [2030854 1998265] - iommu/amd: Relocate GAMSup check to early_enable_iommus (Jerry Snitselaar) [2030854 1998265] [4.18.0-348.17.1_5] - vfs: check dentry is still valid in get_link() (Ian Kent) [2052558 2014846] - xfs: don't expose internal symlink metadata buffers to the vfs (Brian Foster) [2052558 2014846] - CI: Use appropriate zstream builder (Veronika Kabatova) - CI: Enable baseline realtime checks (Veronika Kabatova) - CI: Rename pipelines to include release names (Veronika Kabatova) - cgroup-v1: Require capabilities to set release_agent (Waiman Long) [2052166 2052167] {CVE-2022-0492} - ice: Remove boolean vlan_promisc flag from function (Jonathan Toppins) [2051951 2030400] - ceph: put the requests/sessions when it fails to alloc memory (Jeffrey Layton) [2053725 2017796] - ceph: fix off by one bugs in unsafe_request_wait() (Jeffrey Layton) [2053725 2017796] - ceph: flush the mdlog before waiting on unsafe reqs (Jeffrey Layton) [2053725 2017796] - ceph: flush mdlog before umounting (Jeffrey Layton) [2053725 2017796] - ceph: make iterate_sessions a global symbol (Jeffrey Layton) [2053725 2017796] - ceph: make ceph_create_session_msg a global symbol (Jeffrey Layton) [2053725 2017796] - xfs: check sb_meta_uuid for dabuf buffer recovery (Bill O'Donnell) [2049292 2020764] - drm/i915: Flush TLBs before releasing backing store (Patrick Talbert) [2044328 2044329] {CVE-2022-0330} - hugetlb: fix hugetlb cgroup refcounting during vma split (Waiman Long) [2039015 2032811] - hugetlb_cgroup: fix imbalanced css_get and css_put pair for shared mappings (Waiman Long) [2039015 2032811] - mm/hugetlb: change hugetlb_reserve_pages() to type bool (Waiman Long) [2039015 2032811] - hugetlb: fix an error code in hugetlb_reserve_pages() (Waiman Long) [2039015 2032811] - hugetlb_cgroup: fix offline of hugetlb cgroup with reservations (Waiman Long) [2039015 2032811] - hugetlb_cgroup: fix reservation accounting (Waiman Long) [2039015 2032811] - mm/hugetlb: narrow the hugetlb_lock protection area during preparing huge page (Waiman Long) [2039015 2032811] - mm/hugetlb: a page from buddy is not on any list (Waiman Long) [2039015 2032811] - mm/hugetlb: not necessary to coalesce regions recursively (Waiman Long) [2039015 2032811] - selftests/vm/write_to_hugetlbfs.c: fix unused variable warning (Waiman Long) [2039015 2032811] - hugetlb_cgroup: add hugetlb_cgroup reservation tests (Waiman Long) [2039015 2032811] - hugetlb: support file_region coalescing again (Waiman Long) [2039015 2032811] - hugetlb_cgroup: support noreserve mappings (Waiman Long) [2039015 2032811] - hugetlb_cgroup: add accounting for shared mappings (Waiman Long) [2039015 2032811] - hugetlb: disable region_add file_region coalescing (Waiman Long) [2039015 2032811] - hugetlb_cgroup: add reservation accounting for private mappings (Waiman Long) [2039015 2032811] - mm/hugetlb_cgroup: fix hugetlb_cgroup migration (Waiman Long) [2039015 2032811] - hugetlb_cgroup: add interface for charge/uncharge hugetlb reservations (Waiman Long) [2039015 2032811] - hugetlb_cgroup: add hugetlb_cgroup reservation counter (Waiman Long) [2039015 2032811] - hugetlb: remove duplicated code (Waiman Long) [2039015 2032811] - hugetlb: region_chg provides only cache entry (Waiman Long) [2039015 2032811] - hugetlbfs: always use address space in inode for resv_map pointer (Waiman Long) [2039015 2032811] - hugetlbfs: fix potential over/underflow setting node specific nr_hugepages (Waiman Long) [2039015 2032811] - hugetlb: allow to free gigantic pages regardless of the configuration (Waiman Long) [2039015 2032811] - powerpc/pseries: Fix update of LPAR security flavor after LPM (Steve Best) [2027448 1997294] [4.18.0-348.16.1_5] - drm/vmwgfx: Fix stale file descriptors on failed usercopy (Dave Airlie) [2047601 2047602] {CVE-2022-22942} - net: openvswitch: Fix ct_state nat flags for conns arriving from tc (Marcelo Ricardo Leitner) [2043548 2040334] - net: openvswitch: Fix matching zone id for invalid conns arriving from tc (Marcelo Ricardo Leitner) [2043550 2040452] - net/sched: flow_dissector: Fix matching on zone id for invalid conns (Marcelo Ricardo Leitner) [2043550 2040452] - net/sched: Extend qdisc control block with tc control block (Marcelo Ricardo Leitner) [2043550 2040452] [4.18.0-348.15.1_5] - net/mlx5: DR, Use FW API when updating FW-owned flow table (Michal Schmidt) [2042663 2042651] - KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall (Vitaly Kuznetsov) [2043237 1868572] - drm/mgag200: Select clock in PLL update functions (Bruno Meneguele) [2034949 1953926] - drm/i915: Fix HAS_LSPCON macro for platforms between GEN9 and GEN10 (Bruno Meneguele) [2027335 2005586] - crypto: qat - power up 4xxx device (Vladis Dronov) [2016437 1960307] - RDMA/core: Fix a double free in add_port error flow (Kamal Heib) [2038724 2008555] - powerpc/iommu: Report the correct most efficient DMA mask for PCI devices (Steve Best) [2018928 2007425] - powerpc/dma: Fix dma_map_ops::get_required_mask (Steve Best) [2018928 2007425] [4.18.0-348.14.1_5] - tcp: fix page frag corruption on page fault (Paolo Abeni) [2041529 1996074] - net: fix sk_page_frag() recursion from memory reclaim (Paolo Abeni) [2041529 1996074] - KVM: s390: index kvm->arch.idle_mask by vcpu_idx (Thomas Huth) [2040769 2026230] - redhat: set LC_ALL=C before sorting config content (Frantisek Hrbata) [4.18.0-348.13.1_5] - vfs: Out-of-bounds write of heap buffer in fs_context.c (Frantisek Hrbata) [2040585 2040586] {CVE-2022-0185} - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Bruno Meneguele) [2034864 2034865] {CVE-2021-4155} - af_unix: fix garbage collect vs MSG_PEEK (Patrick Talbert) [2031974 2031975] {CVE-2021-0920} - cgroup: verify that source is a string (Waiman Long) [2034608 2034609] {CVE-2021-4154} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0516 CVE-2022-0435 CVE-2022-0847 CVE-2022-22942 CVE-2022-0492 CVE-2021-4154 CVE-2021-0920 CVE-2022-0330 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::codeready_builder cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 8 [6.0.103-4.0.1] - Add missing Oracle RIDs [6.0.103-4] - Rebuild against .NET 6.0.102 to pick up the correct fixes - Resolves: RHBZ#2059640 [6.0.103-3] - Update to new source release for SDK 6.0.103 and Runtime 6.0.3 - Resolves: RHBZ#2059640 [6.0.103-2] - Switch to new source release for SDK 6.0.103 and Runtime 6.0.3 - Resolves: RHBZ#2059640 [6.0.103-1] - Update to .NET SDK 6.0.103 and Runtime 6.0.3 - Resolves: RHBZ#2059640 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-24464 CVE-2022-24512 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [3.1.417-1.0.1] - Add missing Oracle Linux Runtime IDs [3.1.417-1] - Update to .NET SDK 3.1.417 and Runtime 3.1.23 - Resolves: RHBZ#2060567 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-24512 CVE-2020-8927 CVE-2022-24464 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [5.0.212-1.0.1] - Support AArch64 on Oracle Linux [Orabug: 32738620] - Include new Oracle Linux runtime IDs Add 1000-Add-missing-OL-RIDs.patch [5.0.212-1] - Update to .NET SDK 5.0.212 and Runtime 5.0.15 - Resolves: RHBZ#2060496 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-24464 CVE-2022-24512 CVE-2020-8927 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [91.7.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [91.7.0-2] - Update to 91.7.0 build2 [91.7.0-1] - Update to 91.7.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-26485 CVE-2022-26383 CVE-2022-25235 CVE-2022-25315 CVE-2022-26387 CVE-2022-0566 CVE-2022-26386 CVE-2022-26486 CVE-2022-26384 CVE-2022-26381 CVE-2022-25236 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [91.7.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [91.7.0-2] - Update to 91.7.0 build2 [91.7.0-1] - Update to 91.7.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-25315 CVE-2022-26384 CVE-2022-25235 CVE-2022-26486 CVE-2022-25236 CVE-2022-26485 CVE-2022-26381 CVE-2022-0566 CVE-2022-26386 CVE-2022-26387 CVE-2022-26383 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 qemu-kvm [4.2.0-59.el8_5.2] - kvm-virtiofsd-Drop-membership-of-all-supplementary-group.patch [bz#2048627] - Resolves: bz#2048627 (CVE-2022-0358 virt:rhel/qemu-kvm: QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405 [rhel-8.5.0.z]) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-0358 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.4.3.23-14] - Bump version to 1.4.3.23-14 - Resolves: Bug 2059893 - Paged search lookthroughlimit counter doesnt take read ahead into account - Resolves: Bug 2060106 - Based on 1944494 (RFC 4530 entryUUID attribute) - plugin entryuuid failing - Resolves: Bug 2060110 - double-free of the virtual attribute context in persistent search [1.4.3.23-13] - Bump version to 1.4.3.23-13 - Resolves: Bug 2056488 - Paged search lookthroughlimit counter doesnt take read ahead into account - Resolves: Bug 2047166 - Based on 1944494 (RFC 4530 entryUUID attribute) - plugin entryuuid failing - Resolves: Bug 2056481 - double-free of the virtual attribute context in persistent search LOW Copyright 2022 Oracle, Inc. CVE-2021-4091 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 httpd [2.4.37-43.0.2.2] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-43.2] - Resolves: #2059256 - CVE-2021-34798 httpd:2.4/httpd: NULL pointer dereference via malformed requests - Resolves: #2059257 - CVE-2021-39275 httpd:2.4/httpd: out-of-bounds write in ap_escape_quotes() via malicious input MODERATE Copyright 2022 Oracle, Inc. CVE-2021-34798 CVE-2021-39275 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [3.3.3-3] - Do not follow symlinks when processing the fixup list (CVE-2021-31566) [3.3.3-2] - Fix handling of symbolic link ACLs (CVE-2021-23177) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-23177 CVE-2021-31566 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:6:baseos_base cpe:/a:oracle:linux:8::codeready_builder cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 8 [8.0.1763-16.0.1] - - Remove upstream references [Orabug: 31197557] [2:8.0.1763-16.12] - CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository [2:8.0.1763-16.11] - CVE-2022-0413 vim: use after free in src/ex_cmds.c - Fix specfile problems - Resolves: rhbz#2048525 [2:8.0.1763-16.10] - CVE-2022-0413 vim: use after free in src/ex_cmds.c - Resolves: rhbz#2048525 [2:8.0.1763-16.9] - CVE-2022-0392 vim: heap-based buffer overflow in getexmodeline() in ex_getln.c - Improve fix - Resolves: rhbz#2049403 [2:8.0.1763-16.8] - CVE-2022-0392 vim: heap-based buffer overflow in getexmodeline() in ex_getln.c - Resolves: rhbz#2049403 [2:8.0.1763-16.7] - CVE-2022-0359 vim: heap-based buffer overflow in init_ccline() in ex_getln.c [2:8.0.1763-16.6] - fix test suite after fix for CVE-2022-0318 [2:8.0.1763-16.5] - CVE-2022-0261 vim: Heap-based Buffer Overflow in block_insert() in src/ops.c - CVE-2022-0318 vim: heap-based buffer overflow in utf_head_off() in mbyte.c MODERATE Copyright 2022 Oracle, Inc. CVE-2022-0392 CVE-2022-0359 CVE-2022-0361 CVE-2022-0413 CVE-2022-0318 CVE-2022-0261 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 8 [2.28-164.0.5.3] - Merge external errata patches. - Siddhesh Poyarekar <siddhesh@redhat.com> - 2.28-164.3 - CVE-2021-3999: getcwd: align stack on clone in aarch64 and fix a memory leak (#2032280) - Siddhesh Poyarekar <siddhesh@redhat.com> - 2.28-164.2 - CVE-2022-23218, CVE-2022-23219: Fix buffer overflows in sunrpc clnt_create for 'unix' and svcunix_create (#2045062). - Siddhesh Poyarekar <siddhesh@redhat.com> - 2.28-164.1 - CVE-2021-3999: getcwd: Set errno to ERANGE for size == 1 (#2032280) - Reviewed-by: Elena Zannoni <elena.zannoni@oracle.com> MODERATE Copyright 2022 Oracle, Inc. CVE-2022-23218 CVE-2022-23219 CVE-2021-3999 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 8 [2.9.7-12] - Fix CVE-2022-23308 (#2057663) [2.9.7-11] - Fix CVE-2021-3541 (#1958783) [2.9.7-10] - Fix CVE-2021-3516 (#1956976) - Fix CVE-2021-3517 (#1957001) - Fix CVE-2021-3518 (#1957028) - Fix CVE-2021-3537 (#1957284) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-23308 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 8 [2.2.5-4.3] - Improve fix for CVE-2022-25236 - Related: CVE-2022-25236 [2.2.5-4.2] - Fix multiple CVEs - Resolves: CVE-2022-25236 - Resolves: CVE-2022-25235 - Resolves: CVE-2022-25315 [2.2.5-4.1] - Fix multiple CVEs - CVE-2022-23852 expat: integer overflow in function XML_GetBuffer - CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat - CVE-2021-46143 expat: Integer overflow in doProlog in xmlparse.c - CVE-2022-22827 Integer overflow in storeAtts in xmlparse.c - CVE-2022-22826 Integer overflow in nextScaffoldPart in xmlparse.c - CVE-2022-22825 Integer overflow in lookup in xmlparse.c - CVE-2022-22824 Integer overflow in defineAttribute in xmlparse.c - CVE-2022-22823 Integer overflow in build_model in xmlparse.c - CVE-2022-22822 Integer overflow in addBinding in xmlparse.c - Resolves: CVE-2022-23852 - Resolves: CVE-2021-45960 - Resolves: CVE-2021-46143 - Resolves: CVE-2022-22827 - Resolves: CVE-2022-22826 - Resolves: CVE-2022-22825 - Resolves: CVE-2022-22824 - Resolves: CVE-2022-22823 - Resolves: CVE-2022-22822 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-25235 CVE-2022-22825 CVE-2022-22823 CVE-2022-23852 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22824 CVE-2022-22826 CVE-2022-25236 CVE-2022-22827 CVE-2022-25315 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 9 [3.0.1-43.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-43] - CVE-2022-3602: X.509 Email Address Buffer Overflow - running tests Resolves: CVE-2022-3602 [1:3.0.1-42] - CVE-2022-3602: X.509 Email Address Buffer Overflow Resolves: CVE-2022-3602 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3786 CVE-2022-3602 cpe:/a:oracle:linux:9::userspace_ksplice Oracle Linux 9 [0.11.3-4] - Fixed ruby socket permissions - Resolves: rhbz#2116841 [0.11.3-3] - Fixed booth ticket mode value case insensitive - Fixed booth sync check whether /etc/booth exists - Resolves: rhbz#2026725 rhbz#2058243 [0.11.3-2] - Fixed 'pcs resource restart' traceback - Resolves: rhbz#2102663 [0.11.3-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Updated bundled rubygems: rack - Resolves: rhbz#2059122 rhbz#2059177 rhbz#2059501 rhbz#2095695 rhbz#2096886 rhbz#2097730 rhbz#2097731 rhbz#2097732 rhbz#2097733 rhbz#2097778 [0.11.2-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Updated bundled rubygems: backports, daemons, ethon ffi, ruby2_keywords, thin - Stopped bundling rubygem-rexml (use distribution package instead) - Resolves: rhbz#1301204 rhbz#2024522 rhbz#2026725 rhbz#2029844 rhbz#2039884 rhbz#2053177 rhbz#2054671 rhbz#2058243 rhbz#2058246 rhbz#2058247 rhbz#2058251 rhbz#2058252 rhbz#2059142 rhbz#2059145 rhbz#2059148 rhbz#2059149 rhbz#2059501 rhbz#2064818 rhbz#2068457 rhbz#2076585 [0.11.1-11] - Updated bundled rubygems: sinatra, rack-protection - Resolves: rhbz#2081334 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1049 cpe:/a:oracle:linux:9::addons Oracle Linux 8 Oracle Linux 9 [5.15.0-4.70.5.2] - Revert 'sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle' (Samasth Norway Ananda) [Orabug: 34783367] [5.15.0-4.70.5.1] - NFSv4: Fixes for nfs4_inode_return_delegation() (Trond Myklebust) [Orabug: 34751176] [5.15.0-4.70.5] - uek: kabi: update kABI files for new symbols (Saeed Mirzamohammadi) [Orabug: 34595591] - Revert 'scsi: lpfc: SLI path split: Refactor lpfc_iocbq' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: SLI path split: Refactor SCSI paths' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup()' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4()' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: Resolve some cleanup issues following SLI path refactoring' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE' (John Donnelly) [Orabug: 34678989] - RDS/IB Fix allocation warning (Hans Westgaard Ry) [Orabug: 34684321] - fs: remove no_llseek (Jason A. Donenfeld) [Orabug: 34705082] - vfio: do not set FMODE_LSEEK flag (Jason A. Donenfeld) [Orabug: 34705082] - dma-buf: remove useless FMODE_LSEEK flag (Jason A. Donenfeld) [Orabug: 34705082] - fs: do not compare against ->llseek (Jason A. Donenfeld) [Orabug: 34705082] - fs: clear or set FMODE_LSEEK based on llseek function (Jason A. Donenfeld) [Orabug: 34705082] - hwmon: (opbmc) AST2600 SP reset driver adjustment (Jan Zdarek) [Orabug: 34710681] - hwmon: (opbmc) Driver message prefixes (Jan Zdarek) [Orabug: 34710681] - NFSD: fix use-after-free on source server when doing inter-server copy (Dai Ngo) [Orabug: 34716070] [5.15.0-4.70.4] - xen/ovmapi: Build OVM guest messaging driver (Jonah Palmer) [Orabug: 34512197] - net/rds: Send congestion map updates only via path zero (Anand Khoje) [Orabug: 34578048] - Revert 'RDS/IB: Fix RDS IB SRQ implementation and tune it' (Hans Westgaard Ry) [Orabug: 34662659] - RDMA/cma: Use output interface for net_dev check (Hakon Bugge) [Orabug: 34694979] - crypto: qat - add support for 401xx devices (Giovanni Cabiddu) [Orabug: 34686738] [5.15.0-4.70.3] - Revert 'Makefile: link with -z noexecstack --no-warn-rwx-segments' (Jack Vogel) - Revert 'x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments' (Jack Vogel) [5.15.0-4.70.2] - LTS version: v5.15.70 (Jack Vogel) - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (Takashi Iwai) - KVM: SEV: add cache flush to solve SEV cache incoherency issues (Mingwei Zhang) - net: Find dst with sk's xfrm policy not ctl_sk (sewookseo) - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (Hyunwoo Kim) - mksysmap: Fix the mismatch of 'L0' symbols in System.map (Youling Tang) - drm/panfrost: devfreq: set opp to the recommended one to configure regulator (Clement Peron) - MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping() (Alexander Sverdlin) - afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (David Howells) - net: usb: qmi_wwan: add Quectel RM520N (jerry.meng) - ALSA: hda/tegra: Align BDL entry to 4KB boundary (Mohan Kumar) - ALSA: hda/sigmatel: Keep power up while beep is enabled (Takashi Iwai) - wifi: mac80211_hwsim: check length for virtio packets (Soenke Huster) - rxrpc: Fix calc of resend age (David Howells) - rxrpc: Fix local destruction being repeated (David Howells) - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (Hannes Reinecke) - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (Xiaolei Wang) - ASoC: nau8824: Fix semaphore unbalance at error paths (Takashi Iwai) - arm64: dts: juno: Add missing MHU secure-irq (Jassi Brar) - video: fbdev: i740fb: Error out if 'pixclock' equals zero (Zheyu Ma) - binder: remove inaccurate mmap_assert_locked() (Carlos Llamas) - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (Alex Deucher) - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (Alex Deucher) - drm/amdgpu: Don't enable LTR if not supported (Lijo Lazar) for parisc and xtensa (Ben Hutchings) - parisc: Allow CONFIG_64BIT with ARCH=parisc (Helge Deller) - cifs: always initialize struct msghdr smb_msg completely (Stefan Metzmacher) - cifs: don't send down the destination address to sendmsg for a SOCK_STREAM (Stefan Metzmacher) - cifs: revalidate mapping when doing direct writes (Ronnie Sahlberg) - of/device: Fix up of_dma_configure_id() stub (Thierry Reding) - parisc: ccio-dma: Add missing iounmap in error path in ccio_probe() (Yang Yingliang) - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (Stefan Roesch) - drm/meson: Fix OSD1 RGB to YCbCr coefficient (Stuart Menefy) - drm/meson: Correct OSD1 global alpha value (Stuart Menefy) - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (Pali Rohar) - NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (Trond Myklebust) - pinctrl: sunxi: Fix name for A100 R_PIO (Michael Wu) - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (Joao H. Spies) - pinctrl: qcom: sc8180x: Fix wrong pin numbers (Molly Sophia) - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (Molly Sophia) - of: fdt: fix off-by-one error in unflatten_dt_nodes() (Sergey Shtylyov) - tty: serial: atmel: Preserve previous USART mode if RS485 disabled (Sergiu Moga) - serial: atmel: remove redundant assignment in rs485_config (Lino Sanfilippo) - drm/tegra: vic: Fix build warning when CONFIG_PM=n (YueHaibing) - LTS version: v5.15.69 (Jack Vogel) - Input: goodix - add compatible string for GT1158 (Jarrah Gosbell) - RDMA/irdma: Use s/g array in post send only when its valid (Sindhu-Devale) - usb: gadget: f_uac2: fix superspeed transfer (Jing Leng) - usb: gadget: f_uac2: clean up some inconsistent indenting (Colin Ian King) - soc: fsl: select FSL_GUTS driver for DPIO (Mathew McBride) - mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region() (Jann Horn) to IGNORE_UAS (Hu Xiaoying) - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (Hans de Goede) - perf/arm_pmu_platform: fix tests for platform_get_irq() failure (Yu Zhe) - net: dsa: hellcreek: Print warning only once (Kurt Kanzenbach) - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (Chengming Gui) - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (Maurizio Lombardi) - Input: iforce - add support for Boeder Force Feedback Wheel (Greg Tulli) - ieee802154: cc2520: add rc code in cc2520_tx() (Li Qiong) - gpio: mockup: remove gpio debugfs when remove device (Wei Yongjun) - tg3: Disable tg3 device on system reboot to avoid triggering AER (Kai-Heng Feng) - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (Even Xu) - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (Jason Wang) - dt-bindings: iio: gyroscope: bosch,bmg160: correct number of pins (Krzysztof Kozlowski) - drm/msm/rd: Fix FIFO-full deadlock (Rob Clark) - platform/surface: aggregator_registry: Add support for Surface Laptop Go 2 (Maximilian Luz) - Input: goodix - add support for GT1158 (Ondrej Jirman) - iommu/vt-d: Fix kdump kernels boot failure with scalable mode (Lu Baolu) - tracefs: Only clobber mode/uid/gid on remount if asked (Brian Norris) - tracing: hold caller_addr to hardirq_{enable,disable}_ip (Yipeng Zou) - task_stack, x86/cea: Force-inline stack helpers (Borislav Petkov) - x86/mm: Force-inline __phys_addr_nodebug() (Borislav Petkov) - lockdep: Fix -Wunused-parameter for _THIS_IP_ (Nick Desaulniers) - ARM: dts: at91: sama7g5ek: specify proper regulator output ranges (Claudiu Beznea) - ARM: dts: at91: fix low limit for CPU regulator (Claudiu Beznea) - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (Marco Felsch) - ARM: dts: imx: align SPI NOR node name with dtschema (Krzysztof Kozlowski) - ACPI: resource: skip IRQ override on AMD Zen platforms (Chuanhong Guo) - NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (Dave Wysochanski) - LTS version: v5.15.68 (Jack Vogel) - ARM: at91: ddr: remove CONFIG_SOC_SAMA7 dependency (Claudiu Beznea) - perf machine: Use path__join() to compose a path instead of snprintf(dir, '/', filename) (Arnaldo Carvalho de Melo) - drm/bridge: display-connector: implement bus fmts callbacks (Neil Armstrong) - arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (Ionela Voinescu) - iommu/vt-d: Correctly calculate sagaw value of IOMMU (Lu Baolu) - arm64/bti: Disable in kernel BTI when cross section thunks are broken (Mark Brown) - Revert 'arm64: kasan: Revert 'arm64: mte: reset the page tag in page->flags'' (Sasha Levin) - hwmon: (mr75203) enable polling for all VM channels (Eliav Farber) - hwmon: (mr75203) fix multi-channel voltage reading (Eliav Farber) - hwmon: (mr75203) fix voltage equation for negative source input (Eliav Farber) - hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors (Eliav Farber) - hwmon: (mr75203) fix VM sensor allocation when 'intel,vm-map' not defined (Eliav Farber) - s390/boot: fix absolute zero lowcore corruption on boot (Alexander Gordeev) - iommu/amd: use full 64-bit value in build_completion_wait() (John Sperbeck) - swiotlb: avoid potential left shift overflow (Chao Gao) - i40e: Fix ADQ rate limiting for PF (Przemyslaw Patynowski) - i40e: Refactor tc mqprio checks (Przemyslaw Patynowski) - kbuild: disable header exports for UML in a straightforward way (Masahiro Yamada) - MIPS: loongson32: ls1c: Fix hang during startup (Yang Ling) - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (Nathan Chancellor) - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (Claudiu Beznea) - hwmon: (tps23861) fix byte order in resistance register (Alexandru Gagniuc) - perf script: Fix Cannot print 'iregs' field for hybrid systems (Zhengjun Xing) - sch_sfb: Also store skb len before calling child enqueue (Toke Hoiland-Jorgensen) - RDMA/irdma: Report RNR NAK generation in device caps (Sindhu-Devale) - RDMA/irdma: Return correct WC error for bind operation failure (Sindhu-Devale) - RDMA/irdma: Report the correct max cqes from query device (Sindhu-Devale) - nvmet: fix mar and mor off-by-one errors (Dennis Maisenbacher) - tcp: fix early ETIMEDOUT after spurious non-SACK RTO (Neal Cardwell) - nvme-tcp: fix regression that causes sporadic requests to time out (Sagi Grimberg) - nvme-tcp: fix UAF when detecting digest errors (Sagi Grimberg) - erofs: fix pcluster use-after-free on UP platforms (Gao Xiang) - RDMA/mlx5: Set local port to one when accessing counters (Chris Mi) - IB/core: Fix a nested dead lock as part of ODP flow (Yishai Hadas) - ipv6: sr: fix out-of-bounds read when setting HMAC data. (David Lebrun) - RDMA/siw: Pass a pointer to virt_to_page() (Linus Walleij) - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (Paul Durrant) - iavf: Detach device during reset task (Ivan Vecera) - i40e: Fix kernel crash during module removal (Ivan Vecera) - ice: use bitmap_free instead of devm_kfree (Michal Swiatkowski) - tcp: TX zerocopy should not sense pfmemalloc status (Eric Dumazet) - net: introduce __skb_fill_page_desc_noacc (Pavel Begunkov) - tipc: fix shift wrapping bug in map_get() (Dan Carpenter) - sch_sfb: Don't assume the skb is still around after enqueueing to child (Toke Hoiland-Jorgensen) - Revert 'net: phy: meson-gxl: improve link-up behavior' (Heiner Kallweit) - afs: Use the operation issue time instead of the reply time for callbacks (David Howells) - rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2() (David Howells) - rxrpc: Fix ICMP/ICMP6 error handling (David Howells) - ALSA: usb-audio: Register card again for iface over delayed_register option (Takashi Iwai) - ALSA: usb-audio: Inform the delayed registration more properly (Takashi Iwai) - RDMA/srp: Set scmnd->result only when scmnd is not NULL (yangx.jy@fujitsu.com) - netfilter: nf_conntrack_irc: Fix forged IP logic (David Leadbeater) - netfilter: nf_tables: clean up hook list when offload flags check fails (Pablo Neira Ayuso) - netfilter: br_netfilter: Drop dst references before setting. (Harsh Modi) - ARM: dts: at91: sama5d2_icp: don't keep vdd_other enabled all the time (Claudiu Beznea) - ARM: dts: at91: sama5d27_wlsom1: don't keep ldo2 enabled all the time (Claudiu Beznea) - ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges (Claudiu Beznea) - ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges (Claudiu Beznea) - ARM: at91: pm: fix DDR recalibration when resuming from backup and self-refresh (Claudiu Beznea) - ARM: at91: pm: fix self-refresh for sama7g5 (Claudiu Beznea) - wifi: wilc1000: fix DMA on stack objects (Ajay.Kathat@microchip.com) - RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (Wenpeng Liang) - RDMA/hns: Fix supported page size (Chengchang Tang) - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (Liang He) - RDMA/cma: Fix arguments order in net device validation (Michael Guralnik) - tee: fix compiler warning in tee_shm_register() (Jens Wiklander) - regulator: core: Clean up on enable failure (Andrew Halaney) - soc: imx: gpcv2: Assert reset before ungating clock (Marek Vasut) - ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node (Marco Felsch) - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (Jack Wang) - RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (Jack Wang) - ASoC: qcom: sm8250: add missing module owner (Srinivas Kandagatla) - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree (Tejun Heo) - NFS: Fix another fsync() issue after a server reboot (Trond Myklebust) - NFS: Save some space in the inode (Trond Myklebust) - NFS: Further optimisations for 'ls -l' (Trond Myklebust) - scsi: lpfc: Add missing destroy_workqueue() in error path (Yang Yingliang) - scsi: mpt3sas: Fix use-after-free warning (Sreekanth Reddy) - drm/i915: Implement WaEdpLinkRateDataReload (Ville Syrjala) - nvmet: fix a use-after-free (Bart Van Assche) - drm/amd/display: fix memory leak when using debugfs_lookup() (Greg Kroah-Hartman) - sched/debug: fix dentry leak in update_sched_domain_debugfs (Greg Kroah-Hartman) - debugfs: add debugfs_lookup_and_remove() (Greg Kroah-Hartman) - kprobes: Prohibit probes in gate area (Christian A. Ehrhardt) - vfio/type1: Unpin zero pages (Alex Williamson) - btrfs: zoned: set pseudo max append zone limit in zone emulation mode (Shin'ichiro Kawasaki) - tracing: Fix to check event_mutex is held while accessing trigger list (Masami Hiramatsu (Google)) - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (Dongxiang Ke) - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (Takashi Iwai) - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (Pattara Teerapong) - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (Tasos Sahanidis) - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (Takashi Iwai) - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (Qu Huang) - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (Yang Yingliang) - fbdev: fbcon: Destroy mutex on freeing struct fb_info (Shigeru Yoshida) - md: Flush workqueue md_rdev_misc_wq in md_alloc() (David Sloan) - net/core/skbuff: Check the return value of skb_copy_bits() (lily) - cpufreq: check only freq_table in __resolve_freq() (Lukasz Luba) - netfilter: conntrack: work around exceeded receive window (Florian Westphal) - arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level (Sudeep Holla) - parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines (Helge Deller) - parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources() (Li Qiong) - Revert 'parisc: Show error if wrong 32/64-bit compiler is being used' (Helge Deller) - scsi: ufs: core: Reduce the power mode change timeout (Bart Van Assche) - drm/radeon: add a force flush to delay work when radeon (Zhenneng Li) - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup. (Candice Li) - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (YiPeng Chai) - drm/gem: Fix GEM handle release errors (Jeffy Chen) - scsi: megaraid_sas: Fix double kfree() (Guixin Liu) - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (Tony Battersby) - Revert 'mm: kmemleak: take a full lowmem check in kmemleak_*_phys()' (Yee Lee) - fs: only do a memory barrier for the first set_buffer_uptodate() (Linus Torvalds) - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (Stanislaw Gruszka) - efi: capsule-loader: Fix use-after-free in efi_capsule_write (Hyunwoo Kim) - efi: libstub: Disable struct randomization (Ard Biesheuvel) - net: wwan: iosm: remove pointless null check (Jakub Kicinski) - LTS version: v5.15.67 (Jack Vogel) - kbuild: fix up permissions on scripts/pahole-flags.sh (Greg Kroah-Hartman) - LTS version: v5.15.66 (Jack Vogel) - USB: serial: ch341: fix disabled rx timer on older devices (Johan Hovold) - USB: serial: ch341: fix lost character on LCR updates (Johan Hovold) - usb: dwc3: disable USB core PHY management (Johan Hovold) - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (Johan Hovold) - usb: dwc3: fix PHY disable sequence (Johan Hovold) - kbuild: Add skip_encoding_btf_enum64 option to pahole (Martin Rodriguez Reboredo) - kbuild: Unify options for BTF generation for vmlinux and modules (Jiri Olsa) - tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (Mazin Al Haddad) - drm/i915: Skip wm/ddb readout for disabled pipes (Ville Syrjala) - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (Diego Santa Cruz) - ALSA: seq: Fix data-race at module auto-loading (Takashi Iwai) - ALSA: seq: oss: Fix data-race for max_midi_devs access (Takashi Iwai) - ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 (Kacper Michajlow) - net: mac802154: Fix a condition in the receive path (Miquel Raynal) - net: Use u64_stats_fetch_begin_irq() for stats fetch. (Sebastian Andrzej Siewior) - ip: fix triggering of 'icmp redirect' (Nicolas Dichtel) - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (Siddh Raman Pant) - wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected (Siddh Raman Pant) - driver core: Don't probe devices after bus_type.match() probe deferral (Isaac J. Manjarres) - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (Krishna Kurapati) - usb: xhci-mtk: fix bandwidth release issue (Chunfeng Yun) - usb: xhci-mtk: relax TT periodic bandwidth allocation (Chunfeng Yun) - USB: core: Prevent nested device-reset calls (Alan Stern) - s390: fix nospec table alignments (Josh Poimboeuf) - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (Gerald Schaefer) - usb-storage: Add ignore-residue quirk for NXP PN7462AU (Witold Lipieta) - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (Thierry GUIBERT) - usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer (Pawel Laszczak) - usb: cdns3: fix issue with rearming ISO OUT endpoint (Pawel Laszczak) - usb: dwc2: fix wrong order of phy_power_on and phy_init (Heiner Kallweit) - usb: typec: tcpm: Return ENOTSUPP for power supply prop writes (Badhri Jagan Sridharan) - usb: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (Utkarsh Patel) - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (Pablo Sun) - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (Slark Xiao) - USB: serial: option: add Quectel EM060K modem (Yonglin Tan) - USB: serial: option: add support for OPPO R11 diag port (Yan Xinyu) - USB: serial: cp210x: add Decagon UCA device id (Johan Hovold) - xhci: Add grace period after xHC start to prevent premature runtime suspend. (Mathias Nyman) - media: mceusb: Use new usb_control_msg_*() routines (Alan Stern) - usb: dwc3: pci: Add support for Intel Raptor Lake (Heikki Krogerus) - thunderbolt: Use the actual buffer in tb_async_error() (Mika Westerberg) - xen-blkfront: Cache feature_persistent value before advertisement (SeongJae Park) - xen-blkfront: Advertise feature-persistent as user requested (SeongJae Park) - xen-blkback: Advertise feature-persistent as user requested (SeongJae Park) - mm: pagewalk: Fix race between unmap and page walker (Steven Price) - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (Dan Carpenter) - KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (Jim Mattson) - gpio: pca953x: Add mutex_lock for regcache sync in PM (Haibo Chen) - hwmon: (gpio-fan) Fix array out of bounds access (Armin Wolf) - clk: bcm: rpi: Add missing newline (Stefan Wahren) - clk: bcm: rpi: Prevent out-of-bounds access (Stefan Wahren) - clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() (Christophe JAILLET) - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (Stefan Wahren) - Input: rk805-pwrkey - fix module autoloading (Peter Robinson) - clk: core: Fix runtime PM sequence in clk_core_unprepare() (Chen-Yu Tsai) - Revert 'clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops' (Stephen Boyd) - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (Chen-Yu Tsai) - drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (Colin Ian King) - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (Jim Mattson) - cifs: fix small mempool leak in SMB2_negotiate() (Enzo Matsumiya) - binder: fix alloc->vma_vm_mm null-ptr dereference (Carlos Llamas) - binder: fix UAF of ref->proc caused by race condition (Carlos Llamas) - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (Adrian Hunter) - mmc: core: Fix UHS-I SD 1.8V workaround branch (Adrian Hunter) - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (Niek Nooijens) - misc: fastrpc: fix memory corruption on open (Johan Hovold) - misc: fastrpc: fix memory corruption on probe (Johan Hovold) - iio: adc: mcp3911: use correct formula for AD conversion (Marcus Folkesson) - iio: ad7292: Prevent regulator double disable (Matti Vaittinen) - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (Tetsuo Handa) - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (Sherry Sun) - musb: fix USB_MUSB_TUSB6010 dependency (Arnd Bergmann) - vt: Clear selection before changing the font (Helge Deller) - powerpc: align syscall table for ppc32 (Masahiro Yamada) - staging: r8188eu: add firmware dependency (Grzegorz Szymaszek) - staging: rtl8712: fix use after free bugs (Dan Carpenter) - serial: fsl_lpuart: RS485 RTS polariy is inverse (Shenwei Wang) - soundwire: qcom: fix device status array range (Srinivas Kandagatla) - net/smc: Remove redundant refcount increase (Yacan Liu) - Revert 'sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb' (Jakub Kicinski) - tcp: annotate data-race around challenge_timestamp (Eric Dumazet) - sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb (Toke Hoiland-Jorgensen) - kcm: fix strp_init() order and cleanup (Cong Wang) - mlxbf_gige: compute MDIO period based on i1clk (David Thompson) - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (Duoming Zhou) - net/sched: fix netdevice reference leaks in attach_default_qdiscs() (Wang Hai) - net: sched: tbf: don't call qdisc_put() while holding tree lock (Zhengchao Shao) - net: dsa: xrs700x: Use irqsave variant for u64 stats update (Sebastian Andrzej Siewior) - openvswitch: fix memory leak at failed datapath creation (Andrey Zhadchenko) - net: smsc911x: Stop and start PHY during suspend and resume (Florian Fainelli) - net: sparx5: fix handling uneven length packets in manual extraction (Casper Andersson) - Revert 'xhci: turn off port power in shutdown' (Mathias Nyman) - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (Dan Carpenter) - ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array (Peter Ujfalusi) - ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg (Pierre-Louis Bossart) - drm/i915/display: avoid warnings when registering dual panel backlight (Arun R Murthy) - drm/i915/backlight: extract backlight code to a separate file (Jani Nikula) - ieee802154/adf7242: defer destroy_workqueue call (Lin Ma) - bpf, cgroup: Fix kernel BUG in purge_effective_progs (Pu Lehui) - bpf: Restrict bpf_sys_bpf to CAP_PERFMON (YiFei Zhu) - skmsg: Fix wrong last sg check in sk_msg_recvmsg() (Liu Jian) - iio: adc: mcp3911: make use of the sign bit (Marcus Folkesson) - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (Andy Shevchenko) - drm/msm/dsi: Fix number of regulators for SDM660 (Douglas Anderson) - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (Douglas Anderson) - drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4 (Kuogee Hsieh) - drm/msm/dsi: fix the inconsistent indenting (sunliming) - LTS version: v5.15.65 (Jack Vogel) - net: neigh: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - net/af_packet: check len when min_header_len equals to 0 (Zhengchao Shao) - android: binder: fix lockdep check on clearing vma (Liam Howlett) - btrfs: fix space cache corruption and potential double allocations (Omar Sandoval) - kprobes: don't call disarm_kprobe() for disabled kprobes (Kuniyuki Iwashima) - btrfs: tree-checker: check for overlapping extent items (Josef Bacik) - btrfs: fix lockdep splat with reloc root extent buffers (Josef Bacik) - btrfs: move lockdep class helpers to locking.c (Josef Bacik) - testing: selftests: nft_flowtable.sh: use random netns names (Florian Westphal) - netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y (Geert Uytterhoeven) - drm/amd/display: avoid doing vm_init multiple time (Charlene Liu) - drm/amdgpu: Increase tlb flush timeout for sriov (Dusica Milinkovic) - drm/amd/display: Fix pixel clock programming (Ilya Bakoulin) - drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid (Evan Quan) - ksmbd: don't remove dos attribute xattr on O_TRUNC open (Namjae Jeon) - s390/hypfs: avoid error message under KVM (Juergen Gross) - neigh: fix possible DoS due to net iface start/stop loop (Denis V. Lunev) - ksmbd: return STATUS_BAD_NETWORK_NAME error status if share is not configured (Namjae Jeon) - drm/amd/display: clear optc underflow before turn off odm clock (Fudong Wang) - drm/amd/display: For stereo keep 'FLIP_ANY_FRAME' (Alvin Lee) - drm/amd/display: Fix HDMI VSIF V3 incorrect issue (Leo Ma) - drm/amd/display: Avoid MPC infinite loop (Josip Pavic) - ASoC: sh: rz-ssi: Improve error handling in rz_ssi_probe() error path (Biju Das) - fs/ntfs3: Fix work with fragmented xattr (Konstantin Komarov) - btrfs: fix warning during log replay when bumping inode link count (Filipe Manana) - btrfs: add and use helper for unlinking inode during log replay (Filipe Manana) - btrfs: remove no longer needed logic for replaying directory deletes (Filipe Manana) - btrfs: remove root argument from btrfs_unlink_inode() (Filipe Manana) - mmc: sdhci-of-dwcmshc: Re-enable support for the BlueField-3 SoC (Liming Sun) - mmc: sdhci-of-dwcmshc: rename rk3568 to rk35xx (Sebastian Reichel) - mmc: sdhci-of-dwcmshc: add reset call back for rockchip Socs (Yifeng Zhao) - mmc: mtk-sd: Clear interrupts when cqe off/disable (Wenbin Mei) - drm/i915/gt: Skip TLB invalidations once wedged (Chris Wilson) - HID: thrustmaster: Add sparco wheel and fix array length (Michael Hubner) - HID: asus: ROG NKey: Ignore portion of 0x5a report (Josh Kilmer) - HID: AMD_SFH: Add a DMI quirk entry for Chromebooks (Akihiko Odaki) - HID: add Lenovo Yoga C630 battery quirk (Steev Klimaszewski) - ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5 (Takashi Iwai) - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (Jann Horn) - bpf: Don't redirect packets with invalid pkt_len (Zhengchao Shao) - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (Yang Jihong) - fbdev: fb_pm2fb: Avoid potential divide by zero error (Letu Ren) - net: fix refcount bug in sk_psock_get (2) (Hawkins Jiawei) - HID: hidraw: fix memory leak in hidraw_release() (Karthik Alapati) - media: pvrusb2: fix memory leak in pvr_probe (Dongliang Mu) - udmabuf: Set the DMA mask for the udmabuf device (v2) (Vivek Kasireddy) - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (Lee Jones) - Revert 'PCI/portdrv: Don't disable AER reporting in get_port_device_capability()' (Greg Kroah-Hartman) - Bluetooth: L2CAP: Fix build errors in some archs (Luiz Augusto von Dentz) - kbuild: Fix include path in scripts/Makefile.modpost (Jing Leng) - io_uring: fix UAF due to missing POLLFREE handling (Pavel Begunkov) - io_uring: fix wrong arm_poll error handling (Pavel Begunkov) - io_uring: fail links when poll fails (Pavel Begunkov) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1184 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 [5.15.0-4.70.5.2] - Revert 'sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle' (Samasth Norway Ananda) [Orabug: 34783367] [5.15.0-4.70.5.1] - NFSv4: Fixes for nfs4_inode_return_delegation() (Trond Myklebust) [Orabug: 34751176] [5.15.0-4.70.5] - uek: kabi: update kABI files for new symbols (Saeed Mirzamohammadi) [Orabug: 34595591] - Revert 'scsi: lpfc: SLI path split: Refactor lpfc_iocbq' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: SLI path split: Refactor SCSI paths' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup()' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4()' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: Resolve some cleanup issues following SLI path refactoring' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE' (John Donnelly) [Orabug: 34678989] - RDS/IB Fix allocation warning (Hans Westgaard Ry) [Orabug: 34684321] - fs: remove no_llseek (Jason A. Donenfeld) [Orabug: 34705082] - vfio: do not set FMODE_LSEEK flag (Jason A. Donenfeld) [Orabug: 34705082] - dma-buf: remove useless FMODE_LSEEK flag (Jason A. Donenfeld) [Orabug: 34705082] - fs: do not compare against ->llseek (Jason A. Donenfeld) [Orabug: 34705082] - fs: clear or set FMODE_LSEEK based on llseek function (Jason A. Donenfeld) [Orabug: 34705082] - hwmon: (opbmc) AST2600 SP reset driver adjustment (Jan Zdarek) [Orabug: 34710681] - hwmon: (opbmc) Driver message prefixes (Jan Zdarek) [Orabug: 34710681] - NFSD: fix use-after-free on source server when doing inter-server copy (Dai Ngo) [Orabug: 34716070] [5.15.0-4.70.4] - xen/ovmapi: Build OVM guest messaging driver (Jonah Palmer) [Orabug: 34512197] - net/rds: Send congestion map updates only via path zero (Anand Khoje) [Orabug: 34578048] - Revert 'RDS/IB: Fix RDS IB SRQ implementation and tune it' (Hans Westgaard Ry) [Orabug: 34662659] - RDMA/cma: Use output interface for net_dev check (Hakon Bugge) [Orabug: 34694979] - crypto: qat - add support for 401xx devices (Giovanni Cabiddu) [Orabug: 34686738] [5.15.0-4.70.3] - Revert 'Makefile: link with -z noexecstack --no-warn-rwx-segments' (Jack Vogel) - Revert 'x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments' (Jack Vogel) [5.15.0-4.70.2] - LTS version: v5.15.70 (Jack Vogel) - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (Takashi Iwai) - KVM: SEV: add cache flush to solve SEV cache incoherency issues (Mingwei Zhang) - net: Find dst with sk's xfrm policy not ctl_sk (sewookseo) - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (Hyunwoo Kim) - mksysmap: Fix the mismatch of 'L0' symbols in System.map (Youling Tang) - drm/panfrost: devfreq: set opp to the recommended one to configure regulator (Clement Peron) - MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping() (Alexander Sverdlin) - afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (David Howells) - net: usb: qmi_wwan: add Quectel RM520N (jerry.meng) - ALSA: hda/tegra: Align BDL entry to 4KB boundary (Mohan Kumar) - ALSA: hda/sigmatel: Keep power up while beep is enabled (Takashi Iwai) - wifi: mac80211_hwsim: check length for virtio packets (Soenke Huster) - rxrpc: Fix calc of resend age (David Howells) - rxrpc: Fix local destruction being repeated (David Howells) - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (Hannes Reinecke) - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (Xiaolei Wang) - ASoC: nau8824: Fix semaphore unbalance at error paths (Takashi Iwai) - arm64: dts: juno: Add missing MHU secure-irq (Jassi Brar) - video: fbdev: i740fb: Error out if 'pixclock' equals zero (Zheyu Ma) - binder: remove inaccurate mmap_assert_locked() (Carlos Llamas) - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (Alex Deucher) - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (Alex Deucher) - drm/amdgpu: Don't enable LTR if not supported (Lijo Lazar) for parisc and xtensa (Ben Hutchings) - parisc: Allow CONFIG_64BIT with ARCH=parisc (Helge Deller) - cifs: always initialize struct msghdr smb_msg completely (Stefan Metzmacher) - cifs: don't send down the destination address to sendmsg for a SOCK_STREAM (Stefan Metzmacher) - cifs: revalidate mapping when doing direct writes (Ronnie Sahlberg) - of/device: Fix up of_dma_configure_id() stub (Thierry Reding) - parisc: ccio-dma: Add missing iounmap in error path in ccio_probe() (Yang Yingliang) - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (Stefan Roesch) - drm/meson: Fix OSD1 RGB to YCbCr coefficient (Stuart Menefy) - drm/meson: Correct OSD1 global alpha value (Stuart Menefy) - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (Pali Rohar) - NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (Trond Myklebust) - pinctrl: sunxi: Fix name for A100 R_PIO (Michael Wu) - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (Joao H. Spies) - pinctrl: qcom: sc8180x: Fix wrong pin numbers (Molly Sophia) - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (Molly Sophia) - of: fdt: fix off-by-one error in unflatten_dt_nodes() (Sergey Shtylyov) - tty: serial: atmel: Preserve previous USART mode if RS485 disabled (Sergiu Moga) - serial: atmel: remove redundant assignment in rs485_config (Lino Sanfilippo) - drm/tegra: vic: Fix build warning when CONFIG_PM=n (YueHaibing) - LTS version: v5.15.69 (Jack Vogel) - Input: goodix - add compatible string for GT1158 (Jarrah Gosbell) - RDMA/irdma: Use s/g array in post send only when its valid (Sindhu-Devale) - usb: gadget: f_uac2: fix superspeed transfer (Jing Leng) - usb: gadget: f_uac2: clean up some inconsistent indenting (Colin Ian King) - soc: fsl: select FSL_GUTS driver for DPIO (Mathew McBride) - mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region() (Jann Horn) to IGNORE_UAS (Hu Xiaoying) - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (Hans de Goede) - perf/arm_pmu_platform: fix tests for platform_get_irq() failure (Yu Zhe) - net: dsa: hellcreek: Print warning only once (Kurt Kanzenbach) - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (Chengming Gui) - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (Maurizio Lombardi) - Input: iforce - add support for Boeder Force Feedback Wheel (Greg Tulli) - ieee802154: cc2520: add rc code in cc2520_tx() (Li Qiong) - gpio: mockup: remove gpio debugfs when remove device (Wei Yongjun) - tg3: Disable tg3 device on system reboot to avoid triggering AER (Kai-Heng Feng) - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (Even Xu) - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (Jason Wang) - dt-bindings: iio: gyroscope: bosch,bmg160: correct number of pins (Krzysztof Kozlowski) - drm/msm/rd: Fix FIFO-full deadlock (Rob Clark) - platform/surface: aggregator_registry: Add support for Surface Laptop Go 2 (Maximilian Luz) - Input: goodix - add support for GT1158 (Ondrej Jirman) - iommu/vt-d: Fix kdump kernels boot failure with scalable mode (Lu Baolu) - tracefs: Only clobber mode/uid/gid on remount if asked (Brian Norris) - tracing: hold caller_addr to hardirq_{enable,disable}_ip (Yipeng Zou) - task_stack, x86/cea: Force-inline stack helpers (Borislav Petkov) - x86/mm: Force-inline __phys_addr_nodebug() (Borislav Petkov) - lockdep: Fix -Wunused-parameter for _THIS_IP_ (Nick Desaulniers) - ARM: dts: at91: sama7g5ek: specify proper regulator output ranges (Claudiu Beznea) - ARM: dts: at91: fix low limit for CPU regulator (Claudiu Beznea) - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (Marco Felsch) - ARM: dts: imx: align SPI NOR node name with dtschema (Krzysztof Kozlowski) - ACPI: resource: skip IRQ override on AMD Zen platforms (Chuanhong Guo) - NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (Dave Wysochanski) - LTS version: v5.15.68 (Jack Vogel) - ARM: at91: ddr: remove CONFIG_SOC_SAMA7 dependency (Claudiu Beznea) - perf machine: Use path__join() to compose a path instead of snprintf(dir, '/', filename) (Arnaldo Carvalho de Melo) - drm/bridge: display-connector: implement bus fmts callbacks (Neil Armstrong) - arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (Ionela Voinescu) - iommu/vt-d: Correctly calculate sagaw value of IOMMU (Lu Baolu) - arm64/bti: Disable in kernel BTI when cross section thunks are broken (Mark Brown) - Revert 'arm64: kasan: Revert 'arm64: mte: reset the page tag in page->flags'' (Sasha Levin) - hwmon: (mr75203) enable polling for all VM channels (Eliav Farber) - hwmon: (mr75203) fix multi-channel voltage reading (Eliav Farber) - hwmon: (mr75203) fix voltage equation for negative source input (Eliav Farber) - hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors (Eliav Farber) - hwmon: (mr75203) fix VM sensor allocation when 'intel,vm-map' not defined (Eliav Farber) - s390/boot: fix absolute zero lowcore corruption on boot (Alexander Gordeev) - iommu/amd: use full 64-bit value in build_completion_wait() (John Sperbeck) - swiotlb: avoid potential left shift overflow (Chao Gao) - i40e: Fix ADQ rate limiting for PF (Przemyslaw Patynowski) - i40e: Refactor tc mqprio checks (Przemyslaw Patynowski) - kbuild: disable header exports for UML in a straightforward way (Masahiro Yamada) - MIPS: loongson32: ls1c: Fix hang during startup (Yang Ling) - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (Nathan Chancellor) - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (Claudiu Beznea) - hwmon: (tps23861) fix byte order in resistance register (Alexandru Gagniuc) - perf script: Fix Cannot print 'iregs' field for hybrid systems (Zhengjun Xing) - sch_sfb: Also store skb len before calling child enqueue (Toke Hoiland-Jorgensen) - RDMA/irdma: Report RNR NAK generation in device caps (Sindhu-Devale) - RDMA/irdma: Return correct WC error for bind operation failure (Sindhu-Devale) - RDMA/irdma: Report the correct max cqes from query device (Sindhu-Devale) - nvmet: fix mar and mor off-by-one errors (Dennis Maisenbacher) - tcp: fix early ETIMEDOUT after spurious non-SACK RTO (Neal Cardwell) - nvme-tcp: fix regression that causes sporadic requests to time out (Sagi Grimberg) - nvme-tcp: fix UAF when detecting digest errors (Sagi Grimberg) - erofs: fix pcluster use-after-free on UP platforms (Gao Xiang) - RDMA/mlx5: Set local port to one when accessing counters (Chris Mi) - IB/core: Fix a nested dead lock as part of ODP flow (Yishai Hadas) - ipv6: sr: fix out-of-bounds read when setting HMAC data. (David Lebrun) - RDMA/siw: Pass a pointer to virt_to_page() (Linus Walleij) - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (Paul Durrant) - iavf: Detach device during reset task (Ivan Vecera) - i40e: Fix kernel crash during module removal (Ivan Vecera) - ice: use bitmap_free instead of devm_kfree (Michal Swiatkowski) - tcp: TX zerocopy should not sense pfmemalloc status (Eric Dumazet) - net: introduce __skb_fill_page_desc_noacc (Pavel Begunkov) - tipc: fix shift wrapping bug in map_get() (Dan Carpenter) - sch_sfb: Don't assume the skb is still around after enqueueing to child (Toke Hoiland-Jorgensen) - Revert 'net: phy: meson-gxl: improve link-up behavior' (Heiner Kallweit) - afs: Use the operation issue time instead of the reply time for callbacks (David Howells) - rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2() (David Howells) - rxrpc: Fix ICMP/ICMP6 error handling (David Howells) - ALSA: usb-audio: Register card again for iface over delayed_register option (Takashi Iwai) - ALSA: usb-audio: Inform the delayed registration more properly (Takashi Iwai) - RDMA/srp: Set scmnd->result only when scmnd is not NULL (yangx.jy@fujitsu.com) - netfilter: nf_conntrack_irc: Fix forged IP logic (David Leadbeater) - netfilter: nf_tables: clean up hook list when offload flags check fails (Pablo Neira Ayuso) - netfilter: br_netfilter: Drop dst references before setting. (Harsh Modi) - ARM: dts: at91: sama5d2_icp: don't keep vdd_other enabled all the time (Claudiu Beznea) - ARM: dts: at91: sama5d27_wlsom1: don't keep ldo2 enabled all the time (Claudiu Beznea) - ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges (Claudiu Beznea) - ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges (Claudiu Beznea) - ARM: at91: pm: fix DDR recalibration when resuming from backup and self-refresh (Claudiu Beznea) - ARM: at91: pm: fix self-refresh for sama7g5 (Claudiu Beznea) - wifi: wilc1000: fix DMA on stack objects (Ajay.Kathat@microchip.com) - RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (Wenpeng Liang) - RDMA/hns: Fix supported page size (Chengchang Tang) - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (Liang He) - RDMA/cma: Fix arguments order in net device validation (Michael Guralnik) - tee: fix compiler warning in tee_shm_register() (Jens Wiklander) - regulator: core: Clean up on enable failure (Andrew Halaney) - soc: imx: gpcv2: Assert reset before ungating clock (Marek Vasut) - ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node (Marco Felsch) - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (Jack Wang) - RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (Jack Wang) - ASoC: qcom: sm8250: add missing module owner (Srinivas Kandagatla) - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree (Tejun Heo) - NFS: Fix another fsync() issue after a server reboot (Trond Myklebust) - NFS: Save some space in the inode (Trond Myklebust) - NFS: Further optimisations for 'ls -l' (Trond Myklebust) - scsi: lpfc: Add missing destroy_workqueue() in error path (Yang Yingliang) - scsi: mpt3sas: Fix use-after-free warning (Sreekanth Reddy) - drm/i915: Implement WaEdpLinkRateDataReload (Ville Syrjala) - nvmet: fix a use-after-free (Bart Van Assche) - drm/amd/display: fix memory leak when using debugfs_lookup() (Greg Kroah-Hartman) - sched/debug: fix dentry leak in update_sched_domain_debugfs (Greg Kroah-Hartman) - debugfs: add debugfs_lookup_and_remove() (Greg Kroah-Hartman) - kprobes: Prohibit probes in gate area (Christian A. Ehrhardt) - vfio/type1: Unpin zero pages (Alex Williamson) - btrfs: zoned: set pseudo max append zone limit in zone emulation mode (Shin'ichiro Kawasaki) - tracing: Fix to check event_mutex is held while accessing trigger list (Masami Hiramatsu (Google)) - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (Dongxiang Ke) - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (Takashi Iwai) - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (Pattara Teerapong) - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (Tasos Sahanidis) - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (Takashi Iwai) - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (Qu Huang) - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (Yang Yingliang) - fbdev: fbcon: Destroy mutex on freeing struct fb_info (Shigeru Yoshida) - md: Flush workqueue md_rdev_misc_wq in md_alloc() (David Sloan) - net/core/skbuff: Check the return value of skb_copy_bits() (lily) - cpufreq: check only freq_table in __resolve_freq() (Lukasz Luba) - netfilter: conntrack: work around exceeded receive window (Florian Westphal) - arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level (Sudeep Holla) - parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines (Helge Deller) - parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources() (Li Qiong) - Revert 'parisc: Show error if wrong 32/64-bit compiler is being used' (Helge Deller) - scsi: ufs: core: Reduce the power mode change timeout (Bart Van Assche) - drm/radeon: add a force flush to delay work when radeon (Zhenneng Li) - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup. (Candice Li) - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (YiPeng Chai) - drm/gem: Fix GEM handle release errors (Jeffy Chen) - scsi: megaraid_sas: Fix double kfree() (Guixin Liu) - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (Tony Battersby) - Revert 'mm: kmemleak: take a full lowmem check in kmemleak_*_phys()' (Yee Lee) - fs: only do a memory barrier for the first set_buffer_uptodate() (Linus Torvalds) - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (Stanislaw Gruszka) - efi: capsule-loader: Fix use-after-free in efi_capsule_write (Hyunwoo Kim) - efi: libstub: Disable struct randomization (Ard Biesheuvel) - net: wwan: iosm: remove pointless null check (Jakub Kicinski) - LTS version: v5.15.67 (Jack Vogel) - kbuild: fix up permissions on scripts/pahole-flags.sh (Greg Kroah-Hartman) - LTS version: v5.15.66 (Jack Vogel) - USB: serial: ch341: fix disabled rx timer on older devices (Johan Hovold) - USB: serial: ch341: fix lost character on LCR updates (Johan Hovold) - usb: dwc3: disable USB core PHY management (Johan Hovold) - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (Johan Hovold) - usb: dwc3: fix PHY disable sequence (Johan Hovold) - kbuild: Add skip_encoding_btf_enum64 option to pahole (Martin Rodriguez Reboredo) - kbuild: Unify options for BTF generation for vmlinux and modules (Jiri Olsa) - tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (Mazin Al Haddad) - drm/i915: Skip wm/ddb readout for disabled pipes (Ville Syrjala) - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (Diego Santa Cruz) - ALSA: seq: Fix data-race at module auto-loading (Takashi Iwai) - ALSA: seq: oss: Fix data-race for max_midi_devs access (Takashi Iwai) - ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 (Kacper Michajlow) - net: mac802154: Fix a condition in the receive path (Miquel Raynal) - net: Use u64_stats_fetch_begin_irq() for stats fetch. (Sebastian Andrzej Siewior) - ip: fix triggering of 'icmp redirect' (Nicolas Dichtel) - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (Siddh Raman Pant) - wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected (Siddh Raman Pant) - driver core: Don't probe devices after bus_type.match() probe deferral (Isaac J. Manjarres) - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (Krishna Kurapati) - usb: xhci-mtk: fix bandwidth release issue (Chunfeng Yun) - usb: xhci-mtk: relax TT periodic bandwidth allocation (Chunfeng Yun) - USB: core: Prevent nested device-reset calls (Alan Stern) - s390: fix nospec table alignments (Josh Poimboeuf) - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (Gerald Schaefer) - usb-storage: Add ignore-residue quirk for NXP PN7462AU (Witold Lipieta) - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (Thierry GUIBERT) - usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer (Pawel Laszczak) - usb: cdns3: fix issue with rearming ISO OUT endpoint (Pawel Laszczak) - usb: dwc2: fix wrong order of phy_power_on and phy_init (Heiner Kallweit) - usb: typec: tcpm: Return ENOTSUPP for power supply prop writes (Badhri Jagan Sridharan) - usb: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (Utkarsh Patel) - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (Pablo Sun) - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (Slark Xiao) - USB: serial: option: add Quectel EM060K modem (Yonglin Tan) - USB: serial: option: add support for OPPO R11 diag port (Yan Xinyu) - USB: serial: cp210x: add Decagon UCA device id (Johan Hovold) - xhci: Add grace period after xHC start to prevent premature runtime suspend. (Mathias Nyman) - media: mceusb: Use new usb_control_msg_*() routines (Alan Stern) - usb: dwc3: pci: Add support for Intel Raptor Lake (Heikki Krogerus) - thunderbolt: Use the actual buffer in tb_async_error() (Mika Westerberg) - xen-blkfront: Cache feature_persistent value before advertisement (SeongJae Park) - xen-blkfront: Advertise feature-persistent as user requested (SeongJae Park) - xen-blkback: Advertise feature-persistent as user requested (SeongJae Park) - mm: pagewalk: Fix race between unmap and page walker (Steven Price) - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (Dan Carpenter) - KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (Jim Mattson) - gpio: pca953x: Add mutex_lock for regcache sync in PM (Haibo Chen) - hwmon: (gpio-fan) Fix array out of bounds access (Armin Wolf) - clk: bcm: rpi: Add missing newline (Stefan Wahren) - clk: bcm: rpi: Prevent out-of-bounds access (Stefan Wahren) - clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() (Christophe JAILLET) - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (Stefan Wahren) - Input: rk805-pwrkey - fix module autoloading (Peter Robinson) - clk: core: Fix runtime PM sequence in clk_core_unprepare() (Chen-Yu Tsai) - Revert 'clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops' (Stephen Boyd) - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (Chen-Yu Tsai) - drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (Colin Ian King) - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (Jim Mattson) - cifs: fix small mempool leak in SMB2_negotiate() (Enzo Matsumiya) - binder: fix alloc->vma_vm_mm null-ptr dereference (Carlos Llamas) - binder: fix UAF of ref->proc caused by race condition (Carlos Llamas) - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (Adrian Hunter) - mmc: core: Fix UHS-I SD 1.8V workaround branch (Adrian Hunter) - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (Niek Nooijens) - misc: fastrpc: fix memory corruption on open (Johan Hovold) - misc: fastrpc: fix memory corruption on probe (Johan Hovold) - iio: adc: mcp3911: use correct formula for AD conversion (Marcus Folkesson) - iio: ad7292: Prevent regulator double disable (Matti Vaittinen) - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (Tetsuo Handa) - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (Sherry Sun) - musb: fix USB_MUSB_TUSB6010 dependency (Arnd Bergmann) - vt: Clear selection before changing the font (Helge Deller) - powerpc: align syscall table for ppc32 (Masahiro Yamada) - staging: r8188eu: add firmware dependency (Grzegorz Szymaszek) - staging: rtl8712: fix use after free bugs (Dan Carpenter) - serial: fsl_lpuart: RS485 RTS polariy is inverse (Shenwei Wang) - soundwire: qcom: fix device status array range (Srinivas Kandagatla) - net/smc: Remove redundant refcount increase (Yacan Liu) - Revert 'sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb' (Jakub Kicinski) - tcp: annotate data-race around challenge_timestamp (Eric Dumazet) - sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb (Toke Hoiland-Jorgensen) - kcm: fix strp_init() order and cleanup (Cong Wang) - mlxbf_gige: compute MDIO period based on i1clk (David Thompson) - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (Duoming Zhou) - net/sched: fix netdevice reference leaks in attach_default_qdiscs() (Wang Hai) - net: sched: tbf: don't call qdisc_put() while holding tree lock (Zhengchao Shao) - net: dsa: xrs700x: Use irqsave variant for u64 stats update (Sebastian Andrzej Siewior) - openvswitch: fix memory leak at failed datapath creation (Andrey Zhadchenko) - net: smsc911x: Stop and start PHY during suspend and resume (Florian Fainelli) - net: sparx5: fix handling uneven length packets in manual extraction (Casper Andersson) - Revert 'xhci: turn off port power in shutdown' (Mathias Nyman) - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (Dan Carpenter) - ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array (Peter Ujfalusi) - ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg (Pierre-Louis Bossart) - drm/i915/display: avoid warnings when registering dual panel backlight (Arun R Murthy) - drm/i915/backlight: extract backlight code to a separate file (Jani Nikula) - ieee802154/adf7242: defer destroy_workqueue call (Lin Ma) - bpf, cgroup: Fix kernel BUG in purge_effective_progs (Pu Lehui) - bpf: Restrict bpf_sys_bpf to CAP_PERFMON (YiFei Zhu) - skmsg: Fix wrong last sg check in sk_msg_recvmsg() (Liu Jian) - iio: adc: mcp3911: make use of the sign bit (Marcus Folkesson) - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (Andy Shevchenko) - drm/msm/dsi: Fix number of regulators for SDM660 (Douglas Anderson) - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (Douglas Anderson) - drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4 (Kuogee Hsieh) - drm/msm/dsi: fix the inconsistent indenting (sunliming) - LTS version: v5.15.65 (Jack Vogel) - net: neigh: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - net/af_packet: check len when min_header_len equals to 0 (Zhengchao Shao) - android: binder: fix lockdep check on clearing vma (Liam Howlett) - btrfs: fix space cache corruption and potential double allocations (Omar Sandoval) - kprobes: don't call disarm_kprobe() for disabled kprobes (Kuniyuki Iwashima) - btrfs: tree-checker: check for overlapping extent items (Josef Bacik) - btrfs: fix lockdep splat with reloc root extent buffers (Josef Bacik) - btrfs: move lockdep class helpers to locking.c (Josef Bacik) - testing: selftests: nft_flowtable.sh: use random netns names (Florian Westphal) - netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y (Geert Uytterhoeven) - drm/amd/display: avoid doing vm_init multiple time (Charlene Liu) - drm/amdgpu: Increase tlb flush timeout for sriov (Dusica Milinkovic) - drm/amd/display: Fix pixel clock programming (Ilya Bakoulin) - drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid (Evan Quan) - ksmbd: don't remove dos attribute xattr on O_TRUNC open (Namjae Jeon) - s390/hypfs: avoid error message under KVM (Juergen Gross) - neigh: fix possible DoS due to net iface start/stop loop (Denis V. Lunev) - ksmbd: return STATUS_BAD_NETWORK_NAME error status if share is not configured (Namjae Jeon) - drm/amd/display: clear optc underflow before turn off odm clock (Fudong Wang) - drm/amd/display: For stereo keep 'FLIP_ANY_FRAME' (Alvin Lee) - drm/amd/display: Fix HDMI VSIF V3 incorrect issue (Leo Ma) - drm/amd/display: Avoid MPC infinite loop (Josip Pavic) - ASoC: sh: rz-ssi: Improve error handling in rz_ssi_probe() error path (Biju Das) - fs/ntfs3: Fix work with fragmented xattr (Konstantin Komarov) - btrfs: fix warning during log replay when bumping inode link count (Filipe Manana) - btrfs: add and use helper for unlinking inode during log replay (Filipe Manana) - btrfs: remove no longer needed logic for replaying directory deletes (Filipe Manana) - btrfs: remove root argument from btrfs_unlink_inode() (Filipe Manana) - mmc: sdhci-of-dwcmshc: Re-enable support for the BlueField-3 SoC (Liming Sun) - mmc: sdhci-of-dwcmshc: rename rk3568 to rk35xx (Sebastian Reichel) - mmc: sdhci-of-dwcmshc: add reset call back for rockchip Socs (Yifeng Zhao) - mmc: mtk-sd: Clear interrupts when cqe off/disable (Wenbin Mei) - drm/i915/gt: Skip TLB invalidations once wedged (Chris Wilson) - HID: thrustmaster: Add sparco wheel and fix array length (Michael Hubner) - HID: asus: ROG NKey: Ignore portion of 0x5a report (Josh Kilmer) - HID: AMD_SFH: Add a DMI quirk entry for Chromebooks (Akihiko Odaki) - HID: add Lenovo Yoga C630 battery quirk (Steev Klimaszewski) - ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5 (Takashi Iwai) - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (Jann Horn) - bpf: Don't redirect packets with invalid pkt_len (Zhengchao Shao) - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (Yang Jihong) - fbdev: fb_pm2fb: Avoid potential divide by zero error (Letu Ren) - net: fix refcount bug in sk_psock_get (2) (Hawkins Jiawei) - HID: hidraw: fix memory leak in hidraw_release() (Karthik Alapati) - media: pvrusb2: fix memory leak in pvr_probe (Dongliang Mu) - udmabuf: Set the DMA mask for the udmabuf device (v2) (Vivek Kasireddy) - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (Lee Jones) - Revert 'PCI/portdrv: Don't disable AER reporting in get_port_device_capability()' (Greg Kroah-Hartman) - Bluetooth: L2CAP: Fix build errors in some archs (Luiz Augusto von Dentz) - kbuild: Fix include path in scripts/Makefile.modpost (Jing Leng) - io_uring: fix UAF due to missing POLLFREE handling (Pavel Begunkov) - io_uring: fix wrong arm_poll error handling (Pavel Begunkov) - io_uring: fail links when poll fails (Pavel Begunkov) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1184 cpe:/a:oracle:linux:8::UEKR7 Oracle Linux 7 spacewalk-backend [2.10.28-1.0.13] - Fix HTTP 500 and ORA-01830 on client scap report [Orabug: 34823889] [2.10.28-1.0.12] - Handle remote commands that return no output. [Orabug: 32530545] [2.10.28-1.0.11] - Make spacewalk-debug copy symlink target instead of the symlink itself. [Orabug: 32514543] [2.10.28-1.0.9] - spacewalk-repo-sync set /modules owner to tomcat [Orabug: 32537482] - Make spacewalk-repo-sync sync modules.yaml file for ULN [Orabug: 32542907] [2.10.28-1.0.8] - Disable mirror lists for ULN repos. [Orabug: 32165904] [2.10.28-1.0.7] - Remove default RHN config referencing satellite.rhn.redhat.com [Orabug: 32121947] [2.10.28-1.0.6] - Rebrand Spacewalk to Oracle Linux Manager [LINUX-9551] [LINUX-9552] [2.10.28-1.0.5] - Fix spacewalk-repo-sync resetting /var/satellite/rhn/modules permissions to 750 [Orabug: 31973025] [2.10.28-1.0.4] - Make reposync set rhn/modules group writable [LINUX-7708] - Make modules metadata folder group-writable on spacewalk-backend upgrade [LINUX-7708] [2.10.28-1.0.3] - Fix erroneous failure status for successful remote command execution [Orabug: 31589572] [2.10.28-1.0.1] - Remove upstream reference [OraBug 22475639] - Fix text references to satellite server [OraBug 20596345] [2.10.28-1] - added treeinfo file to download list [2.10.27-1] spacewalk-java [2.10.19-1.0.15] - Fix CVE-2022-43753 [Orabug: 34814068] [2.10.19-1.0.14] - Add module:stream manipulation remote commands. [OLDIS-6915] [2.10.19-1.0.13] - Fix errata scheduled job link ID number formatting. [Orabug: 32581542] [2.10.19-1.0.12] - Fix custom errata adding unassociated packages [Orabug: 32613033] [2.10.19-1.0.11] - Remove default RHN config referencing satellite.rhn.redhat.com [Orabug: 32121947] [2.10.19-1.0.10] - Handle modules.yaml file in spacewalk-manage-channel-lifecycle [LINUX-9346] - Rebrand Spacewalk to Oracle Linux Manager [LINUX-9551] [LINUX-9552] [2.10.19-1.0.9] - Update modules.yaml when adding modular packages to channel [LINUX-8154] [Orabug: 31960970] [2.10.19-1.0.8] - Copy modules.yaml metadata file when cloning channels. [LINUX-7708] [2.10.19-1.0.7] - Fix Internal Server Error when scheduling package snapshot rollback [Orabug: 31658857] [2.10.19-1.0.6] - Remove upstream warning message on package upgrade page [LINUX-7465] [LINUX-7593] [Orabug: 31639744] [2.10.19-1.0.5] - Allow spacecmd and XMLRPC API to apply modular errata [Orabug: 31665403] [Jira: LINUX-7026] [2.10.19-1.0.4] - Fix wrong kickstart generated for the OL8 [Orabug: 31564892] [2.10.19-1.0.3] - Update footer Copyright and links to Oracle's. [Orabug: 31444703] - Replace bugfix bug22652131.patch with oracle-footer.jsp.patch. [2.10.19-1.0.2] - Update taskomatic to use instant client to 18.5 [Orabug: 31413086] [2.10.19-1.0.1] - fix login UI footer string [orabug 22652131] - fix max length of channel label [bug 22509037] - remove packages that rely on geronimo-specs-poms and jakarta-commons-beanutils (livy.ge@orale.com) - remove sw2.6 jpp packages during upgrade [bug 27792543] [2.10.19-1] - 1791111 - improved performance of cleanup-data-bunch [2.10.18-1] - fixed checkstyle header [2.10.17-1] - updated API version for the new release [2.10.16-1] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-43753 cpe:/a:oracle:linux:7::oraclelinuxmanager210_server Oracle Linux 8 [0.10.14-5.0.1] - Replace HAM-logo.png with a generic one [0.10.14-5] - Fixed ruby socket permissions - Resolves: rhbz#2116838 [0.10.14-4] - Fixed enable sbd from webui - Resolves: rhbz#2117650 [0.10.14-3] - Fixed pcs quorum device remove - Resolves: rhbz#2115326 [0.10.14-2] - Fixed booth ticket mode value case insensitive - Fixed booth sync check whether /etc/booth exists - Resolves: rhbz#1786964 rhbz#1791670 [0.10.14-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated bundled rubygems: rack - Resolves: rhbz#2059500 rhbz#2096787 rhbz#2097383 rhbz#2097391 rhbz#2097392 rhbz#2097393 [0.10.13-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Updated bundled rubygems: backports, daemons, ethon ffi, json, ruby2_keywords, thin - Resolves: rhbz#1730232 rhbz#1786964 rhbz#1791661 rhbz#1791670 rhbz#1874624 rhbz#1909904 rhbz#1950551 rhbz#1954099 rhbz#2019894 rhbz#2023845 rhbz#2059500 rhbz#2064805 rhbz#2068456 [0.10.12-7] - Updated bundled rubygems: sinatra, rack-protection - Resolves: rhbz#2081332 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1049 cpe:/a:oracle:linux:8::addons Oracle Linux 7 kubernetes [1.21.14-3] - Addresses CVE-2022-3294 & CVE-2022-3162 [1.21.14-2] - Fixed kubernetes-cni version. [1.21.14-1] - Addresses CVE-2022-3172 olcne [1.4.9-2] - Fix 1.21 kubernetes version to align with last upstream release [1.4.9-1] - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21 [1.4.8-3] - Unpinned podman for OL7 [1.4.8-2] - Updated Kubernetes package release version to 1.21.6-2 [1.4.8-1] - Upgraded kubernetes-1.21.6 to 1.21.14 - Resolve Kubernetes CVE-2022-3172 for version 1.21 [1.4.7-1] - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 [1.4.6-2] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over - Update gen-certs-helper script to skip printing olcne_transfer_script execution - Cleanup grpc connection when node not found and use substr method in case fqdn used for hostname [1.4.6-1] - Adress Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227 [1.4.5-1] - Address qemu CVE-2022-26353, CVE-2021-3748 [1.4.4-1] - Excluded unnecessary directories from k8s backup files [1.4.3-1] - Update Istio to 1.13.2 [1.4.2-1] - Added 1.4 extra images to registry-image-helper.sh script [1.4.1-4] - Ensure that the order of items in an upgraded config file is stable with respect to the original file - Ensure that old olcnectl config files are upgraded [1.4.1-3] - Fixed a bug where specifying a port in the container-registry argument to the Kubernetes module would result in pods not being able to start. [1.4.1-2] - Allow loadbalancer to be configured regardless of security list mode [1.4.1-1] - Fix bug in initialising certs manager when environment name not mentioned [1.4.0-3] - Fix bug in fetching report for multi-environment [1.4.0-2] - Pause image is 3.4.1 [1.4.0-1] - CSI plugin - Reports feature - Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade - Istio-1.9.4 to Istio-1.11.4 upgrade - Component upgrades - Config file feature [1.3.0-13] - Fix iptables issue when running on OL7 host using OL8 image [1.3.0-12] - Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007 [1.3.0-11] - Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282] [1.3.0-10] - Fixed missing double semicolon in registry image helper [1.3.0-9] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3162 CVE-2022-3294 cpe:/a:oracle:linux:7::olcne14 Oracle Linux 8 kubernetes [1.21.14-3] - Addresses CVE-2022-3294 & CVE-2022-3162 [1.21.14-2] - Fixed kubernetes-cni version. [1.21.14-1] - Addresses CVE-2022-3172 olcne [1.4.9-2] - Fix 1.21 kubernetes version to align with last upstream release [1.4.9-1] - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21 [1.4.8-3] - Unpinned podman for OL7 [1.4.8-2] - Updated Kubernetes package release version to 1.21.6-2 [1.4.8-1] - Upgraded kubernetes-1.21.6 to 1.21.14 - Resolve Kubernetes CVE-2022-3172 for version 1.21 [1.4.7-1] - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 [1.4.6-2] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over - Update gen-certs-helper script to skip printing olcne_transfer_script execution - Cleanup grpc connection when node not found and use substr method in case fqdn used for hostname [1.4.6-1] - Adress Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227 [1.4.5-1] - Address qemu CVE-2022-26353, CVE-2021-3748 [1.4.4-1] - Excluded unnecessary directories from k8s backup files [1.4.3-1] - Update Istio to 1.13.2 [1.4.2-1] - Added 1.4 extra images to registry-image-helper.sh script [1.4.1-4] - Ensure that the order of items in an upgraded config file is stable with respect to the original file - Ensure that old olcnectl config files are upgraded [1.4.1-3] - Fixed a bug where specifying a port in the container-registry argument to the Kubernetes module would result in pods not being able to start. [1.4.1-2] - Allow loadbalancer to be configured regardless of security list mode [1.4.1-1] - Fix bug in initialising certs manager when environment name not mentioned [1.4.0-3] - Fix bug in fetching report for multi-environment [1.4.0-2] - Pause image is 3.4.1 [1.4.0-1] - CSI plugin - Reports feature - Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade - Istio-1.9.4 to Istio-1.11.4 upgrade - Component upgrades - Config file feature [1.3.0-13] - Fix iptables issue when running on OL7 host using OL8 image [1.3.0-12] - Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007 [1.3.0-11] - Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282] [1.3.0-10] - Fixed missing double semicolon in registry image helper [1.3.0-9] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3162 CVE-2022-3294 cpe:/a:oracle:linux:8::olcne14 Oracle Linux 7 kubernetes [1.22.16-1] - Added Oracle specific build files for Kubernetes - Add preBuildOL8Commands to Jenkinsfile kubernetes [1.23.14-1] - Added Oracle specific build files for Kubernetes kubernetes [1.24.8-1] - Added Oracle specific build files for Kubernetes olcne [1.5.8-4] - Fix 1.21 kubernetes version to align with last upstream release [1.5.8-3] - Increase timeout value for update module [1.5.8-2] - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.24 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.23 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.22 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21 [1.5.8-1] - Improve error reporting and logging when using olcnectl provision - Environment creation is now idempotent [1.5.7-6] - Unpinned podman for OL7 [1.5.7-5] - Updated the kubernetes-dashboard version to v2.5.1 in the registry-image-helper.sh script for kubernetes-1.24.5 [1.5.7-4] - Upgraded helm-3.7.1 to 3.9.4 [1.5.7-3] - Resolved kubernetes-1.22.14 upgrade issue [1.5.7-2] - Improve command and flag descriptions in olcnectl - Automatically provision key material for the ExternalIP Webhook during olcnectl provision - Ensure that olcnectl provision respects the desired SELinux configuration [1.5.7-1] - Upgrade Kubernetes to 1.24.5 - Upgrade Istio to 1.14.3 - Update OCI-CCM to 1.24.0 for kubernetes 1.24 - Update kubernetes-dashboard to v2.5.1 - Added support for custom profiles to the Istio module - Added support for multiple instances of the Istio module with independent profiles - Implemented automation within olcnectl for provisioning of Platform components and modules for existing compute resources [1.5.6-1] - Upgraded kubernetes-1.23.7 to 1.23.11, 1.22.8 to 1.22.14 and 1.21.6 to 1.21.14 - Resolve Kubernetes CVE-2022-3172 for version 1.21 - Resolve Kubernetes CVE-2022-3172 for version 1.22 - Resolve Kubernetes CVE-2022-3172 for version 1.23 [1.5.5-1] - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 [1.5.4-3] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over [1.5.4-2] - Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227 [1.5.4-1] - Upgrade Kubernetes to 1.23.7 [1.5.3-1] - Address qemu CVE-2022-26353, CVE-2021-3748 [1.5.2-1] - Excluded unnecessary directories from k8s backup files [1.5.1-1] - Fixed the bug in fetching node metadata for non-cloud nodes [1.5.0-2] - Upgrade Helm to 3.7.1-2 [1.5.0-2] - fix null pointer exception in systemd service state validation [1.5.0-1] - Introduce support for compact Kubernetes clusters - Introduce MetalLB - Introduce Oracle Cloud Infrastructure Cloud Controller Manager - Improved log messages in Platform API Server and Platform Agent - Upgrade Kubernetes to 1.22.8 - Upgrade Istio to 1.13.2 - Renamed the oci-csi module to oci-ccm [1.5.0-20.alpha] - Update istio-1.13.2 grafana to 7.5.15 [1.5.0-14.alpha] - Metallb fix [1.5.0-11.alpha] - Remove module directories when olcne rpm is uninstalled [1.5.0-10.alpha] - OCI CCM 0.13.0 [1.5.0-9.alpha] - Reworked log messages [1.5.0-8.alpha] - Update Istio to 1.13.2(prometheus-2.31.1, grafana-8.4.6) [1.5.0-7.alpha] - Update Istio to 1.12.6(prometheus-2.30.1, grafana-7.5.15) [1.5.0-6.alpha] - Update to k8s 1.22 with golang 1.17 [1.5.0-5.alpha] - Update internal docs for oci-ccm module [1.5.0-4.alpha] - Extend oci-ccm module to support load balancer [1.5.0-3.alpha] - Firewall pre-req [1.5.0-2.alpha] - Ensure that config map settings needed by metallb is preserved during k8s upgrade [1.5.0-1.alpha] - Metallb module [1.4.1-14] - Added 1.4 extra images to registry-image-helper.sh script [1.4.1-13] - Update sudoers file and changed its permissions to '0440' [1.4.1-12] - Update olcne-kubernetes.md file for 'compact' flag [1.4.1-11] - Ensure that the order of items in an upgraded config file is stable with respect to the original file [1.4.1-10] - Ensure that old olcnectl config files are upgraded [1.4.1-9] - Rename oci-csi module to oci-ccm and add support for oci-ccm loadbalancer creation [1.4.1-8] - Make 'compact' flag updatable [1.4.1-7] - Introduce 'compact' that enables control-plane nodes to run any workloads [1.4.1-6] - Ability to label 1 or more kubernetes nodes [1.4.1-5] - Fixed a bug where specifying a port in the container-registry argument to the Kubernetes module would result in pods not being able to start. [1.4.1-4] - Update helm to 3.7.1 [1.4.1-3] - Update versions to Istio-1.12.2, prometheus-2.31.1 and grafana-7.5.11 [1.4.1-2] - Allow loadbalancer to be configured regardless of security list mode [1.4.0-4] - Fix bug in initialising certs manager when environment name not mentioned [1.4.0-3] - Fix bug in fetching report for multi-environment [1.4.0-2] - Pause image is 3.4.1 [1.4.0-1] - CSI plugin - Reports feature - Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade - Istio-1.9.4 to Istio-1.11.4 upgrade - Component upgrades - Config file feature [1.3.0-13] - Fix iptables issue when running on OL7 host using OL8 image [1.3.0-12] - Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007 [1.3.0-11] - Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282] [1.3.0-10] - Fixed missing double semicolon in registry image helper [1.3.0-9] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3294 CVE-2022-3162 cpe:/a:oracle:linux:7::olcne15 Oracle Linux 8 kubernetes [1.22.16-1] - Added Oracle specific build files for Kubernetes - Add preBuildOL8Commands to Jenkinsfile kubernetes [1.23.14-1] - Added Oracle specific build files for Kubernetes kubernetes [1.24.8-1] - Added Oracle specific build files for Kubernetes olcne [1.5.8-4] - Fix 1.21 kubernetes version to align with last upstream release [1.5.8-3] - Increase timeout value for update module [1.5.8-2] - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.24 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.23 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.22 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21 [1.5.8-1] - Improve error reporting and logging when using olcnectl provision - Environment creation is now idempotent [1.5.7-6] - Unpinned podman for OL7 [1.5.7-5] - Updated the kubernetes-dashboard version to v2.5.1 in the registry-image-helper.sh script for kubernetes-1.24.5 [1.5.7-4] - Upgraded helm-3.7.1 to 3.9.4 [1.5.7-3] - Resolved kubernetes-1.22.14 upgrade issue [1.5.7-2] - Improve command and flag descriptions in olcnectl - Automatically provision key material for the ExternalIP Webhook during olcnectl provision - Ensure that olcnectl provision respects the desired SELinux configuration [1.5.7-1] - Upgrade Kubernetes to 1.24.5 - Upgrade Istio to 1.14.3 - Update OCI-CCM to 1.24.0 for kubernetes 1.24 - Update kubernetes-dashboard to v2.5.1 - Added support for custom profiles to the Istio module - Added support for multiple instances of the Istio module with independent profiles - Implemented automation within olcnectl for provisioning of Platform components and modules for existing compute resources [1.5.6-1] - Upgraded kubernetes-1.23.7 to 1.23.11, 1.22.8 to 1.22.14 and 1.21.6 to 1.21.14 - Resolve Kubernetes CVE-2022-3172 for version 1.21 - Resolve Kubernetes CVE-2022-3172 for version 1.22 - Resolve Kubernetes CVE-2022-3172 for version 1.23 [1.5.5-1] - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 [1.5.4-3] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over [1.5.4-2] - Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227 [1.5.4-1] - Upgrade Kubernetes to 1.23.7 [1.5.3-1] - Address qemu CVE-2022-26353, CVE-2021-3748 [1.5.2-1] - Excluded unnecessary directories from k8s backup files [1.5.1-1] - Fixed the bug in fetching node metadata for non-cloud nodes [1.5.0-2] - Upgrade Helm to 3.7.1-2 [1.5.0-2] - fix null pointer exception in systemd service state validation [1.5.0-1] - Introduce support for compact Kubernetes clusters - Introduce MetalLB - Introduce Oracle Cloud Infrastructure Cloud Controller Manager - Improved log messages in Platform API Server and Platform Agent - Upgrade Kubernetes to 1.22.8 - Upgrade Istio to 1.13.2 - Renamed the oci-csi module to oci-ccm [1.5.0-20.alpha] - Update istio-1.13.2 grafana to 7.5.15 [1.5.0-14.alpha] - Metallb fix [1.5.0-11.alpha] - Remove module directories when olcne rpm is uninstalled [1.5.0-10.alpha] - OCI CCM 0.13.0 [1.5.0-9.alpha] - Reworked log messages [1.5.0-8.alpha] - Update Istio to 1.13.2(prometheus-2.31.1, grafana-8.4.6) [1.5.0-7.alpha] - Update Istio to 1.12.6(prometheus-2.30.1, grafana-7.5.15) [1.5.0-6.alpha] - Update to k8s 1.22 with golang 1.17 [1.5.0-5.alpha] - Update internal docs for oci-ccm module [1.5.0-4.alpha] - Extend oci-ccm module to support load balancer [1.5.0-3.alpha] - Firewall pre-req [1.5.0-2.alpha] - Ensure that config map settings needed by metallb is preserved during k8s upgrade [1.5.0-1.alpha] - Metallb module [1.4.1-14] - Added 1.4 extra images to registry-image-helper.sh script [1.4.1-13] - Update sudoers file and changed its permissions to '0440' [1.4.1-12] - Update olcne-kubernetes.md file for 'compact' flag [1.4.1-11] - Ensure that the order of items in an upgraded config file is stable with respect to the original file [1.4.1-10] - Ensure that old olcnectl config files are upgraded [1.4.1-9] - Rename oci-csi module to oci-ccm and add support for oci-ccm loadbalancer creation [1.4.1-8] - Make 'compact' flag updatable [1.4.1-7] - Introduce 'compact' that enables control-plane nodes to run any workloads [1.4.1-6] - Ability to label 1 or more kubernetes nodes [1.4.1-5] - Fixed a bug where specifying a port in the container-registry argument to the Kubernetes module would result in pods not being able to start. [1.4.1-4] - Update helm to 3.7.1 [1.4.1-3] - Update versions to Istio-1.12.2, prometheus-2.31.1 and grafana-7.5.11 [1.4.1-2] - Allow loadbalancer to be configured regardless of security list mode [1.4.0-4] - Fix bug in initialising certs manager when environment name not mentioned [1.4.0-3] - Fix bug in fetching report for multi-environment [1.4.0-2] - Pause image is 3.4.1 [1.4.0-1] - CSI plugin - Reports feature - Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade - Istio-1.9.4 to Istio-1.11.4 upgrade - Component upgrades - Config file feature [1.3.0-13] - Fix iptables issue when running on OL7 host using OL8 image [1.3.0-12] - Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007 [1.3.0-11] - Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282] [1.3.0-10] - Fixed missing double semicolon in registry image helper [1.3.0-9] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3162 CVE-2022-3294 cpe:/a:oracle:linux:8::olcne15 Oracle Linux 7 libvirt [5.7.0-38.el7] - qemu: Don't report spurious errors from vCPU tid validation on hotunplug timeout (Shaleen Bathla) [Orabug: 34826758] - security: fix SELinux label generation logic (Daniel P. Berrange) [Orabug: 34773029] {CVE-2021-3631} - spec: Require iproute-tc dependency for OL7 also (Shaleen Bathla) [Orabug: 34724925] - qemu: Set default qdisc before setting bandwidth (Michal Privoznik) [Orabug: 34724925] - qemu: Taint cpu host-passthrough only after migration (Cole Robinson) [Orabug: 34724925] libvirt-python [5.7.0-38.el7] - Bump version number to 5.7.0-38 to match libvirt. (Wim ten Have) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-3631 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:linux:7::kvm_utils cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 6 Oracle Linux 7 [4.1.12-124.69.5] - x86/smpboot: check cpu_initialized_mask first after returning from schedule() (Dongli Zhang) [Orabug: 34798594] [4.1.12-124.69.4] - btrfs: Remove BUG_ON() as it is causing kernel to panic (Rhythm Mahajan) [Orabug: 34840579] [4.1.12-124.69.3] - btrfs: fix missing return for a non-void function. (Harshit Mogalapalli) [Orabug: 34827292] [4.1.12-124.69.2] - btrfs: Don't submit any btree write bio if the fs has errors (Qu Wenruo) [Orabug: 31265340] {CVE-2019-19377} - scsi: stex: Properly zero out the passthrough command structure (Linus Torvalds) [Orabug: 34670757] {CVE-2022-40768} - net/packet: fix slab-out-of-bounds access in packet_recvmsg() (Eric Dumazet) [Orabug: 34791643] {CVE-2022-20368} - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (Willem de Bruijn) [Orabug: 34791643] - fs/attr.c: handling case when inode does not attach with dentry structure (Alok Tiwari) [Orabug: 34733462] [Orabug: 34798221] [Orabug: 34816013] [4.1.12-124.69.1] - drm/ttm/nouveau: don't call tt destroy callback on alloc failure. (Dave Airlie) [Orabug: 33014078] {CVE-2021-20292} - netfilter: nf_conntrack_irc: Tighten matching on DCC message (David Leadbeater) [Orabug: 34555474] {CVE-2022-2663} - openvswitch: fix OOB access in reserve_sfa_size() (Paolo Valerio) [Orabug: 34607642] {CVE-2022-2639} - openvswitch: fix flow actions reallocation (Andrea Righi) [Orabug: 34607642] - openvswitch: fix the incorrect flow action alloc size (zhangliping) [Orabug: 34607642] - cgroup: Prevent kill_css() from being called more than once (Waiman Long) [Orabug: 34679307] - mISDN: fix use-after-free bugs in l1oip timer handlers (Duoming Zhou) [Orabug: 34719783] {CVE-2022-3565} - vsock: Fix memory leak in vsock_connect() (Peilin Ye) [Orabug: 34731194] {CVE-2022-3629} - vsock: split dwork to avoid reinitializations (Cong Wang) [Orabug: 34731194] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3629 CVE-2022-2663 CVE-2022-3565 CVE-2022-40768 CVE-2019-19377 CVE-2022-2639 CVE-2021-20292 CVE-2022-20368 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.69.5.1] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34883048] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34883048] {CVE-2022-4378} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-4378 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 7 [4.14.35-2047.520.3.1] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34883027] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34883027] {CVE-2022-4378} - hugetlbfs: don't delete error page from pagecache (James Houghton) [Orabug: 34883072] - mm: shmem: don't truncate page if memory failure happens (Yang Shi) [Orabug: 34883072] - mm: hwpoison: refactor refcount check handling (Yang Shi) [Orabug: 34883072] [4.14.35-2047.520.3] - scsi: qla2xxx: Fix use after free in eh_abort path (Quinn Tran) [Orabug: 34841119] [4.14.35-2047.520.2] - rds: Remove the cp_rdsinfo_pending flag (Hakon Bugge) [Orabug: 34658891] - RDMA/mlx5: Change debug log level for remote access error syndromes (Arumugam Kolappan) [Orabug: 34798453] [4.14.35-2047.520.1] - rds: ib: Fix cleanup of rds_ib_cache_gc_worker (Hakon Bugge) [Orabug: 34806078] - scsi: stex: Properly zero out the passthrough command structure (Linus Torvalds) [Orabug: 34670756] {CVE-2022-40768} - do_wait: make PIDTYPE_PID case O(1) instead of O(n) (Jim Newsome) [Orabug: 34420117] [4.14.35-2047.520.0] - uapi: Fix [rs]cq_vector data types in rds[6]_info_rdma_connection (Mark Haywood) [Orabug: 34732042] - uapi: Fix congested flag type in rds[6]_info_socket (Mark Haywood) [Orabug: 34732042] - scsi: target: core: Silence the message about unknown VPD pages (Konstantin Shelekhin) [Orabug: 34728690] - mISDN: fix use-after-free bugs in l1oip timer handlers (Duoming Zhou) [Orabug: 34719782] {CVE-2022-3565} - uek-rpm: add aarch64 to list of vdso arches (Tom Saeger) [Orabug: 34716203] - xfs: trim IO to found COW extent limit (Eric Sandeen) [Orabug: 34705398] - xfs: don't use delalloc extents for COW on files with extsize hints (Christoph Hellwig) [Orabug: 34705398] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40768 CVE-2022-4378 CVE-2022-3565 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [4.14.35-2047.520.3.1.el7] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34883027] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34883027] {CVE-2022-4378} - hugetlbfs: don't delete error page from pagecache (James Houghton) [Orabug: 34883072] - mm: shmem: don't truncate page if memory failure happens (Yang Shi) [Orabug: 34883072] - mm: hwpoison: refactor refcount check handling (Yang Shi) [Orabug: 34883072] [4.14.35-2047.520.3.el7] - scsi: qla2xxx: Fix use after free in eh_abort path (Quinn Tran) [Orabug: 34841119] [4.14.35-2047.520.2.el7] - rds: Remove the cp_rdsinfo_pending flag (Hakon Bugge) [Orabug: 34658891] - RDMA/mlx5: Change debug log level for remote access error syndromes (Arumugam Kolappan) [Orabug: 34798453] [4.14.35-2047.520.1.el7] - rds: ib: Fix cleanup of rds_ib_cache_gc_worker (Hakon Bugge) [Orabug: 34806078] - scsi: stex: Properly zero out the passthrough command structure (Linus Torvalds) [Orabug: 34670756] {CVE-2022-40768} - do_wait: make PIDTYPE_PID case O(1) instead of O(n) (Jim Newsome) [Orabug: 34420117] [4.14.35-2047.520.0.el7] - uapi: Fix [rs]cq_vector data types in rds[6]_info_rdma_connection (Mark Haywood) [Orabug: 34732042] - uapi: Fix congested flag type in rds[6]_info_socket (Mark Haywood) [Orabug: 34732042] - scsi: target: core: Silence the message about unknown VPD pages (Konstantin Shelekhin) [Orabug: 34728690] - mISDN: fix use-after-free bugs in l1oip timer handlers (Duoming Zhou) [Orabug: 34719782] {CVE-2022-3565} - uek-rpm: add aarch64 to list of vdso arches (Tom Saeger) [Orabug: 34716203] - xfs: trim IO to found COW extent limit (Eric Sandeen) [Orabug: 34705398] [4.14.35-2047.519.2.el7] - Revert 'xfs: don't use delalloc extents for COW on files with extsize hints' (Saeed Mirzamohammadi) [Orabug: 34715947] - uapi: Fix linux/rds.h userspace compilation issues (Ka-Cheong Poon) [Orabug: 32392165] [Orabug: 34710962] - uapi: Fix linux/rds.h userspace compilation errors. (Vinson Lee) [Orabug: 34710962] - uapi: fix linux/rds.h userspace compilation error (Dmitry V. Levin) [Orabug: 34710962] - uapi: fix linux/rds.h userspace compilation errors (Dmitry V. Levin) [Orabug: 34710962] - EDAC: Drop duplicated array of strings for memory type names (Jane Chu) [Orabug: 34645040] - xfs: don't ever put nlink > 0 inodes on the unlinked list (Darrick J. Wong) [Orabug: 34431355] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3565 CVE-2022-40768 CVE-2022-4378 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 8 Oracle Linux 9 [5.15.0-5.76.5.1] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34883037] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34883037] {CVE-2022-4378} [5.15.0-5.76.5] - KVM: x86: Use SRCU to protect zap in __kvm_set_or_clear_apicv_inhibit() (Ben Gardon) [Orabug: 34817119] - KVM: x86: Don't inhibit APICv/AVIC if xAPIC ID mismatch is due to 32-bit ID (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Track xAPIC ID only on userspace SET, _after_ vAPIC is updated (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Flush the 'current' TLB when activating AVIC (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Purge 'highest ISR' cache when updating APICv state (Sean Christopherson) [Orabug: 34817119] - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Add AVIC doorbell tracepoint (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: Warning APICv inconsistency only when vcpu APIC mode is valid (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Introduce hybrid-AVIC mode (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Do not throw warning when calling avic_vcpu_load on a running vcpu (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Introduce logic to (de)activate x2AVIC mode (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Refresh AVIC configuration when changing APIC mode (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: Deactivate APICv on vCPU with APIC disabled (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Do not virtualize MSR accesses for APIC LVTT register (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Fix x2APIC MSRs interception (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Adding support for configuring x2APIC MSRs interception (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Do not support updating APIC ID when in x2APIC mode (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Compute dest based on sender's x2APIC status for AVIC kick (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Update avic_kick_target_vcpus to support 32-bit APIC ID (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Update max number of vCPUs supported for x2AVIC mode (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Detect X2APIC virtualization (x2AVIC) support (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: lapic: Rename [GET/SET]_APIC_DEST_FIELD to [GET/SET]_XAPIC_DEST_FIELD (Suravee Suthikulpanit) [Orabug: 34817119] - x86/cpufeatures: Introduce x2AVIC CPUID bit (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: Blindly get current x2APIC reg value on 'nodecode write' traps (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Bug the VM if an accelerated x2APIC trap occurs on a 'bad' reg (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Do not block APIC write for non ICR registers (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: Add support for vICR APIC-write VM-Exits in x2APIC mode (Zeng Guang) [Orabug: 34817119] - KVM: x86: disable preemption while updating apicv inhibition (Maxim Levitsky) [Orabug: 34817119] - KVM: SVM: Fix x2APIC Logical ID calculation for avic_kick_target_vcpus_fast (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: SVM: fix avic_kick_target_vcpus_fast (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: SVM: remove avic's broken code that updated APIC ID (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: Don't inhibit APICv/AVIC on xAPIC ID 'change' if APIC is disabled (Sean Christopherson) [Orabug: 34817119] - KVM: x86: inhibit APICv/AVIC on changes to APIC ID or APIC base (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: document AVIC/APICv inhibit reasons (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: SVM: allow to force AVIC to be enabled (Maxim Levitsky) [Orabug: 34817119] - KVM: SVM: Introduce trace point for the slow-path of avic_kic_target_vcpus (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Use target APIC ID to complete AVIC IRQs when possible (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: Skip KVM_GUESTDBG_BLOCKIRQ APICv update if APICv is disabled (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Do not activate AVIC for SEV-enabled guest (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: Trace all APICv inhibit changes and capture overall status (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Add wrappers for setting/clearing APICv inhibits (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Make APICv inhibit reasons an enum and cleanup naming (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Disable preemption across AVIC load/put during APICv refresh (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Treat x2APIC's ICR as a 64-bit register, not two 32-bit regs (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Add helpers to handle 64-bit APIC MSR read/writes (Sean Christopherson) [Orabug: 34817119] - KVM: x86: WARN if KVM emulates an IPI without clearing the BUSY flag (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Don't rewrite guest ICR on AVIC IPI virtualization failure (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Use 'raw' APIC register read for handling APIC-write VM-Exit (Sean Christopherson) [Orabug: 34817119] - KVM: VMX: Handle APIC-write offset wrangling in VMX code (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Rename AVIC helpers to use 'avic' prefix instead of 'svm' (Sean Christopherson) [Orabug: 34817119] - KVM: VMX: Rename VMX functions to conform to kvm_x86_ops names (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Rename kvm_x86_ops pointers to align w/ preferred vendor names (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Drop export for .tlb_flush_current() static_call key (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Skip APICv update if APICv is disable at the module level (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Unexport __kvm_request_apicv_update() (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: fix race between interrupt delivery and AVIC inhibition (Maxim Levitsky) [Orabug: 34817119] - KVM: SVM: set IRR in svm_deliver_interrupt (Paolo Bonzini) [Orabug: 34817119] - KVM: SVM: extract avic_ring_doorbell (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: SVM: move avic definitions from AMD's spec to svm.h (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: lapic: don't touch irr_pending in kvm_apic_update_apicv when inhibiting it (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: Move delivery of non-APICv interrupt into vendor code (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Drop AVIC's intermediate avic_set_running() helper (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Skip AVIC and IRTE updates when loading blocking vCPU (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Use kvm_vcpu_is_blocking() in AVIC load to handle preemption (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Remove unnecessary APICv/AVIC update in vCPU unblocking path (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Don't bother checking for 'running' AVIC when kicking for IPIs (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Signal AVIC doorbell iff vCPU is in guest mode (Sean Christopherson) [Orabug: 34817119] - KVM: x86: add a tracepoint for APICv/AVIC interrupt delivery (Maxim Levitsky) [Orabug: 34817119] - KVM: Add helpers to wake/query blocking vCPU (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Ensure target pCPU is read once when signalling AVIC doorbell (Sean Christopherson) [Orabug: 34817119] - KVM: ensure APICv is considered inactive if there is no APIC (Paolo Bonzini) [Orabug: 34817119] - KVM: x86: inhibit APICv when KVM_GUESTDBG_BLOCKIRQ active (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: Use rw_semaphore for APICv lock to allow vCPU parallelism (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Move SVM's APICv sanity check to common x86 (Sean Christopherson) [Orabug: 34817119] - rds: Remove the cp_rdsinfo_pending flag (Hakon Bugge) [Orabug: 34658657] - RDMA/mlx5: Change debug log level for remote access error syndromes (Arumugam Kolappan) [Orabug: 34798451] - uek-rpm: kernel-uek.spec: make -modules-extra depend on -modules (Todd Vierling) [Orabug: 34820756] - Feature: Add cmdline param sched_uek=[preempt,wakeidle] (Libo Chen) [Orabug: 34779451] - rds: ib: Fix cleanup of rds_ib_cache_gc_worker (Hakon Bugge) [Orabug: 34806076] - KVM: nVMX: Add tracepoint for nested VM-Enter (David Matlack) [Orabug: 34806794] - KVM: x86: Update trace function for nested VM entry to support VMX (Mingwei Zhang) [Orabug: 34806794] - KVM: nVMX: Allow VMREAD when Enlightened VMCS is in use (Vitaly Kuznetsov) [Orabug: 34806794] - KVM: nVMX: Implement evmcs_field_offset() suitable for handle_vmread() (Vitaly Kuznetsov) [Orabug: 34806794] - KVM: nVMX: Rename vmcs_to_field_offset{,_table} (Vitaly Kuznetsov) [Orabug: 34806794] - x86/kvm: Always inline evmcs_write64() (Peter Zijlstra) [Orabug: 34806794] - RDMA/uverbs: restrack shared PDs (Sharath Srinivasan) [Orabug: 34812520] [5.15.0-5.76.4] - x86: Ignore iommu=off for AMD cpus (Dave Kleikamp) [Orabug: 34211826] - virtio-net: use mtu size as buffer length for big packets (Gavin Li) [Orabug: 34756664] - virtio-net: introduce and use helper function for guest gso support checks (Gavin Li) [Orabug: 34756664] - vdpa/mlx5: Use consistent RQT size (Eli Cohen) [Orabug: 34756664] - vdpa: mlx5: synchronize driver status with CVQ (Jason Wang) [Orabug: 34756664] - vdpa: support exposing the count of vqs to userspace (Longpeng) [Orabug: 34756664] - vdpa: change the type of nvqs to u32 (Longpeng) [Orabug: 34756664] - vdpa: support exposing the config size to userspace (Longpeng) [Orabug: 34756664] - vdpa/mlx5: re-create forwarding rules after mac modified (Michael Qiu) [Orabug: 34756664] - Add definition of VIRTIO_F_IN_ORDER feature bit (Gautam Dawar) [Orabug: 34756664] - vdpa: factor out vdpa_set_features_unlocked for vdpa internal use (Si-Wei Liu) [Orabug: 34756664] - RDMA/cma: Use output interface for net_dev check (Hakon Bugge) [Orabug: 34774007] - Revert 'RDMA/cma: Use output interface for net_dev check' (Hakon Bugge) [Orabug: 34774007] - Revert 'rdmaip: Flush ARP cache after address has been cleared' (Sharath Srinivasan) [Orabug: 34783631] - Revert 'sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle' (Samasth Norway Ananda) [Orabug: 34807135] [5.15.0-5.76.3] - uek-rpm: Add Documentation to kernel-uek-devel (Somasundaram Krishnasamy) [Orabug: 34734127] - kfence: add sysfs interface to disable kfence for selected slabs. (Imran Khan) [Orabug: 34744270] - scsi: target: core: Silence the message about unknown VPD pages (Konstantin Shelekhin) [Orabug: 34764767] - x86/microcode/AMD: Apply the patch late on every logical thread (Mihai Carabas) [Orabug: 34765295] - perf/x86/intel: Hide Topdown metrics events if slots is not enumerated (Kan Liang) [Orabug: 34771183] [5.15.0-5.76.2] - LTS version: v5.15.76 (Jack Vogel) - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (Seth Jenkins) - mmc: core: Add SD card quirk for broken discard (Avri Altman) - Makefile.debug: re-enable debug info for .S files (Nick Desaulniers) - x86/Kconfig: Drop check for -mabi=ms for CONFIG_EFI_STUB (Nathan Chancellor) - ACPI: video: Force backlight native for more TongFang devices (Werner Sembach) - perf: Skip and warn on unknown format 'configN' attrs (Rob Herring) - mmc: sdhci-tegra: Use actual clock rate for SW tuning correction (Prathamesh Shete) - tracing: Do not free snapshot if tracer is on cmdline (Steven Rostedt (Google)) - tracing: Simplify conditional compilation code in tracing_set_tracer() (sunliming) - ksmbd: fix incorrect handling of iterate_dir (Namjae Jeon) - ksmbd: handle smb2 query dir request for OutputBufferLength that is too small (Namjae Jeon) - arm64: mte: move register initialization to C (Peter Collingbourne) - fs: dlm: fix invalid derefence of sb_lvbptr (Alexander Aring) - iommu/vt-d: Clean up si_domain in the init_dmars() error path (Jerry Snitselaar) - iommu/vt-d: Allow NVS regions in arch_rmrr_sanity_check() (Charlotte Tan) - net: phy: dp83822: disable MDI crossover status change interrupt (Felix Riemann) - net: sched: fix race condition in qdisc_graft() (Eric Dumazet) - net: hns: fix possible memory leak in hnae_ae_register() (Yang Yingliang) - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (Yang Yingliang) - sfc: include vport_id in filter spec hash and equal() (Pieter Jansen van Vuuren) - net: sched: sfb: fix null pointer access issue when sfb_init() fails (Zhengchao Shao) - net: sched: delete duplicate cleanup of backlog and qlen (Zhengchao Shao) - net: sched: cake: fix null pointer access issue when cake_init() fails (Zhengchao Shao) - nvmet: fix workqueue MEM_RECLAIM flushing dependency (Sagi Grimberg) - nvme-hwmon: kmalloc the NVME SMART log buffer (Serge Semin) - nvme-hwmon: consistently ignore errors from nvme_hwmon_init (Christoph Hellwig) - netfilter: nf_tables: relax NFTA_SET_ELEM_KEY_END set flags requirements (Pablo Neira Ayuso) - ionic: catch NULL pointer issue on reconfig (Brett Creeley) - net: hsr: avoid possible NULL deref in skb_clone() (Eric Dumazet) - dm: remove unnecessary assignment statement in alloc_dev() (Genjian Zhang) - cifs: Fix xid leak in cifs_ses_add_channel() (Zhang Xiaoxu) - cifs: Fix xid leak in cifs_flock() (Zhang Xiaoxu) - cifs: Fix xid leak in cifs_copy_file_range() (Zhang Xiaoxu) - cifs: Fix xid leak in cifs_create() (Zhang Xiaoxu) - udp: Update reuse->has_conns under reuseport_lock. (Kuniyuki Iwashima) - scsi: lpfc: Fix memory leak in lpfc_create_port() (Rafael Mendonca) - net: phylink: add mac_managed_pm in phylink_config structure (Shenwei Wang) - net: phy: dp83867: Extend RX strap quirk for SGMII mode (Harini Katakam) - net/atm: fix proc_mpc_write incorrect return value (Xiaobo Liu) - sfc: Change VF mac via PF as first preference if available. (Jonathan Cooper) - HID: magicmouse: Do not set BTN_MOUSE on double report (Jose Exposito) - i40e: Fix DMA mappings leak (Jan Sokolowski) - tipc: fix an information leak in tipc_topsrv_kern_subscr (Alexander Potapenko) - tipc: Fix recognition of trial period (Mark Tomlinson) - ACPI: extlog: Handle multiple records (Tony Luck) - drm/vc4: Add module dependency on hdmi-codec (Maxime Ripard) - btrfs: fix processing of delayed tree block refs during backref walking (Filipe Manana) - btrfs: fix processing of delayed data refs during backref walking (Filipe Manana) - x86/topology: Fix duplicated core ID within a package (Zhang Rui) - x86/topology: Fix multiple packages shown on a single-package system (Zhang Rui) - media: venus: dec: Handle the case where find_format fails (Bryan O'Donoghue) - media: mceusb: set timeout to at least timeout provided (Sean Young) - media: ipu3-imgu: Fix NULL pointer dereference in active selection access (Sakari Ailus) - KVM: arm64: vgic: Fix exit condition in scan_its_table() (Eric Ren) - kvm: Add support for arch compat vm ioctls (Alexander Graf) - mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages (Rik van Riel) - drm/amdgpu: fix sdma doorbell init ordering on APUs (Alex Deucher) - cpufreq: qcom: fix memory leak in error path (Fabien Parent) - x86/resctrl: Fix min_cbm_bits for AMD (Babu Moger) - ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS (Kai-Heng Feng) - ata: ahci-imx: Fix MODULE_ALIAS (Alexander Stein) - hwmon/coretemp: Handle large core ID value (Zhang Rui) - x86/microcode/AMD: Apply the patch early on every logical thread (Borislav Petkov) - i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (Bryan O'Donoghue) - cpufreq: qcom: fix writes in read-only memory region (Fabien Parent) - selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (GONG, Ruiqi) - ocfs2: fix BUG when iput after ocfs2_mknod fails (Joseph Qi) - ocfs2: clear dinode links count in case of error (Joseph Qi) - btrfs: enhance unsupported compat RO flags handling (Qu Wenruo) - perf/x86/intel/pt: Relax address filter validation (Adrian Hunter) - arm64: errata: Remove AES hwcap for COMPAT tasks (James Morse) - usb: gadget: uvc: improve sg exit condition (Michael Grzeschik) - usb: gadget: uvc: giveback vb2 buffer on req complete (Michael Grzeschik) - usb: gadget: uvc: rework uvcg_queue_next_buffer to uvcg_complete_buffer (Michael Grzeschik) - usb: gadget: uvc: use on returned header len in video_encode_isoc_sg (Michael Grzeschik) - usb: gadget: uvc: consistently use define for headerlen (Michael Grzeschik) - arm64/mm: Consolidate TCR_EL1 fields (Anshuman Khandual) - r8152: add PID for the Lenovo OneLink+ Dock (Jean-Francois Le Fillatre) - LTS version: v5.15.75 (Jack Vogel) - io-wq: Fix memory leak in worker creation (Rafael Mendonca) - gcov: support GCC 12.1 and newer compilers (Martin Liska) - thermal: intel_powerclamp: Use first online CPU as control_cpu (Rafael J. Wysocki) - ext4: continue to expand file system when the target size doesn't reach (Jerry Lee ) - lib/Kconfig.debug: Add check for non-constant .{s,u}leb128 support to DWARF5 (Nathan Chancellor) - Kconfig.debug: add toolchain checks for DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT (Masahiro Yamada) - Kconfig.debug: simplify the dependency of DEBUG_INFO_DWARF4/5 (Masahiro Yamada) - drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (Nathan Chancellor) - net/ieee802154: don't warn zero-sized raw_sendmsg() (Tetsuo Handa) - Revert 'net/ieee802154: reject zero-sized raw_sendmsg()' (Alexander Aring) - net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (Randy Dunlap) - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (Yu Kuai) - ALSA: usb-audio: Fix last interface check for registration (Takashi Iwai) - net: ieee802154: return -EINVAL for unknown addr type (Alexander Aring) - mm: hugetlb: fix UAF in hugetlb_handle_userfault (Liu Shixin) - io_uring/rw: fix unexpected link breakage (Pavel Begunkov) - io_uring/rw: fix error'ed retry return values (Pavel Begunkov) - io_uring/rw: fix short rw error handling (Pavel Begunkov) - io_uring: correct pinned_vm accounting (Pavel Begunkov) - io_uring/af_unix: defer registered files gc to io_uring release (Pavel Begunkov) - perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc (Adrian Hunter) - clk: bcm2835: Round UART input clock up (Ivan T. Ivanov) - clk: bcm2835: Make peripheral PLLC critical (Maxime Ripard) - usb: idmouse: fix an uninit-value in idmouse_open (Dongliang Mu) - nvmet-tcp: add bounds check on Transfer Tag (Varun Prakash) - nvme: copy firmware_rev on each init (Keith Busch) - ext2: Use kvmalloc() for group descriptor array (Jan Kara) - scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (Arun Easi) - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (Xiaoke Wang) - staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (Xiaoke Wang) - Revert 'usb: storage: Add quirk for Samsung Fit flash' (sunghwan jung) - usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (Piyush Mehta) - arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (Alexander Stein) - usb: musb: Fix musb_gadget.c rxstate overflow bug (Robin Guo) - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (Jianglei Nie) - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (Logan Gunthorpe) - eventfd: guard wake_up in eventfd fs calls as well (Dylan Yudaken) - HID: roccat: Fix use-after-free in roccat_read() (Hyunwoo Kim) - soundwire: intel: fix error handling on dai registration issues (Pierre-Louis Bossart) - soundwire: cadence: Don't overwrite msg->buf during write commands (Richard Fitzgerald) - bcache: fix set_at_max_writeback_rate() for multiple attached devices (Coly Li) - ata: libahci_platform: Sanity check the DT child nodes number (Serge Semin) - blk-throttle: prevent overflow while calculating wait time (Yu Kuai) - staging: vt6655: fix potential memory leak (Nam Cao) - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (Wei Yongjun) - iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (Yicong Yang) - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (Shigeru Yoshida) - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (Letu Ren) - dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (Vaishnav Achath) - usb: host: xhci-plat: suspend/resume clks for brcm (Justin Chen) - usb: host: xhci-plat: suspend and resume clocks (Justin Chen) - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (Quanyang Wang) - media: platform: fix some double free in meson-ge2d and mtk-jpeg and s5p-mfc (Hangyu Hua) - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (Zheyu Ma) - clk: zynqmp: Fix stack-out-of-bounds in strncpy (Ian Nam) - ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (Alex Sverdlin) - btrfs: don't print information about space cache or tree every remount (Maciej S. Szmigiero) - btrfs: scrub: try to fix super block errors (Qu Wenruo) - btrfs: dump extra info if one free space cache has more bitmaps than it should (Qu Wenruo) - arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (Sebastian Krzyszkowiak) - kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (Mark Brown) - ARM: dts: imx6sx: add missing properties for sram (Alexander Stein) - ARM: dts: imx6sll: add missing properties for sram (Alexander Stein) - ARM: dts: imx6sl: add missing properties for sram (Alexander Stein) - ARM: dts: imx6qp: add missing properties for sram (Alexander Stein) - ARM: dts: imx6dl: add missing properties for sram (Alexander Stein) - ARM: dts: imx6q: add missing properties for sram (Alexander Stein) - ARM: dts: imx7d-sdb: config the max pressure for tsc2046 (Haibo Chen) - drm/amd/display: Remove interface for periodic interrupt 1 (Aric Cyr) - drm/dp: Don't rewrite link config when setting phy test pattern (Khaled Almahallawy) - mmc: sdhci-msm: add compatible string check for sdm670 (Richard Acayan) - drm/meson: explicitly remove aggregate driver at module unload time (Adrian Larumbe) - drm/meson: reorder driver deinit sequence to fix use-after-free bug (Adrian Larumbe) - drm/amdgpu: fix initial connector audio value (hongao) - ASoC: SOF: pci: Change DMI match info to support all Chrome platforms (Jairaj Arava) - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (Hans de Goede) - platform/chrome: cros_ec: Notify the PM of wake events during resume (Jameson Thies) - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (Maya Matuszczyk) - drm/vc4: vec: Fix timings for VEC modes (Mateusz Kwiatkowski) - ALSA: usb-audio: Register card at the last interface (Takashi Iwai) - drm: bridge: dw_hdmi: only trigger hotplug event on link change (Lucas Stach) - udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (Vivek Kasireddy) - drm/amd/display: fix overflow on MIN_I64 definition (David Gow) - gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (Zeng Jingxiang) - drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook (Liviu Dudau) - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (Javier Martinez Canillas) - drm: Use size_t type for len variable in drm_copy_field() (Javier Martinez Canillas) - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (Jianglei Nie) - r8152: Rate limit overflow messages (Andrew Gaul) - Bluetooth: L2CAP: Fix user-after-free (Luiz Augusto von Dentz) - net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory (Liu Jian) - hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (Jason A. Donenfeld) - wifi: rt2x00: correctly set BBP register 86 for MT7620 (Daniel Golle) - wifi: rt2x00: set SoC wmac clock register (Daniel Golle) - wifi: rt2x00: set VGC gain for both chains of MT7620 (Daniel Golle) - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (Daniel Golle) - wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620 (Daniel Golle) - can: bcm: check the result of can_send() in bcm_can_tx() (Ziyang Xuan) - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (Luiz Augusto von Dentz) - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (Tetsuo Handa) - wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (Sean Wang) - regulator: core: Prevent integer underflow (Patrick Rudolph) - Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (Kiran K) - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (Alexander Coffin) - iavf: Fix race between iavf_close and iavf_reset_task (Michal Jaron) - xfrm: Update ipcomp_scratches with NULL when freed (Khalid Masum) - thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (Mika Westerberg) - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (Tetsuo Handa) - x86/mce: Retrieve poison range from hardware (Jane Chu) - tcp: annotate data-race around tcp_md5sig_pool_populated (Eric Dumazet) - openvswitch: Fix overreporting of drops in dropwatch (Mike Pattrick) - openvswitch: Fix double reporting of drops in dropwatch (Mike Pattrick) - net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (Ravi Gunasekaran) - ice: set tx_tstamps when creating new Tx rings via ethtool (Jacob Keller) - bpftool: Clear errno after libcap's checks (Quentin Monnet) - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (Wright Feng) - NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data (Anna Schumaker) - x86/entry: Work around Clang __bdos() bug (Kees Cook) - ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (Mario Limonciello) - ARM: decompressor: Include .data.rel.ro.local (Kees Cook) - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (Srinivas Pandruvada) - powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue (Chao Qin) - MIPS: BCM47XX: Cast memcmp() of function to (void *) (Kees Cook) - cpufreq: intel_pstate: Add Tigerlake support in no-HWP mode (Doug Smythies) - ACPI: tables: FPDT: Don't call acpi_os_map_memory() on invalid phys address (Hans de Goede) - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (Arvid Norlander) - rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE() (Zqiang) - rcu: Back off upon fill_page_cache_func() allocation failure (Michal Hocko) - rcu: Avoid triggering strict-GP irq-work when RCU is idle (Zqiang) - fs: dlm: fix race in lowcomms (Alexander Aring) - selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (Stefan Berger) - f2fs: fix to account FS_CP_DATA_IO correctly (Chao Yu) - f2fs: fix race condition on setting FI_NO_EXTENT flag (Zhang Qilong) - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (Shuai Xue) - thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (Vincent Knecht) - crypto: cavium - prevent integer overflow loading firmware (Dan Carpenter) - crypto: marvell/octeontx - prevent integer overflows (Dan Carpenter) - kbuild: rpm-pkg: fix breakage when V=1 is used (Janis Schoetterl-Glausch) - kbuild: remove the target in signal traps when interrupted (Masahiro Yamada) - tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (Nico Pache) - tracing: kprobe: Make gen test module work in arm and riscv (Yipeng Zou) - tracing: kprobe: Fix kprobe event gen test module on exit (Yipeng Zou) - iommu/iova: Fix module config properly (Robin Murphy) - cifs: return correct error in ->calc_signature() (Enzo Matsumiya) - crypto: qat - fix DMA transfer direction (Damian Muszynski) - crypto: inside-secure - Change swab to swab32 (Peter Harliman Liem) - crypto: ccp - Release dma channels before dmaengine unrgister (Koba Ko) - crypto: akcipher - default implementation for setting a private key (Ignat Korchagin) - iommu/omap: Fix buffer overflow in debugfs (Dan Carpenter) - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (Waiman Long) - crypto: hisilicon/qm - fix missing put dfx access (Weili Qian) - crypto: qat - fix default value of WDT timer (Lucas Segarra Fernandez) - hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear() (Kshitiz Varshney) - cgroup: Honor caller's cgroup NS when resolving path (Michal Koutny) - hwrng: arm-smccc-trng - fix NO_ENTROPY handling (James Cowgill) - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (Ye Weihua) - crypto: sahara - don't sleep when in softirq (Zhengchao Shao) - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (Haren Myneni) - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (Li Huafei) - powerpc: Fix SPE Power ISA properties for e500v1 platforms (Pali Rohar) - powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5 (Nicholas Piggin) - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (Vitaly Kuznetsov) - powerpc: Fix fallocate and fadvise64_64 compat parameter combination (Rohan McLure) - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (Zheng Yongjun) - powerpc/pci_dn: Add missing of_node_put() (Liang He) - powerpc/sysdev/fsl_msi: Add missing of_node_put() (Liang He) - powerpc/math_emu/efp: Include module.h (Nathan Chancellor) - powerpc/configs: Properly enable PAPR_SCM in pseries_defconfig (Michael Ellerman) - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (Jack Wang) - mailbox: mpfs: account for mbox offsets while sending (Conor Dooley) - mailbox: mpfs: fix handling of the reg property (Conor Dooley) - clk: ast2600: BCLK comes from EPLL (Joel Stanley) - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (Miaoqian Lin) - clk: imx: scu: fix memleak on platform_device_add() fails (Lin Yujun) - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (Stefan Wahren) - clk: baikal-t1: Add SATA internal ref clock buffer (Serge Semin) - clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (Serge Semin) - clk: baikal-t1: Fix invalid xGMAC PTP clock divider (Serge Semin) - clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (Serge Semin) - spmi: pmic-arb: correct duplicate APID to PPID mapping logic (David Collins) - usb: mtu3: fix failed runtime suspend in host only mode (Chunfeng Yun) - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (Dave Jiang) - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (Chen-Yu Tsai) - mfd: sm501: Add check for platform_driver_register() (Jiasheng Jiang) - mfd: fsl-imx25: Fix check for platform_get_irq() errors (Dan Carpenter) - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (Christophe JAILLET) - mfd: lp8788: Fix an error handling path in lp8788_probe() (Christophe JAILLET) - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (Christophe JAILLET) - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (Christophe JAILLET) - fsi: core: Check error number after calling ida_simple_get (Jiasheng Jiang) - RDMA/rxe: Fix resize_finish() in rxe_queue.c (Bob Pearson) - clk: qcom: gcc-sm6115: Override default Alpha PLL regs (Adam Skladowski) - clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (Robert Marko) - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (Mike Christie) - scsi: iscsi: Run recv path from workqueue (Mike Christie) - scsi: iscsi: Add recv workqueue helpers (Mike Christie) - scsi: iscsi: Rename iscsi_conn_queue_work() (Mike Christie) - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (Duoming Zhou) - serial: 8250: Fix restoring termios speed after suspend (Pali Rohar) - firmware: google: Test spinlock on panic path to avoid lockups (Guilherme G. Piccoli) - slimbus: qcom-ngd-ctrl: allow compile testing without QCOM_RPROC_COMMON (Krzysztof Kozlowski) - staging: vt6655: fix some erroneous memory clean-up loops (Nam Cao) - phy: qualcomm: call clk_disable_unprepare in the error handling (Dongliang Mu) - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (Sherry Sun) - serial: 8250: Toggle IER bits on only after irq has been set up (Ilpo Jarvinen) - drivers: serial: jsm: fix some leaks in probe (Dan Carpenter) - usb: gadget: function: fix dangling pnp_string in f_printer.c (Albert Briscoe) - xhci: Don't show warning for reinit on known broken suspend (Mario Limonciello) - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (Daisuke Matsuda) - RDMA/cm: Use SLID in the work completion as the DLID in responder side (Mark Zhang) - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (David Sloan) - md/raid5: Ensure stripe_fill happens on non-read IO with journal (Logan Gunthorpe) - md: Replace snprintf with scnprintf (Saurabh Sengar) - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (Dan Carpenter) - ata: fix ata_id_has_dipm() (Niklas Cassel) - ata: fix ata_id_has_ncq_autosense() (Niklas Cassel) - ata: fix ata_id_has_devslp() (Niklas Cassel) - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (Niklas Cassel) - RDMA/siw: Fix QP destroy to wait for all references dropped. (Bernard Metzler) - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (Bernard Metzler) - RDMA/srp: Fix srp_abort() (Bart Van Assche) - RDMA/irdma: Align AE id codes to correct flush code and event (Sindhu-Devale) - mtd: rawnand: fsl_elbc: Fix none ECC mode (Pali Rohar) - mtd: rawnand: intel: Remove undocumented compatible string (Martin Blumenstingl) - mtd: rawnand: intel: Read the chip-select line from the correct OF node (Martin Blumenstingl) - phy: phy-mtk-tphy: fix the phy type setting issue (Chunfeng Yun) - phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (Liang He) - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (William Dean) - clk: qcom: sm6115: Select QCOM_GDSC (Dang Huynh) - dyndbg: drop EXPORTed dynamic_debug_exec_queries (Jim Cromie) - dyndbg: let query-modname override actual module name (Jim Cromie) - dyndbg: fix module.dyndbg handling (Jim Cromie) - dyndbg: fix static_branch manipulation (Jim Cromie) - dmaengine: hisilicon: Add multi-thread support for a DMA channel (Jie Hai) - dmaengine: hisilicon: Fix CQ head update (Jie Hai) - dmaengine: hisilicon: Disable channels when unregister hisi_dma (Jie Hai) - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (Dan Carpenter) - misc: ocxl: fix possible refcount leak in afu_ioctl() (Hangyu Hua) - RDMA/rxe: Fix the error caused by qp->sk (Zhu Yanjun) - RDMA/rxe: Fix 'kernel NULL pointer dereference' error (Zhu Yanjun) - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (Miaoqian Lin) - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (Yunke Cao) - media: uvcvideo: Fix memory leak in uvc_gpio_parse (Jose Exposito) - media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (Xu Qiang) - tty: xilinx_uartps: Fix the ignore_status (Shubhrajyoti Datta) - media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop (Liang He) - HSI: omap_ssi_port: Fix dma_map_sg error check (Jack Wang) - HSI: omap_ssi: Fix refcount leak in ssi_probe (Miaoqian Lin) - clk: tegra20: Fix refcount leak in tegra20_clock_init (Miaoqian Lin) - clk: tegra: Fix refcount leak in tegra114_clock_init (Miaoqian Lin) - clk: tegra: Fix refcount leak in tegra210_clock_init (Miaoqian Lin) - clk: sprd: Hold reference returned by of_get_parent() (Liang He) - clk: berlin: Add of_node_put() for of_get_parent() (Liang He) - clk: qoriq: Hold reference returned by of_get_parent() (Liang He) - clk: oxnas: Hold reference returned by of_get_parent() (Liang He) - clk: meson: Hold reference returned by of_get_parent() (Liang He) - usb: common: debug: Check non-standard control requests (Thinh Nguyen) - RDMA/mlx5: Don't compare mkey tags in DEVX indirect mkey (Aharon Landau) - iio: magnetometer: yas530: Change data type of hard_offsets to signed (Jakob Hauser) - iio: ABI: Fix wrong format of differential capacitance channel ABI. (Jonathan Cameron) - iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (Nuno Sa) - iio: inkern: only release the device node when done with it (Nuno Sa) - iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (Claudiu Beznea) - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (Claudiu Beznea) - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (Claudiu Beznea) - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (Claudiu Beznea) - ARM: dts: exynos: fix polarity of VBUS GPIO of Origen (Dmitry Torokhov) - arm64: ftrace: fix module PLTs with mcount (Mark Rutland) - ext4: don't run ext4lazyinit for read-only filesystems (Josh Triplett) - ARM: Drop CMDLINE_* dependency on ATAGS (Geert Uytterhoeven) - ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family (Dmitry Torokhov) - arm64: dts: ti: k3-j7200: fix main pinmux range (Matt Ranostay) - soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (Dmitry Osipenko) - ia64: export memory_add_physaddr_to_nid to fix cxl build error (Randy Dunlap) - ARM: dts: kirkwood: lsxl: remove first ethernet port (Michael Walle) - ARM: dts: kirkwood: lsxl: fix serial line (Michael Walle) - ARM: dts: turris-omnia: Fix mpp26 pin name and comment (Marek Behun) - ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (Lucas Stach) - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (Liang He) - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (Liang He) - locks: fix TOCTOU race when granting write lease (Amir Goldstein) - memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (Liang He) - memory: of: Fix refcount leak bug in of_get_ddr_timings() (Liang He) - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (Liang He) - ALSA: hda/hdmi: Don't skip notification handling during PM operation (Takashi Iwai) - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (Zhang Qilong) - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (Zhang Qilong) - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (Zhang Qilong) - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (Zhang Qilong) - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (Christophe JAILLET) - ALSA: dmaengine: increment buffer pointer atomically (Andreas Pape) - ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() (Christophe JAILLET) - ASoC: codecs: tx-macro: fix kcontrol put (Srinivas Kandagatla) - drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() (Rafael Mendonca) - drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (Kuogee Hsieh) - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (Dmitry Baryshkov) - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (Liang He) - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (Christophe JAILLET) - drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue() (Rafael Mendonca) - drm/omap: dss: Fix refcount leak bugs (Liang He) - drm/bochs: fix blanking (Gerd Hoffmann) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-4378 CVE-2022-1184 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.314.6.2] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34883034] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34883034] {CVE-2022-4378} [5.4.17-2136.314.6.1] - RDMA/uverbs: Move IB_EVENT_DEVICE_FATAL to destroy_uobj (Jason Gunthorpe) [Orabug: 34859614] - RDMA/uverbs: Do not discard the IB_EVENT_DEVICE_FATAL event (Jason Gunthorpe) [Orabug: 34859614] - Adding a new sysfs entry point -- forcepower -- to /sys/bus/pci/slots/X. (James Puthukattukaran) [Orabug: 34859609] - nvme: paring quiesce/unquiesce (Ming Lei) [Orabug: 34859609] - nvme: prepare for pairing quiescing and unquiescing (Ming Lei) [Orabug: 34859609] - nvme: apply nvme API to quiesce/unquiesce admin queue (Ming Lei) [Orabug: 34859609] - nvme: add APIs for stopping/starting admin queue (Ming Lei) [Orabug: 34859609] - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (James Smart) [Orabug: 34859609] - nvme-fc: avoid race between time out and tear down (James Smart) [Orabug: 34859609] - nvme-fc: update hardware queues before using them (Daniel Wagner) [Orabug: 34859609] - nvme-fabrics: reject I/O to offline device (Victor Gladkov) [Orabug: 34859609] - nvme-fc: wait for queues to freeze before calling update_hr_hw_queues (James Smart) [Orabug: 34859609] [5.4.17-2136.314.6] - RDMA/mlx5: Change debug log level for remote access error syndromes (Arumugam Kolappan) [Orabug: 34798452] - KVM: x86: Don't inhibit APICv/AVIC if xAPIC ID mismatch is due to 32-bit ID (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Track xAPIC ID only on userspace SET, _after_ vAPIC is updated (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Flush the 'current' TLB when activating AVIC (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Purge 'highest ISR' cache when updating APICv state (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Add AVIC doorbell tracepoint (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: x86: Warning APICv inconsistency only when vcpu APIC mode is valid (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Introduce hybrid-AVIC mode (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Do not throw warning when calling avic_vcpu_load on a running vcpu (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Introduce logic to (de)activate x2AVIC mode (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Refresh AVIC configuration when changing APIC mode (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: x86: Deactivate APICv on vCPU with APIC disabled (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Do not virtualize MSR accesses for APIC LVTT register (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Fix x2APIC MSRs interception (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Adding support for configuring x2APIC MSRs interception (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Do not support updating APIC ID when in x2APIC mode (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Compute dest based on sender's x2APIC status for AVIC kick (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Update avic_kick_target_vcpus to support 32-bit APIC ID (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Update max number of vCPUs supported for x2AVIC mode (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Detect X2APIC virtualization (x2AVIC) support (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: x86: lapic: Rename [GET/SET]_APIC_DEST_FIELD to [GET/SET]_XAPIC_DEST_FIELD (Suravee Suthikulpanit) [Orabug: 34160613] - x86/cpufeatures: Introduce x2AVIC CPUID bit (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: x86: Blindly get current x2APIC reg value on 'nodecode write' traps (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Bug the VM if an accelerated x2APIC trap occurs on a 'bad' reg (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Do not block APIC write for non ICR registers (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: x86: Add support for vICR APIC-write VM-Exits in x2APIC mode (Zeng Guang) [Orabug: 34160613] - KVM: x86: disable preemption while updating apicv inhibition (Maxim Levitsky) [Orabug: 34160613] - KVM: SVM: Fix x2APIC Logical ID calculation for avic_kick_target_vcpus_fast (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: x86: SVM: fix avic_kick_target_vcpus_fast (Maxim Levitsky) [Orabug: 34160613] - KVM: x86: SVM: remove avic's broken code that updated APIC ID (Maxim Levitsky) [Orabug: 34160613] - KVM: x86: Don't inhibit APICv/AVIC on xAPIC ID 'change' if APIC is disabled (Sean Christopherson) [Orabug: 34160613] - KVM: x86: inhibit APICv/AVIC on changes to APIC ID or APIC base (Maxim Levitsky) [Orabug: 34160613] - KVM: x86: document AVIC/APICv inhibit reasons (Maxim Levitsky) [Orabug: 34160613] - KVM: x86: SVM: allow to force AVIC to be enabled (Maxim Levitsky) [Orabug: 34160613] - KVM: SVM: Introduce trace point for the slow-path of avic_kic_target_vcpus (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Use target APIC ID to complete AVIC IRQs when possible (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Do not activate AVIC for SEV-enabled guest (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: x86: Pend KVM_REQ_APICV_UPDATE during vCPU creation to fix a race (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Trace all APICv inhibit changes and capture overall status (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Add wrappers for setting/clearing APICv inhibits (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Make APICv inhibit reasons an enum and cleanup naming (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: fix panic on out-of-bounds guest IRQ (Yi Wang) [Orabug: 34160613] - KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255 (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Disable preemption across AVIC load/put during APICv refresh (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Treat x2APIC's ICR as a 64-bit register, not two 32-bit regs (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Make kvm_lapic_set_reg() a 'private' xAPIC helper (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Add helpers to handle 64-bit APIC MSR read/writes (Sean Christopherson) [Orabug: 34160613] - KVM: x86: WARN if KVM emulates an IPI without clearing the BUSY flag (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Don't rewrite guest ICR on AVIC IPI virtualization failure (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Use 'raw' APIC register read for handling APIC-write VM-Exit (Sean Christopherson) [Orabug: 34160613] - KVM: VMX: Handle APIC-write offset wrangling in VMX code (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Do not change ICR on write to APIC_SELF_IPI (Paolo Bonzini) [Orabug: 34160613] - KVM: SVM: Rename AVIC helpers to use 'avic' prefix instead of 'svm' (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Rename kvm_x86_ops pointers to align w/ preferred vendor names (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Skip APICv update if APICv is disable at the module level (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: fix race between interrupt delivery and AVIC inhibition (Maxim Levitsky) [Orabug: 34160613] - KVM: SVM: set IRR in svm_deliver_interrupt (Paolo Bonzini) [Orabug: 34160613] - KVM: SVM: extract avic_ring_doorbell (Maxim Levitsky) [Orabug: 34160613] - KVM: x86: SVM: move avic definitions from AMD's spec to svm.h (Maxim Levitsky) [Orabug: 34160613] - KVM: x86: lapic: don't touch irr_pending in kvm_apic_update_apicv when inhibiting it (Maxim Levitsky) [Orabug: 34160613] - KVM: x86: Move delivery of non-APICv interrupt into vendor code (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Move svm_hardware_setup() and its helpers below svm_x86_ops (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Drop AVIC's intermediate avic_set_running() helper (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Skip AVIC and IRTE updates when loading blocking vCPU (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Use kvm_vcpu_is_blocking() in AVIC load to handle preemption (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Remove unnecessary APICv/AVIC update in vCPU unblocking path (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Don't bother checking for 'running' AVIC when kicking for IPIs (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Signal AVIC doorbell iff vCPU is in guest mode (Sean Christopherson) [Orabug: 34160613] - KVM: x86: add a tracepoint for APICv/AVIC interrupt delivery (Maxim Levitsky) [Orabug: 34160613] - KVM: Add helpers to wake/query blocking vCPU (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Ensure target pCPU is read once when signalling AVIC doorbell (Sean Christopherson) [Orabug: 34160613] - KVM: ensure APICv is considered inactive if there is no APIC (Paolo Bonzini) [Orabug: 34160613] - KVM: x86: Use rw_semaphore for APICv lock to allow vCPU parallelism (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Move SVM's APICv sanity check to common x86 (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: AVIC: drop unsupported AVIC base relocation code (Maxim Levitsky) [Orabug: 34160613] - KVM: SVM: call avic_vcpu_load/avic_vcpu_put when enabling/disabling AVIC (Maxim Levitsky) [Orabug: 34160613] - KVM: SVM: move check for kvm_vcpu_apicv_active outside of avic_vcpu_{put|load} (Maxim Levitsky) [Orabug: 34160613] - KVM: SVM: avoid refreshing avic if its state didn't change (Maxim Levitsky) [Orabug: 34160613] - KVM: SVM: add warning for mistmatch between AVIC vcpu state and AVIC inhibition (Maxim Levitsky) [Orabug: 34160613] - KVM: x86: Unexport __kvm_request_apicv_update() (Sean Christopherson) [Orabug: 34160613] - KVM: x86: APICv: fix race in kvm_request_apicv_update on SVM (Maxim Levitsky) [Orabug: 34160613] - KVM: x86: APICv: drop immediate APICv disablement on current vCPU (Maxim Levitsky) [Orabug: 34160613] - KVM: SVM: svm_set_vintr don't warn if AVIC is active but is about to be deactivated (Maxim Levitsky) [Orabug: 34160613] - KVM: x86: Check for pending interrupts when APICv is getting disabled (Vitaly Kuznetsov) [Orabug: 34160613] - KVM: SVM: Move AVIC vCPU kicking snippet to helper function (Sean Christopherson) [Orabug: 34160613] - KVM: x86: rename apic_access_page_done to apic_access_memslot_enabled (Maxim Levitsky) [Orabug: 34160613] - KVM: x86: Drop vendor specific functions for APICv/AVIC enablement (Vitaly Kuznetsov) [Orabug: 34160613] - KVM: x86: Use common 'enable_apicv' variable for both APICv and AVIC (Vitaly Kuznetsov) [Orabug: 34160613] - KVM: SVM: Drop unneeded CONFIG_X86_LOCAL_APIC check (Vitaly Kuznetsov) [Orabug: 34160613] - kvm: Replace vcpu->swait with rcuwait (Davidlohr Bueso) [Orabug: 34160613] - rcuwait: Introduce rcuwait_active() (Davidlohr Bueso) [Orabug: 34160613] - rcuwait: Introduce prepare_to and finish_rcuwait (Davidlohr Bueso) [Orabug: 34160613] - rcuwait: Let rcuwait_wake_up() return whether or not a task was awoken (Davidlohr Bueso) [Orabug: 34160613] - rcuwait: Fix stale wake call name in comment (Davidlohr Bueso) [Orabug: 34160613] - rcuwait: Add @state argument to rcuwait_wait_event() (Peter Zijlstra (Intel)) [Orabug: 34160613] - acpi: Remove header dependency (Peter Zijlstra) [Orabug: 34160613] [5.4.17-2136.314.5] - rds: Remove the cp_rdsinfo_pending flag (Hakon Bugge) [Orabug: 34658658] - RDMA/uverbs: restrack shared PDs (Sharath Srinivasan) [Orabug: 34789017] - rds: ib: Fix cleanup of rds_ib_cache_gc_worker (Hakon Bugge) [Orabug: 34806077] - KVM: nVMX: Add tracepoint for nested VM-Enter (David Matlack) [Orabug: 34806795] - KVM: x86: Update trace function for nested VM entry to support VMX (Mingwei Zhang) [Orabug: 34806795] - Revert 'KVM: nSVM: Log nRIP of L1 and L2 guest VMCB in nested VMRUN tracepoint' (Maciej S. Szmigiero) [Orabug: 34806795] - KVM: nVMX: Allow VMREAD when Enlightened VMCS is in use (Vitaly Kuznetsov) [Orabug: 34806795] - KVM: nVMX: Implement evmcs_field_offset() suitable for handle_vmread() (Vitaly Kuznetsov) [Orabug: 34806795] - KVM: nVMX: Rename vmcs_to_field_offset{,_table} (Vitaly Kuznetsov) [Orabug: 34806795] - KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (Vitaly Kuznetsov) [Orabug: 34806795] - x86/kvm: Always inline evmcs_write64() (Peter Zijlstra) [Orabug: 34806795] - KVM: x86: Clean up redundant ROL16(val, n) macro definition (Like Xu) [Orabug: 34806795] - KVM: nVMX: Dynamically compute max VMCS index for vmcs12 (Sean Christopherson) [Orabug: 34806795] - KVM: nVMX: Use '-1' in 'hv_evmcs_vmptr' to indicate that eVMCS is not in use (Vitaly Kuznetsov) [Orabug: 34806795] - KVM: VMX: eVMCS: make evmcs_sanitize_exec_ctrls() work again (Vitaly Kuznetsov) [Orabug: 34806795] - KVM: nVMX: Add VM-Enter failed tracepoints for super early checks (Sean Christopherson) [Orabug: 34806795] - x86: Ignore iommu=off for AMD cpus (Dave Kleikamp) [Orabug: 34034614] - uek-rpm: Add xt_MASQUERADE to nano rpm (Somasundaram Krishnasamy) [Orabug: 34630038] - x86/mce: Retrieve poison range from hardware (Jane Chu) [Orabug: 34670113] - x86/mce: Include a MCi_MISC value in faked mce logs (Tony Luck) [Orabug: 34670113] - pmem: fix a name collision (Jane Chu) [Orabug: 34670113] - pmem: implement pmem_recovery_write() (Jane Chu) [Orabug: 34670113] - pmem: refactor pmem_clear_poison() (Jane Chu) [Orabug: 34670113] - dax: add .recovery_write dax_operation (Jane Chu) [Orabug: 34670113] - dax: introduce DAX_RECOVERY_WRITE dax access mode (Jane Chu) [Orabug: 34670113] - mce: fix set_mce_nospec to always unmap the whole page (Jane Chu) [Orabug: 34670113] - acpi/nfit: rely on mce->misc to determine poison granularity (Jane Chu) [Orabug: 34670113] - RDMA/restrack: Support all QP types (Leon Romanovsky) [Orabug: 34704742] - RDMA/core: Always release restrack object (Leon Romanovsky) [Orabug: 34704742] - RDMA/core: Add CM to restrack after successful attachment to a device (Shay Drory) [Orabug: 34704742] - Revert 'rdmaip: Flush ARP cache after address has been cleared' (Sharath Srinivasan) [Orabug: 34739575] - vdpa/mlx5: default_mtu should not override mtu from vdpa tool (Si-Wei Liu) [Orabug: 34756655] - virtio-net: use mtu size as buffer length for big packets (Gavin Li) [Orabug: 34756655] - virtio-net: introduce and use helper function for guest gso support checks (Gavin Li) [Orabug: 34756655] - vdpa/mlx5: Use consistent RQT size (Eli Cohen) [Orabug: 34756655] - vdpa: mlx5: synchronize driver status with CVQ (Jason Wang) [Orabug: 34756655] - vdpa: mlx5: prevent cvq work from hogging CPU (Jason Wang) [Orabug: 34756655] - vdpa/mlx5: Avoid processing works if workqueue was destroyed (Eli Cohen) [Orabug: 34756655] - vhost: handle error while adding split ranges to iotlb (Anirudh Rayabharam) [Orabug: 34756655] - vdpa: support exposing the count of vqs to userspace (Longpeng) [Orabug: 34756655] - vdpa: change the type of nvqs to u32 (Longpeng) [Orabug: 34756655] - vdpa: support exposing the config size to userspace (Longpeng) [Orabug: 34756655] - vdpa/mlx5: re-create forwarding rules after mac modified (Michael Qiu) [Orabug: 34756655] - Add definition of VIRTIO_F_IN_ORDER feature bit (Gautam Dawar) [Orabug: 34756655] - vhost_vdpa: don't setup irq offloading when irq_num < 0 (Zhu Lingshan) [Orabug: 34756655] - vhost: allow batching hint without size (Jason Wang) [Orabug: 34756655] - vdpa: fix use-after-free on vp_vdpa_remove (Zhang Min) [Orabug: 34756655] - vhost: fix hung thread due to erroneous iotlb entries (Anirudh Rayabharam) [Orabug: 34756655] - vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command (Si-Wei Liu) [Orabug: 34756655] - vdpa/mlx5: should verify CTRL_VQ feature exists for MQ (Si-Wei Liu) [Orabug: 34756655] - vdpa: factor out vdpa_set_features_unlocked for vdpa internal use (Si-Wei Liu) [Orabug: 34756655] - RDMA/cma: Use output interface for net_dev check (Hakon Bugge) [Orabug: 34774008] - Revert 'RDMA/cma: Use output interface for net_dev check' (Hakon Bugge) [Orabug: 34774008] - bpf: Add probe_read_{user, kernel} and probe_read_{user, kernel}_str helpers (Daniel Borkmann) [Orabug: 34797062] - uaccess: Add strict non-pagefault kernel-space read function (Daniel Borkmann) [Orabug: 34797062] - do_wait: make PIDTYPE_PID case O(1) instead of O(n) (Jim Newsome) [Orabug: 34798125] [5.4.17-2136.314.4] - Feature: Add cmdline param sched_uek=[preempt,wakeidle] (Libo Chen) [Orabug: 34779452] - perf/x86/intel: Hide Topdown metrics events if slots is not enumerated (Kan Liang) [Orabug: 34264064] - net: macsec: Severe performance regression in '...preserve ordering' (Venkat Venkatsubra) [Orabug: 34653784] - mISDN: fix use-after-free bugs in l1oip timer handlers (Duoming Zhou) [Orabug: 34719781] {CVE-2022-3565} - x86/microcode/AMD: Apply the patch late on every logical thread (Mihai Carabas) [Orabug: 34731079] - x86/microcode/AMD: Apply the patch early on every logical thread (Borislav Petkov) [Orabug: 34731079] - io_uring/af_unix: defer registered files gc to io_uring release (Pavel Begunkov) [Orabug: 34743499] {CVE-2022-2602} - scsi: target: core: Silence the message about unknown VPD pages (Konstantin Shelekhin) [Orabug: 34764768] [5.4.17-2136.314.3] - net: ieee802154: return -EINVAL for unknown addr type (Alexander Aring) - ALSA: hda: beep: Simplify keep-power-at-enable behavior (Takashi Iwai) - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (Luke D. Jones) - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (Callum Osmotherly) - LTS tag: v5.4.218 (Sherry Yang) - Input: xpad - fix wireless 360 controller breaking after suspend (Cameron Gutman) - Input: xpad - add supported devices as contributed on github (Pavel Rojtberg) - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (Johannes Berg) - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (Johannes Berg) - wifi: cfg80211: avoid nontransmitted BSS list corruption (Johannes Berg) - wifi: cfg80211: fix BSS refcounting bugs (Johannes Berg) - wifi: cfg80211: ensure length byte is present before access (Johannes Berg) - wifi: cfg80211/mac80211: reject bad MBSSID elements (Johannes Berg) - wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() (Johannes Berg) - random: restore O_NONBLOCK support (Jason A. Donenfeld) - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (Frank Wunderlich) - scsi: stex: Properly zero out the passthrough command structure (Linus Torvalds) - efi: Correct Macmini DMI match in uefi cert quirk (Orlando Chamberlain) - ALSA: hda: Fix position reporting on Poulsbo (Takashi Iwai) - random: clamp credited irq bits to maximum mixed (Jason A. Donenfeld) - ceph: don't truncate file in atomic_open (Hu Weiwen) - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (Ryusuke Konishi) - nilfs2: fix leak of nilfs_root in case of writer thread creation failure (Ryusuke Konishi) - nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() (Ryusuke Konishi) - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (Krzysztof Kozlowski) - mmc: core: Terminate infinite loop in SD-UHS voltage switch (Brian Norris) - mmc: core: Replace with already defined values for readability (ChanWoo Lee) - USB: serial: ftdi_sio: fix 300 bps rate for SIO (Johan Hovold) - usb: mon: make mmapped memory read only (Tadeusz Struk) - arch: um: Mark the stack non-executable to fix a binutils warning (David Gow) - um: Cleanup compiler warning in arch/x86/um/tls_32.c (Lukas Straub) - um: Cleanup syscall_handler_t cast in syscalls_32.h (Lukas Straub) - net/ieee802154: fix uninit value bug in dgram_sendmsg (Haimin Zhang) - scsi: qedf: Fix a UAF bug in __qedf_probe() (Letu Ren) - ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer (Sergei Antonov) - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (Swati Agarwal) - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (Swati Agarwal) - firmware: arm_scmi: Add SCMI PM driver remove routine (Cristian Marussi) - fs: fix UAF/GPF bug in nilfs_mdt_destroy (Dongliang Mu) - perf tools: Fixup get_current_dir_name() compilation (Alexey Dobriyan) - mm: pagewalk: Fix race between unmap and page walker (Steven Price) - LTS tag: v5.4.217 (Sherry Yang) - docs: update mediator information in CoC docs (Shuah Khan) - Makefile.extrawarn: Move -Wcast-function-type-strict to W=1 (Sami Tolvanen) - Revert 'drm/amdgpu: use dirty framebuffer helper' (Greg Kroah-Hartman) - xfs: remove unused variable 'done' (YueHaibing) - xfs: fix uninitialized variable in xfs_attr3_leaf_inactive (Darrick J. Wong) - xfs: streamline xfs_attr3_leaf_inactive (Darrick J. Wong) - xfs: move incore structures out of xfs_da_format.h (Christoph Hellwig) - xfs: fix memory corruption during remote attr value buffer invalidation (Darrick J. Wong) - xfs: refactor remote attr value buffer invalidation (Darrick J. Wong) - xfs: fix s_maxbytes computation on 32-bit kernels (Darrick J. Wong) - xfs: truncate should remove all blocks, not just to the end of the page cache (Darrick J. Wong) - xfs: introduce XFS_MAX_FILEOFF (Darrick J. Wong) - xfs: fix misuse of the XFS_ATTR_INCOMPLETE flag (Christoph Hellwig) - LTS tag: v5.4.216 (Sherry Yang) - clk: iproc: Do not rely on node name for correct PLL setup (Florian Fainelli) - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (Han Xu) - selftests: Fix the if conditions of in test_extra_filter() (Wang Yufen) - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (Michael Kelley) - nvme: add new line after variable declatation (Chaitanya Kulkarni) - usbnet: Fix memory leak in usbnet_disconnect() (Peilin Ye) - Input: melfas_mip4 - fix return value check in mip4_probe() (Yang Yingliang) - Revert 'drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time' (Brian Norris) - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (Samuel Holland) - soc: sunxi: sram: Fix probe function ordering issues (Samuel Holland) - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (Cai Huoqing) - soc: sunxi: sram: Prevent the driver from being unbound (Samuel Holland) - soc: sunxi: sram: Actually claim SRAM regions (Samuel Holland) - ARM: dts: am33xx: Fix MMCHS0 dma properties (YuTong Chang) - ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver (Faiz Abbas) - media: dvb_vb2: fix possible out of bound access (Hangyu Hua) - mm: fix madivse_pageout mishandling on non-LRU page (Minchan Kim) - mm/migrate_device.c: flush TLB while holding PTL (Alistair Popple) - mm: prevent page_frag_alloc() from corrupting the memory (Maurizio Lombardi) - mm/page_alloc: fix race condition between build_all_zonelists and page allocation (Mel Gorman) - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (Sergei Antonov) - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (Niklas Cassel) - ntfs: fix BUG_ON in ntfs_lookup_inode_by_name() (ChenXiaoSong) - ARM: dts: integrator: Tag PCI host with device_type (Linus Walleij) - clk: ingenic-tcu: Properly enable registers before accessing timers (Aidan MacDonald) - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (Frank Wunderlich) - uas: ignore UAS for Thinkplus chips (Hongling Zeng) - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (Hongling Zeng) - uas: add no-uas quirk for Hiksemi usb_disk (Hongling Zeng) - LTS tag: v5.4.215 (Sherry Yang) - ext4: make directory inode spreading reflect flexbg size (Jan Kara) - xfs: fix use-after-free when aborting corrupt attr inactivation (Darrick J. Wong) - xfs: fix an ABBA deadlock in xfs_rename (Darrick J. Wong) - xfs: don't commit sunit/swidth updates to disk if that would cause repair failures (Darrick J. Wong) - xfs: split the sunit parameter update into two parts (Darrick J. Wong) - xfs: refactor agfl length computation function (Darrick J. Wong) - xfs: use bitops interface for buf log item AIL flag check (Brian Foster) - xfs: stabilize insert range start boundary to avoid COW writeback race (Brian Foster) - xfs: fix some memory leaks in log recovery (Darrick J. Wong) - xfs: always log corruption errors (Darrick J. Wong) - xfs: constify the buffer pointer arguments to error functions (Darrick J. Wong) - xfs: convert EIO to EFSCORRUPTED when log contents are invalid (Darrick J. Wong) - xfs: Fix deadlock between AGI and AGF when target_ip exists in xfs_rename() (kaixuxia) - xfs: range check ri_cnt when recovering log items (Darrick J. Wong) - xfs: add missing assert in xfs_fsmap_owner_from_rmap (Darrick J. Wong) - xfs: slightly tweak an assert in xfs_fs_map_blocks (Christoph Hellwig) - xfs: replace -EIO with -EFSCORRUPTED for corrupt metadata (Darrick J. Wong) - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (Luis Henriques) - workqueue: don't skip lockdep work dependency in cancel_work_sync() (Tetsuo Handa) - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (Nathan Huckleberry) - drm/amd/display: Limit user regamma to a valid value (Yao Wang1) - drm/amdgpu: use dirty framebuffer helper (Hamza Mahfooz) - Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (Vitaly Kuznetsov) - cifs: always initialize struct msghdr smb_msg completely (Stefan Metzmacher) - usb: xhci-mtk: fix issue of out-of-bounds array access (Chunfeng Yun) - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (Stefan Haberland) - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (Ilpo Jarvinen) - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (Ilpo Jarvinen) - serial: Create uart_xmit_advance() (Ilpo Jarvinen) - net: sched: fix possible refcount leak in tc_new_tfilter() (Hangyu Hua) - net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD (Sean Anderson) - perf kcore_copy: Do not check /proc/modules is unchanged (Adrian Hunter) - perf jit: Include program header in ELF files (Lieven Hey) - can: gs_usb: gs_can_open(): fix race dev->can.state condition (Marc Kleine-Budde) - netfilter: ebtables: fix memory leak when blob is malformed (Florian Westphal) - net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs (Vladimir Oltean) - net/sched: taprio: avoid disabling offload when it was never enabled (Vladimir Oltean) - of: mdio: Add of_node_put() when breaking out of for_each_xx (Liang He) - i40e: Fix set max_tx_rate when it is lower than 1 Mbps (Michal Jaron) - i40e: Fix VF set max MTU size (Michal Jaron) - iavf: Fix set max MTU size with port VLAN and jumbo frames (Michal Jaron) - iavf: Fix bad page state (Norbert Zulinski) - MIPS: Loongson32: Fix PHY-mode being left unspecified (Serge Semin) - MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko (Randy Dunlap) - net: team: Unsync device addresses on ndo_stop (Benjamin Poirier) - ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header (Lu Wei) - iavf: Fix cached head and tail value for iavf_get_tx_pending (Brett Creeley) - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (Pablo Neira Ayuso) - netfilter: nf_conntrack_irc: Tighten matching on DCC message (David Leadbeater) - netfilter: nf_conntrack_sip: fix ct_sip_walk_headers (Igor Ryzhov) - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (Fabio Estevam) - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (zain wang) - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (Brian Norris) - mm/slub: fix to return errno if kmalloc() fails (Chao Yu) - efi: libstub: check Shim mode using MokSBStateRT (Ard Biesheuvel) - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (Callum Osmotherly) - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (Luke D. Jones) - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (Luke D. Jones) - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (Luke D. Jones) - ALSA: hda/realtek: Re-arrange quirk table entries (Takashi Iwai) - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (huangwenhui) - ALSA: hda: add Intel 5 Series / 3400 PCI DID (Kai Vehmanen) - ALSA: hda/tegra: set depop delay for tegra (Mohan Kumar) - USB: serial: option: add Quectel RM520N (jerry meng) - USB: serial: option: add Quectel BG95 0x0203 composition (Carl Yin()) - Revert 'usb: gadget: udc-xilinx: replace memcpy with memcpy_toio' (Greg Kroah-Hartman) - Revert 'usb: add quirks for Lenovo OneLink+ Dock' (Greg Kroah-Hartman) - usb: cdns3: fix issue with rearming ISO OUT endpoint (Pawel Laszczak) - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (Piyush Mehta) - usb: add quirks for Lenovo OneLink+ Dock (Jean-Francois Le Fillatre) - tty: serial: atmel: Preserve previous USART mode if RS485 disabled (Sergiu Moga) - serial: atmel: remove redundant assignment in rs485_config (Lino Sanfilippo) - tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data (Codrin.Ciubotariu@microchip.com) - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (Siddh Raman Pant) - usb: xhci-mtk: relax TT periodic bandwidth allocation (Ikjoon Jang) - usb: xhci-mtk: allow multiple Start-Split in a microframe (Chunfeng Yun) - usb: xhci-mtk: add some schedule error number (Chunfeng Yun) - usb: xhci-mtk: add a function to (un)load bandwidth info (Chunfeng Yun) - usb: xhci-mtk: use @sch_tt to check whether need do TT schedule (Chunfeng Yun) - usb: xhci-mtk: add only one extra CS for FS/LS INTR (Chunfeng Yun) - usb: xhci-mtk: get the microframe boundary for ESIT (Chunfeng Yun) - usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop (Wesley Cheng) - usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup() (Thinh Nguyen) - usb: dwc3: gadget: Refactor pullup() (Thinh Nguyen) - usb: dwc3: gadget: Prevent repeat pullup() (Thinh Nguyen) - usb: dwc3: Issue core soft reset before enabling run/stop (Wesley Cheng) - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (Wesley Cheng) - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (Takashi Iwai) - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (Hyunwoo Kim) - mksysmap: Fix the mismatch of 'L0' symbols in System.map (Youling Tang) - MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping() (Alexander Sverdlin) - afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (David Howells) - net: usb: qmi_wwan: add Quectel RM520N (jerry.meng) - ALSA: hda/tegra: Align BDL entry to 4KB boundary (Mohan Kumar) - ALSA: hda/sigmatel: Keep power up while beep is enabled (Takashi Iwai) - rxrpc: Fix calc of resend age (David Howells) - rxrpc: Fix local destruction being repeated (David Howells) - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (Xiaolei Wang) - ASoC: nau8824: Fix semaphore unbalance at error paths (Takashi Iwai) - iomap: iomap that extends beyond EOF should be marked dirty (Chandan Babu R) - MAINTAINERS: add Chandan as xfs maintainer for 5.4.y (Chandan Babu R) - cifs: don't send down the destination address to sendmsg for a SOCK_STREAM (Stefan Metzmacher) - cifs: revalidate mapping when doing direct writes (Ronnie Sahlberg) - tracing: hold caller_addr to hardirq_{enable,disable}_ip (Yipeng Zou) - task_stack, x86/cea: Force-inline stack helpers (Borislav Petkov) - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (Sasha Levin) - drm/meson: Fix OSD1 RGB to YCbCr coefficient (Stuart Menefy) - drm/meson: Correct OSD1 global alpha value (Stuart Menefy) - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (Pali Rohar) - NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (Trond Myklebust) - of: fdt: fix off-by-one error in unflatten_dt_nodes() (Sergey Shtylyov) - LTS tag: v5.4.214 (Sherry Yang) - tracefs: Only clobber mode/uid/gid on remount if asked (Brian Norris) - soc: fsl: select FSL_GUTS driver for DPIO (Mathew McBride) - net: dp83822: disable rx error interrupt (Enguerrand de Ribaucourt) - mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region() (Jann Horn) to IGNORE_UAS (Hu Xiaoying) - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (Hans de Goede) - perf/arm_pmu_platform: fix tests for platform_get_irq() failure (Yu Zhe) - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (Maurizio Lombardi) - Input: iforce - add support for Boeder Force Feedback Wheel (Greg Tulli) - ieee802154: cc2520: add rc code in cc2520_tx() (Li Qiong) - tg3: Disable tg3 device on system reboot to avoid triggering AER (Kai-Heng Feng) - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (Even Xu) - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (Jason Wang) - drm/msm/rd: Fix FIFO-full deadlock (Rob Clark) [5.4.17-2136.314.2] - pensando: kpcimgr: Fix deadlock in read_kpcimgr (Rob Gardner) [Orabug: 34676899] - uek-rpm: add aarch64 to list of vdso arches (Tom Saeger) [Orabug: 34716202] - uapi: Fix [rs]cq_vector data types in rds[6]_info_rdma_connection (Mark Haywood) [Orabug: 34734191] - uapi: Fix congested flag type in rds[6]_info_socket (Mark Haywood) [Orabug: 34734191] - uek-rpm: Remove nano_dracut-blacklist.conf (Somasundaram Krishnasamy) [Orabug: 34743957] [5.4.17-2136.314.1] - proc: provide details on indirect branch speculation (Anand K Mistry) [Orabug: 33927837] - net/rds: rds_tcp_accept_one ought to not discard messages (Gerd Rausch) [Orabug: 34488376] - net/rds: drop rs_transport module reference count on error (Gerd Rausch) [Orabug: 34500807] - pciemgr: use spin_lock_irqsave (Rob Gardner) [Orabug: 34676884] - iommu: set default value of INTEL_IOMMU_FLOPPY_WA to n (Harshit Mogalapalli) [Orabug: 34724685] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3565 CVE-2022-2602 CVE-2022-4378 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 cpe:/o:oracle:linux:8:7:baseos_patch Oracle Linux 8 [5.15.0-5.76.5.1] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34883037] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34883037] {CVE-2022-4378} [5.15.0-5.76.5] - KVM: x86: Use SRCU to protect zap in __kvm_set_or_clear_apicv_inhibit() (Ben Gardon) [Orabug: 34817119] - KVM: x86: Don't inhibit APICv/AVIC if xAPIC ID mismatch is due to 32-bit ID (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Track xAPIC ID only on userspace SET, _after_ vAPIC is updated (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Flush the 'current' TLB when activating AVIC (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Purge 'highest ISR' cache when updating APICv state (Sean Christopherson) [Orabug: 34817119] - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Add AVIC doorbell tracepoint (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: Warning APICv inconsistency only when vcpu APIC mode is valid (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Introduce hybrid-AVIC mode (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Do not throw warning when calling avic_vcpu_load on a running vcpu (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Introduce logic to (de)activate x2AVIC mode (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Refresh AVIC configuration when changing APIC mode (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: Deactivate APICv on vCPU with APIC disabled (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Do not virtualize MSR accesses for APIC LVTT register (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Fix x2APIC MSRs interception (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Adding support for configuring x2APIC MSRs interception (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Do not support updating APIC ID when in x2APIC mode (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Compute dest based on sender's x2APIC status for AVIC kick (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Update avic_kick_target_vcpus to support 32-bit APIC ID (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Update max number of vCPUs supported for x2AVIC mode (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Detect X2APIC virtualization (x2AVIC) support (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: lapic: Rename [GET/SET]_APIC_DEST_FIELD to [GET/SET]_XAPIC_DEST_FIELD (Suravee Suthikulpanit) [Orabug: 34817119] - x86/cpufeatures: Introduce x2AVIC CPUID bit (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: Blindly get current x2APIC reg value on 'nodecode write' traps (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Bug the VM if an accelerated x2APIC trap occurs on a 'bad' reg (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Do not block APIC write for non ICR registers (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: Add support for vICR APIC-write VM-Exits in x2APIC mode (Zeng Guang) [Orabug: 34817119] - KVM: x86: disable preemption while updating apicv inhibition (Maxim Levitsky) [Orabug: 34817119] - KVM: SVM: Fix x2APIC Logical ID calculation for avic_kick_target_vcpus_fast (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: SVM: fix avic_kick_target_vcpus_fast (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: SVM: remove avic's broken code that updated APIC ID (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: Don't inhibit APICv/AVIC on xAPIC ID 'change' if APIC is disabled (Sean Christopherson) [Orabug: 34817119] - KVM: x86: inhibit APICv/AVIC on changes to APIC ID or APIC base (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: document AVIC/APICv inhibit reasons (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: SVM: allow to force AVIC to be enabled (Maxim Levitsky) [Orabug: 34817119] - KVM: SVM: Introduce trace point for the slow-path of avic_kic_target_vcpus (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Use target APIC ID to complete AVIC IRQs when possible (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: Skip KVM_GUESTDBG_BLOCKIRQ APICv update if APICv is disabled (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Do not activate AVIC for SEV-enabled guest (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: Trace all APICv inhibit changes and capture overall status (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Add wrappers for setting/clearing APICv inhibits (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Make APICv inhibit reasons an enum and cleanup naming (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Disable preemption across AVIC load/put during APICv refresh (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Treat x2APIC's ICR as a 64-bit register, not two 32-bit regs (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Add helpers to handle 64-bit APIC MSR read/writes (Sean Christopherson) [Orabug: 34817119] - KVM: x86: WARN if KVM emulates an IPI without clearing the BUSY flag (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Don't rewrite guest ICR on AVIC IPI virtualization failure (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Use 'raw' APIC register read for handling APIC-write VM-Exit (Sean Christopherson) [Orabug: 34817119] - KVM: VMX: Handle APIC-write offset wrangling in VMX code (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Rename AVIC helpers to use 'avic' prefix instead of 'svm' (Sean Christopherson) [Orabug: 34817119] - KVM: VMX: Rename VMX functions to conform to kvm_x86_ops names (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Rename kvm_x86_ops pointers to align w/ preferred vendor names (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Drop export for .tlb_flush_current() static_call key (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Skip APICv update if APICv is disable at the module level (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Unexport __kvm_request_apicv_update() (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: fix race between interrupt delivery and AVIC inhibition (Maxim Levitsky) [Orabug: 34817119] - KVM: SVM: set IRR in svm_deliver_interrupt (Paolo Bonzini) [Orabug: 34817119] - KVM: SVM: extract avic_ring_doorbell (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: SVM: move avic definitions from AMD's spec to svm.h (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: lapic: don't touch irr_pending in kvm_apic_update_apicv when inhibiting it (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: Move delivery of non-APICv interrupt into vendor code (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Drop AVIC's intermediate avic_set_running() helper (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Skip AVIC and IRTE updates when loading blocking vCPU (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Use kvm_vcpu_is_blocking() in AVIC load to handle preemption (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Remove unnecessary APICv/AVIC update in vCPU unblocking path (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Don't bother checking for 'running' AVIC when kicking for IPIs (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Signal AVIC doorbell iff vCPU is in guest mode (Sean Christopherson) [Orabug: 34817119] - KVM: x86: add a tracepoint for APICv/AVIC interrupt delivery (Maxim Levitsky) [Orabug: 34817119] - KVM: Add helpers to wake/query blocking vCPU (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Ensure target pCPU is read once when signalling AVIC doorbell (Sean Christopherson) [Orabug: 34817119] - KVM: ensure APICv is considered inactive if there is no APIC (Paolo Bonzini) [Orabug: 34817119] - KVM: x86: inhibit APICv when KVM_GUESTDBG_BLOCKIRQ active (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: Use rw_semaphore for APICv lock to allow vCPU parallelism (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Move SVM's APICv sanity check to common x86 (Sean Christopherson) [Orabug: 34817119] - rds: Remove the cp_rdsinfo_pending flag (Hakon Bugge) [Orabug: 34658657] - RDMA/mlx5: Change debug log level for remote access error syndromes (Arumugam Kolappan) [Orabug: 34798451] - uek-rpm: kernel-uek.spec: make -modules-extra depend on -modules (Todd Vierling) [Orabug: 34820756] - Feature: Add cmdline param sched_uek=[preempt,wakeidle] (Libo Chen) [Orabug: 34779451] - rds: ib: Fix cleanup of rds_ib_cache_gc_worker (Hakon Bugge) [Orabug: 34806076] - KVM: nVMX: Add tracepoint for nested VM-Enter (David Matlack) [Orabug: 34806794] - KVM: x86: Update trace function for nested VM entry to support VMX (Mingwei Zhang) [Orabug: 34806794] - KVM: nVMX: Allow VMREAD when Enlightened VMCS is in use (Vitaly Kuznetsov) [Orabug: 34806794] - KVM: nVMX: Implement evmcs_field_offset() suitable for handle_vmread() (Vitaly Kuznetsov) [Orabug: 34806794] - KVM: nVMX: Rename vmcs_to_field_offset{,_table} (Vitaly Kuznetsov) [Orabug: 34806794] - x86/kvm: Always inline evmcs_write64() (Peter Zijlstra) [Orabug: 34806794] - RDMA/uverbs: restrack shared PDs (Sharath Srinivasan) [Orabug: 34812520] [5.15.0-5.76.4] - x86: Ignore iommu=off for AMD cpus (Dave Kleikamp) [Orabug: 34211826] - virtio-net: use mtu size as buffer length for big packets (Gavin Li) [Orabug: 34756664] - virtio-net: introduce and use helper function for guest gso support checks (Gavin Li) [Orabug: 34756664] - vdpa/mlx5: Use consistent RQT size (Eli Cohen) [Orabug: 34756664] - vdpa: mlx5: synchronize driver status with CVQ (Jason Wang) [Orabug: 34756664] - vdpa: support exposing the count of vqs to userspace (Longpeng) [Orabug: 34756664] - vdpa: change the type of nvqs to u32 (Longpeng) [Orabug: 34756664] - vdpa: support exposing the config size to userspace (Longpeng) [Orabug: 34756664] - vdpa/mlx5: re-create forwarding rules after mac modified (Michael Qiu) [Orabug: 34756664] - Add definition of VIRTIO_F_IN_ORDER feature bit (Gautam Dawar) [Orabug: 34756664] - vdpa: factor out vdpa_set_features_unlocked for vdpa internal use (Si-Wei Liu) [Orabug: 34756664] - RDMA/cma: Use output interface for net_dev check (Hakon Bugge) [Orabug: 34774007] - Revert 'RDMA/cma: Use output interface for net_dev check' (Hakon Bugge) [Orabug: 34774007] - Revert 'rdmaip: Flush ARP cache after address has been cleared' (Sharath Srinivasan) [Orabug: 34783631] - Revert 'sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle' (Samasth Norway Ananda) [Orabug: 34807135] [5.15.0-5.76.3] - uek-rpm: Add Documentation to kernel-uek-devel (Somasundaram Krishnasamy) [Orabug: 34734127] - kfence: add sysfs interface to disable kfence for selected slabs. (Imran Khan) [Orabug: 34744270] - scsi: target: core: Silence the message about unknown VPD pages (Konstantin Shelekhin) [Orabug: 34764767] - x86/microcode/AMD: Apply the patch late on every logical thread (Mihai Carabas) [Orabug: 34765295] - perf/x86/intel: Hide Topdown metrics events if slots is not enumerated (Kan Liang) [Orabug: 34771183] [5.15.0-5.76.2] - LTS version: v5.15.76 (Jack Vogel) - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (Seth Jenkins) - mmc: core: Add SD card quirk for broken discard (Avri Altman) - Makefile.debug: re-enable debug info for .S files (Nick Desaulniers) - x86/Kconfig: Drop check for -mabi=ms for CONFIG_EFI_STUB (Nathan Chancellor) - ACPI: video: Force backlight native for more TongFang devices (Werner Sembach) - perf: Skip and warn on unknown format 'configN' attrs (Rob Herring) - mmc: sdhci-tegra: Use actual clock rate for SW tuning correction (Prathamesh Shete) - tracing: Do not free snapshot if tracer is on cmdline (Steven Rostedt (Google)) - tracing: Simplify conditional compilation code in tracing_set_tracer() (sunliming) - ksmbd: fix incorrect handling of iterate_dir (Namjae Jeon) - ksmbd: handle smb2 query dir request for OutputBufferLength that is too small (Namjae Jeon) - arm64: mte: move register initialization to C (Peter Collingbourne) - fs: dlm: fix invalid derefence of sb_lvbptr (Alexander Aring) - iommu/vt-d: Clean up si_domain in the init_dmars() error path (Jerry Snitselaar) - iommu/vt-d: Allow NVS regions in arch_rmrr_sanity_check() (Charlotte Tan) - net: phy: dp83822: disable MDI crossover status change interrupt (Felix Riemann) - net: sched: fix race condition in qdisc_graft() (Eric Dumazet) - net: hns: fix possible memory leak in hnae_ae_register() (Yang Yingliang) - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (Yang Yingliang) - sfc: include vport_id in filter spec hash and equal() (Pieter Jansen van Vuuren) - net: sched: sfb: fix null pointer access issue when sfb_init() fails (Zhengchao Shao) - net: sched: delete duplicate cleanup of backlog and qlen (Zhengchao Shao) - net: sched: cake: fix null pointer access issue when cake_init() fails (Zhengchao Shao) - nvmet: fix workqueue MEM_RECLAIM flushing dependency (Sagi Grimberg) - nvme-hwmon: kmalloc the NVME SMART log buffer (Serge Semin) - nvme-hwmon: consistently ignore errors from nvme_hwmon_init (Christoph Hellwig) - netfilter: nf_tables: relax NFTA_SET_ELEM_KEY_END set flags requirements (Pablo Neira Ayuso) - ionic: catch NULL pointer issue on reconfig (Brett Creeley) - net: hsr: avoid possible NULL deref in skb_clone() (Eric Dumazet) - dm: remove unnecessary assignment statement in alloc_dev() (Genjian Zhang) - cifs: Fix xid leak in cifs_ses_add_channel() (Zhang Xiaoxu) - cifs: Fix xid leak in cifs_flock() (Zhang Xiaoxu) - cifs: Fix xid leak in cifs_copy_file_range() (Zhang Xiaoxu) - cifs: Fix xid leak in cifs_create() (Zhang Xiaoxu) - udp: Update reuse->has_conns under reuseport_lock. (Kuniyuki Iwashima) - scsi: lpfc: Fix memory leak in lpfc_create_port() (Rafael Mendonca) - net: phylink: add mac_managed_pm in phylink_config structure (Shenwei Wang) - net: phy: dp83867: Extend RX strap quirk for SGMII mode (Harini Katakam) - net/atm: fix proc_mpc_write incorrect return value (Xiaobo Liu) - sfc: Change VF mac via PF as first preference if available. (Jonathan Cooper) - HID: magicmouse: Do not set BTN_MOUSE on double report (Jose Exposito) - i40e: Fix DMA mappings leak (Jan Sokolowski) - tipc: fix an information leak in tipc_topsrv_kern_subscr (Alexander Potapenko) - tipc: Fix recognition of trial period (Mark Tomlinson) - ACPI: extlog: Handle multiple records (Tony Luck) - drm/vc4: Add module dependency on hdmi-codec (Maxime Ripard) - btrfs: fix processing of delayed tree block refs during backref walking (Filipe Manana) - btrfs: fix processing of delayed data refs during backref walking (Filipe Manana) - x86/topology: Fix duplicated core ID within a package (Zhang Rui) - x86/topology: Fix multiple packages shown on a single-package system (Zhang Rui) - media: venus: dec: Handle the case where find_format fails (Bryan O'Donoghue) - media: mceusb: set timeout to at least timeout provided (Sean Young) - media: ipu3-imgu: Fix NULL pointer dereference in active selection access (Sakari Ailus) - KVM: arm64: vgic: Fix exit condition in scan_its_table() (Eric Ren) - kvm: Add support for arch compat vm ioctls (Alexander Graf) - mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages (Rik van Riel) - drm/amdgpu: fix sdma doorbell init ordering on APUs (Alex Deucher) - cpufreq: qcom: fix memory leak in error path (Fabien Parent) - x86/resctrl: Fix min_cbm_bits for AMD (Babu Moger) - ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS (Kai-Heng Feng) - ata: ahci-imx: Fix MODULE_ALIAS (Alexander Stein) - hwmon/coretemp: Handle large core ID value (Zhang Rui) - x86/microcode/AMD: Apply the patch early on every logical thread (Borislav Petkov) - i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (Bryan O'Donoghue) - cpufreq: qcom: fix writes in read-only memory region (Fabien Parent) - selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (GONG, Ruiqi) - ocfs2: fix BUG when iput after ocfs2_mknod fails (Joseph Qi) - ocfs2: clear dinode links count in case of error (Joseph Qi) - btrfs: enhance unsupported compat RO flags handling (Qu Wenruo) - perf/x86/intel/pt: Relax address filter validation (Adrian Hunter) - arm64: errata: Remove AES hwcap for COMPAT tasks (James Morse) - usb: gadget: uvc: improve sg exit condition (Michael Grzeschik) - usb: gadget: uvc: giveback vb2 buffer on req complete (Michael Grzeschik) - usb: gadget: uvc: rework uvcg_queue_next_buffer to uvcg_complete_buffer (Michael Grzeschik) - usb: gadget: uvc: use on returned header len in video_encode_isoc_sg (Michael Grzeschik) - usb: gadget: uvc: consistently use define for headerlen (Michael Grzeschik) - arm64/mm: Consolidate TCR_EL1 fields (Anshuman Khandual) - r8152: add PID for the Lenovo OneLink+ Dock (Jean-Francois Le Fillatre) - LTS version: v5.15.75 (Jack Vogel) - io-wq: Fix memory leak in worker creation (Rafael Mendonca) - gcov: support GCC 12.1 and newer compilers (Martin Liska) - thermal: intel_powerclamp: Use first online CPU as control_cpu (Rafael J. Wysocki) - ext4: continue to expand file system when the target size doesn't reach (Jerry Lee ) - lib/Kconfig.debug: Add check for non-constant .{s,u}leb128 support to DWARF5 (Nathan Chancellor) - Kconfig.debug: add toolchain checks for DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT (Masahiro Yamada) - Kconfig.debug: simplify the dependency of DEBUG_INFO_DWARF4/5 (Masahiro Yamada) - drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (Nathan Chancellor) - net/ieee802154: don't warn zero-sized raw_sendmsg() (Tetsuo Handa) - Revert 'net/ieee802154: reject zero-sized raw_sendmsg()' (Alexander Aring) - net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (Randy Dunlap) - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (Yu Kuai) - ALSA: usb-audio: Fix last interface check for registration (Takashi Iwai) - net: ieee802154: return -EINVAL for unknown addr type (Alexander Aring) - mm: hugetlb: fix UAF in hugetlb_handle_userfault (Liu Shixin) - io_uring/rw: fix unexpected link breakage (Pavel Begunkov) - io_uring/rw: fix error'ed retry return values (Pavel Begunkov) - io_uring/rw: fix short rw error handling (Pavel Begunkov) - io_uring: correct pinned_vm accounting (Pavel Begunkov) - io_uring/af_unix: defer registered files gc to io_uring release (Pavel Begunkov) - perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc (Adrian Hunter) - clk: bcm2835: Round UART input clock up (Ivan T. Ivanov) - clk: bcm2835: Make peripheral PLLC critical (Maxime Ripard) - usb: idmouse: fix an uninit-value in idmouse_open (Dongliang Mu) - nvmet-tcp: add bounds check on Transfer Tag (Varun Prakash) - nvme: copy firmware_rev on each init (Keith Busch) - ext2: Use kvmalloc() for group descriptor array (Jan Kara) - scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (Arun Easi) - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (Xiaoke Wang) - staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (Xiaoke Wang) - Revert 'usb: storage: Add quirk for Samsung Fit flash' (sunghwan jung) - usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (Piyush Mehta) - arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (Alexander Stein) - usb: musb: Fix musb_gadget.c rxstate overflow bug (Robin Guo) - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (Jianglei Nie) - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (Logan Gunthorpe) - eventfd: guard wake_up in eventfd fs calls as well (Dylan Yudaken) - HID: roccat: Fix use-after-free in roccat_read() (Hyunwoo Kim) - soundwire: intel: fix error handling on dai registration issues (Pierre-Louis Bossart) - soundwire: cadence: Don't overwrite msg->buf during write commands (Richard Fitzgerald) - bcache: fix set_at_max_writeback_rate() for multiple attached devices (Coly Li) - ata: libahci_platform: Sanity check the DT child nodes number (Serge Semin) - blk-throttle: prevent overflow while calculating wait time (Yu Kuai) - staging: vt6655: fix potential memory leak (Nam Cao) - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (Wei Yongjun) - iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (Yicong Yang) - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (Shigeru Yoshida) - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (Letu Ren) - dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (Vaishnav Achath) - usb: host: xhci-plat: suspend/resume clks for brcm (Justin Chen) - usb: host: xhci-plat: suspend and resume clocks (Justin Chen) - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (Quanyang Wang) - media: platform: fix some double free in meson-ge2d and mtk-jpeg and s5p-mfc (Hangyu Hua) - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (Zheyu Ma) - clk: zynqmp: Fix stack-out-of-bounds in strncpy (Ian Nam) - ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (Alex Sverdlin) - btrfs: don't print information about space cache or tree every remount (Maciej S. Szmigiero) - btrfs: scrub: try to fix super block errors (Qu Wenruo) - btrfs: dump extra info if one free space cache has more bitmaps than it should (Qu Wenruo) - arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (Sebastian Krzyszkowiak) - kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (Mark Brown) - ARM: dts: imx6sx: add missing properties for sram (Alexander Stein) - ARM: dts: imx6sll: add missing properties for sram (Alexander Stein) - ARM: dts: imx6sl: add missing properties for sram (Alexander Stein) - ARM: dts: imx6qp: add missing properties for sram (Alexander Stein) - ARM: dts: imx6dl: add missing properties for sram (Alexander Stein) - ARM: dts: imx6q: add missing properties for sram (Alexander Stein) - ARM: dts: imx7d-sdb: config the max pressure for tsc2046 (Haibo Chen) - drm/amd/display: Remove interface for periodic interrupt 1 (Aric Cyr) - drm/dp: Don't rewrite link config when setting phy test pattern (Khaled Almahallawy) - mmc: sdhci-msm: add compatible string check for sdm670 (Richard Acayan) - drm/meson: explicitly remove aggregate driver at module unload time (Adrian Larumbe) - drm/meson: reorder driver deinit sequence to fix use-after-free bug (Adrian Larumbe) - drm/amdgpu: fix initial connector audio value (hongao) - ASoC: SOF: pci: Change DMI match info to support all Chrome platforms (Jairaj Arava) - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (Hans de Goede) - platform/chrome: cros_ec: Notify the PM of wake events during resume (Jameson Thies) - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (Maya Matuszczyk) - drm/vc4: vec: Fix timings for VEC modes (Mateusz Kwiatkowski) - ALSA: usb-audio: Register card at the last interface (Takashi Iwai) - drm: bridge: dw_hdmi: only trigger hotplug event on link change (Lucas Stach) - udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (Vivek Kasireddy) - drm/amd/display: fix overflow on MIN_I64 definition (David Gow) - gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (Zeng Jingxiang) - drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook (Liviu Dudau) - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (Javier Martinez Canillas) - drm: Use size_t type for len variable in drm_copy_field() (Javier Martinez Canillas) - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (Jianglei Nie) - r8152: Rate limit overflow messages (Andrew Gaul) - Bluetooth: L2CAP: Fix user-after-free (Luiz Augusto von Dentz) - net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory (Liu Jian) - hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (Jason A. Donenfeld) - wifi: rt2x00: correctly set BBP register 86 for MT7620 (Daniel Golle) - wifi: rt2x00: set SoC wmac clock register (Daniel Golle) - wifi: rt2x00: set VGC gain for both chains of MT7620 (Daniel Golle) - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (Daniel Golle) - wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620 (Daniel Golle) - can: bcm: check the result of can_send() in bcm_can_tx() (Ziyang Xuan) - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (Luiz Augusto von Dentz) - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (Tetsuo Handa) - wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (Sean Wang) - regulator: core: Prevent integer underflow (Patrick Rudolph) - Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (Kiran K) - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (Alexander Coffin) - iavf: Fix race between iavf_close and iavf_reset_task (Michal Jaron) - xfrm: Update ipcomp_scratches with NULL when freed (Khalid Masum) - thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (Mika Westerberg) - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (Tetsuo Handa) - x86/mce: Retrieve poison range from hardware (Jane Chu) - tcp: annotate data-race around tcp_md5sig_pool_populated (Eric Dumazet) - openvswitch: Fix overreporting of drops in dropwatch (Mike Pattrick) - openvswitch: Fix double reporting of drops in dropwatch (Mike Pattrick) - net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (Ravi Gunasekaran) - ice: set tx_tstamps when creating new Tx rings via ethtool (Jacob Keller) - bpftool: Clear errno after libcap's checks (Quentin Monnet) - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (Wright Feng) - NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data (Anna Schumaker) - x86/entry: Work around Clang __bdos() bug (Kees Cook) - ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (Mario Limonciello) - ARM: decompressor: Include .data.rel.ro.local (Kees Cook) - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (Srinivas Pandruvada) - powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue (Chao Qin) - MIPS: BCM47XX: Cast memcmp() of function to (void *) (Kees Cook) - cpufreq: intel_pstate: Add Tigerlake support in no-HWP mode (Doug Smythies) - ACPI: tables: FPDT: Don't call acpi_os_map_memory() on invalid phys address (Hans de Goede) - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (Arvid Norlander) - rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE() (Zqiang) - rcu: Back off upon fill_page_cache_func() allocation failure (Michal Hocko) - rcu: Avoid triggering strict-GP irq-work when RCU is idle (Zqiang) - fs: dlm: fix race in lowcomms (Alexander Aring) - selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (Stefan Berger) - f2fs: fix to account FS_CP_DATA_IO correctly (Chao Yu) - f2fs: fix race condition on setting FI_NO_EXTENT flag (Zhang Qilong) - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (Shuai Xue) - thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (Vincent Knecht) - crypto: cavium - prevent integer overflow loading firmware (Dan Carpenter) - crypto: marvell/octeontx - prevent integer overflows (Dan Carpenter) - kbuild: rpm-pkg: fix breakage when V=1 is used (Janis Schoetterl-Glausch) - kbuild: remove the target in signal traps when interrupted (Masahiro Yamada) - tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (Nico Pache) - tracing: kprobe: Make gen test module work in arm and riscv (Yipeng Zou) - tracing: kprobe: Fix kprobe event gen test module on exit (Yipeng Zou) - iommu/iova: Fix module config properly (Robin Murphy) - cifs: return correct error in ->calc_signature() (Enzo Matsumiya) - crypto: qat - fix DMA transfer direction (Damian Muszynski) - crypto: inside-secure - Change swab to swab32 (Peter Harliman Liem) - crypto: ccp - Release dma channels before dmaengine unrgister (Koba Ko) - crypto: akcipher - default implementation for setting a private key (Ignat Korchagin) - iommu/omap: Fix buffer overflow in debugfs (Dan Carpenter) - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (Waiman Long) - crypto: hisilicon/qm - fix missing put dfx access (Weili Qian) - crypto: qat - fix default value of WDT timer (Lucas Segarra Fernandez) - hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear() (Kshitiz Varshney) - cgroup: Honor caller's cgroup NS when resolving path (Michal Koutny) - hwrng: arm-smccc-trng - fix NO_ENTROPY handling (James Cowgill) - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (Ye Weihua) - crypto: sahara - don't sleep when in softirq (Zhengchao Shao) - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (Haren Myneni) - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (Li Huafei) - powerpc: Fix SPE Power ISA properties for e500v1 platforms (Pali Rohar) - powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5 (Nicholas Piggin) - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (Vitaly Kuznetsov) - powerpc: Fix fallocate and fadvise64_64 compat parameter combination (Rohan McLure) - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (Zheng Yongjun) - powerpc/pci_dn: Add missing of_node_put() (Liang He) - powerpc/sysdev/fsl_msi: Add missing of_node_put() (Liang He) - powerpc/math_emu/efp: Include module.h (Nathan Chancellor) - powerpc/configs: Properly enable PAPR_SCM in pseries_defconfig (Michael Ellerman) - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (Jack Wang) - mailbox: mpfs: account for mbox offsets while sending (Conor Dooley) - mailbox: mpfs: fix handling of the reg property (Conor Dooley) - clk: ast2600: BCLK comes from EPLL (Joel Stanley) - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (Miaoqian Lin) - clk: imx: scu: fix memleak on platform_device_add() fails (Lin Yujun) - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (Stefan Wahren) - clk: baikal-t1: Add SATA internal ref clock buffer (Serge Semin) - clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (Serge Semin) - clk: baikal-t1: Fix invalid xGMAC PTP clock divider (Serge Semin) - clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (Serge Semin) - spmi: pmic-arb: correct duplicate APID to PPID mapping logic (David Collins) - usb: mtu3: fix failed runtime suspend in host only mode (Chunfeng Yun) - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (Dave Jiang) - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (Chen-Yu Tsai) - mfd: sm501: Add check for platform_driver_register() (Jiasheng Jiang) - mfd: fsl-imx25: Fix check for platform_get_irq() errors (Dan Carpenter) - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (Christophe JAILLET) - mfd: lp8788: Fix an error handling path in lp8788_probe() (Christophe JAILLET) - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (Christophe JAILLET) - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (Christophe JAILLET) - fsi: core: Check error number after calling ida_simple_get (Jiasheng Jiang) - RDMA/rxe: Fix resize_finish() in rxe_queue.c (Bob Pearson) - clk: qcom: gcc-sm6115: Override default Alpha PLL regs (Adam Skladowski) - clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (Robert Marko) - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (Mike Christie) - scsi: iscsi: Run recv path from workqueue (Mike Christie) - scsi: iscsi: Add recv workqueue helpers (Mike Christie) - scsi: iscsi: Rename iscsi_conn_queue_work() (Mike Christie) - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (Duoming Zhou) - serial: 8250: Fix restoring termios speed after suspend (Pali Rohar) - firmware: google: Test spinlock on panic path to avoid lockups (Guilherme G. Piccoli) - slimbus: qcom-ngd-ctrl: allow compile testing without QCOM_RPROC_COMMON (Krzysztof Kozlowski) - staging: vt6655: fix some erroneous memory clean-up loops (Nam Cao) - phy: qualcomm: call clk_disable_unprepare in the error handling (Dongliang Mu) - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (Sherry Sun) - serial: 8250: Toggle IER bits on only after irq has been set up (Ilpo Jarvinen) - drivers: serial: jsm: fix some leaks in probe (Dan Carpenter) - usb: gadget: function: fix dangling pnp_string in f_printer.c (Albert Briscoe) - xhci: Don't show warning for reinit on known broken suspend (Mario Limonciello) - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (Daisuke Matsuda) - RDMA/cm: Use SLID in the work completion as the DLID in responder side (Mark Zhang) - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (David Sloan) - md/raid5: Ensure stripe_fill happens on non-read IO with journal (Logan Gunthorpe) - md: Replace snprintf with scnprintf (Saurabh Sengar) - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (Dan Carpenter) - ata: fix ata_id_has_dipm() (Niklas Cassel) - ata: fix ata_id_has_ncq_autosense() (Niklas Cassel) - ata: fix ata_id_has_devslp() (Niklas Cassel) - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (Niklas Cassel) - RDMA/siw: Fix QP destroy to wait for all references dropped. (Bernard Metzler) - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (Bernard Metzler) - RDMA/srp: Fix srp_abort() (Bart Van Assche) - RDMA/irdma: Align AE id codes to correct flush code and event (Sindhu-Devale) - mtd: rawnand: fsl_elbc: Fix none ECC mode (Pali Rohar) - mtd: rawnand: intel: Remove undocumented compatible string (Martin Blumenstingl) - mtd: rawnand: intel: Read the chip-select line from the correct OF node (Martin Blumenstingl) - phy: phy-mtk-tphy: fix the phy type setting issue (Chunfeng Yun) - phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (Liang He) - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (William Dean) - clk: qcom: sm6115: Select QCOM_GDSC (Dang Huynh) - dyndbg: drop EXPORTed dynamic_debug_exec_queries (Jim Cromie) - dyndbg: let query-modname override actual module name (Jim Cromie) - dyndbg: fix module.dyndbg handling (Jim Cromie) - dyndbg: fix static_branch manipulation (Jim Cromie) - dmaengine: hisilicon: Add multi-thread support for a DMA channel (Jie Hai) - dmaengine: hisilicon: Fix CQ head update (Jie Hai) - dmaengine: hisilicon: Disable channels when unregister hisi_dma (Jie Hai) - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (Dan Carpenter) - misc: ocxl: fix possible refcount leak in afu_ioctl() (Hangyu Hua) - RDMA/rxe: Fix the error caused by qp->sk (Zhu Yanjun) - RDMA/rxe: Fix 'kernel NULL pointer dereference' error (Zhu Yanjun) - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (Miaoqian Lin) - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (Yunke Cao) - media: uvcvideo: Fix memory leak in uvc_gpio_parse (Jose Exposito) - media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (Xu Qiang) - tty: xilinx_uartps: Fix the ignore_status (Shubhrajyoti Datta) - media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop (Liang He) - HSI: omap_ssi_port: Fix dma_map_sg error check (Jack Wang) - HSI: omap_ssi: Fix refcount leak in ssi_probe (Miaoqian Lin) - clk: tegra20: Fix refcount leak in tegra20_clock_init (Miaoqian Lin) - clk: tegra: Fix refcount leak in tegra114_clock_init (Miaoqian Lin) - clk: tegra: Fix refcount leak in tegra210_clock_init (Miaoqian Lin) - clk: sprd: Hold reference returned by of_get_parent() (Liang He) - clk: berlin: Add of_node_put() for of_get_parent() (Liang He) - clk: qoriq: Hold reference returned by of_get_parent() (Liang He) - clk: oxnas: Hold reference returned by of_get_parent() (Liang He) - clk: meson: Hold reference returned by of_get_parent() (Liang He) - usb: common: debug: Check non-standard control requests (Thinh Nguyen) - RDMA/mlx5: Don't compare mkey tags in DEVX indirect mkey (Aharon Landau) - iio: magnetometer: yas530: Change data type of hard_offsets to signed (Jakob Hauser) - iio: ABI: Fix wrong format of differential capacitance channel ABI. (Jonathan Cameron) - iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (Nuno Sa) - iio: inkern: only release the device node when done with it (Nuno Sa) - iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (Claudiu Beznea) - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (Claudiu Beznea) - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (Claudiu Beznea) - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (Claudiu Beznea) - ARM: dts: exynos: fix polarity of VBUS GPIO of Origen (Dmitry Torokhov) - arm64: ftrace: fix module PLTs with mcount (Mark Rutland) - ext4: don't run ext4lazyinit for read-only filesystems (Josh Triplett) - ARM: Drop CMDLINE_* dependency on ATAGS (Geert Uytterhoeven) - ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family (Dmitry Torokhov) - arm64: dts: ti: k3-j7200: fix main pinmux range (Matt Ranostay) - soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (Dmitry Osipenko) - ia64: export memory_add_physaddr_to_nid to fix cxl build error (Randy Dunlap) - ARM: dts: kirkwood: lsxl: remove first ethernet port (Michael Walle) - ARM: dts: kirkwood: lsxl: fix serial line (Michael Walle) - ARM: dts: turris-omnia: Fix mpp26 pin name and comment (Marek Behun) - ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (Lucas Stach) - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (Liang He) - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (Liang He) - locks: fix TOCTOU race when granting write lease (Amir Goldstein) - memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (Liang He) - memory: of: Fix refcount leak bug in of_get_ddr_timings() (Liang He) - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (Liang He) - ALSA: hda/hdmi: Don't skip notification handling during PM operation (Takashi Iwai) - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (Zhang Qilong) - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (Zhang Qilong) - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (Zhang Qilong) - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (Zhang Qilong) - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (Christophe JAILLET) - ALSA: dmaengine: increment buffer pointer atomically (Andreas Pape) - ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() (Christophe JAILLET) - ASoC: codecs: tx-macro: fix kcontrol put (Srinivas Kandagatla) - drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() (Rafael Mendonca) - drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (Kuogee Hsieh) - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (Dmitry Baryshkov) - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (Liang He) - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (Christophe JAILLET) - drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue() (Rafael Mendonca) - drm/omap: dss: Fix refcount leak bugs (Liang He) - drm/bochs: fix blanking (Gerd Hoffmann) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-4378 CVE-2022-1184 cpe:/a:oracle:linux:8::UEKR7 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.314.6.2.el7] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34883034] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34883034] {CVE-2022-4378} [5.4.17-2136.314.6.1.el7] - RDMA/uverbs: Move IB_EVENT_DEVICE_FATAL to destroy_uobj (Jason Gunthorpe) [Orabug: 34859614] - RDMA/uverbs: Do not discard the IB_EVENT_DEVICE_FATAL event (Jason Gunthorpe) [Orabug: 34859614] - Adding a new sysfs entry point -- forcepower -- to /sys/bus/pci/slots/X. (James Puthukattukaran) [Orabug: 34859609] - nvme: paring quiesce/unquiesce (Ming Lei) [Orabug: 34859609] - nvme: prepare for pairing quiescing and unquiescing (Ming Lei) [Orabug: 34859609] - nvme: apply nvme API to quiesce/unquiesce admin queue (Ming Lei) [Orabug: 34859609] - nvme: add APIs for stopping/starting admin queue (Ming Lei) [Orabug: 34859609] - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (James Smart) [Orabug: 34859609] - nvme-fc: avoid race between time out and tear down (James Smart) [Orabug: 34859609] - nvme-fc: update hardware queues before using them (Daniel Wagner) [Orabug: 34859609] - nvme-fabrics: reject I/O to offline device (Victor Gladkov) [Orabug: 34859609] - nvme-fc: wait for queues to freeze before calling update_hr_hw_queues (James Smart) [Orabug: 34859609] [5.4.17-2136.314.6.el7] - RDMA/mlx5: Change debug log level for remote access error syndromes (Arumugam Kolappan) [Orabug: 34798452] - KVM: x86: Don't inhibit APICv/AVIC if xAPIC ID mismatch is due to 32-bit ID (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Track xAPIC ID only on userspace SET, _after_ vAPIC is updated (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Flush the 'current' TLB when activating AVIC (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Purge 'highest ISR' cache when updating APICv state (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Add AVIC doorbell tracepoint (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: x86: Warning APICv inconsistency only when vcpu APIC mode is valid (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Introduce hybrid-AVIC mode (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Do not throw warning when calling avic_vcpu_load on a running vcpu (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Introduce logic to (de)activate x2AVIC mode (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Refresh AVIC configuration when changing APIC mode (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: x86: Deactivate APICv on vCPU with APIC disabled (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Do not virtualize MSR accesses for APIC LVTT register (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Fix x2APIC MSRs interception (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Adding support for configuring x2APIC MSRs interception (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Do not support updating APIC ID when in x2APIC mode (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Compute dest based on sender's x2APIC status for AVIC kick (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Update avic_kick_target_vcpus to support 32-bit APIC ID (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Update max number of vCPUs supported for x2AVIC mode (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Detect X2APIC virtualization (x2AVIC) support (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: x86: lapic: Rename [GET/SET]_APIC_DEST_FIELD to [GET/SET]_XAPIC_DEST_FIELD (Suravee Suthikulpanit) [Orabug: 34160613] - x86/cpufeatures: Introduce x2AVIC CPUID bit (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: x86: Blindly get current x2APIC reg value on 'nodecode write' traps (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Bug the VM if an accelerated x2APIC trap occurs on a 'bad' reg (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Do not block APIC write for non ICR registers (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: x86: Add support for vICR APIC-write VM-Exits in x2APIC mode (Zeng Guang) [Orabug: 34160613] - KVM: x86: disable preemption while updating apicv inhibition (Maxim Levitsky) [Orabug: 34160613] - KVM: SVM: Fix x2APIC Logical ID calculation for avic_kick_target_vcpus_fast (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: x86: SVM: fix avic_kick_target_vcpus_fast (Maxim Levitsky) [Orabug: 34160613] - KVM: x86: SVM: remove avic's broken code that updated APIC ID (Maxim Levitsky) [Orabug: 34160613] - KVM: x86: Don't inhibit APICv/AVIC on xAPIC ID 'change' if APIC is disabled (Sean Christopherson) [Orabug: 34160613] - KVM: x86: inhibit APICv/AVIC on changes to APIC ID or APIC base (Maxim Levitsky) [Orabug: 34160613] - KVM: x86: document AVIC/APICv inhibit reasons (Maxim Levitsky) [Orabug: 34160613] - KVM: x86: SVM: allow to force AVIC to be enabled (Maxim Levitsky) [Orabug: 34160613] - KVM: SVM: Introduce trace point for the slow-path of avic_kic_target_vcpus (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Use target APIC ID to complete AVIC IRQs when possible (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Do not activate AVIC for SEV-enabled guest (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: x86: Pend KVM_REQ_APICV_UPDATE during vCPU creation to fix a race (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Trace all APICv inhibit changes and capture overall status (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Add wrappers for setting/clearing APICv inhibits (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Make APICv inhibit reasons an enum and cleanup naming (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: fix panic on out-of-bounds guest IRQ (Yi Wang) [Orabug: 34160613] - KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255 (Suravee Suthikulpanit) [Orabug: 34160613] - KVM: SVM: Disable preemption across AVIC load/put during APICv refresh (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Treat x2APIC's ICR as a 64-bit register, not two 32-bit regs (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Make kvm_lapic_set_reg() a 'private' xAPIC helper (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Add helpers to handle 64-bit APIC MSR read/writes (Sean Christopherson) [Orabug: 34160613] - KVM: x86: WARN if KVM emulates an IPI without clearing the BUSY flag (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Don't rewrite guest ICR on AVIC IPI virtualization failure (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Use 'raw' APIC register read for handling APIC-write VM-Exit (Sean Christopherson) [Orabug: 34160613] - KVM: VMX: Handle APIC-write offset wrangling in VMX code (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Do not change ICR on write to APIC_SELF_IPI (Paolo Bonzini) [Orabug: 34160613] - KVM: SVM: Rename AVIC helpers to use 'avic' prefix instead of 'svm' (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Rename kvm_x86_ops pointers to align w/ preferred vendor names (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Skip APICv update if APICv is disable at the module level (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: fix race between interrupt delivery and AVIC inhibition (Maxim Levitsky) [Orabug: 34160613] - KVM: SVM: set IRR in svm_deliver_interrupt (Paolo Bonzini) [Orabug: 34160613] - KVM: SVM: extract avic_ring_doorbell (Maxim Levitsky) [Orabug: 34160613] - KVM: x86: SVM: move avic definitions from AMD's spec to svm.h (Maxim Levitsky) [Orabug: 34160613] - KVM: x86: lapic: don't touch irr_pending in kvm_apic_update_apicv when inhibiting it (Maxim Levitsky) [Orabug: 34160613] - KVM: x86: Move delivery of non-APICv interrupt into vendor code (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Move svm_hardware_setup() and its helpers below svm_x86_ops (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Drop AVIC's intermediate avic_set_running() helper (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Skip AVIC and IRTE updates when loading blocking vCPU (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Use kvm_vcpu_is_blocking() in AVIC load to handle preemption (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Remove unnecessary APICv/AVIC update in vCPU unblocking path (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Don't bother checking for 'running' AVIC when kicking for IPIs (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Signal AVIC doorbell iff vCPU is in guest mode (Sean Christopherson) [Orabug: 34160613] - KVM: x86: add a tracepoint for APICv/AVIC interrupt delivery (Maxim Levitsky) [Orabug: 34160613] - KVM: Add helpers to wake/query blocking vCPU (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: Ensure target pCPU is read once when signalling AVIC doorbell (Sean Christopherson) [Orabug: 34160613] - KVM: ensure APICv is considered inactive if there is no APIC (Paolo Bonzini) [Orabug: 34160613] - KVM: x86: Use rw_semaphore for APICv lock to allow vCPU parallelism (Sean Christopherson) [Orabug: 34160613] - KVM: x86: Move SVM's APICv sanity check to common x86 (Sean Christopherson) [Orabug: 34160613] - KVM: SVM: AVIC: drop unsupported AVIC base relocation code (Maxim Levitsky) [Orabug: 34160613] - KVM: SVM: call avic_vcpu_load/avic_vcpu_put when enabling/disabling AVIC (Maxim Levitsky) [Orabug: 34160613] - KVM: SVM: move check for kvm_vcpu_apicv_active outside of avic_vcpu_{put|load} (Maxim Levitsky) [Orabug: 34160613] - KVM: SVM: avoid refreshing avic if its state didn't change (Maxim Levitsky) [Orabug: 34160613] - KVM: SVM: add warning for mistmatch between AVIC vcpu state and AVIC inhibition (Maxim Levitsky) [Orabug: 34160613] - KVM: x86: Unexport __kvm_request_apicv_update() (Sean Christopherson) [Orabug: 34160613] - KVM: x86: APICv: fix race in kvm_request_apicv_update on SVM (Maxim Levitsky) [Orabug: 34160613] - KVM: x86: APICv: drop immediate APICv disablement on current vCPU (Maxim Levitsky) [Orabug: 34160613] - KVM: SVM: svm_set_vintr don't warn if AVIC is active but is about to be deactivated (Maxim Levitsky) [Orabug: 34160613] - KVM: x86: Check for pending interrupts when APICv is getting disabled (Vitaly Kuznetsov) [Orabug: 34160613] - KVM: SVM: Move AVIC vCPU kicking snippet to helper function (Sean Christopherson) [Orabug: 34160613] - KVM: x86: rename apic_access_page_done to apic_access_memslot_enabled (Maxim Levitsky) [Orabug: 34160613] - KVM: x86: Drop vendor specific functions for APICv/AVIC enablement (Vitaly Kuznetsov) [Orabug: 34160613] - KVM: x86: Use common 'enable_apicv' variable for both APICv and AVIC (Vitaly Kuznetsov) [Orabug: 34160613] - KVM: SVM: Drop unneeded CONFIG_X86_LOCAL_APIC check (Vitaly Kuznetsov) [Orabug: 34160613] - kvm: Replace vcpu->swait with rcuwait (Davidlohr Bueso) [Orabug: 34160613] - rcuwait: Introduce rcuwait_active() (Davidlohr Bueso) [Orabug: 34160613] - rcuwait: Introduce prepare_to and finish_rcuwait (Davidlohr Bueso) [Orabug: 34160613] - rcuwait: Let rcuwait_wake_up() return whether or not a task was awoken (Davidlohr Bueso) [Orabug: 34160613] - rcuwait: Fix stale wake call name in comment (Davidlohr Bueso) [Orabug: 34160613] - rcuwait: Add @state argument to rcuwait_wait_event() (Peter Zijlstra (Intel)) [Orabug: 34160613] - acpi: Remove header dependency (Peter Zijlstra) [Orabug: 34160613] [5.4.17-2136.314.5.el7] - rds: Remove the cp_rdsinfo_pending flag (Hakon Bugge) [Orabug: 34658658] - RDMA/uverbs: restrack shared PDs (Sharath Srinivasan) [Orabug: 34789017] - rds: ib: Fix cleanup of rds_ib_cache_gc_worker (Hakon Bugge) [Orabug: 34806077] - KVM: nVMX: Add tracepoint for nested VM-Enter (David Matlack) [Orabug: 34806795] - KVM: x86: Update trace function for nested VM entry to support VMX (Mingwei Zhang) [Orabug: 34806795] - Revert 'KVM: nSVM: Log nRIP of L1 and L2 guest VMCB in nested VMRUN tracepoint' (Maciej S. Szmigiero) [Orabug: 34806795] - KVM: nVMX: Allow VMREAD when Enlightened VMCS is in use (Vitaly Kuznetsov) [Orabug: 34806795] - KVM: nVMX: Implement evmcs_field_offset() suitable for handle_vmread() (Vitaly Kuznetsov) [Orabug: 34806795] - KVM: nVMX: Rename vmcs_to_field_offset{,_table} (Vitaly Kuznetsov) [Orabug: 34806795] - KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (Vitaly Kuznetsov) [Orabug: 34806795] - x86/kvm: Always inline evmcs_write64() (Peter Zijlstra) [Orabug: 34806795] - KVM: x86: Clean up redundant ROL16(val, n) macro definition (Like Xu) [Orabug: 34806795] - KVM: nVMX: Dynamically compute max VMCS index for vmcs12 (Sean Christopherson) [Orabug: 34806795] - KVM: nVMX: Use '-1' in 'hv_evmcs_vmptr' to indicate that eVMCS is not in use (Vitaly Kuznetsov) [Orabug: 34806795] - KVM: VMX: eVMCS: make evmcs_sanitize_exec_ctrls() work again (Vitaly Kuznetsov) [Orabug: 34806795] - KVM: nVMX: Add VM-Enter failed tracepoints for super early checks (Sean Christopherson) [Orabug: 34806795] - x86: Ignore iommu=off for AMD cpus (Dave Kleikamp) [Orabug: 34034614] - uek-rpm: Add xt_MASQUERADE to nano rpm (Somasundaram Krishnasamy) [Orabug: 34630038] - x86/mce: Retrieve poison range from hardware (Jane Chu) [Orabug: 34670113] - x86/mce: Include a MCi_MISC value in faked mce logs (Tony Luck) [Orabug: 34670113] - pmem: fix a name collision (Jane Chu) [Orabug: 34670113] - pmem: implement pmem_recovery_write() (Jane Chu) [Orabug: 34670113] - pmem: refactor pmem_clear_poison() (Jane Chu) [Orabug: 34670113] - dax: add .recovery_write dax_operation (Jane Chu) [Orabug: 34670113] - dax: introduce DAX_RECOVERY_WRITE dax access mode (Jane Chu) [Orabug: 34670113] - mce: fix set_mce_nospec to always unmap the whole page (Jane Chu) [Orabug: 34670113] - acpi/nfit: rely on mce->misc to determine poison granularity (Jane Chu) [Orabug: 34670113] - RDMA/restrack: Support all QP types (Leon Romanovsky) [Orabug: 34704742] - RDMA/core: Always release restrack object (Leon Romanovsky) [Orabug: 34704742] - RDMA/core: Add CM to restrack after successful attachment to a device (Shay Drory) [Orabug: 34704742] - Revert 'rdmaip: Flush ARP cache after address has been cleared' (Sharath Srinivasan) [Orabug: 34739575] - vdpa/mlx5: default_mtu should not override mtu from vdpa tool (Si-Wei Liu) [Orabug: 34756655] - virtio-net: use mtu size as buffer length for big packets (Gavin Li) [Orabug: 34756655] - virtio-net: introduce and use helper function for guest gso support checks (Gavin Li) [Orabug: 34756655] - vdpa/mlx5: Use consistent RQT size (Eli Cohen) [Orabug: 34756655] - vdpa: mlx5: synchronize driver status with CVQ (Jason Wang) [Orabug: 34756655] - vdpa: mlx5: prevent cvq work from hogging CPU (Jason Wang) [Orabug: 34756655] - vdpa/mlx5: Avoid processing works if workqueue was destroyed (Eli Cohen) [Orabug: 34756655] - vhost: handle error while adding split ranges to iotlb (Anirudh Rayabharam) [Orabug: 34756655] - vdpa: support exposing the count of vqs to userspace (Longpeng) [Orabug: 34756655] - vdpa: change the type of nvqs to u32 (Longpeng) [Orabug: 34756655] - vdpa: support exposing the config size to userspace (Longpeng) [Orabug: 34756655] - vdpa/mlx5: re-create forwarding rules after mac modified (Michael Qiu) [Orabug: 34756655] - Add definition of VIRTIO_F_IN_ORDER feature bit (Gautam Dawar) [Orabug: 34756655] - vhost_vdpa: don't setup irq offloading when irq_num < 0 (Zhu Lingshan) [Orabug: 34756655] - vhost: allow batching hint without size (Jason Wang) [Orabug: 34756655] - vdpa: fix use-after-free on vp_vdpa_remove (Zhang Min) [Orabug: 34756655] - vhost: fix hung thread due to erroneous iotlb entries (Anirudh Rayabharam) [Orabug: 34756655] - vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command (Si-Wei Liu) [Orabug: 34756655] - vdpa/mlx5: should verify CTRL_VQ feature exists for MQ (Si-Wei Liu) [Orabug: 34756655] - vdpa: factor out vdpa_set_features_unlocked for vdpa internal use (Si-Wei Liu) [Orabug: 34756655] - Revert 'RDMA/cma: Use output interface for net_dev check' (Hakon Bugge) [Orabug: 34774008] - bpf: Add probe_read_{user, kernel} and probe_read_{user, kernel}_str helpers (Daniel Borkmann) [Orabug: 34797062] - uaccess: Add strict non-pagefault kernel-space read function (Daniel Borkmann) [Orabug: 34797062] - do_wait: make PIDTYPE_PID case O(1) instead of O(n) (Jim Newsome) [Orabug: 34798125] [5.4.17-2136.314.4.el7] - Feature: Add cmdline param sched_uek=[preempt,wakeidle] (Libo Chen) [Orabug: 34779452] - perf/x86/intel: Hide Topdown metrics events if slots is not enumerated (Kan Liang) [Orabug: 34264064] - net: macsec: Severe performance regression in '...preserve ordering' (Venkat Venkatsubra) [Orabug: 34653784] - mISDN: fix use-after-free bugs in l1oip timer handlers (Duoming Zhou) [Orabug: 34719781] {CVE-2022-3565} - x86/microcode/AMD: Apply the patch late on every logical thread (Mihai Carabas) [Orabug: 34731079] - x86/microcode/AMD: Apply the patch early on every logical thread (Borislav Petkov) [Orabug: 34731079] - io_uring/af_unix: defer registered files gc to io_uring release (Pavel Begunkov) [Orabug: 34743499] {CVE-2022-2602} - scsi: target: core: Silence the message about unknown VPD pages (Konstantin Shelekhin) [Orabug: 34764768] [5.4.17-2136.314.3.el7] - net: ieee802154: return -EINVAL for unknown addr type (Alexander Aring) - ALSA: hda: beep: Simplify keep-power-at-enable behavior (Takashi Iwai) - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (Luke D. Jones) - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (Callum Osmotherly) - LTS tag: v5.4.218 (Sherry Yang) - Input: xpad - fix wireless 360 controller breaking after suspend (Cameron Gutman) - Input: xpad - add supported devices as contributed on github (Pavel Rojtberg) - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (Johannes Berg) - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (Johannes Berg) - wifi: cfg80211: avoid nontransmitted BSS list corruption (Johannes Berg) {CVE-2022-42721} - wifi: cfg80211: fix BSS refcounting bugs (Johannes Berg) {CVE-2022-42720} - wifi: cfg80211: ensure length byte is present before access (Johannes Berg) - wifi: cfg80211/mac80211: reject bad MBSSID elements (Johannes Berg) {CVE-2022-41674} - wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() (Johannes Berg) {CVE-2022-41674} - random: restore O_NONBLOCK support (Jason A. Donenfeld) - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (Frank Wunderlich) - scsi: stex: Properly zero out the passthrough command structure (Linus Torvalds) - efi: Correct Macmini DMI match in uefi cert quirk (Orlando Chamberlain) - ALSA: hda: Fix position reporting on Poulsbo (Takashi Iwai) - random: clamp credited irq bits to maximum mixed (Jason A. Donenfeld) - ceph: don't truncate file in atomic_open (Hu Weiwen) - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (Ryusuke Konishi) - nilfs2: fix leak of nilfs_root in case of writer thread creation failure (Ryusuke Konishi) - nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() (Ryusuke Konishi) - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (Krzysztof Kozlowski) - mmc: core: Terminate infinite loop in SD-UHS voltage switch (Brian Norris) - mmc: core: Replace with already defined values for readability (ChanWoo Lee) - USB: serial: ftdi_sio: fix 300 bps rate for SIO (Johan Hovold) - usb: mon: make mmapped memory read only (Tadeusz Struk) - arch: um: Mark the stack non-executable to fix a binutils warning (David Gow) - um: Cleanup compiler warning in arch/x86/um/tls_32.c (Lukas Straub) - um: Cleanup syscall_handler_t cast in syscalls_32.h (Lukas Straub) - net/ieee802154: fix uninit value bug in dgram_sendmsg (Haimin Zhang) - scsi: qedf: Fix a UAF bug in __qedf_probe() (Letu Ren) - ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer (Sergei Antonov) - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (Swati Agarwal) - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (Swati Agarwal) - firmware: arm_scmi: Add SCMI PM driver remove routine (Cristian Marussi) - fs: fix UAF/GPF bug in nilfs_mdt_destroy (Dongliang Mu) - perf tools: Fixup get_current_dir_name() compilation (Alexey Dobriyan) - mm: pagewalk: Fix race between unmap and page walker (Steven Price) - LTS tag: v5.4.217 (Sherry Yang) - docs: update mediator information in CoC docs (Shuah Khan) - Makefile.extrawarn: Move -Wcast-function-type-strict to W=1 (Sami Tolvanen) - Revert 'drm/amdgpu: use dirty framebuffer helper' (Greg Kroah-Hartman) - xfs: remove unused variable 'done' (YueHaibing) - xfs: fix uninitialized variable in xfs_attr3_leaf_inactive (Darrick J. Wong) - xfs: streamline xfs_attr3_leaf_inactive (Darrick J. Wong) - xfs: move incore structures out of xfs_da_format.h (Christoph Hellwig) - xfs: fix memory corruption during remote attr value buffer invalidation (Darrick J. Wong) - xfs: refactor remote attr value buffer invalidation (Darrick J. Wong) - xfs: fix s_maxbytes computation on 32-bit kernels (Darrick J. Wong) - xfs: truncate should remove all blocks, not just to the end of the page cache (Darrick J. Wong) - xfs: introduce XFS_MAX_FILEOFF (Darrick J. Wong) - xfs: fix misuse of the XFS_ATTR_INCOMPLETE flag (Christoph Hellwig) - LTS tag: v5.4.216 (Sherry Yang) - clk: iproc: Do not rely on node name for correct PLL setup (Florian Fainelli) - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (Han Xu) - selftests: Fix the if conditions of in test_extra_filter() (Wang Yufen) - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (Michael Kelley) - nvme: add new line after variable declatation (Chaitanya Kulkarni) - usbnet: Fix memory leak in usbnet_disconnect() (Peilin Ye) - Input: melfas_mip4 - fix return value check in mip4_probe() (Yang Yingliang) - Revert 'drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time' (Brian Norris) - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (Samuel Holland) - soc: sunxi: sram: Fix probe function ordering issues (Samuel Holland) - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (Cai Huoqing) - soc: sunxi: sram: Prevent the driver from being unbound (Samuel Holland) - soc: sunxi: sram: Actually claim SRAM regions (Samuel Holland) - ARM: dts: am33xx: Fix MMCHS0 dma properties (YuTong Chang) - ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver (Faiz Abbas) - media: dvb_vb2: fix possible out of bound access (Hangyu Hua) - mm: fix madivse_pageout mishandling on non-LRU page (Minchan Kim) - mm/migrate_device.c: flush TLB while holding PTL (Alistair Popple) - mm: prevent page_frag_alloc() from corrupting the memory (Maurizio Lombardi) - mm/page_alloc: fix race condition between build_all_zonelists and page allocation (Mel Gorman) - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (Sergei Antonov) - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (Niklas Cassel) - ntfs: fix BUG_ON in ntfs_lookup_inode_by_name() (ChenXiaoSong) - ARM: dts: integrator: Tag PCI host with device_type (Linus Walleij) - clk: ingenic-tcu: Properly enable registers before accessing timers (Aidan MacDonald) - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (Frank Wunderlich) - uas: ignore UAS for Thinkplus chips (Hongling Zeng) - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (Hongling Zeng) - uas: add no-uas quirk for Hiksemi usb_disk (Hongling Zeng) - LTS tag: v5.4.215 (Sherry Yang) - ext4: make directory inode spreading reflect flexbg size (Jan Kara) - xfs: fix use-after-free when aborting corrupt attr inactivation (Darrick J. Wong) - xfs: fix an ABBA deadlock in xfs_rename (Darrick J. Wong) - xfs: don't commit sunit/swidth updates to disk if that would cause repair failures (Darrick J. Wong) - xfs: split the sunit parameter update into two parts (Darrick J. Wong) - xfs: refactor agfl length computation function (Darrick J. Wong) - xfs: use bitops interface for buf log item AIL flag check (Brian Foster) - xfs: stabilize insert range start boundary to avoid COW writeback race (Brian Foster) - xfs: fix some memory leaks in log recovery (Darrick J. Wong) - xfs: always log corruption errors (Darrick J. Wong) - xfs: constify the buffer pointer arguments to error functions (Darrick J. Wong) - xfs: convert EIO to EFSCORRUPTED when log contents are invalid (Darrick J. Wong) - xfs: Fix deadlock between AGI and AGF when target_ip exists in xfs_rename() (kaixuxia) - xfs: range check ri_cnt when recovering log items (Darrick J. Wong) - xfs: add missing assert in xfs_fsmap_owner_from_rmap (Darrick J. Wong) - xfs: slightly tweak an assert in xfs_fs_map_blocks (Christoph Hellwig) - xfs: replace -EIO with -EFSCORRUPTED for corrupt metadata (Darrick J. Wong) - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (Luis Henriques) - workqueue: don't skip lockdep work dependency in cancel_work_sync() (Tetsuo Handa) - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (Nathan Huckleberry) - drm/amd/display: Limit user regamma to a valid value (Yao Wang1) - Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (Vitaly Kuznetsov) - cifs: always initialize struct msghdr smb_msg completely (Stefan Metzmacher) - usb: xhci-mtk: fix issue of out-of-bounds array access (Chunfeng Yun) - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (Stefan Haberland) - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (Ilpo Jarvinen) - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (Ilpo Jarvinen) - serial: Create uart_xmit_advance() (Ilpo Jarvinen) - net: sched: fix possible refcount leak in tc_new_tfilter() (Hangyu Hua) - net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD (Sean Anderson) - perf kcore_copy: Do not check /proc/modules is unchanged (Adrian Hunter) - perf jit: Include program header in ELF files (Lieven Hey) - can: gs_usb: gs_can_open(): fix race dev->can.state condition (Marc Kleine-Budde) - netfilter: ebtables: fix memory leak when blob is malformed (Florian Westphal) - net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs (Vladimir Oltean) - net/sched: taprio: avoid disabling offload when it was never enabled (Vladimir Oltean) - of: mdio: Add of_node_put() when breaking out of for_each_xx (Liang He) - i40e: Fix set max_tx_rate when it is lower than 1 Mbps (Michal Jaron) - i40e: Fix VF set max MTU size (Michal Jaron) - iavf: Fix set max MTU size with port VLAN and jumbo frames (Michal Jaron) - iavf: Fix bad page state (Norbert Zulinski) - MIPS: Loongson32: Fix PHY-mode being left unspecified (Serge Semin) - MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko (Randy Dunlap) - net: team: Unsync device addresses on ndo_stop (Benjamin Poirier) - ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header (Lu Wei) - iavf: Fix cached head and tail value for iavf_get_tx_pending (Brett Creeley) - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (Pablo Neira Ayuso) - netfilter: nf_conntrack_irc: Tighten matching on DCC message (David Leadbeater) - netfilter: nf_conntrack_sip: fix ct_sip_walk_headers (Igor Ryzhov) - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (Fabio Estevam) - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (zain wang) - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (Brian Norris) - mm/slub: fix to return errno if kmalloc() fails (Chao Yu) - efi: libstub: check Shim mode using MokSBStateRT (Ard Biesheuvel) - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (Callum Osmotherly) - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (Luke D. Jones) - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (Luke D. Jones) - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (Luke D. Jones) - ALSA: hda/realtek: Re-arrange quirk table entries (Takashi Iwai) - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (huangwenhui) - ALSA: hda: add Intel 5 Series / 3400 PCI DID (Kai Vehmanen) - ALSA: hda/tegra: set depop delay for tegra (Mohan Kumar) - USB: serial: option: add Quectel RM520N (jerry meng) - USB: serial: option: add Quectel BG95 0x0203 composition (Carl Yin()) - Revert 'usb: gadget: udc-xilinx: replace memcpy with memcpy_toio' (Greg Kroah-Hartman) - Revert 'usb: add quirks for Lenovo OneLink+ Dock' (Greg Kroah-Hartman) - usb: cdns3: fix issue with rearming ISO OUT endpoint (Pawel Laszczak) - tty: serial: atmel: Preserve previous USART mode if RS485 disabled (Sergiu Moga) - serial: atmel: remove redundant assignment in rs485_config (Lino Sanfilippo) - tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data (Codrin.Ciubotariu@microchip.com) - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (Siddh Raman Pant) - usb: xhci-mtk: relax TT periodic bandwidth allocation (Ikjoon Jang) - usb: xhci-mtk: allow multiple Start-Split in a microframe (Chunfeng Yun) - usb: xhci-mtk: add some schedule error number (Chunfeng Yun) - usb: xhci-mtk: add a function to (un)load bandwidth info (Chunfeng Yun) - usb: xhci-mtk: use @sch_tt to check whether need do TT schedule (Chunfeng Yun) - usb: xhci-mtk: add only one extra CS for FS/LS INTR (Chunfeng Yun) - usb: xhci-mtk: get the microframe boundary for ESIT (Chunfeng Yun) - usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop (Wesley Cheng) - usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup() (Thinh Nguyen) - usb: dwc3: gadget: Refactor pullup() (Thinh Nguyen) - usb: dwc3: gadget: Prevent repeat pullup() (Thinh Nguyen) - usb: dwc3: Issue core soft reset before enabling run/stop (Wesley Cheng) - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (Wesley Cheng) - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (Takashi Iwai) - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (Hyunwoo Kim) - mksysmap: Fix the mismatch of 'L0' symbols in System.map (Youling Tang) - MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping() (Alexander Sverdlin) - afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (David Howells) - net: usb: qmi_wwan: add Quectel RM520N (jerry.meng) - ALSA: hda/tegra: Align BDL entry to 4KB boundary (Mohan Kumar) - ALSA: hda/sigmatel: Keep power up while beep is enabled (Takashi Iwai) - rxrpc: Fix calc of resend age (David Howells) - rxrpc: Fix local destruction being repeated (David Howells) - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (Xiaolei Wang) - ASoC: nau8824: Fix semaphore unbalance at error paths (Takashi Iwai) - iomap: iomap that extends beyond EOF should be marked dirty (Chandan Babu R) - MAINTAINERS: add Chandan as xfs maintainer for 5.4.y (Chandan Babu R) - cifs: don't send down the destination address to sendmsg for a SOCK_STREAM (Stefan Metzmacher) - cifs: revalidate mapping when doing direct writes (Ronnie Sahlberg) - tracing: hold caller_addr to hardirq_{enable,disable}_ip (Yipeng Zou) - task_stack, x86/cea: Force-inline stack helpers (Borislav Petkov) - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (Sasha Levin) - drm/meson: Fix OSD1 RGB to YCbCr coefficient (Stuart Menefy) - drm/meson: Correct OSD1 global alpha value (Stuart Menefy) - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (Pali Rohar) - NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (Trond Myklebust) - of: fdt: fix off-by-one error in unflatten_dt_nodes() (Sergey Shtylyov) - LTS tag: v5.4.214 (Sherry Yang) - tracefs: Only clobber mode/uid/gid on remount if asked (Brian Norris) - soc: fsl: select FSL_GUTS driver for DPIO (Mathew McBride) - net: dp83822: disable rx error interrupt (Enguerrand de Ribaucourt) - mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region() (Jann Horn) - usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (Hu Xiaoying) - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (Hans de Goede) - perf/arm_pmu_platform: fix tests for platform_get_irq() failure (Yu Zhe) - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (Maurizio Lombardi) - Input: iforce - add support for Boeder Force Feedback Wheel (Greg Tulli) - ieee802154: cc2520: add rc code in cc2520_tx() (Li Qiong) - tg3: Disable tg3 device on system reboot to avoid triggering AER (Kai-Heng Feng) - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (Even Xu) - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (Jason Wang) - drm/msm/rd: Fix FIFO-full deadlock (Rob Clark) [5.4.17-2136.314.2.el7] - pensando: kpcimgr: Fix deadlock in read_kpcimgr (Rob Gardner) [Orabug: 34676899] - uek-rpm: add aarch64 to list of vdso arches (Tom Saeger) [Orabug: 34716202] - uapi: Fix [rs]cq_vector data types in rds[6]_info_rdma_connection (Mark Haywood) [Orabug: 34734191] - uapi: Fix congested flag type in rds[6]_info_socket (Mark Haywood) [Orabug: 34734191] - uek-rpm: Remove nano_dracut-blacklist.conf (Somasundaram Krishnasamy) [Orabug: 34743957] [5.4.17-2136.314.1.el7] - proc: provide details on indirect branch speculation (Anand K Mistry) [Orabug: 33927837] - net/rds: rds_tcp_accept_one ought to not discard messages (Gerd Rausch) [Orabug: 34488376] - net/rds: drop rs_transport module reference count on error (Gerd Rausch) [Orabug: 34500807] - pciemgr: use spin_lock_irqsave (Rob Gardner) [Orabug: 34676884] - iommu: set default value of INTEL_IOMMU_FLOPPY_WA to n (Harshit Mogalapalli) [Orabug: 34724685] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2602 CVE-2022-3565 CVE-2022-4378 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 8 hivex libguestfs [1.40.2-28.0.4] - v2v: Cope with libvirt vpx/esx driver which does not set [Orabug: 34026544] [1.40.2-28.0.3] - virt-v2v: Specify backing file format to qemu-img command [Orabug: 33906330] - Require 'kernel-uek' RPM for installation instead of 'kernel' [Orabug: 33986812] [1.40.2-28.0.2] - Specify backing file format to qemu-img command [Orabug: 33841090] - Add btrfs-progs package to appliance image [Orabug: 33835508] [1.40.2-28.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.40.2-28] - daemon: lvm: Use lvcreate --yes to avoid interactive prompts resolves: rhbz#1933640 [1:1.40.2-27] - selinux-relabel does not work if SELINUXTYPE != targeted - tar-in command does not allow restoring file capabilities resolves: rhbz#1384241 rhbz#1828952 [1:1.40.2-26] - insufficient default memsize to open anaconda default RHEL 8.2 luks device resolves: rhbz#1837765 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-3631 cpe:/a:oracle:linux:8::kvm_appstream Oracle Linux 6 Oracle Linux 7 [4.1.12-124.70.2] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34882781] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34882781] {CVE-2022-4378} - netfilter: nf_conntrack_irc: Fix forged IP logic (David Leadbeater) [Orabug: 34872056] {CVE-2022-2663} - r8152: Rate limit overflow messages (Andrew Gaul) [Orabug: 34719940] {CVE-2022-3594} - HID: roccat: Fix use-after-free in roccat_read() (Hyunwoo Kim) [Orabug: 34670789] {CVE-2022-41850} [4.1.12-124.70.1] - usb: mon: make mmapped memory read only (Tadeusz Struk) [Orabug: 34820828] {CVE-2022-43750} - sch_sfb: Also store skb len before calling child enqueue (Toke Hoiland-Jorgensen) [Orabug: 34731314] {CVE-2022-3586} - sch_sfb: Don't assume the skb is still around after enqueueing to child (Toke Hoiland-Jorgensen) [Orabug: 34731314] {CVE-2022-3586} - sch_sfb: keep backlog updated with qlen (WANG Cong) [Orabug: 34731314] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-3586 CVE-2022-3594 CVE-2022-43750 CVE-2022-2663 CVE-2022-41850 CVE-2022-4378 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 7 [2.4.6-97.0.5.5] - mod_session: save one apr_strtok() [Orabug: 33338149][CVE-2021-26690] - replace index.html with Oracle's index page oracle_index.html [2.4.6-97.5] - Resolves: #2065243 - CVE-2022-22720 httpd: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-22720 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 httpd [2.4.37-43.0.2.3] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-43.3] - Resolves: #2065247 - CVE-2022-22720 httpd:2.4/httpd: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-22720 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [1:1.1.1k-6] - Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates - Resolves: rhbz#2067144 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0778 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:6:baseos_base cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 7 [1:1.0.2k-25] - Fixes CVE-2022-2078 Infinite loop in BN_mod_sqrt() reachable when parsing certificates - Related: rhbz#2067160 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0778 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 Oracle Linux 7 [2.1.0-14.0.1] - lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910302] [2.1.0-14] - Fix multiple CVEs - CVE-2022-25236 expat: namespace-separator characters in 'xmlns[:prefix]' attribute values can lead to arbitrary code execution - CVE-2022-25235 expat: malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution - CVE-2022-25315 expat: integer overflow in storeRawNames() - Resolves: CVE-2022-25236 - Resolves: CVE-2022-25235 - Resolves: CVE-2022-25315 [2.1.0-13] - Fix multiple CVEs - CVE-2022-23852 expat: integer overflow in function XML_GetBuffer - CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat - CVE-2021-46143 expat: Integer overflow in doProlog in xmlparse.c - CVE-2022-22827 Integer overflow in storeAtts in xmlparse.c - CVE-2022-22826 Integer overflow in nextScaffoldPart in xmlparse.c - CVE-2022-22825 Integer overflow in lookup in xmlparse.c - CVE-2022-22824 Integer overflow in defineAttribute in xmlparse.c - CVE-2022-22823 Integer overflow in build_model in xmlparse.c - CVE-2022-22822 Integer overflow in addBinding in xmlparse.c - Resolves: CVE-2022-23852 - Resolves: CVE-2021-45960 - Resolves: CVE-2021-46143 - Resolves: CVE-2022-22827 - Resolves: CVE-2022-22826 - Resolves: CVE-2022-22825 - Resolves: CVE-2022-22824 - Resolves: CVE-2022-22823 - Resolves: CVE-2022-22822 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-25315 CVE-2021-46143 CVE-2022-22826 CVE-2022-22827 CVE-2021-45960 CVE-2022-22822 CVE-2022-25235 CVE-2022-22824 CVE-2022-25236 CVE-2022-22825 CVE-2022-22823 CVE-2022-23852 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [3.10.0-1160.62.1.OL7] - Update Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.9 - Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin) [3.10.0-1160.62.1] - cifs: fix handling of DFS links where we can not access all components (Ronnie Sahlberg) [1937304] - redhat: kernel.spec: install new kernel boot entry in posttrans, not post (Denys Vlasenko) [1893756] - [s390] s390/cpumf: Support for CPU Measurement Facility CSVN 7 (Mete Durlu) [2048920] - dm table: fix iterate_devices based device capability checks (Mike Snitzer) [2054743] - buffer: eliminate the need to call free_more_memory() in __getblk_slow() (Carlos Maiolino) [2030609] - buffer: grow_dev_page() should use __GFP_NOFAIL for all cases (Carlos Maiolino) [2030609] - buffer: have alloc_page_buffers() use __GFP_NOFAIL (Carlos Maiolino) [2030609] - mm: memcg: do not fail __GFP_NOFAIL charges (Rafael Aquini) [2054345] - mm: filemap: do not drop action modifier flags from the gfp_mask passed to __add_to_page_cache_locked() (Rafael Aquini) [2054345] - Added ZSTREAM=yes to makefile (Lucas Zampieri) [3.10.0-1160.61.1] - x86/efi: reset the correct tlb_state when returning from efi_switch_mm() (Rafael Aquini) [2055587] [3.10.0-1160.60.1] - svcrdma: Fix leak of svc_rdma_recv_ctxt objects (Benjamin Coddington) [2028740] - sunrpc: Remove unneeded pointer dereference (Benjamin Coddington) [2028740] - x86/platform/uv: Add more to secondary CPU kdump info (Frank Ramsay) [2042462] - [s390] s390/AP: support new dynamic AP bus size limit (Claudio Imbrenda) [1997156] - CI: Enable baseline realtime checks (Veronika Kabatova) - CI: Rename pipelines to include release names (Veronika Kabatova) - RDMA/cma: Do not change route.addr.src_addr.ss_family (Kamal Heib) [2032075] {CVE-2021-4028} - fget: clarify and improve __fget_files() implementation (Miklos Szeredi) [2032478] {CVE-2021-4083} - fget: check that the fd still exists after getting a ref to it (Miklos Szeredi) [2032478] {CVE-2021-4083} - net: Set fput_needed iff FDPUT_FPUT is set (Miklos Szeredi) [2032478] {CVE-2021-4083} - vfs, fdtable: Add fget_task helper (Miklos Szeredi) [2032478] {CVE-2021-4083} - fs: add fget_many() and fput_many() (Miklos Szeredi) [2032478] {CVE-2021-4083} - fs/file.c: __fget() and dup2() atomicity rules (Miklos Szeredi) [2032478] {CVE-2021-4083} - vfs: Don't let __fdget_pos() get FMODE_PATH files (Miklos Szeredi) [2032478] {CVE-2021-4083} - get rid of fget_light() (Miklos Szeredi) [2032478] {CVE-2021-4083} - sockfd_lookup_light(): switch to fdget^W^Waway from fget_light (Miklos Szeredi) [2032478] {CVE-2021-4083} - fs: __fget_light() can use __fget() in slow path (Miklos Szeredi) [2032478] {CVE-2021-4083} - fs: factor out common code in fget_light() and fget_raw_light() (Miklos Szeredi) [2032478] {CVE-2021-4083} - fs: factor out common code in fget() and fget_raw() (Miklos Szeredi) [2032478] {CVE-2021-4083} - introduce __fcheck_files() to fix rcu_dereference_check_fdtable(), kill rcu_my_thread_group_empty() (Miklos Szeredi) [2032478] {CVE-2021-4083} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-4028 CVE-2021-4083 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [91.8.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Enabled aarch64 build [91.8.0-1] - Update to 91.8.0 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-28282 CVE-2022-28289 CVE-2022-28281 CVE-2022-1097 CVE-2022-24713 CVE-2022-28286 CVE-2022-1196 CVE-2022-28285 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [91.8.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.8.0-1] - Update to 91.8.0 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1097 CVE-2022-28285 CVE-2022-28282 CVE-2022-28286 CVE-2022-28281 CVE-2022-28289 CVE-2022-24713 CVE-2022-1196 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [91.8.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [91.8.0-1] - Update to 91.8.0 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-28281 CVE-2022-28289 CVE-2022-1196 CVE-2022-28282 CVE-2022-24713 CVE-2022-28286 CVE-2022-28285 CVE-2022-1097 CVE-2022-1197 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [91.8.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [91.8.0-1] - Update to 91.8.0 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1197 CVE-2022-28289 CVE-2022-28281 CVE-2022-28285 CVE-2022-28282 CVE-2022-1097 CVE-2022-1196 CVE-2022-24713 CVE-2022-28286 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [1:11.0.15.0.9-2.0.1] - link atomic for ix86 build [1:11.0.15.0.9-2] - Add JDK-8284920 fix for XPath regression - Related: rhbz#2073422 [1:11.0.15.0.9-2] - Remove security items from release notes that were only in 17u and N/A for 11u - Related: rhbz#2073422 [1:11.0.15.0.9-1] - Update to jdk-11.0.15.0+9 - Update release notes to 11.0.15.0+9 - Switch to GA mode for release - ** This tarball is embargoed until 2022-04-19 @ 1pm PT. ** - Resolves: rhbz#2073422 [1:11.0.15.0.8-0.1.ea] - Update to jdk-11.0.15.0+8 - Update release notes to 11.0.15.0+8 - Resolves: rhbz#2047531 [1:11.0.15.0.1-0.1.ea] - Update to jdk-11.0.15.0+1 - Update release notes to 11.0.15.0+1 - Switch to EA mode for 11.0.15 pre-release builds. - Related: rhbz#2047531 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21434 CVE-2022-21426 CVE-2022-21496 CVE-2022-21443 CVE-2022-21476 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [1:11.0.15.0.9-2] - Add JDK-8284920 fix for XPath regression - Related: rhbz#2073422 [1:11.0.15.0.9-2] - Remove security items from release notes that were only in 17u and N/A for 11u - Related: rhbz#2073422 [1:11.0.15.0.9-1] - Update to jdk-11.0.15.0+9 - Update release notes to 11.0.15.0+9 - Switch to GA mode for release - ** This tarball is embargoed until 2022-04-19 @ 1pm PT. ** - Resolves: rhbz#2073422 [1:11.0.15.0.8-0.1.ea] - Update to jdk-11.0.15.0+8 - Update release notes to 11.0.15.0+8 - Switch to EA mode for 11.0.15 pre-release builds. - Rebase RH1996182 FIPS patch after JDK-8254410 - Related: rhbz#2073422 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21496 CVE-2022-21434 CVE-2022-21426 CVE-2022-21443 CVE-2022-21476 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1:17.0.3.0.6-2] - Add JDK-8284920 fix for XPath regression - Related: rhbz#2073575 [1:17.0.3.0.6-2] - JDK-8275082 should be listed as also resolving JDK-8278008 & CVE-2022-21476 - Related: rhbz#2073575 [1:17.0.3.0.6-1] - JDK-8283911 patch no longer needed now we're GA... - Resolves: rhbz#2073575 [1:17.0.3.0.6-1] - April 2022 security update to jdk 17.0.3+6 - Update to jdk-17.0.3.0+6 pre-release tarball (17usec.17.0.3+5-220408) - Add JDK-8284548 regression fix missing from pre-release tarball but in jdk-17.0.3+6/jdk-17.0.3-ga - Update release notes to 17.0.3.0+6 - Add missing README.md and generate_source_tarball.sh - Introduce tests/tests.yml, based on the one in java-11-openjdk - Switch to GA mode for release - ** This tarball is embargoed until 2022-04-19 @ 1pm PT. ** - Resolves: rhbz#2073575 [1:17.0.3.0.5-0.1.ea] - Update to jdk-17.0.3.0+5 - Update release notes to 17.0.3.0+5 - Switch to EA mode for 17.0.3 pre-release builds. - Add JDK-8283911 to fix bad DEFAULT_PROMOTED_VERSION_PRE value - Related: rhbz#2073422 [1:17.0.2.0.8-6] - Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode - Resolves: rhbz#2055396 [1:17.0.2.0.8-5] - Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false - Resolves: rhbz#2018189 [1:17.0.2.0.8-5] - Add patch to allow plain key import. - Resolves: rhbz#2018189 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21426 CVE-2022-21443 CVE-2022-21434 CVE-2022-21449 CVE-2022-21476 CVE-2022-21496 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 7 [1.6.4-32.0.1] - Reduce unnecessary writable mounts in NaiveDiffDriver [Orabug: 31025483] - handle redirect from the docker registry v2 [Orabug: 29874238] (nikita.gerasimov@oracle.com) - remove changes in NaiveDiffDriver [1.6.4-32] - update to the latest content of https://github.com/containers/podman/tree/v1.6.4-rhel (https://github.com/containers/podman/commit/aba15dd) [1.6.4-31] - drop libseccomp dependency - Related: #2074089 [1.6.4-30] - update to the latest content of https://github.com/containers/podman/tree/v1.6.4-rhel (https://github.com/containers/podman/commit/c19e460) - Related: #2074089 IMPORTANT Copyright 2022 Oracle, Inc. cpe:/a:oracle:linux:7::developer Oracle Linux 8 go-toolset [1.17.10-1] - Set version to correspond to the matching build golang version - delve can be now added to aarch64 as well, remove ifarch. golang [1.17.10-1.0.1] - Add patches between Go 1.17.7 and Go 1.17.10 - Rename base_versn to base_version - Remove unneeded patches from previous version - Remove Patch2028662 because that patch is also upstream now - Reviewed-by: XXX XXX <xxx.xxx@oracle.com> [1.17.7-1] - Rebase to Go 1.17.7 - Remove fips memory leak patch (fixed in tree) - Resolves: rhbz#2015930 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-24675 CVE-2022-24921 CVE-2022-29526 CVE-2022-28327 cpe:/a:oracle:linux:8::developer Oracle Linux 8 go-toolset [1.16.15-1] - Rebase to Go 1.16.15 golang [1.16.15-1.0.1] - Add patches from 1.16.12 to 1.16.15 - Add Sources for 3 binary files that changed between 1.16.12 and 1.16.15 - Rename base_vrsn to base_version - Reviewed-by: XXX XXX <xxx.xxx@oracle.com> IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-24921 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 cpe:/a:oracle:linux:8::developer Oracle Linux 7 [1:1.8.0.332.b09-1] - Update to shenandoah-jdk8u332-b09 (GA) - Update release notes for 8u332-b09. - Switch to GA mode for final release. - This tarball is embargoed until 2022-04-19 @ 1pm PT. - Resolves: rhbz#2073422 [1:1.8.0.332.b06-0.1.ea] - Update to shenandoah-jdk8u332-b06 (EA) - Update release notes for shenandoah-8u332-b06. - Resolves: rhbz#2047529 [1:1.8.0.332.b01-0.1.ea] - Update to shenandoah-jdk8u332-b01 (EA) - Update release notes for shenandoah-8u332-b01. - Switch to EA mode. - Related: rhbz#2047529 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21426 CVE-2022-21496 CVE-2022-21443 CVE-2022-21476 CVE-2022-21434 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [1:1.8.0.332.b09-1] - Update to shenandoah-jdk8u332-b09 (GA) - Update release notes for 8u332-b09. - Switch to GA mode for final release. - This tarball is embargoed until 2022-04-19 @ 1pm PT. - Resolves: rhbz#2073422 [1:1.8.0.332.b06-0.1.ea] - Update to shenandoah-jdk8u332-b06 (EA) - Update release notes for shenandoah-8u332-b06. - Switch to EA mode. - Remove JDK-8279077 patch now upstream. - Related: rhbz#2073422 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21496 CVE-2022-21443 CVE-2022-21426 CVE-2022-21434 CVE-2022-21476 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.9-13] - fix an arbitrary-file-write vulnerability in zgrep Resolves: CVE-2022-1271 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1271 cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:5:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/o:oracle:linux:8:8:baseos_base cpe:/o:oracle:linux:8:9:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8:7:baseos_base cpe:/o:oracle:linux:8::baseos_developer Oracle Linux 7 [0.4-4] - Fix commandline injection vulnerability - Resolves: rhbz#2068651 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29599 cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [0.115-13.0.1.el8_5.2] - Increase timeout to avoid defunct processes [Orabug: 26930744] [0.115-13.el8_5.2] - necessary version bump due to build versioning - Resolves: CVE-2021-4115 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-4115 cpe:/o:oracle:linux:8:5:baseos_patch cpe:/o:oracle:linux:8:7:baseos_base cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/o:oracle:linux:8:6:baseos_base cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 8 [4.18.0-348.23.1_5.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-11.0.5 [4.18.0-348.23.1_5] - gfs2: dequeue iopen holder in gfs2_inode_lookup error (Bob Peterson) [2069750 2061665] [4.18.0-348.22.1_5] - scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (Dick Kennedy) [2058193 2027558] - cifs: check all path components in resolved dfs target (Ronnie Sahlberg) [2056329 2030880] - RDMA/cma: Do not change route.addr.src_addr.ss_family (Kamal Heib) [2032073 2032074] {CVE-2021-4028} [4.18.0-348.21.1_5] - netfilter: nf_queue: handle socket prefetch (Florian Westphal) [2061446 2009786] - netfilter: nf_queue: fix possible use-after-free (Florian Westphal) [2061446 2009786] - selftests: netfilter: add nfqueue TCP_NEW_SYN_RECV socket race test (Florian Westphal) [2061446 2009786] - netfilter: nf_queue: don't assume sk is full socket (Florian Westphal) [2061446 2009786] - netfilter: nf_tables_offload: incorrect flow offload action array size (Florian Westphal) [2056867 2056728] {CVE-2022-25636} - netfilter: nftables_offload: KASAN slab-out-of-bounds Read in nft_flow_rule_create (Florian Westphal) [2056867 2056728] {CVE-2022-25636} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-4028 CVE-2022-25636 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::codeready_builder cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 8 [8.0.1763-16.0.1] - - Remove upstream references [Orabug: 31197557] [2:8.0.1763-16.13] - CVE-2022-1154 vim: use after free in utf_ptr2char MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1154 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 8 galera [25.3.34-4] - Explicitly require the 'procps-ng' package - Otherwise it will not require it in the lightweight systems (e.g. containers) - and Galera won't work properly [25.3.34-3] - Use downstream garbd-wrapper and garbd.service to ensure compatibility - Add upstream versions of garbd-wrapper (called garbd-systemd) and garbd.service in case user want's to use them [ 25.3.34-2] - Switch from SCONS build tooling to CMAKE build tooling [25.3.34-1] - Rebase to 25.3.34 Resolves: #2042298 mariadb [3:10.3.32-2.0.1] - Fix changelog [3:10.3.32-2] - Add delaycompress option to the logrotate script [3:10.3.32-1] - Rebase to 10.3.32 [3:10.3.31-1] - Rebase to 10.3.31 [3:10.3.30-1] - Rebase to 10.3.30 [3:10.3.29-2] - Set user_map.conf file to be noreplace config file [3:10.3.29-1] - Rebase to 10.3.29 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-35604 CVE-2021-46662 CVE-2021-46657 CVE-2021-2154 CVE-2021-46666 CVE-2021-46667 CVE-2021-2372 CVE-2021-46658 CVE-2021-2166 CVE-2021-2389 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:linux:8::codeready_builder_developer Oracle Linux 8 galera [26.4.9-4] - Use downstream garbd-wrapper and garbd.service to ensure compatibility - Add upstream versions of garbd-wrapper (called garbd-systemd) and garbd.service in case user want's to use them [26.4.9-3] - Explicitly require the 'procps-ng' package - Otherwise it will not require it in the lightweight systems (e.g. containers) - and Galera won't work properly [26.4.9-2] - Switch from SCONS build tooling to CMAKE build tooling [26.4.9-1] - Rebase to 26.4.9 mariadb [3:10.5.13-1] - Rebase to 10.5.13 - Add wsrep_sst_rsync_tunnel script [3:10.5.12-1] - Rebase to 10.5.12 [3:10.5.11-1] - Rebase to 10.5.11 [3:10.5.10-2] - Set user_map.conf file to be noreplace config file - Resolves: rhbz#1989621 [3:10.5.10-1] - Rebase to 10.5.10 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-35604 CVE-2021-2154 CVE-2021-46666 CVE-2021-2166 CVE-2021-2389 CVE-2021-46657 CVE-2021-2372 CVE-2021-46658 CVE-2021-46662 CVE-2021-46667 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 buildah [1.19.9-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 (https://github.com/containers/buildah/commit/7c6701d) - fixes CVE-2022-27651 - Resolves: #2067539 podman [3.0.1-8] - update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel (https://github.com/containers/podman/commit/c5d8129) - fixes CVE-2022-27649 - Resolves: #2067511 runc [1.0.0-73.rc95] - fix podman run --pid=host command causes OCI permission error - rc95 fixes CVE-2021-30465 - Related: #2070961 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-27651 CVE-2022-27649 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 buildah [1.11.6-10.0.1] - Handling redirect from the docker registry [Orabug: 29874238] (Nikita Gerasimov) - Reduce unnecessary writable mounts in NaiveDiffDriver [Orabug: 31025483] [1.11.6-10] - update to the latest content of https://github.com/containers/buildah/tree/release-1.11-rhel (https://github.com/containers/buildah/commit/9a4764a) - fixes CVE-2022-27649 podman [1.6.4-28.0.1] - Reduce unnecessary writable mounts in NaiveDiffDriver [Orabug: 31025483] - delivering fix for [Orabug: 29874238] by Nikita Gerasimov <nikita.gerasimov@oracle.com> [1.6.4-28] - update to the latest content of https://github.com/containers/podman/tree/v1.6.4-rhel (https://github.com/containers/podman/commit/9407ffd) - fixes CVE-2022-27651 - Resolves: #2067545 [1.6.4-27] - update to the latest content of https://github.com/containers/podman/tree/v1.6.4-rhel (https://github.com/containers/podman/commit/c19e460) - Resolves: #2062401 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-27649 CVE-2022-27651 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [1.2.11-18] - Resolves: CVE-2018-25032 [1.2.11-17] - Fixed DFLTCC compression level switching issues (#1875492) - Enabled HW compression for compression levels 1 through 6 (#1847438) - Fixed inflateSyncPoint() bad return value on z15 (#1888930) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2018-25032 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:6:baseos_base cpe:/a:oracle:linux:8::codeready_builder cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 8 [1.51.0-5.1] - Add missing validation of encoding (CVE-2022-25235) (#2058114) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-25235 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::codeready_builder cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 7 [91.9.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Enabled aarch64 build [91.9.0-1] - Update to 91.9.0 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29917 CVE-2022-29909 CVE-2022-29914 CVE-2022-29912 CVE-2022-29911 CVE-2022-29916 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [91.9.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.9.0-1] - Update to 91.9.0 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29916 CVE-2022-29912 CVE-2022-29914 CVE-2022-29917 CVE-2022-29909 CVE-2022-29911 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [91.9.0-3.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [91.9.0-3] - Update to 91.9.0 build3 [91.9.0-2] - Update to 91.9.0 build2 [91.9.0-1] - Update to 91.9.0 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29912 CVE-2022-29917 CVE-2022-1520 CVE-2022-29909 CVE-2022-29911 CVE-2022-29913 CVE-2022-29914 CVE-2022-29916 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [1:11.0.15.0.10-1] - Update to jdk-11.0.15.0+10 - Update release notes to 11.0.15.0+10 - Switch to GA mode for release - Rebase RH1996182 FIPS patch after JDK-8254410 - Resolves: rhbz#2073594 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21434 CVE-2022-21496 CVE-2022-21476 CVE-2022-21426 CVE-2022-21443 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:17.0.3.0.7-1] - April 2022 security update to jdk 17.0.3+7 - Update to jdk-17.0.3.0+7 tarball - Update release notes to 17.0.3.0+7 - Add missing README.md and generate_source_tarball.sh - Resolves: rhbz#2073578 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21449 CVE-2022-21434 CVE-2022-21476 CVE-2022-21426 CVE-2022-21496 CVE-2022-21443 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 [91.9.0-3.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [91.9.0-3] - Update to 91.9.0 build3 [91.9.0-2] - Update to 91.9.0 build2 [91.9.0-1] - Update to 91.9.0 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29909 CVE-2022-29912 CVE-2022-29914 CVE-2022-1520 CVE-2022-29916 CVE-2022-29917 CVE-2022-29911 CVE-2022-29913 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 hivex [1.3.18-23] - Limit recursion in ri-records (CVE-2021-3622) resolves: rhbz#1976194 [1.3.18-22.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) libguestfs [1.44.0-5.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.44.0-5] - Fix libguestfs failure with qemu 6.2, libvirt 7.10 resolves: rhbz#2035177 [1:1.44.0-4] - Autodetect backing format for qemu-img create -b - Move appliance to separate subpackage - Read rpm database through librpm resolves: rhbz#2013916, rhbz#1989520, rhbz#1836094 [1.44.0-3.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) libguestfs-winsupport [8.6-1] - Rebase to ntfs-3g 2021.8.22 - Fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE-2021-39254 resolves: rhbz#2004490 libnbd [1.6.0-5.el8] - Fix CVE-2022-0485: Fail nbdcopy if NBD read or write fails resolves: rhbz#2045718 [1.6.0-4.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) [1.2.2] - Resolves: bz#1844296 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) libvirt [8.0.0-5.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] - Add runtime deps for pkg librbd1 >= 1:10.2.5 (Keshav Sharma) [8.0.0-5] - node_device: Rework udevKludgeStorageType() (rhbz#2056673) - node_device: Treat NVMe disks as regular disks (rhbz#2056673) [8.0.0-4] - qemu_command: Generate memory only after controllers (rhbz#2050697) - qemu: Validate domain definition even on migration (rhbz#2050702) [8.0.0-3] - qemuDomainSetupDisk: Initialize 'targetPaths' (rhbz#2046172) - RHEL: Remove <glib-2.64.0 workaround for GSource race (rhbz#2045879) [8.0.0-2] - Revert 'report error when virProcessGetStatInfo() is unable to parse data' (rhbz#2041610) - qemu: fix inactive snapshot revert (rhbz#2043584) [8.0.0-1] - Rebased to libvirt-8.0.0 (rhbz#2012802) libvirt-python [8.0.0-1] - Rebased to libvirt-python-8.0.0 (rhbz#2012806) perl-Sys-Virt [8.0.0-1] - Rebase to 8.0.0 release - Resolves: rhbz#2012813 qemu-kvm [6.2.0-11] - kvm-target-i386-properly-reset-TSC-on-reset.patch [bz#1975840] - Resolves: bz#1975840 (Windows guest hangs after updating and restarting from the guest OS) [6.2.0-10] - kvm-vmxcap-Add-5-level-EPT-bit.patch [bz#2056986] - kvm-i386-Add-Icelake-Server-v6-CPU-model-with-5-level-EP.patch [bz#2056986] - kvm-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch [bz#2059311] - kvm-tests-acpi-whitelist-expected-blobs-before-changing-.patch [bz#2059311] - kvm-tests-acpi-add-SLIC-table-test.patch [bz#2059311] - kvm-tests-acpi-SLIC-update-expected-blobs.patch [bz#2059311] - kvm-tests-acpi-manually-pad-OEM_ID-OEM_TABLE_ID-for-test.patch [bz#2059311] - kvm-tests-acpi-whitelist-nvdimm-s-SSDT-and-FACP.slic-exp.patch [bz#2059311] - kvm-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch [bz#2059311] - kvm-tests-acpi-update-expected-blobs.patch [bz#2059311] - kvm-tests-acpi-test-short-OEM_ID-OEM_TABLE_ID-values-in-.patch [bz#2059311] - kvm-rhel-workaround-for-lack-of-binary-patches-in-SRPM.patch [bz#2059311] - Resolves: bz#2056986 (Win11 (q35+edk2) guest broke after install wsl2 through 'wsl --install -d Ubuntu-20.04') - Resolves: bz#2059311 (Guest can not start with SLIC acpi table) [6.2.0-9] - kvm-Revert-redhat-Add-hw_compat_4_2_extra-and-apply-to-u.patch [bz#2061856] - kvm-Revert-redhat-Enable-FDC-device-for-upstream-machine.patch [bz#2061856] - kvm-Revert-redhat-Expose-upstream-machines-pc-4.2-and-pc.patch [bz#2061856] - kvm-hw-virtio-vdpa-Fix-leak-of-host-notifier-memory-regi.patch [bz#2027208] - kvm-pci-expose-TYPE_XIO3130_DOWNSTREAM-name.patch [bz#2054597] - kvm-acpi-pcihp-pcie-set-power-on-cap-on-parent-slot.patch [bz#2054597] - Resolves: bz#2061856 (Revert IBM-specific Ubuntu-compatibility machine type for 8.6-AV GA) - Resolves: bz#2027208 ([virtual network][vDPA] qemu crash after hot unplug vdpa device) - Resolves: bz#2054597 (Do operation to disk will hang in the guest of target host after hotplugging and migrating) [6.2.0-8] - kvm-block-nbd-Delete-reconnect-delay-timer-when-done.patch [bz#2035185] - kvm-block-nbd-Assert-there-are-no-timers-when-closed.patch [bz#2035185] - kvm-iotests.py-Add-QemuStorageDaemon-class.patch [bz#2035185] - kvm-iotests-281-Test-lingering-timers.patch [bz#2035185] - kvm-block-nbd-Move-s-ioc-on-AioContext-change.patch [bz#2035185] - kvm-iotests-281-Let-NBD-connection-yield-in-iothread.patch [bz#2035185] - Resolves: bz#2035185 (Qemu core dump when start guest with nbd node or do block jobs to nbd node) [6.2.0-7] - kvm-numa-Enable-numa-for-SGX-EPC-sections.patch [bz#1518984] - kvm-numa-Support-SGX-numa-in-the-monitor-and-Libvirt-int.patch [bz#1518984] - kvm-doc-Add-the-SGX-numa-description.patch [bz#1518984] - kvm-Enable-SGX-RH-Only.patch [bz#1518984] - kvm-qapi-Cleanup-SGX-related-comments-and-restore-sectio.patch [bz#1518984] - kvm-block-io-Update-BSC-only-if-want_zero-is-true.patch [bz#2041480] - kvm-iotests-block-status-cache-New-test.patch [bz#2041480] - Resolves: bz#1518984 ([Intel 8.6 Feat] qemu-kvm: SGX 1.5 (SGX1 + Flexible Launch Control) support) - Resolves: bz#2041480 ([incremental_backup] Inconsistent block status reply in qemu-nbd) [6.2.0-6] - kvm-virtiofsd-Drop-membership-of-all-supplementary-group.patch [bz#2046198] - kvm-softmmu-fix-device-deletion-events-with-device-JSON-.patch [bz#2033279] - kvm-block-backend-prevent-dangling-BDS-pointers-across-a.patch [bz#2021778 bz#2036178] - kvm-iotests-stream-error-on-reset-New-test.patch [bz#2021778 bz#2036178] - kvm-block-rbd-fix-handling-of-holes-in-.bdrv_co_block_st.patch [bz#2037135] - kvm-block-rbd-workaround-for-ceph-issue-53784.patch [bz#2037135] - Resolves: bz#2046198 (CVE-2022-0358 virt:av/qemu-kvm: QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405 [rhel-8.6]) - Resolves: bz#2033279 ([wrb][qemu-kvm 6.2] The hot-unplugged device can not be hot-plugged back) - Resolves: bz#2021778 (Qemu core dump when do full backup during system reset) - Resolves: bz#2036178 (Qemu core dumped when do block-stream to a snapshot node on non-enough space storage) - Resolves: bz#2037135 (Booting from Local Snapshot Core Dumped Whose Backing File Is Based on RBD) [6.2.0-5] - kvm-acpi-validate-hotplug-selector-on-access.patch [bz#2036580] - kvm-x86-Add-q35-RHEL-8.6.0-machine-type.patch [bz#2031035] - Resolves: bz#2036580 (CVE-2021-4158 virt:rhel/qemu-kvm: QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c [rhel-8]) - Resolves: bz#2031035 (Add rhel-8.6.0 machine types for RHEL 8.6 [x86]) [6.2.0-4] - kvm-hw-arm-virt-Register-iommu-as-a-class-property.patch [bz#2031039] - kvm-hw-arm-virt-Register-its-as-a-class-property.patch [bz#2031039] - kvm-hw-arm-virt-Rename-default_bus_bypass_iommu.patch [bz#2031039] - kvm-hw-arm-virt-Add-8.6-machine-type.patch [bz#2031039] - kvm-hw-arm-virt-Check-no_tcg_its-and-minor-style-changes.patch [bz#2031039] - kvm-rhel-machine-types-x86-set-prefer_sockets.patch [bz#2029582] - Resolves: bz#2031039 (Add rhel-8.6.0 machine types for RHEL 8.6 [aarch64]) - Resolves: bz#2029582 ([8.6] machine types: 6.2: Fix prefer_sockets) [6.2.0-2] - kvm-redhat-Add-rhel8.6.0-machine-type-for-s390x.patch [bz#2005325] - kvm-redhat-Define-pseries-rhel8.6.0-machine-type.patch [bz#2031041] - Resolves: bz#2005325 (Fix CPU Model for new IBM Z Hardware - qemu part) - Resolves: bz#2031041 (Add rhel-8.6.0 machine types for RHEL 8.6 [ppc64le]) [6.2.0-1.el8] - Rebase to qemu-kvm 6.2.0 - Resolves bz#2027716 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-39259 CVE-2021-35267 CVE-2021-39261 CVE-2021-39262 CVE-2021-39254 CVE-2021-3622 CVE-2021-39255 CVE-2021-33287 CVE-2021-3716 CVE-2021-39251 CVE-2021-3748 CVE-2021-3975 CVE-2021-35268 CVE-2021-35269 CVE-2021-39252 CVE-2021-39260 CVE-2021-33285 CVE-2021-4145 CVE-2021-20196 CVE-2021-4158 CVE-2021-33286 CVE-2021-39253 CVE-2021-39258 CVE-2021-39263 CVE-2022-0485 CVE-2021-39256 CVE-2021-39257 CVE-2021-33289 CVE-2021-35266 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 buildah [1:1.24.2-4] - update to the latest content of https://github.com/containers/buildah/tree/release-1.24 (https://github.com/containers/buildah/commit/7b559a3) - Related: #2059296 [1:1.24.2-3] - switch to RHEL maintenance branch which fixes CVE-2022-27651 - Resolves: #2067559 [1:1.24.2-2] - Add patch to fix bash symtax for gating tests - Upstream PR: https://github.com/containers/buildah/pull/3792 - Related: #2001445 [1:1.24.2-1] - update to https://github.com/containers/buildah/releases/tag/v1.24.2 - Related: #2001445 [1:1.24.1-1] - update to https://github.com/containers/buildah/releases/tag/v1.24.1 - Related: #2001445 [1:1.24.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.24.0 - Related: #2001445 cockpit-podman [43-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/43 - Related: #2017266 conmon [2:2.1.0-1] - update to https://github.com/containers/conmon/releases/tag/v2.1.0 - Related: #2001445 containernetworking-plugins [1:1.0.1-2] - revert back to https://github.com/containernetworking/plugins/releases/tag/v1.0.1 - Related: #2001445 containers-common [1-27.0.1] - Updated removed references [Orabug: 33473101] (Alex Burmashev) - Adjust registries.conf (Nikita Gerasimov) - remove references to RedHat registry (Nikita Gerasimov) [2:1-27] - update vendored tarballs to avoid unwanted licenses (thanks to Brent Baude) - Related: #2065707 container-selinux [2:2.179.1-1] - update to https://github.com/containers/container-selinux/releases/tag/v2.179.1 - Related: #2001445 criu [3.15-3] - add Requires: criu-libs = %{version}-%{release} in criu-devel - add gating tests - Related: #1934415 [3.15-2] - add -devel and -libs subpackages - Resolves: #1971718 crun [1.4.4-1] - update to https://github.com/containers/crun/releases/tag/1.4.4 - Resolves: #2067577 fuse-overlayfs [1.8.2-1] - update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.8.2 - Related: #2001445 libslirp [4.4.0-1] - Fix CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 out-of-bounds access - Related: #1934415 oci-seccomp-bpf-hook [1.2.3-3] - change runc dependency to conflict - Related: #1934415 podman [2:4.0.2-6] - update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel (https://github.com/containers/podman/commit/3d24a66) - Related: #2059296 [2:4.0.2-5] - update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel (https://github.com/containers/podman/commit/bb1e6e6) - Related: #2059296 [2:4.0.2-4] - update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel (https://github.com/containers/podman/commit/5a54f81) - Resolves: #2066493 [2:4.0.2-3] - depend on libseccomp >= 2.5 - Resolves: #2065292 [2:4.0.2-2] - update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel (https://github.com/containers/podman/commit/9237d75) - Related: #2059296 [2:4.0.2-1] - update to https://github.com/containers/podman/releases/tag/v4.0.2 - Related: #2059754 [2:4.0.1-1] - update to https://github.com/containers/podman/releases/tag/v4.0.1 - Related: #2001445 python-podman [4.0.0-1] - bump to v4.0.0 - Related: #2001445 runc [1.0.3-2] - rollback to 1.0.3 due to gating test issues - Related: #2001445 [1.1.0-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.0 - Related: #2001445 skopeo [2:1.6.1-2] - fix CVE-2022-21698 - Related: #2059296 [2:1.6.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.6.1 - Related: #2001445 slirp4netns [1.1.8-2] - fix gating - don't use insecure functions - thanks to Marc-Andre Lureau - Related: #2001445 udica [0.2.6-3] - Require container-selinux shipping policy templates (#2005866) [0.2.6-1] - update to https://github.com/containers/udica/releases/tag/v0.2.6 - Related: #2001445 [0.2.5-2] - New rebase https://github.com/containers/udica/releases/tag/v0.2.5 (#1995041) - Replace capability dictionary with str.lower() - Enable udica to generate policies with fifo class - Sort container inspect data before processing - Update templates to work properly with new cil parser - Related: #1934415 [0.2.5-1] - update to https://github.com/containers/udica/releases/tag/v0.2.5 - Related: #1934415 [0.2.4-2] - remove %check again and all related BRs - Related: #1934415 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21698 CVE-2022-27651 CVE-2022-1227 CVE-2022-27649 CVE-2022-27650 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 mod_wsgi [4.7.1-4] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [4.7.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [4.7.1-2] - Rebuilt for Python 3.9 [4.7.1-1] - update to 4.7.1 (#1721376) python39 [3.9.7-1] - Update to 3.9.7 Resolves: rhbz#2003102 python3x-pip [20.2.4-7] - Remove bundled windows executables - Resolves: rhbz#2006790 python3x-six [1.15.0-3] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [1.15.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [1.15.0-1] - Update to 1.15.0 (#1838702) [1.14.0-4] - Rebuilt for Python 3.9 [1.14.0-3] - Bootstrap for Python 3.9 [1.14.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild [1.14.0-1] - Update to 1.14.0 (#1768982) for Python 3.9 support (#1788494) - Drop old obsoletes for platform-python-six python-cffi [1.14.3-2] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [1.14.3-1] - Update to 1.14.3 [1.14.2-1] - Update to 1.14.2 (#1869032) [1.14.1-1] - Update to 1.14.1 - Fixes: rhbz#1860698 - Fixes: rhbz#1865276 [1.14.0-2] - Rebuilt for Python 3.9 [1.14.0] - Update to 1.14.0 (#1800646) python-cryptography [3.3.1-2] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [3.3.1-1] - Update to 3.3.1 (#1905756) [3.2.1-1] - Update to 3.2.1 (#1892153) [3.2-1] - Update to 3.2 (#1891378) [3.1-1] - Update to 3.1 (#1872978) [3.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [3.0-1] - Update to 3.0 (#185897) python-idna [2.10-3] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [2.10-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [2.10-1] - Update to 2.10 (#1851653) [2.9-2] - Rebuilt for Python 3.9 [2.9-1] - Update to 2.9 (#1803654) python-lxml [4.6.5-1] - Update to 4.6.5 - Security fix for CVE-2021-43818 Resolves: rhbz#2032569 [4.6.2-3] - Security fix for CVE-2021-28957 Resolves: rhbz#1941534 [4.6.2-2] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [4.6.2-1] - Update to 4.6.2 - Fixes CVE-2020-27783 and another vulnerability in the HTML Cleaner - Fixes: rhbz#1855415 - Fixes: rhbz#1901634 [4.5.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [4.5.1-1] - Update to 4.5.1 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-43818 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:linux:8::codeready_builder_developer Oracle Linux 8 numpy [1.17.3-6] - Adjusted the postun scriptlets to enable upgrading to RHEL 9 - Resolves: rhbz#1933055 python38 [3.8.12-1] - Update to 3.8.12 Resolves: rhbz#2004587 [3.8.11-1] - Update to 3.8.11 - Fix for CVE-2021-3733 and CVE-2021-3737 Resolves: rhbz#1995234, rhbz#1995162 python3x-pip [19.3.1-5] - Remove bundled windows executables - Resolves: rhbz#2006789 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-3733 CVE-2021-3737 CVE-2022-0391 CVE-2021-43818 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:linux:8::codeready_builder_developer Oracle Linux 8 [1:6.4.7.2-10.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. [1:6.4.7.2-10] - Related: rhbz#2029810 bump n-v-r [1:6.4.7.2-9] - Related: rhbz#2029810 set NoDisplay=true for .desktop on s390x/aarch64 - Related: rhbz#2029810 dont Require any vclplug for s390x/aarch64 [1:6.4.7.2-8] - Resolves: rhbz#2029810 enable make check on s390x [1:6.4.7.2-7] - Resolves: rhbz#2013858 CVE-2021-25633 - Resolves: rhbz#2014215 CVE-2021-25634 - Resolves: rhbz#2014209 CVE-2021-25635 [1:6.4.7.2-6] - Resolves: rhbz#1980800 allow convert to csv to write each sheet to separate file - Resolves: rhbz#1992695 two style tags where there should be one MODERATE Copyright 2022 Oracle, Inc. CVE-2021-25633 CVE-2021-25634 CVE-2021-25635 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [2.34.6-1] - Update to 2.34.6 Related: #1985042 [2.34.5-1] - Update to 2.34.5 - Related: #1985042 [2.34.4-1] - Update to 2.34.4 - Resolves: #1985042 [2.32.4-1] - Update to 2.32.4 - Related: #1985042 - Resolves: #2006429 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-30889 CVE-2022-22637 CVE-2021-30848 CVE-2021-30884 CVE-2021-30890 CVE-2021-30818 CVE-2021-30823 CVE-2021-30849 CVE-2021-30851 CVE-2021-30888 CVE-2021-30897 CVE-2021-30809 CVE-2021-30846 CVE-2021-30953 CVE-2021-30951 CVE-2021-30984 CVE-2022-22589 CVE-2022-22592 CVE-2021-30952 CVE-2021-45482 CVE-2021-30836 CVE-2021-30934 CVE-2021-30954 CVE-2022-22590 CVE-2022-22594 CVE-2021-30887 CVE-2021-45483 CVE-2022-22620 CVE-2021-30936 CVE-2021-45481 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [7.5.11-2] - resolve CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache - resolve CVE-2021-43813 grafana: directory traversal vulnerability for *.md files [7.5.11-1] - update to 7.5.11 tagged upstream community sources, see CHANGELOG - resolve CVE-2021-39226 [7.5.10-1] - update to 7.5.10 tagged upstream community sources, see CHANGELOG LOW Copyright 2022 Oracle, Inc. CVE-2021-43813 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1.8.7-1] - Rebase to 1.8.7 (#2041972) [1.8.6-1] - Rebase to 1.8.6 (#2010533) [1.8.5-6] - Fix CVE-2021-41133 (#2012869) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-43860 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 buildah [1.19.9-3] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 (https://github.com/containers/buildah/commit/3808e27) - Resolves: #2067540 container-selinux [2:2.178.0-2] - remove conflict on udica - we still ship udica 2.4 in 3.0-8.6.0 - Related: #2067540 [2:2.178.0-1] - update to https://github.com/containers/container-selinux/releases/tag/v2.178.0 - Related: #2001445 crun [0.18-3] - fix CVE-2022-27650 - Resolves: #2067565 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-27650 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 go-toolset [1.18.3-1] - Update to golang 1.18.3 golang [1.18.3-1.0.1] - Rebase to 1.18.3 by adding upstream patches to the 1.18.0 openssl-fips - Modify Patch51852 to remove portions already upstream - Use base_version to distinguish the version of the tarball from the final version - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [1.18.1-2.0.1] - Rebase to 1.18.0 openssl-fips - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [1.17.10-1.0.1] - Add patches between Go 1.17.7 and Go 1.17.10 - Rename base_versn to base_version - Remove unneeded patches from previous version - Remove Patch2028662 because that patch is also upstream now - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> delve [1.8.3-1.0.1] - Bump version of delve from 1.7.2 to 1.8.3 [1.7.2-1.0.1] - Bump version of delve from 1.6.0 to 1.7.2, enable aarch64 [1.6.0-1.0.1] - Bump upstream version of delve from 1.5.0 to 1.6.0 [1.5.0-2.0.1] - Cherry pick 05508ea98055bcb5418d2dc83893af4eb044d151: + Disable DWARF compression which has issues (Alex Burmashev) + By David Sloboda <david.x.sloboda@oracle.com> [1.5.0-2] - Add golang-1.15.4 related patch - Resolves: rhbz#1901189 [1.5.0-1] - Rebase to 1.5.0 - Related: rhbz#1870531 [1.4.1-1] - Rebase to 1.4.1 - Resolves: rhbz#1821281 - Related: rhbz#1820596 [1.4.0-2] - Change i686 to a better macro - Related: rhbz#1820596 [1.4.0-1] - Rebase to 1.4.0 - Remove Patch1781 - Related: rhbz#1820596 [1.3.2-3] - Resolves: rhbz#1758612 - Resolves: rhbz#1780554 - Add patch: 1781-pkg-terminal-Fix-exit-status.patch [1.3.2-2] - Added tests - Related: rhbz#1758612 [1.3.2-1] - First package for RHEL - Related: rhbz#1758612 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-28327 CVE-2022-30580 CVE-2022-30629 CVE-2022-24675 CVE-2022-27536 CVE-2022-29804 CVE-2022-30634 CVE-2022-29526 cpe:/a:oracle:linux:8::developer Oracle Linux 8 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-30269 CVE-2022-30634 CVE-2022-29804 CVE-2022-30580 cpe:/a:oracle:linux:8::developer Oracle Linux 8 [5.15.2-4] - Fix out-of-bounds write in QOutlineMapper::convertPath Resolves: bz#1996877 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-38593 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [0.26-7] - Fix stack exhaustion issue in the printIFDStructure function Resolves: bz#2003669 MODERATE Copyright 2022 Oracle, Inc. CVE-2020-18898 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [0.2.4-1] - Update to 0.2.4 Resolves: #1997941 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-39358 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8::distro_builder cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [12:0.60.6.1-22] - resolves: #1988497 fix CVE-2019-25051 MODERATE Copyright 2022 Oracle, Inc. CVE-2019-25051 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:linux:8::codeready_builder_developer Oracle Linux 8 [4.0.9-21] - Fix CVE-2020-19131 (#2006535) MODERATE Copyright 2022 Oracle, Inc. CVE-2020-19131 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [3.32.2-44] - Fix more JS warnings Resolves: #2025940 [3.32.2-43] - Backport fix for CVE-2020-17489 Resolves: #1874259 [3.32.2-42] - Backport WPA3 support Resolves: #1924593 [3.32.2-41] - Add bugs introduced in backport for #1651378 Related: #2000918 - Tidy up patch list a bit LOW Copyright 2022 Oracle, Inc. CVE-2020-17489 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 delve [1.7.2-1.0.1] - Disable DWARF compression which has issues (Alex Burmashev) [1.7.2-1] - Rebase to 1.7.2 - Related: rhbz#2014088 golang [1.17.7-1] - Rebase to Go 1.17.7 - Remove fips memory leak patch (fixed in tree) - Resolves: rhbz#2015930 go-toolset [1.17.7-1] - Rebase to Go 1.17.7 - Remove fips memory leak patch (fixed in tree) - Resolves: rhbz#2015930 [1.17.5-1] - Rebase to Go 1.17.5 - Resolves: rhbz#2031112 [1.17.4-1] - Rebase Go to 1.17.4 - Add vdso_s390x_gettime patch - Add remove_waitgroup_misuse_tests patch - Related: rhbz#2014088 - Resolves: rhbz#2028570 - Resolves: rhbz#2022828 - Resolves: rhbz#2024686 - Resolves: rhbz#2028662 [1.17.2-1] - Rebase to Go 1.17.2 - Rebase to Delve 1.7.2 - Resolves: rhbz#2014088 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-38297 CVE-2021-41771 CVE-2022-23772 CVE-2022-23806 CVE-2021-41772 CVE-2021-39293 CVE-2022-23773 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.9.0-9] - Fix LVM-VDO statistics tests (#2023880,#2025483) - Fix GError ownership (#1999149) [2.9.0-8] - CVE-2021-3802: Harden the default mount options for ext filesystems (#2004422) LOW Copyright 2022 Oracle, Inc. CVE-2021-3802 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 babel [9.0.3-19] - Remove bundled windows executables - Resolves: rhbz#2006792 python2 [2.7.18-10.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [2.7.18-10] - Security fix for CVE-2022-0391: urlparse does not sanitize URLs containing ASCII newline and tabs Resolves: rhbz#2047376 [2.7.18-9] - Security fix for CVE-2021-4189: ftplib should not use the host from the PASV response Resolves: rhbz#2036020 [2.7.18-8] - Security fixes for CVE-2021-3737 and CVE-2021-3733 Resolves: rhbz#1995162 and rhbz#1995234 python2-setuptools [39.0.1-13] - When building for Flatpak inclusion, build in bootstrap mode Resolves: rhbz#1907597 python2-six [1.11.0-6] - Rename component name to python2-six, clean specfile and remove bconds - Resolves: rhbz#1908300 [1.11.0-5] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [1.11.0-4] - Run tests only of the Python versions that are actually built [1.11.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [1.11.0-2] - Removed and obsoleted the platform-python subpackage [1.11.0-1] - Update to 1.11.0 python-backports [1.0-16] - Update python macros to python2 versioned macros - Issue found when rebuilding the python27 module to include CVE fixes - Related: rhbz#1883890 rhbz#1883258 python-backports-ssl_match_hostname [3.5.0.1-12] - Remove unversioned Provides - Resolves: rhbz#1908300 python-chardet [3.0.4-10] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [3.0.4-9] - Remove unversioned binaries from python2 subpackage - Resolves: rhbz#1613343 [3.0.4-8] - Switch python3 conditions to bcond [3.0.4-7] - First version for python27 module python-idna [2.5-7] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-3733 CVE-2021-43818 CVE-2022-0391 CVE-2021-3737 CVE-2021-4189 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 Oracle Linux 8 cjose [0.6.1-2] - fix concatkdf big endian architecture problem. Upstream issue #77. [0.6.1-1] - upgrade to latest upstream 0.6.1 [0.5.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [0.5.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [0.5.1-1] - Initial packaging mod_auth_openidc [2.3.7-11] - Resolves: rhbz#1987222 - CVE-2021-32792 XSS when using OIDCPreservePost On [2.3.7-10] - Resolves: rhbz#1987216 - CVE-2021-32791 hardcoded static IV and AAD with a reused key in AES GCM encryption [rhel-8] (edit) [2.3.7-9] - Resolves: rhbz#2001853 - CVE-2021-39191 open redirect by supplying a crafted URL in the target_link_uri parameter MODERATE Copyright 2022 Oracle, Inc. CVE-2021-32786 CVE-2021-32792 CVE-2021-39191 CVE-2021-32791 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_beta cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [10.19-2] - Add missing files into file section of server package postgresql-setup v8.6 newly provides postgresql-upgrade MODERATE Copyright 2022 Oracle, Inc. CVE-2021-23214 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [0.27.5-2] - Remove RPATH Resolves: bz#2018422 [0.27.5-1] - Exiv2 0.27.5 Resolves: bz#2018422 Fix stack exhaustion issue in the printIFDStructure function leading to DoS Resolves: bz#2003673 MODERATE Copyright 2022 Oracle, Inc. CVE-2020-18898 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:linux:8::codeready_builder_developer Oracle Linux 8 jss [4.9.3-1] - Rebase to JSS 4.9.3 - Bug 2046022 - CVE-2021-4213 pki-core:10.6/jss: memory leak in TLS connection leads to OOM [rhel-8] [4.9.2-1] - Rebase to JSS 4.9.2 ldapjdk [4.23.0-1] - Rebase to LDAP SDK 4.23.0 [4.23.0-0.1] - Rebase to LDAP SDK 4.23.0-alpha1 pki-core [10.12.0-2.0.1] - Remove upstream reference. [10.12.0-2] - Bug 2027470 - pki-healthcheck ClonesConnectivyAndDataCheck fails [10.12.0-0.1] - Rebase to PKI 10.12.0 - Bug 1904112 - pki fails to start if empty dir /var/lib/pki/pki-tomcat/kra exists - Bug 1984455 - [RFE] Date Format on the TPS Agent Page - Bug 1980378 - 'keyctl_search: Required key not available' message when running 'ipa-healthcheck' - Bug 2004084 - Reinstall of the same ipa-replica fails with 'RuntimeError: CA configuration failed.' - Bug 2006070 - Upgrades incorrectly add secret attribute to connectors MODERATE Copyright 2022 Oracle, Inc. CVE-2021-4213 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 httpcomponents-client [4.5.10-4] - Fix incorrect handling of malformed authority component in request URIs - Resolves: CVE-2020-13956 maven [1:3.6.2-7] - Add maven-openjdk17 - Resolves: rhbz#1991521 MODERATE Copyright 2022 Oracle, Inc. CVE-2020-13956 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::ovirt45_extras cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 MODERATE Copyright 2022 Oracle, Inc. CVE-2020-13956 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_beta cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [13.5-1] - Rebase to 13.5 Resolves: #2023294 LOW Copyright 2022 Oracle, Inc. CVE-2021-23222 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 rust [1.58.1-1] - Update to 1.58.1. [1.58.0-1] - Update to 1.58.0. [1.57.0-1] - Update to 1.57.0. [1.56.1-2] - Add rust-std-static-wasm32-wasi Resolves: rhbz#1980080 [1.56.0-1] - Update to 1.56.1. [1.55.0-1] - Update to 1.55.0. - Backport support for LLVM 13. [1.54.0-2] - Make std-static-wasm* arch-specific to avoid s390x. [1.54.0-1] - Update to 1.54.0. [1.53.0-2] - Use llvm-ranlib to fix wasm archives. [1.53.0-1] - Update to 1.53.0. [1.52.1-2] - Set rust.codegen-units-std=1 for all targets again. - Add rust-std-static-wasm32-unknown-unknown. [1.52.1-1] - Update to 1.52.1. Includes security fixes for CVE-2020-36323, CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162. [1.51.0-1] - Update to 1.51.0. Update to 1.51.0. Includes security fixes for CVE-2021-28875 and CVE-2021-28877. [1.50.0-1] - Update to 1.50.0. [1.49.0-1] - Update to 1.49.0. [1.48.0-1] - Update to 1.48.0. [1.47.0-1] - Update to 1.47.0. [1.46.0-1] - Update to 1.46.0. [1.45.2-1] - Update to 1.45.2. [1.45.0-1] - Update to 1.45.0. [1.44.1-1] - Update to 1.44.1. [1.43.1-1] - Update to 1.43.1. [1.43.0-1] - Update to 1.43.0. [1.42.0-1] - Update to 1.42.0. [1.41.1-1] - Update to 1.41.1. [1.41.0-1] - Update to 1.41.0. [1.40.0-1] - Update to 1.40.0. - Fix compiletest with newer (local-rebuild) libtest - Build compiletest with in-tree libtest - Fix ARM EHABI unwinding [1.39.0-2] - Fix a couple build and test issues with rustdoc. [1.39.0-1] - Update to 1.39.0. [1.38.0-1] - Update to 1.38.0. [1.37.0-1] - Update to 1.37.0. - Disable libssh2 (git+ssh support). [1.36.0-1] - Update to 1.36.0. [1.35.0-2] - Fix compiletest for rebuild testing. [1.35.0-1] - Update to 1.35.0. [1.34.2-1] - Update to 1.34.2 -- fixes CVE-2019-12083. [1.34.1-1] - Update to 1.34.1. [1.34.0-1] - Update to 1.34.0. [1.33.0-1] - Update to 1.33.0. [1.32.0-1] - Update to 1.32.0. [1.31.0-5] - Restore rust-lldb. [1.31.0-4] - Backport fixes for rls. [1.31.0-3] - Update to 1.31.0 -- Rust 2018! - clippy/rls/rustfmt are no longer -preview [1.30.1-2] - Update to 1.30.1. [1.29.2-1] - Update to 1.29.2. [1.28.0-1] - Update to 1.28.0. [1.27.2-1] - Update to 1.27.2. [1.26.2-12] - Fix 'fp' target feature for AArch64 (#1632880) [1.26.2-11] - Security fix for str::repeat (pending CVE). [1.26.2-10] - Rebuild without bootstrap binaries. [1.26.2-9] - Bootstrap without SCL packaging. (rhbz1635067) [1.26.2-8] - Use python3 prefix for lldb Requires [1.26.2-7] - Build with platform-python [1.26.2-6] - Exclude rust-src from auto-requires [1.26.2-5] - Rebuild without bootstrap binaries. [1.26.2-4] - Bootstrap as a module. [1.26.2-3] - Update to 1.26.2. [1.26.1-2] - Update to 1.26.1. [1.26.0-1] - Update to 1.26.0. [1.25.0-2] - Filter codegen-backends from Provides too. [1.25.0-1] - Update to 1.25.0. - Add rustfmt-preview as a subpackage. [1.24.0-1] - Update to 1.24.0. [1.23.0-2] - Rebuild without bootstrap binaries. [1.23.0-1] - Bootstrap 1.23 on el8. rust-toolset [1.58.1-1] - Update to Rust and Cargo 1.58.1. [1.58.0-1] - Update to Rust and Cargo 1.58.0. [1.57.0-1] - Update to Rust and Cargo 1.57.0. [1.56.1-1] - Update to Rust and Cargo 1.56.1. [1.55.0-1] - Update to Rust and Cargo 1.55.0. MODERATE Copyright 2022 Oracle, Inc. CVE-2022-21658 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1.1-6.0.1] - Increase db_max_size to 100M [1.1-6] - CVE-2022-1117 fapolicyd: fapolicyd wrongly prepares ld.so path Resolves: rhbz#2069120 [1.1-4] RHEL 8.6.0 ERRATUM - fapolicyd denies access to /usr/lib64/ld-2.28.so Resolves: rhbz#2066300 [1.1-1] RHEL 8.6.0 ERRATUM - rebase to 1.1 Resolves: rhbz#1939379 - introduce rules.d feature Resolves: rhbz#2054741 - remove pretrans scriptlet Resolves: rhbz#2051485 [1.0.4-2] RHEL 8.6.0 ERRATUM - rebase to 1.0.4 - added rpm_sha256_only option - added trust.d directory - allow file names with whitespace in trust files - use full paths in trust files Resolves: rhbz#1939379 - fix libc.so getting identified as application/x-executable Resolves: rhbz#1989272 - fix fapolicyd-dnf-plugin reporting as '<invalid>' Resolves: rhbz#1997414 - fix selinux DSP module definition in spec file Resolves: rhbz#2014445 [1.0.2-7] - fapolicyd abnormally exits by executing sosreport - fixed multiple problems with unlink() - fapolicyd breaks system upgrade, leaving system in dead state - complete fix Resolves: rhbz#1943251 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1117 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 mod_http2 [1.15.7-5] - Resolves: #2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference or SSRF in forward proxy configurations [1.15.7-4] - Resolves: #1966728 - CVE-2021-33193 httpd:2.4/mod_http2: httpd: Request splitting via HTTP/2 method injection and mod_proxy mod_md MODERATE Copyright 2022 Oracle, Inc. CVE-2021-36160 CVE-2021-44224 CVE-2020-35452 CVE-2021-33193 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 xorg-x11-server [1.20.11-5] - Fix crash with NVIDIA proprietary driver with Present (#2046329) [1.20.11-4] - CVE fix for: CVE-2021-4008 (#2030162), CVE-2021-4009 (#2030172), CVE-2021-4010 (#2030175), CVE-2021-4011 (#2030181) [1.20.11-3] - xf86/logind Fix drm_drop_master before vt_reldis Resolves: #1771863 xorg-x11-server-Xwayland [21.1.3-2] - CVE fix for: CVE-2021-4008 (#2038066), CVE-2021-4009 (#2038068), CVE-2021-4010 (#2038071), CVE-2021-4011 (#2038073) [21.1.3-1] - Rebase to 21.1.3 (rhbz#2015842) - Prefer EGLstream if both EGLstream and GBM are usable MODERATE Copyright 2022 Oracle, Inc. CVE-2021-4010 CVE-2021-4011 CVE-2021-4008 CVE-2021-4009 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [5.15.2-4] - Fix out-of-bound write that may lead to DoS Resolves: bz#2038487 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-45930 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.1.5-8] - Fix DBus policy restrictions (#2028350, CVE-2021-44225) [2.1.5-7] - Fix log-facility option (#197716) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-44225 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [4.2.3-4] - Security fix for CVE-2021-43818 Resolves: rhbz#2032569 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-43818 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 Oracle Linux 8 [0.14.0-12.1] - Resolves: rhbz#1986805 - CVE-2021-3639 mod_auth_mellon: Open Redirect vulnerability in logout URLs [rhel-8] MODERATE Copyright 2022 Oracle, Inc. CVE-2021-3639 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 libzip [1.6.1-1] - update to 1.6.1 - enable lzma support php-pear [1:1.10.12-1] - update PEAR to 1.10.12 - update Archive_Tar to 1.4.9 - update Console_Getopt to 1.4.3 - update XML_Util to 1.4.5 php-pecl-apcu [5.1.18-1] - update to 5.1.18 php-pecl-rrd php-pecl-xdebug [2.9.5-1] - update to 2.9.5 php-pecl-zip [1.18.2-1] - update to 1.18.2 php [7.4.19-2] - fix SSRF bypass in FILTER_VALIDATE_URL CVE-2021-21705 - fix Local privilege escalation via PHP-FPM CVE-2021-21703 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-21703 CVE-2021-21705 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 libecap squid [7:4.15-3] - Resolves: #1941506 - CVE-2021-28116 squid:4/squid: out-of-bounds read in WCCP protocol data may lead to information disclosure [7:4.15-2] - Resolves: #2006121 - SQUID shortens FTP Link wrong that contains a semi-colon and as a result is not able to download zip file.CODE 404 TO CLIENT) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-28116 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [1:2.3.16-2] - do not disable xz/lzma for now despite being deprecated [1:2.3.16-1] - dovecot updated to 2.3.16, pigeonhole to 0.5.16 - fix CVE-2021-33515 plaintext commands injection (#1980014) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-33515 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 cairo [1.15.12-6] - Fix CVE reference test (#1908113) [1.15.12-5] - Add reference test to CVE fix (#1908113) [1.15.12-4] - Fix CVE-2020-35492 (#1908113) pixman [0.38.4-2] - Backport the pixman part of cairo CVE-2020-35492 MODERATE Copyright 2022 Oracle, Inc. CVE-2020-35492 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 Oracle Linux 8 [6.4.24-1] - Update to fetchmail-6.4.24 (fixes CVE-2021-36386 and CVE-2021-39272) Resolves: #1999275, #2002698 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-36386 CVE-2021-39272 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [1.0.28-12] - fix heap buffer overflow in flac (#2030507) [1.0.28-11] - a crafted wav file could cause heap buffer overflow that allowed an arbitrary code execution(#1985028) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-4156 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [3.6.8-45.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-45] - Security fix for CVE-2021-4189: ftplib should not use the host from the PASV response Resolves: rhbz#2036020 [3.6.8-44] - Use the monotonic clock for theading.Condition - Use the monotonic clock for the global interpreter lock Resolves: rhbz#2003758 [3.6.8-43] - Change shouldRollover() methods of logging.handlers to only rollover regular files Resolves: rhbz#2009200 [3.6.8-42] - Security fix for CVE-2021-3737 Resolves: rhbz#1995162 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-3737 CVE-2021-4189 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:6:baseos_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::distro_builder Oracle Linux 8 [4.18.0-372.9.1.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-11.0.5 [4.18.0-372.9.1] - scsi: qedi: Fix failed disconnect handling (Chris Leech) [2071519] - scsi: iscsi: Fix unbound endpoint error handling (Chris Leech) [2071519] - scsi: iscsi: Fix conn cleanup and stop race during iscsid restart (Chris Leech) [2071519] - scsi: iscsi: Fix endpoint reuse regression (Chris Leech) [2071519] - scsi: iscsi: Release endpoint ID when its freed (Chris Leech) [2071519] - scsi: iscsi: Fix offload conn cleanup when iscsid restarts (Chris Leech) [2071519] - Revert 'scsi: iscsi: Fix offload conn cleanup when iscsid restarts' (Chris Leech) [2071519] - scsi: iscsi: Speed up session unblocking and removal (Chris Leech) [2071519] - scsi: iscsi: Fix recovery and unblocking race (Chris Leech) [2071519] - scsi: iscsi: Unblock session then wake up error handler (Chris Leech) [2071519] - bnxt_en: make hw-tc-offload default to off (Ken Cox) [2005101] - bnxt_en: reject indirect blk offload when hw-tc-offload is off (Ken Cox) [2005101] [4.18.0-372.8.1] - esp6: fix check on ipv6_skip_exthdrs return value (Sabrina Dubroca) [2054075] - scsi: iscsi: Fix nop handling during conn recovery (Chris Leech) [2069969] - scsi: iscsi: Merge suspend fields (Chris Leech) [2069969] - scsi: iscsi: Fix offload conn cleanup when iscsid restarts (Chris Leech) [2069969] - scsi: iscsi: Move iscsi_ep_disconnect (Chris Leech) [2069969] - CI: Remove deprecated option (Veronika Kabatova) [4.18.0-372.7.1] - netfilter: nf_tables_offload: incorrect flow offload action array size (Florian Westphal) [2056728] {CVE-2022-25636} - netfilter: nftables_offload: KASAN slab-out-of-bounds Read in nft_flow_rule_create (Florian Westphal) [2056728] - KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255 (Bandan Das) [2033068] - PCI/ACPI: Fix acpi_pci_osc_control_set() kernel-doc comment (Mark Langsdorf) [2049209] - PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (Mark Langsdorf) [2049209] - PCI/ACPI: Move _OSC query checks to separate function (Mark Langsdorf) [2049209] - PCI/ACPI: Move supported and control calculations to separate functions (Mark Langsdorf) [2049209] - PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (Mark Langsdorf) [2049209] - kabi: Adding symbol blkdev_get_by_dev (fs/block_dev.c) (cestmir Kalina) [2010296] - kabi: Adding symbol thaw_bdev (fs/block_dev.c) (cestmir Kalina) [2010296] - kabi: Adding symbol freeze_bdev (fs/block_dev.c) (cestmir Kalina) [2010296] - s390/cio: make ccw_device_dma_* more robust (Thomas Huth) [2066709] - perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (Michael Petlan) [2069237] - redhat: switch secureboot kernel image signing to release keys (Augusto Caringi) - ice: xsk: Stop Rx processing when ntc catches ntu (Ivan Vecera) [2069082] - ice: xsk: Fix indexing in ice_tx_xsk_pool() (Ivan Vecera) [2069082] - ice: Fix kernel crash in XDP scenario (Ivan Vecera) [2069082] [4.18.0-372.6.1] - configs: enable CONFIG_RMI4_F3A (Benjamin Tissoires) [2067219] - Input: synaptics-rmi4 - add support for F3A (Benjamin Tissoires) [2067219] - RDMA/cma: Do not change route.addr.src_addr.ss_family (Kamal Heib) [2032074] {CVE-2021-4028} - drm/i915/adl_s: Remove require_force_probe protection (Michel Danzer) [2025896] - drm/i915/adl_s: Update ADL-S PCI IDs (Michel Danzer) [2025896] - drm/i915: Limit Wa_22010178259 to affected platforms (Michel Danzer) [2025896] - drm/i915/adl_s: Fix dma_mask_size to 39 bit (Michel Danzer) [2025896] - drm/i915/dmc: Update DMC to v2.14 on ADL-P (Michel Danzer) [2060051] - drm/i915: Update memory bandwidth formulae (Michel Danzer) [2060051] - drm/i915/fb: Fold modifier CCS type/tiling attribute to plane caps (Michel Danzer) [2060051] - drm/i915/fb: Dont store bitmasks in the intel_plane_caps enum (Michel Danzer) [2060051] - drm/i915/adl_p: Add ddc pin mapping (Michel Danzer) [2060051] - iommu/amd: Fix I/O page table memory leak (Jerry Snitselaar) [2053210] - iommu/amd: Recover from event log overflow (Jerry Snitselaar) [2053210] [4.18.0-372.5.1] - scsi: mpi3mr: Fix flushing !WQ_MEM_RECLAIM events warning (Tomas Henzl) [2052278] - scsi: mpi3mr: Fix memory leaks (Tomas Henzl) [2054814] - scsi: mpi3mr: Fix reporting of actual data transfer size (Tomas Henzl) [2054814] - scsi: mpi3mr: Fix cmnd getting marked as in use forever (Tomas Henzl) [2054814] - scsi: mpi3mr: Fix hibernation issue (Tomas Henzl) [2054814] - scsi: mpi3mr: Fix printing of pending I/O count (Tomas Henzl) [2054814] - scsi: mpi3mr: Fix deadlock while canceling the fw event (Tomas Henzl) [2054814] - scsi: mpi3mr: Fixes around reply request queues (Tomas Henzl) [2054814] - scsi: mpi3mr: Enhanced Task Management Support Reply handling (Tomas Henzl) [2054814] - scsi: mpi3mr: Use TM response codes from MPI3 headers (Tomas Henzl) [2054814] - scsi: mpi3mr: Increase internal cmnds timeout to 60s (Tomas Henzl) [2054814] - scsi: mpi3mr: Do access status validation before adding devices (Tomas Henzl) [2054814] - scsi: mpi3mr: Update MPI3 headers - part2 (Tomas Henzl) [2054814] - scsi: mpi3mr: Update MPI3 headers - part1 (Tomas Henzl) [2054814] - scsi: mpi3mr: Dont reset IOC if cmnds flush with reset status (Tomas Henzl) [2054814] - scsi: mpi3mr: Replace spin_lock() with spin_lock_irqsave() (Tomas Henzl) [2054814] - scsi: mpi3mr: Add debug APIs based on logging_level bits (Tomas Henzl) [2054814] - scsi: mpt3sas: Remove scsi_dma_map() error messages (Tomas Henzl) [2057021] - net/mlx5: Fix wrong limitation of metadata match on ecpf (Amir Tzin) [2049094] - nfsd: fix use-after-free due to delegation race (Thiago Becker) [2053262] - dma-buf: cma_heap: Fix mutex locking section (Michel Danzer) [2044440] - drm/amdkfd: Check for null pointer after calling kmemdup (Michel Danzer) [2044440] - drm/atomic: Check new_crtc_state->active to determine if CRTC needs disable in self refresh mode (Michel Danzer) [2044440] - drm/amd: avoid suspend on dGPUs w/ s2idle support when runtime PM enabled (Michel Danzer) [2044440] - drm/i915/overlay: Prevent divide by zero bugs in scaling (Michel Danzer) [2044440] - dma-buf: heaps: Fix potential spectre v1 gadget (Michel Danzer) [2044440] - drm/amd/display: Force link_rate as LINK_RATE_RBR2 for 2018 15 Apple Retina panels (Michel Danzer) [2044440] - drm/amd/display: watermark latencies is not enough on DCN31 (Michel Danzer) [2044440] - drm/amd/pm: correct the MGpuFanBoost support for Beige Goby (Michel Danzer) [2044440] - drm/i915/adlp: Fix TypeC PHY-ready status readout (Michel Danzer) [2044440] - drm/nouveau: fix off by one in BIOS boundary checking (Michel Danzer) [2044440] - drm/i915: Disable DSB usage for now (Michel Danzer) [2044440] - Revert 'drm/ast: Support 1600x900 with 108MHz PCLK' (Michel Danzer) [2044440] - drm/amd/display: Fix FP start/end for dcn30_internal_validate_bw. (Michel Danzer) [2044440] - drm/atomic: Add the crtc to affected crtc only if uapi.enable = true (Michel Danzer) [2044440] - drm/amdgpu: Use correct VIEWPORT_DIMENSION for DCN2 (Michel Danzer) [2044440] - drm/amd/display: reset dcn31 SMU mailbox on failures (Michel Danzer) [2044440] - drm/vmwgfx: Remove explicit transparent hugepages support (Michel Danzer) [2044440] - drm/radeon: fix error handling in radeon_driver_open_kms (Michel Danzer) [2044440] - drm/i915/display/ehl: Update voltage swing table (Michel Danzer) [2044440] - drm/nouveau/kms/nv04: use vzalloc for nv04_display (Michel Danzer) [2044440] - drm/amd/display: Fix the uninitialized variable in enable_stream_features() (Michel Danzer) [2044440] - amdgpu/pm: Make sysfs pm attributes as read-only for VFs (Michel Danzer) [2044440] - drm/amdgpu: fixup bad vram size on gmc v8 (Michel Danzer) [2044440] - drm/amd/amdgpu: fix gmc bo pin count leak in SRIOV (Michel Danzer) [2044440] - drm/amd/amdgpu: fix psp tmr bo pin count leak in SRIOV (Michel Danzer) [2044440] - drm/amdkfd: Fix error handling in svm_range_add (Michel Danzer) [2044440] - drm/vmwgfx: Introduce a new placement for MOB page tables (Michel Danzer) [2044440] - drm/vmwgfx: Release ttm memory if probe fails (Michel Danzer) [2044440] - drm/amd/display: add else to avoid double destroy clk_mgr (Michel Danzer) [2044440] - drm/amdgpu/display: set vblank_disable_immediate for DC (Michel Danzer) [2044440] - drm/amd/display: check top_pipe_to_program pointer (Michel Danzer) [2044440] - drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (Michel Danzer) [2044440] - drm/amd/display: Fix out of bounds access on DNC31 stream encoder regs (Michel Danzer) [2044440] - drm/amd/display: Fix bug in debugfs crc_win_update entry (Michel Danzer) [2044440] - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (Michel Danzer) [2044440] - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (Michel Danzer) [2044440] - drm/vmwgfx: Fail to initialize on broken configs (Michel Danzer) [2044440] - drm/vmwgfx: Remove the deprecated lower mem limit (Michel Danzer) [2044440] - drm/vboxvideo: fix a NULL vs IS_ERR() check (Michel Danzer) [2044440] - drm: fix null-ptr-deref in drm_dev_init_release() (Michel Danzer) [2044440] - drm/ttm: Put BO in its memory managers lru list (Michel Danzer) [2044440] - dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled() (Michel Danzer) [2044440] - drm/amd/display: explicitly set is_dsc_supported to false before use (Michel Danzer) [2044440] - drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (Michel Danzer) [2044440] - drm/amd/pm: keep the BACO feature enabled for suspend (Michel Danzer) [2044440] - Revert 'drm/amdgpu: stop scheduler when calling hw_fini (v2)' (Michel Danzer) [2044440] - drm/amd/display: Added power down for DCN10 (Michel Danzer) [2044440] - drm/amd/display: fix B0 TMDS deepcolor no dislay issue (Michel Danzer) [2044440] - drm/amdgpu: put SMU into proper state on runpm suspending for BOCO capable platform (Michel Danzer) [2044440] - drm/amd/pm: skip setting gfx cgpg in the s0ix suspend-resume (Michel Danzer) [2044440] - drm/amd/pm: Fix xgmi link control on aldebaran (Michel Danzer) [2044440] - drm/amdgpu: fix dropped backing store handling in amdgpu_dma_buf_move_notify (Michel Danzer) [2044440] - drm/amd/display: Changed pipe split policy to allow for multi-display pipe split (Michel Danzer) [2044440] - drm/amdgpu: add support for IP discovery gc_info table v2 (Michel Danzer) [2044440] - drm/amdgpu: When the VCN(1.0) block is suspended, powergating is explicitly enabled (Michel Danzer) [2044440] - drm/nouveau: wait for the exclusive fence after the shared ones v2 (Michel Danzer) [2044440] - drm/nouveau: always wait for the exclusive fence (Michel Danzer) [2044440] - drm/amd/display: Set optimize_pwr_state for DCN31 (Michel Danzer) [2044440] - drm/amd/display: Send s0i2_rdy in stream_count == 0 optimization (Michel Danzer) [2044440] - drm/amd/pm: fix reading SMU FW version from amdgpu_firmware_info on YC (Michel Danzer) [2044440] - drm/amdgpu: dont override default ECO_BITs setting (Michel Danzer) [2044440] - drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE (Michel Danzer) [2044440] - drm/amd/pm: fix a potential gpu_metrics_table memory leak (Michel Danzer) [2044440] - drm/amd/display: Set exit_optimized_pwr_state for DCN31 (Michel Danzer) [2044440] - drm/i915/display: Fix an unsigned subtraction which can never be negative. (Michel Danzer) [2044440] - drm/ast: potential dereference of null pointer (Michel Danzer) [2044440] - drm: simpledrm: fix wrong unit with pixel clock (Michel Danzer) [2044440] - Revert 'drm/fb-helper: improve DRM fbdev emulation device names' (Michel Danzer) [2044440] - drm/i915/hdmi: Turn DP++ TMDS output buffers back on in encoder->shutdown() (Michel Danzer) [2044440] - drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915 (Michel Danzer) [2044440] - drm/amdkfd: process_info lock not needed for svm (Michel Danzer) [2044440] - drm/amd/display: add connector type check for CRC source set (Michel Danzer) [2044440] - drm/amdkfd: fix double free mem structure (Michel Danzer) [2044440] - drm/amd/display: Fix for the no Audio bug with Tiled Displays (Michel Danzer) [2044440] - drm/amdgpu: check atomic flag to differeniate with legacy path (Michel Danzer) [2044440] - drm/amd/display: Fix DPIA outbox timeout after S3/S4/reset (Michel Danzer) [2044440] - drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence. (Michel Danzer) [2044440] - drm/i915/dp: Perform 30ms delay after source OUI write (Michel Danzer) [2044440] - drm/amd/display: Allow DSC on supported MST branch devices (Michel Danzer) [2044440] - dma-buf: system_heap: Use 'for_each_sgtable_sg' in pages free flow (Michel Danzer) [2044440] - drm/amd/amdgpu: fix potential memleak (Michel Danzer) [2044440] - drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again (Michel Danzer) [2044440] - drm/amd/pm: Remove artificial freq level on Navi1x (Michel Danzer) [2044440] - drm/amdgpu/gfx9: switch to golden tsc registers for renoir+ (Michel Danzer) [2044440] - drm/amd/display: Set plane update flags for all planes in reset (Michel Danzer) [2044440] - drm/amd/display: Fix DPIA outbox timeout after GPU reset (Michel Danzer) [2044440] - drm/aspeed: Fix vga_pw sysfs output (Michel Danzer) [2044440] - drm/nouveau/acr: fix a couple NULL vs IS_ERR() checks (Michel Danzer) [2044440] - drm/amd/display: Fix OLED brightness control on eDP (Michel Danzer) [2044440] - drm/amdgpu: IH process reset count when restart (Michel Danzer) [2044440] - drm/amd/pm: avoid duplicate powergate/ungate setting (Michel Danzer) [2044440] - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (Michel Danzer) [2044440] - drm/i915: Fix type1 DVI DP dual mode adapter heuristic for modern platforms (Michel Danzer) [2044440] - drm/i915/dp: Ensure max link params are always valid (Michel Danzer) [2044440] - drm/i915/dp: Ensure sink rate values are always valid (Michel Danzer) [2044440] - drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (Michel Danzer) [2044440] - drm/udl: fix control-message timeout (Michel Danzer) [2044440] - drm/amd/display: Limit max DSC target bpp for specific monitors (Michel Danzer) [2044440] - drm/amd/display: Update swizzle mode enums (Michel Danzer) [2044440] - drm/cma-helper: Release non-coherent memory with dma_free_noncoherent() (Michel Danzer) [2044440] - Revert 'drm/i915/tgl/dsi: Gate the ddi clocks after pll mapping' (Michel Danzer) [2044440] - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (Michel Danzer) [2044440] - x86/speculation: Check CPU capability before applying IBRS spectre v2 mitigation (Waiman Long) [2062156 2062166] {CVE-2022-0001 CVE-2022-0002 CVE-2021-26401} - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (Waiman Long) [2062156 2062166] {CVE-2022-0001 CVE-2022-0002 CVE-2021-26401} - x86/speculation: Warn about Spectre v2 LFENCE mitigation (Waiman Long) [2062156 2062166] {CVE-2022-0001 CVE-2022-0002 CVE-2021-26401} - x86/speculation: Update link to AMD speculation whitepaper (Waiman Long) [2062166] {CVE-2021-26401} - x86/speculation: Use generic retpoline by default on AMD (Waiman Long) [2062166] {CVE-2021-26401} - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Waiman Long) [2062156] {CVE-2022-0001 CVE-2022-0002} - Documentation/hw-vuln: Update spectre doc (Waiman Long) [2062156] {CVE-2022-0001 CVE-2022-0002} - x86/speculation: Add eIBRS + Retpoline options (Waiman Long) [2062156] {CVE-2022-0001 CVE-2022-0002} - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Waiman Long) [2062156] {CVE-2022-0001 CVE-2022-0002} - x86,bugs: Unconditionally allow spectre_v2=retpoline,amd (Waiman Long) [2062156] {CVE-2022-0001 CVE-2022-0002} - x86: deduplicate the spectre_v2_user documentation (Waiman Long) [2062156] {CVE-2022-0001 CVE-2022-0002} - fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) [2064863] {CVE-2022-1011} - ice: Do not enable VLAN pruning when spoofchk is enabled (Ivan Vecera) [2062343] - ice: dont allow to run ice_send_event_to_aux() in atomic ctx (Ivan Vecera) [2062343] - ice: fix 'scheduling while atomic' on aux critical err interrupt (Ivan Vecera) [2062343] - ice: Fix MAC address setting (Ivan Vecera) [2062343] - ice: Clear default forwarding VSI during release (Ivan Vecera) [2062343] - ice: Fix broken IFF_ALLMULTI handling (Ivan Vecera) [2062343] - iavf: Fix hang during reboot/shutdown (Ivan Vecera) [2062343] - iavf: Fix double free in iavf_reset_task (Ivan Vecera) [2062343] - ice: destroy flow director filter mutex after releasing VSIs (Ivan Vecera) [2062343] - ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() (Ivan Vecera) [2062343] - iavf: Fix adopting new combined setting (Ivan Vecera) [2062343] - iavf: Fix handling of vlan strip virtual channel messages (Ivan Vecera) [2062343] - iavf: Fix __IAVF_RESETTING state usage (Ivan Vecera) [2062343] - iavf: Fix missing check for running netdev (Ivan Vecera) [2062343] - iavf: Fix deadlock in iavf_reset_task (Ivan Vecera) [2062343] - iavf: Fix race in init state (Ivan Vecera) [2062343] - iavf: Fix locking for VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2_CAPS (Ivan Vecera) [2062343] - iavf: Fix init state closure on remove (Ivan Vecera) [2062343] - iavf: Add waiting so the port is initialized in remove (Ivan Vecera) [2062343] - iavf: Rework mutexes for better synchronisation (Ivan Vecera) [2062343] - iavf: remove an unneeded variable (Ivan Vecera) [2062343] - iavf: Fix limit of total number of queues to active queues of VF (Ivan Vecera) [2062343] - iavf: Restrict maximum VLAN filters for VIRTCHNL_VF_OFFLOAD_VLAN_V2 (Ivan Vecera) [2062343] - iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 offload enable/disable (Ivan Vecera) [2062343] - iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 hotpath (Ivan Vecera) [2062343] - iavf: Add support VIRTCHNL_VF_OFFLOAD_VLAN_V2 during netdev config (Ivan Vecera) [2062343] - iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 negotiation (Ivan Vecera) [2062343] - virtchnl: Add support for new VLAN capabilities (Ivan Vecera) [2062343] - virtchnl: Use the BIT() macro for capability/offload flags (Ivan Vecera) [2062343] - virtchnl: Remove unused VIRTCHNL_VF_OFFLOAD_RSVD define (Ivan Vecera) [2062343] - virtchnl: Add missing padding to virtchnl_proto_hdrs (Ivan Vecera) [2062343] - ice: Fix race condition during interface enslave (Ivan Vecera) [2062343] - ice: Fix curr_link_speed advertised speed (Ivan Vecera) [2062343] - ice: Dont use GFP_KERNEL in atomic context (Ivan Vecera) [2062343] - ice: Fix error with handling of bonding MTU (Ivan Vecera) [2062343] - ice: stop disabling VFs due to PF error responses (Ivan Vecera) [2062343] - ice: initialize local variable 'tlv' (Ivan Vecera) [2062343] - ice: check the return of ice_ptp_gettimex64 (Ivan Vecera) [2062343] - ice: fix concurrent reset and removal of VFs (Ivan Vecera) [2062343] - ice: fix setting l4 port flag when adding filter (Ivan Vecera) [2062343] - ice: Match on all profiles in slow-path (Ivan Vecera) [2062343] - ice: enable parsing IPSEC SPI headers for RSS (Ivan Vecera) [2062343] - ice: Avoid RTNL lock when re-creating auxiliary device (Ivan Vecera) [2062343] - ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (Ivan Vecera) [2062343] - ice: fix IPIP and SIT TSO offload (Ivan Vecera) [2062343] - ice: fix an error code in ice_cfg_phy_fec() (Ivan Vecera) [2062343] - ice: Use bitmap_free() to free bitmap (Ivan Vecera) [2062343] - ice: Optimize a few bitmap operations (Ivan Vecera) [2062343] - ice: Slightly simply ice_find_free_recp_res_idx (Ivan Vecera) [2062343] - ice: improve switchdevs slow-path (Ivan Vecera) [2062343] - ice: replay advanced rules after reset (Ivan Vecera) [2062343] - ice: Add flow director support for channel mode (Ivan Vecera) [2062343] - ice: trivial: fix odd indenting (Ivan Vecera) [2062343] - ice: support crosstimestamping on E822 devices if supported (Ivan Vecera) [2062343] - ice: exit bypass mode once hardware finishes timestamp calibration (Ivan Vecera) [2062343] - ice: ensure the hardware Clock Generation Unit is configured (Ivan Vecera) [2062343] - ice: implement basic E822 PTP support (Ivan Vecera) [2062343] - ice: convert clk_freq capability into time_ref (Ivan Vecera) [2062343] - ice: introduce ice_ptp_init_phc function (Ivan Vecera) [2062343] - ice: use 'int err' instead of 'int status' in ice_ptp_hw.c (Ivan Vecera) [2062343] - ice: PTP: move setting of tstamp_config (Ivan Vecera) [2062343] - ice: introduce ice_base_incval function (Ivan Vecera) [2062343] - ice: xsk: fix cleaned_count setting (Ivan Vecera) [2062343] - ice: xsk: allow empty Rx descriptors on XSK ZC data path (Ivan Vecera) [2062343] - ice: xsk: allocate separate memory for XDP SW ring (Ivan Vecera) [2062343] - ice: xsk: return xsk buffers back to pool when cleaning the ring (Ivan Vecera) [2062343] - ice: use modern kernel API for kick (Ivan Vecera) [2062343] - ice: tighter control over VSI_DOWN state (Ivan Vecera) [2062343] - ice: use prefetch methods (Ivan Vecera) [2062343] - ice: update to newer kernel API (Ivan Vecera) [2062343] - ice: support immediate firmware activation via devlink reload (Ivan Vecera) [2062343] - ice: reduce time to read Option ROM CIVD data (Ivan Vecera) [2062343] - ice: move ice_devlink_flash_update and merge with ice_flash_pldm_image (Ivan Vecera) [2062343] - ice: move and rename ice_check_for_pending_update (Ivan Vecera) [2062343] - ice: devlink: add shadow-ram region to snapshot Shadow RAM (Ivan Vecera) [2062343] - ice: Remove unused ICE_FLOW_SEG_HDRS_L2_MASK (Ivan Vecera) [2062343] - ice: Remove unnecessary casts (Ivan Vecera) [2062343] - ice: Propagate error codes (Ivan Vecera) [2062343] - ice: Remove excess error variables (Ivan Vecera) [2062343] - ice: Cleanup after ice_status removal (Ivan Vecera) [2062343] - ice: Remove enum ice_status (Ivan Vecera) [2062343] - ice: Use int for ice_status (Ivan Vecera) [2062343] - ice: Remove string printing for ice_status (Ivan Vecera) [2062343] - ice: Refactor status flow for DDP load (Ivan Vecera) [2062343] - ice: Refactor promiscuous functions (Ivan Vecera) [2062343] - ice: refactor PTYPE validating (Ivan Vecera) [2062343] - ice: Add package PTYPE enable information (Ivan Vecera) [2062343] - ice: safer stats processing (Ivan Vecera) [2062343] - ice: fix adding different tunnels (Ivan Vecera) [2062343] - ice: fix choosing UDP header type (Ivan Vecera) [2062343] - ice: ignore dropped packets during init (Ivan Vecera) [2062343] - ice: rearm other interrupt cause register after enabling VFs (Ivan Vecera) [2062343] - net/ice: Remove unused enum (Ivan Vecera) [2062343] - net/ice: Fix boolean assignment (Ivan Vecera) [2062343] - net/ice: Add support for enable_iwarp and enable_roce devlink param (Ivan Vecera) [2062343] - ice: avoid bpf_prog refcount underflow (Ivan Vecera) [2062343] - ice: fix vsi->txq_map sizing (Ivan Vecera) [2062343] - ice: Hide bus-info in ethtool for PRs in switchdev mode (Ivan Vecera) [2062343] - ice: Clear synchronized addrs when adding VFs in switchdev mode (Ivan Vecera) [2062343] - ice: fix error return code in ice_get_recp_frm_fw() (Ivan Vecera) [2062343] - ice: Fix clang -Wimplicit-fallthrough in ice_pull_qvec_from_rc() (Ivan Vecera) [2062343] - ice: Add support to print error on PHY FW load failure (Ivan Vecera) [2062343] - ice: Add support for changing MTU on PR in switchdev mode (Ivan Vecera) [2062343] - ice: send correct vc status in switchdev (Ivan Vecera) [2062343] - ice: support for GRE in eswitch (Ivan Vecera) [2062343] - ice: low level support for tunnels (Ivan Vecera) [2062343] - ice: VXLAN and Geneve TC support (Ivan Vecera) [2062343] - ice: support for indirect notification (Ivan Vecera) [2062343] - ice: Add tc-flower filter support for channel (Ivan Vecera) [2062343] - ice: enable ndo_setup_tc support for mqprio_qdisc (Ivan Vecera) [2062343] - ice: Add infrastructure for mqprio support via ndo_setup_tc (Ivan Vecera) [2062343] - ice: fix an error code in ice_ena_vfs() (Ivan Vecera) [2062343] - ice: use devm_kcalloc() instead of devm_kzalloc() (Ivan Vecera) [2062343] - ice: Make use of the helper function devm_add_action_or_reset() (Ivan Vecera) [2062343] - ice: Refactor PR ethtool ops (Ivan Vecera) [2062343] - ice: Forbid trusted VFs in switchdev mode (Ivan Vecera) [2062343] - ice: Manage act flags for switchdev offloads (Ivan Vecera) [2062343] - ice: introduce XDP_TX fallback path (Ivan Vecera) [2062343] - ice: optimize XDP_TX workloads (Ivan Vecera) [2062343] - ice: propagate xdp_ring onto rx_ring (Ivan Vecera) [2062343] - ice: do not create xdp_frame on XDP_TX (Ivan Vecera) [2062343] - ice: unify xdp_rings accesses (Ivan Vecera) [2062343] - ice: ndo_setup_tc implementation for PR (Ivan Vecera) [2062343] - ice: ndo_setup_tc implementation for PF (Ivan Vecera) [2062343] - ice: Allow changing lan_en and lb_en on all kinds of filters (Ivan Vecera) [2062343] - ice: cleanup rules info (Ivan Vecera) [2062343] - ice: allow deleting advanced rules (Ivan Vecera) [2062343] - ice: allow adding advanced rules (Ivan Vecera) [2062343] - ice: create advanced switch recipe (Ivan Vecera) [2062343] - ice: manage profiles and field vectors (Ivan Vecera) [2062343] - ice: implement low level recipes functions (Ivan Vecera) [2062343] - ice: add port representor ethtool ops and stats (Ivan Vecera) [2062343] - ice: switchdev slow path (Ivan Vecera) [2062343] - ice: rebuild switchdev when resetting all VFs (Ivan Vecera) [2062343] - ice: enable/disable switchdev when managing VFs (Ivan Vecera) [2062343] - ice: introduce new type of VSI for switchdev (Ivan Vecera) [2062343] - ice: set and release switchdev environment (Ivan Vecera) [2062343] - net: export metadata_dst_free() (Ivan Vecera) [2062343] - ice: allow changing lan_en and lb_en on dflt rules (Ivan Vecera) [2062343] - ice: manage VSI antispoof and destination override (Ivan Vecera) [2062343] - ice: allow process VF opcodes in different ways (Ivan Vecera) [2062343] - ice: introduce VF port representor (Ivan Vecera) [2062343] - ice: Move devlink port to PF/VF struct (Ivan Vecera) [2062343] - ice: support basic E-Switch mode control (Ivan Vecera) [2062343] - ethernet: use eth_hw_addr_set() for dev->addr_len cases (Ivan Vecera) [2062343] - ethernet: use eth_hw_addr_set() instead of ether_addr_copy() (Ivan Vecera) [2062343] - ice: Use xdp_buf instead of rx_buf for xsk zero-copy (Ivan Vecera) [2062343] - ice: fix FDIR init missing when reset VF (Ivan Vecera) [2062343] - intel: Remove rcu_read_lock() around XDP program invocation (Ivan Vecera) [2062343] - intel: Update drivers to use ethtool_sprintf (Ivan Vecera) [2062343] - ice: fix conversion to new udp_tunnel infrastructure (Ivan Vecera) [2062343] - intel-ethernet: clean up W=1 warnings in kdoc (Ivan Vecera) [2062343] - PCI: Use 'pci_channel_state_t' instead of 'enum pci_channel_state' (Ivan Vecera) [2062343] - treewide: Use sizeof_field() macro (Ivan Vecera) [2062343] - devlink: Add 'enable_iwarp' generic device param (Ivan Vecera) [2062343] - devlink: Add new 'enable_vnet' generic device param (Ivan Vecera) [2062343] - devlink: Add new 'enable_rdma' generic device param (Ivan Vecera) [2062343] - devlink: Add new 'enable_eth' generic device param (Ivan Vecera) [2062343] - gfs2: dequeue iopen holder in gfs2_inode_lookup error (Bob Peterson) [2061665] [4.18.0-372.4.1] - igb: refactor XDP registration (Corinna Vinschen) [2040171] - igc: avoid kernel warning when changing RX ring parameters (Corinna Vinschen) [2040171] - scsi: qedi: Fix cmd_cleanup_cmpl counter mismatch issue (Nilesh Javali) [2054565] - EDAC/amd64: Save max number of controllers for F19 M70 (Aristeu Rozanski) [2064285] - CI: Use 8.6-rt branch for r realtime_check (Chris White) - blk-mq: avoid extending delays of active hctx from blk_mq_delay_run_hw_queues (Ming Lei) [2046525] - tipc: fix incorrect order of state message data sanity check (Xin Long) [2048971] - tipc: improve size validations for received domain records (Xin Long) [2048971] {CVE-2022-0435} - efi/x86: Call efi_parse_options() from efi_main() (Lenny Szubowicz) [2049233] [4.18.0-372.3.1] - net/mlx5e: TC, Remove redundant error logging (Amir Tzin) [2023907] - net/mlx5: DR, Warn on failure to destroy objects due to refcount (Amir Tzin) [2022325] - net/mlx5: DR, Add support for dumping steering info (Amir Tzin) [2022325] - net/mlx5: DR, Add missing reserved fields to dr_match_param (Amir Tzin) [2022325] - net/mlx5: DR, Add check for flex parser ID value (Amir Tzin) [2022325] - net/mlx5: DR, Rename list field in matcher struct to list_node (Amir Tzin) [2022325] - net/mlx5: DR, Remove unused struct member in matcher (Amir Tzin) [2022325] - net/mlx5: DR, Fix error flow in creating matcher (Amir Tzin) [2022325] - net/mlx5e: Avoid implicit modify hdr for decap drop rule (Amir Tzin) [2015434] - net/mlx5e: TC, Fix memory leak with rules with internal port (Amir Tzin) [2015434] - net/mlx5e: Fix skb memory leak when TC classifier action offloads are disabled (Amir Tzin) [2015434] - net/mlx5: Fix some error handling paths in 'mlx5e_tc_add_fdb_flow()' (Amir Tzin) [2015434] - net/mlx5: E-Switch, Check group pointer before reading bw_share value (Amir Tzin) [2015434] - net/mlx5: E-Switch, fix single FDB creation on BlueField (Amir Tzin) [2015434] - net/mlx5: E-switch, Respect BW share of the new group (Amir Tzin) [2015434] - net/mlx5: DR, Fix check for unsupported fields in match param (Amir Tzin) [2015434] - net/mlx5: E-Switch, rebuild lag only when needed (Amir Tzin) [2015434] - net/mlx5e: Delete forward rule for ct or sample action (Amir Tzin) [2015434] - net/mlx5: E-Switch, Use indirect table only if all destinations support it (Amir Tzin) [2015434] - net/mlx5: Support internal port as decap route device (Amir Tzin) [2015434] - net/mlx5e: Term table handling of internal port rules (Amir Tzin) [2015434] - net/mlx5e: Add indirect tc offload of ovs internal port (Amir Tzin) [2015434] - net/{mlx5|nfp|bnxt}: Remove unnecessary RTNL lock assert (Amir Tzin) [2015434] - net/mlx5e: Offload internal port as encap route device (Amir Tzin) [2015434] - net/mlx5e: Offload tc rules that redirect to ovs internal port (Amir Tzin) [2015434] - net/mlx5e: Accept action skbedit in the tc actions list (Amir Tzin) [2015434] - net/mlx5: E-Switch, Add ovs internal port mapping to metadata support (Amir Tzin) [2015434] - net/mlx5e: Use generic name for the forwarding dev pointer (Amir Tzin) [2015434] - net/mlx5e: Refactor rx handler of represetor device (Amir Tzin) [2015434] - net/mlx5: DR, Add check for unsupported fields in match param (Amir Tzin) [2015434] - net/mlx5: Allow skipping counter refresh on creation (Amir Tzin) [2015434] - net/mlx5e: IPsec: Refactor checksum code in tx data path (Amir Tzin) [2015434] - net/mlx5: CT: Remove warning of ignore_flow_level support for VFs (Amir Tzin) [2015434] - net/mlx5: Add esw assignment back in mlx5e_tc_sample_unoffload() (Amir Tzin) [2015434] - net/mlx5: Bridge, fix uninitialized variable usage (Amir Tzin) [2015434] - net/mlx5: Lag, dont update lag if lag isnt supported (Amir Tzin) [2015434] - net/mlx5: E-switch, Return correct error code on group creation failure (Amir Tzin) [2015434] - net/mlx5: Bridge, support LAG (Amir Tzin) [2015434] - net/mlx5: Bridge, allow merged eswitch connectivity (Amir Tzin) [2015434] - net/mlx5: Bridge, extract FDB delete notification to function (Amir Tzin) [2015434] - net/mlx5: Bridge, identify port by vport_num+esw_owner_vhca_id pair (Amir Tzin) [2015434] - net/mlx5: Bridge, obtain core device from eswitch instead of priv (Amir Tzin) [2015434] - net/mlx5: Bridge, release bridge in same function where it is taken (Amir Tzin) [2015434] - net/mlx5: Lag, Create shared FDB when in switchdev mode (Amir Tzin) [2015434] - net/mlx5: E-Switch, add logic to enable shared FDB (Amir Tzin) [2015434] - net/mlx5: Lag, properly lock eswitch if needed (Amir Tzin) [2015434] - net/mlx5: Add send to vport rules on paired device (Amir Tzin) [2015434] - net/mlx5: E-Switch, Add event callback for representors (Amir Tzin) [2015434] - net/mlx5e: Use shared mappings for restoring from metadata (Amir Tzin) [2015434] - net/mlx5e: Add an option to create a shared mapping (Amir Tzin) [2015434] - net/mlx5: E-Switch, set flow source for send to uplink rule (Amir Tzin) [2015434] - RDMA/mlx5: Add shared FDB support (Amir Tzin) [2015434] - {net, RDMA}/mlx5: Extend send to vport rules (Amir Tzin) [2015434] - RDMA/mlx5: Fill port info based on the relevant eswitch (Amir Tzin) [2015434] - net/mlx5: Lag, add initial logic for shared FDB (Amir Tzin) [2015434] - net/mlx5: Return mdev from eswitch (Amir Tzin) [2015434] - net/mlx5: E-switch, Add QoS tracepoints (Amir Tzin) [2015434] - net/mlx5: E-switch, Allow to add vports to rate groups (Amir Tzin) [2015434] - net/mlx5: E-switch, Allow setting share/max tx rate limits of rate groups (Amir Tzin) [2015434] - net/mlx5: E-switch, Introduce rate limiting groups API (Amir Tzin) [2015434] - net/mlx5: E-switch, Enable devlink port tx_{share|max} rate control (Amir Tzin) [2015434] - net/mlx5: E-switch, Move QoS related code to dedicated file (Amir Tzin) [2015434] - net/mlx5e: TC, Support sample offload action for tunneled traffic (Amir Tzin) [2015434] - net/mlx5e: TC, Restore tunnel info for sample offload (Amir Tzin) [2015434] - net/mlx5e: TC, Remove CONFIG_NET_TC_SKB_EXT dependency when restoring tunnel (Amir Tzin) [2015434] - net/mlx5e: Refactor ct to use post action infrastructure (Amir Tzin) [2015434] - net/mlx5e: Introduce post action infrastructure (Amir Tzin) [2015434] - net/mlx5e: CT, Use xarray to manage fte ids (Amir Tzin) [2015434] - net/mlx5e: Move sample attribute to flow attribute (Amir Tzin) [2015434] - net/mlx5e: Move esw/sample to en/tc/sample (Amir Tzin) [2015434] - net/mlx5e: Remove mlx5e dependency from E-Switch sample (Amir Tzin) [2015434] - net/mlx5: DR, Fix querying eswitch manager vport for ECPF (Amir Tzin) [2018097] - net/mlx5: DR, Handle eswitch manager and uplink vports separately (Amir Tzin) [2018097] - net/mlx5: DR, Add missing string for action type SAMPLER (Amir Tzin) [2018097] - net/mlx5: DR, init_next_match only if needed (Amir Tzin) [2018097] - net/mlx5: DR, Increase supported num of actions to 32 (Amir Tzin) [2018097] - net/mlx5: DR, Add support for SF vports (Amir Tzin) [2018097] - net/mlx5: DR, Support csum recalculation flow table on SFs (Amir Tzin) [2018097] - net/mlx5: DR, Align error messages for failure to obtain vport caps (Amir Tzin) [2018097] - net/mlx5: DR, Add missing query for vport 0 (Amir Tzin) [2018097] - net/mlx5: DR, Replace local WIRE_PORT macro with the existing MLX5_VPORT_UPLINK (Amir Tzin) [2018097] - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (Dick Kennedy) [1943202] - nvme-tcp: change target from tech-preview to unmaintained (John Meneghini) [2061577] - drm/amd/display: Dont reinitialize DMCUB on s0ix resume (Karol Herbst) [2059680] - tcp: Add snd_wnd to TCP_INFO (Davide Caratti) [2056608] - tcp: Add TCP_INFO counter for packets received out-of-order (Davide Caratti) [2056608] - net/mlx5: Move MODIFY_RQT command to ignore list in internal error state (Amir Tzin) [1982236] - net/mlx5e: Add TX max rate support for MQPRIO channel mode (Amir Tzin) [1982236] - net/mlx5e: Specify SQ stats struct for mlx5e_open_txqsq() (Amir Tzin) [1982236] - net/mlx5e: Allow only complete TXQs partition in MQPRIO channel mode (Amir Tzin) [1982236] - net/mlx5e: Mutually exclude setting of TX-port-TS and MQPRIO in channel mode (Amir Tzin) [1982236] - net/mlx5e: Fix condition when retrieving PTP-rqn (Amir Tzin) [1982236] - net/mlx5: Fix inner TTC table creation (Amir Tzin) [1982236] - net/mlx5e: Fix division by 0 in mlx5e_select_queue for representors (Amir Tzin) [1982236] - net/mlx5e: Improve MQPRIO resiliency (Amir Tzin) [1982236] - net/mlx5e: Support MQPRIO channel mode (Amir Tzin) [1982236] - net/mlx5e: Handle errors of netdev_set_num_tc() (Amir Tzin) [1982236] - net/mlx5e: Maintain MQPRIO mode parameter (Amir Tzin) [1982236] - net/mlx5e: Abstract MQPRIO params (Amir Tzin) [1982236] - net/mlx5e: Support flow classification into RSS contexts (Amir Tzin) [1982236] - net/mlx5e: Support multiple RSS contexts (Amir Tzin) [1982236] - net/mlx5e: Dynamically allocate TIRs in RSS contexts (Amir Tzin) [1982236] - net/mlx5e: Convert RSS to a dedicated object (Amir Tzin) [1982236] - net/mlx5e: Introduce abstraction of RSS context (Amir Tzin) [1982236] - net/mlx5e: Introduce TIR create/destroy API in rx_res (Amir Tzin) [1982236] - net/mlx5e: Do not try enable RSS when resetting indir table (Amir Tzin) [1982236] - net/mlx5: Embed mlx5_ttc_table (Amir Tzin) [1982236] - net/mlx5: Move TTC logic to fs_ttc (Amir Tzin) [1982236] - net/mlx5e: Decouple TTC logic from mlx5e (Amir Tzin) [1982236] - net/mlx5e: Rename some related TTC args and functions (Amir Tzin) [1982236] - net/mlx5e: Rename traffic type enums (Amir Tzin) [1982236] - net/mlx5e: Allocate the array of channels according to the real max_nch (Amir Tzin) [1982236] - net/mlx5e: Hide all implementation details of mlx5e_rx_res (Amir Tzin) [1982236] - net/mlx5e: Introduce mlx5e_channels API to get RQNs (Amir Tzin) [1982236] - net/mlx5e: Use a new initializer to build uniform indir table (Amir Tzin) [1982236] - net/mlx5e: Use the new TIR API for kTLS (Amir Tzin) [1982236] - net/mlx5e: Move management of indir traffic types to rx_res (Amir Tzin) [1982236] - net/mlx5e: Convert TIR to a dedicated object (Amir Tzin) [1982236] - net/mlx5e: Create struct mlx5e_rss_params_hash (Amir Tzin) [1982236] - net/mlx5e: Remove mdev from mlx5e_build_indir_tir_ctx_common() (Amir Tzin) [1982236] - net/mlx5e: Remove lro_param from mlx5e_build_indir_tir_ctx_common() (Amir Tzin) [1982236] - net/mlx5e: Remove mlx5e_priv usage from mlx5e_build_*tir_ctx*() (Amir Tzin) [1982236] - net/mlx5e: Use mlx5e_rqt_get_rqtn to access RQT hardware id (Amir Tzin) [1982236] - net/mlx5e: Take RQT out of TIR and group RX resources (Amir Tzin) [1982236] - net/mlx5e: Move RX resources to a separate struct (Amir Tzin) [1982236] - net/mlx5e: Move mlx5e_build_rss_params() call to init_rx (Amir Tzin) [1982236] - net/mlx5e: Convert RQT to a dedicated object (Amir Tzin) [1982236] - net/mlx5e: Check if inner FT is supported outside of create/destroy functions (Amir Tzin) [1982236] - net/mlx5: Take TIR destruction out of the TIR list lock (Amir Tzin) [1982236] - PCI: pciehp: Ignore Link Down/Up caused by error-induced Hot Reset (Myron Stowe) [2060122] - PCI/portdrv: Rename pm_iter() to pcie_port_device_iter() (Myron Stowe) [2060122] - iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (Jerry Snitselaar) [2062094] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0286 CVE-2022-0322 CVE-2020-0404 CVE-2022-1011 CVE-2020-4788 CVE-2021-21781 CVE-2021-26401 CVE-2021-45485 CVE-2021-43056 CVE-2021-41864 CVE-2020-13974 CVE-2021-4157 CVE-2021-3772 CVE-2021-4083 CVE-2020-27820 CVE-2021-0941 CVE-2021-3744 CVE-2021-3764 CVE-2021-4037 CVE-2021-37159 CVE-2021-3612 CVE-2021-3743 CVE-2021-3752 CVE-2021-3773 CVE-2021-43976 CVE-2021-44733 CVE-2021-4002 CVE-2021-29154 CVE-2021-42739 CVE-2021-43389 CVE-2021-3669 CVE-2021-3759 CVE-2021-4203 CVE-2021-45486 CVE-2021-4197 CVE-2021-20322 CVE-2022-0001 CVE-2022-0002 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:6:baseos_base cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [2.12-11] - Fixed CVE-2021-38185 (#1992511) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-38185 cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/o:oracle:linux:8:6:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/o:oracle:linux:8:8:baseos_base cpe:/o:oracle:linux:8:9:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8:7:baseos_base cpe:/o:oracle:linux:8::baseos_developer Oracle Linux 8 [264.1-1.0.1] - Remove duplicate reference to server in cockpit [Orabug: 33862832] - Update documentation links [Orabug: 32795691] - Make documentation links point to Oracle Linux information [Orabug: 30271413] [Orabug: 32013095] - Fix rendering of hwinfo page on systems with some empty memory slots [Orabug: 32826970] [264.1-1] - metrics: Fix link construction for user services - Translation updates (rhbz#2016998) [264-1] - Metrics: Improve layout on small resolutions - Networking: Fix checkpoint handling and IP settings dialog (rhbz#2056386) - Services: Show error message instead of eternal 'Loading...' state - Accounts: Add override button to confirm weak password - Accounts: Fix parsing of 'last login' date [263-1] - Overview: Show scheduled shutdowns - Networking: Add firewall service description - Shell: Fix browser history [261-1] - shell: Allow adding keys with passphrase [260-1] - Certificate login validation (rhbz#1992620, CVE-2021-3698) - Client: Show previously used hosts - Client: Support port specification - bridge: Warning on missing cockpit-system package [259-1] - Translation updates [258-1] - Tweak login screen UI - Fix SELinux policy installation [257-1] - Support for reading TLS certificates with any permissions - cockpit-ws no longer supports merged certificates - Services: Show user-owned systemd units (rhbz#1792270) [255-1] - Restrict frame embedding to same origin (rhbz#1984902, CVE-2021-3660) - kdump: Show 'Directory' field for NFS mounts (rbhz#2004041) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-3660 CVE-2021-3698 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:6:baseos_base Oracle Linux 8 [8.0p1-13] - Upstream: ClientAliveCountMax=0 disable the connection killing behaviour (#2015828) [8.0p1-12] - Add support for 'Include' directive in sshd_config file (#1926103) [8.0p1-11] - CVE-2021-41617 upstream fix (#2008885) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-41617 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:6:baseos_base cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [1.6.4-36.0.1] - Reduce unnecessary writable mounts in NaiveDiffDriver [Orabug: 31025483] - handle redirect from the docker registry v2 [Orabug: 29874238] (nikita.gerasimov@oracle.com) - remove changes in NaiveDiffDriver [1.6.4-36] - update to the latest content of https://github.com/containers/podman/tree/v1.6.4-rhel (https://github.com/containers/podman/commit/7667df8) [1.6.4-35] - update to the latest content of https://github.com/containers/podman/tree/v1.6.4-rhel (https://github.com/containers/podman/commit/e330751) [1.6.4-34] - fix RHEL7 regressions - thanks to Valentin Rothberg [1.6.4-33] - update to the latest content of https://github.com/containers/podman/tree/v1.6.4-rhel (https://github.com/containers/podman/commit/68af661) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2738 CVE-2022-2739 cpe:/a:oracle:linux:7::developer Oracle Linux 8 [0.9.6-3] - Remove STI tests [0.9.6-2] - Remove bad patch causing errors - Adding BuildRequires for openssh (SSHD support) [0.9.6-1] - Fix CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with different key exchange mechanism - Rebase to version 0.9.6 - Rename SSHD_EXECUTABLE to SSH_EXECUTABLE in tests/torture.c - Resolves: rhbz#1896651, rhbz#1994600 [0.9.4-4] - Revert previous commit as it is incorrect. [0.9.6-1] - Fix CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with different key exchange mechanism (#1978810) LOW Copyright 2022 Oracle, Inc. CVE-2021-3634 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/o:oracle:linux:8:6:baseos_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:7:baseos_base Oracle Linux 8 [1.13.0-6] - Resolves: rhbz#1989425 - CVE-2021-3672 c-ares: missing input validation of host names may lead to Domain Hijacking [rhel-8] MODERATE Copyright 2022 Oracle, Inc. CVE-2021-3672 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/o:oracle:linux:8:8:baseos_base cpe:/o:oracle:linux:8:6:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:7:baseos_base cpe:/o:oracle:linux:8::baseos_developer Oracle Linux 7 [1.17.13-1.0.1] - golang-1.17.13 release - Update tarball and version number in specfile - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [1.17.12-1.0.1] - golang-1.17.12-1 release - Update tarball and version number in specfile - Reviewed-by: Indu Bhagat <indu.bhagat@oracle.com> [1.17.11-1.0.1] - golang-1.17.11-1 package initial release - Add patch to skip ed25519vectors test that fetches a file from the internet - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [1.17.5-1] - golang-1.17.5-1 package initial release, patch to skip ed25519vectors test that fetches a file from the internet. - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [1.17.2-1] - golang-1.17.2-1 package initial release - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [1.17-1] - golang-1.17-1 package initial release - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [1.16.7-1] - golang-1.16.7-1 package initial release - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [1.16.4-1] - golang-1.16.4-1 package initial release - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [1.16.3-1] - golang-1.16.3-1 package initial release - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [1.16.2-1] - golang-1.16.2-1 package initial release - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [1.16-1] - golang-1.16-1 package initial release - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-32189 cpe:/a:oracle:linux:7::developer_golang117 Oracle Linux 7 [1.18.5-1.0.1] - golang-1.18.5 package initial release - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [1.18.4-1.0.1] - golang-1.18.4 package initial release - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [1.18.3-1.0.1] - golang-1.18.3-1 package initial release - Add patch to skip ed25519vectors test that fetches a file from the internet - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [1.17.5-1] - golang-1.17.5-1 package initial release, patch to skip ed25519vectors - test that fetches a file from the internet. - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [1.17.2-1] - golang-1.17.2-1 package initial release - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [1.17-1] - golang-1.17-1 package initial release - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [1.16.7-1] - golang-1.16.7-1 package initial release - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [1.16.4-1] - golang-1.16.4-1 package initial release - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [1.16.3-1] - golang-1.16.3-1 package initial release - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [1.16.2-1] - golang-1.16.2-1 package initial release - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [1.16-1] - golang-1.16-1 package initial release - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-32189 cpe:/a:oracle:linux:7::developer_golang118 Oracle Linux 8 [4.15.5-5] - resolves: rhbz#2064325 - Fix 'create krb5 conf = yes' when a KDC has a single IP address. [4.15.5-4] - resolves: rhbz#2057503 - Fix winbind kerberos ticket refresh [4.15.5-3] - related: rhbz#1979959 - Fix typo in testparm output [4.15.5-2] - resolves: rhbz#1979959 - Improve idmap autorid sanity checks and documentation [4.15.5-1] - resolves: #1995849 - [RFE] Change change password change prompt phrasing - resolves: #2029417 - virusfilter_vfs_openat: Not scanned: Directory or special file [4.15.5-0] - Update to Samba 4.15.5 - related: rhbz#2013596 - Rebase Samba to the the latest 4.15.x release - resolves: rhbz#2046127 - Fix CVE-2021-44141 - resolves: rhbz#2046153 - Fix CVE-2021-44142 - resolves: rhbz#2044404 - Printing no longer works on Windows 7 - resolves: rhbz#2043154 - Fix systemd notifications - resolves: rhbz#2049602 - Disable NTLMSSP for ldap client connections (e.g. libads) [4.15.4-0] - Update to Samba 4.15.4 - related: rhbz#2013596 - Rebase Samba to the the latest 4.15.x release - resolves: rhbz#2039153 - Fix CVE-2021-20316 - resolves: rhbz#1912549 - Winexe: Kerberos flag not invoking Kerberos Auth - resolves: rhbz#2039157 - Fix CVE-2021-43566 - resolves: rhbz#2038148 - Failed to authenticate users after upgrade samba package to release samba-4.14.5-7 - resolves: rhbz#2035528 - [smb] Segmentation fault when joining the domain - resolves: rhbz#2038796 - filename_convert_internal: open_pathref_fsp [xxx] failed: NT_STATUS_ACCESS_DENIED [4.15.3-1] - related: rhbz#2013596 - Rebase to version 4.15.3 - resolves: rhbz#2028029 - Fix possible null pointer dereference in winbind - resolves: rhbz#1912549 - Winexe: Kerberos Auth is respected via --use-kerberos=desired [4.15.2-2] - related: rhbz#2013596 - Remove unneeded lmdb dependency [4.15.2-1] - resolves: rhbz#2013596 - Rebase to version 4.15.2 - resolves: rhbz#1999294 - Remove noisy error message in winbindd - resolves: rhbz#1958881 - Dont require winbind being online for krb5 auth with one-way trusts - resolves: rhbz#2019461 - Fix deleting directories with dangling symlinks [4.14.5-14] - related: rbhz#2019674 - Fix CVE-2020-25717 - Fix running ktest (selftest) [4.14.5-13] - related: rbhz#2019674 - Fix CVE-2020-25717 - Add missing checks for IPA DC server role [4.14.5-12] - related: rbhz#2019674 - Fix regression with 'allow trusted domains = no' [4.14.5-11] - resolves: rhbz#2021425 - Add missing PAC buffer types to krb5pac.idl MODERATE Copyright 2022 Oracle, Inc. CVE-2021-20316 CVE-2021-44141 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:6:baseos_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [5.56-3] + bluez-5.56-3 - Fixing (#2027434) - Fixing CVE-2021-41229 [5.56-2] + bluez-5.56-2 - Fixing (#1968392) - Removing bccmd check from tests [5.56-1] + bluez-5.56-1 - Fixing (#1965057) - Removing bccmd, enabling hid2hci as upstream removed the support in bluez-5.56 LOW Copyright 2022 Oracle, Inc. CVE-2021-41229 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:6:baseos_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [32:9.11.36-2] - Reduce memory used per-view on machine with few processors (#2030239) [32:9.11.36-2] - Rebuilt on a new side-tag (#2013993) [32:9.11.36-1] - Update to 9.11.36 [32:9.11.26-9] - Correct tsig system test [32:9.11.26-8] - Propagate ephemeral port ranges to chroot (#1950714) [32:9.11.26-7] - Do not request softhsm from bind-pkcs11, it is only in modular build (#1934035) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-25219 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:6:baseos_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.02-123.0.1] - backport arm64: Fix EFI loader kernel image allocation [Orabug: 33702462] - backport Arm: check for the PE magic for the compiled arch [Orabug: 33702462] - Backport some better script logic for BTRFS support [Orabug: 32448171] - Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033] - Update Oracle SBAT data [Orabug: 32670033] - Use new signing certificate [Orabug: 32670033] - Fix various coverity issues [Orabug: 32530657] - Set proper blsdir if /boot is on btrfs rootfs [Orabug: 32063327] - Add CVE-2020-15706, CVE-2020-15707 to the list [Orabug: 31225072] - honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497] - set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597] - Update upstream references [Orabug: 26388226] - Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955] - fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481] - Fix comparison in patch for 18504756 - Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481] - Put 'with' in menuentry instead of 'using' [Orabug: 18504756] - Use different titles for UEK and RHCK kernels [Orabug: 18504756] [2.06-123] - Bump for signing - Resolves: #2061252 [2.06-122] - Fix initialization on efidisk patch - Resolves: #2061252 [2.06-121] - Backport support for loading initrd above 4GB - Resolves: #2048433 [2.06-120] - Bump signing - Resolves: #2032294 [2.06-119] - Enable connectefi module - Resolves: #2032294 [2.02-118] - Fix check on blscfg conditional (mlewando) - Resolves: #1899903 [2.02-117] - Once more, for signing - Resolves: #2048904 [2.02-116] - Add efidisk/connectefi patches - Resolves: #2048904 - Resolves: #2032294 [2.02-115] - Re-arm GRUB_ENABLE_BLSCFG=false - Resolves: #1899903 [2.02-114] - Fix behavior of GRUB_TERMINAL_INPUT=at_keyboard - Resolves: #2020927 [2.02-113] - Bump to fix target - Resolves: #1809246 [2.02-112] - Fix DHCP proxy efi booting - Resolves: #1809246 [2.02-111] - Bump to fix target - Resolves: #1914575 [2.02-110] - Dont run grub-boot-success.timer in a nspawn container - Resolves: #1914575 [2.02-109] - Drop prelink snippet - Resolves: #2016269 [2.02-108] - Bump version to fix build target - Resolves: #2030359 [2.02-107] - CVE-2021-3981 (Incorrect read permission in grub.cfg) - Resolves: #2030359 LOW Copyright 2022 Oracle, Inc. CVE-2021-3981 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:6:baseos_base Oracle Linux 8 [5.5.1-9] - do not perform PROMPT_SUBST evaluation on file.file/%K arguments (CVE-2021-45444) [5.5.1-8] - improve printing of error messages introduced by the fix of CVE-2019-20044 [5.5.1-7] - drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-45444 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:6:baseos_base cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [1:1.8.0.332.b09-1] - Update to shenandoah-jdk8u332-b09 (GA) - Update release notes for 8u332-b09. - Resolves: rhbz#2074649 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21426 CVE-2022-21443 CVE-2022-21434 CVE-2022-21476 CVE-2022-21496 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 podman [3.0.1-9] - update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel (https://github.com/containers/podman/commit/801b7e8) - Resolves: #2074143 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1227 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [1.5-11] - fix an arbitrary-file-write vulnerability in zgrep Resolves: CVE-2022-1271 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1271 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 8 [6.0.105-1.0.1] - Add missing Oracle RIDs [6.0.105-1] - Update to .NET SDK 6.0.105 and Runtime 6.0.5 - Resolves: RHBZ#2082267 [6.0.104-2] - Update to .NET SDK 6.0.104 and Runtime 6.0.4 - Resolves: RHBZ#2074640 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-23267 CVE-2022-29145 CVE-2022-29117 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [5.0.214-1.0.1] - Support AArch64 on Oracle Linux [Orabug: 32738620] - Include new Oracle Linux runtime IDs Add 1000-Add-missing-OL-RIDs.patch [5.0.214-1] - Update to .NET SDK 5.0.214 and Runtime 5.0.17 - Resolves: RHBZ#2082258 [5.0.213-2] - Update to .NET SDK 5.0.213 and Runtime 5.0.16 - Resolves: RHBZ#2080053 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29117 CVE-2022-23267 CVE-2022-29145 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:linux:8::codeready_builder_developer Oracle Linux 8 [3.1.3-14.2] - Related: #2074783 - Needed to bump this to rebuild correctly [3.1.3-14.1] - Resolves: #2074783 - A flaw in zlib-1.2.11 when compressing (not decompressing!) certain inputs IMPORTANT Copyright 2022 Oracle, Inc. CVE-2018-25032 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest Oracle Linux 8 [3.1.419-1.0.1] - Add missing Oracle Linux Runtime IDs - Update to .NET SDK 3.1.417 and Runtime 3.1.23 - Resolves: RHBZ#2060566 [3.1.419-1] - Update to .NET SDK 3.1.419 and Runtime 3.1.25 - Resolves: RHBZ#2081443 [3.1.418-1] - Update to .NET SDK 3.1.418 and Runtime 3.1.24 - Resolves: RHBZ#2074654 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-23267 CVE-2022-29117 CVE-2022-29145 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 7 [1.2.7-20] - Resolves: CVE-2018-25032 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2018-25032 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [ - 7:4.11-3.0.1] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2019-12524 CVE-2019-12520 CVE-2019-12523 cpe:/a:oracle:linux:7::developer Oracle Linux 8 subversion [1.10.2-5] - add security fix for CVE-2022-24070 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-24070 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 golang [1.17.13-1.0.1] - Update tarball to 1.17.12 - Add patches between Go 1.17.12 and Go 1.17.13 - Reviewed-by: David Faust <david.faust@oracle.com> [1.17.12-1] - Update Go to version 1.17.12 - Resolves: rhbz#2109182 go-toolset [1.17.13-1] - Set version to correspond to the matching build golang version IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1705 CVE-2022-30631 CVE-2022-30632 CVE-2022-28131 CVE-2022-32148 CVE-2022-1962 CVE-2022-30633 CVE-2022-30630 CVE-2022-30635 CVE-2022-32189 cpe:/a:oracle:linux:8::developer Oracle Linux 8 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1962 CVE-2022-2880 CVE-2022-2879 CVE-2022-28131 CVE-2022-41715 CVE-2022-30633 CVE-2022-27664 CVE-2022-1705 CVE-2022-30631 CVE-2022-32148 CVE-2022-32190 CVE-2022-32189 CVE-2022-30630 CVE-2022-30632 CVE-2022-41716 CVE-2022-30635 cpe:/a:oracle:linux:8::developer Oracle Linux 8 Oracle Linux 9 IMPORTANT Copyright 2022 Oracle, Inc. cpe:/a:oracle:linux:9::developer_UEKR7 cpe:/a:oracle:linux:8::developer_UEKR7 Oracle Linux 9 [1.10-9] - fix an arbitrary-file-write vulnerability in zgrep Resolves: CVE-2022-1271 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1271 cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.2.11-31.1] - Fix CVE-2018-25032 Resolves: CVE-2018-25032 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2018-25032 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [6.0.105-1.0.1] - Add missing Oracle RIDs - Build all packages on source-build even when in servicing [6.0.105-1] - Update to .NET SDK 6.0.105 and Runtime 6.0.5 - Resolves: RHBZ#2082268 [6.0.104-1] - Update to .NET SDK 6.0.104 and Runtime 6.0.4 - Resolves: RHBZ#2080460 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-23267 CVE-2022-29145 CVE-2022-29117 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [91.9.0-3.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.9.0-3] - Update to 91.9.0 build3 [91.9.0-2] - Update to 91.9.0 build2 [91.9.0-1] - Update to 91.9.0 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29912 CVE-2022-29916 CVE-2022-29911 CVE-2022-29917 CVE-2022-29909 CVE-2022-29913 CVE-2022-1520 CVE-2022-29914 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [91.9.0-1.0.1] - Replaced upstream package with oracle-indexhtml [Orabug: 33802044] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Removed Upstream references [91.9.0-1] - Update to 91.9.0 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29911 CVE-2022-29914 CVE-2022-29916 CVE-2022-29912 CVE-2022-29909 CVE-2022-29917 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.14.1-5] - Fix for CVE-2022-24070 (#2076565) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-24070 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [3.2.3-9.1] - Resolves: #2074784 - A flaw found in zlib v1.2.2.2 through zlib v1.2.11 when compressing certain inputs IMPORTANT Copyright 2022 Oracle, Inc. CVE-2018-25032 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 7 [3.10.0-1160.66.1.OL7] - Update Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.9 - Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin) [3.10.0-1160.66.1] - net-sysfs: add check for netdevice being present to speed_show (William Zhao) [2055457] - CI: Drop baseline runs (Veronika Kabatova) - perf/x86/intel: Add more Icelake CPUIDs (Michael Petlan) [2072317] - perf vendor events intel: Add Icelake V1.00 event file (Michael Petlan) [2072317] - perf vendor events intel: Add core event list for Icelake Server (Michael Petlan) [2072317] [3.10.0-1160.65.1] - CI: Remove deprecated option (Veronika Kabatova) - RDMA/core: Fix panic when port_pkey_list isn't initialized (Kamal Heib) [2046571] [3.10.0-1160.64.1] - cgroup-v1: Require capabilities to set release_agent (Waiman Long) [2052162] {CVE-2022-0492} [3.10.0-1160.63.1] - NFSv4: Set the connection timeout to match the lease period (Benjamin Coddington) [2066699] - SUNRPC: Allow changing of the TCP timeout parameters on the fly (Benjamin Coddington) [2066699] - SUNRPC: Refactor TCP socket timeout code into a helper function (Benjamin Coddington) [2066699] - SUNRPC: Remove unused function rpc_get_timeout() (Benjamin Coddington) [2066699] - kernel/timer: Fix incorrect assertion in requeue_timers() (Waiman Long) [2048502] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0492 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [91.9.1-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Enabled aarch64 build [91.9.1-1] - Update to 91.9.1 build1 CRITICAL Copyright 2022 Oracle, Inc. CVE-2022-1529 CVE-2022-1802 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [91.9.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [91.9.1-1] - Update to 91.9.1 build1 CRITICAL Copyright 2022 Oracle, Inc. CVE-2022-1802 CVE-2022-1529 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [91.9.1-1.0.1] - Replaced upstream package with oracle-indexhtml [Orabug: 33802044] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Removed Upstream references [91.9.1-1] - Update to 91.9.1 build1 CRITICAL Copyright 2022 Oracle, Inc. CVE-2022-1529 CVE-2022-1802 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [91.9.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [91.9.1-1] - Update to 91.9.1 build1 CRITICAL Copyright 2022 Oracle, Inc. CVE-2022-1529 CVE-2022-1802 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [13.7-1] - Resolves: CVE-2022-1552 - Update to 13.7 - Release notes: https://www.postgresql.org/docs/release/13.7/ IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1552 cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [91.9.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.9.1-1] - Update to 91.9.1 build1 CRITICAL Copyright 2022 Oracle, Inc. CVE-2022-1529 CVE-2022-1802 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [91.9.1-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.9.1-1] - Update to 91.9.1 build1 CRITICAL Copyright 2022 Oracle, Inc. CVE-2022-1529 CVE-2022-1802 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [8.2102.0-101.1] - Address CVE-2022-24903, Heap-based overflow in TCP syslog server resolves: rhbz#2081402 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-24903 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 nodejs [1:16.14.0-4] - Apply lock file validation fixes - Resolves CVE-2021-43616 - Resolves: RHBZ#2070012 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-43616 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 maven-shared-utils [3.2.1-0.4] - Build with OpenJDK 8 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29599 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::ovirt45_extras cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 maven-shared-utils [3.2.1-0.2] - Fix commandline injection vulnerability - Resolves: CVE-2022-29599 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29599 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_beta cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [8.2102.0-7.1] - Address CVE-2022-24903, Heap-based overflow in TCP syslog server resolves: rhbz#2081400 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-24903 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [8.24.0-57.0.4.el7_9.3] - Newer gcc complains about implicit declaration of prctl. Added header file to quiesce the compiler [8.24.0-57.3] - Address CVE-2022-24903, Heap-based overflow in TCP syslog server resolves: rhbz#2081395 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-24903 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 Oracle Linux 8 [10.21-2] - Resolves: CVE-2022-1552 - Release bump due to wrongly reported CVE of libpq Build after reverted changes in libpq package [10.21-1] - Resolves: CVE-2022-1552 - Update to 10.21 - Release notes: https://www.postgresql.org/docs/release/10.21/ [10.19-2] - Add missing files into file section of server package postgresql-setup v8.6 newly provides postgresql-upgrade IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1552 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 postgresql [12.11-2] - Resolves: CVE-2022-1552 - Release bump due to wrongly reported CVE of libpq Build after reverted changes in libpq package [12.11-1] - Resolves: CVE-2022-1552 - Update to 12.11 - Release notes: https://www.postgresql.org/docs/release/12.11/ IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1552 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 postgresql [13.7-2] - Resolves: CVE-2022-1552 - Release bump due to wrongly reported CVE of libpq Build after reverted changes in libpq package [13.7-1] - Resolves: CVE-2022-1552 - Update to 13.7 - Release notes: https://www.postgresql.org/docs/release/13.7/ IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1552 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 7 [91.10.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Enabled aarch64 build [91.10.0-1] - Update to 91.10.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31737 CVE-2022-31736 CVE-2022-31747 CVE-2022-31740 CVE-2022-31741 CVE-2022-31738 CVE-2022-31742 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [91.10.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.10.0-1] - Update to 91.10.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31738 CVE-2022-31747 CVE-2022-31737 CVE-2022-31740 CVE-2022-31736 CVE-2022-31741 CVE-2022-31742 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [91.10.0-1.0.1] - Replaced upstream package with oracle-indexhtml [Orabug: 33802044] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Removed Upstream references [91.10.0-1] - Update to 91.10.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31738 CVE-2022-31741 CVE-2022-31747 CVE-2022-31740 CVE-2022-31742 CVE-2022-31737 CVE-2022-31736 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [91.10.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [91.10.0-1] - Update to 91.10.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31740 CVE-2022-31747 CVE-2022-31736 CVE-2022-31741 CVE-2022-31742 CVE-2022-31738 CVE-2022-1834 CVE-2022-31737 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [91.10.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [91.10.0-1] - Update to 91.10.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31738 CVE-2022-31740 CVE-2022-31736 CVE-2022-31742 CVE-2022-1834 CVE-2022-31747 CVE-2022-31737 CVE-2022-31741 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [91.10.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.10.0-1] - Update to 91.10.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31747 CVE-2022-31741 CVE-2022-1834 CVE-2022-31737 CVE-2022-31738 CVE-2022-31742 CVE-2022-31736 CVE-2022-31740 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:1.1.1k-4.0.1] - Backport upstream PRs 18446 and 18481 which update certificates used for the self-tests [Orabug: 34326055] [1:1.1.1k-4] - Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates Resolves: rhbz#2063147 - Disable FIPS mode; it does not work and will not be certified Resolves: rhbz#2091968 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0778 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 7 [12.1.0-8] - Security fix for CVE-2022-24801: Possible http request smuggling Resolves: rhbz#2073114 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-24801 cpe:/a:oracle:linux:7::optional_latest Oracle Linux 9 [5.2.5-8] - Fix arbitrary file write vulnerability Resolves: CVE-2022-1271 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1271 cpe:/o:oracle:linux:9:1:baseos_base cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_developer cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9:4:baseos_base cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:2:baseos_base Oracle Linux 8 subversion [1.14.1-2] - add fix for CVE-2022-24070 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-24070 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 9 [1:2.3.3op2-13.1] - CVE-2022-26691 cups: authorization bypass when using 'local' authorization IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-26691 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 [5.2.4-4] - Fix arbitrary file write vulnerability Resolves: CVE-2022-1271 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1271 cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ol8 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder_developer cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/o:oracle:linux:8:8:baseos_base cpe:/o:oracle:linux:8:9:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8:7:baseos_base cpe:/o:oracle:linux:8::baseos_developer cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [6.0.106-1.0.1] - Add missing Oracle RIDs [6.0.106-1] - Update to .NET SDK 6.0.106 and Runtime 6.0.6 - Resolves: RHBZ#2093432 [6.0.105-1] - Update to .NET SDK 6.0.105 and Runtime 6.0.5 - Resolves: RHBZ#2082267 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-30184 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [6.0.106-1.0.1] - Add missing Oracle RIDs - Build all packages on source-build even when in servicing [6.0.106-1] - Update to .NET SDK 6.0.106 and Runtime 6.0.6 - Resolves: RHBZ#2093433 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-30184 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 7 [5.2.2-2] - Fix CVE-2022-1271 Resolves: CVE-2022-1271 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1271 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 8 [1:2.2.6-45.2] - CVE-2022-26691 cups: authorization bypass when using 'local' authorization [1:2.2.6-45.1] - 2073531 - 30-second delays printing to Windows 2016 server via HTTPS IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-26691 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [3.1.420-1.0.1] - Add missing Oracle Linux Runtime IDs - Update to .NET SDK 3.1.417 and Runtime 3.1.23 - Resolves: RHBZ#2060566 [3.1.420-1] - Update to .NET SDK 3.1.420 and Runtime 3.1.26 - Resolves: RHBZ#2096319 [3.1.419-1] - Update to .NET SDK 3.1.419 and Runtime 3.1.25 - Resolves: RHBZ#2081443 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-30184 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [2.02-123.0.4.el8_6.8] - enable multiboot2 [Orabug: 34285558] - backport arm64: Fix EFI loader kernel image allocation [Orabug: 33702462] - backport Arm: check for the PE magic for the compiled arch [Orabug: 33702462] - Backport some better script logic for BTRFS support [Orabug: 32448171] - Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033] - Update Oracle SBAT data [Orabug: 32670033] - Use new signing certificate [Orabug: 32670033] - Fix various coverity issues [Orabug: 32530657] - Set proper blsdir if /boot is on btrfs rootfs [Orabug: 32063327] - Add CVE-2020-15706, CVE-2020-15707 to the list [Orabug: 31225072] - honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497] - set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597] - Update upstream references [Orabug: 26388226] - Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955] - fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481] - Fix comparison in patch for 18504756 - Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481] - Put 'with' in menuentry instead of 'using' [Orabug: 18504756] - Use different titles for UEK and RHCK kernels [Orabug: 18504756] [2.06-123.el8_6.8] - CVE fixes for 2022-06-07 - CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 - CVE-2021-3697 CVE-2021-3696 CVE-2021-3695 - Resolves: #2031899 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-28733 CVE-2022-28735 CVE-2021-3695 CVE-2021-3697 CVE-2022-28736 CVE-2022-28737 CVE-2021-3696 CVE-2022-28734 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest Oracle Linux 9 [2.06-27.0.5.el9_0.7] - Replaced bugzilla.oracle.com references [Orabug: 34202300] - Update provided certificate version to 202204 [JIRA: OLDIS-16371] - Various coverity fixes [JIRA: OLDIS-16371] - bump SBAT generation - Update bug url [Orabug: 34202300] - Revert provided certificate version back to 202102 [JIRA: OLDIS-16371] - Update signing certificate [JIRA: OLDIS-16371] - fix SBAT data [JIRA: OLDIS-16371] - Update requires [JIRA: OLDIS-16371] - Rebuild for SecureBoot signatures [Orabug: 33801813] - Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033] - Update Oracle SBAT data [Orabug: 32670033] - Use new signing certificate [Orabug: 32670033] - honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497] - set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597] - Update upstream references [Orabug: 26388226] - Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955] - Put 'with' in menuentry instead of 'using' [Orabug: 18504756] - Use different titles for UEK and RHCK kernels [Orabug: 18504756] [2.06-27.el9_0.7] - CVE fixes for 2022-06-07 - CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 - CVE-2021-3697 CVE-2021-3696 CVE-2021-3695 - Resolves: #2089810 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-3695 CVE-2022-28737 CVE-2022-28734 CVE-2022-28736 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28735 cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 7 [9.2.24-8] - Resolves: CVE-2022-1552 - Backport upstrem fix: a117cebd638dd02e5c2e791c25e43745f233111b IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1552 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 httpd [2.4.37-47.0.1.2] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-47.2] - Resolves: #2097247 - CVE-2020-13950 httpd:2.4/httpd: mod_proxy NULL pointer dereference LOW Copyright 2022 Oracle, Inc. CVE-2020-13950 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 7 [3.10.0-1160.71.1.0.1] - debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499} [3.10.0-1160.71.1.OL7] - Update Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.9 - Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin) [3.10.0-1160.71.1] - netfilter: nf_tables: disallow non-stateful expression in sets earlier (Phil Sutter) [2093000] {CVE-2022-1966} - netfilter: nf_tables: fix memory leak if expr init fails (Phil Sutter) [2093000] [3.10.0-1160.70.1] - perf: Fix sys_perf_event_open() race against self (Michael Petlan) [2087954] [3.10.0-1160.69.1] - mm: memcg: charge memsw as well in __GFP_NOFAIL case (Rafael Aquini) [2082564] [3.10.0-1160.68.1] - libceph: fix potential use-after-free on linger ping and resends (Ilya Dryomov) [2088025] - xfs: use length to balance duplicate bno buffers in perag rb_tree (Brian Foster) [2050464] - sock: sock_dequeue_err_skb() needs hard irq safety (Kenneth Yin) [2070408] [3.10.0-1160.67.1] - mm/rmap.c: explicitly reset vma->anon_vma in unlink_anon_vmas() (Rafael Aquini) [1824109 2069962] - mm/rmap.c: don't reuse anon_vma if we just want a copy (Rafael Aquini) [1824109 2069962] - mm/mmap.c: rb_parent is not necessary in __vma_link_list() (Rafael Aquini) [1824109 2069962] - mm/mmap.c: extract __vma_unlink_list() as counterpart for __vma_link_list() (Rafael Aquini) [1824109 2069962] - mm/mmap.c: __vma_unlink_prev() is not necessary now (Rafael Aquini) [1824109 2069962] - mm/mmap.c: prev could be retrieved from vma->vm_prev (Rafael Aquini) [1824109 2069962] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21499 CVE-2022-1966 CVE-2022-1729 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [15.1.0-7] - Security fix for CVE-2019-20916 for the bundled pip wheel Resolves: rhbz#1868135 MODERATE Copyright 2022 Oracle, Inc. CVE-2019-20916 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [2.7.5-92.0.1] - Add Oracle Linux distribution in platform.py [orabug 20812544] [2.7.5-92] - Security fix for CVE-2021-3177 Resolves: rhbz#1918168 [2.7.5-91] - Security fixes for CVE-2020-26116, CVE-2020-26137 and CVE-2022-0391 - Test fixes for the latest expat security release - Update the certificates utilized in the test suite Resolves: rhbz#1883014, rhbz#1883632, rhbz#2047376, rhbz#1896494 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-3177 CVE-2020-26116 CVE-2020-26137 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 Oracle Linux 7 [1.3.10.2-16] - Bump version to 1.3.10.2-16 - Resolves: Bug 2077395 - CVE-2022-0918 389-ds:1.4/389-ds-base: sending crafted message could result in DoS - Resolves: Bug 2014768 - Log the Auto Member invalid regex rules in the LDAP errors log - Resolves: Bug 2018153 - RFE - Provide an option to abort an Auto Member rebuild task - Resolves: Bug 2093294 - CVE-2022-0996 389-ds:1.4/389-ds-base: expired password was still allowed to access the database MODERATE Copyright 2022 Oracle, Inc. CVE-2022-0918 CVE-2022-0996 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [8.2.2637-16.0.1] - - Remove upstream references [Orabug: 31197557] [2:8.2.2637-16.2] - CVE-2022-1621 vim: heap buffer overflow - CVE-2022-1629 vim: buffer over-read [2:8.2.2637-16.1] - CVE-2022-0554 vim: Use of Out-of-range Pointer Offset in vim prior - CVE-2022-0943 vim: Heap-based Buffer Overflow occurs in vim - CVE-2022-1154 vim: use after free in utf_ptr2char - CVE-2022-1420 vim: Out-of-range Pointer Offset MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1621 CVE-2022-1154 CVE-2022-0943 CVE-2022-1629 CVE-2022-0554 CVE-2022-1420 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [ 2.2.10-12.2] - Improve fix for CVE-2022-25313 - Related: CVE-2022-25313 [ 2.2.10-12.1] - Fix multiple CVEs - Resolves: CVE-2022-25314 - Resolves: CVE-2022-25313 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-25313 CVE-2022-25314 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [7.76.1-14.el9_0.4] - fix too eager reuse of TLS and SSH connections (CVE-2022-27782) [7.76.1-14.el9_0.3] - fix leak of SRP credentials in redirects (CVE-2022-27774) [7.76.1-14.el9_0.2] - add missing tests to Makefile [7.76.1-14.el9_0.1] - fix credential leak on redirect (CVE-2022-27774) - fix auth/cookie leak on redirect (CVE-2022-27776) - fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-27774 CVE-2022-27782 CVE-2022-22576 CVE-2022-27776 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [5.14.0-70.17.1.0.1_0.OL9] - lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34290418] {CVE-2022-21499} [5.14.0-70.17.1_0.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 < 15.3-1.0.4 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] [5.14.0-70.17.1_0] - netfilter: nf_tables: disallow non-stateful expression in sets earlier (Phil Sutter) [2092994 2092995] {CVE-2022-1966} - thunderx nic: mark device as unmaintained (Inigo Huguet) [2092638 2060285] - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (Steve Best) [2092255 2067770] - perf: Fix sys_perf_event_open() race against self (Michael Petlan) [2087963 2087964] {CVE-2022-1729} - spec: Fix separate tools build (Jiri Olsa) [2090852 2054579] - mm: lru_cache_disable: replace work queue synchronization with synchronize_rcu (Marcelo Tosatti) [2086963 2033500] [5.14.0-70.16.1_0] - dm integrity: fix memory corruption when tag_size is less than digest size (Benjamin Marzinski) [2082187 2081778] [5.14.0-70.15.1_0] - CI: Use zstream builder image (Veronika Kabatova) - tcp: drop the hash_32() part from the index calculation (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} - tcp: increase source port perturb table to 2^16 (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} - tcp: dynamically allocate the perturb table used by source ports (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} - tcp: add small random increments to the source port (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} - tcp: resalt the secret every 10 seconds (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} - tcp: use different parts of the port_offset for index and offset (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} - secure_seq: use the 64 bits of the siphash for port offset calculation (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} - Revert 'netfilter: conntrack: tag conntracks picked up in local out hook' (Florian Westphal) [2085480 2061850] - Revert 'netfilter: nat: force port remap to prevent shadowing well-known ports' (Florian Westphal) [2085480 2061850] - redhat/koji/Makefile: Decouple koji Makefile from Makefile.common (Andrea Claudi) - redhat: fix make {distg-brew,distg-koji} (Andrea Claudi) - esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) [2082950 2082951] {CVE-2022-27666} - esp: Fix possible buffer overflow in ESP transformation (Sabrina Dubroca) [2082950 2082951] {CVE-2022-27666} - sctp: use the correct skb for security_sctp_assoc_request (Ondrej Mosnacek) [2084044 2078856] - security: implement sctp_assoc_established hook in selinux (Ondrej Mosnacek) [2084044 2078856] - security: add sctp_assoc_established hook (Ondrej Mosnacek) [2084044 2078856] - security: call security_sctp_assoc_request in sctp_sf_do_5_1D_ce (Ondrej Mosnacek) [2084044 2078856] - security: pass asoc to sctp_assoc_request and sctp_sk_clone (Ondrej Mosnacek) [2084044 2078856] [5.14.0-70.14.1_0] - PCI: hv: Propagate coherence from VMbus device to PCI device (Vitaly Kuznetsov) [2074830 2068432] - Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (Vitaly Kuznetsov) [2074830 2068432] - redhat: rpminspect: disable 'patches' check for known empty patch files (Herton R. Krzesinski) - redhat/configs: make SHA512_arch algos and CRYPTO_USER built-ins (Vladis Dronov) [2072643 2070624] - CI: Drop baseline runs (Veronika Kabatova) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1966 CVE-2022-27666 CVE-2022-1729 CVE-2022-1012 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.9.13-1.1] - Fix CVE-2022-29824 (#2082299) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-29824 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [10.37-5] - Explicitly require uft subpackages in tools subpackage [10.37-4] - Resolves: CVE-2022-1586 CVE-2022-1587 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1587 CVE-2022-1586 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.5.3-2] - Resolves: CVE-2022-26280 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-26280 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.19.3-2] - CVE-2022-1215: fix a format string vulnerability (#2076816) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1215 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [6.2.0-11.el9_0.3] - kvm-RHEL-disable-seqpacket-for-vhost-vsock-device-in-rhe.patch [bz#2071102] - kvm-virtio-net-fix-map-leaking-on-error-during-receive.patch [bz#2075635] - kvm-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch [bz#2075640] - Resolves: bz#2071102 (RHEL 9.0 guest with vsock device migration failed from RHEL 9.0 > RHEL 8.6 [rhel-9.0.0.z]) - Resolves: bz#2075635 (CVE-2022-26353 qemu-kvm: QEMU: virtio-net: map leaking on error during receive [rhel-9] [rhel-9.0.0.z]) - Resolves: bz#2075640 (CVE-2022-26354 qemu-kvm: QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak [rhel-9] [rhel-9.0.0.z]) [6.2.0-11.el9_0.2] - kvm-pci-expose-TYPE_XIO3130_DOWNSTREAM-name.patch [bz#2053584] - kvm-acpi-pcihp-pcie-set-power-on-cap-on-parent-slot.patch [bz#2053584] - kvm-vmxcap-Add-5-level-EPT-bit.patch [bz#2038051] - kvm-i386-Add-Icelake-Server-v6-CPU-model-with-5-level-EP.patch [bz#2038051] - kvm-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch [bz#2043531] - kvm-tests-acpi-whitelist-expected-blobs-before-changing-.patch [bz#2043531] - kvm-tests-acpi-add-SLIC-table-test.patch [bz#2043531] - kvm-tests-acpi-SLIC-update-expected-blobs.patch [bz#2043531] - kvm-tests-acpi-manually-pad-OEM_ID-OEM_TABLE_ID-for-test.patch [bz#2043531] - kvm-tests-acpi-whitelist-nvdimm-s-SSDT-and-FACP.slic-exp.patch [bz#2043531] - kvm-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch [bz#2043531] - kvm-tests-acpi-update-expected-blobs.patch [bz#2043531] - kvm-tests-acpi-test-short-OEM_ID-OEM_TABLE_ID-values-in-.patch [bz#2043531] - kvm-rhel-workaround-for-lack-of-binary-patches-in-SRPM.patch [bz#2043531] - Resolves: bz#2053584 (watchdog: BUG: soft lockup - CPU#3 stuck for 22s! [cat:2843]) - Resolves: bz#2038051 (Win11 (q35+edk2) guest broke after install wsl2 through 'wsl --install -d Ubuntu-20.04') - Resolves: bz#2043531 (Guest can not start with SLIC acpi table) [6.2.0-11.el9_0.1] - kvm-RHEL-mark-old-machine-types-as-deprecated.patch [bz#2052050] - kvm-hw-virtio-vdpa-Fix-leak-of-host-notifier-memory-regi.patch [bz#2059786] - kvm-spec-Fix-obsolete-for-spice-subpackages.patch [bz#2059175 bz#2059146] - kvm-spec-Obsolete-old-usb-redir-subpackage.patch [bz#2059175 bz#2059146] - kvm-spec-Obsolete-ssh-driver.patch [bz#2059175 bz#2059146] MODERATE Copyright 2022 Oracle, Inc. CVE-2022-26354 CVE-2022-26353 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [1.8.5-7] - Fix CVE-2021-33560 (#2018525) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-40528 cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ol8 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/o:oracle:linux:8:8:baseos_base cpe:/o:oracle:linux:8:9:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8:7:baseos_base cpe:/o:oracle:linux:8::baseos_developer Oracle Linux 8 [7.61.1-22.el8_6.3] - fix too eager reuse of TLS and SSH connections (CVE-2022-27782) [7.61.1-22.el8_6.2] - fix invalid type in printf() argument detected by Coverity [7.61.1-22.el8_6.1] - fix credential leak on redirect (CVE-2022-27774) - fix auth/cookie leak on redirect (CVE-2022-27776) - fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-27776 CVE-2022-22576 CVE-2022-27782 CVE-2022-27774 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest Oracle Linux 8 [2.2.5-8.0.1.2] - lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314] [2.2.5-8.2] - Improve fix for CVE-2022-25313 - Related: CVE-2022-25313 [2.2.5-8.1] - Fix multiple CVEs - Resolves: CVE-2022-25314 - Resolves: CVE-2022-25313 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-25313 CVE-2022-25314 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest Oracle Linux 8 [4.18.0-372.13.1.0.1_6.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-11.0.5 - debug: lockdown kgdb [Orabug: 34270802] {CVE-2022-21499} [4.18.0-372.13.1_6] - openvswitch: always update flow key after nat (Aaron Conole) [2068476 2066885] - KVM: PPC: Fix TCE handling for VFIO (Daniel Henrique Barboza) [2085572 2062687] - rfkill: make new event layout opt-in (Jose Ignacio Tornos Martinez) [2087641 2023175] - ASoC: Intel: soc-acpi: add entries in ADL match table (Jaroslav Kysela) [2090423 2052011] - isert: support for unsolicited NOPIN with no response (Maurizio Lombardi) [2079433 2035915] - iscsit: increment max_cmd_sn for isert on command release (Maurizio Lombardi) [2079433 2035915] - net: tcp better handling of reordering then loss cases (Marcelo Ricardo Leitner) [2080972 2074566] - tcp: tcp_mark_head_lost is only valid for sack-tcp (Marcelo Ricardo Leitner) [2080972 2074566] [4.18.0-372.12.1_6] - sctp: use the correct skb for security_sctp_assoc_request (Xin Long) [2070959] - net/mlx5e: Fix wrong source vport matching on tunnel rule (Amir Tzin) [2088610] - net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (Amir Tzin) [2088611] - net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte (Amir Tzin) [2088611] - net/mlx5: DR, Cache STE shadow memory (Amir Tzin) [2075553] - net/mlx5: DR, Fix the threshold that defines when pool sync is initiated (Amir Tzin) [2075553] - drm/i915/display: Remove check for low voltage sku for max dp source rate (Jocelyn Falempe) [2066644] - net/mlx5: DR, Ignore modify TTL on RX if device doesn't support it (Amir Tzin) [2088638] - net/mlx5: Bridge, Fix devlink deadlock on net namespace deletion (Amir Tzin) [2081011] - net/mlx5e: TC, Skip redundant ct clear actions (Amir Tzin) [2079918] - net/mlx5e: TC, fix decap fallback to uplink when int port not supported (Amir Tzin) [2088639] - CI: Use zstream builder image (Veronika Kabatova) - ice: Allow to pass VLAN tagged packets to VF when port VLAN is configured (Petr Oros) [2081794] - ice: clear stale Tx queue settings before configuring (Petr Oros) [2081794] - ice: fix crash when writing timestamp on RX rings (Petr Oros) [2081794] - ice: Fix race during aux device (un)plugging (Petr Oros) [2081794] - ice: fix PTP stale Tx timestamps cleanup (Petr Oros) [2081794] - ice: ice_sched: fix an incorrect NULL check on list iterator (Petr Oros) [2081794] - ice: fix use-after-free when deinitializing mailbox snapshot (Petr Oros) [2081794] - ice: wait 5 s for EMP reset after firmware flash (Petr Oros) [2081794] - ice: Protect vf_state check by cfg_lock in ice_vc_process_vf_msg() (Petr Oros) [2081794] - ice: Fix incorrect locking in ice_vc_process_vf_msg() (Petr Oros) [2081794] - ice: Fix memory leak in ice_get_orom_civd_data() (Petr Oros) [2081794] - ice: fix crash in switchdev mode (Petr Oros) [2081794] - Revert 'iavf: Fix deadlock occurrence during resetting VF interface' (Petr Oros) [2081794] - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (Petr Oros) [2081794] - ice: clear cmd_type_offset_bsz for TX rings (Petr Oros) [2081794] - ice: xsk: fix VSI state check in ice_xsk_wakeup() (Petr Oros) [2081794] - ice: synchronize_rcu() when terminating rings (Petr Oros) [2081794] - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (Petr Oros) [2081794] - ice: Set txq_teid to ICE_INVAL_TEID on ring creation (Petr Oros) [2081794] - ice: Fix broken IFF_ALLMULTI handling (Petr Oros) [2081794] - ice: Fix MAC address setting (Petr Oros) [2081794] - openvswitch: Fix setting ipv6 fields causing hw csum failure (Eelco Chaudron) [2086549] - sched/cputime, proc/stat: Fix incorrect guest nice cpustat value (Waiman Long) [2084138] - procfs: Use all-in-one vtime aware kcpustat accessor (Waiman Long) [2084138] - procfs: Use vtime aware kcpustat accessor to fetch CPUTIME_SYSTEM (Waiman Long) [2084138] - proc: read kernel cpu stat pointer once (Waiman Long) [2084138] - proc: use 'unsigned int' in /proc/stat hook (Waiman Long) [2084138] - sched/cputime: Support other fields on kcpustat_field() (Waiman Long) [2084138] - sched/cputime: Add vtime guest task state (Waiman Long) [2084138] - sched/cputime: Add vtime idle task state (Waiman Long) [2084138] - sched/cputime: Spare a seqcount lock/unlock cycle on context switch (Waiman Long) [2084138] - sched/vtime: Move task_struct_rh->vtime_cpu back to vtime structure (Waiman Long) [2084138] - net: openvswitch: fix leak of nested actions (Eelco Chaudron) [2086590] - net/sched: fix initialization order when updating chain 0 head (Marcelo Ricardo Leitner) [2074221] - PCI: hv: Propagate coherence from VMbus device to PCI device (Vitaly Kuznetsov) [2074829] - Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (Vitaly Kuznetsov) [2074829] [4.18.0-372.11.1_6] - Revert 'xfs: actually bump warning counts when we send warnings' (Carlos Maiolino) [2071713] - SUNRPC: use different lock keys for INET6 and LOCAL (Guillaume Nault) [2079856] - Revert 'netfilter: conntrack: tag conntracks picked up in local out hook' (Florian Westphal) [2065266] - Revert 'netfilter: nat: force port remap to prevent shadowing well-known ports' (Florian Westphal) [2065266] - KVM: PPC: Book3S HV: Add infrastructure to support 2nd DAWR (Laurent Vivier) [2079069] - KVM: PPC: Book3S HV: Rename current DAWR macros and variables (Laurent Vivier) [2079069] - esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) [2062114] {CVE-2022-27666} - esp: Fix possible buffer overflow in ESP transformation (Sabrina Dubroca) [2062114] {CVE-2022-27666} - NFS: Don't loop forever in nfs_do_recoalesce() (Scott Mayhew) [2080998] [4.18.0-372.10.1_6] - Fonts: Replace discarded const qualifier (Nico Pache) [2064762] - Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Nico Pache) [2064762] - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Nico Pache) [2064762] - CI: Drop baseline runs (Veronika Kabatova) - redhat: drop the -sha512 suffix from default rhpkg invocation (Jarod Wilson) - redhat: switch release to zstream (Augusto Caringi) - ceph: fix possible NULL pointer dereference for req->r_session (Xiubo Li) [2080071] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2020-28915 CVE-2022-27666 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [2.9.7-13.1] - Fix CVE-2022-29824 (#2082297) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-29824 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2:8.0.1763-19.0.1.2] - Remove upstream references [Orabug: 31197557] - Added glibc-gconv-extra to common requires to provide ISO-8859-2 [Orabug: 34114984] [2:8.0.1763-19.2] - CVE-2022-1621 vim: heap buffer overflow - CVE-2022-1629 vim: buffer over-read [2:8.0.1763-19.1] - CVE-2022-1154 vim: use after free in utf_ptr2char [2:8.0.1763-19] - CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository [2:8.0.1763-18] - CVE-2022-0392 vim: heap-based buffer overflow in getexmodeline() in ex_getln.c - CVE-2022-0413 vim: use after free in src/ex_cmds.c [2:8.0.1763-18] - fix test suite after fix for CVE-2022-0318 - CVE-2022-0359 vim: heap-based buffer overflow in init_ccline() in ex_getln.c [2:8.0.1763-18] - CVE-2022-0261 vim: Heap-based Buffer Overflow in block_insert() in src/ops.c - CVE-2022-0318 vim: heap-based buffer overflow in utf_head_off() in mbyte.c [2:8.0.1763-18] - CVE-2021-4193 vim: vulnerable to Out-of-bounds Read - CVE-2021-4192 vim: vulnerable to Use After Free [2:8.0.1763-18] - 2028341 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-8.6.0] - 2028430 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in src/help.c [rhel-8.6.0] [2:8.0.1763-17] - 2016201 - CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c [rhel-8.6.0] MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1629 CVE-2022-1621 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1:1.0.2o-4] - Fix CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates Resolves: rhbz#2077417 LOW Copyright 2022 Oracle, Inc. CVE-2022-0778 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 Oracle Linux 8 [1.16.3-3] - Fix a format string vulnerability in the device name logging (#2076815) CVE-2022-1215 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1215 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:linux:8::codeready_builder_developer Oracle Linux 8 delve [1.7.2-1.0.1] - Disable DWARF compression which has issues (Alex Burmashev) [1.7.2-1] - Rebase to 1.7.2 - Related: rhbz#2014088 golang [1.17.10-1] - Rebase to Go 1.17.10 - Resolves: rhbz#2091077 go-toolset [1.17.10-1] - Rebase to Go 1.17.10 - Resolves: rhbz#2091077 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-29526 CVE-2022-28327 CVE-2022-24675 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 ruby [2.6.10-109] - Upgrade to Ruby 2.6.10. Resolves: rhbz#2088415 - Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739 - Fix FTBFS due to an incompatible load directive. - Fix a fiddle import test on an optimized glibc on Power 9. MODERATE Copyright 2022 Oracle, Inc. CVE-2022-28739 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 php [7.4.19-3] - fix password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31626 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 php [8.0.13-3] - fix password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31626 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [91.11.0-2.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.11.0-2] - Update to 91.11.0 build2 [91.11.0-1] - Update to 91.11.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-34481 CVE-2022-31744 CVE-2022-34468 CVE-2022-34479 CVE-2022-2200 CVE-2022-34484 CVE-2022-34472 CVE-2022-34470 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [91.11.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [91.11.0-2] - Update to 91.11.0 build2 [91.11.0-1] - Update to 91.11.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-34484 CVE-2022-34472 CVE-2022-34470 CVE-2022-34479 CVE-2022-2200 CVE-2022-34468 CVE-2022-2226 CVE-2022-34481 CVE-2022-31744 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [91.11.0-2.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Enabled aarch64 build [91.11.0-2] - Update to 91.11.0 build2 [91.11.0-1] - Update to 91.11.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-34472 CVE-2022-34470 CVE-2022-2200 CVE-2022-34479 CVE-2022-34468 CVE-2022-31744 CVE-2022-34481 CVE-2022-34484 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [91.11.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [91.11.0-2] - Update to 91.11.0 build2 [91.11.0-1] - Update to 91.11.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-34481 CVE-2022-31744 CVE-2022-2226 CVE-2022-34484 CVE-2022-34479 CVE-2022-2200 CVE-2022-34468 CVE-2022-34472 CVE-2022-34470 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [91.11.0-2.0.1] - Replaced upstream package with oracle-indexhtml [Orabug: 33802044] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Removed Upstream references [91.11.0-2] - Update to 91.11.0 build2 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2200 CVE-2022-34481 CVE-2022-31744 CVE-2022-34479 CVE-2022-34472 CVE-2022-34468 CVE-2022-34484 CVE-2022-34470 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [91.11.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.11.0-2] - Update to 91.11.0 build2 [91.11.0-1] - Update to 91.11.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31744 CVE-2022-34479 CVE-2022-34484 CVE-2022-34468 CVE-2022-34481 CVE-2022-2226 CVE-2022-2200 CVE-2022-34472 CVE-2022-34470 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 squid [7:4.15-3.1] - Resolves: #2100782 - CVE-2021-46784 squid:4/squid: DoS when processing gopher server responses IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-46784 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 9 [7:5.2-1.1] - Resolves: #2100784 - CVE-2021-46784 squid: DoS when processing gopher server responses IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-46784 cpe:/a:oracle:linux:9::appstream Oracle Linux 7 [7:3.5.20-17.0.1] - Mutiple CVE fixes for squid [Orabug: 33146289] - Resolves: CVE-2021-28651 squid: Bug 5104: Memory leak in RFC 2169 response parsing (#778) - Resolves: CVE-2021-28652 squid: Bug 5106: Broken cache manager URL parsing (#788) - Resolves: CVE-2021-31806,31807,31808 squid: Handle more Range requests (#790) - Resolves: CVE-2021-33620 squid: Handle more partial responses (#791) [7:3.5.20-17.7] - Resolves: #2100778 - CVE-2021-46784 squid: DoS when processing gopher server responses [7:3.5.20-17.6] - Resolves: #1944256 - CVE-2020-25097 squid: improper input validation may allow a trusted client to perform HTTP Request Smuggling [7:3.5.20-17.5] - Resolves: #1890581 - Fix for CVE 2019-13345 breaks authentication in cachemgr.cgi [7:3.5.20-17.4] - Resolves: #1872349 - CVE-2020-24606 squid: Improper Input Validation could result in a DoS - Resolves: #1872327 - CVE-2020-15810 squid: HTTP Request Smuggling could result in cache poisoning - Resolves: #1872342 - CVE-2020-15811 squid: HTTP Request Splitting could result in cache poisoning [7:3.5.20-17.2] - Resolves: #1802516 - CVE-2020-8449 squid: Improper input validation issues in HTTP Request processing - Resolves: #1802515 - CVE-2020-8450 squid: Buffer overflow in a Squid acting as reverse-proxy - Resolves: #1853129 - CVE-2020-15049 squid: request smuggling and poisoning attack against the HTTP cache - Resolves: #1802517 - CVE-2019-12528 squid: Information Disclosure issue in FTP Gateway IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-46784 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [4.18.0-372.16.1.0.1_6.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-11.0.5 - debug: lockdown kgdb [Orabug: 34270802] {CVE-2022-21499} [4.18.0-372.16.1_6] - x86/platform/uv: Log gap hole end size (Frank Ramsay) [2084645 2074098] - x86/platform/uv: Update TSC sync state for UV5 (Frank Ramsay) [2084645 2074098] - x86/platform/uv: Update NMI Handler for UV5 (Frank Ramsay) [2084645 2074098] - x86/platform/uv: Remove unused variable in UV5 NMI handler (Frank Ramsay) [2084645 2074098] - blk-mq: fix blk_mq_flush_plug_list (Ming Lei) [2096931 2088397] - sched/pelt: Fix attach_entity_load_avg() corner case (Phil Auld) [2096305 2056383] [4.18.0-372.15.1_6] - perf: Fix sys_perf_event_open() race against self (Michael Petlan) [2087948 2087949] {CVE-2022-1729} - vmxnet3: fix minimum vectors alloc issue (Kamal Heib) [2094473 2093242] - gfs2: Stop using glock holder auto-demotion for now (Andreas Gruenbacher) [2092073 2054855] - gfs2: buffered write prefaulting (Andreas Gruenbacher) [2092073 2054855] - gfs2: Align read and write chunks to the page cache (Andreas Gruenbacher) [2092073 2054855] - gfs2: Pull return value test out of should_fault_in_pages (Andreas Gruenbacher) [2092073 2054855] - gfs2: Clean up use of fault_in_iov_iter_{read,write}able (Andreas Gruenbacher) [2092073 2054855] - gfs2: Variable rename (Andreas Gruenbacher) [2092073 2054855] - gfs2: Fix filesystem block deallocation for short writes (Andreas Gruenbacher) [2092073 2054855] - iomap: iomap_write_end cleanup (Andreas Gruenbacher) [2092073 2054855] - iomap: iomap_write_failed fix (Andreas Gruenbacher) [2092073 2054855] - gfs2: Don't re-check for write past EOF unnecessarily (Andreas Gruenbacher) [2092073 2054855] - gfs2: No short reads or writes upon glock contention (Andreas Gruenbacher) [2092073 2054855] - fs/iomap: Fix buffered write page prefaulting (Andreas Gruenbacher) [2092073 2054855] - generic_perform_write()/iomap_write_actor(): saner logics for short copy (Andreas Gruenbacher) [2092073 2054855] - iomap: Convert iomap_write_end types (Andreas Gruenbacher) [2092073 2054855] - gfs2: Make sure not to return short direct writes (Andreas Gruenbacher) [2092073 2054855] - gfs2: Remove dead code in gfs2_file_read_iter (Andreas Gruenbacher) [2092073 2054855] - gfs2: Fix gfs2_file_buffered_write endless loop workaround (Andreas Gruenbacher) [2092073 2054855] - gfs2: Minor retry logic cleanup (Andreas Gruenbacher) [2092073 2054855] - gfs2: Disable page faults during lockless buffered reads (Andreas Gruenbacher) [2092073 2054855] - gfs2: Fix should_fault_in_pages() logic (Andreas Gruenbacher) [2092073 2054855] - mm: gup: make fault_in_safe_writeable() use fixup_user_fault() (Andreas Gruenbacher) [2092073 2054855] - gfs2: Initialize gh_error in gfs2_glock_nq (Andreas Gruenbacher) [2092073 2054855] - gfs2: Switch lock order of inode and iopen glock (Andreas Gruenbacher) [2092073 2054855] - gfs2: cancel timed-out glock requests (Andreas Gruenbacher) [2092073 2054855] - gfs2: Expect -EBUSY after canceling dlm locking requests (Andreas Gruenbacher) [2092073 2054855] - gfs2: gfs2_setattr_size error path fix (Andreas Gruenbacher) [2092073 2054855] - gfs2: assign rgrp glock before compute_bitstructs (Bob Peterson) [2092073 2054855] - net: openvswitch: don't send internal clone attribute to the userspace. (Antoine Tenart) [2097796 2085509] [4.18.0-372.14.1_6] - scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (Chris Leech) [2091078 2086970] - scsi: core: sysfs: Fix hang when device state is set via sysfs (Chris Leech) [2091078 2086970] - net/sched: act_ct: fix ref leak when switching zones (Marcelo Ricardo Leitner) [2066356 2014027] - net/sched: act_ct: Fix flow table lookup after ct clear or switching zones (Marcelo Ricardo Leitner) [2066356 2014027] - drm/i915: Stop force enabling pipe bottom color gammma/csc (Foggy Liu) [2083384 2054487] - gfs2: Fix gfs2_release for non-writers regression (Bob Peterson) [2092074 1955591] - gfs2: gfs2_create_inode rework (Andreas Gruenbacher) [2092074 1955591] - gfs2: gfs2_inode_lookup rework (Andreas Gruenbacher) [2092074 1955591] - gfs2: gfs2_inode_lookup cleanup (Andreas Gruenbacher) [2092074 1955591] - gfs2: Fix remote demote of weak glock holders (Andreas Gruenbacher) [2092074 1955591] - gfs2: Fix glock_hash_walk bugs (Andreas Gruenbacher) [2092074 1955591] - gfs2: Cancel remote delete work asynchronously (Bob Peterson) [2092074 1955591] - gfs2: set glock object after nq (Bob Peterson) [2092074 1955591] - gfs2: remove RDF_UPTODATE flag (Bob Peterson) [2092074 1955591] - gfs2: Eliminate GIF_INVALID flag (Bob Peterson) [2092074 1955591] - gfs2: Fix atomic bug in gfs2_instantiate (Andreas Gruenbacher) [2092074 1955591] - gfs2: fix GL_SKIP node_scope problems (Bob Peterson) [2092074 1955591] - gfs2: Add some flags missing from glock output (Bob Peterson) [2092074 1955591] - gfs2: split glock instantiation off from do_promote (Bob Peterson) [2092074 1955591] - gfs2: further simplify do_promote (Bob Peterson) [2092074 1955591] - gfs2: re-factor function do_promote (Bob Peterson) [2092074 1955591] - gfs2: Remove 'first' trace_gfs2_promote argument (Andreas Gruenbacher) [2092074 1955591] - gfs2: change go_lock to go_instantiate (Bob Peterson) [2092074 1955591] - gfs2: Switch some BUG_ON to GLOCK_BUG_ON for debug (Bob Peterson) [2092074 1955591] - gfs2: move GL_SKIP check from glops to do_promote (Bob Peterson) [2092074 1955591] - gfs2: Add GL_SKIP holder flag to dump_holder (Bob Peterson) [2092074 1955591] - gfs2: remove redundant check in gfs2_rgrp_go_lock (Bob Peterson) [2092074 1955591] - gfs2: Fix mmap + page fault deadlocks for direct I/O (Andreas Gruenbacher) [2092074 1955591] - iov_iter: Introduce ITER_IOVEC_FLAG_NOFAULT flag to disable page faults (Andreas Gruenbacher) [2092074 1955591] - gup: Introduce FOLL_NOFAULT flag to disable page faults (Andreas Gruenbacher) [2092074 1955591] - iomap: Add done_before argument to iomap_dio_rw (Andreas Gruenbacher) [2092074 1955591] - iomap: Support partial direct I/O on user copy failures (Andreas Gruenbacher) [2092074 1955591] - iomap: Fix iomap_dio_rw return value for user copies (Andreas Gruenbacher) [2092074 1955591] - iomap: support reading inline data from non-zero pos (Andreas Gruenbacher) [2092074 1955591] - gfs2: Only dereference i->iov when iter_is_iovec(i) (Andreas Gruenbacher) [2092074 1955591] - gfs2: Prevent endless loops in gfs2_file_buffered_write (Andreas Gruenbacher) [2092074 1955591] - gfs2: Fix mmap + page fault deadlocks for buffered I/O (Andreas Gruenbacher) [2092074 1955591] - gfs2: Eliminate ip->i_gh (Andreas Gruenbacher) [2092074 1955591] - gfs2: Move the inode glock locking to gfs2_file_buffered_write (Andreas Gruenbacher) [2092074 1955591] - gfs2: Fix 'Introduce flag for glock holder auto-demotion' (Andreas Gruenbacher) [2092074 1955591] - gfs2: Introduce flag for glock holder auto-demotion (Bob Peterson) [2092074 1955591] - gfs2: fix scheduling while atomic bug in glocks (Bob Peterson) [2092074 1955591] - gfs2: Clean up function may_grant (Andreas Gruenbacher) [2092074 1955591] - gfs2: Add wrapper for iomap_file_buffered_write (Andreas Gruenbacher) [2092074 1955591] - iov_iter: Introduce fault_in_iov_iter_writeable (Andreas Gruenbacher) [2092074 1955591] - iov_iter: Turn iov_iter_fault_in_readable into fault_in_iov_iter_readable (Andreas Gruenbacher) [2092074 1955591] - gup: Turn fault_in_pages_{readable,writeable} into fault_in_{readable,writeable} (Andreas Gruenbacher) [2092074 1955591] - powerpc/signal64: Don't opencode page prefaulting (Andreas Gruenbacher) [2092074 1955591] - sanitize iov_iter_fault_in_readable() (Andreas Gruenbacher) [2092074 1955591] - [xarray] iov_iter_fault_in_readable() should do nothing in xarray case (Andreas Gruenbacher) [2092074 1955591] - powerpc/kvm: Fix kvm_use_magic_page (Andreas Gruenbacher) [2092074 1955591] - iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value (Andreas Gruenbacher) [2092074 1955591] - gfs2: Fix length of holes reported at end-of-file (Andreas Gruenbacher) [2092074 1955591] - gfs2: Remove redundant check from gfs2_glock_dq (Bob Peterson) [2092074 1955591] - gfs2: release iopen glock early in evict (Bob Peterson) [2092074 1955591] - mm: change fault_in_pages_* to have an unsigned size parameter (Andreas Gruenbacher) [2092074 1955591] - gfs2: Eliminate vestigial HIF_FIRST (Bob Peterson) [2092074 1955591] - iomap: remove the iomap arguments to ->page_{prepare,done} (Andreas Gruenbacher) [2092074 1955591] - md: Set MD_BROKEN for RAID1 and RAID10 (Nigel Croxon) [2075075 2048954] - raid5: introduce MD_BROKEN (Nigel Croxon) [2075075 2048954] - drm/i915/ehl: Remove require_force_probe protection (Michel Danzer) [2075567 2048674] - genirq: Use rcu in kstat_irqs_usr() (Waiman Long) [2083308 2068445] - dm integrity: fix memory corruption when tag_size is less than digest size (Benjamin Marzinski) [2082184 2081775] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1729 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1:11.0.16.0.8-1] - Update to jdk-11.0.16+8 - Update release notes to 11.0.16+8 - Use same tarball naming style as java-17-openjdk and java-latest-openjdk - Drop JDK-8257794 patch now upstreamed - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Use 'git apply' with patches in the tarball script to allow binary diffs - Include script to generate bug list for release notes - Update tzdata requirement to 2022a to match JDK-8283350 - Make use of the vendor version string to store our version & release rather than an upstream release date - Explicitly require crypto-policies during build and runtime for system security properties - Rebase FIPS patches from fips branch and simplify by using a single patch from that repository - * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage - * RH2090378: Revert to disabling system security properties and FIPS mode support together - Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch - Enable system security properties in the RPM (now disabled by default in the FIPS repo) - Improve security properties test to check both enabled and disabled behaviour - Run security properties test with property debugging on - Resolves: rhbz#2106514 - Resolves: rhbz#2099917 - Resolves: rhbz#2108248 - Resolves: rhbz#2084649 [1:11.0.16.0.8-1] - Add additional patch during tarball generation to align tests with ECC changes - Related: rhbz#2084649 [1:11.0.16.0.8-1] - RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode - Resolves: rhbz#2108251 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21541 CVE-2022-21540 CVE-2022-34169 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 7 [1:11.0.16.0.8-1.0.1] - link atomic for ix86 build [1:11.0.16.0.8-1] - Update to jdk-11.0.16+8 - Update release notes to 11.0.16+8 - Use same tarball naming style as java-17-openjdk and java-latest-openjdk - Drop JDK-8284920 patch now upstreamed - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Use 'git apply' with patches in the tarball script to allow binary diffs - Include script to generate bug list for release notes - Update tzdata requirement to 2022a to match JDK-8283350 - Make use of the vendor version string to store our version & release rather than an upstream release date - Explicitly require crypto-policies during build and runtime for system security properties - Resolves: rhbz#2106510 [1:11.0.16.0.8-1] - Add additional patch during tarball generation to align tests with ECC changes - Related: rhbz#2106510 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21540 CVE-2022-34169 CVE-2022-21541 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [1:11.0.16.0.8-1.0.1] - Replace upstream references [Orabug: 34340155] [1:11.0.16.0.8-1] - Update to jdk-11.0.16+8 - Update release notes to 11.0.16+8 - Use same tarball naming style as java-17-openjdk and java-latest-openjdk - Drop JDK-8257794 patch now upstreamed - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Use 'git apply' with patches in the tarball script to allow binary diffs - Include script to generate bug list for release notes - Update tzdata requirement to 2022a to match JDK-8283350 - Make use of the vendor version string to store our version & release rather than an upstream release date - Explicitly require crypto-policies during build and runtime for system security properties - Rebase FIPS patches from fips branch and simplify by using a single patch from that repository - * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage - * RH2090378: Revert to disabling system security properties and FIPS mode support together - Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch - Enable system security properties in the RPM (now disabled by default in the FIPS repo) - Improve security properties test to check both enabled and disabled behaviour - Run security properties test with property debugging on - Resolves: rhbz#2106516 - Resolves: rhbz#2099915 - Resolves: rhbz#2107868 [1:11.0.16.0.8-1] - Add additional patch during tarball generation to align tests with ECC changes - Related: rhbz#2106516 [1:11.0.16.0.8-1] - RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode - Resolves: rhbz#2107866 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-34169 CVE-2022-21541 CVE-2022-21540 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 [1:1.8.0.342.b07-1] - Update to shenandoah-jdk8u342-b07 - Update release notes for shenandoah-8u342-b07. - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Use 'git apply' with patches in the tarball script to allow binary diffs - Remove redundant 'REPOS' variable from tarball script - Include script to generate bug list for release notes - Update tzdata requirement to 2022a to match JDK-8283350 - Rebase FIPS patches from fips branch and simplify by using a single patch from that repository - * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage - * RH2090378: Revert to disabling system security properties and FIPS mode support together - Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch - Perform configuration changes (e.g. nss.cfg, nss.fips.cfg, tzdb.dat) in installjdk - Enable system security properties in the RPM (now disabled by default in the FIPS repo) - Improve security properties test to check both enabled and disabled behaviour - Run security properties test with property debugging on - Explicitly require crypto-policies during build and runtime for system security properties - Resolves: rhbz#2099911 - Resolves: rhbz#2108564 - Resolves: rhbz#2084648 - Resolves: rhbz#2106506 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21541 CVE-2022-21540 CVE-2022-34169 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 7 [1:1.8.0.342.b07-1] - Update to shenandoah-jdk8u342-b07 - Update release notes for shenandoah-8u342-b07. - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Use 'git apply' with patches in the tarball script to allow binary diffs - Remove redundant 'REPOS' variable from tarball script - Include script to generate bug list for release notes - Update tzdata requirement to 2022a to match JDK-8283350 - Rebase JDK-8186464 patch so it applies after JDK-8190753 - Resolves: rhbz#2106502 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21541 CVE-2022-21540 CVE-2022-34169 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [1.8.0.342.b07-1.0.1] - Replace upstream references [Orabug: 34340145] [1:1.8.0.342.b07-1] - Update to shenandoah-jdk8u342-b07 - Update release notes for shenandoah-8u342-b07. - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Use 'git apply' with patches in the tarball script to allow binary diffs - Remove redundant 'REPOS' variable from tarball script - Include script to generate bug list for release notes - Update tzdata requirement to 2022a to match JDK-8283350 - Rebase FIPS patches from fips branch and simplify by using a single patch from that repository - * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage - * RH2090378: Revert to disabling system security properties and FIPS mode support together - Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch - Perform configuration changes (e.g. nss.cfg, nss.fips.cfg, tzdb.dat) in installjdk - Enable system security properties in the RPM (now disabled by default in the FIPS repo) - Improve security properties test to check both enabled and disabled behaviour - Run security properties test with property debugging on - Explicitly require crypto-policies during build and runtime for system security properties - Resolves: rhbz#2099916 - Resolves: rhbz#2107958 - Resolves: rhbz#2084776 - Resolves: rhbz#2106508 [1:1.8.0.332.b09-2] - RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode - Resolves: rhbz#2107956 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21541 CVE-2022-21540 CVE-2022-34169 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [7.5.11-5] - resolve CVE-2022-31107 grafana: OAuth account takeover IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31107 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [7.5.11-3] - resolve CVE-2022-31107 grafana: OAuth account takeover IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31107 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1:17.0.4.0.8-0.2.ea] - Add rpminspect.yaml to turn off Java bytecode inspections - java-17-openjdk deliberately produces Java 17 bytecode, not the default Java 11 bytecode - Resolves: rhbz#2109106 [1:17.0.4.0.8-0.2.ea] - Revert the following changes until copy-java-configs has adapted to relative symlinks: - * Move cacerts replacement to install section and retain original of this and tzdb.dat - * Run tests on the installed image, rather than the build image - * Introduce variables to refer to the static library installation directories - * Use relative symlinks so they work within the image - * Run debug symbols check during build stage, before the install strips them - The move of turning on system security properties is retained so we don't ship with them off - Related: rhbz#2084650 [1:17.0.4.0.8-0.2.ea] - Returned absolute symlinks - Relative symlinks are breaking cjc, and deeper investigations are necessary -- why cjc intentionally skips relative symllinks - Images have to be workarounded differently - Related: rhbz#2084650 [1:17.0.4.0.8-1] - Update to jdk-17.0.4.0+8 - Update release notes to 17.0.4.0+8 - Need to include the '.S' suffix in debuginfo checks after JDK-8284661 - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Include script to generate bug list for release notes - Update tzdata requirement to 2022a to match JDK-8283350 - Move EA designator check to prep so failures can be caught earlier - Make EA designator check non-fatal while upstream is not maintaining it - Explicitly require crypto-policies during build and runtime for system security properties - Make use of the vendor version string to store our version & release rather than an upstream release date - Include a test in the RPM to check the build has the correct vendor information. - Rebase FIPS patches from fips-17u branch and simplify by using a single patch from that repository - * RH2094027: SunEC runtime permission for FIPS - * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage - * RH2090378: Revert to disabling system security properties and FIPS mode support together - Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch - Enable system security properties in the RPM (now disabled by default in the FIPS repo) - Improve security properties test to check both enabled and disabled behaviour - Run security properties test with property debugging on - Turn on system security properties as part of the build's install section - Move cacerts replacement to install section and retain original of this and tzdb.dat - Run tests on the installed image, rather than the build image - Introduce variables to refer to the static library installation directories - Use relative symlinks so they work within the image - Run debug symbols check during build stage, before the install strips them - Resolves: rhbz#2084650 - Resolves: rhbz#2099913 - Resolves: rhbz#2108206 - Resolves: rhbz#2108209 - Resolves: rhbz#2106521 [1:17.0.4.0.1-0.2.ea] - Fix issue where CheckVendor.java test erroneously passes when it should fail. - Add proper quoting so '&' is not treated as a special character by the shell. - Related: rhbz#2084650 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21541 CVE-2022-21549 CVE-2022-21540 CVE-2022-34169 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [1:17.0.4.0.8-0.2.ea] - Revert the following changes until copy-java-configs has adapted to relative symlinks: - * Move cacerts replacement to install section and retain original of this and tzdb.dat - * Run tests on the installed image, rather than the build image - * Introduce variables to refer to the static library installation directories - * Use relative symlinks so they work within the image - * Run debug symbols check during build stage, before the install strips them - The move of turning on system security properties is retained so we don't ship with them off - Related: rhbz#2084779 [1:17.0.4.0.8-1] - Update to jdk-17.0.4.0+8 - Update release notes to 17.0.4.0+8 - Need to include the '.S' suffix in debuginfo checks after JDK-8284661 - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Include script to generate bug list for release notes - Update tzdata requirement to 2022a to match JDK-8283350 - Move EA designator check to prep so failures can be caught earlier - Make EA designator check non-fatal while upstream is not maintaining it - Explicitly require crypto-policies during build and runtime for system security properties - Make use of the vendor version string to store our version & release rather than an upstream release date - Include a test in the RPM to check the build has the correct vendor information. - Rebase FIPS patches from fips-17u branch and simplify by using a single patch from that repository - * RH2094027: SunEC runtime permission for FIPS - * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage - * RH2090378: Revert to disabling system security properties and FIPS mode support together - Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch - Enable system security properties in the RPM (now disabled by default in the FIPS repo) - Improve security properties test to check both enabled and disabled behaviour - Run security properties test with property debugging on - Turn on system security properties as part of the build's install section - Move cacerts replacement to install section and retain original of this and tzdb.dat - Run tests on the installed image, rather than the build image - Introduce variables to refer to the static library installation directories - Use relative symlinks so they work within the image - Run debug symbols check during build stage, before the install strips them - Resolves: rhbz#2084779 - Resolves: rhbz#2099919 - Resolves: rhbz#2107943 - Resolves: rhbz#2107941 - Resolves: rhbz#2106523 [1:17.0.4.0.1-0.2.ea] - Fix issue where CheckVendor.java test erroneously passes when it should fail. - Add proper quoting so '&' is not treated as a special character by the shell. - Related: rhbz#2084779 [1:17.0.3.0.7-2] - RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode - Resolves: rhbz#2105395 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-34169 CVE-2022-21541 CVE-2022-21549 CVE-2022-21540 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [91.12.0-2.0.1] - Removed Upstream references [91.12.0-1] - Update to 91.12.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-36318 CVE-2022-2505 CVE-2022-36319 cpe:/a:oracle:linux:9::appstream Oracle Linux 7 [91.12.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [91.12.0-1] - Update to 91.12.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-36318 CVE-2022-2505 CVE-2022-36319 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [91.12.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [91.12.0-1] - Update to 91.12.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2505 CVE-2022-36318 CVE-2022-36319 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 delve [1.7.2-1.0.1] - Disable DWARF compression which has issues (Alex Burmashev) [1.7.2-1] - Rebase to 1.7.2 - Related: rhbz#2014088 golang [1.17.12-1] - Update Go to version 1.17.12 - Resolves: rhbz#2109182 [1.17.10-2] - Clean up dist-git patches - Resolves: rhbz#2109173 go-toolset [1.17.12-1] - Update Go to version 1.17.12 - Resolves: rhbz#2109182 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1705 CVE-2022-32148 CVE-2022-30631 CVE-2022-30635 CVE-2022-30630 CVE-2022-30632 CVE-2022-30633 CVE-2022-28131 CVE-2022-1962 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [91.12.0-2.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Enabled aarch64 build [91.12.0-1] - Update to 91.12.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2505 CVE-2022-36318 CVE-2022-36319 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [91.12.0-2.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.12.0-1] - Update to 91.12.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-36318 CVE-2022-36319 CVE-2022-2505 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [91.12.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.12.0-1] - Update to 91.12.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-36318 CVE-2022-36319 CVE-2022-2505 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 ruby [2.5.9-110] - Fix FTBFS due to an incompatible load directive. - Fix a fiddle import test on an optimized glibc on Power 9. - Fix by adding length limit option for methods that parses date strings. Resolves: CVE-2021-41817 - CGI::Cookie.parse no longer decodes cookie names to prevent spoofing security prefixes in cookie names. Resolves: CVE-2021-41819 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-41819 CVE-2021-41817 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 9 golang [1.17.12-1] - Update Go to version 1.17.12 - Resolves: rhbz#2109183 [1.17.7-2] - Clean up dist-git patches - Resolves: rhbz#2109174 go-toolset [1.17.12-1] - Update Go to version 1.17.12 - Resolves: rhbz#2109183 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1962 CVE-2022-28131 CVE-2022-30631 CVE-2022-32148 CVE-2022-1705 CVE-2022-30633 CVE-2022-30630 CVE-2022-30632 CVE-2022-30635 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [10.32-3] - Resolves: CVE-2022-1586 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1586 cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ol8 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder_developer cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/o:oracle:linux:8:8:baseos_base cpe:/o:oracle:linux:8:9:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8:7:baseos_base cpe:/o:oracle:linux:8::baseos_developer cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [8.0.1763-19.0.1.4] - Remove upstream references [Orabug: 31197557] - Added glibc-gconv-extra to common requires to provide ISO-8859-2 [Orabug: 34114984] [2:8.0.1763-19.4] - fix issue reported by covscan [2:8.0.1763-19.3] - CVE-2022-1785 vim: Out-of-bounds Write - CVE-2022-1897 vim: out-of-bounds write in vim_regsub_both() in regexp.c - CVE-2022-1927 vim: buffer over-read in utf_ptr2char() in mbyte.c MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1785 CVE-2022-1927 CVE-2022-1897 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/o:oracle:linux:8:9:baseos_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/o:oracle:linux:8:8:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8:7:baseos_base cpe:/o:oracle:linux:8::baseos_developer Oracle Linux 8 [1:1.1.1k-7] - Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 - Update expired certificates used in the testsuite Resolves: rhbz#2100554 - Fix CVE-2022-1292: openssl: c_rehash script allows command injection Resolves: rhbz#2090371 - Fix CVE-2022-2068: the c_rehash script allows command injection Resolves: rhbz#2098278 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2097 CVE-2022-1292 CVE-2022-2068 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:7:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 Oracle Linux 8 [4.18.0-372.19.1.0.1_6.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-11.0.5 - debug: lockdown kgdb [Orabug: 34270802] {CVE-2022-21499} [4.18.0-372.19.1_6] - net/mlx5: CT: Fix header-rewrite re-use for tupels (Amir Tzin) [2104013 2101162] - net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (Amir Tzin) [2104012 2100474] - netfilter: flowtable: fix TCP flow teardown (Florian Westphal) [2104002 2088234] - netfilter: conntrack: annotate data-races around ct->timeout (Florian Westphal) [2104002 2088234] - netfilter: conntrack: initialize ct->timeout (Florian Westphal) [2104002 2088234] - net/sched: act_police: more accurate MTU policing (Davide Caratti) [2102333 2100893] - bpf: Fix request_sock leak in sk lookup helpers (Antoine Tenart) [2104670 2085313] [4.18.0-372.18.1_6] - redhat: flesh out rpminspect config file (Jarod Wilson) - powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (Steve Best) [2100150 2056080] - vdpa: mlx5: synchronize driver status with CVQ (Jason Wang) [2093416 2048009] - vdpa: mlx5: prevent cvq work from hogging CPU (Jason Wang) [2093416 2048009] - vdpa/mlx5: Avoid processing works if workqueue was destroyed (Cindy Lu) [2093416 2048009] - cifs: fix potential double free during failed mount (Ronnie Sahlberg) [2102251 2088799] [4.18.0-372.17.1_6] - tcp: drop the hash_32() part from the index calculation (Guillaume Nault) [2087130 2064876] {CVE-2022-1012} - tcp: increase source port perturb table to 2^16 (Guillaume Nault) [2087130 2064876] {CVE-2022-1012} - tcp: dynamically allocate the perturb table used by source ports (Guillaume Nault) [2087130 2064876] {CVE-2022-1012} - tcp: add small random increments to the source port (Guillaume Nault) [2087130 2064876] {CVE-2022-1012} - tcp: resalt the secret every 10 seconds (Guillaume Nault) [2087130 2064876] {CVE-2022-1012} - tcp: use different parts of the port_offset for index and offset (Guillaume Nault) [2087130 2064876] {CVE-2022-1012} - secure_seq: use the 64 bits of the siphash for port offset calculation (Guillaume Nault) [2087130 2064876] {CVE-2022-1012} - tcp: add some entropy in __inet_hash_connect() (Guillaume Nault) [2087130 2064876] {CVE-2022-1012} - tcp: change source port randomizarion at connect() time (Guillaume Nault) [2087130 2064876] {CVE-2022-1012} - hrtimer: Unbreak hrtimer_force_reprogram() (Fernando Pacheco) [2090484 2071776] - hrtimer: Use raw_cpu_ptr() in clock_was_set() (Fernando Pacheco) [2090484 2071776] - hrtimer: Avoid more SMP function calls in clock_was_set() (Fernando Pacheco) [2090484 2071776] - hrtimer: Avoid unnecessary SMP function calls in clock_was_set() (Fernando Pacheco) [2090484 2071776] - hrtimer: Add bases argument to clock_was_set() (Fernando Pacheco) [2090484 2071776] - time/timekeeping: Avoid invoking clock_was_set() twice (Fernando Pacheco) [2090484 2071776] - timekeeping: Distangle resume and clock-was-set events (Fernando Pacheco) [2090484 2071776] - timerfd: Provide timerfd_resume() (Fernando Pacheco) [2090484 2071776] - hrtimer: Force clock_was_set() handling for the HIGHRES=n, NOHZ=y case (Fernando Pacheco) [2090484 2071776] - hrtimer: Ensure timerfd notification for HIGHRES=n (Fernando Pacheco) [2090484 2071776] - hrtimer: Consolidate reprogramming code (Fernando Pacheco) [2090484 2071776] - hrtimer: Avoid double reprogramming in __hrtimer_start_range_ns() (Fernando Pacheco) [2090484 2071776] - hrtimer: Update softirq_expires_next correctly after __hrtimer_get_next_event() (Fernando Pacheco) [2090484 2071776] - hrtimer: Annotate lockless access to timer->state (Fernando Pacheco) [2090484 2071776] - mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rafael Aquini) [2100529 2067130] - lib/sbitmap: fix sb->map leak (Ming Lei) [2100254 2093549] - scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map() (Ewan D. Milne) [2100254 2071831] - lib/sbitmap: allocate sb->map via kvzalloc_node (Ewan D. Milne) [2100254 2071831] - mm: move kvmalloc-related functions to slab.h (Ewan D. Milne) [2100254 2071831] - scsi: core: Reallocate device's budget map on queue depth change (Ewan D. Milne) [2100254 2071831] - scsi: core: Fix scsi_device_max_queue_depth() (Ewan D. Milne) [2100254 2071831] - netfilter: nf_tables: disallow non-stateful expression in sets earlier (Phil Sutter) [2092986 2092987] {CVE-2022-32250} - audit: improve audit queue handling when 'audit=1' on cmdline (Richard Guy Briggs) [2095434 2035123] - audit: improve robustness of the audit queue handling (Richard Guy Briggs) [2095434 2035123] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-32250 CVE-2022-1012 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 libvirt [8.0.0-5.2.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] - Add runtime deps for pkg librbd1 >= 1:10.2.5 (Keshav Sharma) [8.0.0-5.2.el8] - cpu_map: Disable cpu64-rhel* for host-model and baseline (rhbz#2084030) - cputest: Drop some old artificial baseline tests (rhbz#2084030) - cputest: Give better names to baseline tests (rhbz#2084030) - cputest: Add some real world baseline tests (rhbz#2084030) - cpu_x86: Consolidate signature match in x86DecodeUseCandidate (rhbz#2084030) - cpu_x86: Refactor feature list comparison in x86DecodeUseCandidate (rhbz#2084030) - cpu_x86: Penalize disabled features when computing CPU model (rhbz#2084030) - cpu_x86: Ignore enabled features for input models in x86DecodeUseCandidate (rhbz#2084030) [8.0.0-5.1.el8] - conf: Introduce memory allocation threads (rhbz#2075569) - qemu_capabilities: Detect memory-backend-*.prealloc-threads property (rhbz#2075569) - qemu_validate: Validate prealloc threads against qemuCpas (rhbz#2075569) - qemu_command: Generate prealloc-threads property (rhbz#2075569) virt-v2v [1:1.42.0-19.0.1] - replaced upstream references [Orabug:34095529] [1:1.42.0-19] - If listing RPM applications fails, rebuild DB and retry resolves: rhbz#2093415 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-4207 CVE-2022-26354 CVE-2021-4206 CVE-2022-26353 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.4.3.28-7] - Bump version to 1.4.3.28-7 - Resolves: Bug 2081008 - CVE-2022-0996 389-ds:1.4/389-ds-base: expired password was still allowed to access the database - Resolves: Bug 2081014 - CVE-2022-0918 389-ds:1.4/389-ds-base: sending crafted message could result in DoS MODERATE Copyright 2022 Oracle, Inc. CVE-2022-0918 CVE-2022-0996 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 galera [26.4.11-1] - Rebase to 26.4.11 mariadb [3:10.5.16-2] - Release bump for rebuild [3:10.5.16-1] - Rebase to 10.5.16 [3:10.5.15-1] - Rebase to 10.5.15 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-46659 CVE-2022-27378 CVE-2022-27384 CVE-2022-27458 CVE-2022-27382 CVE-2022-27445 CVE-2022-27451 CVE-2022-27376 CVE-2022-27381 CVE-2021-46664 CVE-2022-27447 CVE-2022-31622 CVE-2021-46669 CVE-2022-27377 CVE-2021-46661 CVE-2022-27380 CVE-2022-27449 CVE-2021-46668 CVE-2022-31623 CVE-2022-27386 CVE-2022-27446 CVE-2022-27379 CVE-2022-27383 CVE-2022-27455 CVE-2022-24051 CVE-2022-27387 CVE-2022-24048 CVE-2022-24050 CVE-2022-27452 CVE-2022-27456 CVE-2022-24052 CVE-2021-46663 CVE-2021-46665 CVE-2022-27444 CVE-2022-27448 CVE-2022-27457 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 9 [8.0.13-2] - fix password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31626 cpe:/a:oracle:linux:9::appstream Oracle Linux 7 [1.20.4-18] - CVE fix for: CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070 Resolves: rhbz#2109031, rhbz#2109033 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2320 CVE-2022-2319 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [3.10.0-1160.76.1.0.1.OL7] [debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499} [3.10.0-1160.76.1.OL7] [Update Oracle Linux certificates (Ilya Okomin) [Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) [Update x509.genkey [Orabug: 24817676] [Conflict with shim-ia32 and shim-x64 <= 15-2.0.9 [Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin) [3.10.0-1160.76.1] [sfc: complete the next packet when we receive a timestamp (Inigo Huguet) [1793280] [3.10.0-1160.75.1] [xfs: fix up non-directory creation in SGID directories (Andrey Albershteyn) [2089360] [x86/speculation/mmio: Print SMT warning (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} [KVM: x86/speculation: Disable Fill buffer clear within guests (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} [x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} [x86/speculation/srbds: Update SRBDS mitigation selection (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} [x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} [cpu/speculation: Add prototype for cpu_show_srbds() (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} [x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} [x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} [x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} [x86/speculation: Add a common function for MD_CLEAR mitigation update (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} [x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} [Documentation: Add documentation for Processor MMIO Stale Data (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} [[s390] s390/zcrypt: use kvmalloc instead of kmalloc for 256k alloc (Mete Durlu) [2072970] [3.10.0-1160.74.1] [tracing: Fix bad use of igrab in trace_uprobe.c (Oleg Nesterov) [2096884] [3.10.0-1160.73.1] [qede: Reduce verbosity of ptp tx timestamp (Manish Chopra) [2080646] [RDMA/cma: Fix unbalanced cm_id reference count during address resolve (Kamal Heib) [2085425] [3.10.0-1160.72.1] [sched,perf: Fix periodic timers (Valentin Schneider) [2077346] [sched: debug: Remove the cfs bandwidth timer_active printout (Valentin Schneider) [2077346] [sched: Cleanup bandwidth timers (Valentin Schneider) [2077346] MODERATE Copyright 2022 Oracle, Inc. CVE-2022-21166 CVE-2022-21125 CVE-2022-21123 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [8.2.2637-16.0.1.3] - Remove upstream references [Orabug: 31197557] [2:8.2.2637-16.3] - CVE-2022-1785 vim: Out-of-bounds Write - CVE-2022-1897 vim: out-of-bounds write in vim_regsub_both() in regexp.c - CVE-2022-1927 vim: buffer over-read in utf_ptr2char() in mbyte.c MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 cpe:/o:oracle:linux:9:1:baseos_base cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 galera [26.4.11-1.0.1] - Requirement to delete garbd-wrapper script and lp1184034 test case without using patches. Patches from previous release have been deleted - Drop nmap-ncat requirement. [Orabug: 34116228] - Added galera-skip-lp1184034-testcase.patch - Added backport-removes-nmap-probing-in-garbd-wrapper.patch [26.4.11-1] - Rebase to 26.4.11 mariadb [3:10.5.16-2] - Release bump for rebuild [3:10.5.16-1] - Rebase to 10.5.16 [3:10.5.15-1] - Rebase to 10.5.15 mysql-selinux [1.0.5-1] - Rebase to 1.0.5 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-46663 CVE-2022-27387 CVE-2022-27458 CVE-2022-27455 CVE-2022-24048 CVE-2021-46659 CVE-2021-46661 CVE-2021-46664 CVE-2021-46668 CVE-2022-24051 CVE-2022-27377 CVE-2022-27378 CVE-2022-27444 CVE-2022-27376 CVE-2022-27381 CVE-2022-27447 CVE-2022-27452 CVE-2022-24052 CVE-2021-46669 CVE-2022-27456 CVE-2022-31622 CVE-2022-27382 CVE-2021-46665 CVE-2022-27379 CVE-2022-27380 CVE-2022-27383 CVE-2022-27384 CVE-2022-27445 CVE-2022-27448 CVE-2022-27449 CVE-2022-24050 CVE-2022-27386 CVE-2022-27446 CVE-2022-27451 CVE-2022-27457 CVE-2022-31623 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [5.14.0-70.22.1.0.1_0.OL9] [lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34290418] {CVE-2022-21499} [5.14.0-70.22.1_0.OL9] [Update Oracle Linux certificates (Kevin Lyons) [Disable signing for aarch64 (Ilya Okomin) [Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] [Update x509.genkey [Orabug: 24817676] [Conflict with shim-ia32 and shim-x64 < 15.3-1.0.4 [Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] [5.14.0-70.22.1_0] [PCI: vmd: Revert 2565e5b69c44 ('PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU.') (Myron Stowe) [2109974 2084146] [PCI: vmd: Assign VMD IRQ domain before enumeration (Myron Stowe) [2109974 2084146] [rhel config: Set DMAR_UNITS_SUPPORTED (Jerry Snitselaar) [2105326 2094984] [iommu/vt-d: Make DMAR_UNITS_SUPPORTED a config setting (Jerry Snitselaar) [2105326 2094984] [5.14.0-70.21.1_0] [ibmvnic: fix race between xmit and reset (Gustavo Walbon) [2103085 2061556] [scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (Chris Leech) [2098251 2095440] [scsi: core: sysfs: Fix hang when device state is set via sysfs (Chris Leech) [2098251 2095440] [5.14.0-70.20.1_0] [block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (Ming Lei) [2106024 2066297] {CVE-2022-0494} [ahci: Add a generic 'controller2' RAID id (Tomas Henzl) [2099740 2078880] [ahci: remove duplicated PCI device IDs (Tomas Henzl) [2099740 2042790] [gfs2: Stop using glock holder auto-demotion for now (Andreas Gruenbacher) [2097306 2082193] [gfs2: buffered write prefaulting (Andreas Gruenbacher) [2097306 2082193] [gfs2: Align read and write chunks to the page cache (Andreas Gruenbacher) [2097306 2082193] [gfs2: Pull return value test out of should_fault_in_pages (Andreas Gruenbacher) [2097306 2082193] [gfs2: Clean up use of fault_in_iov_iter_{read,write}able (Andreas Gruenbacher) [2097306 2082193] [gfs2: Variable rename (Andreas Gruenbacher) [2097306 2082193] [gfs2: Fix filesystem block deallocation for short writes (Andreas Gruenbacher) [2097306 2082193] [iomap: iomap_write_end cleanup (Andreas Gruenbacher) [2097306 2082193] [iomap: iomap_write_failed fix (Andreas Gruenbacher) [2097306 2082193] [gfs2: Don't re-check for write past EOF unnecessarily (Andreas Gruenbacher) [2097306 2082193] [gfs2: No short reads or writes upon glock contention (Andreas Gruenbacher) [2097306 2082193] [fs/iomap: Fix buffered write page prefaulting (Andreas Gruenbacher) [2097306 2082193] [gfs2: Make sure not to return short direct writes (Andreas Gruenbacher) [2097306 2082193] [gfs2: Remove dead code in gfs2_file_read_iter (Andreas Gruenbacher) [2097306 2082193] [gfs2: Fix gfs2_file_buffered_write endless loop workaround (Andreas Gruenbacher) [2097306 2082193] [gfs2: Minor retry logic cleanup (Andreas Gruenbacher) [2097306 2082193] [gfs2: Disable page faults during lockless buffered reads (Andreas Gruenbacher) [2097306 2082193] [gfs2: Fix should_fault_in_pages() logic (Andreas Gruenbacher) [2097306 2082193] [gfs2: Initialize gh_error in gfs2_glock_nq (Andreas Gruenbacher) [2097306 2082193] [gfs2: Make use of list_is_first (Andreas Gruenbacher) [2097306 2082193] [gfs2: Switch lock order of inode and iopen glock (Andreas Gruenbacher) [2097306 2082193] [gfs2: cancel timed-out glock requests (Andreas Gruenbacher) [2097306 2082193] [gfs2: Expect -EBUSY after canceling dlm locking requests (Andreas Gruenbacher) [2097306 2082193] [gfs2: gfs2_setattr_size error path fix (Andreas Gruenbacher) [2097306 2082193] [gfs2: assign rgrp glock before compute_bitstructs (Bob Peterson) [2097306 2082193] [5.14.0-70.19.1_0] [KVM: x86/mmu: make apf token non-zero to fix bug (Vitaly Kuznetsov) [2100903 2074832] [powerpc/64: Move paca allocation later in boot (Desnes A. Nunes do Rosario) [2092248 2055566] [powerpc: Set crashkernel offset to mid of RMA region (Desnes A. Nunes do Rosario) [2092248 2055566] [powerpc/64s/hash: Make hash faults work in NMI context (Desnes A. Nunes do Rosario) [2092253 2062762] [5.14.0-70.18.1_0] [NFSv4: Fix free of uninitialized nfs4_label on referral lookup. (Benjamin Coddington) [2101858 2086367] [NFSv4 only print the label when its queried (Benjamin Coddington) [2101854 2057327] [crypto: fips - make proc files report fips module name and version (Simo Sorce) [2093384 2080499] [net: sched: fix use-after-free in tc_new_tfilter() (Ivan Vecera) [2071707 2090410] {CVE-2022-1055} MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1055 CVE-2022-0494 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [6.0.108-1.0.1] - Add missing Oracle RIDs - Build all packages on source-build even when in servicing [6.0.108-1] - Update to .NET SDK 6.0.108 and Runtime 6.0.8 - Resolves: RHBZ#2112413 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-34716 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 [3.1.422-1.0.1] - Add missing Oracle Linux Runtime IDs [3.1.422-1] - Update to .NET SDK 3.1.422 and Runtime 3.1.28 - Resolves: RHBZ#2115351 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-34716 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [6.0.108-1.0.1] - Add missing Oracle RIDs [6.0.108-1] - Update to .NET SDK 6.0.108 and Runtime 6.0.8 - Resolves: RHBZ#2112412 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-34716 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [7.76.1-14.el9_0.5] - fix unpreserved file permissions (CVE-2022-32207) - fix HTTP compression denial of service (CVE-2022-32206) - fix FTP-KRB bad message verification (CVE-2022-32208) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-32208 CVE-2022-32207 CVE-2022-32206 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 php [7.4.19-4] - fix uninitialized array in pg_query_params() leading to RCE CVE-2022-31625 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-31625 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [7.61.1-22.el8_6.4] - fix HTTP compression denial of service (CVE-2022-32206) - fix FTP-KRB bad message verification (CVE-2022-32208) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-32206 CVE-2022-32208 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest Oracle Linux 7 [219-78.0.9.el7_9.7] - Core: explicitly trigger changing udev systemd_wants property [Orabug: 31858125] - Disable unprivileged BPF by default [Orabug: 32871008] - Resolve missing installation files for systemd-pstore [Orabug 32497787] - Change to have file tmpfiles.d/systemd-pstore.conf installed on upon initial installation, not on rpm update. [Orabug 31414539] - Backport upstream patches related to private-tmp (Sushmita Bhattacharya) [Orabug: 31561883] - backport upstream pstore tmpfiles patch (Eric DeVolder) [Orabug: 31414539] - udev rules: fix memory hot add and remove [Orabug: 31309730] - enable and start the pstore service [Orabug: 30950903] - fix to generate the systemd-pstore.service file [Orabug: 30235241] - Backport upstream patches for the new systemd-pstore tool [Orabug: 30235241] - do not create utmp update symlinks for reboot and poweroff [Orabug: 27854896] - OL7 udev rule for virtio net standby interface [Orabug: 28826743] - fix _netdev is missing for iscsi entry in /etc/fstab [Orabug: 25897792] (tony.l.lam@oracle.com) - set 'RemoveIPC=no' in logind.conf as default for OL7.2 [22224874] - allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] - add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475] - daemon reload race fix [Orabug: 34205619] [219-78.7] - resolve: introduce reference counting on DnsStream (#2110544) [219-78.6] - resolved: pin stream while calling callbacks for it (#2110544) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2526 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [91.13.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [91.13.0-1] - Update to 91.13.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-38472 CVE-2022-38477 CVE-2022-38476 CVE-2022-38478 CVE-2022-38473 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [91.13.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.13.0-1] - Update to 91.13.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-38473 CVE-2022-38478 CVE-2022-38472 CVE-2022-38476 CVE-2022-38477 cpe:/a:oracle:linux:9::appstream Oracle Linux 7 [91.13.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [91.13.0-1] - Update to 91.13.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-38472 CVE-2022-38473 CVE-2022-38477 CVE-2022-38478 CVE-2022-38476 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [3.1.2-11] - Resolves: #2111170 - remote arbitrary files write inside the directories of connecting peers IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29154 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [91.13.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.13.0-1] - Update to 91.13.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-38478 CVE-2022-38472 CVE-2022-38476 CVE-2022-38473 CVE-2022-38477 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [91.13.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.13.0-1] - Update to 91.13.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-38477 CVE-2022-38472 CVE-2022-38476 CVE-2022-38473 CVE-2022-38478 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [91.13.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Enabled aarch64 build [91.13.0-1] - Update to 91.13.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-38473 CVE-2022-38476 CVE-2022-38477 CVE-2022-38478 CVE-2022-38472 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [3.1.3-14.3] - Resolves: #2111174 - remote arbitrary files write inside the directories of connecting peers IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29154 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest Oracle Linux 9 [3.2.3-9.2] - Resolves: #2111176 - remote arbitrary files write inside the directories of connecting peers IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29154 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 [239-58.0.1.4] - Disable unprivileged BPF by default [Orabug: 32870980] - backport upstream pstore tmpfiles patch [Orabug: 31420486] - udev rules: fix memory hot add and remove [Orabug: 31310273] - fix to enable systemd-pstore.service [Orabug: 30951066] - journal: change support URL shown in the catalog entries [Orabug: 30853009] - fix to generate systemd-pstore.service file [Orabug: 30230056] - fix _netdev is missing for iscsi entry in /etc/fstab (tony.l.lam@oracle.com) [Orabug: 25897792] - set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874] - allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] - add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475] - Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056] [239-58.4] - resolved: pin stream while calling callbacks for it (#2110548) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2526 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest Oracle Linux 9 [3.0.1-41.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-41] - Zeroize public keys as required by FIPS 140-3 Resolves: rhbz#2115861 - Add FIPS indicator for HKDF Resolves: rhbz#2118388 [1:3.0.1-40] - Deal with DH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2115856 - Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2115857 - Use signature for RSA pairwise test according FIPS-140-3 requirements Related: rhbz#2115858 - Reseed all the parent DRBGs in chain on reseeding a DRBG Related: rhbz#2115859 - Zeroization according to FIPS-140-3 requirements Related: rhbz#2115861 [1:3.0.1-39] - Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test - Use Use digest_sign & digest_verify in FIPS signature self test - Use FFDHE2048 in Diffie-Hellman FIPS self-test Resolves: rhbz#2112978 [1:3.0.1-38] - Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously initialized. Resolves: rhbz#2107530 - Improve AES-GCM performance on Power9 and Power10 ppc64le Resolves: rhbz#2103044 - Improve ChaCha20 performance on Power10 ppc64le Resolves: rhbz#2103044 [1:3.0.1-37] - CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 [1:3.0.1-36] - Ciphersuites with RSAPSK KX should be filterd in FIPS mode - Related: rhbz#2091994 - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available if key length is enough - Related: rhbz#2091977 - Improve diagnostics when passing unsupported groups in TLS - Related: rhbz#2086554 - Fix PPC64 Montgomery multiplication bug - Related: rhbz#2101346 - Strict certificates validation shouldn't allow explicit EC parameters - Related: rhbz#2085521 - CVE-2022-2068: the c_rehash script allows command injection - Related: rhbz#2098276 [1:3.0.1-35] - Add explicit indicators for signatures in FIPS mode and mark signature primitives as unapproved. Resolves: rhbz#2087234 [1:3.0.1-34] - Some OpenSSL test certificates are expired, updating - Resolves: rhbz#2095696 [1:3.0.1-33] - CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory - Resolves: rhbz#2089443 - CVE-2022-1343 openssl: Signer certificate verification returned inaccurate response when using OCSP_NOCHECKS - Resolves: rhbz#2089439 - CVE-2022-1292 openssl: c_rehash script allows command injection - Resolves: rhbz#2090361 - Revert 'Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode' Related: rhbz#2087234 - Use KAT for ECDSA signature tests, s390 arch - Resolves: rhbz#2086866 [1:3.0.1-32] - openssl ecparam -list_curves lists only FIPS-approved curves in FIPS mode - Resolves: rhbz#2091929 - Ciphersuites with RSA KX should be filterd in FIPS mode - Related: rhbz#2091994 - In FIPS mode, signature verification works with keys of arbitrary size above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys below 2048 bits - Resolves: rhbz#2091938 [1:3.0.1-31] - Disable SHA-1 signature verification in FIPS mode - Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode Resolves: rhbz#2087234 [1:3.0.1-30] - Use KAT for ECDSA signature tests - Resolves: rhbz#2086866 [1:3.0.1-29] - -config argument of openssl app should work properly in FIPS mode - Resolves: rhbz#2085500 - openssl req defaults on PKCS#8 encryption changed to AES-256-CBC - Resolves: rhbz#2085499 [1:3.0.1-28] - OpenSSL should not accept custom elliptic curve parameters - Resolves rhbz#2085508 - OpenSSL should not accept explicit curve parameters in FIPS mode - Resolves rhbz#2085521 [1:3.0.1-27] - Change FIPS module version to include hash of specfile, patches and sources Resolves: rhbz#2082585 [1:3.0.1-26] - OpenSSL FIPS module should not build in non-approved algorithms Resolves: rhbz#2082584 [1:3.0.1-25] - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available - Resolves: rhbz#2053289 [1:3.0.1-24] - Fix occasional internal error in TLS when DHE is used Resolves: rhbz#2080323 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1473 CVE-2022-1343 CVE-2022-2068 CVE-2022-2097 CVE-2022-1292 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 [11.3.5-1.0.1.el8_6.1] - Fix spaces in vmware udev rule for scsi devices [Orabug: 24461968] - Fix vmware udev rule in 99-vmware-scsi-timeout.rules file. [Orabug: 22815019] - Increase timeout for scsi devices on VMWare guests by adding a udev rule. [Orabug: 21819156] [11.3.5-1.el8_6.1] - ovt-Properly-check-authorization-on-incoming-guestOps-re.patch [bz#2119283] - Resolves: bz#2119283 (CVE-2022-31676 open-vm-tools: local root privilege escalation in the virtual machine [rhel-8.6.0.z]) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31676 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [11.3.5-1.0.1.el9_0.1] - Fix spaces in vmware udev rule for scsi devices [Orabug: 24461968] - Fix vmware udev rule in 99-vmware-scsi-timeout.rules file. [Orabug: 22815019] - Increase timeout for scsi devices on VMWare guests by adding a udev rule. [Orabug: 21819156] [11.3.5-1.el9_0.1] - ovt-Properly-check-authorization-on-incoming-guestOps-re.patch [bz#2119285] - Resolves: bz#2119285 (CVE-2022-31676 open-vm-tools: local root privilege escalation in the virtual machine [rhel-9.0.0.z]) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31676 cpe:/a:oracle:linux:9::appstream Oracle Linux 7 [11.0.5-3.0.1] - fix spaces in vmware udev rule for scsi devices [Orabug: 24461968] - Fix vmware udev rule in 99-vmware-scsi-timeout.rules file. [Orabug: 22815019] - Increase timeout for scsi devices on VMWare guests by adding a udev rule. - Created a new file 99-vmware-scsi-timeout.rules - Modified spec file to install this new file. [Orabug: 21819156] [11.0.5-3.el7_9.4] - ovt-Properly-check-authorization-on-incoming-guestOps-re.patch [bz#2119310] - Resolves: bz#2119310 (CVE-2022-31676 open-vm-tools: local root privilege escalation in the virtual machine [rhel-7.9.z]) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31676 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 galera [25.3.35-1] - Rebase to 25.3.35 mariadb [3:10.3.35-1] - Rebase to 10.3.35 [3:10.3.34-1] - Rebase to 10.3.34 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-27376 CVE-2022-27378 CVE-2022-32085 CVE-2021-46661 CVE-2022-27387 CVE-2022-27456 CVE-2022-27381 CVE-2022-27458 CVE-2022-27384 CVE-2022-27386 CVE-2022-27445 CVE-2022-31623 CVE-2022-32088 CVE-2021-46659 CVE-2022-24050 CVE-2022-21427 CVE-2022-24052 CVE-2021-46669 CVE-2022-24048 CVE-2022-27448 CVE-2022-24051 CVE-2022-27447 CVE-2022-27377 CVE-2022-32087 CVE-2021-46663 CVE-2021-46664 CVE-2022-27383 CVE-2022-32083 CVE-2022-27379 CVE-2022-27380 CVE-2022-27449 CVE-2022-31622 CVE-2021-46665 CVE-2021-46668 CVE-2022-27452 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:linux:8::codeready_builder_developer Oracle Linux 8 ruby [2.7.6-138] - Upgrade to Ruby 2.7.6. Resolves: rhbz#2109424 - Fix FTBFS due to an incompatible load directive. Related: rhbz#2109424 - Fix a fiddle import test on an optimized glibc on Power 9. Related: rhbz#2109424 - Fix regular Expression Denial of Service Vulnerability of Date Parsing Methods. Resolves: CVE-2021-41817 - Fix cookie prefix spoofing in CGI::Cookie.parse. Resolves: CVE-2021-41819 - Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-28739 CVE-2021-41819 CVE-2021-41817 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 nodejs [1:14.20.0-2] - Replace with_* macros with RPM confitionals - Unify configure calls into single command - Refactor bootstrap-related parts - Decouple dependency bundling from bootstrapping - Resolves: RHBZ#2111417 [1:14.20.0-1] - Rebase to latest version - Resolves: RHBZ#2106367 - CVE fixes for CVE-2022-32212/3/4/5 - Resolves: #2109576, #2109579, #2109582, #2109585 [1:14.18.2-3] - Resolves: RHBZ#2029519 - Add missing BZ to changelog nodejs-nodemon [2.0.19-2] - Switched from autosetup - Removed CODE_OF_CONDUCT.md and faq.md which is not present in npmjs package, might switch to GH sources in the future - Resolves: RHBZ#2109919 [2.0.19-1] - Rebase to 2.0.19 - Resolves CVE-2022-33987 - Resolves: RHBZ#2109919 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-32213 CVE-2022-32212 CVE-2022-33987 CVE-2022-32215 CVE-2022-32214 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 nodejs [1:16.16.0-3] - Fix build - Resolves: RHBZ#2111416 [1:16.16.0-2] - Refactor spec - Resolves: RHBZ#2111416 [1:16.16.0-1] - Rebase to latest version - Resolves: RHBZ#2106369 - CVE fixes for CVE-2022-32212/3/4/5 - Resolves: #2109578, #2109581, #2109584, #2109588 nodejs-nodemon [2.0.19-2] - Switched from autosetup - Removed CODE_OF_CONDUCT.md and faq.md which is not present in npmjs package, might switch to GH sources in the future - Resolves: RHBZ#2109921 [2.0.19-1] - Rebase to 2.0.19 - Resolves CVE-2022-33987 - Resolves: RHBZ#2109921 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-3807 CVE-2022-32213 CVE-2022-32212 CVE-2022-32214 CVE-2022-32215 CVE-2022-33987 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 ruby [3.0.4-141] - Upgrade to Ruby 3.0.4. Resolves: rhbz#2109431 Resolves: rhbz#2110981 - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 - Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-28739 CVE-2022-28738 CVE-2021-41817 CVE-2021-41819 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [3.6.8-47.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-47] - Security fix for CVE-2015-20107 Resolves: rhbz#2075390 [3.6.8-46] - Security fix for CVE-2022-0391: urlparse does not sanitize URLs containing ASCII newline and tabs - Fix the test suite support for Expat >= 2.4.5 Resolves: rhbz#2047376 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-0391 CVE-2015-20107 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [4.18.0-372.26.1.0.1_6.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-11.0.5 debug: lockdown kgdb [Orabug: 34270802] {CVE-2022-21499} [4.18.0-372.26.1_6] - drm/amd/display: Ignore First MST Sideband Message Return Error (Mika Penttila) [2109826 2089853] - ASoC: SOF: topology: read back control data from DSP (Jaroslav Kysela) [2117732 2065575] - ASoC: SOF: Drop ctrl_type parameter for snd_sof_ipc_set_get_comp_data() (Jaroslav Kysela) [2117732 2065575] - ASoC: SOF: control: Do not handle control notification with component type (Jaroslav Kysela) [2117732 2065575] - ASoC: SOF: sof-audio: Drop the cmd member from struct snd_sof_control (Jaroslav Kysela) [2117732 2065575] - ASoC: SOF: Drop ctrl_cmd parameter for snd_sof_ipc_set_get_comp_data() (Jaroslav Kysela) [2117732 2065575] - ASoC: SOF: topology: Set control_data->cmd alongside scontrol->cmd (Jaroslav Kysela) [2117732 2065575] - ASoC: SOF: Drop ipc_cmd parameter for snd_sof_ipc_set_get_comp_data() (Jaroslav Kysela) [2117732 2065575] - ASoC: SOF: ipc: Rename send parameter in snd_sof_ipc_set_get_comp_data() (Jaroslav Kysela) [2117732 2065575] - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (Vratislav Bendel) [2120776 2111491] - platform/x86/intel: Fix 'rmmod pmt_telemetry' panic (Prarit Bhargava) [2091079 2080426] - KVM: x86/mmu: make apf token non-zero to fix bug (Vitaly Kuznetsov) [2105340 2096201] - dommu/vt-d: Make DMAR_UNITS_SUPPORTED a config setting (Jerry Snitselaar) [2112983 2095498] [4.18.0-372.25.1_6] - redhat: add missing ybz numbers to changelog (Augusto Caringi) - block: limit request dispatch loop duration (Ming Lei) [2110772 2005082] - NLM: Defend against file_lock changes after vfs_test_lock() (Benjamin Coddington) [2102099 2094884] - x86/speculation/mmio: Print SMT warning (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} - KVM: x86/speculation: Disable Fill buffer clear within guests (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} - x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} - x86/speculation/srbds: Update SRBDS mitigation selection (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} - x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} - x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} - x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} - x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} - x86/speculation: Add a common function for MD_CLEAR mitigation update (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} - x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} - Documentation: Add documentation for Processor MMIO Stale Data (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} - x86/tsx: Disable TSX development mode at boot (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} - x86/tsx: Use MSR_TSX_CTRL to clear CPUID bits (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} - x86/tsx: Clear CPUID bits when TSX always force aborts (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} - cpu/speculation: Add prototype for cpu_show_srbds() (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} - x86/cpu: Move arch_smt_update() to a neutral place (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166} - ice: Ignore error message when setting same promiscuous mode (Petr Oros) [2118580 2100683] - ice: Fix clearing of promisc mode with bridge over bond (Petr Oros) [2118580 2100683] - ice: Ignore EEXIST when setting promisc mode (Petr Oros) [2118580 2100683] - ice: Fix double VLAN error when entering promisc mode (Petr Oros) [2118580 2100683] - ice: Fix promiscuous mode not turning off (Petr Oros) [2117026 2088787] - ice: Introduce enabling promiscuous mode on multiple VF's (Petr Oros) [2117026 2088787] - ice: do not setup vlan for loopback VSI (Petr Oros) [2118582 2103845] - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (Petr Oros) [2118582 2103845] - ice: Fix max VLANs available for VF (Petr Oros) [2118581 2112298] - ice: change devlink code to read NVM in blocks (Petr Oros) [2118583 2093904] - ice: Fix memory corruption in VF driver (Petr Oros) [2102359 2037937] - ice: Fix queue config fail handling (Petr Oros) [2102359 2037937] - ice: Sync VLAN filtering features for DVM (Petr Oros) [2102359 2037937] - ice: Fix PTP TX timestamp offset calculation (Petr Oros) [2102359 2037937] - ice: Fix interrupt moderation settings getting cleared (Petr Oros) [2102359 2037937] - ice: fix possible under reporting of ethtool Tx and Rx statistics (Petr Oros) [2102359 2037937] - ice: allow creating VFs for !CONFIG_NET_SWITCHDEV (Petr Oros) [2102359 2037937] - ice: add trace events for tx timestamps (Petr Oros) [2102359 2037937] - ice: fix return value check in ice_gnss.c (Petr Oros) [2102359 2037937] - ice: remove PF pointer from ice_check_vf_init (Petr Oros) [2102359 2037937] - ice: introduce ice_virtchnl.c and ice_virtchnl.h (Petr Oros) [2102359 2037937] - ice: cleanup long lines in ice_sriov.c (Petr Oros) [2102359 2037937] - ice: introduce ICE_VF_RESET_LOCK flag (Petr Oros) [2102359 2037937] - ice: introduce ICE_VF_RESET_NOTIFY flag (Petr Oros) [2102359 2037937] - ice: convert ice_reset_vf to take flags (Petr Oros) [2102359 2037937] - ice: convert ice_reset_vf to standard error codes (Petr Oros) [2102359 2037937] - ice: make ice_reset_all_vfs void (Petr Oros) [2102359 2037937] - ice: drop is_vflr parameter from ice_reset_all_vfs (Petr Oros) [2102359 2037937] - ice: move reset functionality into ice_vf_lib.c (Petr Oros) [2102359 2037937] - ice: fix a long line warning in ice_reset_vf (Petr Oros) [2102359 2037937] - ice: introduce VF operations structure for reset flows (Petr Oros) [2102359 2037937] - ice: fix incorrect dev_dbg print mistaking 'i' for vf->vf_id (Petr Oros) [2102359 2037937] - ice: introduce ice_vf_lib.c, ice_vf_lib.h, and ice_vf_lib_private.h (Petr Oros) [2102359 2037937] - ice: use ice_is_vf_trusted helper function (Petr Oros) [2102359 2037937] - ice: log an error message when eswitch fails to configure (Petr Oros) [2102359 2037937] - ice: cleanup error logging for ice_ena_vfs (Petr Oros) [2102359 2037937] - ice: move ice_set_vf_port_vlan near other .ndo ops (Petr Oros) [2102359 2037937] - ice: refactor spoofchk control code in ice_sriov.c (Petr Oros) [2102359 2037937] - ice: rename ICE_MAX_VF_COUNT to avoid confusion (Petr Oros) [2102359 2037937] - ice: remove unused definitions from ice_sriov.h (Petr Oros) [2102359 2037937] - ice: convert vf->vc_ops to a const pointer (Petr Oros) [2102359 2037937] - ice: remove circular header dependencies on ice.h (Petr Oros) [2102359 2037937] - ice: rename ice_virtchnl_pf.c to ice_sriov.c (Petr Oros) [2102359 2037937] - ice: rename ice_sriov.c to ice_vf_mbx.c (Petr Oros) [2102359 2037937] - ice: Fix FV offset searching (Petr Oros) [2102359 2037937] - ice: Add support for outer dest MAC for ADQ tunnels (Petr Oros) [2102359 2037937] - ice: avoid XDP checks in ice_clean_tx_irq() (Petr Oros) [2102359 2037937] - ice: change 'can't set link' message to dbg level (Petr Oros) [2102359 2037937] - ice: Add slow path offload stats on port representor in switchdev (Petr Oros) [2102359 2037937] - ice: Add support for inner etype in switchdev (Petr Oros) [2102359 2037937] - ice: convert VF storage to hash table with krefs and RCU (Petr Oros) [2102359 2037937] - ice: introduce VF accessor functions (Petr Oros) [2102359 2037937] - ice: factor VF variables to separate structure (Petr Oros) [2102359 2037937] - ice: convert ice_for_each_vf to include VF entry iterator (Petr Oros) [2102359 2037937] - ice: use ice_for_each_vf for iteration during removal (Petr Oros) [2102359 2037937] - ice: remove checks in ice_vc_send_msg_to_vf (Petr Oros) [2102359 2037937] - ice: move VFLR acknowledge during ice_free_vfs (Petr Oros) [2102359 2037937] - ice: move clear_malvf call in ice_free_vfs (Petr Oros) [2102359 2037937] - ice: pass num_vfs to ice_set_per_vf_res() (Petr Oros) [2102359 2037937] - ice: store VF pointer instead of VF ID (Petr Oros) [2102359 2037937] - ice: refactor unwind cleanup in eswitch mode (Petr Oros) [2102359 2037937] - ice: add TTY for GNSS module for E810T device (Petr Oros) [2102359 2037937] - ice: Simplify tracking status of RDMA support (Petr Oros) [2102359 2037937] - ice: Add ability for PF admin to enable VF VLAN pruning (Petr Oros) [2102359 2037937] - ice: Add support for 802.1ad port VLANs VF (Petr Oros) [2102359 2037937] - ice: Advertise 802.1ad VLAN filtering and offloads for PF netdev (Petr Oros) [2102359 2037937] - ice: Support configuring the device to Double VLAN Mode (Petr Oros) [2102359 2037937] - ice: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 (Petr Oros) [2102359 2037937] - ice: Add hot path support for 802.1Q and 802.1ad VLAN offloads (Petr Oros) [2102359 2037937] - ice: Add outer_vlan_ops and VSI specific VLAN ops implementations (Petr Oros) [2102359 2037937] - ice: Adjust naming for inner VLAN operations (Petr Oros) [2102359 2037937] - ice: Use the proto argument for VLAN ops (Petr Oros) [2102359 2037937] - ice: Refactor vf->port_vlan_info to use ice_vlan (Petr Oros) [2102359 2037937] - ice: Introduce ice_vlan struct (Petr Oros) [2102359 2037937] - ice: Add new VSI VLAN ops (Petr Oros) [2102359 2037937] - ice: Add helper function for adding VLAN 0 (Petr Oros) [2102359 2037937] - ice: Refactor spoofcheck configuration functions (Petr Oros) [2102359 2037937] - Revert 'ice: Allow to pass VLAN tagged packets to VF when port VLAN is configured' (Petr Oros) [2102359 2037937] - Revert 'ice: Do not enable VLAN pruning when spoofchk is enabled' (Petr Oros) [2102359 2037937] - ice: Remove likely for napi_complete_done (Petr Oros) [2102359 2037937] - ice: add support for DSCP QoS for IDC (Petr Oros) [2102359 2037937] - ice: respect metadata on XSK Rx to skb (Petr Oros) [2102359 2037937] - ice: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (Petr Oros) [2102359 2037937] - ice: respect metadata in legacy-rx/ice_construct_skb() (Petr Oros) [2102359 2037937] - ice: Fix broken IFF_ALLMULTI handling (Petr Oros) [2102359 2037937] - iavf: Fix VLAN_V2 addition/rejection (Petr Oros) [2118707 2115618] - iavf: Fix deadlock in initialization (Petr Oros) [2118705 2054656] - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (Nilesh Javali) [2110768 2044160] - sched/deadline: Fix BUG_ON condition for deboosted tasks (Phil Auld) [2117410 2111860] [4.18.0-372.24.1_6] - powerpc/64: Move paca allocation later in boot (Desnes A. Nunes do Rosario) [2092241 2016335] - powerpc/prom: fix early DEBUG messages (Desnes A. Nunes do Rosario) [2092241 2016335] - powerpc: Set crashkernel offset to mid of RMA region (Desnes A. Nunes do Rosario) [2092241 2016335] - hv_balloon: rate-limit 'Unhandled message' warning (Vitaly Kuznetsov) [2117050 2087270] - powerpc: Enable execve syscall exit tracepoint (Steve Best) [2106662 2095521] - ice: Fix VSIs unable to share unicast MAC (Petr Oros) [2111936 2080033] [4.18.0-372.23.1_6] - drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (Phil Auld) [2112030 2089715] - iavf: Fix issue with MAC address of VF shown as zero (Petr Oros) [2102360 2037938] - iavf: Remove non-inclusive language (Petr Oros) [2102360 2037938] - iavf: Fix incorrect use of assigning iavf_status to int (Petr Oros) [2102360 2037938] - iavf: stop leaking iavf_status as 'errno' values (Petr Oros) [2102360 2037938] - iavf: Add usage of new virtchnl format to set default MAC (Petr Oros) [2102360 2037938] - iavf: refactor processing of VLAN V2 capability message (Petr Oros) [2102360 2037938] - iavf: Add support for 50G/100G in AIM algorithm (Petr Oros) [2102360 2037938] - iavf: remove redundant ret variable (Petr Oros) [2102360 2037938] - iavf: Remove useless DMA-32 fallback configuration (Petr Oros) [2102360 2037938] - pidfd: fix a poll race when setting exit_state (Oleg Nesterov) [2107643 2044587] - fork: fix pidfd_poll()'s return type (Oleg Nesterov) [2107643 2044587] - pidfd: add polling support (Oleg Nesterov) [2107643 2044587] - kabi: introduce the kabi_aux_*() helpers (Oleg Nesterov) [2107643 2044587] [4.18.0-372.22.1_6] - mm/memcg: Free percpu stats memory of dying memcg's (Waiman Long) [2110039 2004037] [4.18.0-372.21.1_6] - KVM: x86/mmu: Don't advance iterator after restart due to yielding (Nico Pache) [2081013 2058907] - RHEL-only: KVM: selftests: Fix AArch64 compilation (Paul Lai) [2107655 2071997] - x86/fpu: KVM: Set the base guest FPU uABI size to sizeof(struct kvm_xsave) (Paul Lai) [2107652 2092066] - KVM: x86: Use ERR_PTR_USR() to return -EFAULT as a __user pointer (Paul Lai) [2088288 2074679] - KVM: x86: add system attribute to retrieve full set of supported xsave states (Paul Lai) [2088288 2074679] - KVM: x86: Add a helper to retrieve userspace address from kvm_device_attr (Paul Lai) [2088288 2074679] - tools: arch: x86: pull in pvclock headers (Paul Lai) [2088288 2074679] - KVM: x86: Expose TSC offset controls to userspace (Paul Lai) [2088288 2074679] - KVM: x86: Refactor tsc synchronization code (Paul Lai) [2088288 2074679] - selftests: kvm: move vm_xsave_req_perm call to amx_test (Paul Lai) [2088288 2074679] - RHEL-only: KVM: selftests: Remove unused modes (Andrew Jones) [2107655 2071997] - tools headers UAPI: Sync linux/kvm.h with the kernel sources (Paul Lai) [2088287 1918929] - kvm: selftests: sync uapi/linux/kvm.h with Linux header (Paul Lai) [2088287 1918929] - kvm: selftests: conditionally build vm_xsave_req_perm() (Paul Lai) [2088287 1918929] - x86/kvm/fpu: Remove kvm_vcpu_arch.guest_supported_xcr0 (Paul Lai) [2088287 1918929] - x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0 (Paul Lai) [2088287 1918929] - KVM: x86/cpuid: Exclude unpermitted xfeatures sizes at KVM_GET_SUPPORTED_CPUID (Paul Lai) [2088287 1918929] - KVM: x86: Move CPUID.(EAX=0x12,ECX=1) mangling to __kvm_update_cpuid_runtime() (Paul Lai) [2088287 1918929] - KVM: x86/cpuid: Clear XFD for component i if the base feature is missing (Paul Lai) [2088287 1918929] - KVM: x86: Do runtime CPUID update before updating vcpu->arch.cpuid_entries (Paul Lai) [2088287 1918929] - x86/fpu: Fix inline prefix warnings (Paul Lai) [2088287 1918929] - selftest: kvm: Add amx selftest (Paul Lai) [2088287 1918929] - selftest: kvm: Move struct kvm_x86_state to header (Paul Lai) [2088287 1918929] - selftest: kvm: Reorder vcpu_load_state steps for AMX (Paul Lai) [2088287 1918929] - kvm: x86: Disable interception for IA32_XFD on demand (Paul Lai) [2088287 1918929] - x86/fpu: Provide fpu_sync_guest_vmexit_xfd_state() (Paul Lai) [2088287 1918929] - kvm: selftests: Add support for KVM_CAP_XSAVE2 (Paul Lai) [2088287 1918929] - kvm: x86: Add support for getting/setting expanded xstate buffer (Paul Lai) [2088287 1918929] - x86/fpu: Add uabi_size to guest_fpu (Paul Lai) [2088287 1918929] - kvm: x86: Add CPUID support for Intel AMX (Paul Lai) [2088287 1918929] - kvm: x86: Add XCR0 support for Intel AMX (Paul Lai) [2088287 1918929] - kvm: x86: Disable RDMSR interception of IA32_XFD_ERR (Paul Lai) [2088287 1918929] - kvm: x86: Emulate IA32_XFD_ERR for guest (Paul Lai) [2088287 1918929] - kvm: x86: Intercept #NM for saving IA32_XFD_ERR (Paul Lai) [2088287 1918929] - x86/fpu: Prepare xfd_err in struct fpu_guest (Paul Lai) [2088287 1918929] - kvm: x86: Add emulation for IA32_XFD (Paul Lai) [2088287 1918929] - x86/fpu: Provide fpu_update_guest_xfd() for IA32_XFD emulation (Paul Lai) [2088287 1918929] - kvm: x86: Enable dynamic xfeatures at KVM_SET_CPUID2 (Paul Lai) [2088287 1918929] - x86/fpu: Provide fpu_enable_guest_xfd_features() for KVM (Paul Lai) [2088287 1918929] - x86/fpu: Add guest support to xfd_enable_feature() (Paul Lai) [2088287 1918929] - x86/fpu: Make XFD initialization in __fpstate_reset() a function argument (Paul Lai) [2088287 1918929] - kvm: x86: Exclude unpermitted xfeatures at KVM_GET_SUPPORTED_CPUID (Paul Lai) [2088287 1918929] - kvm: x86: Fix xstate_required_size() to follow XSTATE alignment rule (Paul Lai) [2088287 1918929] - x86/fpu: Prepare guest FPU for dynamically enabled FPU features (Paul Lai) [2088287 1918929] - x86/fpu: Extend fpu_xstate_prctl() with guest permissions (Paul Lai) [2088287 1918929] - kvm: selftests: move ucall declarations into ucall_common.h (Paul Lai) [2088287 1918929] - kvm: selftests: move base kvm_util.h declarations to kvm_util_base.h (Paul Lai) [2088287 1918929] - cpuid: kvm_find_kvm_cpuid_features() should be declared 'static' (Paul Lai) [2088287 1918929] - KVM: x86: Make sure KVM_CPUID_FEATURES really are KVM_CPUID_FEATURES (Paul Lai) [2088287 1918929] - KVM: x86: Add helper to consolidate core logic of SET_CPUID{2} flows (Paul Lai) [2088287 1918929] - tools arch x86: Sync the msr-index.h copy with the kernel sources (Andrew Jones) [2107655 2071997] [4.18.0-372.20.1_6] - powerpc/pseries: Fix use after free in remove_phb_dynamic() (Steve Best) [2081250 2073707] - mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (Inigo Huguet) [2101684 2096758] - mt76: mt7921e: fix possible probe failure after reboot (Inigo Huguet) [2095654 2078877] - x86/apic/vector: Fix ordering in vector assignment (Frank Ramsay) [2084646 2076607] MODERATE Copyright 2022 Oracle, Inc. CVE-2022-21125 CVE-2022-21166 CVE-2022-21123 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [2.2.20-3] - Fix CVE-2022-34903 (#2108447) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-34903 cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ol8 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/o:oracle:linux:8:8:baseos_base cpe:/o:oracle:linux:8:9:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8:7:baseos_base cpe:/o:oracle:linux:8::baseos_developer Oracle Linux 9 [6.0.109-1.0.1] - Add missing Oracle RIDs - Build all packages on source-build even when in servicing [6.0.109-1] - Update to .NET SDK 6.0.109 and Runtime 6.0.9 - Resolves: RHBZ#2123791 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-38013 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 [3.1.423-1.0.1] - Add missing Oracle Linux Runtime IDs [3.1.423-1] - Update to .NET SDK 3.1.423 and Runtime 3.1.29 - Resolves: RHBZ#2123785 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-38013 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [6.0.109-1.0.1] - Add missing Oracle RIDs [6.0.109-1] - Update to .NET SDK 6.0.109 and Runtime 6.0.9 - Resolves: RHBZ#2123789 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-38013 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [2.36.7-1] - Update to 2.36.7 Related: #2123429 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-32893 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 php-pear [1:1.10.13-1] - update PEAR to 1.10.13 - update Archive_Tar to 1.4.14 MODERATE Copyright 2022 Oracle, Inc. CVE-2020-36193 CVE-2020-28949 CVE-2020-28948 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 9 [3.0.4-160] - Upgrade to Ruby 3.0.4. Resolves: rhbz#2109428 - OpenSSL test suite fixes due to disabled SHA1. Related: rbhz#2109428 - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 - Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-28739 CVE-2022-28738 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [8.0.30-3] - Release bump for rebuild [8.0.30-1] - Update to MySQL 8.0.30 - Remove patches now upstream: chain certs, OpenSSL 3, s390 and robin hood - Add a new plugin [8.0.29-1] - Update to MySQL 8.0.29 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-21444 CVE-2022-21534 CVE-2022-21478 CVE-2022-21556 CVE-2022-21547 CVE-2022-21435 CVE-2022-21531 CVE-2022-21539 CVE-2022-21459 CVE-2022-21509 CVE-2022-21526 CVE-2022-21418 CVE-2022-21452 CVE-2022-21414 CVE-2022-21530 CVE-2022-21417 CVE-2022-21436 CVE-2022-21423 CVE-2022-21455 CVE-2022-21527 CVE-2022-21528 CVE-2022-21537 CVE-2022-21427 CVE-2022-21437 CVE-2022-21440 CVE-2022-21522 CVE-2022-21569 CVE-2022-21412 CVE-2022-21413 CVE-2022-21415 CVE-2022-21451 CVE-2022-21454 CVE-2022-21425 CVE-2022-21479 CVE-2022-21517 CVE-2022-21525 CVE-2022-21538 CVE-2022-21438 CVE-2022-21457 CVE-2022-21460 CVE-2022-21462 CVE-2022-21515 CVE-2022-21529 CVE-2022-21553 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 nodejs [16.16.0-1] - Rebase to version 16.16.0 Resolves: RHBZ#2106290 Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 [16.14.0-5] - Decouple dependency bundling from bootstrapping nodejs-nodemon MODERATE Copyright 2022 Oracle, Inc. CVE-2020-7788 CVE-2022-32213 CVE-2022-29244 CVE-2021-33502 CVE-2022-32215 CVE-2022-33987 CVE-2022-32212 CVE-2020-28469 CVE-2021-3807 CVE-2022-32214 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [2.3.3-2] - Fix CVE-2022-34903 (#2108449) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-34903 cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base cpe:/o:oracle:linux:9::baseos_developer cpe:/o:oracle:linux:9:1:baseos_base cpe:/o:oracle:linux:9:2:baseos_base Oracle Linux 9 [28-5.1] - Fix a stack buffer over-read in the c-shquote library - Fix null pointer reference when supplying a malformed XML config file - Add gating.yaml Resolves: CVE-2022-31212 Resolves: CVE-2022-31213 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-31213 CVE-2022-31212 cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [5.14.0-70.26.1.0.1_0.OL9] - lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34290418] {CVE-2022-21499} [5.14.0-70.26.1_0.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 < 15.3-1.0.4 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] [5.14.0-70.26.1_0] - redhat/configs enable CONFIG_ICE_HWTS (Petr Oros) [2108204 2037974] - redhat/configs enable CONFIG_ICE_SWITCHDEV (Petr Oros) [2108204 2037974] - ice: Fix VF not able to send tagged traffic with no VLAN filters (Petr Oros) [2119290 2116964] - ice: Ignore error message when setting same promiscuous mode (Petr Oros) [2119290 2116964] - ice: Fix clearing of promisc mode with bridge over bond (Petr Oros) [2119290 2116964] - ice: Ignore EEXIST when setting promisc mode (Petr Oros) [2119290 2116964] - ice: Fix double VLAN error when entering promisc mode (Petr Oros) [2119290 2116964] - ice: Fix promiscuous mode not turning off (Petr Oros) [2119290 2116964] - ice: Introduce enabling promiscuous mode on multiple VF's (Petr Oros) [2119290 2116964] - ice: do not setup vlan for loopback VSI (Petr Oros) [2119290 2116964] - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (Petr Oros) [2119290 2116964] - ice: Fix VSIs unable to share unicast MAC (Petr Oros) [2119290 2116964] - ice: Fix max VLANs available for VF (Petr Oros) [2119290 2116964] - ice: change devlink code to read NVM in blocks (Petr Oros) [2119290 2116964] - ice: Fix memory corruption in VF driver (Petr Oros) [2108204 2037974] - ice: Fix queue config fail handling (Petr Oros) [2108204 2037974] - ice: Sync VLAN filtering features for DVM (Petr Oros) [2108204 2037974] - ice: Fix PTP TX timestamp offset calculation (Petr Oros) [2108204 2037974] - ice: Fix interrupt moderation settings getting cleared (Petr Oros) [2108204 2037974] - ice: fix possible under reporting of ethtool Tx and Rx statistics (Petr Oros) [2108204 2037974] - ice: fix crash when writing timestamp on RX rings (Petr Oros) [2108204 2037974] - ice: fix PTP stale Tx timestamps cleanup (Petr Oros) [2108204 2037974] - ice: clear stale Tx queue settings before configuring (Petr Oros) [2108204 2037974] - ice: Fix race during aux device (un)plugging (Petr Oros) [2108204 2037974] - ice: fix use-after-free when deinitializing mailbox snapshot (Petr Oros) [2108204 2037974] - ice: wait 5 s for EMP reset after firmware flash (Petr Oros) [2108204 2037974] - ice: Protect vf_state check by cfg_lock in ice_vc_process_vf_msg() (Petr Oros) [2108204 2037974] - ice: Fix incorrect locking in ice_vc_process_vf_msg() (Petr Oros) [2108204 2037974] - ice: Fix memory leak in ice_get_orom_civd_data() (Petr Oros) [2108204 2037974] - ice: fix crash in switchdev mode (Petr Oros) [2108204 2037974] - ice: allow creating VFs for !CONFIG_NET_SWITCHDEV (Petr Oros) [2108204 2037974] - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (Petr Oros) [2108204 2037974] - ice: clear cmd_type_offset_bsz for TX rings (Petr Oros) [2108204 2037974] - ice: xsk: fix VSI state check in ice_xsk_wakeup() (Petr Oros) [2108204 2037974] - ice: synchronize_rcu() when terminating rings (Petr Oros) [2108204 2037974] - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (Petr Oros) [2108204 2037974] - ice: Set txq_teid to ICE_INVAL_TEID on ring creation (Petr Oros) [2108204 2037974] - ice: Fix broken IFF_ALLMULTI handling (Petr Oros) [2108204 2037974] - ice: Fix MAC address setting (Petr Oros) [2108204 2037974] - ice: Clear default forwarding VSI during VSI release (Petr Oros) [2108204 2037974] - ice: xsk: Fix indexing in ice_tx_xsk_pool() (Petr Oros) [2108204 2037974] - ice: xsk: Stop Rx processing when ntc catches ntu (Petr Oros) [2108204 2037974] - ice: don't allow to run ice_send_event_to_aux() in atomic ctx (Petr Oros) [2108204 2037974] - ice: fix 'scheduling while atomic' on aux critical err interrupt (Petr Oros) [2108204 2037974] - ice: add trace events for tx timestamps (Petr Oros) [2108204 2037974] - ice: fix return value check in ice_gnss.c (Petr Oros) [2108204 2037974] - ice: destroy flow director filter mutex after releasing VSIs (Petr Oros) [2108204 2037974] - ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() (Petr Oros) [2108204 2037974] - ice: remove PF pointer from ice_check_vf_init (Petr Oros) [2108204 2037974] - ice: introduce ice_virtchnl.c and ice_virtchnl.h (Petr Oros) [2108204 2037974] - ice: cleanup long lines in ice_sriov.c (Petr Oros) [2108204 2037974] - ice: introduce ICE_VF_RESET_LOCK flag (Petr Oros) [2108204 2037974] - ice: introduce ICE_VF_RESET_NOTIFY flag (Petr Oros) [2108204 2037974] - ice: convert ice_reset_vf to take flags (Petr Oros) [2108204 2037974] - ice: convert ice_reset_vf to standard error codes (Petr Oros) [2108204 2037974] - ice: make ice_reset_all_vfs void (Petr Oros) [2108204 2037974] - ice: drop is_vflr parameter from ice_reset_all_vfs (Petr Oros) [2108204 2037974] - ice: move reset functionality into ice_vf_lib.c (Petr Oros) [2108204 2037974] - ice: fix a long line warning in ice_reset_vf (Petr Oros) [2108204 2037974] - ice: introduce VF operations structure for reset flows (Petr Oros) [2108204 2037974] - ice: fix incorrect dev_dbg print mistaking 'i' for vf->vf_id (Petr Oros) [2108204 2037974] - ice: introduce ice_vf_lib.c, ice_vf_lib.h, and ice_vf_lib_private.h (Petr Oros) [2108204 2037974] - ice: use ice_is_vf_trusted helper function (Petr Oros) [2108204 2037974] - ice: log an error message when eswitch fails to configure (Petr Oros) [2108204 2037974] - ice: cleanup error logging for ice_ena_vfs (Petr Oros) [2108204 2037974] - ice: move ice_set_vf_port_vlan near other .ndo ops (Petr Oros) [2108204 2037974] - ice: refactor spoofchk control code in ice_sriov.c (Petr Oros) [2108204 2037974] - ice: rename ICE_MAX_VF_COUNT to avoid confusion (Petr Oros) [2108204 2037974] - ice: remove unused definitions from ice_sriov.h (Petr Oros) [2108204 2037974] - ice: convert vf->vc_ops to a const pointer (Petr Oros) [2108204 2037974] - ice: remove circular header dependencies on ice.h (Petr Oros) [2108204 2037974] - ice: rename ice_virtchnl_pf.c to ice_sriov.c (Petr Oros) [2108204 2037974] - ice: rename ice_sriov.c to ice_vf_mbx.c (Petr Oros) [2108204 2037974] - ice: Fix FV offset searching (Petr Oros) [2108204 2037974] - ice: Add support for outer dest MAC for ADQ tunnels (Petr Oros) [2108204 2037974] - ice: avoid XDP checks in ice_clean_tx_irq() (Petr Oros) [2108204 2037974] - ice: change 'can't set link' message to dbg level (Petr Oros) [2108204 2037974] - ice: Add slow path offload stats on port representor in switchdev (Petr Oros) [2108204 2037974] - ice: Add support for inner etype in switchdev (Petr Oros) [2108204 2037974] - ice: Fix curr_link_speed advertised speed (Petr Oros) [2108204 2037974] - ice: Don't use GFP_KERNEL in atomic context (Petr Oros) [2108204 2037974] - ice: stop disabling VFs due to PF error responses (Petr Oros) [2108204 2037974] - ice: convert VF storage to hash table with krefs and RCU (Petr Oros) [2108204 2037974] - ice: introduce VF accessor functions (Petr Oros) [2108204 2037974] - ice: factor VF variables to separate structure (Petr Oros) [2108204 2037974] - ice: convert ice_for_each_vf to include VF entry iterator (Petr Oros) [2108204 2037974] - ice: use ice_for_each_vf for iteration during removal (Petr Oros) [2108204 2037974] - ice: remove checks in ice_vc_send_msg_to_vf (Petr Oros) [2108204 2037974] - ice: move VFLR acknowledge during ice_free_vfs (Petr Oros) [2108204 2037974] - ice: move clear_malvf call in ice_free_vfs (Petr Oros) [2108204 2037974] - ice: pass num_vfs to ice_set_per_vf_res() (Petr Oros) [2108204 2037974] - ice: store VF pointer instead of VF ID (Petr Oros) [2108204 2037974] - ice: refactor unwind cleanup in eswitch mode (Petr Oros) [2108204 2037974] - ice: add TTY for GNSS module for E810T device (Petr Oros) [2108204 2037974] - ice: initialize local variable 'tlv' (Petr Oros) [2108204 2037974] - ice: check the return of ice_ptp_gettimex64 (Petr Oros) [2108204 2037974] - ice: fix concurrent reset and removal of VFs (Petr Oros) [2108204 2037974] - ice: fix setting l4 port flag when adding filter (Petr Oros) [2108204 2037974] - ice: Match on all profiles in slow-path (Petr Oros) [2108204 2037974] - ice: enable parsing IPSEC SPI headers for RSS (Petr Oros) [2108204 2037974] - ice: Simplify tracking status of RDMA support (Petr Oros) [2108204 2037974] - ice: fix IPIP and SIT TSO offload (Petr Oros) [2108204 2037974] - ice: fix an error code in ice_cfg_phy_fec() (Petr Oros) [2108204 2037974] - ice: Add ability for PF admin to enable VF VLAN pruning (Petr Oros) [2108204 2037974] - ice: Add support for 802.1ad port VLANs VF (Petr Oros) [2108204 2037974] - ice: Advertise 802.1ad VLAN filtering and offloads for PF netdev (Petr Oros) [2108204 2037974] - ice: Support configuring the device to Double VLAN Mode (Petr Oros) [2108204 2037974] - ice: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 (Petr Oros) [2108204 2037974] - ice: Add hot path support for 802.1Q and 802.1ad VLAN offloads (Petr Oros) [2108204 2037974] - ice: Add outer_vlan_ops and VSI specific VLAN ops implementations (Petr Oros) [2108204 2037974] - ice: Adjust naming for inner VLAN operations (Petr Oros) [2108204 2037974] - ice: Use the proto argument for VLAN ops (Petr Oros) [2108204 2037974] - ice: Refactor vf->port_vlan_info to use ice_vlan (Petr Oros) [2108204 2037974] - ice: Introduce ice_vlan struct (Petr Oros) [2108204 2037974] - ice: Add new VSI VLAN ops (Petr Oros) [2108204 2037974] - ice: Add helper function for adding VLAN 0 (Petr Oros) [2108204 2037974] - ice: Refactor spoofcheck configuration functions (Petr Oros) [2108204 2037974] - ice: Remove likely for napi_complete_done (Petr Oros) [2108204 2037974] - ice: add support for DSCP QoS for IDC (Petr Oros) [2108204 2037974] - ice: respect metadata on XSK Rx to skb (Petr Oros) [2108204 2037974] - ice: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (Petr Oros) [2108204 2037974] - ice: respect metadata in legacy-rx/ice_construct_skb() (Petr Oros) [2108204 2037974] - ice: Remove useless DMA-32 fallback configuration (Petr Oros) [2108204 2037974] - ice: Use bitmap_free() to free bitmap (Petr Oros) [2108204 2037974] - ice: Optimize a few bitmap operations (Petr Oros) [2108204 2037974] - ice: Slightly simply ice_find_free_recp_res_idx (Petr Oros) [2108204 2037974] - ice: improve switchdev's slow-path (Petr Oros) [2108204 2037974] - ice: replay advanced rules after reset (Petr Oros) [2108204 2037974] - net: fixup build after bpf header changes (Petr Oros) [2108204 2037974] - net: Don't include filter.h from net/sock.h (Petr Oros) [2108204 2037974] - ice: Add flow director support for channel mode (Petr Oros) [2108204 2037974] - ice: switch to napi_build_skb() (Petr Oros) [2108204 2037974] - ice: xsk: fix cleaned_count setting (Petr Oros) [2108204 2037974] - ice: xsk: allow empty Rx descriptors on XSK ZC data path (Petr Oros) [2108204 2037974] - ice: xsk: allocate separate memory for XDP SW ring (Petr Oros) [2108204 2037974] - ice: xsk: return xsk buffers back to pool when cleaning the ring (Petr Oros) [2108204 2037974] - ice: trivial: fix odd indenting (Petr Oros) [2108204 2037974] - ice: support crosstimestamping on E822 devices if supported (Petr Oros) [2108204 2037974] - ice: exit bypass mode once hardware finishes timestamp calibration (Petr Oros) [2108204 2037974] - ice: ensure the hardware Clock Generation Unit is configured (Petr Oros) [2108204 2037974] - ice: implement basic E822 PTP support (Petr Oros) [2108204 2037974] - ice: convert clk_freq capability into time_ref (Petr Oros) [2108204 2037974] - ice: introduce ice_ptp_init_phc function (Petr Oros) [2108204 2037974] - ice: use 'int err' instead of 'int status' in ice_ptp_hw.c (Petr Oros) [2108204 2037974] - ice: PTP: move setting of tstamp_config (Petr Oros) [2108204 2037974] - ice: introduce ice_base_incval function (Petr Oros) [2108204 2037974] - ice: Fix E810 PTP reset flow (Petr Oros) [2108204 2037974] - ice: Don't put stale timestamps in the skb (Petr Oros) [2108204 2037974] - ice: Use div64_u64 instead of div_u64 in adjfine (Petr Oros) [2108204 2037974] - ice: use modern kernel API for kick (Petr Oros) [2108204 2037974] - ice: tighter control over VSI_DOWN state (Petr Oros) [2108204 2037974] - ice: use prefetch methods (Petr Oros) [2108204 2037974] - ice: update to newer kernel API (Petr Oros) [2108204 2037974] - ice: support immediate firmware activation via devlink reload (Petr Oros) [2108204 2037974] - ice: reduce time to read Option ROM CIVD data (Petr Oros) [2108204 2037974] - ice: move ice_devlink_flash_update and merge with ice_flash_pldm_image (Petr Oros) [2108204 2037974] - ice: move and rename ice_check_for_pending_update (Petr Oros) [2108204 2037974] - ice: devlink: add shadow-ram region to snapshot Shadow RAM (Petr Oros) [2108204 2037974] - ice: Remove unused ICE_FLOW_SEG_HDRS_L2_MASK (Petr Oros) [2108204 2037974] - ice: Remove unnecessary casts (Petr Oros) [2108204 2037974] - ice: Propagate error codes (Petr Oros) [2108204 2037974] - ice: Remove excess error variables (Petr Oros) [2108204 2037974] - ice: Cleanup after ice_status removal (Petr Oros) [2108204 2037974] - ice: Remove enum ice_status (Petr Oros) [2108204 2037974] - ice: Use int for ice_status (Petr Oros) [2108204 2037974] - ice: Remove string printing for ice_status (Petr Oros) [2108204 2037974] - ice: Refactor status flow for DDP load (Petr Oros) [2108204 2037974] - ice: Refactor promiscuous functions (Petr Oros) [2108204 2037974] - ice: refactor PTYPE validating (Petr Oros) [2108204 2037974] - ice: Add package PTYPE enable information (Petr Oros) [2108204 2037974] - ice: safer stats processing (Petr Oros) [2108204 2037974] - ice: fix adding different tunnels (Petr Oros) [2108204 2037974] - ice: fix choosing UDP header type (Petr Oros) [2108204 2037974] - ice: ignore dropped packets during init (Petr Oros) [2108204 2037974] - ice: rearm other interrupt cause register after enabling VFs (Petr Oros) [2108204 2037974] - ice: fix FDIR init missing when reset VF (Petr Oros) [2108204 2037974] - net/ice: Remove unused enum (Petr Oros) [2108204 2037974] - net/ice: Fix boolean assignment (Petr Oros) [2108204 2037974] - ice: avoid bpf_prog refcount underflow (Petr Oros) [2108204 2037974] - ice: fix vsi->txq_map sizing (Petr Oros) [2108204 2037974] - net/ice: Add support for enable_iwarp and enable_roce devlink param (Petr Oros) [2108204 2037974] - ice: Hide bus-info in ethtool for PRs in switchdev mode (Petr Oros) [2108204 2037974] - ice: Clear synchronized addrs when adding VFs in switchdev mode (Petr Oros) [2108204 2037974] - ice: fix error return code in ice_get_recp_frm_fw() (Petr Oros) [2108204 2037974] - ice: Fix clang -Wimplicit-fallthrough in ice_pull_qvec_from_rc() (Petr Oros) [2108204 2037974] - ice: Add support to print error on PHY FW load failure (Petr Oros) [2108204 2037974] - ice: Add support for changing MTU on PR in switchdev mode (Petr Oros) [2108204 2037974] - ice: send correct vc status in switchdev (Petr Oros) [2108204 2037974] - ice: support for GRE in eswitch (Petr Oros) [2108204 2037974] - ice: low level support for tunnels (Petr Oros) [2108204 2037974] - ice: VXLAN and Geneve TC support (Petr Oros) [2108204 2037974] - ice: support for indirect notification (Petr Oros) [2108204 2037974] - ice: Add tc-flower filter support for channel (Petr Oros) [2108204 2037974] - ice: enable ndo_setup_tc support for mqprio_qdisc (Petr Oros) [2108204 2037974] - ice: Add infrastructure for mqprio support via ndo_setup_tc (Petr Oros) [2108204 2037974] - ice: fix an error code in ice_ena_vfs() (Petr Oros) [2108204 2037974] - ice: Refactor PR ethtool ops (Petr Oros) [2108204 2037974] - ice: Manage act flags for switchdev offloads (Petr Oros) [2108204 2037974] - ice: Forbid trusted VFs in switchdev mode (Petr Oros) [2108204 2037974] - ice: introduce XDP_TX fallback path (Petr Oros) [2108204 2037974] - ice: optimize XDP_TX workloads (Petr Oros) [2108204 2037974] - ice: propagate xdp_ring onto rx_ring (Petr Oros) [2108204 2037974] - ice: do not create xdp_frame on XDP_TX (Petr Oros) [2108204 2037974] - ice: unify xdp_rings accesses (Petr Oros) [2108204 2037974] - ice: ndo_setup_tc implementation for PR (Petr Oros) [2108204 2037974] - ice: ndo_setup_tc implementation for PF (Petr Oros) [2108204 2037974] - ice: Allow changing lan_en and lb_en on all kinds of filters (Petr Oros) [2108204 2037974] - ice: cleanup rules info (Petr Oros) [2108204 2037974] - ice: allow deleting advanced rules (Petr Oros) [2108204 2037974] - ice: allow adding advanced rules (Petr Oros) [2108204 2037974] - ice: create advanced switch recipe (Petr Oros) [2108204 2037974] - ice: manage profiles and field vectors (Petr Oros) [2108204 2037974] - ice: implement low level recipes functions (Petr Oros) [2108204 2037974] - ice: add port representor ethtool ops and stats (Petr Oros) [2108204 2037974] - ice: switchdev slow path (Petr Oros) [2108204 2037974] - ice: rebuild switchdev when resetting all VFs (Petr Oros) [2108204 2037974] - ice: enable/disable switchdev when managing VFs (Petr Oros) [2108204 2037974] - ice: introduce new type of VSI for switchdev (Petr Oros) [2108204 2037974] - ice: set and release switchdev environment (Petr Oros) [2108204 2037974] - ice: allow changing lan_en and lb_en on dflt rules (Petr Oros) [2108204 2037974] - ice: manage VSI antispoof and destination override (Petr Oros) [2108204 2037974] - ice: allow process VF opcodes in different ways (Petr Oros) [2108204 2037974] - ice: introduce VF port representor (Petr Oros) [2108204 2037974] - ice: Move devlink port to PF/VF struct (Petr Oros) [2108204 2037974] - ice: support basic E-Switch mode control (Petr Oros) [2108204 2037974] - ethernet: use eth_hw_addr_set() for dev->addr_len cases (Petr Oros) [2108204 2037974] - ethernet: use eth_hw_addr_set() instead of ether_addr_copy() (Petr Oros) [2108204 2037974] - ice: Use xdp_buf instead of rx_buf for xsk zero-copy (Petr Oros) [2108204 2037974] - ice: Only lock to update netdev dev_addr (Petr Oros) [2108204 2037974] - ice: restart periodic outputs around time changes (Petr Oros) [2108204 2037974] - ice: fix Tx queue iteration for Tx timestamp enablement (Petr Oros) [2108204 2037974] - devlink: Add 'enable_iwarp' generic device param (Petr Oros) [2108204 2037974] - i40e: Fix tunnel checksum offload with fragmented traffic (Ivan Vecera) [2119479 2037980] - i40e: Fix call trace in setup_tx_descriptors (Ivan Vecera) [2119479 2037980] - i40e: Fix calculating the number of queue pairs (Ivan Vecera) [2119479 2037980] - i40e: Fix adding ADQ filter to TC0 (Ivan Vecera) [2119479 2037980] - i40e: i40e_main: fix a missing check on list iterator (Ivan Vecera) [2119479 2037980] - i40e, xsk: Get rid of redundant 'fallthrough' (Ivan Vecera) [2119479 2037980] - i40e, xsk: Diversify return values from xsk_wakeup call paths (Ivan Vecera) [2119479 2037980] - i40e, xsk: Terminate Rx side of NAPI when XSK Rx queue gets full (Ivan Vecera) [2119479 2037980] - i40e: Add Ethernet Connection X722 for 10GbE SFP+ support (Ivan Vecera) [2119479 2037980] - i40e: Add vsi.tx_restart to i40e ethtool stats (Ivan Vecera) [2119479 2037980] - i40e: Add tx_stopped stat (Ivan Vecera) [2119479 2037980] - i40e: Add support for MPLS + TSO (Ivan Vecera) [2119479 2037980] - i40e: little endian only valid checksums (Ivan Vecera) [2119479 2037980] - i40e: stop disabling VFs due to PF error responses (Ivan Vecera) [2119479 2037980] - Revert 'i40e: Fix reset bw limit when DCB enabled with 1 TC' (Ivan Vecera) [2119479 2037980] - i40e: Add a stat for tracking busy rx pages (Ivan Vecera) [2119479 2037980] - i40e: Add a stat for tracking pages waived (Ivan Vecera) [2119479 2037980] - i40e: Add a stat tracking new RX page allocations (Ivan Vecera) [2119479 2037980] - i40e: Aggregate and export RX page reuse stat (Ivan Vecera) [2119479 2037980] - i40e: Remove rx page reuse double count (Ivan Vecera) [2119479 2037980] - i40e: Fix race condition while adding/deleting MAC/VLAN filters (Ivan Vecera) [2119479 2037980] - i40e: Add new version of i40e_aq_add_macvlan function (Ivan Vecera) [2119479 2037980] - i40e: Add new versions of send ASQ command functions (Ivan Vecera) [2119479 2037980] - i40e: Add sending commands in atomic context (Ivan Vecera) [2119479 2037980] - i40e: Remove unused RX realloc stat (Ivan Vecera) [2119479 2037980] - i40e: Disable hw-tc-offload feature on driver load (Ivan Vecera) [2119479 2037980] - i40e: Fix reset path while removing the driver (Ivan Vecera) [2119479 2037980] - i40e: Fix reset bw limit when DCB enabled with 1 TC (Ivan Vecera) [2119479 2037980] - i40e: respect metadata on XSK Rx to skb (Ivan Vecera) [2119479 2037980] - i40e: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (Ivan Vecera) [2119479 2037980] - i40e: Remove useless DMA-32 fallback configuration (Ivan Vecera) [2119479 2037980] - i40e: fix unsigned stat widths (Ivan Vecera) [2119479 2037980] - i40e: Fix for failed to init adminq while VF reset (Ivan Vecera) [2119479 2037980] - i40e: Fix queues reservation for XDP (Ivan Vecera) [2119479 2037980] - i40e: Fix issue when maximum queues is exceeded (Ivan Vecera) [2119479 2037980] - i40e: Increase delay to 1 s after global EMP reset (Ivan Vecera) [2119479 2037980] - i40e: remove variables set but not used (Ivan Vecera) [2119479 2037980] - i40e: Remove non-inclusive language (Ivan Vecera) [2119479 2037980] - i40e: Update FW API version (Ivan Vecera) [2119479 2037980] - i40e: Minimize amount of busy-waiting during AQ send (Ivan Vecera) [2119479 2037980] - i40e: Add ensurance of MacVlan resources for every trusted VF (Ivan Vecera) [2119479 2037980] - i40e: Fix incorrect netdev's real number of RX/TX queues (Ivan Vecera) [2119479 2037980] - i40e: Fix for displaying message regarding NVM version (Ivan Vecera) [2119479 2037980] - i40e: fix use-after-free in i40e_sync_filters_subtask() (Ivan Vecera) [2119479 2037980] - i40e: Fix to not show opcode msg on unsuccessful VF MAC change (Ivan Vecera) [2119479 2037980] - i40e: switch to napi_build_skb() (Ivan Vecera) [2119479 2037980] - i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc (Ivan Vecera) [2119479 2037980] - i40e: Fix pre-set max number of queues for VF (Ivan Vecera) [2119479 2037980] - i40e: Fix failed opcode appearing if handling messages from VF (Ivan Vecera) [2119479 2037980] - i40e: Fix display error code in dmesg (Ivan Vecera) [2119479 2037980] - i40e: Fix creation of first queue by omitting it if is not power of two (Ivan Vecera) [2119479 2037980] - i40e: Fix warning message and call stack during rmmod i40e driver (Ivan Vecera) [2119479 2037980] - i40e: Fix ping is lost after configuring ADq on VF (Ivan Vecera) [2119479 2037980] - i40e: Fix changing previously set num_queue_pairs for PFs (Ivan Vecera) [2119479 2037980] - i40e: Fix NULL ptr dereference on VSI filter sync (Ivan Vecera) [2119479 2037980] - i40e: Fix correct max_pkt_size on VF RX queue (Ivan Vecera) [2119479 2037980] - i40e: Fix freeing of uninitialized misc IRQ vector (Ivan Vecera) [2119479 2037980] - i40e: Fix spelling mistake 'dissable' -> 'disable' (Ivan Vecera) [2119479 2037980] - i40e: add support for PTP external synchronization clock (Ivan Vecera) [2119479 2037980] - i40e: improve locking of mac_filter_hash (Ivan Vecera) [2119479 2037980] - netfilter: nf_tables: sanitize nft_set_desc_concat_parse() (Florian Westphal) [2108199 2096401] {CVE-2022-1972} - netfilter: nf_tables: stricter validation of element data (Florian Westphal) [2104591 2104592] {CVE-2022-34918} [5.14.0-70.25.1_0] - powerpc/smp: Update cpu_core_map on all PowerPc systems (Diego Domingos) [2121719 2063682] - iavf: Fix deadlock in initialization (Ivan Vecera) [2119477 2037976] - iavf: Fix reset error handling (Ivan Vecera) [2119477 2037976] - iavf: Fix NULL pointer dereference in iavf_get_link_ksettings (Ivan Vecera) [2119477 2037976] - iavf: Fix adminq error handling (Ivan Vecera) [2119477 2037976] - iavf: Fix missing state logs (Ivan Vecera) [2119477 2037976] - iavf: Fix VLAN_V2 addition/rejection (Ivan Vecera) [2119477 2037976] - ethernet: use eth_hw_addr_set() instead of ether_addr_copy() (Ivan Vecera) [2119477 2037976] - iavf: Fix issue with MAC address of VF shown as zero (Ivan Vecera) [2119477 2037976] - Revert 'iavf: Fix deadlock occurrence during resetting VF interface' (Ivan Vecera) [2119477 2037976] - iavf: Fix hang during reboot/shutdown (Ivan Vecera) [2119477 2037976] - iavf: Fix double free in iavf_reset_task (Ivan Vecera) [2119477 2037976] - iavf: Fix adopting new combined setting (Ivan Vecera) [2119477 2037976] - iavf: Fix handling of vlan strip virtual channel messages (Ivan Vecera) [2119477 2037976] - iavf: Fix __IAVF_RESETTING state usage (Ivan Vecera) [2119477 2037976] - iavf: Fix missing check for running netdev (Ivan Vecera) [2119477 2037976] - iavf: Fix deadlock in iavf_reset_task (Ivan Vecera) [2119477 2037976] - iavf: Fix race in init state (Ivan Vecera) [2119477 2037976] - iavf: Fix locking for VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2_CAPS (Ivan Vecera) [2119477 2037976] - iavf: Fix init state closure on remove (Ivan Vecera) [2119477 2037976] - iavf: Add waiting so the port is initialized in remove (Ivan Vecera) [2119477 2037976] - iavf: Rework mutexes for better synchronisation (Ivan Vecera) [2119477 2037976] - iavf: Remove non-inclusive language (Ivan Vecera) [2119477 2037976] - iavf: Fix incorrect use of assigning iavf_status to int (Ivan Vecera) [2119477 2037976] - iavf: stop leaking iavf_status as 'errno' values (Ivan Vecera) [2119477 2037976] - iavf: remove redundant ret variable (Ivan Vecera) [2119477 2037976] - iavf: Add usage of new virtchnl format to set default MAC (Ivan Vecera) [2119477 2037976] - iavf: refactor processing of VLAN V2 capability message (Ivan Vecera) [2119477 2037976] - iavf: Add support for 50G/100G in AIM algorithm (Ivan Vecera) [2119477 2037976] - iavf: Remove useless DMA-32 fallback configuration (Ivan Vecera) [2119477 2037976] - iavf: remove an unneeded variable (Ivan Vecera) [2119477 2037976] - iavf: Fix limit of total number of queues to active queues of VF (Ivan Vecera) [2119477 2037976] - iavf: switch to napi_build_skb() (Ivan Vecera) [2119477 2037976] - iavf: Restrict maximum VLAN filters for VIRTCHNL_VF_OFFLOAD_VLAN_V2 (Ivan Vecera) [2119477 2037976] - iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 offload enable/disable (Ivan Vecera) [2119477 2037976] - iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 hotpath (Ivan Vecera) [2119477 2037976] - iavf: Add support VIRTCHNL_VF_OFFLOAD_VLAN_V2 during netdev config (Ivan Vecera) [2119477 2037976] - iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 negotiation (Ivan Vecera) [2119477 2037976] - virtchnl: Add support for new VLAN capabilities (Ivan Vecera) [2119477 2037976] - virtchnl: Use the BIT() macro for capability/offload flags (Ivan Vecera) [2119477 2037976] - virtchnl: Remove unused VIRTCHNL_VF_OFFLOAD_RSVD define (Ivan Vecera) [2119477 2037976] - iavf: do not override the adapter state in the watchdog task (again) (Ivan Vecera) [2119477 2037976] - iavf: missing unlocks in iavf_watchdog_task() (Ivan Vecera) [2119477 2037976] - iavf: Fix reporting when setting descriptor count (Ivan Vecera) [2119477 2037976] - iavf: restore MSI state on reset (Ivan Vecera) [2119477 2037976] - iavf: Fix displaying queue statistics shown by ethtool (Ivan Vecera) [2119477 2037976] - iavf: Refactor string format to avoid static analysis warnings (Ivan Vecera) [2119477 2037976] - iavf: Refactor text of informational message (Ivan Vecera) [2119477 2037976] - iavf: Fix static code analysis warning (Ivan Vecera) [2119477 2037976] - iavf: Refactor iavf_mac_filter struct memory usage (Ivan Vecera) [2119477 2037976] - iavf: Enable setting RSS hash key (Ivan Vecera) [2119477 2037976] - iavf: Add trace while removing device (Ivan Vecera) [2119477 2037976] - iavf: return errno code instead of status code (Ivan Vecera) [2119477 2037976] - iavf: Log info when VF is entering and leaving Allmulti mode (Ivan Vecera) [2119477 2037976] - iavf: Add change MTU message (Ivan Vecera) [2119477 2037976] - iavf: Fix VLAN feature flags after VFR (Ivan Vecera) [2119477 2037976] - iavf: Fix refreshing iavf adapter stats on ethtool request (Ivan Vecera) [2119477 2037976] - iavf: Fix deadlock occurrence during resetting VF interface (Ivan Vecera) [2119477 2037976] - iavf: Prevent changing static ITR values if adaptive moderation is on (Ivan Vecera) [2119477 2037976] - iavf: Restore VLAN filters after link down (Ivan Vecera) [2119477 2037976] - iavf: Fix for setting queues to 0 (Ivan Vecera) [2119477 2037976] - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (Ivan Vecera) [2119477 2037976] - iavf: validate pointers (Ivan Vecera) [2119477 2037976] - iavf: prevent accidental free of filter structure (Ivan Vecera) [2119477 2037976] - iavf: Fix failure to exit out from last all-multicast mode (Ivan Vecera) [2119477 2037976] - iavf: don't clear a lock we don't hold (Ivan Vecera) [2119477 2037976] - iavf: free q_vectors before queues in iavf_disable_vf (Ivan Vecera) [2119477 2037976] - iavf: check for null in iavf_fix_features (Ivan Vecera) [2119477 2037976] - iavf: Fix return of set the new channel count (Ivan Vecera) [2119477 2037976] - iavf: Fix kernel BUG in free_msi_irqs (Ivan Vecera) [2119477 2037976] - iavf: Add helper function to go from pci_dev to adapter (Ivan Vecera) [2119477 2037976] - iavf: Combine init and watchdog state machines (Ivan Vecera) [2119477 2037976] - iavf: Add __IAVF_INIT_FAILED state (Ivan Vecera) [2119477 2037976] - iavf: Refactor iavf state machine tracking (Ivan Vecera) [2119477 2037976] - iavf: fix double unlock of crit_lock (Ivan Vecera) [2119477 2037976] - iavf: use mutexes for locking of critical sections (Ivan Vecera) [2119477 2037976] - iavf: fix locking of critical sections (Ivan Vecera) [2119477 2037976] - iavf: do not override the adapter state in the watchdog task (Ivan Vecera) [2119477 2037976] - redhat: nvme/tcp mistakenly uses blk_mq_tag_to_rq(nvme_tcp_tagset(queue)) (John Meneghini) [2118698 2112031] - x86/platform/uv: Log gap hole end size (Frank Ramsay) [2107732 2074097] - x86/platform/uv: Update TSC sync state for UV5 (Frank Ramsay) [2107732 2074097] - x86/platform/uv: Update NMI Handler for UV5 (Frank Ramsay) [2107732 2074097] - cpufreq: intel_pstate: Add Ice Lake server to out-of-band IDs (Steve Best) [2099417 2072886] - [s390] RDMA/mlx5: Fix number of allocated XLT entries (Mete Durlu) [2092270 2088360] [5.14.0-70.24.1_0] - nvme: fix RCU hole that allowed for endless looping in multipath round robin (Gopal Tiwari) [2117756 2108624] - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (Gopal Tiwari) [2117756 2066146] - nvme: only call synchronize_srcu when clearing current path (Gopal Tiwari) [2117756 2066146] - nvme-multipath: revalidate paths during rescan (Gopal Tiwari) [2117756 2066146] - block: fix surprise removal for drivers calling blk_set_queue_dying (Gopal Tiwari) [2117755 2066146] - nvme-tcp: fix bogus request completion when failing to send AER (Gopal Tiwari) [2117755 2066146] - nvme: fix use after free when disconnecting a reconnecting ctrl (Gopal Tiwari) [2117755 2066146] - kvm: x86: Add CPUID support for Intel AMX (David Arcari) [2108203 1924149] [5.14.0-70.23.1_0] - block: limit request dispatch loop duration (Ming Lei) [2111395 2066297] - block: ensure plug merging checks the correct queue at least once (Ming Lei) [2111395 2066297] - net/mlx5e: Don't block routes with nexthop objects in SW (Mohammad Kabat) [2092535 2061799] - net/mlx5e: Fix wrong usage of fib_info_nh when routes with nexthop objects are used (Mohammad Kabat) [2092535 2049450] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2078 CVE-2022-34918 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.36.7-1] - Update to 2.36.7 Related: #2123430 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-32893 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [102.3.0-6.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.3.0-6] - Update to 102.3.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40958 CVE-2022-40957 CVE-2022-40962 CVE-2022-40959 CVE-2022-40960 CVE-2022-40956 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [102.3.0-6.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.3.0-6] - Update to 102.3.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40956 CVE-2022-40959 CVE-2022-40957 CVE-2022-40960 CVE-2022-40958 CVE-2022-40962 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [102.3.0-3.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.3.0-3] - Update to 102.3.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40959 CVE-2022-3033 CVE-2022-3032 CVE-2022-40962 CVE-2022-3034 CVE-2022-36059 CVE-2022-40960 CVE-2022-40956 CVE-2022-40958 CVE-2022-40957 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [102.3.0-3.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [102.3.0-3] - Update to 102.3.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3034 CVE-2022-40962 CVE-2022-36059 CVE-2022-40956 CVE-2022-40959 CVE-2022-3032 CVE-2022-40958 CVE-2022-40960 CVE-2022-3033 CVE-2022-40957 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [102.3.0-6.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.3.0-6] - Update to 102.3.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40956 CVE-2022-40960 CVE-2022-40958 CVE-2022-40957 CVE-2022-40959 CVE-2022-40962 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 9 [102.3.0-3.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.3.0-3] - Update to 102.3.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40956 CVE-2022-40958 CVE-2022-40960 CVE-2022-40962 CVE-2022-40959 CVE-2022-40957 CVE-2022-3032 CVE-2022-3034 CVE-2022-3033 CVE-2022-36059 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [32:9.16.23-1.1] - Fix possible serve-stale related crash (CVE-2022-3080) - Fix memory leak in ECDSA verify processing (CVE-2022-38177) - Fix memory leak in EdDSA verify processing (CVE-2022-38178) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-38177 CVE-2022-38178 CVE-2022-3080 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 7 [32:9.11.4-26.P2.10] - Fix memory leak in ECDSA verify processing (CVE-2022-38177) - Fix memory leak in EdDSA verify processing (CVE-2022-38178) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-38178 CVE-2022-38177 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 libecap squid [7:4.15-3.1] - Resolves: #2100782 - CVE-2021-46784 squid:4/squid: DoS when processing gopher server responses IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-41318 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [32:9.11.36-3.1] - Fix memory leak in ECDSA verify processing (CVE-2022-38177) - Fix memory leak in EdDSA verify processing (CVE-2022-38178) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-38177 CVE-2022-38178 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [32:9.16.23-0.7.1] - Fix possible serve-stale related crash (CVE-2022-3080) - Fix memory leak in ECDSA verify processing (CVE-2022-38177) - Fix memory leak in EdDSA verify processing (CVE-2022-38178) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-38177 CVE-2022-38178 CVE-2022-3080 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 7 [7:3.5.20-17.0.1] - Mutiple CVE fixes for squid [Orabug: 33146289] - Resolves: CVE-2021-28651 squid: Bug 5104: Memory leak in RFC 2169 response parsing (#778) - Resolves: CVE-2021-28652 squid: Bug 5106: Broken cache manager URL parsing (#788) - Resolves: CVE-2021-31806,31807,31808 squid: Handle more Range requests (#790) - Resolves: CVE-2021-33620 squid: Handle more partial responses (#791) [7:3.5.20-17.8] - Resolves: #2130254 - CVE-2022-41318 squid: buffer-over-read in SSPI and SMB authentication IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-41318 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [0.12.0-8] - Bump snakeyaml version to 1.32 to collect fix for CVE-2022-25857 (BZ 2128477) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-25857 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [2.1.0-15.0.1] - lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910302] [2.1.0-15] - Ensure raw tagnames are safe exiting internalEntityParser - Resolves: CVE-2022-40674 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40674 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 Oracle Linux 9 [ 2.2.10-12.3] - Ensure raw tagnames are safe exiting internalEntityParser - Resolves: CVE-2022-40674 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40674 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [7:5.2-1.2] - Resolves: #2130251 - CVE-2022-41318 squid: buffer-over-read in SSPI and SMB authentication IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-41318 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 gnutls [3.7.6-12] - fips: mark PBKDF2 with short key and output sizes non-approved - fips: only mark HMAC as approved in PBKDF2 - fips: mark gnutls_key_generate with short key sizes non-approved - fips: fix checking on hash algorithm used in ECDSA - fips: preserve operation context around FIPS selftests API [3.7.6-11] - Supply --with{,out}-{zlib,brotli,zstd} explicitly [3.7.6-10] - Revert nettle version pinning as it doesn't work well in side-tag [3.7.6-9] - Pin nettle version in Requires when compiled with FIPS [3.7.6-8] - Bundle GMP to privatize memory functions - Disable certificate compression support by default [3.7.6-7] - Update gnutls-3.7.6-cpuid-fixes.patch [3.7.6-6] - Mark RSA SigVer operation approved for known modulus sizes (#2119770) - accelerated: clear AVX bits if it cannot be queried through XSAVE [3.7.6-5] - Block DES-CBC usage in decrypting PKCS#12 bag under FIPS (#2115314) - sysrng: reseed source DRBG for prediction resistance [3.7.6-4] - Make gnutls-cli work with KTLS for testing - Fix double-free in gnutls_pkcs7_verify (#2109789) [3.7.6-3] - Limit input size for AES-GCM according to SP800-38D (#2108635) - Do not treat GPG verification errors as fatal - Remove gnutls-3.7.6-libgnutlsxx-const.patch [3.7.6-2] - Allow enabling KTLS with config file (#2108532) [3.7.6-1] - Update to gnutls 3.7.6 (#2102591) [3.7.3-10] - Use only the first component of VERSION from /etc/os-release (#2076626) - Don't run power-on self-tests on DSA (#2076627) nettle [3.8-3] - Rebuild in new side-tag [3.8-2] - Bundle GMP to privatize memory functions - Zeroize stack allocated intermediate data [3.8-1] - Update to nettle 3.8 (#2100350) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2509 cpe:/o:oracle:linux:9:1:baseos_base cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::u3_security_validation cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9:1:appstream_base cpe:/o:oracle:linux:9::baseos_developer cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:2:baseos_base Oracle Linux 8 [2.2.5-8.0.1.3] - lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314] [2.2.5-8.3] - Ensure raw tagnames are safe exiting internalEntityParser - Resolves: CVE-2022-40674 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40674 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest Oracle Linux 8 [6.0.110-1.0.1] - Add missing Oracle RIDs [6.0.110-1] - Update to .NET SDK 6.0.110 and Runtime 6.0.10 - Resolves: RHBZ#2131327 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-41032 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [3.1.424-1.0.1] - Add missing Oracle Linux Runtime IDs [3.1.424-1] - Update to .NET SDK 3.1.424 and Runtime 3.1.30 - Resolves: RHBZ#2131728 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-41032 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [6.0.110-1.0.1] - Add missing Oracle RIDs - Build all packages on source-build even when in servicing [6.0.110-1] - Update to .NET SDK 6.0.110 and Runtime 6.0.10 - Resolves: RHBZ#2131328 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-41032 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [16.17.1-1] - Rebase to version 16.17.1 Resolves: CVE-2022-35255 CVE-2022-35256 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-35256 CVE-2022-35255 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 8 nodejs [1:16.17.1-1] - Rebase to version 16.17.1 - Resolves: CVE-2022-35255 CVE-2022-35256 - Resolves: #2132004, #2130552 - Resolves #2121095 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-35256 CVE-2022-35255 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 7 [102.3.0-7.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.3.0-7] - Fix for expat CVE-2022-40674 and non functional webrtc [102.3.0-6] - Update to 102.3.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40674 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [102.3.0-4.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [102.3.0-4] - Fix for expat CVE-2022-40674 [102.3.0-3] - Update to 102.3.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40674 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [1:17.0.5.0.8-2] - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Update CLDR data with Europe/Kyiv (JDK-8293834) - Drop JDK-8292223 patch which we found to be unnecessary - Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream - Related: rhbz#2132934 [1:17.0.5.0.8-1] - Update to jdk-17.0.5+8 (GA) - Update release notes to 17.0.5+8 (GA) - Switch to GA mode for final release. - * This tarball is embargoed until 2022-10-18 @ 1pm PT. * - Resolves: rhbz#2132934 [1:17.0.5.0.7-0.1.ea] - Update to jdk-17.0.5+7 - Update release notes to 17.0.5+7 - Resolves: rhbz#2132934 [1:17.0.5.0.1-0.1.ea] - Update to jdk-17.0.5+1 - Update release notes to 17.0.5+1 - Switch to EA mode for 17.0.5 pre-release builds. - Related: rhbz#2132934 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-39399 CVE-2022-21619 CVE-2022-21626 CVE-2022-21624 CVE-2022-21618 CVE-2022-21628 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 [1:17.0.5.0.8-2] - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Update CLDR data with Europe/Kyiv (JDK-8293834) - Drop JDK-8292223 patch which we found to be unnecessary - Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream - Related: rhbz#2133695 [1:17.0.5.0.8-1] - Update to jdk-17.0.5+8 (GA) - Update release notes to 17.0.5+8 (GA) - Switch to GA mode for final release. - * This tarball is embargoed until 2022-10-18 @ 1pm PT. * - Resolves: rhbz#2133695 [1:17.0.5.0.7-0.1.ea] - Update to jdk-17.0.5+7 - Update release notes to 17.0.5+7 - Resolves: rhbz#2132503 [1:17.0.5.0.1-0.1.ea] - Update to jdk-17.0.5+1 - Update release notes to 17.0.5+1 - Switch to EA mode for 17.0.5 pre-release builds. - Related: rhbz#2132503 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-21618 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-21619 CVE-2022-39399 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 7 [1:1.8.0.352.b08-2] - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Add test to ensure timezones can be translated - Related: rhbz#2133695 [1:1.8.0.352.b08-1] - Update to shenandoah-jdk8u352-b08 (GA) - Update release notes for shenandoah-8u352-b08. - * This tarball is embargoed until 2022-10-18 @ 1pm PT. * - Resolves: rhbz#2133695 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-21628 CVE-2022-21626 CVE-2022-21619 CVE-2022-21624 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [1:1.8.0.352.b08-2] - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Add test to ensure timezones can be translated - Related: rhbz#2133695 [1:1.8.0.352.b08-1] - Update to shenandoah-jdk8u352-b08 (GA) - Update release notes for shenandoah-8u352-b08. - Rebase FIPS patch against 8u352-b07 - * This tarball is embargoed until 2022-10-18 @ 1pm PT. * - Resolves: rhbz#2133695 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-21626 CVE-2022-21628 CVE-2022-21619 CVE-2022-21624 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [1.8.0.352.b08-2.0.1] - Replace upstream references [Orabug: 34340145] [1:1.8.0.352.b08-2] - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Add test to ensure timezones can be translated - Related: rhbz#2133695 [1:1.8.0.352.b08-1] - Update to shenandoah-jdk8u352-b08 (GA) - Update release notes for shenandoah-8u352-b08. - Rebase FIPS patch against 8u352-b07 - * This tarball is embargoed until 2022-10-18 @ 1pm PT. * - Resolves: rhbz#2133695 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-21626 CVE-2022-21619 CVE-2022-21624 CVE-2022-21628 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 7 [1:11.0.17.0.8-2.0.1] - link atomic for ix86 build [1:11.0.17.0.8-2] - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Update CLDR data with Europe/Kyiv (JDK-8293834) - Drop JDK-8292223 patch which we found to be unnecessary - Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream - Remove unneeded JDK-8291053 patch as we no longer build in-tree HarfBuzz - Related: rhbz#2133695 [1:11.0.17.0.8-1] - Update to jdk-11.0.17+8 (GA) - Update release notes to 11.0.17+8 - Switch to GA mode for release - Resolves: rhbz#2133695 [1:11.0.17.0.7-0.1.ea] - Update to jdk-11.0.17+7 - Update release notes to 11.0.17+7 - Resolves: rhbz#2130373 [1:11.0.17.0.1-0.1.ea] - Try to build using system HarfBuzz to avoid build failures with 4.4.1 & gcc 4.8.5 - Related: rhbz#2130373 [1:11.0.17.0.1-0.1.ea] - Include Aleksey's patch for JDK-8291053 to try and get HarfBuzz to build again - Related: rhbz#2130373 [1:11.0.17.0.1-0.1.ea] - Update to jdk-11.0.17+1 - Update release notes to 11.0.17+1 - Switch to EA mode for 11.0.17 pre-release builds. - Related: rhbz#2130373 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 CVE-2022-21619 CVE-2022-21618 CVE-2022-21624 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [1:11.0.17.0.8-2] - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Update CLDR data with Europe/Kyiv (JDK-8293834) - Drop JDK-8292223 patch which we found to be unnecessary - Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream - Related: rhbz#2133695 [1:11.0.17.0.8-1] - Update to jdk-11.0.17+8 (GA) - Update release notes to 11.0.17+8 - Switch to GA mode for release - Resolves: rhbz#2133695 [1:11.0.17.0.7-0.1.ea] - Update to jdk-11.0.17+7 - Update release notes to 11.0.17+7 - Resolves: rhbz#2131863 [1:11.0.17.0.1-0.1.ea] - Update to jdk-11.0.17+1 - Update release notes to 11.0.17+1 - Switch to EA mode for 11.0.17 pre-release builds. - Related: rhbz#2131863 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-39399 CVE-2022-21624 CVE-2022-21626 CVE-2022-21618 CVE-2022-21619 CVE-2022-21628 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [11.0.17.0.8-2.0.1] - Replace upstream references [Orabug: 34340155] [1:11.0.17.0.8-2] - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Update CLDR data with Europe/Kyiv (JDK-8293834) - Drop JDK-8292223 patch which we found to be unnecessary - Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream - Related: rhbz#2133695 [1:11.0.17.0.8-1] - Update to jdk-11.0.17+8 (GA) - Update release notes to 11.0.17+8 - Switch to GA mode for release - Resolves: rhbz#2133695 [1:11.0.17.0.7-0.1.ea] - Update to jdk-11.0.17+7 - Update release notes to 11.0.17+7 - Resolves: rhbz#2131865 [1:11.0.17.0.1-0.1.ea] - Update to jdk-11.0.17+1 - Update release notes to 11.0.17+1 - Switch to EA mode for 11.0.17 pre-release builds. - Related: rhbz#2131865 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-21618 CVE-2022-39399 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [102.3.0-7.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.3.0-7] - Fix for expat CVE-2022-40674 and non functional webrtc IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40674 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [102.3.0-4.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.3.0-4] - Fix for expat CVE-2022-40674 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40674 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [102.3.0-7.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.3.0-7] - Fix for expat CVE-2022-40674 and non functional webrtc IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40674 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [102.3.0-4.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.3.0-4] - Fix for expat CVE-2022-40674 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40674 cpe:/a:oracle:linux:9::appstream Oracle Linux 7 [102.4.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.4.0-1] - Update to 102.4.0 build1 [102.3.0-7] - Fix for expat CVE-2022-40674 and non functional webrtc IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-42929 CVE-2022-42932 CVE-2022-42928 CVE-2022-42927 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [102.4.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.4.0-1] - Update to 102.4.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-42928 CVE-2022-42929 CVE-2022-42932 CVE-2022-42927 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [102.4.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.4.0-1] - Update to 102.4.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-42928 CVE-2022-42929 CVE-2022-42927 CVE-2022-42932 cpe:/a:oracle:linux:9::appstream Oracle Linux 7 [10.5.18-23] - ########################################################################## - # RHEL 7.9 (Batch Update 18): - ########################################################################## - Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen) - Bugzilla Bug #2111514 - CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field [rhel-7.9] (cfu, ckelley) - ########################################################################## - # RHCS 9.7 (Batch Update 18): - ########################################################################## - Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [certificate_system_9.7.z] (ckelley, mharmsen) - Bugzilla Bug #2111493 - CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field [rhcs_9.7] (cfu, ckelley) [10.5.18-22] - ########################################################################## - # RHEL 7.9 (Batch Update 17): - ########################################################################## - Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen) - Bugzilla Bug #2111514 - CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field [rhel-7.9] (cfu, ckelley) - ########################################################################## - # RHCS 9.7 (Batch Update 17): - ########################################################################## - Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [certificate_system_9.7.z] (ckelley, mharmsen) - Bugzilla Bug #2111493 - CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field [rhcs_9.7] (cfu, ckelley) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2393 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [1.3.10-2-17] - Bump version to 1.3.10.2-17 - Resolves: Bug 2113056 - Import may break replication because changelog starting csn may not be created - Resolves: Bug 2131083 - SIGSEGV in sync_repl MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2850 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [1.3.0-6] - Fix for CVE-2022-3515 (#2135695) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3515 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [1.3.5-8] - Fix for CVE-2022-3515 (#2135702) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3515 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [1.5.1-5] - Fix for CVE-2022-3515 (#2135703) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3515 cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 [3.6.16-5] - Fix double-free in gnutls_pkcs7_verify (#2109787) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2509 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:7:baseos_base Oracle Linux 8 [1.2.11.19] - Fix heap-based buffer over-read or buffer overflow in inflate in inflate.c - Resolves: CVE-2022-37434 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-37434 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [3.26.0-16] - Fixed CVE-2020-35527 - Fixed CVE-2020-35525 MODERATE Copyright 2022 Oracle, Inc. CVE-2020-35525 CVE-2020-35527 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:7:baseos_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [4.18.0-372.32.1.0.1_6.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-11.0.5 - debug: lockdown kgdb [Orabug: 34270802] {CVE-2022-21499} [4.18.0-372.32.1_6] - net: atlantic: remove aq_nic_deinit() when resume (Inigo Huguet) [2131936 2130839] - net: atlantic: remove deep parameter on suspend/resume functions (Inigo Huguet) [2131936 2130839] - configs: enable CONFIG_HP_ILO for aarch64 (Mark Salter) [2129923 2123508] - drm/nouveau: recognise GA103 (Karol Herbst) [2127122 1923125] - net: fix a memleak when uncloning an skb dst and its metadata (Hangbin Liu) [2131255 2068355] - net: do not keep the dst cache when uncloning an skb dst and its metadata (Hangbin Liu) [2131255 2068355] - intel_idle: Fix false positive RCU splats due to incorrect hardirqs state (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/spec_ctrl: Enable RHEL only ibrs_always & retpoline,ibrs_user spectre_v2 options (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - KVM: emulate: do not adjust size of fastop and setcc subroutines (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - efi/x86: use naked RET on mixed mode call wrapper (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/bugs: Remove apostrophe typo (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/bugs: Mark retbleed_strings static (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/speculation: Disable RRSBA behavior (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/kexec: Disable RET on kexec (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/bugs: Add Cannon lake to RETBleed affected CPU list (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - redhat/configs: Add new mitigation configs for RetBleed CVEs (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/retbleed: Add fine grained Kconfig knobs (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/cpu/amd: Enumerate BTC_NO (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/common: Stamp out the stepping madness (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - KVM: VMX: Prevent RSB underflow before vmenter (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/speculation: Fill RSB on vmexit for IBRS (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - KVM: VMX: Fix IBRS handling after vmexit (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - KVM: VMX: Convert launched argument to flags (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - KVM: VMX: Flatten __vmx_vcpu_run() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/speculation: Remove x86_spec_ctrl_mask (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/speculation: Fix SPEC_CTRL write on SMT state change (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/speculation: Fix firmware entry SPEC_CTRL handling (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/cpu/amd: Add Spectral Chicken (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/bugs: Do IBPB fallback check only once (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/bugs: Add retbleed=ibpb (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - objtool: Update Retpoline validation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - intel_idle: Disable IBRS during long idle (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/bugs: Report Intel retbleed vulnerability (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/bugs: Optimize SPEC_CTRL MSR writes (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/entry: Add kernel IBRS implementation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/bugs: Enable STIBP for JMP2RET (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/bugs: Add AMD retbleed= boot parameter (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/bugs: Report AMD retbleed vulnerability (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86: Add magic AMD return-thunk (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86: Use return-thunk in asm code (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/sev: Avoid using __x86_return_thunk (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/kvm: Fix SETcc emulation for return thunks (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/bpf: Use alternative RET encoding (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/ftrace: Use alternative RET encoding (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86,objtool: Create .return_sites (Josh Poimboeuf) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86: Undo return-thunk damage (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/retpoline: Use -mfunction-return (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/retpoline: Swizzle retpoline thunk (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/retpoline: Cleanup some #ifdefery (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/cpufeatures: Move RETPOLINE flags to word 11 (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/kvm/vmx: Make noinstr clean (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - arch/x86/boot/compressed: Add -D__DISABLE_EXPORTS to kbuild flags (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86: (Ab)use __DISABLE_EXPORTS to disable RETHUNK in real mode (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/entry: Remove skip_r11rcx (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/speculation/srbds: Do not try to turn mitigation off when not supported (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/module: Fix the paravirt vs alternative order (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86: Add straight-line-speculation mitigation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86: Prepare inline-asm for straight-line-speculation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86: Prepare asm files for straight-line-speculation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86: Move RETPOLINE*_CFLAGS to arch Makefile (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - Makefile: remove stale cc-option checks (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - tools headers: Remove broken definition of __LITTLE_ENDIAN (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in 'perf bench mem memcpy' (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86: Add insn_decode_kernel() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - tools/insn: Restore the relative include paths for cross building (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/alternative: Use insn_decode() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/insn: Add an insn_decode() API (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/insn: Rename insn_decode() to insn_decode_from_regs() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/paravirt: Add new features for paravirt patching (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/alternative: Support not-feature (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/alternative: Merge include files (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - objtool: Fix error handling for STD/CLD warnings (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/alternatives: Teach text_poke_bp() to emulate RET (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/ftrace: Have ftrace trampolines turn read-only at the end of system boot up (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/speculation: Change FILL_RETURN_BUFFER to work with objtool (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - objtool: Add support for intra-function calls (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - objtool: Rework allocating stack_ops on decode (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - objtool: Better handle IRET (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - objtool: Support multiple stack_op per instruction (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - objtool: Make BP scratch register warning more robust (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/kexec: Make relocate_kernel_64.S objtool clean (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - objtool: Introduce validate_return() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - Makefile: disallow data races on gcc-10 as well (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - objtool: Improve call destination function detection (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/alternatives: Implement a better poke_int3_handler() completion scheme (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - lib/: fix Kconfig indentation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/alternatives: Use INT3_INSN_SIZE (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/kprobes: Fix ordering while text-patching (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/kprobes: Convert to text-patching.h (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/alternative: Shrink text_poke_loc (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/alternative: Remove text_poke_loc::len (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/ftrace: Use text_gen_insn() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/alternative: Add text_opcode_size() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/ftrace: Use text_poke() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/ftrace: Use vmalloc special flag (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/ftrace: Explicitly include vmalloc.h for set_vm_flush_reset_perms() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/alternatives: Add and use text_gen_insn() helper (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/alternatives, jump_label: Provide better text_poke() batching interface (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/asm: Annotate relocate_kernel_{32,64}.c (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86: kprobes: Prohibit probing on instruction which has emulate prefix (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86: Correct misc typos (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/speculation/mds: Apply more accurate check on hypervisor platform (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - objtool: Convert insn type to enum (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - objtool: Track original function across branches (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/ftrace: Make enable parameter bool where applicable (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - objtool: Fix function fallthrough detection (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/paravirt: Detect over-sized patching bugs in paravirt_patch_call() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/cpu/amd: Exclude 32bit only assembler from 64bit build (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/asm: Mark all top level asm statements as .text (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/cpu/bugs: Use __initconst for 'const' init data (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - objtool: Add Direction Flag validation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - objtool: Rewrite add_ignores() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/nospec, objtool: Introduce ANNOTATE_IGNORE_ALTERNATIVE (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/ftrace: Fix warning and considate ftrace_jmp_replace() and ftrace_call_replace() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - kbuild: Disable extra debugging info in .s output (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/CPU/AMD: Set the CPB bit unconditionally on F17h (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/alternatives: Print containing function (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/ftrace: Do not call function graph from dynamic trampolines (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - ftrace: Create new ftrace_internal.h header (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - kprobes/x86: Fix instruction patching corruption when copying more than one RIP-relative instruction (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - tracing/Makefile: Fix handling redefinition of CC_FLAGS_FTRACE (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/paravirt: Remove unused paravirt bits (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/paravirt: Remove clobbers parameter from paravirt patch functions (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/paravirt: Make paravirt_patch_call() and paravirt_patch_jmp() static (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - ftrace: Remove unused pointer ftrace_swapper_pid (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - x86/spec_ctrl: Temporarily remove RHEL specific IBRS code (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - intel_idle: enable interrupts before C1 on Xeons (Steve Best) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (Vitaly Kuznetsov) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825} - atlantic: Fix issue in the pm resume flow. (Igor Russkikh) [2127845 2002395] - atlantic: Fix driver resume flow. (Igor Russkikh) [2127845 2002395] - net: atlantic: always deep reset on pm op, fixing up my null deref regression (Foggy Liu) [2124966 2039680] - net: atlantic: invert deep par in pm functions, preventing null derefs (Foggy Liu) [2124966 2039680] [4.18.0-372.31.1_6] - ice: Allow operation with reduced device MSI-X (Petr Oros) [2126482 2102844] - redhat: kernel depends on new linux-firmware (John Meneghini) [2120613 2044843] - scsi: qedi: Use QEDI_MODE_NORMAL for error handling (John Meneghini) [2119847 2101760] - qede: Reduce verbosity of ptp tx timestamp (John Meneghini) [2125477 2080655] - qede: confirm skb is allocated before using (John Meneghini) [2120611 2040267] - qed: fix ethtool register dump (John Meneghini) [2120611 2040267] - scsi: qedf: Stop using the SCSI pointer (John Meneghini) [2120613 2044843] - scsi: qedf: Change context reset messages to ratelimited (John Meneghini) [2120613 2044843] - scsi: qedf: Fix refcount issue when LOGO is received during TMF (John Meneghini) [2120613 2044843] - scsi: qedf: Add stag_work to all the vports (John Meneghini) [2120613 2044843] - scsi: qedf: Fix potential dereference of NULL pointer (John Meneghini) [2120613 2044843] - scsi: qedi: Remove redundant flush_workqueue() calls (John Meneghini) [2120612 2044837] - scsi: qedi: Fix SYSFS_FLAG_FW_SEL_BOOT formatting (John Meneghini) [2120612 2044837] - qed: remove unnecessary memset in qed_init_fw_funcs (John Meneghini) [2120611 2040267] - qed: return status of qed_iov_get_link (John Meneghini) [2120611 2040267] - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (John Meneghini) [2120611 2040267] - qed: validate and restrict untrusted VFs vlan promisc mode (John Meneghini) [2120611 2040267] - qed: display VF trust config (John Meneghini) [2120611 2040267] - qed: prevent a fw assert during device shutdown (John Meneghini) [2120611 2040267] - qed: use msleep() in qed_mcp_cmd() and add qed_mcp_cmd_nosleep() for udelay. (John Meneghini) [2120611 2040267] - qed: Use dma_set_mask_and_coherent() and simplify code (John Meneghini) [2120611 2040267] - qed*: esl priv flag support through ethtool (John Meneghini) [2120611 2040267] - qed*: enhance tx timeout debug info (John Meneghini) [2120611 2040267] - qede: validate non LSO skb length (John Meneghini) [2120611 2040267] - qed: Enhance rammod debug prints to provide pretty details (John Meneghini) [2120611 2040267] - net: qed: fix the array may be out of bound (John Meneghini) [2120611 2040267] - qed: Use the bitmap API to simplify some functions (John Meneghini) [2120611 2040267] - RDMA/qed: Use helper function to set GUIDs (John Meneghini) [2120611 2040267] - net: qed_dev: fix check of true !rc expression (John Meneghini) [2120611 2040267] - net: qed_ptp: fix check of true !rc expression (John Meneghini) [2120611 2040267] - RDMA/qedr: Remove unsupported qedr_resize_cq callback (John Meneghini) [2120611 2040267] - qed: Change the TCP common variable - 'iscsi_ooo' (John Meneghini) [2120611 2040267] - qed: Optimize the ll2 ooo flow (John Meneghini) [2120611 2040267] - net: qed_debug: fix check of false (grc_param < 0) expression (John Meneghini) [2120611 2040267] - qed: Fix missing error code in qed_slowpath_start() (John Meneghini) [2120611 2040267] - qed: Fix compilation for CONFIG_QED_SRIOV undefined scenario (John Meneghini) [2120611 2040267] - qed: Initialize debug string array (John Meneghini) [2120611 2040267] - qed: Fix spelling mistake 'ctx_bsaed' -> 'ctx_based' (John Meneghini) [2120611 2040267] - qed: fix ll2 establishment during load of RDMA driver (John Meneghini) [2120611 2040267] - qed: Update the TCP active termination 2 MSL timer ('TIME_WAIT') (John Meneghini) [2120611 2040267] - qed: Update TCP silly-window-syndrome timeout for iwarp, scsi (John Meneghini) [2120611 2040267] - qed: Update debug related changes (John Meneghini) [2120611 2040267] - qed: Add '_GTT' suffix to the IRO RAM macros (John Meneghini) [2120611 2040267] - qed: Update FW init functions to support FW 8.59.1.0 (John Meneghini) [2120611 2040267] - qed: Use enum as per FW 8.59.1.0 in qed_iro_hsi.h (John Meneghini) [2120611 2040267] - qed: Update qed_hsi.h for fw 8.59.1.0 (John Meneghini) [2120611 2040267] - qed: Update qed_mfw_hsi.h for FW ver 8.59.1.0 (John Meneghini) [2120611 2040267] - qed: Update common_hsi for FW ver 8.59.1.0 (John Meneghini) [2120611 2040267] - qed: Split huge qed_hsi.h header file (John Meneghini) [2120611 2040267] - qed: Remove e4_ and _e4 from FW HSI (John Meneghini) [2120611 2040267] - qed: Fix kernel-doc warnings (John Meneghini) [2120611 2040267] - qed: Don't ignore devlink allocation failures (John Meneghini) [2120611 2040267] - qed: Improve the stack space of filter_config() (John Meneghini) [2120611 2040267] - RDMA/qedr: Move variables reset to qedr_set_common_qp_params() (John Meneghini) [2120611 2040267] - RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (John Meneghini) [2119122 2051524] [4.18.0-372.30.1_6] - af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (Xin Long) [2107611 2075181] {CVE-2022-1353} - SUNRPC: avoid race between mod_timer() and del_timer_sync() (Benjamin Coddington) [2126184 2104507] - powerpc/fadump: print start of preserved area (Diego Domingos) [2107488 2075092] - powerpc/fadump: align destination address to pagesize (Diego Domingos) [2107488 2075092] - powerpc/fadump: fix PT_LOAD segment for boot memory area (Diego Domingos) [2107488 2075092] - drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems (Michel Danzer) [2091065 2066918] - drm/amd: Use amdgpu_device_should_use_aspm on navi umd pstate switching (Michel Danzer) [2091065 2066918] - drm/amd: Refactor amdgpu_aspm to be evaluated per device (Michel Danzer) [2091065 2066918] - drm/amd: Check if ASPM is enabled from PCIe subsystem (Michel Danzer) [2091065 2066918] [4.18.0-372.29.1_6] - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (Ewan D. Milne) [2107627 2049198] {CVE-2022-0494} - cpufreq: Specify default governor on command line (Prarit Bhargava) [2109996 2083766] - cpufreq: Fix locking issues with governors (Prarit Bhargava) [2109996 2083766] - cpufreq: Register governors at core_initcall (Prarit Bhargava) [2109996 2083766] - net_sched: cls_route: remove from list when handle is 0 (Felix Maurer) [2121817 2116328] {CVE-2022-2588} [4.18.0-372.28.1_6] - powerpc/smp: Update cpu_core_map on all PowerPc systems (Diego Domingos) [2112820 2064104] - iavf: Fix reset error handling (Petr Oros) [2120225 2119759] - iavf: Fix NULL pointer dereference in iavf_get_link_ksettings (Petr Oros) [2120225 2119759] - iavf: Fix adminq error handling (Petr Oros) [2120225 2119759] - iavf: Fix missing state logs (Petr Oros) [2120225 2119759] - scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown (Tomas Henzl) [2111140 2106413] - s390/qeth: cache link_info for ethtool (Michal Schmidt) [2120197 2117098] - nvme: fix RCU hole that allowed for endless looping in multipath round robin (Gopal Tiwari) [2106017 2078806] - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (Gopal Tiwari) [2106017 2078806] - nvme: fix use after free when disconnecting a reconnecting ctrl (Gopal Tiwari) [2106017 2078806] - nvme: only call synchronize_srcu when clearing current path (Gopal Tiwari) [2106017 2078806] - nvme-multipath: revalidate paths during rescan (Gopal Tiwari) [2106017 2078806] - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (Dick Kennedy) [2112103 2034425] [4.18.0-372.27.1_6] - [s390] s390/pci: add s390_iommu_aperture kernel parameter (Claudio Imbrenda) [2081324 2039181] - ipv6: take care of disable_policy when restoring routes (Andrea Claudi) [2109971 2103894] - net: openvswitch: fix parsing of nw_proto for IPv6 fragments (Eelco Chaudron) [2106703 2101537] - scsi: ch: Make it possible to open a ch device multiple times again (Ewan D. Milne) [2115965 2108649] - scsi: smartpqi: Fix DMA direction for RAID requests (Don Brace) [2112354 2101548] - iommu/vt-d: Calculate mask for non-aligned flushes (Jerry Snitselaar) [2111692 2072179] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-23816 CVE-2022-2588 CVE-2022-23825 CVE-2022-29901 CVE-2022-1353 CVE-2022-29900 CVE-2022-0494 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [4.15.5-10.0.1] - Gluster volumes not accessible via Samba due to missing samba-vfs-glusterfs in OL8 [Orabug: 30205755] [4.15.5-10] - resolves: rhbz#2126041 - Do not require samba package in python3-samba [4.15.5-9] - Fix CVE-2022-32742 - resolves: rhbz#2125552 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-32742 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::developer cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 mecab [0.996-2] - Rebuild to fix the issue described in #2000986 - Resolves: #2000986 mysql [8.0.30-1] - Update to MySQL 8.0.30 - Remove patches now upstream: chain certs, s390 and robin hood - Add a new plugin 'conflicting_variables.so' [8.0.29-1] - Update to MySQL 8.0.29 [8.0.28-1] - Update to MySQL 8.0.28 [8.0.27-1] - Update to MySQL 8.0.27 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-21372 CVE-2022-21412 CVE-2022-21423 CVE-2022-21517 CVE-2022-21527 CVE-2021-2478 CVE-2022-21253 CVE-2022-21264 CVE-2021-35610 CVE-2022-21265 CVE-2022-21553 CVE-2021-35625 CVE-2022-21528 CVE-2021-35641 CVE-2022-21303 CVE-2022-21358 CVE-2021-35608 CVE-2021-35604 CVE-2021-35627 CVE-2021-35643 CVE-2022-21378 CVE-2022-21444 CVE-2022-21530 CVE-2022-21302 CVE-2022-21451 CVE-2022-21531 CVE-2022-21547 CVE-2022-21460 CVE-2021-35597 CVE-2022-21270 CVE-2022-21413 CVE-2022-21415 CVE-2021-35607 CVE-2022-21417 CVE-2022-21537 CVE-2021-2481 CVE-2021-35626 CVE-2021-35639 CVE-2021-35648 CVE-2022-21457 CVE-2021-35628 CVE-2021-35631 CVE-2021-35634 CVE-2022-21278 CVE-2022-21374 CVE-2022-21418 CVE-2022-21438 CVE-2021-35647 CVE-2022-21301 CVE-2022-21342 CVE-2022-21348 CVE-2022-21370 CVE-2022-21437 CVE-2022-21515 CVE-2021-2479 CVE-2021-35645 CVE-2022-21339 CVE-2022-21454 CVE-2022-21427 CVE-2022-21479 CVE-2022-21522 CVE-2022-21534 CVE-2021-35612 CVE-2021-35640 CVE-2022-21297 CVE-2022-21539 CVE-2022-21538 CVE-2022-21440 CVE-2022-21478 CVE-2022-21569 CVE-2022-21462 CVE-2021-35636 CVE-2022-21344 CVE-2022-21256 CVE-2022-21362 CVE-2022-21425 CVE-2021-35575 CVE-2021-35638 CVE-2021-35596 CVE-2021-35633 CVE-2022-21249 CVE-2022-21351 CVE-2021-35637 CVE-2021-35577 CVE-2022-21414 CVE-2022-21452 CVE-2022-21352 CVE-2021-35642 CVE-2021-35591 CVE-2022-21304 CVE-2022-21254 CVE-2022-21459 CVE-2022-21367 CVE-2022-21368 CVE-2021-35624 CVE-2021-35632 CVE-2021-35644 CVE-2021-35602 CVE-2021-35630 CVE-2021-35635 CVE-2021-35623 CVE-2021-35646 CVE-2022-21509 CVE-2021-35546 CVE-2022-21435 CVE-2022-21526 CVE-2022-21529 CVE-2022-21379 CVE-2022-21436 CVE-2022-21525 CVE-2021-35622 CVE-2022-21245 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 postgresql [12.12-1] - Resolves: #2131177 - Update to version 12.12 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2625 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [2.13.3-3] - Rebuild with new Golang - Resolves: rhbz#2131795 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-30630 CVE-2022-1705 CVE-2022-27664 CVE-2022-30635 CVE-2020-28851 CVE-2020-28852 CVE-2022-30632 CVE-2022-32189 CVE-2022-32148 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1.4.3.28-8] - Bump version to 1.4.3.28-8 - Resolves: Bug 2131743 - SIGSEGV in sync_repl MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2850 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [102.4.0-1] - Update to 102.4.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-39249 CVE-2022-42929 CVE-2022-42927 CVE-2022-39251 CVE-2022-39236 CVE-2022-42928 CVE-2022-42932 CVE-2022-39250 cpe:/a:oracle:linux:9::appstream Oracle Linux 7 [102.4.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [102.4.0-1] - Update to 102.4.0 build1 [102.3.0-4] - Fix for expat CVE-2022-40674 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-39236 CVE-2022-39251 CVE-2022-42929 CVE-2022-42928 CVE-2022-39249 CVE-2022-42927 CVE-2022-42932 CVE-2022-39250 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [0.8.7-7.1] - Add 0044-multipathd-ignore-duplicated-multipathd-command-keys.patch - Resolves: bz #2133997 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-41974 cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 7 [0.4.9-136.0.1] - mpathpersist: Fix Register and Ignore with 0x00 SARK [Orabug: 32696195] - mpathpersist: update prkeys file on changing registrations [Orabug: 32696195] - Keep upstream patch 0273-RHBZ-1988462-fix-disable-changed-wwids-segfault.patch * fix segfault with disable_changed_wwids for orabug 29469903 (jianchao.w.wang@oracle.com) [0.4.9-136] - Add 0274-UP-no-duplicate-command-keys.patch - Resolves: bz #2134905 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-41974 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 Oracle Linux 8 [102.4.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.4.0-1] - Update to 102.4.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-39251 CVE-2022-39250 CVE-2022-42929 CVE-2022-39249 CVE-2022-42932 CVE-2022-42928 CVE-2022-39236 CVE-2022-42927 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [0.8.4-22.2] - Add 0092-multipathd-ignore-duplicated-multipathd-command-keys.patch - Resolves: bz #2133994 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-41974 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [3.0.1-43.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-43] - CVE-2022-3602: X.509 Email Address Buffer Overflow - running tests Resolves: CVE-2022-3602 [1:3.0.1-42] - CVE-2022-3602: X.509 Email Address Buffer Overflow Resolves: CVE-2022-3602 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3602 CVE-2022-3786 cpe:/o:oracle:linux:9:1:baseos_base cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [1.2.11-32] - Fix heap-based buffer over-read or buffer overflow in inflate in inflate.c - Resolves: CVE-2022-37434 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-37434 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [5.14.0-70.30.1.0.1_0.OL9] - lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34290418] {CVE-2022-21499} [5.14.0-70.30.1_0.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 < 15.3-1.0.4 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] [5.14.0-70.30.1_0] - random: trigger reseeding DRBG on more occasions (Daiki Ueno) [2128970 2125257] - random: allow reseeding DRBG with getrandom (Daiki Ueno) [2121129 2114854] - nvme-tcp: handle number of queue changes (John Meneghini) [2131360 2112025] - nvmet: expose max queues to configfs (John Meneghini) [2131360 2112025] - nvme-fabrics: parse nvme connect Linux error codes (John Meneghini) [2131360 2112025] - nvmet: revert 'nvmet: make discovery NQN configurable' (Gopal Tiwari) [2131360 2066146] - vfio/type1: Unpin zero pages (Alex Williamson) [2128791 2121855] - cifs: fix bad fids sent over wire (Ronnie Sahlberg) [2127858 2088775] - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (Ronnie Sahlberg) [2127858 2088775] - cifs: verify that tcon is valid before dereference in cifs_kill_sb (Ronnie Sahlberg) [2127858 2048823] - cifs: release cached dentries only if mount is complete (Ronnie Sahlberg) [2127858 2048823] - cifs: we do not need a spinlock around the tree access during umount (Ronnie Sahlberg) [2127858 2048823] - cifs: fix handlecache and multiuser (Ronnie Sahlberg) [2127858 2048823] - cifs: fix workstation_name for multiuser mounts (Ronnie Sahlberg) [2127858 2048823] - cifs: free ntlmsspblob allocated in negotiate (Ronnie Sahlberg) [2127858 2048823] - cifs: fix ntlmssp auth when there is no key exchange (Ronnie Sahlberg) [2127858 2048823] - cifs: send workstation name during ntlmssp session setup (Ronnie Sahlberg) [2127858 2048823] - cifs: Fix crash on unload of cifs_arc4.ko (Ronnie Sahlberg) [2127858 2048823] - Documentation, arch: Remove leftovers from CIFS_WEAK_PW_HASH (Ronnie Sahlberg) [2127858 2048823] - cifs: fix the cifs_reconnect path for DFS (Ronnie Sahlberg) [2127858 2048823] - cifs: sanitize multiple delimiters in prepath (Ronnie Sahlberg) [2127858 2048823] - cifs: ignore resource_id while getting fscache super cookie (Ronnie Sahlberg) [2127858 2048823] - cifs: avoid use of dstaddr as key for fscache client cookie (Ronnie Sahlberg) [2127858 2048823] - cifs: add server conn_id to fscache client cookie (Ronnie Sahlberg) [2127858 2048823] - cifs: wait for tcon resource_id before getting fscache super (Ronnie Sahlberg) [2127858 2048823] - cifs: fix missed refcounting of ipc tcon (Ronnie Sahlberg) [2127858 2048823] - cifs: update internal version number (Ronnie Sahlberg) [2127858 2048823] - smb2: clarify rc initialization in smb2_reconnect (Ronnie Sahlberg) [2127858 2048823] - cifs: populate server_hostname for extra channels (Ronnie Sahlberg) [2127858 2048823] - cifs: nosharesock should be set on new server (Ronnie Sahlberg) [2127858 2048823] - cifs: introduce cifs_ses_mark_for_reconnect() helper (Ronnie Sahlberg) [2127858 2048823] - cifs: protect srv_count with cifs_tcp_ses_lock (Ronnie Sahlberg) [2127858 2048823] - cifs: move debug print out of spinlock (Ronnie Sahlberg) [2127858 2048823] - cifs: do not duplicate fscache cookie for secondary channels (Ronnie Sahlberg) [2127858 2048823] - cifs: connect individual channel servers to primary channel server (Ronnie Sahlberg) [2127858 2048823] - cifs: protect session channel fields with chan_lock (Ronnie Sahlberg) [2127858 2048823] - cifs: do not negotiate session if session already exists (Ronnie Sahlberg) [2127858 2048823] - smb3: do not setup the fscache_super_cookie until fsinfo initialized (Ronnie Sahlberg) [2127858 2048823] - cifs: fix potential use-after-free bugs (Ronnie Sahlberg) [2127858 2048823] - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (Ronnie Sahlberg) [2127858 2048823] - smb3: add additional null check in SMB311_posix_mkdir (Ronnie Sahlberg) [2127858 2048823] - cifs: release lock earlier in dequeue_mid error case (Ronnie Sahlberg) [2127858 2048823] - smb3: add additional null check in SMB2_tcon (Ronnie Sahlberg) [2127858 2048823] - smb3: add additional null check in SMB2_open (Ronnie Sahlberg) [2127858 2048823] - smb3: add additional null check in SMB2_ioctl (Ronnie Sahlberg) [2127858 2048823] - smb3: remove trivial dfs compile warning (Ronnie Sahlberg) [2127858 2048823] - cifs: support nested dfs links over reconnect (Ronnie Sahlberg) [2127858 2048823] - smb3: do not error on fsync when readonly (Ronnie Sahlberg) [2127858 2048823] - cifs: for compound requests, use open handle if possible (Ronnie Sahlberg) [2127858 2048823] - cifs: set a minimum of 120s for next dns resolution (Ronnie Sahlberg) [2127858 2048823] - cifs: split out dfs code from cifs_reconnect() (Ronnie Sahlberg) [2127858 2048823] - cifs: convert list_for_each to entry variant (Ronnie Sahlberg) [2127858 2048823] - cifs: introduce new helper for cifs_reconnect() (Ronnie Sahlberg) [2127858 2048823] - cifs: fix print of hdr_flags in dfscache_proc_show() (Ronnie Sahlberg) [2127858 2048823] - cifs: nosharesock should not share socket with future sessions (Ronnie Sahlberg) [2127858 2048823] - smb3: add dynamic trace points for socket connection (Ronnie Sahlberg) [2127858 2048823] - cifs: Move SMB2_Create definitions to the shared area (Ronnie Sahlberg) [2127858 2048823] - cifs: Move more definitions into the shared area (Ronnie Sahlberg) [2127858 2048823] - cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (Ronnie Sahlberg) [2127858 2048823] - cifs: Create a new shared file holding smb2 pdu definitions (Ronnie Sahlberg) [2127858 2048823] - cifs: add mount parameter tcpnodelay (Ronnie Sahlberg) [2127858 2048823] - cifs: To match file servers, make sure the server hostname matches (Ronnie Sahlberg) [2127858 2048823] - cifs: fix incorrect check for null pointer in header_assemble (Ronnie Sahlberg) [2127858 2048823] - smb3: correct server pointer dereferencing check to be more consistent (Ronnie Sahlberg) [2127858 2048823] - smb3: correct smb3 ACL security descriptor (Ronnie Sahlberg) [2127858 2048823] - cifs: Clear modified attribute bit from inode flags (Ronnie Sahlberg) [2127858 2048823] - cifs: Deal with some warnings from W=1 (Ronnie Sahlberg) [2127858 2048823] - cifs: fix a sign extension bug (Ronnie Sahlberg) [2127858 2048823] - cifs: Not to defer close on file when lock is set (Ronnie Sahlberg) [2127858 2048823] - cifs: Fix soft lockup during fsstress (Ronnie Sahlberg) [2127858 2048823] - cifs: Deferred close performance improvements (Ronnie Sahlberg) [2127858 2048823] - cifs: fix incorrect kernel doc comments (Ronnie Sahlberg) [2127858 2048823] - cifs: remove pathname for file from SPDX header (Ronnie Sahlberg) [2127858 2048823] - cifs: properly invalidate cached root handle when closing it (Ronnie Sahlberg) [2127858 2048823] - cifs: move SMB FSCTL definitions to common code (Ronnie Sahlberg) [2127858 2048823] - cifs: rename cifs_common to smbfs_common (Ronnie Sahlberg) [2127858 2048823] - cifs: cifs_md4 convert to SPDX identifier (Ronnie Sahlberg) [2127858 2048823] - cifs: create a MD4 module and switch cifs.ko to use it (Ronnie Sahlberg) [2127858 2048823] - cifs: fork arc4 and create a separate module for it for cifs and other users (Ronnie Sahlberg) [2127858 2048823] - cifs: remove support for NTLM and weaker authentication algorithms (Ronnie Sahlberg) [2127858 2048823] - cifs: update FSCTL definitions (Ronnie Sahlberg) [2127858 2048823] - cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (Ronnie Sahlberg) [2127858 2048823] - cifs: enable fscache usage even for files opened as rw (Ronnie Sahlberg) [2127858 2048823] - smb3: fix posix extensions mount option (Ronnie Sahlberg) [2127858 2048823] - cifs: fix wrong release in sess_alloc_buffer() failed path (Ronnie Sahlberg) [2127858 2048823] - CIFS: Fix a potencially linear read overflow (Ronnie Sahlberg) [2127858 2048823] - drm/mgag200: Select clock in PLL update functions (Herton R. Krzesinski) [2112017 2043115] - mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (Inigo Huguet) [2095653 2096777] - mt76: mt7921e: fix possible probe failure after reboot (Inigo Huguet) [2095653 2065633] [5.14.0-70.29.1_0] - configs: enable CONFIG_HP_ILO for aarch64 (Mark Salter) [2129453 2126153] - KVM: x86/mmu: Don't advance iterator after restart due to yielding (Nico Pache) [2127859 2055725] - scsi: csiostor: Add module softdep on cxgb4 (Rahul Lakkireddy) [2127857 1977553] - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (Oleg Nesterov) [2127875 2121271] {CVE-2022-30594} [5.14.0-70.28.1_0] - powerpc: Enable execve syscall exit tracepoint (Steve Best) [2106661 2095526] [5.14.0-70.27.1_0] - posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Wander Lairson Costa) [2116967 2116968] {CVE-2022-2585} - fix race between exit_itimers() and /proc/pid/timers (Wander Lairson Costa) [2116967 2116968] {CVE-2022-2585} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2585 CVE-2022-30594 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.9.10-3] - Security fix for CVE-2020-10735 - Fix the test suite support for Expat >= 2.4.5 Resolves: rhbz#1834423 MODERATE Copyright 2022 Oracle, Inc. CVE-2020-10735 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [11.0.6-1.0.1] - Replaced upstream graphical references [Orabug: 33952704] [11.0.6-1] - Bug #2107335 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [rhel-9.0.0.z] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2414 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [5.4.2-4.3] - Fix up CVE-2022-33099 patch [5.4.2-4.2] - Enable gating [5.4.2-4.1] - apply upstream fix for CVE-2022-33099 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-33099 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 7 [3.10.0-1160.80.1.0.1.OL7] - debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499} [3.10.0-1160.80.1.OL7] - Update Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.9 - Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin) [3.10.0-1160.80.1] - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (Dick Kennedy) [1969988] - scsi: lpfc: Fix illegal memory access on Abort IOCBs (Dick Kennedy) [1969988] - NFS: Fix extra call to dput() in nfs_prime_dcache (Benjamin Coddington) [2117856] [3.10.0-1160.79.1] - x86/speculation: Add LFENCE to RSB fill sequence (Rafael Aquini) [2115073] {CVE-2022-26373} - x86/speculation: Protect against userspace-userspace spectreRSB (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/speculation: cope with spectre_v2=retpoline cmdline on retbleed-affected Intel CPUs (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - KVM: emulate: do not adjust size of fastop and setcc subroutines (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/speculation: Disable RRSBA behavior (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/kexec: Disable RET on kexec (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/bugs: Add Cannon lake to RETBleed affected CPU list (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/cpu/amd: Enumerate BTC_NO (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/common: Stamp out the stepping madness (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/cpu/amd: Add Spectral Chicken (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/bugs: Do IBPB fallback check only once (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/bugs: Add retbleed=ibpb (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/bugs: Report Intel retbleed vulnerability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/bugs: Enable STIBP for JMP2RET (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/bugs: Add AMD retbleed= boot parameter (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/bugs: Report AMD retbleed vulnerability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86: Add magic AMD return-thunk (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86: Use return-thunk in asm code (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/sev: Avoid using __x86_return_thunk (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/kvm: Fix SETcc emulation for return thunks (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86,objtool: Create .return_sites (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86: Undo return-thunk damage (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/retpoline: Use -mfunction-return (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/cpufeatures: Move RETPOLINE flags to word 11 (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - objtool: Add ELF writing capability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86: Prepare asm files for straight-line-speculation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86: Prepare inline-asm for straight-line-speculation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/kvm: Fix fastop function ELF metadata (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/kvm: Move kvm_fastop_exception to .fixup section (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/vdso: Fix vDSO build if a retpoline is emitted (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/cpufeatures: Carve out CQM features retrieval (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/cpufeatures: Re-tabulate the X86_FEATURE definitions (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/cpufeature: Move processor tracing out of scattered features (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/alternatives: Cleanup DPRINTK macro (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} [3.10.0-1160.78.1] - net_sched: cls_route: remove from list when handle is 0 (Davide Caratti) [2121809] {CVE-2022-2588} [3.10.0-1160.77.1] - net/mlx5: Add Fast teardown support (Jay Shin) [2077711] - net/mlx5: Free IRQs in shutdown path (Jay Shin) [2077711] - net/mlx5: Change teardown with force mode failure message to warning (Jay Shin) [2077711] - net/mlx5: Cancel health poll before sending panic teardown command (Jay Shin) [2077711] - net/mlx5: Add fast unload support in shutdown flow (Jay Shin) [2077711] - net/mlx5: Expose command polling interface (Jay Shin) [2077711] - posix-timers: Remove remaining uses of tasklist_lock (Oleg Nesterov) [2115147] - posix-timers: Use sighand lock instead of tasklist_lock on timer deletion (Oleg Nesterov) [2115147] - posix-cpu-timers: remove tasklist_lock in posix_cpu_clock_get() (Oleg Nesterov) [2115147] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29900 CVE-2022-29901 CVE-2022-23825 CVE-2022-2588 CVE-2022-23816 CVE-2022-26373 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [1:1.9.4-23] - update Archive_Tar to 1.4.14 CVE-2020-36193 CVE-2020-28948 CVE-2020-28949 MODERATE Copyright 2022 Oracle, Inc. CVE-2020-28948 CVE-2020-28949 CVE-2020-36193 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [0.9.169-3.0.1] - replace logo pcsd/public/favicon.ico in tarball - remove Source1 HAM-logo.png [0.9.169-3.el7_3.2] - Update rubygem rack - Upgrade jquery in web-ui - Resolves: rhbz#2099578 rhbz#2093232 [0.9.169-3.el7_3.1] - Explicitly close libcurl connections to prevent stalled TCP connections in CLOSE-WAIT state - Added support for loading DH keys from a file - Resolves: rhbz#1870551 rhbz#1888479 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-30123 CVE-2019-11358 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 aardvark-dns [2:1.1.0-4] - remove windows binaries and regenerate vendor tarball - Related: #2061390 [2:1.1.0-3] - add gating.yaml - Related: #2061390 [2:1.1.0-2] - bump Epoch to preserve upgrade path - Related: #2061390 [1.1.0-1] - initial import - Related: #2061390 buildah [1:1.27.0-2] - fix CVE-2022-2990 - Related: #2061390 [1:1.27.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.27.0 - Related: #2061390 [1:1.26.4-3] - add buildah-tutorial to test subpackage - Related: #2061390 [1:1.26.4-1] - update to https://github.com/containers/buildah/releases/tag/v1.26.4 - Related: #2061390 [1:1.26.3-1] - update to https://github.com/containers/buildah/releases/tag/v1.26.3 - Related: #2061390 cockpit-podman [53-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/53 - Related: #2062697 [52-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/52 - Related: #2061390 [51.1-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/51.1 - Related: #2061390 [50-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/50 - Related: #2061390 conmon [3:2.1.4-1] - update to https://github.com/containers/conmon/releases/tag/v2.1.4 - Related: #2061390 [3:2.1.2-2] - revert conmon to 2.1.2 - Related: #2061390 containers-common [2:1-40.0.1] - Updated removed references [Orabug: 33473101] (Alex Burmashev) - Adjust registries.conf (Nikita Gerasimov) - remove references to RedHat registry (Nikita Gerasimov) [2:1-40] - add beta keys to default-policy.json - Related: #2061390 netavark [2:1.1.0-6] - bump Epoch to preserve upgrade path - Related: #2061390 [1.1.0-5] - remove dependency on md2man - Related: #2061390 [1.1.0-4] - fix arches - Related: #2061390 [1.1.0-3] - add gating.yaml - Related: #2061390 [1.1.0-2] - require /usr/bin/go-md2man directly [1.1.0-1] - initial import - Related: #2061390 podman [2:4.2.0-1] - update to the latest content of https://github.com/containers/podman/tree/v4.2.0-rhel (https://github.com/containers/podman/commit/7154106) - Related: #2130911 [2:4.2.1-1] - update to https://github.com/containers/podman/releases/tag/v4.2.1 - Related: #2062697 python-podman [4.2.0-1] - update to https://github.com/containers/podman-py/releases/tag/v4.2.0 - Related: #2061390 [4.0.0-1] - bump to v4.0.0 - Related: #2001445 runc [1:1.1.4-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.4 - Related: #2061390 skopeo [2:1.9.2-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.2 - Related: #2061390 udica [0.2.6-3] - Make sure each section of the inspect exists before accessing (#2027662) [0.2.6-2] - Require container-selinux shipping policy templates (#2005866) [0.2.6-1] - update to https://github.com/containers/udica/releases/tag/v0.2.6 - Related: #2001445 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-41190 CVE-2022-2990 CVE-2022-1708 CVE-2021-36221 CVE-2022-27191 CVE-2022-29162 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1.0.14-2] - Fix CVE-2022-21682 (#2042007) [1.0.14-1] - Update to 1.0.14 (#2047312) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-21682 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [6.4.7.2-11.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Build with --with-vendor=Oracle America, Inc. - Added the --with-hamcrest option to configure. [1:6.4.7.2-11] - Resolves: rhbz#2060559 CVE-2021-25636 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-25636 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [3.5.0-15] - Applied patch for for CVE-2021-22570 (#2050494) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-22570 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder_developer cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 buildah [1:1.24.5-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.24 (https://github.com/containers/buildah/commit/8cc4586) - Related: #2061390 [1:1.24.5-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.24 (https://github.com/containers/buildah/commit/83c5f26) - Related: #2061390 cockpit-podman [46-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/46 - Related: #2061390 conmon [2:2.1.4-1] - update to https://github.com/containers/conmon/releases/tag/v2.1.4 - Related: #2061390 containernetworking-plugins [1:1.1.1-2] - bump golang BR to 1.17.7 - Related: #2061390 [1:1.1.1-1] - update to https://github.com/containernetworking/plugins/releases/tag/v1.1.1 - Related: #2061390 containers-common [2:1-35.0.1] - Updated removed references [Orabug: 33473101] (Alex Burmashev) - Adjust registries.conf (Nikita Gerasimov) - remove references to RedHat registry (Nikita Gerasimov) [2:1-35] - update vendored components and configuration files - Related: #2061390 [2:1-34] - update shortnames and be sure to remove rhel-els - Related: #2061390 [2:1-33] - additional fix for unqualified registries - Related: #2061390 oci-seccomp-bpf-hook [1.2.5-1] - update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.5 - Related: #2061390 podman [2:4.0.2-8] - update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel (https://github.com/containers/podman/commit/33084eb) - Related: #2061390 [2:4.0.2-7] - update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel (https://github.com/containers/podman/commit/3efe4c2) - Related: #2061390 [2:4.0.2-6] - update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel (https://github.com/containers/podman/commit/bfc8b36) - Related: #2061390 [2:4.0.2-5] - update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel (https://github.com/containers/podman/commit/2e12f02) - Related: #2061390 [2:4.0.2-4] - update gvisor-tap-vsock to 0.2.0 to fix compilation with golang 1.18 - Related: #2061390 [2:4.0.2-3] - update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel (https://github.com/containers/podman/commit/6cb5039) - Related: #2061390 [2:4.0.2-2] - update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel (https://github.com/containers/podman/commit/ce91610) - Related: #2061390 [2:4.0.2-1] - update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel (https://github.com/containers/podman/commit/94aa329) - Related: #2061390 python-podman [4.0.0-1] - bump to v4.0.0 - Related: #2001445 runc [1:1.1.4-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.4 - Related: #2061390 skopeo [2:1.6.2-5] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.6 (https://github.com/containers/skopeo/commit/c20c32d) - Related: #2061390 [2:1.6.2-4] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.6 (https://github.com/containers/skopeo/commit/f952195) - Related: #2061390 [2:1.6.2-3] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.6 (https://github.com/containers/skopeo/commit/4414e52) - Related: #2061390 [2:1.6.2-2] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.6 (https://github.com/containers/skopeo/commit/4336972) - Related: #2061390 [2:1.6.2-1] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.6 (https://github.com/containers/skopeo/commit/540efb3) - Related: #2061390 slirp4netns [1.1.8-2] - fix gating - dont use insecure functions - thanks to Marc-Andre Lureau - Related: #2001445 [1.1.8-1] - update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.8 - Related: #1883490 udica [0.2.6-3] - Make sure each section of the inspect exists before accessing (#2027662) [0.2.6-2] - Require container-selinux shipping policy templates (#2005866) [0.2.6-1] - update to https://github.com/containers/udica/releases/tag/v0.2.6 - Related: #2001445 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-29162 CVE-2022-27191 CVE-2022-1708 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 apache-commons-collections apache-commons-net [3.6-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [3.6-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [3.6-1] - Update to upstream version 3.6 jss [4.9.4-1] - Rebase to JSS 4.9.4 - Bug 2013674 - JSS cannot be properly initialized after using another NSS-backed security provider ldapjdk [4.23.0-1] - Rebase to LDAP SDK 4.23.0 [4.23.0-0.1] - Rebase to LDAP SDK 4.23.0-alpha1 pki-core [10.12.0-4.0.1] - Remove upstream reference. [10.12.0-4] - Bug 2107334 - CVE-2022-2414 access to external entities when parsing XML can lead to XXE - Rename packages to idm-pki [10.12.0-3] - ExcludeArch i686 as md2man not available in RHEL 8.7 [10.12.0-2] - Bug 2027470 - pki-healthcheck ClonesConnectivyAndDataCheck fails [10.12.0-0.1] - Rebase to PKI 10.12.0 - Bug 1904112 - pki fails to start if empty dir /var/lib/pki/pki-tomcat/kra exists - Bug 1984455 - [RFE] Date Format on the TPS Agent Page - Bug 1980378 - keyctl_search: Required key not available message when running ipa-healthcheck - Bug 2004084 - Reinstall of the same ipa-replica fails with RuntimeError: CA configuration failed. - Bug 2006070 - Upgrades incorrectly add secret attribute to connectors pki-servlet-engine [1:9.0.50-1] - Update to JWS 5.6.1 distribution - Resolves: rhbz#2057162 Rebase pki-servlet-engine to 9.0.50 resteasy [3.0.26-6] - CVE-2020-1695: Improper validation of response header in MediaTypeHeaderDelegate.java class Resolves: rh-bz#1845548 tomcatjss [7.7.1-1] - Rebase to TomcatJSS 7.7.1 xml-commons-apis [1.4.01-25] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [1.4.01-24] - Elimitate race condition when injecting JAR manifest - Resolves: rhbz#1495249 [1.4.01-23] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1.4.01-22] - Update to current packaging guidelines [1.4.01-21] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [1.4.01-20] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.4.01-19] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.4.01-18] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [1.4.01-17] - Dont generate duplicate Maven metadata [1.4.01-16] - Use .mfiles generated during build [1.4.01-15] - Use Requires: java-headless rebuild (#1067528) [1.4.01-14] - Fix FTBFS. [1.4.01-13] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [1.4.01-12] - Update manifest to match Eclipse version (Resolved: rhbz#964039). [1.4.01-11] - Add Require-Bundle: system.bundle to manifest - Resolves: rhbz#917659 [1.4.01-10] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [1.4.01-9] - Add additional maven depmap [1.4.01-8] - Remove osgi(system.bundle) requirement from manifest [1.4.01-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [1.4.01-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [1.4.01-5] - Add missing packages to manifest - javax.xml.stream, javax.xml.stream.events, javax.xml.stream.util, javax.xml.transform.stax (bug #743360) [1.4.01-4] - Add maven metadata - Few guidelines tweaks (buildroot, clean, defattr) - Versionless jars & javadocs [1.4.01-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [1.4.01-2] - Fix FTBFS and rpmlint warnings. - Dont package javadoc in manual package. [0:1.4.01-1] - Update to 1.4.01. IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2414 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 libguestfs [1.44.0-9.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.44.0-9] - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2101280 [1:1.44.0-8] - Obsolete old libguestfs-benchmarking subpackage resolves: rhbz#2091597 [1:1.44.0-7] - Disable 5-level page tables when using -cpu max resolves: rhbz#2084566 related: rhbz#2075424 [1:1.44.0-6] - Backport support for -cpu max to allow RHEL 9 guests to be modified resolves: rhbz#2075424 libnbd [1.6.0-5.el8] - Fix CVE-2022-0485: Fail nbdcopy if NBD read or write fails resolves: rhbz#2045718 [1.6.0-4.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) libtpms [0.9.1-1.20211126git1ff6fe1f43] - Backport s_ContextSlotMask initialization fix Resolves: rhbz#2111433 libvirt [8.0.0-10.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] - Add runtime deps for pkg librbd1 >= 1:10.2.5 (Keshav Sharma) [8.0.0-10] - security_selinux.c: Relabel existing mode=bind UNIX sockets (rhbz#2101575) - RHEL: qemu_migration: Fix restoring memlock limit on destination (rhbz#2107954) [8.0.0-9] - conf: virtiofs: add thread_pool element (rhbz#2079582) - qemu: virtiofs: format --thread-pool-size (rhbz#2079582) - conf: Move virDomainObj::originalMemlock into qemuDomainObjPrivate (rhbz#2089433) - qemu_domain: Format qemuDomainObjPrivate::originalMemlock (rhbz#2089433) - qemu: Add qemuDomainSetMaxMemLock helper (rhbz#2089433) - qemu_migration: Use qemuDomainSetMaxMemLock (rhbz#2089433) - qemu_migration: Restore original memory locking limit (rhbz#2089433) - Add VIR_MIGRATE_ZEROCOPY flag (rhbz#2089433) - virsh: Add support for VIR_MIGRATE_ZEROCOPY flag (rhbz#2089433) - qemu_migration: Implement VIR_MIGRATE_ZEROCOPY flag (rhbz#2089433) [8.0.0-8] - nwfilter: fix crash when counting number of network filters (CVE-2022-0897, rhbz#2063902) - virDomainDiskDefValidate: Improve error messages for startupPolicy checks (rhbz#2095758) - domain_validate: Split out validation of disk startup policy (rhbz#2095758) - virDomainDiskDefValidateStartupPolicy: Validate disk type better (rhbz#2095758) - virDomainDiskTranslateSourcePool: Fix check of startupPolicy definition (rhbz#2095758) [8.0.0-7] - cpu_map: Disable cpu64-rhel* for host-model and baseline (rhbz#1851227) - cputest: Drop some old artificial baseline tests (rhbz#1851227) - cputest: Give better names to baseline tests (rhbz#1851227) - cputest: Add some real world baseline tests (rhbz#1851227) - cpu_x86: Consolidate signature match in x86DecodeUseCandidate (rhbz#1851227) - cpu_x86: Refactor feature list comparison in x86DecodeUseCandidate (rhbz#1851227) - cpu_x86: Penalize disabled features when computing CPU model (rhbz#1851227) - cpu_x86: Ignore enabled features for input models in x86DecodeUseCandidate (rhbz#1851227) [8.0.0-6] - conf: Introduce memory allocation threads (rhbz#2067126) - qemu_capabilities: Detect memory-backend-*.prealloc-threads property (rhbz#2067126) - qemu_validate: Validate prealloc threads against qemuCpas (rhbz#2067126) - qemu_command: Generate prealloc-threads property (rhbz#2067126) libvirt-dbus [1.3.0-2.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) [1.3.0] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) libvirt-python [8.0.0-2] - [RFE] RFE backport allow enabling ZEROCOPY live migration to libvirt-python on RHEL8 to be consumed by VDSM (rhbz#2092756) qemu-kvm [6.2.0-20.el8.1] - kvm-i386-reset-KVM-nested-state-upon-CPU-reset.patch [bz#2116743] - kvm-i386-do-kvm_put_msr_feature_control-first-thing-when.patch [bz#2116743] - Resolves: bz#2116743 ([RHEL8.7] Guests in VMX root operation fail to reboot with QEMUs system_reset command) [6.2.0-20] - kvm-scsi-generic-Fix-emulated-block-limits-VPD-page.patch [bz#2120279] - Resolves: bz#2120279 (Wrong max_sectors_kb and Maximum transfer length on the pass-through device [rhel-8.7]) [6.2.0-19] - kvm-migration-Introduce-ram_transferred_add.patch [bz#2110203] - kvm-migration-Tally-pre-copy-downtime-and-post-copy-byte.patch [bz#2110203] - kvm-QIOChannelSocket-Fix-zero-copy-flush-returning-code-.patch [bz#2110203] - kvm-Add-dirty-sync-missed-zero-copy-migration-stat.patch [bz#2110203] - kvm-migration-multifd-Report-to-user-when-zerocopy-not-w.patch [bz#2110203] - kvm-migration-Avoid-false-positive-on-non-supported-scen.patch [bz#2110203] - kvm-migration-add-remaining-params-has_-true-in-migratio.patch [bz#2110203] - kvm-QIOChannelSocket-Add-support-for-MSG_ZEROCOPY-IPV6.patch [bz#2110203] - kvm-pc-bios-s390-ccw-Fix-booting-with-logical-block-size.patch [bz#2112296] - Resolves: bz#2110203 (zerocopy capability can be enabled when set migrate capabilities with multifd and compress/xbzrle together) - Resolves: bz#2112296 (virtio-blk: Cant boot fresh installation from used 512 cluster_size image under certain conditions) [6.2.0-18] - kvm-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch [bz#2105410] - kvm-linux-aio-explain-why-max-batch-is-checked-in-laio_i.patch [bz#2105410] - Resolves: bz#2105410 (Stalled IO Operations in VM) [6.2.0-17] - kvm-migration-Never-call-twice-qemu_target_page_size.patch [bz#2072049] - kvm-multifd-Rename-used-field-to-num.patch [bz#2072049] - kvm-multifd-Add-missing-documentation.patch [bz#2072049] - kvm-multifd-The-variable-is-only-used-inside-the-loop.patch [bz#2072049] - kvm-multifd-remove-used-parameter-from-send_prepare-meth.patch [bz#2072049] - kvm-multifd-remove-used-parameter-from-send_recv_pages-m.patch [bz#2072049] - kvm-multifd-Fill-offset-and-block-for-reception.patch [bz#2072049] - kvm-multifd-Make-zstd-compression-method-not-use-iovs.patch [bz#2072049] - kvm-multifd-Make-zlib-compression-method-not-use-iovs.patch [bz#2072049] - kvm-migration-All-this-fields-are-unsigned.patch [bz#2072049] - kvm-multifd-Move-iov-from-pages-to-params.patch [bz#2072049] - kvm-multifd-Make-zlib-use-iov-s.patch [bz#2072049] - kvm-multifd-Make-zstd-use-iov-s.patch [bz#2072049] - kvm-multifd-Remove-send_write-method.patch [bz#2072049] - kvm-multifd-Use-a-single-writev-on-the-send-side.patch [bz#2072049] - kvm-multifd-Use-normal-pages-array-on-the-send-side.patch [bz#2072049] - kvm-QIOChannel-Add-flags-on-io_writev-and-introduce-io_f.patch [bz#2072049] - kvm-QIOChannelSocket-Implement-io_writev-zero-copy-flag-.patch [bz#2072049] - kvm-migration-Add-zero-copy-send-parameter-for-QMP-HMP-f.patch [bz#2072049] - kvm-migration-Add-migrate_use_tls-helper.patch [bz#2072049] - kvm-multifd-multifd_send_sync_main-now-returns-negative-.patch [bz#2072049] - kvm-multifd-Send-header-packet-without-flags-if-zero-cop.patch [bz#2072049] - kvm-multifd-Implement-zero-copy-write-in-multifd-migrati.patch [bz#2072049] - kvm-QIOChannelSocket-Introduce-assert-and-reduce-ifdefs-.patch [bz#2072049] - kvm-QIOChannelSocket-Fix-zero-copy-send-so-socket-flush-.patch [bz#2072049] - kvm-migration-Change-zero_copy_send-from-migration-param.patch [bz#2072049] - kvm-migration-Add-migration_incoming_transport_cleanup.patch [bz#2097652] - kvm-migration-Allow-migrate-recover-to-run-multiple-time.patch [bz#2097652] - kvm-pc-bios-s390-ccw-virtio-Introduce-a-macro-for-the-DA.patch [bz#2098076] - kvm-pc-bios-s390-ccw-bootmap-Improve-the-guessing-logic-.patch [bz#2098076] - kvm-pc-bios-s390-ccw-virtio-blkdev-Simplify-fix-virtio_i.patch [bz#2098076] - kvm-pc-bios-s390-ccw-virtio-blkdev-Remove-virtio_assume_.patch [bz#2098076] - kvm-pc-bios-s390-ccw-virtio-Set-missing-status-bits-whil.patch [bz#2098076] - kvm-pc-bios-s390-ccw-virtio-Read-device-config-after-fea.patch [bz#2098076] - kvm-pc-bios-s390-ccw-virtio-Beautify-the-code-for-readin.patch [bz#2098076] - kvm-pc-bios-s390-ccw-Split-virtio-scsi-code-from-virtio_.patch [bz#2098076] - kvm-pc-bios-s390-ccw-virtio-blkdev-Request-the-right-fea.patch [bz#2098076] - Resolves: bz#2072049 (Pull MSG_ZEROCOPY on QEMU Live Migration Patches into RHEL 8) - Resolves: bz#2097652 (The migration port is not released if use it again for recovering postcopy migration) - Resolves: bz#2098076 (virtio-blk: Cant boot fresh installation from used virtio-blk dasd disk under certain conditions) seabios [1.16.0-3] - seabios-virtio-blk-use-larger-default-request-size.patch [bz#2101787] - Resolves: bz#2101787 ([rhel.8.7] Loading a kernel/initrd is sometimes very slow) [1.16.0-2] - seabios-shortcut-skip-unbootable-disks-optimitation.patch [bz#2073012] - seabios-pci-refactor-the-pci_config_-functions.patch [bz#2083884] - seabios-reset-force-standard-PCI-configuration-access.patch [bz#2083884] - Resolves: bz#2073012 (Guest whose os is installed multiple disks but boot partition is installed on single disk cant boot into OS on RHEL 8 [rhel-8.7.0]) - Resolves: bz#2083884 (qemu reboot problem with seabios 1.16.0) [1.16.0-1] - Rebase to upstream 1.16 tag [bz#2066828] - Resolves: bz#2066828 (rebase seabios to 1.16 release) supermin [5.2.1-2.el8] - Supermin should ignore +debug kernels resolves: rhbz#2051332 - Add copy-patches script. [5.2.1-1.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) swtpm [0.7.0-4.20211109gitb79fd91] - swtpm_localca: Test for available issuercert before creating CA Resolves: rhbz#2100508 virt-v2v [1:1.42.0-21] - Fix assertion failure when parsing OVA dir with trailing slash resolves: rhbz#2028823 - For -o rhv-upload wait for VM creation task resolves: rhbz#1985827 - If listing RPM applications fails, rebuild DB and retry (2089623) - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2102720 [1:1.42.0-18] - Additional fix for backing file specified without backing format related: rhbz#2025769 [1:1.42.0-17] - Correct regexps used to fix schtasks command - Fix backing file specified without backing format resolves: rhbz#2023279, rhbz#2025769 [1:1.42.0-16] - Implement cookie scripts for more reliable vCenter/HTTPS transfers resolves: rhbz#2018173 . LOW Copyright 2022 Oracle, Inc. CVE-2022-23645 CVE-2022-0897 CVE-2021-3507 CVE-2022-2211 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:linux:8::developer cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [5.15.3-1] - 5.15.3 Resolves: bz#2061377 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-25255 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder_developer cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.0.4-9] - Fix security issues CVE-2022-25308, CVE-2022-25309, CVE-2022-25310. Resolves: rhbz#2050085, rhbz#2050068, rhbz#2050062 - Drop --disable-docs from %configure. no such options available. MODERATE Copyright 2022 Oracle, Inc. CVE-2022-25309 CVE-2022-25310 CVE-2022-25308 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 Oracle Linux 8 [7.5.15-3] - resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions - resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header - resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working - resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read - resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob - resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob - resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode - resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip - resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal [7.5.15-2] - resolve CVE-2022-31107 grafana: OAuth account takeover [7.5.15-1] - update to 7.5.15 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources - resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling - resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation - resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure - resolve CVE-2021-23648 sanitize-url: XSS - resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter - declare Node.js dependencies of subpackages - make vendor and webpack tarballs reproducible MODERATE Copyright 2022 Oracle, Inc. CVE-2022-30635 CVE-2022-30632 CVE-2022-30633 CVE-2022-21673 CVE-2021-23648 CVE-2022-30630 CVE-2022-32148 CVE-2022-30631 CVE-2022-1705 CVE-2022-21702 CVE-2022-1962 CVE-2022-21713 CVE-2022-21698 CVE-2022-28131 CVE-2022-21703 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.1.0-11] - fix CVE-2022-24795 - Related: #2061390 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-24795 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:linux:8::codeready_builder_developer Oracle Linux 8 buildah [1.19.9-6] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 (https://github.com/containers/buildah/commit/6d7f496) - Related: #2061390 [1.19.9-5] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 (https://github.com/containers/buildah/commit/d69ac6e) - Related: #2061390 [1.19.9-4] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 (https://github.com/containers/buildah/commit/7c6701d) - Related: #2061390 [1.19.9-3] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 (https://github.com/containers/buildah/commit/3808e27) - Related: #2061390 [1.19.9-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 (https://github.com/containers/buildah/commit/ff5434f) - Related: #2001445 [1.19.9-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 (https://github.com/containers/buildah/commit/c1d6200) - fixes CVE-2021-3602 - Related: #1977943 cockpit-podman [29-2] - fix gating test failure for cockpit-podman - Related: #1934415 [29-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/29 - Related: #1883490 conmon [2:2.0.26-3] - amend CVE-2022-1708 - Related: #2093390 [2:2.0.26-2] - fix CVE-2022-1708 - thanks to Peter Hunt - Related: #2061390 [2:2.0.26-1] - update to https://github.com/containers/conmon/releases/tag/v2.0.26 - Related: #1883490 containernetworking-plugins [0.9.1-1] - update to https://github.com/containernetworking/plugins/releases/tag/v0.9.1 - Related: #1883490 criu [3.15-1] - update to https://github.com/checkpoint-restore/criu/releases/tag/v3.15 - Related: #1883490 crun [0.18-3] - fix CVE-2022-27650 - Related: #2061390 [0.18-2] - allow to build without glibc-static (thanks to Giuseppe Scrivano) - Related: #1883490 [0.18-1] - update to https://github.com/containers/crun/releases/tag/0.18 - Related: #1883490 fuse-overlayfs [1.4.0-2] - disable openat2 syscall again - still unsupported in current RHEL8 kernel - Related: #1883490 [1.4.0-1] - update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.4.0 - Related: #1883490 libslirp [4.3.1-1] - update to https://gitlab.freedesktop.org/slirp/libslirp/-/releases/v4.3.1 - Related: #1821193 oci-seccomp-bpf-hook [1.2.0-3] - actually apply the build fix patch - Related: #1934415 [1.2.0-2] - resolve build issue - Related: #1934415 [1.2.0-1] - revert back to 1.2.0 - build issues - Related: #1883490 podman [3.0.1-13] - update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel (https://github.com/containers/podman/commit/37cd5bf) - Related: #2061390 [3.0.1-12] - update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel (https://github.com/containers/podman/commit/1c4d1a7) - Related: #2061390 [3.0.1-11] - update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel (https://github.com/containers/podman/commit/4cd74c2) - Related: #2061390 [3.0.1-10] - update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel (https://github.com/containers/podman/commit/47b310e) - Related: #2061390 [3.0.1-9] - update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel (https://github.com/containers/podman/commit/801b7e8) - Resolves: #2074144 [3.0.1-8] - update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel (https://github.com/containers/podman/commit/c5d8129) - Related: #2061390 [3.0.1-7] - add missing docker man pages - Related: #2009106 [3.0.1-6] - update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel (https://github.com/containers/podman/commit/4f91b37) - Related: #2009106 [3.0.1-5] - update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel (https://github.com/containers/podman/commit/2bed76e) - fixes CVE-2021-3602 - Related: #1977943 [3.0.1-4] - update to the latest content of https://github.com/containers/podman/tree/v3.0.1-rhel (https://github.com/containers/podman/commit/eebd611) - Related: #1934415 [3.0.1-3] - remove docker man page as it was removed upstream - Related: #1934415 [3.0.1-2] - update to the latest content of https://github.com/containers/podman/tree/v3.0 (https://github.com/containers/podman/commit/9a2fc37) - Related: #1883490 [3.0.1-1] - update to the latest content of https://github.com/containers/podman/tree/v3.0 (https://github.com/containers/podman/commit/7e286bc) - Related: #1883490 runc [1.0.0-73.rc95] - fix podman run --pid=host command causes OCI permission error - rc95 fixes CVE-2021-30465 - Related: #2001445 skopeo [1.2.4-2.0.1] - Ignore rhel-shortnames.conf [JIRA: OLDIS-3902] - Handling redirect from the docker registry [Orabug: 29874238] (Nikita Gerasimov) - Add oracle registry into the conf file [Orabug: 29845934 31306708] [1:1.2.4-2] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.2 (https://github.com/containers/skopeo/commit/7300333) - Related: #2061390 [1:1.2.4-1] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.2 (https://github.com/containers/skopeo/commit/9921983) - Related: #2001445 slirp4netns [1.1.8-1] - update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.8 - Related: #1883490 udica [0.2.4-1] - update to https://github.com/containers/udica/releases/tag/v0.2.4 - Related: #1883490 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-30630 CVE-2022-32148 CVE-2022-1705 CVE-2022-1708 CVE-2022-28131 CVE-2022-21698 CVE-2022-30631 CVE-2022-30633 CVE-2022-1962 CVE-2022-30632 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [6.2.7-1] - rebase to 6.2.7 #1999873 LOW Copyright 2022 Oracle, Inc. CVE-2022-24736 CVE-2022-24735 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 cockpit-composer [41-1.0.1] - Make per page documentation links point to Oracle Linux [Orabug: 32013095] [41-1] - New upstream release LOW Copyright 2022 Oracle, Inc. CVE-2022-32189 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [5.1.0-16] - CVE-2021-44269 wavpack: heap Out-of-bounds Read - Resolves: CVE-2021-44269 LOW Copyright 2022 Oracle, Inc. CVE-2021-44269 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:linux:8::codeready_builder_developer Oracle Linux 8 Cython [0.29.14-4] - Exclude unsupported i686 arch [0.29.14-3] - Unversioned binaries renamed [0.29.14-2] - Adjusted for Python 3.8 module in RHEL 8 - without emacs plugin [0.29.14-1] - Update to 0.29.14 (#1768034) - Python 2 subpackage has been removed scipy [1.3.1-4] - Exclude unsupported i686 arch [1.3.1-3] - Specify LDFLAGS explicitly - Force preprocessing of Fortran sources to make annobin record proper flags - Resolves: rhbz#1778983 [1.3.1-2] - Adjusted for Python 3.8 module in RHEL 8 [1.3.1-1] - Update to 1.3.1 (#1674101) - Drop Python 2 packages (not supported by SciPy >= 1.3) - Backported upstream patch for cKDTree (fixes FTBFS) MODERATE Copyright 2022 Oracle, Inc. CVE-2015-20107 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:linux:8::codeready_builder_developer Oracle Linux 8 xorg-x11-server [1.20.11-9] - CVE fix for: CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070 Resolves: rhbz#2108156, rhbz#2108161 [1.20.11-8] - Rebuild again for ipv6 xtrans fix Related: #2075132 [1.20.11-6] - Rebuild for ipv6 xtrans fix Related: #2075132 xorg-x11-server-Xwayland [21.1.3-6] - CVE fix for: CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070 Resolves: rhbz#2110442, rhbz#2110437 [21.1.3-5] - Rebuild again for ipv6 xtrans fix Related: #2075132 [21.1.3-3] - Rebuild for ipv6 xtrans fix Related: #2075132 xorg-x11-xtrans-devel [1.4.0-4] - Actually apply the ipv6.disable support Related: #2075132 [1.4.0-2] - Support ipv6.disable=1 Related: #2075132 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2320 CVE-2022-2319 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:linux:8::codeready_builder_developer Oracle Linux 8 [4.0.9-23] - Fix various CVEs - Resolves: CVE-2022-0561 CVE-2022-0562 CVE-2022-22844 CVE-2022-0865 CVE-2022-0891 CVE-2022-0924 CVE-2022-0909 CVE-2022-0908 CVE-2022-1355 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1355 CVE-2022-0865 CVE-2022-0908 CVE-2022-0924 CVE-2022-22844 CVE-2022-0562 CVE-2022-0909 CVE-2022-0561 CVE-2022-0891 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 Cython [0.29.21-5] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [0.29.21-4] - Drop build dependency on coverage [0.29.21-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [0.29.21-2] - Re-enable tests. [0.29.21-1] - 0.29.21 scipy [1.5.4-3] - Specify LDFLAGS explicitly - Force preprocessing of Fortran sources to make annobin record proper flags - Resolves: rhbz#1778983 rhbz#1877430 [1.5.4-2] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [1.5.4-1] - New upstream release 1.5.4 - Increase test timeout, 300 seconds is not always enough for test_logpdf_overflow on s390x resolves: #1894887 MODERATE Copyright 2022 Oracle, Inc. CVE-2015-20107 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:linux:8::codeready_builder_developer Oracle Linux 8 babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.5.1-8] - Fix unversioned requires/buildrequires - Resolves: rhbz#1628242 [2.5.1-7] - Remove unversioned binaries - Resolves: rhbz#1613343 [2.5.1-6] - Make possible to disable python3 subpackage [2.5.1-5] - Remove dependency on an exotic testing package python-freezegun which we dont have capacity to ship in RHEL8 - Run tests in pytest (as declared in BuildRequires) instead of unittest [2.5.1-4] - Build the documentation always using the Python 3 version Sphinx [2.5.1-3] - Require the python36-devel package when building for the python36 module [2.5.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [2.5.1-1] - update to upstream version 2.5.1 MODERATE Copyright 2022 Oracle, Inc. CVE-2015-20107 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 Oracle Linux 8 [20.11.0-5] - Dont run out of file for Hints - Rebuild for #2096452 - Resolves: #2090969, #2096452 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-27337 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.16.1-3] - Add patches for matroskademux. CVE-2021-3497 - Resolves: rhbz#1948942 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-3497 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [1.16.2-2] - Require openssl tool for unbound-keygen (#2018806) [1.16.2-1] - Update to 1.16.2 (#2027735) [1.16.0-2] - Restart keygen service before every unbound start (#1959468) [1.16.0-1] - Upgrade to 9.16.0 (#2027735) - Update to recent version with compatibility with RHEL8 (#2027735) - Ensure also source level compatibility with previous version [1.7.3-18] - Change file mode before owner when configuring remote control unix socket to avoid AVC denials - Resolves: rhbz#2038251 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-30698 CVE-2022-30699 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 Oracle Linux 8 [1:2.3.16-3] - fix possible privilege escalation when similar master and non-master passdbs are used (#2106231) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-30550 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:linux:8::codeready_builder_developer Oracle Linux 8 libzip [1.7.3-1] - update to 1.7.3 php-pecl-apcu [5.1.20-1] - update to 5.1.20 php-pecl-rrd [2.0.3-1] - update to 2.0.3 php-pecl-xdebug3 [3.1.2-1] - update to 3.1.2 rhbz#2030322 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-21708 CVE-2022-31625 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 libzip [1.6.1-1] - update to 1.6.1 - enable lzma support php [7.4.30-1] - rebase to 7.4.30 #2099615 [7.4.19-3] - fix password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 [7.4.19-2] - fix SSRF bypass in FILTER_VALIDATE_URL CVE-2021-21705 - fix Local privilege escalation via PHP-FPM CVE-2021-21703 [7.4.19-1] - rebase to 7.4.19 #1944110 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-32610 CVE-2021-21707 CVE-2021-21708 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [2.79-24] - Prevent endless loop in forward_query (#2120357) [2.79-23] - Add IPv6 ntp-server suboptions support (#2049691) [2.79-22] - Prevent use after free in dhcp6_no_relay (CVE-2022-0934) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-0934 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 Oracle Linux 8 [0.3.15-4] - Fix out-of-bounds read in *larrv - Resolves: CVE-2021-4048 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-4048 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [5:2.0.7-2] - Fix CVE-2022-1328 (#2109247) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1328 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [32:9.16.23-0.9.1] - Fix possible serve-stale related crash (CVE-2022-3080) - Fix memory leak in ECDSA verify processing (CVE-2022-38177) - Fix memory leak in EdDSA verify processing (CVE-2022-38178) [32:9.16.23-0.9] - Tighten cache protection against record from forwarders (CVE-2021-25220) - Include test of forwarders [32:9.16.23-0.8] - TCP connections with keep-response-order are properly close in all cases (CVE-2022-0396) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-25220 CVE-2022-0396 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [2.4.0-5] - Fix CVE-2022-1122 LOW Copyright 2022 Oracle, Inc. CVE-2022-1122 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:linux:8::codeready_builder_developer Oracle Linux 8 httpd [2.4.37-51.0.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracles index page oracle_index.html [2.4.37-51] - Resolves: #2097015 - CVE-2022-28614 httpd:2.4/httpd: out-of-bounds read via ap_rwrite() - Resolves: #2097031 - CVE-2022-28615 httpd:2.4/httpd: out-of-bounds read in ap_strcmp_match() - Resolves: #2097458 - CVE-2022-30522 httpd:2.4/httpd: mod_sed: DoS vulnerability - Resolves: #2097480 - CVE-2022-30556 httpd:2.4/httpd: mod_lua: Information disclosure with websockets - Resolves: #2098247 - CVE-2022-31813 httpd:2.4/httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism - Resolves: #2097451 - CVE-2022-29404 httpd:2.4/httpd: mod_lua: DoS in r:parsebody - Resolves: #2096997 - CVE-2022-26377 httpd:2.4/httpd: mod_proxy_ajp: Possible request smuggling [2.4.37-50] - Resolves: #2065237 - CVE-2022-22719 httpd:2.4/httpd: mod_lua: Use of uninitialized value of in r:parsebody - Resolves: #2065267 - CVE-2022-22721 httpd:2.4/httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody - Resolves: #2065324 - CVE-2022-23943 httpd:2.4/httpd: mod_sed: Read/write beyond bounds [2.4.37-49] - Resolves: #2090848 - CVE-2020-13950 httpd:2.4/httpd: mod_proxy NULL pointer dereference [2.4.37-48] - Resolves: #2065249 - CVE-2022-22720 httpd:2.4/httpd: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier mod_http2 [1.15.7-5] - Resolves: #2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference or SSRF in forward proxy configurations [1.15.7-4] - Resolves: #1966728 - CVE-2021-33193 httpd:2.4/mod_http2: httpd: Request splitting via HTTP/2 method injection and mod_proxy MODERATE Copyright 2022 Oracle, Inc. CVE-2022-22721 CVE-2022-28615 CVE-2022-30522 CVE-2022-30556 CVE-2022-23943 CVE-2022-28614 CVE-2022-22719 CVE-2022-29404 CVE-2022-31813 CVE-2022-26377 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [3.2.0-2] - resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header - resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working - resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read - resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob - resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob - resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode MODERATE Copyright 2022 Oracle, Inc. CVE-2022-32148 CVE-2022-30632 CVE-2022-30635 CVE-2022-30630 CVE-2022-1705 CVE-2022-30631 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [4.18.0-425.3.1.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] [4.18.0-425.3.1] - iwlwifi: limit fw version for AC9560 to avoid fw crash (Inigo Huguet) [2129297] - sfc: fix null pointer dereference in efx_hard_start_xmit (Inigo Huguet) [2119638] - sfc: fix TX channel offset when using legacy interrupts (Inigo Huguet) [2119638] - netfilter: conntrack: reduce timeout when receiving out-of-window fin or rst (Florian Westphal) [2047366] - netfilter: conntrack: remove unneeded indent level (Florian Westphal) [2047366] - netfilter: conntrack: ignore overly delayed tcp packets (Florian Westphal) [2047366] - netfilter: conntrack: prepare tcp_in_window for ternary return value (Florian Westphal) [2047366] - netfilter: conntrack: remove pr_debug callsites from tcp tracker (Florian Westphal) [2047366] - netfilter: conntrack: work around exceeded receive window (Florian Westphal) [2047366] - netfilter: conntrack: improve RST handling when tuple is re-used (Florian Westphal) [2047366] - netfilter: conntrack: avoid misleading invalid in log message (Florian Westphal) [2047366] - netfilter: remove BUG_ON() after skb_header_pointer() (Florian Westphal) [2047366] - iavf: Detach device during reset task (Petr Oros) [2069206] [4.18.0-425.2.1] - EDAC/ghes: Set the DIMM label unconditionally (Aristeu Rozanski) [2109712] - configs: enable CONFIG_HP_ILO for aarch64 (Mark Salter) [2123508] [4.18.0-425.1.1] - i40e: Fix kernel crash during module removal (Ivan Vecera) [2091489] - redhat: enable zstream release numbering for rhel 8.7 (Jarod Wilson) - ice: Allow operation with reduced device MSI-X (Petr Oros) [2102844] [4.18.0-425] - EDAC/amd64: Add new register offset support and related changes (Aristeu Rozanski) [2048792] - EDAC/amd64: Set memory type per DIMM (Aristeu Rozanski) [2048792] - Revert ixgbevf: Mailbox improvements (Ken Cox) [2120545] - Revert ixgbevf: Add support for new mailbox communication between PF and VF (Ken Cox) [2120545] - drm/amdgpu: Only disable prefer_shadow on hawaii (Lyude Paul) [2118755] [4.18.0-424] - redhat: configs: add CONFIG_SERIAL_MULTI_INSTANTIATE=m for x86_64 (Jaroslav Kysela) [2005073] - ACPI: scan: Add CLSA0101 Laptop Support (Jaroslav Kysela) [2005073] - platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (Jaroslav Kysela) [2005073] - platform/x86: serial-multi-instantiate: Sort ACPI IDs by HID (Jaroslav Kysela) [2005073] - platform/x86: serial-multi-instantiate: Get rid of redundant else (Jaroslav Kysela) [2005073] - platform/x86: serial-multi-instantiate: Use while (i--) pattern to clean up (Jaroslav Kysela) [2005073] - platform/x86: serial-multi-instantiate: Improve dev_err_probe() messaging (Jaroslav Kysela) [2005073] - platform/x86: serial-multi-instantiate: Drop duplicate check (Jaroslav Kysela) [2005073] - platform/x86: serial-multi-instantiate: Improve autodetection (Jaroslav Kysela) [2005073] - ACPI / scan: Create platform device for CS35L41 (Jaroslav Kysela) [2005073] - ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes (Jaroslav Kysela) [2005073] - platform/x86: serial-multi-instantiate: Add SPI support (Jaroslav Kysela) [2005073] - platform/x86: serial-multi-instantiate: Reorganize I2C functions (Jaroslav Kysela) [2005073] - platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (Jaroslav Kysela) [2005073] - platform/x86: i2c-multi-instantiate: Use the new i2c_acpi_client_count() helper (Jaroslav Kysela) [2005073] - platform/x86: i2c-multi-instantiate: Use device_get_match_data() to get driver data (Jaroslav Kysela) [2005073] - platform/x86: i2c-multi-instantiate: Simplify with dev_err_probe() (Jaroslav Kysela) [2005073] - platform/x86: i2c-multi-instantiate: Drop redundant ACPI_PTR() (Jaroslav Kysela) [2005073] - platform/x86: i2c-multi-instantiate: Replace zero-length array with flexible-array member (Jaroslav Kysela) [2005073] - platform/x86: i2c-multi-instantiate: Fail the probe if no IRQ provided (Jaroslav Kysela) [2005073] - platform/x86: i2c-multi-instantiate: Derive the device name from parent (Jaroslav Kysela) [2005073] - platform/x86: i2c-multi-instantiate: Use struct_size() helper (Jaroslav Kysela) [2005073] - platform/x86: i2c-multi-instantiate: Allow to have same slaves (Jaroslav Kysela) [2005073] - platform/x86: i2c-multi-instantiate: Introduce IOAPIC IRQ support (Jaroslav Kysela) [2005073] - platform/x86: i2c-multi-instantiate: Distinguish IRQ resource type (Jaroslav Kysela) [2005073] - platform/x86: i2c-multi-instantiate: Count I2cSerialBus() resources (Jaroslav Kysela) [2005073] - platform/x86: i2c-multi-instantiate: Get rid of obsolete conditional (Jaroslav Kysela) [2005073] - platform/x86: i2c-multi-instantiate: Defer probe when no adapter found (Jaroslav Kysela) [2005073] - platform/x86: i2c-multi-instantiate: Accept errors of i2c_acpi_new_device() (Jaroslav Kysela) [2005073] - serdev: Fix detection of UART devices on Apple machines. (Jaroslav Kysela) [2005073] - serdev: Add ACPI devices by ResourceSource field (Jaroslav Kysela) [2005073] - spi: Return deferred probe error when controller isnt yet available (Jaroslav Kysela) [2005073] - spi/acpi: avoid spurious matches during slave enumeration (Jaroslav Kysela) [2005073] - spi: Add API to count spi acpi resources (Jaroslav Kysela) [2005073] - spi: Support selection of the index of the ACPI Spi Resource before alloc (Jaroslav Kysela) [2005073] - ACPI: Test for ACPI_SUCCESS rather than !ACPI_FAILURE (Jaroslav Kysela) [2005073] - spi/acpi: fix incorrect ACPI parent check (Jaroslav Kysela) [2005073] - spi: Create helper API to lookup ACPI info for spi device (Jaroslav Kysela) [2005073] - spi/acpi: enumerate all SPI slaves in the namespace (Jaroslav Kysela) [2005073] - spi: kill useless initializer in spi_register_controller() (Jaroslav Kysela) [2005073] - spi: fix ctrl->num_chipselect constraint (Jaroslav Kysela) [2005073] - spi: Dont call spi_get_gpio_descs() before device name is set (Jaroslav Kysela) [2005073] - spi: Avoid undefined behaviour when counting unused native CSs (Jaroslav Kysela) [2005073] - spi: Allow to have all native CSs in use along with GPIOs (Jaroslav Kysela) [2005073] - spi: Add missing error handling for CS GPIOs (Jaroslav Kysela) [2005073] - spi: export tracepoint symbols to modules (Jaroslav Kysela) [2005073] - spi: Fix zero length xfer bug (Jaroslav Kysela) [2005073] - spi: Add generic support for unused native cs with cs-gpios (Jaroslav Kysela) [2005073] - spi: Reduce kthread priority (Jaroslav Kysela) [2005073] - spi: core: Use DEVICE_ATTR_RW() for SPI slave control sysfs attribute (Jaroslav Kysela) [2005073] - i2c: acpi: Add an i2c_acpi_client_count() helper function (Jaroslav Kysela) [2005073] - s390/qeth: cache link_info for ethtool (Michal Schmidt) [2117098] - nfp: amend removal of MODULE_VERSION (Stefan Assmann) [1955769] - x86/speculation: Add LFENCE to RSB fill sequence (Waiman Long) [2115080] {CVE-2022-26373} - x86/speculation: Add RSB VM Exit protections (Waiman Long) [2115080] {CVE-2022-26373} - tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2115080] - tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2115080] - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Waiman Long) [2115080] - x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (Waiman Long) [2115080] - x86/amd: Use IBPB for firmware calls (Waiman Long) [2115080] - x86/bugs: Warn when ibrs mitigation is selected on Enhanced IBRS parts (Waiman Long) [2115080] - iavf: Fix reset error handling (Petr Oros) [2119759] - iavf: Fix NULL pointer dereference in iavf_get_link_ksettings (Petr Oros) [2119759] - iavf: Fix adminq error handling (Petr Oros) [2119759] - iavf: Fix missing state logs (Petr Oros) [2119759] - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (Ken Cox) [1978613] [4.18.0-423] - netfilter: ipset: fix suspicious RCU usage in find_set_and_id (Florian Westphal) [2118526] - net/mlx5e: Update netdev features after changing XDP state (Amir Tzin) [2049440] - net/mlx5e: CT: Use own workqueue instead of mlx5e priv (Amir Tzin) [2049440] - net/mlx5e: CT: Add ct driver counters (Amir Tzin) [2049440] - net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules (Amir Tzin) [2049440] - net/mlx5e: Align mlx5e_cleanup_uplink_rep_tx() with upstream code. (Amir Tzin) [2049440] - net/mlx5e: Correct the calculation of max channels for rep (Amir Tzin) [2049440] - Documentation: devlink: mlx5.rst: Fix htmldoc build warning (Amir Tzin) [2049440] - net/mlx5: fs, fail conflicting actions (Amir Tzin) [2049440] - net/mlx5: Rearm the FW tracer after each tracer event (Amir Tzin) [2049440] - net/mlx5: correct ECE offset in query qp output (Amir Tzin) [2049440] - net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (Amir Tzin) [2049440] - net/mlx5e: TC NIC mode, fix tc chains miss table (Amir Tzin) [2049440] - net/mlx5: Dont use already freed action pointer (Amir Tzin) [2049440] - net/mlx5: fix typo in comment (Amir Tzin) [2049440] - IB/mlx5: Fix undefined behavior due to shift overflowing the constant (Amir Tzin) [2049440] - net/mlx5e: Force ethertype usage in mlx5_ct_fs_smfs_fill_mask() (Amir Tzin) [2049440] - net/mlx5: Drain fw_reset when removing device (Amir Tzin) [2049440] - net/mlx5e: CT: Fix setting flow_source for smfs ct tuples (Amir Tzin) [2049440] - net/mlx5e: CT: Fix support for GRE tuples (Amir Tzin) [2049440] - net/mlx5e: Remove HW-GRO from reported features (Amir Tzin) [2049440] - net/mlx5e: Properly block HW GRO when XDP is enabled (Amir Tzin) [2049440] - net/mlx5e: Properly block LRO when XDP is enabled (Amir Tzin) [2049440] - net/mlx5e: Block rx-gro-hw feature in switchdev mode (Amir Tzin) [2049440] - net/mlx5e: Wrap mlx5e_trap_napi_poll into rcu_read_lock (Amir Tzin) [2049440] - net/mlx5: Initialize flow steering during driver probe (Amir Tzin) [2049440] - net/mlx5: Fix matching on inner TTC (Amir Tzin) [2049440] - net/mlx5: Avoid double clear or set of sync reset requested (Amir Tzin) [2049440] - net/mlx5: Fix deadlock in sync reset flow (Amir Tzin) [2049440] - net/mlx5e: Fix trust state reset in reload (Amir Tzin) [2049440] - net/mlx5e: Avoid checking offload capability in post_parse action (Amir Tzin) [2049440] - net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (Amir Tzin) [2049440] - net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (Amir Tzin) [2049440] - net/mlx5e: Lag, Dont skip fib events on current dst (Amir Tzin) [2049440] - net/mlx5e: Lag, Fix fib_info pointer assignment (Amir Tzin) [2049440] - net/mlx5e: Lag, Fix use-after-free in fib event handler (Amir Tzin) [2049440] - net/mlx5e: Fix the calling of update_buffer_lossy() API (Amir Tzin) [2049440] - net/mlx5e: Dont match double-vlan packets if cvlan is not set (Amir Tzin) [2049440] - net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (Amir Tzin) [2049440] - RDMA/mlx5: Add a missing update of cache->last_add (Amir Tzin) [2049440] - RDMA/mlx5: Dont remove cache MRs when a delay is needed (Amir Tzin) [2049440] - net/mlx5e: HTB, remove unused function declaration (Amir Tzin) [2049440] - net/mlx5e: Statify function mlx5_cmd_trigger_completions (Amir Tzin) [2049440] - net/mlx5: Remove unused fill page array API function (Amir Tzin) [2049440] - net/mlx5: Remove unused exported contiguous coherent buffer allocation API (Amir Tzin) [2049440] - net/mlx5: CT: Remove extra rhashtable remove on tuple entries (Amir Tzin) [2049440] - net/mlx5: DR, Remove hw_ste from mlx5dr_ste to reduce memory (Amir Tzin) [2049440] - net/mlx5: DR, Remove 4 members from mlx5dr_ste_htbl to reduce memory (Amir Tzin) [2049440] - net/mlx5: DR, Remove num_of_entries byte_size from struct mlx5_dr_icm_chunk (Amir Tzin) [2049440] - net/mlx5: DR, Remove icm_addr from mlx5dr_icm_chunk to reduce memory (Amir Tzin) [2049440] - net/mlx5: DR, Remove mr_addr rkey from struct mlx5dr_icm_chunk (Amir Tzin) [2049440] - net/mlx5: DR, Adjust structure member to reduce memory hole (Amir Tzin) [2049440] - net/mlx5e: Drop cqe_bcnt32 from mlx5e_skb_from_cqe_mpwrq_linear (Amir Tzin) [2049440] - net/mlx5e: Drop the len output parameter from mlx5e_xdp_handle (Amir Tzin) [2049440] - net/mlx5e: RX, Test the XDP program existence out of the handler (Amir Tzin) [2049440] - net/mlx5e: Build SKB in place over the first fragment in non-linear legacy RQ (Amir Tzin) [2049440] - net/mlx5e: Add headroom only to the first fragment in legacy RQ (Amir Tzin) [2049440] - net/mlx5e: Validate MTU when building non-linear legacy RQ fragments info (Amir Tzin) [2049440] - net/mlx5e: MPLSoUDP encap, support action vlan pop_eth explicitly (Amir Tzin) [2049440] - net/mlx5e: MPLSoUDP decap, use vlan push_eth instead of pedit (Amir Tzin) [2049440] - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (Amir Tzin) [2049440] - net/mlx5e: Fix use-after-free in mlx5e_stats_grp_sw_update_stats (Amir Tzin) [2049440] - net/mlx5e: Remove overzealous validations in netlink EEPROM query (Amir Tzin) [2049440] - net/mlx5: Parse module mapping using mlx5_ifc (Amir Tzin) [2049440] - net/mlx5: Query the maximum MCIA register read size from firmware (Amir Tzin) [2049440] - net/mlx5: CT: Create smfs dr matchers dynamically (Amir Tzin) [2049440] - net/mlx5: CT: Add software steering ct flow steering provider (Amir Tzin) [2049440] - net/mlx5: Add smfs lib to export direct steering API to CT (Amir Tzin) [2049440] - net/mlx5: DR, Add helper to get backing dr table from a mlx5 flow table (Amir Tzin) [2049440] - net/mlx5: CT: Introduce a platform for multiple flow steering providers (Amir Tzin) [2049440] - net/mlx5: Node-aware allocation for the doorbell pgdir (Amir Tzin) [2049440] - net/mlx5: Node-aware allocation for UAR (Amir Tzin) [2049440] - net/mlx5: Node-aware allocation for the EQs (Amir Tzin) [2049440] - net/mlx5: Node-aware allocation for the EQ table (Amir Tzin) [2049440] - net/mlx5: Node-aware allocation for the IRQ table (Amir Tzin) [2049440] - net/mlx5: Delete useless module.h include (Amir Tzin) [2049440] - net/mlx5: DR, Add support for ConnectX-7 steering (Amir Tzin) [2049440] - net/mlx5: DR, Refactor ste_ctx handling for STE v0/1 (Amir Tzin) [2049440] - net/mlx5: DR, Rename action modify fields to reflect naming in HW spec (Amir Tzin) [2049440] - net/mlx5: DR, Fix handling of different actions on the same STE in STEv1 (Amir Tzin) [2049440] - net/mlx5: DR, Remove unneeded comments (Amir Tzin) [2049440] - net/mlx5: DR, Add support for matching on Internet Header Length (IHL) (Amir Tzin) [2049440] - net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior (Amir Tzin) [2049440] - net/mlx5: Add debugfs counters for page commands failures (Amir Tzin) [2049440] - net/mlx5: Add pages debugfs (Amir Tzin) [2049440] - net/mlx5: Move debugfs entries to separate struct (Amir Tzin) [2049440] - net/mlx5: Change release_all_pages cap bit location (Amir Tzin) [2049440] - net/mlx5: Remove redundant error on reclaim pages (Amir Tzin) [2049440] - net/mlx5: Remove redundant error on give pages (Amir Tzin) [2049440] - net/mlx5: Remove redundant notify fail on give pages (Amir Tzin) [2049440] - net/mlx5: Add command failures data to debugfs (Amir Tzin) [2049440] - net/mlx5e: TC, Fix use after free in mlx5e_clone_flow_attr_for_post_act() (Amir Tzin) [2049440] - net/mlx5: Support GRE conntrack offload (Amir Tzin) [2049440] - mlx5: add support for page_pool_get_stats (Amir Tzin) [2049440] - net/mlx5: Add migration commands definitions (Amir Tzin) [2049440] - net/mlx5: Introduce migration bits and structures (Amir Tzin) [2049440] - net/mlx5: Expose APIs to get/put the mlx5 core device (Amir Tzin) [2049440] - net/mlx5: Disable SRIOV before PF removal (Amir Tzin) [2049440] - net/mlx5: Reuse exported virtfn index function call (Amir Tzin) [2049440] - net/mlx5: Add clarification on sync reset failure (Amir Tzin) [2049440] - net/mlx5: Add reset_state field to MFRL register (Amir Tzin) [2049440] - RDMA/mlx5: Use new command interface API (Amir Tzin) [2049440] - net/mlx5: cmdif, Refactor error handling and reporting of async commands (Amir Tzin) [2049440] - net/mlx5: Use mlx5_cmd_do() in core create_{cq,dct} (Amir Tzin) [2049440] - net/mlx5: cmdif, Add new api for command execution (Amir Tzin) [2049440] - net/mlx5: cmdif, cmd_check refactoring (Amir Tzin) [2049440] - net/mlx5: cmdif, Return value improvements (Amir Tzin) [2049440] - net/mlx5: Lag, offload active-backup drops to hardware (Amir Tzin) [2049440] - net/mlx5: Lag, record inactive state of bond device (Amir Tzin) [2049440] - net/mlx5: Lag, dont use magic numbers for ports (Amir Tzin) [2049440] - net/mlx5: Lag, use local variable already defined to access E-Switch (Amir Tzin) [2049440] - net/mlx5: E-switch, add drop rule support to ingress ACL (Amir Tzin) [2049440] - net/mlx5: E-switch, remove special uplink ingress ACL handling (Amir Tzin) [2049440 2049580] - net/mlx5: E-Switch, reserve and use same uplink metadata across ports (Amir Tzin) [2049440 2049580] - net/mlx5: Add ability to insert to specific flow group (Amir Tzin) [2049440] - mlx5: remove unused static inlines (Amir Tzin) [2049440] - RDMA/mlx5: Reorder calls to pcie_relaxed_ordering_enabled() (Amir Tzin) [2049440] - RDMA/mlx5: Store ndescs instead of the translation table size (Amir Tzin) [2049440] - RDMA/mlx5: Merge similar flows of allocating MR from the cache (Amir Tzin) [2049440] - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (Amir Tzin) [2049440] - RDMA/mlx5: Remove redundant work in struct mlx5_cache_ent (Amir Tzin) [2049440] - net/mlx5e: TC, Allow sample action with CT (Amir Tzin) [2049440 2049659] - net/mlx5e: TC, Make post_act parse CT and sample actions (Amir Tzin) [2049440 2049659] - net/mlx5e: TC, Clean redundant counter flag from tc action parsers (Amir Tzin) [2049440 2049659] - net/mlx5e: Use multi table support for CT and sample actions (Amir Tzin) [2049440 2049659] - net/mlx5e: Create new flow attr for multi table actions (Amir Tzin) [2049440 2049659] - net/mlx5e: Add post act offload/unoffload API (Amir Tzin) [2049440 2049659] - net/mlx5e: Pass actions param to actions_match_supported() (Amir Tzin) [2049440 2049659] - net/mlx5e: TC, Move flow hashtable to be per rep (Amir Tzin) [2049440] - net/mlx5e: E-Switch, Add support for tx_port_ts in switchdev mode (Amir Tzin) [2049440] - net/mlx5e: E-Switch, Add PTP counters for uplink representor (Amir Tzin) [2049440] - net/mlx5e: RX, Restrict bulk size for small Striding RQs (Amir Tzin) [2049440] - net/mlx5e: Default to Striding RQ when not conflicting with CQE compression (Amir Tzin) [2049440] - net/mlx5e: Generalize packet merge error message (Amir Tzin) [2049440] - net/mlx5e: Add support for using xdp->data_meta (Amir Tzin) [2049440] - net/mlx5e: Fix spelling mistake supoported -> supported (Amir Tzin) [2049440] - net/mlx5e: Optimize the common case condition in mlx5e_select_queue (Amir Tzin) [2049440] - net/mlx5e: Optimize modulo in mlx5e_select_queue (Amir Tzin) [2049440] - net/mlx5e: Optimize mlx5e_select_queue (Amir Tzin) [2049440] - net/mlx5e: Use READ_ONCE/WRITE_ONCE for DCBX trust state (Amir Tzin) [2049440] - net/mlx5e: Move repeating code that gets TC prio into a function (Amir Tzin) [2049440] - net/mlx5e: Use select queue parameters to sync with control flow (Amir Tzin) [2049440] - net/mlx5e: Move mlx5e_select_queue to en/selq.c (Amir Tzin) [2049440] - net/mlx5e: Introduce select queue parameters (Amir Tzin) [2049440] - net/mlx5e: Sync txq2sq updates with mlx5e_xmit for HTB queues (Amir Tzin) [2049440] - net/mlx5e: Use a barrier after updating txq2sq (Amir Tzin) [2049440] - net/mlx5e: Disable TX queues before registering the netdev (Amir Tzin) [2049440] - net/mlx5e: Cleanup of start/stop all queues (Amir Tzin) [2049440] - net/mlx5e: Use FW limitation for max MPW WQEBBs (Amir Tzin) [2049440] - net/mlx5e: Read max WQEBBs on the SQ from firmware (Amir Tzin) [2049440] - net/mlx5e: Remove unused tstamp SQ field (Amir Tzin) [2049440] - RDMA/mlx5: Delete useless module.h include (Amir Tzin) [2049440] - RDMA/mlx5: Delete get_num_static_uars function (Amir Tzin) [2049440] - net/mlx5: VLAN push on RX, pop on TX (Amir Tzin) [2049440 2049616] - net/mlx5: Introduce software defined steering capabilities (Amir Tzin) [2049440 2049616] - net/mlx5: Remove unused TIR modify bitmask enums (Amir Tzin) [2049440] - net/mlx5e: CT, Remove redundant flow args from tc ct calls (Amir Tzin) [2049440 2049659] - net/mlx5e: TC, Store mapped tunnel id on flow attr (Amir Tzin) [2049440 2049659] - net/mlx5e: Test CT and SAMPLE on flow attr (Amir Tzin) [2049440 2049580 2049659] - net/mlx5e: Refactor eswitch attr flags to just attr flags (Amir Tzin) [2049440 2049580 2049659] - net/mlx5e: CT, Dont set flow flag CT for ct clear flow (Amir Tzin) [2049440 2049659] - net/mlx5e: TC, Hold sample_attr on stack instead of pointer (Amir Tzin) [2049440 2049580 2049659] - net/mlx5e: TC, Reject rules with multiple CT actions (Amir Tzin) [2049440 2049659] - net/mlx5e: TC, Refactor mlx5e_tc_add_flow_mod_hdr() to get flow attr (Amir Tzin) [2049440 2049659] - net/mlx5e: TC, Pass attr to tc_act can_offload() (Amir Tzin) [2049440 2049659] - net/mlx5e: TC, Split pedit offloads verify from alloc_tc_pedit_action() (Amir Tzin) [2049440 2049659] - net/mlx5e: TC, Move pedit_headers_action to parse_attr (Amir Tzin) [2049440 2049659] - net/mlx5e: Move counter creation call to alloc_flow_attr_counter() (Amir Tzin) [2049440 2049659] - net/mlx5e: Pass attr arg for attaching/detaching encaps (Amir Tzin) [2049440 2049659] - net/mlx5e: Move code chunk setting encap dests into its own function (Amir Tzin) [2049440 2049659] - net_sched: cls_route: remove from list when handle is 0 (Felix Maurer) [2116328] {CVE-2022-2588} - netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Florian Westphal) [2116356] {CVE-2022-2586} - netfilter: nf_tables: do not allow SET_ID to refer to another table (Florian Westphal) [2116356] {CVE-2022-2586} - netfilter: nf_queue: do not allow packet truncation below transport header offset (Florian Westphal) [2116159] {CVE-2022-36946} - net: let flow have same hash in two directions (Ivan Vecera) [2111094] - ipv4: Fix data-races around sysctl_fib_multipath_hash_fields. (Ivan Vecera) [2111094] - net: Add notifications when multipath hash field change (Ivan Vecera) [2111094] - selftests: forwarding: Add test for custom multipath hash with IPv6 GRE (Ivan Vecera) [2111094] - selftests: forwarding: Add test for custom multipath hash with IPv4 GRE (Ivan Vecera) [2111094] - selftests: forwarding: Add test for custom multipath hash (Ivan Vecera) [2111094] - ipv6: Add custom multipath hash policy (Ivan Vecera) [2111094] - ipv6: Add a sysctl to control multipath hash fields (Ivan Vecera) [2111094] - ipv6: Calculate multipath hash inside switch statement (Ivan Vecera) [2111094] - ipv6: Use a more suitable label name (Ivan Vecera) [2111094] - ipv4: Add custom multipath hash policy (Ivan Vecera) [2111094] - ipv4: Add a sysctl to control multipath hash fields (Ivan Vecera) [2111094] - ipv4: Calculate multipath hash inside switch statement (Ivan Vecera) [2111094] - ipv6: Use math to point per net sysctls into the appropriate struct net (Ivan Vecera) [2111094] - selftest/net/forwarding: declare NETIFS p9 p10 (Ivan Vecera) [2111094] - ipv6: Fix sysctl max for fib_multipath_hash_policy (Ivan Vecera) [2111094] - selftests: forwarding: Test multipath hashing on inner IP pkts for GRE tunnel (Ivan Vecera) [2111094] - ipv6: Support multipath hashing on inner IP pkts (Ivan Vecera) [2111094] - ipv4: Multipath hashing on inner L3 needs to consider inner IPv6 pkts (Ivan Vecera) [2111094] - ipv4: Support multipath hashing on inner IP pkts for GRE tunnel (Ivan Vecera) [2111094] - ipv4: Initialize flowi4_multipath_hash in data path (Ivan Vecera) [2111094] - net: ipv4: Fix NULL pointer dereference in route lookup (Ivan Vecera) [2111094] - route: Add multipath_hash in flowi_common to make user-define hash (Ivan Vecera) [2111094] [4.18.0-422] - drm/nouveau/kms/nv140-: Disable interlacing (Lyude Paul) [2097647] - rpm: convert gcc and libelf to Recommends (Jarod Wilson) [2114900] - redhat: add ca7 to redhat/git/files (Jarod Wilson) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2078 CVE-2022-21499 CVE-2022-1852 CVE-2022-2938 CVE-2022-26373 CVE-2020-36558 CVE-2020-36516 CVE-2021-30002 CVE-2022-2586 CVE-2022-20368 CVE-2022-24448 CVE-2022-1016 CVE-2022-27950 CVE-2022-28893 CVE-2021-3640 CVE-2022-28390 CVE-2022-36946 CVE-2022-0168 CVE-2022-0854 CVE-2022-1184 CVE-2022-0617 CVE-2022-1048 CVE-2022-1055 CVE-2022-29581 CVE-2022-2639 CVE-2022-23960 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:7:baseos_base cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.51.0-8] - Address some Coverity issues in the patch set [1.51.0-7] - lib: Prevent more integer overflows (CVE-2022-22822 to CVE-2022-22827) (#2058567, #2058576, #2058582, #2058589, #2058595, #2058602) - Prevent integer overflow on m_groupSize in doProlog (CVE-2021-46143) (#2058560) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-46143 CVE-2022-22822 CVE-2022-22824 CVE-2022-22823 CVE-2022-22826 CVE-2022-22827 CVE-2022-22825 cpe:/o:oracle:linux:8:10:baseos_base cpe:/o:oracle:linux:8:8:baseos_base cpe:/o:oracle:linux:8:9:baseos_base cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:7:baseos_base cpe:/o:oracle:linux:8::baseos_developer cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:linux:8::codeready_builder_developer Oracle Linux 8 [1.0.3-11] - Fix double byteswap on big-endian systems also while reading partition names resolves: #2065205 [1.0.3-10] - Fix CVE-2021-0308 resolves: #2052364 MODERATE Copyright 2022 Oracle, Inc. CVE-2020-0256 CVE-2021-0308 cpe:/o:oracle:linux:8:10:baseos_base cpe:/o:oracle:linux:8:8:baseos_base cpe:/o:oracle:linux:8:9:baseos_base cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:7:baseos_base cpe:/o:oracle:linux:8::baseos_developer Oracle Linux 8 glib2 [2.56.4-159.0.1] - Rebuild with python 36 [Orabug: 34701176] [2.56.4-159] - Add --interface-info-[body|header] modes to gdbus-codegen - Related: #2061994 webkit2gtk3 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-26709 CVE-2022-26716 CVE-2022-22629 CVE-2022-26710 CVE-2022-30293 CVE-2022-22628 CVE-2022-22662 CVE-2022-26719 CVE-2022-22624 CVE-2022-26700 CVE-2022-26717 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/o:oracle:linux:8:7:baseos_base cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [2.9.7-15] - Fix CVE-2016-3709 (#2120781) [2.9.7-14] - Fix CVE-2022-29824 (#2082298) MODERATE Copyright 2022 Oracle, Inc. CVE-2016-3709 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:7:baseos_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1.45.6-5] - Update e2fsprogs with upstream fixes and improvements (#2083621) - Fix out-of-bounds read/write via crafter filesystem (#2073548) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1304 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder_developer cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/o:oracle:linux:8:8:baseos_base cpe:/o:oracle:linux:8:9:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8:7:baseos_base cpe:/o:oracle:linux:8::baseos_developer cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [2.5.2-2] - resolves: rhbz#2108998 - Rebuild to include python3-ldb-devel in CRB [2.5.2-1] - Rebase to version 2.5.2 - resolves: rhbz#2109016 - Fix CVE-2022-32746 [2.5.1-1] - related: rhbz#2077484 - Rebase to version 2.5.1 [2.5.0-1] - resolves: rhbz#2077484 - Rebase to version 2.5.0 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-32746 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/o:oracle:linux:8:7:baseos_base cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [2.9.1-9] - Guard face->size - Resolves: #2079279 [2.9.1-8] - Properly guard face_index - Resolves: #2079261 [2.9.1-7] - Do not search for windres - Resolves: #2079270 [2.9.1-6] - Avoid invalid face index - Resolves: #2079270 [2.9.1-5] - Test bitmap size earlier for PNGs - Fix memory leak in pngshim.c - Resolves: #1891906 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-27406 CVE-2022-27404 CVE-2022-27405 cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/o:oracle:linux:8:8:baseos_base cpe:/o:oracle:linux:8:9:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8:7:baseos_base cpe:/o:oracle:linux:8::baseos_developer Oracle Linux 8 [32:9.11.36-5] - Fix memory leak in ECDSA verify processing (CVE-2022-38177) - Fix memory leak in EdDSA verify processing (CVE-2022-38178) [32:9.11.36-4] - Tighten cache protection against record from forwarders (CVE-2021-25220) - Include test of forwarders [32:9.11.36-2] - Reduce memory used per-view on machine with few processors (#2030239) [32:9.11.36-2] - Rebuilt on a new side-tag (#2013993) [32:9.11.36-1] - Update to 9.11.36 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-25220 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:7:baseos_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [3.1.3-19] - Resolves: #2116668 - zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field [3.1.3-18] - Resolves: #2111175 - remote arbitrary files write inside the directories of connecting peers [3.1.3-17] - Related: #2043753 - New option should not be sent to the server every time [3.1.3-16] - Resolves: #2043753 - [RFE] Improve defaults for sparse file buffering [3.1.3-15] - Resolves: #2071513 - A flaw in zlib-1.2.11 when compressing (not decompressing!) certain inputs MODERATE Copyright 2022 Oracle, Inc. CVE-2022-37434 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:7:baseos_base Oracle Linux 8 nodejs [1:18.8.0-1] - Rebase to version 18.8.0 - Include sources for WASM blobs nodejs-packaging [2021.06-4] - NPM bundler: also find namespaced bundled dependencies [2021.06-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild [2021.06-2] - Fix hard-coded output directory in the bundler [2021.06-1] - Update to 2021.06-1 - bundler: Handle archaic license metadata - bundler: Warn about bundled dependencies with no license metadata IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-35256 CVE-2022-35255 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 aardvark-dns [2:1.1.0-5] - fix 'Two aardvark-dns instances trying to use the same port on the same interface' - Resolves: #2130234 buildah [1:1.27.2-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.27 (https://github.com/containers/buildah/commit/c43a389) - Resolves: #2136438 [1:1.27.2-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.27 (https://github.com/containers/buildah/commit/13622b1) - Resolves: #2129767 containers-common [1-43.0.1] - Updated removed references [Orabug: 33473101] (Alex Burmashev) - Adjust registries.conf (Nikita Gerasimov) - remove references to RedHat registry (Nikita Gerasimov) [2:1-43] - update vendored components and configuration files - Resolves: #2136438 [2:1-42] - add beta GPG key - Resolves: #2125686 [2:1-41] - update vendored components and configuration files - Resolves: #2125241 netavark [2:1.1.0-7] - fix 'Two aardvark-dns instances trying to use the same port on the same interface' - Resolves: #2130234 podman [3:4.2.0-4] - update to the latest content of https://github.com/containers/podman/tree/v4.2.0-rhel (https://github.com/containers/podman/commit/35c0df3) - Resolves: #2125645 [3:4.2.0-3] - update to the latest content of https://github.com/containers/podman/tree/v4.2.0-rhel (https://github.com/containers/podman/commit/d520a5c) - Resolves: #2136433 [3:4.2.0-2] - update to the latest content of https://github.com/containers/podman/tree/v4.2.0-rhel (https://github.com/containers/podman/commit/4978898) - Resolves: #2125241 python-podman [4.2.1-1] - update to 4.2.1 release - Resolves: #2132360 [4.2.0-2] - fix '[RFE] python-podman: Podman support to perform custom actions on unhealthy containers' - Resolves: #2132360 skopeo [2:1.9.3-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.3 - Related: #2135973 LOW Copyright 2022 Oracle, Inc. CVE-2022-2990 CVE-2022-2989 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [7.0.100-0.4.rc2.0.1] - Set TargetRid based on os release major version, add OL arm64 RuntimeIdentifier [Orabug: 34671152] [7.0.100-0.4.rc2] - Enable ppc64le builds - Related: RHBZ#2134642 [7.0.100-0.3.rc2] - Update to .NET 7 RC 2 - Resolves: RHBZ#2134642 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-41032 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 nodejs [1:14.20.1-2] - Record issues fixed in the current version Resolves: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 Resolves: CVE-2022-0235 [1:14.20.1-1] - Rebase to version 14.20.1 Resolves: CVE-2022-35256 nodejs-packaging [23-3] - Updated - Removed pathfix.py [23-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild [23-1] - Ensure nodejs(engine) is required for packages with no dependencies MODERATE Copyright 2022 Oracle, Inc. CVE-2021-44532 CVE-2022-21824 CVE-2021-44531 CVE-2022-35256 CVE-2021-44533 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [0.8.4-28.1] - Add 0111-multipathd-ignore-duplicated-multipathd-command-keys.patch - Resolves: bz #2133995 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3787 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder cpe:/o:oracle:linux:8:7:baseos_patch Oracle Linux 9 cockpit-composer [41-1.0.1] - Make per page documentation links point to Oracle Linux [Orabug: 32013095], [Orabug:34398922] [41-1] - New upstream release [40-1] - New upstream release [39-1] - New upstream release [38-1] - New upstream release [37-1] - New upstream release [35-1] - New upstream release [34-1] - New upstream release [33-1] - Add support for OCI upload target - Update translations - Update dependencies [32-1] - Add Edge Raw, RHEL Installer, Edge Simplified Installer image types - Improve user account modal responsiveness - Update tests - Update minor NPM dependencies - Update translation files [31-1] - Add new ostree image types - Improve loading state when waiting for api responses - Improve notification system - Improve test stability - Update NPM dependencies - Update translations [30-3] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [30-2] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [30-1] - Add and update translations - Update NPM dependencies - Improve test reliability [28-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [28-1] - Use sentence case rather than title case - Add and update tests - Update translations from weblate - Update minor NPM dependencies [27-1] - Improve test reliability - Update translations from weblate - Update minor NPM dependencies [26-1] - Add additional form validation for the Create Image Wizard - Improve page size dropdown styling - Update minor NPM dependencies - Improve code styling - Improve test reliability osbuild [65-1] - New upstream release [64-1] - New upstream release [63-1] - New upstream release [62-1] - New upstream release [61-1] - New upstream release [60-1] - New upstream release [59-1] - New upstream release [58-1] - New upstream release [57-1] - New upstream release [56-1] - New upstream release [55-1] - New upstream release [54-1] - New upstream release [53-1] - New upstream release [52-1] - New upstream release [50-1] - New upstream release [49-1] - New upstream release [48-1] - New upstream release [47-1] - New upstream release [46-1] - New upstream release [45-1] - New upstream release [44-1] - New upstream release [43-1] - New upstream release [42-1] - New upstream release [39-1] - New upstream release [35-1] - Upstream release 35 [34-1] - Upstream release 34 [33-1] - Upstream release 33 [32-1] - Upstream release 32 [31-1] - Upstream release 31 [30-1] - Upstream release 30 - Many new stages for building ostree-based raw images - Bootiso.mono stage was deprecated and split into smaller stages - Mounts are now represented as an array in a manifest - Various bug fixes and improvements to various stages [29-2] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [29-1] - Upstream release 29 - Adds host services - Adds modprobe and logind stage [27-3] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [27-2] - Include Fedora 35 runner (upstream commit 337e0f0) [27-1] - Upstream release 27 - Various bug fixes related to the new container and installer stages introdcued in version 25 and 26. [26-1] - Upstream release 26 - Support for building boot isos - Grub stage gained support for saved_entry to fix grub tooling [25-1] - Upstream release 25 - First tech preview of the new manifest format. Includes various new stages and inputs to be able to build ostree commits contained in a oci archive. [24-1] - Upstream release 24 - Turn on dependency generator for everything but runners - Include new input binaries [23-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [23-1] - Upstream release 23 - Do not mangle shebangs for assemblers, runners & stages. [22-1] - Upstream release 22 [21-1] - Upstream reelase 21 osbuild-composer [62.1-1] - New upstream release [62-1] - New upstream release [60-1] - New upstream release [59-1] - New upstream release [58-1] - New upstream release [57-1] - New upstream release [55-1] - New upstream release [54-1] - New upstream release [53-1] - New upstream release [51-1] - New upstream release [46-1] - New upstream release [45-1] - New upstream release [44-1] - New upstream release [43-1] - New upstream release [42-1] - New upstream release [41-1] - New upstream release [40-1] - New upstream release [39-1] - New upstream release [38-1] - New upstream release * Tue Nov 02 2021 lavocatt - 37-1 - New upstream release [36-1] - New upstream release [33-1] - New upstream release [32-1] - New upstream release [31-1] - New upstream release [30-2] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [30-1] - New upstream release [29-3] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [29-2] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [29-1] - New upstream release [28-1] - New upstream release [27-1] - New upstream release [26-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [26-2] - Fix the compatibility with a new golang-github-azure-storage-blob 0.12 [26-1] - New upstream release [25-1] - New upstream release [24-1] - New upstream release [23-1] - New upstream release [22-1] - New upstream release weldr-client [35.5-4] - tests: Add osbuild-composer repo file for RHEL 9.1 Related: rhbz#2118831 [35.5-3] - tests: Update tests for osbuild composer changes Resolves: rhbz#2118831 LOW Copyright 2022 Oracle, Inc. CVE-2022-32189 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [2:4.2.0-3.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [2:4.2.0-3] - fix dependency in test subpackage - Related: #2061316 [2:4.2.0-2] - readd catatonit - Related: #2061316 [2:4.2.0-1] - update to latest content of https://github.com/containers/podman/releases/tag/4.2.0 (https://github.com/containers/podman/commit/7fe5a419cfd2880df2028ad3d7fd9378a88a04f4) - Related: #2061316 [2:4.2.0-0.3rc3] - require catatonit for gating tests - Related: #2061316 [2:4.2.0-0.2rc3] - update to 4.2.0-rc3 - Related: #2061316 [2:4.2.0-0.1rc2] - update to 4.2.0-rc2 - Related: #2061316 [2:4.1.1-6] - convert catatonit dependency to soft dep as catatonit is no longer in Appstream but in CRB - Related: #2061316 [2:4.1.1-5] - rebuild for combined gating with catatonit - Related: #2097694 [2:4.1.1-4] - catatonit is now a standalone package - Related: #2097694 [2:4.1.1-3] - update to the latest content of https://github.com/containers/podman/tree/v4.1.1-rhel (https://github.com/containers/podman/commit/fa692a6) - Related: #2097694 [2:4.1.1-2] - be sure podman services/sockets are stopped upon package removal - Related: #2061316 MODERATE Copyright 2022 Oracle, Inc. CVE-2020-28851 CVE-2021-20291 CVE-2020-28852 CVE-2021-4024 CVE-2021-33197 CVE-2021-34558 CVE-2022-27191 CVE-2021-20199 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [2:1.9.2-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.2 - Related: #2061316 [2:1.9.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.1 - Related: #2061316 [2:1.9.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.0 - Related: #2061316 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-33198 CVE-2021-20291 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [1.48.4-2.0.1] - Add btrfs-progs to the packages installed in the appliance [Orabug: 34137448] - Replace upstream references from a description tag - Fix build on Oracle Linux [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.48.4-2] - Rebase to new stable branch version 1.48.4 resolves: rhbz#2059285 - Disable 5-level page tables when using -cpu max resolves: rhbz#2084568 - SELinux relabelling should not stop on ext4 immutable bits resolves: rhbz#1794518 - Ignore iface in add-drive variants resolves: rhbz#1844341 - Lift protocol limit on guestfs_readdir() resolves: rhbz#1674392 - Check return values from librpm calls (2089623) - Document limitations of encrypted RBD disks resolves: rhbz#2033247 - Fix lvm-set-filter failed in guestfish with the latest lvm2 package resolves: rhbz#1965941 - Enable PHP bindings resolves: rhbz#2097718 - Add support for Clevis & Tang resolves: rhbz#1809453 - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2101281 - Add clevis-luks to BRs, required for Clevis & Tang related: rhbz#1809453 - Add zstd support to guestfs_file_architecture resolves: rhbz#2117004 [1:1.48.0-2] - Disable signature checking in librpm resolves: rhbz#2065172 [1:1.48.0-1] - Rebase to new stable branch version 1.48.0 resolves: rhbz#2059285 LOW Copyright 2022 Oracle, Inc. CVE-2022-2211 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [1.48.2-5] - Rebase to guestfs-tools 1.48.2 resolves: rhbz#2059286 - Default to --selinux-relabel in various tools resolves: rhbz#2075718, rhbz#2089748 - Add lvm system.devices cleanup operation to virt-sysprep resolves: rhbz#2072493 - Refactor virt-customize --install, --update options in common submodule - Add support for Clevis & Tang resolves: rhbz#1809453 - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2102721 - Fix virt-sysprep and LUKS-on-LVM guests resolves: rhbz#2106286 LOW Copyright 2022 Oracle, Inc. CVE-2022-2211 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [7.0.0-13] - kvm-i386-reset-KVM-nested-state-upon-CPU-reset.patch [bz#2117546] - kvm-i386-do-kvm_put_msr_feature_control-first-thing-when.patch [bz#2117546] - Resolves: bz#2117546 ([RHEL9.1] Guests in VMX root operation fail to reboot with QEMUs system_reset command) [7.0.0-12] - kvm-scsi-generic-Fix-emulated-block-limits-VPD-page.patch [bz#2120275] - kvm-vhost-Get-vring-base-from-vq-not-svq.patch [bz#2114060] - kvm-vdpa-Skip-the-maps-not-in-the-iova-tree.patch [bz#2114060] - kvm-vdpa-do-not-save-failed-dma-maps-in-SVQ-iova-tree.patch [bz#2114060] - kvm-util-Return-void-on-iova_tree_remove.patch [bz#2114060] - kvm-util-accept-iova_tree_remove_parameter-by-value.patch [bz#2114060] - kvm-vdpa-Remove-SVQ-vring-from-iova_tree-at-shutdown.patch [bz#2114060] - kvm-vdpa-Make-SVQ-vring-unmapping-return-void.patch [bz#2114060] - kvm-vhost-Always-store-new-kick-fd-on-vhost_svq_set_svq_.patch [bz#2114060] - kvm-vdpa-Use-ring-hwaddr-at-vhost_vdpa_svq_unmap_ring.patch [bz#2114060] - kvm-vhost-stop-transfer-elem-ownership-in-vhost_handle_g.patch [bz#2114060] - kvm-vhost-use-SVQ-element-ndescs-instead-of-opaque-data-.patch [bz#2114060] - kvm-vhost-Delete-useless-read-memory-barrier.patch [bz#2114060] - kvm-vhost-Do-not-depend-on-NULL-VirtQueueElement-on-vhos.patch [bz#2114060] - kvm-vhost_net-Add-NetClientInfo-start-callback.patch [bz#2114060] - kvm-vhost_net-Add-NetClientInfo-stop-callback.patch [bz#2114060] - kvm-vdpa-add-net_vhost_vdpa_cvq_info-NetClientInfo.patch [bz#2114060] - kvm-vdpa-Move-command-buffers-map-to-start-of-net-device.patch [bz#2114060] - kvm-vdpa-extract-vhost_vdpa_net_cvq_add-from-vhost_vdpa_.patch [bz#2114060] - kvm-vhost_net-add-NetClientState-load-callback.patch [bz#2114060] - kvm-vdpa-Add-virtio-net-mac-address-via-CVQ-at-start.patch [bz#2114060] - kvm-vdpa-Delete-CVQ-migration-blocker.patch [bz#2114060] - kvm-virtio-scsi-fix-race-in-virtio_scsi_dataplane_start.patch [bz#2099541] - Resolves: bz#2120275 (Wrong max_sectors_kb and Maximum transfer length on the pass-through device [rhel-9.1]) - Resolves: bz#2114060 (vDPA state restore support through control virtqueue in Qemu) - Resolves: bz#2099541 (qemu coredump with error Assertion qemu_mutex_iothread_locked() failed when repeatly hotplug/unplug disks in pause status) [7.0.0-11] - kvm-QIOChannelSocket-Fix-zero-copy-flush-returning-code-.patch [bz#2107466] - kvm-Add-dirty-sync-missed-zero-copy-migration-stat.patch [bz#2107466] - kvm-migration-multifd-Report-to-user-when-zerocopy-not-w.patch [bz#2107466] - kvm-migration-Avoid-false-positive-on-non-supported-scen.patch [bz#2107466] - kvm-migration-add-remaining-params-has_-true-in-migratio.patch [bz#2107466] - kvm-QIOChannelSocket-Add-support-for-MSG_ZEROCOPY-IPV6.patch [bz#2107466] - kvm-pc-bios-s390-ccw-Fix-booting-with-logical-block-size.patch [bz#2112303] - kvm-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch [bz#2116876] - kvm-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch [bz#2116876] - kvm-vdpa-Fix-memory-listener-deletions-of-iova-tree.patch [bz#2116876] - kvm-vdpa-Fix-file-descriptor-leak-on-get-features-error.patch [bz#2116876] - Resolves: bz#2107466 (zerocopy capability can be enabled when set migrate capabilities with multifd and compress/xbzrle together) - Resolves: bz#2112303 (virtio-blk: Cant boot fresh installation from used 512 cluster_size image under certain conditions) - Resolves: bz#2116876 (Fixes for vDPA control virtqueue support in Qemu) [7.0.0-10] - kvm-vhost-Track-descriptor-chain-in-private-at-SVQ.patch [bz#1939363] - kvm-vhost-Fix-device-s-used-descriptor-dequeue.patch [bz#1939363] - kvm-hw-virtio-Replace-g_memdup-by-g_memdup2.patch [bz#1939363] - kvm-vhost-Fix-element-in-vhost_svq_add-failure.patch [bz#1939363] - kvm-meson-create-have_vhost_-variables.patch [bz#1939363] - kvm-meson-use-have_vhost_-variables-to-pick-sources.patch [bz#1939363] - kvm-vhost-move-descriptor-translation-to-vhost_svq_vring.patch [bz#1939363] - kvm-virtio-net-Expose-MAC_TABLE_ENTRIES.patch [bz#1939363] - kvm-virtio-net-Expose-ctrl-virtqueue-logic.patch [bz#1939363] - kvm-vdpa-Avoid-compiler-to-squash-reads-to-used-idx.patch [bz#1939363] - kvm-vhost-Reorder-vhost_svq_kick.patch [bz#1939363] - kvm-vhost-Move-vhost_svq_kick-call-to-vhost_svq_add.patch [bz#1939363] - kvm-vhost-Check-for-queue-full-at-vhost_svq_add.patch [bz#1939363] - kvm-vhost-Decouple-vhost_svq_add-from-VirtQueueElement.patch [bz#1939363] - kvm-vhost-Add-SVQDescState.patch [bz#1939363] - kvm-vhost-Track-number-of-descs-in-SVQDescState.patch [bz#1939363] - kvm-vhost-add-vhost_svq_push_elem.patch [bz#1939363] - kvm-vhost-Expose-vhost_svq_add.patch [bz#1939363] - kvm-vhost-add-vhost_svq_poll.patch [bz#1939363] - kvm-vhost-Add-svq-avail_handler-callback.patch [bz#1939363] - kvm-vdpa-Export-vhost_vdpa_dma_map-and-unmap-calls.patch [bz#1939363] - kvm-vhost-net-vdpa-add-stubs-for-when-no-virtio-net-devi.patch [bz#1939363] - kvm-vdpa-manual-forward-CVQ-buffers.patch [bz#1939363] - kvm-vdpa-Buffer-CVQ-support-on-shadow-virtqueue.patch [bz#1939363] - kvm-vdpa-Extract-get-features-part-from-vhost_vdpa_get_m.patch [bz#1939363] - kvm-vdpa-Add-device-migration-blocker.patch [bz#1939363] - kvm-vdpa-Add-x-svq-to-NetdevVhostVDPAOptions.patch [bz#1939363] - kvm-redhat-Update-linux-headers-linux-kvm.h-to-v5.18-rc6.patch [bz#2111994] - kvm-target-s390x-kvm-Honor-storage-keys-during-emulation.patch [bz#2111994] - kvm-kvm-don-t-use-perror-without-useful-errno.patch [bz#2095608] - kvm-multifd-Copy-pages-before-compressing-them-with-zlib.patch [bz#2099934] - kvm-Revert-migration-Simplify-unqueue_page.patch [bz#2099934] - Resolves: bz#1939363 (vDPA control virtqueue support in Qemu) - Resolves: bz#2111994 (RHEL9: skey test in kvm_unit_test got failed) - Resolves: bz#2095608 (Please correct the error message when try to start qemu with -M kernel-irqchip=split) - Resolves: bz#2099934 (Guest reboot on destination host after postcopy migration completed) [7.0.0-9] - kvm-virtio-iommu-Add-bypass-mode-support-to-assigned-dev.patch [bz#2100106] - kvm-virtio-iommu-Use-recursive-lock-to-avoid-deadlock.patch [bz#2100106] - kvm-virtio-iommu-Add-an-assert-check-in-translate-routin.patch [bz#2100106] - kvm-virtio-iommu-Fix-the-partial-copy-of-probe-request.patch [bz#2100106] - kvm-virtio-iommu-Fix-migration-regression.patch [bz#2100106] - kvm-pc-bios-s390-ccw-virtio-Introduce-a-macro-for-the-DA.patch [bz#2098077] - kvm-pc-bios-s390-ccw-bootmap-Improve-the-guessing-logic-.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-blkdev-Simplify-fix-virtio_i.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-blkdev-Remove-virtio_assume_.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-Set-missing-status-bits-whil.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-Read-device-config-after-fea.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-Beautify-the-code-for-readin.patch [bz#2098077] - kvm-pc-bios-s390-ccw-Split-virtio-scsi-code-from-virtio_.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-blkdev-Request-the-right-fea.patch [bz#2098077] - kvm-pc-bios-s390-ccw-netboot.mak-Ignore-Clang-s-warnings.patch [bz#2098077] - kvm-hw-block-fdc-Prevent-end-of-track-overrun-CVE-2021-3.patch [bz#1951522] - kvm-tests-qtest-fdc-test-Add-a-regression-test-for-CVE-2.patch [bz#1951522] - Resolves: bz#2100106 (Fix virtio-iommu/vfio bypass) - Resolves: bz#2098077 (virtio-blk: Cant boot fresh installation from used virtio-blk dasd disk under certain conditions) - Resolves: bz#1951522 (CVE-2021-3507 qemu-kvm: QEMU: fdc: heap buffer overflow in DMA read data transfers [rhel-9.0]) [7.0.0-8] - kvm-tests-avocado-update-aarch64_virt-test-to-exercise-c.patch [bz#2060839] - kvm-RHEL-only-tests-avocado-Switch-aarch64-tests-from-a5.patch [bz#2060839] - kvm-RHEL-only-AArch64-Drop-unsupported-CPU-types.patch [bz#2060839] - kvm-target-i386-deprecate-CPUs-older-than-x86_64-v2-ABI.patch [bz#2060839] - kvm-target-s390x-deprecate-CPUs-older-than-z14.patch [bz#2060839] - kvm-target-arm-deprecate-named-CPU-models.patch [bz#2060839] - kvm-meson.build-Fix-docker-test-build-alpine-when-includ.patch [bz#1968509] - kvm-QIOChannel-Add-flags-on-io_writev-and-introduce-io_f.patch [bz#1968509] - kvm-QIOChannelSocket-Implement-io_writev-zero-copy-flag-.patch [bz#1968509] - kvm-migration-Add-zero-copy-send-parameter-for-QMP-HMP-f.patch [bz#1968509] - kvm-migration-Add-migrate_use_tls-helper.patch [bz#1968509] - kvm-multifd-multifd_send_sync_main-now-returns-negative-.patch [bz#1968509] - kvm-multifd-Send-header-packet-without-flags-if-zero-cop.patch [bz#1968509] - kvm-multifd-Implement-zero-copy-write-in-multifd-migrati.patch [bz#1968509] - kvm-QIOChannelSocket-Introduce-assert-and-reduce-ifdefs-.patch [bz#1968509] - kvm-QIOChannelSocket-Fix-zero-copy-send-so-socket-flush-.patch [bz#1968509] - kvm-migration-Change-zero_copy_send-from-migration-param.patch [bz#1968509] - kvm-migration-Allow-migrate-recover-to-run-multiple-time.patch [bz#2096143] - Resolves: bz#2060839 (Consider deprecating CPU models like kvm64 / qemu64 on RHEL 9) - Resolves: bz#1968509 (Use MSG_ZEROCOPY on QEMU Live Migration) - Resolves: bz#2096143 (The migration port is not released if use it again for recovering postcopy migration) [7.0.0-7] - kvm-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch [bz#1952483] - kvm-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch [bz#1952483] - kvm-coroutine-win32-use-QEMU_DEFINE_STATIC_CO_TLS.patch [bz#1952483] - kvm-Enable-virtio-iommu-pci-on-x86_64.patch [bz#2094252] - kvm-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch [bz#2092788] - kvm-linux-aio-explain-why-max-batch-is-checked-in-laio_i.patch [bz#2092788] - Resolves: bz#1952483 (RFE: QEMUs coroutines fail with CFLAGS=-flto on non-x86_64 architectures) - Resolves: bz#2094252 (Compile the virtio-iommu device on x86_64) - Resolves: bz#2092788 (Stalled IO Operations in VM) [7.0.0-6] - kvm-Introduce-event-loop-base-abstract-class.patch [bz#2031024] - kvm-util-main-loop-Introduce-the-main-loop-into-QOM.patch [bz#2031024] - kvm-util-event-loop-base-Introduce-options-to-set-the-th.patch [bz#2031024] - kvm-qcow2-Improve-refcount-structure-rebuilding.patch [bz#2072379] - kvm-iotests-108-Test-new-refcount-rebuild-algorithm.patch [bz#2072379] - kvm-qcow2-Add-errp-to-rebuild_refcount_structure.patch [bz#2072379] - kvm-iotests-108-Fix-when-missing-user_allow_other.patch [bz#2072379] - kvm-virtio-net-setup-vhost_dev-and-notifiers-for-cvq-onl.patch [bz#2070804] - kvm-virtio-net-align-ctrl_vq-index-for-non-mq-guest-for-.patch [bz#2070804] - kvm-vhost-vdpa-fix-improper-cleanup-in-net_init_vhost_vd.patch [bz#2070804] - kvm-vhost-net-fix-improper-cleanup-in-vhost_net_start.patch [bz#2070804] - kvm-vhost-vdpa-backend-feature-should-set-only-once.patch [bz#2070804] - kvm-vhost-vdpa-change-name-and-polarity-for-vhost_vdpa_o.patch [bz#2070804] - kvm-virtio-net-don-t-handle-mq-request-in-userspace-hand.patch [bz#2070804] - kvm-Revert-globally-limit-the-maximum-number-of-CPUs.patch [bz#2094270] - kvm-vfio-common-remove-spurious-warning-on-vfio_listener.patch [bz#2086262] - Resolves: bz#2031024 (Add support for fixing thread pool size [QEMU]) - Resolves: bz#2072379 (Fail to rebuild the reference count tables of qcow2 image on host block devices (e.g. LVs)) - Resolves: bz#2070804 (PXE boot crash qemu when using multiqueue vDPA) - Resolves: bz#2094270 (Do not set the hard vCPU limit to the soft vCPU limit in downstream qemu-kvm anymore) - Resolves: bz#2086262 ([Win11][tpm]vfio_listener_region_del received unaligned region) [7.0.0-5] - kvm-qemu-nbd-Pass-max-connections-to-blockdev-layer.patch [bz#1708300] - kvm-nbd-server-Allow-MULTI_CONN-for-shared-writable-expo.patch [bz#1708300] - Resolves: bz#1708300 (RFE: qemu-nbd vs NBD_FLAG_CAN_MULTI_CONN) [7.0.0-4] - kvm-qapi-machine.json-Add-cluster-id.patch [bz#2041823] - kvm-qtest-numa-test-Specify-CPU-topology-in-aarch64_numa.patch [bz#2041823] - kvm-hw-arm-virt-Consider-SMP-configuration-in-CPU-topolo.patch [bz#2041823] - kvm-qtest-numa-test-Correct-CPU-and-NUMA-association-in-.patch [bz#2041823] - kvm-hw-arm-virt-Fix-CPU-s-default-NUMA-node-ID.patch [bz#2041823] - kvm-hw-acpi-aml-build-Use-existing-CPU-topology-to-build.patch [bz#2041823] - kvm-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch [bz#2079938] - kvm-coroutine-Revert-to-constant-batch-size.patch [bz#2079938] - kvm-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch [bz#2079347] - kvm-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch [bz#2079347] - kvm-virtio-scsi-clean-up-virtio_scsi_handle_event_vq.patch [bz#2079347] - kvm-virtio-scsi-clean-up-virtio_scsi_handle_ctrl_vq.patch [bz#2079347] - kvm-virtio-scsi-clean-up-virtio_scsi_handle_cmd_vq.patch [bz#2079347] - kvm-virtio-scsi-move-request-related-items-from-.h-to-.c.patch [bz#2079347] - kvm-Revert-virtio-scsi-Reject-scsi-cd-if-data-plane-enab.patch [bz#1995710] - kvm-migration-Fix-operator-type.patch [bz#2064530] - Resolves: bz#2041823 ([aarch64][numa] When there are at least 6 Numa nodes serial log shows arch topology borken) - Resolves: bz#2079938 (qemu coredump when boot with multi disks (qemu) failed to set up stack guard page: Cannot allocate memory) - Resolves: bz#2079347 (Guest boot blocked when scsi disks using same iothread and 100% CPU consumption) - Resolves: bz#1995710 (RFE: Allow virtio-scsi CD-ROM media change with IOThreads) - Resolves: bz#2064530 (Rebuild qemu-kvm with clang-14) [7.0.0-3] - kvm-hw-arm-virt-Remove-the-dtb-kaslr-seed-machine-option.patch [bz#2046029] - kvm-hw-arm-virt-Fix-missing-initialization-in-instance-c.patch [bz#2046029] - kvm-Enable-virtio-iommu-pci-on-aarch64.patch [bz#1477099] - kvm-sysemu-tpm-Add-a-stub-function-for-TPM_IS_CRB.patch [bz#2037612] - kvm-vfio-common-remove-spurious-tpm-crb-cmd-misalignment.patch [bz#2037612] - Resolves: bz#2046029 ([WRB] New machine type property - dtb-kaslr-seed) - Resolves: bz#1477099 (virtio-iommu (including ACPI, VHOST/VFIO integration, migration support)) - Resolves: bz#2037612 ([Win11][tpm][QL41112 PF] vfio_listener_region_add received unaligned region) [7.0.0-2] - kvm-configs-devices-aarch64-softmmu-Enable-CONFIG_VIRTIO.patch [bz#2044162] - kvm-target-ppc-cpu-models-Fix-ppc_cpu_aliases-list-for-R.patch [bz#2081022] - Resolves: bz#2044162 ([RHEL9.1] Enable virtio-mem as tech-preview on ARM64 QEMU) - Resolves: bz#2081022 (Build regression on ppc64le with c9s qemu-kvm 7.0.0-1 changes) [7.0.0-1] - Rebase to QEMU 7.0.0 [bz#2064757] - Do not build ssh block driver anymore [bz#2064500] - Removed hpet and parallel port support [bz#2065042] - Compatibility support [bz#2064782 bz#2064771] - Resolves: bz#2064757 (Rebase to QEMU 7.0.0) - Resolves: bz#2064500 (Install qemu-kvm-6.2.0-11.el9_0.1 failed as conflict with qemu-kvm-block-ssh-6.2.0-11.el9_0.1) - Resolves: bz#2065042 (Remove upstream-only devices from the qemu-kvm binary) - Resolves: bz#2064782 (Update machine type compatibility for QEMU 7.0.0 update [s390x]) - Resolves: bz#2064771 (Update machine type compatibility for QEMU 7.0.0 update [x86_64]) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-3750 CVE-2021-3507 CVE-2021-3611 CVE-2021-4158 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [2.0.7-6.0.1] - Replaced bugzilla.oracle.com references [Orabug: 34202300] - replaced upstream references [Orabug:34089586] [1:2.0.7-6] - Install qemu-ga package during conversion resolves: rhbz#2028764 [1:2.0.7-5] - Remove LVM2 devices file during conversion resolves: rhbz#2112801 - Add support for Zstandard compressed kernel modules resolves: rhbz#2116811 [1:2.0.7-4] - Remove legacy crypto advice and replace with targeted mechanism resolves: rhbz#2062360 [1:2.0.7-3] - relax qemu64 VCPU feature checking in the libvirt output resolves rhbz#2107503 [1:2.0.7-2] - Rebase to stable branch version 2.0.7 resolves: rhbz#2059287, rhbz#1658126, rhbz#1788823, rhbz#1854275 - Fix openssh-clients dependency resolves: rhbz#2064178 - Fix security issue when running virt-v2v as root resolves: rhbz#2066773 - Remove -o json mode resolves: rhbz#2074026 - Allow conversion of guests with NVMe drives from VMX files resolves: rhbz#2070530 - Cleanly reject guests with snapshots when using -it ssh resolves: rhbz#1774386 - Document that vmx+ssh -ip auth doesnt cover ssh / scp shell commands resolves: rhbz#1854275 - Fix conversion if swap partition isnt encrypted with root directory resolves: rhbz#1658128 - Document permissions when importing OVA using RHV UI resolves: rhbz#2039597 - Multiple fixes for -o qemu mode resolves: rhbz#2074805 - Work around blocking bug in OpenStack resolves: rhbz#2074801 - If multiple open-vm-tools packages are installed, remove all (2076436) - For -o rhv-upload wait for VM creation task resolves: rhbz#1985830 - For -i vmx add full support for SATA hard disks resolves: rhbz#1883802 - Fix booting of RHEL 9.1 guests after conversion resolves: rhbz#2076013 - Fix -o qemu warning resolves: rhbz#2082603 - If listing RPM applications fails, rebuild DB and retry (2089623) - Document -i vmx -it ssh percent encoding in ssh URIs resolves: rhbz#1938954 - Document extra permissions needed for VMware 7 (1817050) - Remove osprober devices left around by grub2 resolves: rhbz#2003503 - Add Requires python3 / platform-python resolves: rhbz#2094779 - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2102719 - Add -oo compressed support resolves: rhbz#2047660 - Limit the maximum of disks per guest resolves: rhbz#2051564 - Add support for LUKS encrypted guests using Clevis & Tang resolves: rhbz#1809453 - Fix remapping of nvme devices in /boot/grub2/device.map resolves: rhbz#2101665 - Improve documentation of vmx+ssh and -ip option resolves: rhbz#1854275 - Fix race condition when unmounting in -o rhv mode (1953286#c26) [1:1.45.99-1] - Rebase to upstream 1.45.99. - Add check for sufficient free space in the host resolves: rhbz#2051394 - Update documentation of -ip for conversions from VMware over HTTPS related: rhbz#1960087 - -o rhv-upload: Keep connections alive resolves: rhbz#2032324 - -o rhv-upload: Improve conversion performance resolves: rhbz#2039255 - -o rhv-upload: Replace -oo rhv-direct with -oo rhv-proxy resolves: rhbz#2033096 - Fix log line wrapping making log parsing difficult (1820221) [1:1.45.97-4] - v2v import from vCenter fails when using interactive password because cookie-script tries to be interactive (pick commit 8abc07a8589a) resolves: rhbz#1960087 - model=virtio-transitional is wrongly added when converting windows guest to local by rhel9 v2v (pick commit range commit range 8abc07a8589a..cacedec64072) resolves: rhbz#2043333 [1:1.45.97-3] - Rebase to upstream 1.45.97. resolves: rhbz#2011713 - Add virtio-transitional for older guests when converting to q35 resolves: rhbz#1942325 - Fix -o rhv mode resolves: rhbz#2027598 - input: xen: Fix assertion error when importing from remote block device resolves: rhbz#2041852 - output: -o json: Allow -oo (output options) to work resolves: rhbz#2041850 - Fix virt-v2v hang when given incorrect vpx:// URL resolves: rhbz#2041886 - Fix hang when converting with virt-p2v resolves: rhbz#2044911 - Send nbdinfo debugging information to stderr resolves: rhbz#2044922 - Explicitly require platform-python resolves: rhbz#2046178 [1:1.45.95-3] - output_rhv: restrict block status collection to the old RHV output - Rebase from upstream commit 702a511b7f33 to direct child commit 07b12fe99fb9 resolves: rhbz#2034240 [1:1.45.95-2] - Rebase to upstream 1.45.95. - Change video type to VGA (instead of QXL). - Remove --in-place support properly. - Remove -o glance support properly. - Fix quoting with openssh >= 8.7 (RHEL) / 8.8 - Fix q35 error IDE controllers are unsupported - Add virt-v2v and libvirt version in debug output - Fix -o rhv output mode showing no guests listed resolves: rhbz#2011713, rhbz#1961107, rhbz#2027673, rhbz#1637857, rhbz#2032112, rhbz#2027598 [1:1.45.3-3] - Fix conversion of Windows BitLocker guests resolves: rhbz#1994984 [1:1.45.3-2] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [1:1.45.3-1] - New upstream development version 1.45.3. - Rebase RHEL patches. resolves: rhbz#1950634 [1:1.45.2-1] - New upstream development version 1.45.2. - Remove --debug-overlays and --print-estimate options. - Remove -o glance option on RHEL 9 (RHBZ#1977539). - Remove support for RHEV-APT (RHBZ#1945549). [1:1.45.1-1.el9.1] - New upstream development version 1.45.1. - Require virtio-win on RHEL (RHBZ#1972644). - v2v-test-harness, virt-v2v-copy-to-local have been removed upstream. [1:1.44.0-2] - nbdkit-vddk-plugin dep only exists on x86-64. [1:1.44.0-1.el9.1] - Rebuild in RHEL 9 against libguestfs 1.45.5 resolves: rhbz#1959042 [1:1.44.0-1] - New upstream stable branch version 1.44.0. [1:1.43.5-1] - New upstream version 1.43.5. [1:1.43.4-5] - Add upstream patch to depend on xorriso. - Change libguestfs-tools-c -> guestfs-tools. [1:1.43.4-3] - Add downstream (RHEL-only) patches (RHBZ#1931724). [1:1.43.4-2] - Bump and rebuild for ocaml-gettext update. [1:1.43.4-1] - New upstream version 1.43.4. [1:1.43.3-4] - OCaml 4.12.0 build [1:1.43.3-3] - Add fix for OCaml 4.12. [1:1.43.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [1:1.43.3-1] - New upstream version 1.43.3. [1:1.43.2-3] - Drop obsolete virt-v2v-copy-to-local tool for Fedora 34 and RHEL 9. [1:1.43.2-2] - Unify Fedora and RHEL spec files. [1:1.43.2-1] - New upstream version 1.43.2. LOW Copyright 2022 Oracle, Inc. CVE-2022-2211 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [3.14.0-13] - Rebuilt for test fixes [3.14.0-12] - Rebuilt for test fixes [3.14.0-11] - Applied patch for for CVE-2021-22570 (#2055641) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-22570 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [2:2.99.8-3] - fix CVE-2022-30067 - fix CVE-2022-32990 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-32990 CVE-2022-30067 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [1.2.0-11] - CVE-2020-23903 speex: divide by zero in read_samples() via crafted WAV file - Resolves: CVE-2020-23903 LOW Copyright 2022 Oracle, Inc. CVE-2020-23903 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [8.5.0-7.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [8.5.0-7] - security_selinux: Dont ignore NVMe disks when setting image label (rhbz#2121441) [8.5.0-6] - qemu_process: Destroy domains namespace after killing QEMU (rhbz#2121141) [8.5.0-5] - rpc: Pass OPENSSL_CONF through to ssh invocations (rhbz#2112348) [8.5.0-4] - qemu: Pass migration flags to qemuMigrationParamsApply (rhbz#2111070) - qemu_migration_params: Replace qemuMigrationParamTypes array (rhbz#2111070) - qemu_migration: Pass migParams to qemuMigrationSrcResume (rhbz#2111070) - qemu_migration: Apply max-postcopy-bandwidth on post-copy resume (rhbz#2111070) - qemu: Always assume support for QEMU_CAPS_MIGRATION_PARAM_XBZRLE_CACHE_SIZE (rhbz#2107892) - qemu_migration: Store original migration params in status XML (rhbz#2107892) - qemu_migration_params: Refactor qemuMigrationParamsApply (rhbz#2107892) - qemu_migration_params: Refactor qemuMigrationParamsReset (rhbz#2107892) - qemu_migration_params: Avoid deadlock in qemuMigrationParamsReset (rhbz#2107892) - qemu: Restore original memory locking limit on reconnect (rhbz#2107424) - qemu: Properly release job in qemuDomainSaveInternal (rhbz#1497907) - qemu: dont call qemuMigrationSrcIsAllowedHostdev() from qemuMigrationDstPrepareFresh() (rhbz#1497907) [8.5.0-3] - qemu: introduce capability QEMU_CAPS_MIGRATION_BLOCKED_REASONS (rhbz#2092833) - qemu: new function to retrieve migration blocker reasons from QEMU (rhbz#2092833) - qemu: query QEMU for migration blockers before our own harcoded checks (rhbz#2092833) - qemu: remove hardcoded migration fail for vDPA devices if we can ask QEMU (rhbz#2092833) - qemu_migration: Use EnterMonitorAsync in qemuDomainGetMigrationBlockers (rhbz#2092833) - qemu: dont try to query QEMU about migration blockers during offline migration (rhbz#2092833) - qemu_migration: Acquire correct job in qemuMigrationSrcIsAllowed (rhbz#2092833) - virsh: Require --xpath for *dumpxml (rhbz#2103524) - qemu: skip hardcoded hostdev migration check if QEMU can do it for us (rhbz#1497907) [8.5.0-2] - domain_conf: Format <defaultiothread/> more often (rhbz#2059511) - domain_conf: Format iothread IDs more often (rhbz#2059511) - qemu: Make IOThread changing more robust (rhbz#2059511) - qemuDomainSetIOThreadParams: Accept VIR_DOMAIN_AFFECT_CONFIG flag (rhbz#2059511) - virsh: Implement --config for iothreadset (rhbz#2059511) - docs: Document TPM portion of domcaps (rhbz#2103119) - virtpm: Introduce TPM-1.2 and TPM-2.0 capabilieis (rhbz#2103119) - domcaps: Introduce TPM backendVersion (rhbz#2103119) - qemu: Report supported TPM version in domcaps (rhbz#2103119) - vircpi: Add PCIe 5.0 and 6.0 link speeds (rhbz#2105231) [8.5.0-1] - Rebased to libvirt-8.5.0 (rhbz#2060313) - The rebase also fixes the following bugs: rhbz#1475431, rhbz#2026765, rhbz#2059511, rhbz#2089431, rhbz#2102009 LOW Copyright 2022 Oracle, Inc. CVE-2022-0897 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [1.27.0-2.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [1:1.27.0-2] - fix CVE-2022-2990 - Related: #2061316 [1:1.27.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.27.0 - Related: #2061316 [1:1.26.4-2] - add buildah-tutorial to test subpackage - Related: #2061316 [1:1.26.4-1] - update to https://github.com/containers/buildah/releases/tag/v1.26.4 - Related: #2061316 [1:1.26.3-1] - update to https://github.com/containers/buildah/releases/tag/v1.26.3 - Related: #2061316 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2990 CVE-2022-27191 CVE-2021-33195 CVE-2021-33197 CVE-2021-20291 CVE-2021-33198 CVE-2022-2989 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [1.0.10-6.el9.2] - Security fixes for CVE-2022-25308, CVE-2022-25309, CVE-2022-25310 Resolves: rhbz#2050086, rhbz#2050069, rhbz#2050063 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-25309 CVE-2022-25310 CVE-2022-25308 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [5.15.3-1] - 5.15.3 Resolves: bz#2061352 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-25255 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-26716 CVE-2022-26717 CVE-2022-22629 CVE-2022-26700 CVE-2022-22662 CVE-2022-26710 CVE-2022-26709 CVE-2022-26719 CVE-2022-22624 CVE-2022-22628 CVE-2022-30293 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [7.5.15-3] - resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions - resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header - resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working - resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read - resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob - resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob - resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode - resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip - resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal [7.5.15-2] - resolve CVE-2022-31107 grafana: OAuth account takeover [7.5.15-1] - update to 7.5.15 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources - resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling - resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation - resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure - resolve CVE-2021-23648 sanitize-url: XSS - resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter - declare Node.js dependencies of subpackages - make vendor and webpack tarballs reproducible [7.5.11-3] - use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens - update FIPS tests in check phase [7.5.11-2] - resolve CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache - resolve CVE-2021-43813 grafana: directory traversal vulnerability for *.md files [7.5.11-1] - update to 7.5.11 tagged upstream community sources, see CHANGELOG - resolve CVE-2021-39226 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21698 CVE-2022-21713 CVE-2022-32148 CVE-2022-21673 CVE-2022-21702 CVE-2022-30630 CVE-2022-1962 CVE-2022-30631 CVE-2021-23648 CVE-2022-1705 CVE-2022-21703 CVE-2022-28131 CVE-2022-30635 CVE-2022-30632 CVE-2022-30633 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [1.16.2-2] - Require openssl tool for unbound-keygen (#2116802) [1.16.2-1] - Update to 1.16.2 (#2087120) [1.16.0-3] - Disable ED25519 and ED448 in FIPS mode (#2079548) [1.16.0-2] - Restart keygen service before every unbound start (#2094336) [1.16.0-1] - Update to 1.16.0 (#2087120) [1.15.0-1] - Update to 1.15.0 (#2030608) - Update icannbundle.pem [1.13.2-1] - Resolves: rhbz#1992985 unbound-1.13.2 is available - Use system-wide crypto policies [1.13.1-15] - Export unbound-devel to CRB repository (#2056116) [1.13.1-14] - Stop creating wrong devel manual pages (#2071943) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-30699 CVE-2022-30698 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [2.4.53-7.0.1] - Replace index.html with Oracles index page oracle_index.html. [2.4.53-7] - Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling - Resolves: #2097032 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match() - Resolves: #2098248 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism - Resolves: #2097016 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite() - Resolves: #2097452 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody - Resolves: #2097459 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability - Resolves: #2097481 - CVE-2022-30556 httpd: mod_lua: Information disclosure with websockets [2.4.53-6] - Related: #2065677 - httpd minimisation for ubi-micro [2.4.53-5] - Resolves: #2098056 - mod_ldap: High CPU usage at apr_ldap_rebind_remove() [2.4.53-4] - Resolves: #2095838 - mod_mime_magic: invalid type 0 in mconvert() [2.4.53-3] - Resolves: #2065677 - httpd minimisation for ubi-micro - minimize httpd dependencies (new httpd-core package) - mod_systemd and mod_brotli are now packaged in the main httpd package [2.4.53-1] - new version 2.4.53 - Resolves: #2079939 - httpd rebase to 2.4.53 - Resolves: #2075406 - httpd.conf uses icon bomb.gif for all files/dirs ending with core [2.4.51-8] - Resolves: #2073459 - Cannot override LD_LIBARY_PATH in Apache HTTPD using SetEnv or PassEnv MODERATE Copyright 2022 Oracle, Inc. CVE-2022-26377 CVE-2022-28614 CVE-2022-30522 CVE-2022-23943 CVE-2022-30556 CVE-2022-22719 CVE-2022-28615 CVE-2022-29404 CVE-2022-31813 CVE-2022-22721 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [32:9.16.23-5] - Fix possible serve-stale related crash (CVE-2022-3080) - Fix memory leak in ECDSA verify processing (CVE-2022-38177) - Fix memory leak in EdDSA verify processing (CVE-2022-38178) [32:9.16.23-4] - Export bind-doc package (#2104863) [32:9.16.23-3] - Tighten cache protection against record from forwarders (CVE-2021-25220) - Include test of forwarders [32:9.16.23-2] - TCP connections with keep-response-order are properly close in all cases (CVE-2022-0396) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-25220 CVE-2022-0396 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [2.85-5] - Prevent endless loop in forward_query (#2120711) [2.85-4] - Prevent use after free in dhcp6_no_relay (CVE-2022-0934) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-0934 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [1.3.3-10] - handle end-of-stream when encoding with verification (CVE-2021-0561) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-0561 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [4:1.1.4-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.4 - Related: #2061316 LOW Copyright 2022 Oracle, Inc. CVE-2022-29162 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [6.2.7-1] - rebase to 6.2.7 #2083151 LOW Copyright 2022 Oracle, Inc. CVE-2022-24736 CVE-2022-24735 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [0.7.0-3.20211109gitb79fd91] - Disable OpenSSL FIPS mode to avoid libtpms failures Resolves: rhbz#2090219 [0.7.0-2.20211109gitb79fd91] - Add fix for CVE-2022-23645. Resolves: rhbz#2056518 LOW Copyright 2022 Oracle, Inc. CVE-2022-23645 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 * Tue Jun 14 2022 Michal Ruprich - 8.2.2-4 - Resolves: #2095404 - frr use systemd-sysusers [8.2.2-3] - Resolves: #2081304 - Enhanced TMT testing for centos-stream [8.2.2-2] - Resolves: #2069571 - the dynamic routing setup does not work any more [8.2.2-1] - Resolves: #2069563 - Rebase frr to version 8.2.2 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-26125 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [2.14.0-1] - New release - Add ignition-apply symlink - Add ignition-rmcfg symlink and ignition-delete-config.service [2.13.0-2] - Rename -validate-nonlinux subpackage to -validate-redistributable - Add static Linux binaries to -redistributable - Fix macro invocation in comment - Avoid kernel lockdown on VMware when running with secure boot MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1706 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [5.4.0-5] - CVE-2021-44269 wavpack: heap Out-of-bounds Read - Resolves: CVE-2021-44269 LOW Copyright 2022 Oracle, Inc. CVE-2021-44269 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [21.01.0-13] - Dont run out of file for Hints - Rebuild for #2096451 - Resolves: #2090970, #2096451 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-27337 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [2.1.3-4] - Bump version to 2.1.3-4 - Resolves: Bug 1872451 - Fix regression with dscreate template [2.1.3-3] - Bump version to 2.1.3-3 - Resolves: Bug 2118765 [2.1.3-2] - Bump version to 2.1.3-2 - Resolves: Bug 2118765 - SIGSEGV in sync_repl [2.1.3-1] - Bump version to 2.1.3-1 - Resolves: Bug 2061801 - rebase 389-ds-base to 2.1.3 - Resolves: Bug 1872451 - RFE - run as non-root - Resolves: Bug 2052527 - RFE - Provide an option to abort an Auto Member rebuild task - Resolves: Bug 2057056 - Import may break the replication because changelog starting csn may not be created - Resolves: Bug 2057063 - Add support for recursively deleting subentries - Resolves: Bug 2062778 - sending crafted message could result in DoS - Resolves: Bug 2064781 - expired password was still allowed to access the database - Resolves: Bug 2100337 - dsconf backend export userroot fails ldap.DECODING_ERROR [2.1.1-3] - Bump version to 2.1.1-3 - Resolves: Bug 2061801 - Fix nss-tools requirement [2.1.1-2] - Bump version to 2.1.1-2 - Resolves: Bug 2061801 - Fix lmdb-libs requirement [2.1.1-1] - Bump version to 2.1.1-1 - Resolves: Bug 2061801 - rebase 389-ds-base to 2.1.1 [2.1.0-1] - Bump version to 2.1.0-1 - Resolves: Bug 2061801 - rebase 389-ds-base to 2.1.0 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2850 CVE-2022-0918 CVE-2022-0996 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [4.4.0-2] - Update to version 4.4.0 - Resolves: CVE-2022-0561 CVE-2022-0562 CVE-2022-22844 CVE-2022-0865 CVE-2022-0891 CVE-2022-0924 CVE-2022-0909 CVE-2022-0908 CVE-2022-1354 CVE-2022-1355 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1355 CVE-2022-1354 CVE-2022-0909 CVE-2022-0865 CVE-2022-0908 CVE-2022-22844 CVE-2022-0561 CVE-2022-0562 CVE-2022-0891 CVE-2022-0924 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [8.0.20-3] - snmp3 calls using authPriv or authNoPriv immediately return false #2104630 [8.0.20-2] - fix patch41 not applied (use system nikic/php-parser when available) [8.0.20-1] - rebase to 8.0.20 #2095752 - clean unneeded dependency on useradd command #2095447 - add upstream patch to initialize pcre before mbstring - retrieve tzdata version from /usr/share/zoneinfo/tzdata.zi MODERATE Copyright 2022 Oracle, Inc. CVE-2022-31625 CVE-2021-21708 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [2.4.0-7] - Fix CVE-2022-1122 LOW Copyright 2022 Oracle, Inc. CVE-2022-1122 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [1:2.3.16-7.0.1] - do not run systemd commands during leapp upgrade [Orabug: 34680501] [1:2.3.16-7] - fix possible privilege escalation when similar master and non-master passdbs are used (#2106232) [1:2.3.16-6] - fix possible nonzero return value of postinst script(#2053368) [1:2.3.16-5] - workaround sysuers macro defficiency (#2095399) [1:2.3.16-4] - use systemd-sysusers for user creation (#2095399) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-30550 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [5:2.2.6-1] - Rebase to upstream version 2.2.6 Resolves: CVE-2022-1328 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1328 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [1.20.11-11] - CVE fix for: CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070 Resolves: rhbz#2108157, rhbz#2108162 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2319 CVE-2022-2320 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [21.1.3-3] - CVE fix for: CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070 Resolves: rhbz#2110440, rhbz#2110433 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2320 CVE-2022-2319 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [4.6.5-3] - Security fix for CVE-2022-2309 - Resolves: rhbz#2107571 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2309 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [3.2.0-3] - bump NVR MODERATE Copyright 2022 Oracle, Inc. CVE-2022-32148 CVE-2022-30635 CVE-2022-30630 CVE-2022-30631 CVE-2022-1705 CVE-2022-30632 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-24795 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [21.11.2-1] - Rebase to 21.11.2 (#2126159) - Includes fixes for CVE-2022-2132 (#2107173) and CVE-2022-28199 (#2123616) [21.11.1-1] - Rebase to 21.11.1 (#2106856) - Includes fix for CVE-2021-3839 (#2026642) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-28199 CVE-2022-2132 CVE-2021-3839 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [5.14.0-162.6.1_1.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] [5.14.0-162.6.1_1] - kabi: add symbol yield to stablelist (cestmir Kalina) [2120286] - kabi: add symbol xa_find_after to stablelist (cestmir Kalina) [2120286] - kabi: add symbol xa_find to stablelist (cestmir Kalina) [2120286] - kabi: add symbol xa_destroy to stablelist (cestmir Kalina) [2120286] - kabi: add symbol x86_spec_ctrl_base to stablelist (cestmir Kalina) [2120286] - kabi: add symbol x86_cpu_to_apicid to stablelist (cestmir Kalina) [2120286] - kabi: add symbol wait_for_completion_interruptible to stablelist (cestmir Kalina) [2120286] - kabi: add symbol wait_for_completion to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vsprintf to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vsnprintf to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vprintk to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vmemmap_base to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vmalloc_base to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vmalloc to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vm_zone_stat to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vm_event_states to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vfree to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_undefined to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_teardown_irq to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_setup_irq to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_possible_blades to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_get_hubless_system to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_bios_obj_count to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_bios_install_heap to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_bios_get_pci_topology to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_bios_get_master_nasid to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_bios_get_heapsize to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_bios_get_geoinfo to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_bios_enum_ports to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_bios_enum_objs to stablelist (cestmir Kalina) [2120286] - kabi: add symbol up_write to stablelist (cestmir Kalina) [2120286] - kabi: add symbol up_read to stablelist (cestmir Kalina) [2120286] - kabi: add symbol up to stablelist (cestmir Kalina) [2120286] - kabi: add symbol unregister_reboot_notifier to stablelist (cestmir Kalina) [2120286] - kabi: add symbol unregister_nmi_handler to stablelist (cestmir Kalina) [2120286] - kabi: add symbol unregister_netdevice_notifier to stablelist (cestmir Kalina) [2120286] - kabi: add symbol unregister_chrdev_region to stablelist (cestmir Kalina) [2120286] - kabi: add symbol unregister_blkdev to stablelist (cestmir Kalina) [2120286] - kabi: add symbol tsc_khz to stablelist (cestmir Kalina) [2120286] - kabi: add symbol try_wait_for_completion to stablelist (cestmir Kalina) [2120286] - kabi: add symbol touch_softlockup_watchdog to stablelist (cestmir Kalina) [2120286] - kabi: add symbol time64_to_tm to stablelist (cestmir Kalina) [2120286] - kabi: add symbol this_cpu_off to stablelist (cestmir Kalina) [2120286] - kabi: add symbol tasklet_unlock_wait to stablelist (cestmir Kalina) [2120286] - kabi: add symbol tasklet_kill to stablelist (cestmir Kalina) [2120286] - kabi: add symbol tasklet_init to stablelist (cestmir Kalina) [2120286] - kabi: add symbol system_wq to stablelist (cestmir Kalina) [2120286] - kabi: add symbol system_freezing_cnt to stablelist (cestmir Kalina) [2120286] - kabi: add symbol sys_tz to stablelist (cestmir Kalina) [2120286] - kabi: add symbol synchronize_rcu to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strstr to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strsep to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strrchr to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strnlen to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strncpy_from_user to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strncpy to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strncmp to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strncasecmp to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strlen to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strlcpy to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strlcat to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strcpy to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strcmp to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strchr to stablelist (cestmir Kalina) [2120286] - kabi: add symbol sscanf to stablelist (cestmir Kalina) [2120286] - kabi: add symbol sprintf to stablelist (cestmir Kalina) [2120286] - kabi: add symbol sort to stablelist (cestmir Kalina) [2120286] - kabi: add symbol snprintf to stablelist (cestmir Kalina) [2120286] - kabi: add symbol sn_region_size to stablelist (cestmir Kalina) [2120286] - kabi: add symbol sn_partition_id to stablelist (cestmir Kalina) [2120286] - kabi: add symbol smp_call_function_single_async to stablelist (cestmir Kalina) [2120286] - kabi: add symbol smp_call_function_single to stablelist (cestmir Kalina) [2120286] - kabi: add symbol smp_call_function_many to stablelist (cestmir Kalina) [2120286] - kabi: add symbol sme_me_mask to stablelist (cestmir Kalina) [2120286] - kabi: add symbol simple_strtoull to stablelist (cestmir Kalina) [2120286] - kabi: add symbol simple_strtoul to stablelist (cestmir Kalina) [2120286] - kabi: add symbol simple_strtol to stablelist (cestmir Kalina) [2120286] - kabi: add symbol simple_read_from_buffer to stablelist (cestmir Kalina) [2120286] - kabi: add symbol set_freezable to stablelist (cestmir Kalina) [2120286] - kabi: add symbol set_current_groups to stablelist (cestmir Kalina) [2120286] - kabi: add symbol security_sb_eat_lsm_opts to stablelist (cestmir Kalina) [2120286] - kabi: add symbol security_free_mnt_opts to stablelist (cestmir Kalina) [2120286] - kabi: add symbol scsi_command_size_tbl to stablelist (cestmir Kalina) [2120286] - kabi: add symbol scnprintf to stablelist (cestmir Kalina) [2120286] - kabi: add symbol schedule_timeout to stablelist (cestmir Kalina) [2120286] - kabi: add symbol schedule to stablelist (cestmir Kalina) [2120286] - kabi: add symbol rtnl_is_locked to stablelist (cestmir Kalina) [2120286] - kabi: add symbol revert_creds to stablelist (cestmir Kalina) [2120286] - kabi: add symbol request_threaded_irq to stablelist (cestmir Kalina) [2120286] - kabi: add symbol remove_wait_queue to stablelist (cestmir Kalina) [2120286] - kabi: add symbol register_reboot_notifier to stablelist (cestmir Kalina) [2120286] - kabi: add symbol register_netdevice_notifier to stablelist (cestmir Kalina) [2120286] - kabi: add symbol register_chrdev_region to stablelist (cestmir Kalina) [2120286] - kabi: add symbol refcount_warn_saturate to stablelist (cestmir Kalina) [2120286] - kabi: add symbol recalc_sigpending to stablelist (cestmir Kalina) [2120286] - kabi: add symbol rcu_read_unlock_strict to stablelist (cestmir Kalina) [2120286] - kabi: add symbol rb_next to stablelist (cestmir Kalina) [2120286] - kabi: add symbol rb_first to stablelist (cestmir Kalina) [2120286] - kabi: add symbol radix_tree_delete to stablelist (cestmir Kalina) [2120286] - kabi: add symbol queue_work_on to stablelist (cestmir Kalina) [2120286] - kabi: add symbol queue_delayed_work_on to stablelist (cestmir Kalina) [2120286] - kabi: add symbol put_unused_fd to stablelist (cestmir Kalina) [2120286] - kabi: add symbol ptrs_per_p4d to stablelist (cestmir Kalina) [2120286] - kabi: add symbol printk to stablelist (cestmir Kalina) [2120286] - kabi: add symbol prepare_to_wait_exclusive to stablelist (cestmir Kalina) [2120286] - kabi: add symbol prepare_to_wait_event to stablelist (cestmir Kalina) [2120286] - kabi: add symbol prepare_to_wait to stablelist (cestmir Kalina) [2120286] - kabi: add symbol prepare_creds to stablelist (cestmir Kalina) [2120286] - kabi: add symbol posix_acl_valid to stablelist (cestmir Kalina) [2120286] - kabi: add symbol posix_acl_to_xattr to stablelist (cestmir Kalina) [2120286] - kabi: add symbol posix_acl_from_xattr to stablelist (cestmir Kalina) [2120286] - kabi: add symbol posix_acl_alloc to stablelist (cestmir Kalina) [2120286] - kabi: add symbol physical_mask to stablelist (cestmir Kalina) [2120286] - kabi: add symbol phys_base to stablelist (cestmir Kalina) [2120286] - kabi: add symbol pgdir_shift to stablelist (cestmir Kalina) [2120286] - kabi: add symbol percpu_ref_init to stablelist (cestmir Kalina) [2120286] - kabi: add symbol percpu_ref_exit to stablelist (cestmir Kalina) [2120286] - kabi: add symbol panic_notifier_list to stablelist (cestmir Kalina) [2120286] - kabi: add symbol panic to stablelist (cestmir Kalina) [2120286] - kabi: add symbol page_offset_base to stablelist (cestmir Kalina) [2120286] - kabi: add symbol override_creds to stablelist (cestmir Kalina) [2120286] - kabi: add symbol numa_node to stablelist (cestmir Kalina) [2120286] - kabi: add symbol nr_cpu_ids to stablelist (cestmir Kalina) [2120286] - kabi: add symbol node_states to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mutex_unlock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mutex_trylock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mutex_lock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mutex_is_locked to stablelist (cestmir Kalina) [2120286] - kabi: add symbol msleep to stablelist (cestmir Kalina) [2120286] - kabi: add symbol memset to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mempool_free_slab to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mempool_free to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mempool_destroy to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mempool_create_node to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mempool_create to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mempool_alloc_slab to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mempool_alloc to stablelist (cestmir Kalina) [2120286] - kabi: add symbol memparse to stablelist (cestmir Kalina) [2120286] - kabi: add symbol memory_read_from_buffer to stablelist (cestmir Kalina) [2120286] - kabi: add symbol memmove to stablelist (cestmir Kalina) [2120286] - kabi: add symbol memcpy to stablelist (cestmir Kalina) [2120286] - kabi: add symbol memcmp to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mem_section to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mds_idle_clear to stablelist (cestmir Kalina) [2120286] - kabi: add symbol lookup_bdev to stablelist (cestmir Kalina) [2120286] - kabi: add symbol ktime_get_ts64 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol ktime_get_real_ts64 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol ktime_get_coarse_real_ts64 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol ktime_get to stablelist (cestmir Kalina) [2120286] - kabi: add symbol kthread_should_stop to stablelist (cestmir Kalina) [2120286] - kabi: add symbol kstrtoull to stablelist (cestmir Kalina) [2120286] - kabi: add symbol kstrtoll to stablelist (cestmir Kalina) [2120286] - kabi: add symbol kmalloc_order_trace to stablelist (cestmir Kalina) [2120286] - kabi: add symbol kfree to stablelist (cestmir Kalina) [2120286] - kabi: add symbol kernel_sigaction to stablelist (cestmir Kalina) [2120286] - kabi: add symbol kernel_fpu_end to stablelist (cestmir Kalina) [2120286] - kabi: add symbol kernel_fpu_begin_mask to stablelist (cestmir Kalina) [2120286] - kabi: add symbol jiffies_64 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol jiffies to stablelist (cestmir Kalina) [2120286] - kabi: add symbol is_vmalloc_addr to stablelist (cestmir Kalina) [2120286] - kabi: add symbol is_uv_system to stablelist (cestmir Kalina) [2120286] - kabi: add symbol iounmap to stablelist (cestmir Kalina) [2120286] - kabi: add symbol ioremap to stablelist (cestmir Kalina) [2120286] - kabi: add symbol iomem_resource to stablelist (cestmir Kalina) [2120286] - kabi: add symbol init_wait_entry to stablelist (cestmir Kalina) [2120286] - kabi: add symbol init_timer_key to stablelist (cestmir Kalina) [2120286] - kabi: add symbol in_group_p to stablelist (cestmir Kalina) [2120286] - kabi: add symbol in_aton to stablelist (cestmir Kalina) [2120286] - kabi: add symbol in6_pton to stablelist (cestmir Kalina) [2120286] - kabi: add symbol in4_pton to stablelist (cestmir Kalina) [2120286] - kabi: add symbol hrtimer_start_range_ns to stablelist (cestmir Kalina) [2120286] - kabi: add symbol hrtimer_init to stablelist (cestmir Kalina) [2120286] - kabi: add symbol hrtimer_forward to stablelist (cestmir Kalina) [2120286] - kabi: add symbol hrtimer_cancel to stablelist (cestmir Kalina) [2120286] - kabi: add symbol groups_alloc to stablelist (cestmir Kalina) [2120286] - kabi: add symbol get_zeroed_page to stablelist (cestmir Kalina) [2120286] - kabi: add symbol get_unused_fd_flags to stablelist (cestmir Kalina) [2120286] - kabi: add symbol free_percpu to stablelist (cestmir Kalina) [2120286] - kabi: add symbol free_pages to stablelist (cestmir Kalina) [2120286] - kabi: add symbol free_irq to stablelist (cestmir Kalina) [2120286] - kabi: add symbol fortify_panic to stablelist (cestmir Kalina) [2120286] - kabi: add symbol flush_workqueue to stablelist (cestmir Kalina) [2120286] - kabi: add symbol finish_wait to stablelist (cestmir Kalina) [2120286] - kabi: add symbol elfcorehdr_addr to stablelist (cestmir Kalina) [2120286] - kabi: add symbol efi to stablelist (cestmir Kalina) [2120286] - kabi: add symbol dump_stack to stablelist (cestmir Kalina) [2120286] - kabi: add symbol downgrade_write to stablelist (cestmir Kalina) [2120286] - kabi: add symbol down_write_trylock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol down_write to stablelist (cestmir Kalina) [2120286] - kabi: add symbol down_trylock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol down_read_trylock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol down_read to stablelist (cestmir Kalina) [2120286] - kabi: add symbol down_interruptible to stablelist (cestmir Kalina) [2120286] - kabi: add symbol down to stablelist (cestmir Kalina) [2120286] - kabi: add symbol dmi_get_system_info to stablelist (cestmir Kalina) [2120286] - kabi: add symbol devmap_managed_key to stablelist (cestmir Kalina) [2120286] - kabi: add symbol dev_base_lock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol destroy_workqueue to stablelist (cestmir Kalina) [2120286] - kabi: add symbol delayed_work_timer_fn to stablelist (cestmir Kalina) [2120286] - kabi: add symbol del_timer_sync to stablelist (cestmir Kalina) [2120286] - kabi: add symbol default_wake_function to stablelist (cestmir Kalina) [2120286] - kabi: add symbol csum_partial to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cpumask_next to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cpufreq_quick_get to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cpu_sibling_map to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cpu_number to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cpu_khz to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cpu_info to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cpu_bit_bitmap to stablelist (cestmir Kalina) [2120286] - kabi: add symbol congestion_wait to stablelist (cestmir Kalina) [2120286] - kabi: add symbol complete_and_exit to stablelist (cestmir Kalina) [2120286] - kabi: add symbol complete to stablelist (cestmir Kalina) [2120286] - kabi: add symbol commit_creds to stablelist (cestmir Kalina) [2120286] - kabi: add symbol clear_user to stablelist (cestmir Kalina) [2120286] - kabi: add symbol capable to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cancel_delayed_work_sync to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cancel_delayed_work to stablelist (cestmir Kalina) [2120286] - kabi: add symbol call_usermodehelper to stablelist (cestmir Kalina) [2120286] - kabi: add symbol call_rcu to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cachemode2protval to stablelist (cestmir Kalina) [2120286] - kabi: add symbol boot_cpu_data to stablelist (cestmir Kalina) [2120286] - kabi: add symbol blk_stack_limits to stablelist (cestmir Kalina) [2120286] - kabi: add symbol bitmap_release_region to stablelist (cestmir Kalina) [2120286] - kabi: add symbol bitmap_find_free_region to stablelist (cestmir Kalina) [2120286] - kabi: add symbol avenrun to stablelist (cestmir Kalina) [2120286] - kabi: add symbol autoremove_wake_function to stablelist (cestmir Kalina) [2120286] - kabi: add symbol atomic_notifier_chain_unregister to stablelist (cestmir Kalina) [2120286] - kabi: add symbol atomic_notifier_chain_register to stablelist (cestmir Kalina) [2120286] - kabi: add symbol async_synchronize_full_domain to stablelist (cestmir Kalina) [2120286] - kabi: add symbol async_synchronize_full to stablelist (cestmir Kalina) [2120286] - kabi: add symbol alloc_workqueue to stablelist (cestmir Kalina) [2120286] - kabi: add symbol alloc_chrdev_region to stablelist (cestmir Kalina) [2120286] - kabi: add symbol add_wait_queue_exclusive to stablelist (cestmir Kalina) [2120286] - kabi: add symbol add_wait_queue to stablelist (cestmir Kalina) [2120286] - kabi: add symbol add_timer to stablelist (cestmir Kalina) [2120286] - kabi: add symbol abort_creds to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _totalram_pages to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_write_unlock_irqrestore to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_write_unlock_bh to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_write_lock_irqsave to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_write_lock_bh to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_unlock_irqrestore to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_unlock_irq to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_unlock_bh to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_unlock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_trylock_bh to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_trylock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_lock_irqsave to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_lock_irq to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_lock_bh to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_lock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_read_unlock_irqrestore to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_read_unlock_bh to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_read_lock_irqsave to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_read_lock_bh to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _find_next_bit to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _find_first_zero_bit to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _find_first_bit to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _ctype to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _copy_to_user to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _copy_from_user to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __xa_insert to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_rsi to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_rdx to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_rdi to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_rcx to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_rbx to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_rbp to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_rax to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_r8 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_r15 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_r14 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_r13 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_r12 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_r10 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __warn_printk to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __wake_up to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __vmalloc to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __uv_hub_info_list to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __uv_cpu_info to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __unregister_chrdev to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __udelay to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __tasklet_schedule to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __sw_hweight64 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __sw_hweight32 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __stack_chk_fail to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __request_region to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __release_region to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __register_nmi_handler to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __register_blkdev to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __refrigerator to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __rcu_read_unlock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __rcu_read_lock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __put_user_8 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __put_user_4 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __put_user_2 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __put_cred to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __preempt_count to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __per_cpu_offset to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __num_online_cpus to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __node_distance to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __ndelay to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __mutex_init to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __msecs_to_jiffies to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __list_del_entry_valid to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __list_add_valid to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __kmalloc to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __init_waitqueue_head to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __init_swait_queue_head to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __init_rwsem to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __hw_addr_init to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __get_user_2 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __get_free_pages to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __fentry__ to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __cpu_possible_mask to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __cpu_online_mask to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __const_udelay to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __cond_resched to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __check_object_size to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __bitmap_weight to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __bitmap_intersects to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __bitmap_equal to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __bitmap_and to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __alloc_percpu to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __SCT__preempt_schedule to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __SCT__might_resched to stablelist (cestmir Kalina) [2120286] - kabi: re-enable build-time kabi-checks (cestmir Kalina) [2120321] - sfc: fix null pointer dereference in efx_hard_start_xmit (Inigo Huguet) [2129287] - sfc: fix TX channel offset when using legacy interrupts (Inigo Huguet) [2129287] [5.14.0-162.5.1_1] - redhat: change default dist suffix for RHEL 9.1 (Patrick Talbert) - netfilter: nf_tables: clean up hook list when offload flags check fails (Florian Westphal) [2121393] - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (Florian Westphal) [2121393] - netfilter: nf_conntrack_irc: Fix forged IP logic (Florian Westphal) [2121393] - netfilter: nf_conntrack_irc: Tighten matching on DCC message (Florian Westphal) [2121393] - netfilter: br_netfilter: Drop dst references before setting. (Florian Westphal) [2121393] - netfilter: flowtable: fix stuck flows on cleanup due to pending work (Florian Westphal) [2121393] - netfilter: flowtable: add function to invoke garbage collection immediately (Florian Westphal) [2121393] - netfilter: nf_tables: disallow binding to already bound chain (Florian Westphal) [2121393] - netfilter: nft_tunnel: restrict it to netdev family (Florian Westphal) [2121393] - netfilter: nf_tables: disallow updates of implicit chain (Florian Westphal) [2121393] - netfilter: nft_tproxy: restrict to prerouting hook (Florian Westphal) [2121393] - netfilter: ebtables: reject blobs that dont provide all entry points (Florian Westphal) [2121393] - netfilter: nf_tables: check NFT_SET_CONCAT flag if field_count is specified (Florian Westphal) [2121393] - netfilter: nf_tables: disallow NFT_SET_ELEM_CATCHALL and NFT_SET_ELEM_INTERVAL_END (Florian Westphal) [2121393] - netfilter: nf_tables: NFTA_SET_ELEM_KEY_END requires concat and interval flags (Florian Westphal) [2121393] - netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag (Florian Westphal) [2121393] - netfilter: nf_tables: possible module reference underflow in error path (Florian Westphal) [2121393] - netfilter: nf_tables: disallow NFTA_SET_ELEM_KEY_END with NFT_SET_ELEM_INTERVAL_END flag (Florian Westphal) [2121393] - netfilter: nf_tables: use READ_ONCE and WRITE_ONCE for shared generation id access (Florian Westphal) [2121393] - netfilter: nf_tables: fix null deref due to zeroed list head (Florian Westphal) [2121393] - netfilter: nf_tables: disallow jump to implicit chain from set element (Florian Westphal) [2121393] - netfilter: nfnetlink: re-enable conntrack expectation events (Florian Westphal) [2121393] [5.14.0-162.4.1] - iwlwifi: limit fw version for AC9560 to avoid fw crash (Inigo Huguet) [2096128] - configs: enable CONFIG_HP_ILO for aarch64 (Mark Salter) [2126153] [5.14.0-162.3.1] - scsi: restore setting of scmd->scsi_done() in EH and reset ioctl paths (Ewan D. Milne) [2120469] - x86/boot: Dont propagate uninitialized boot_params->cc_blob_address (Terry Bowman) [2124644] - ice: Allow operation with reduced device MSI-X (Petr Oros) [2107719] [5.14.0-162.2.1] - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (Ken Cox) [2109871] - drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (Vitaly Kuznetsov) [2030922] - drm/nouveau/kms/nv140-: Disable interlacing (Lyude Paul) [2122068] [5.14.0-162.1.1] - drm/amdgpu: Only disable prefer_shadow on hawaii (Lyude Paul) [2120670] - i40e: Fix kernel crash during module removal (Ivan Vecera) [2070375] - Revert net: macsec: update SCI upon MAC address change. (Sabrina Dubroca) [2118139] - redhat: enable zstream release numbering for rhel 9.1 (Patrick Talbert) - redhat: add missing CVE reference to latest changelog entries (Patrick Talbert) [5.14.0-162] - Revert ixgbevf: Mailbox improvements (Ken Cox) [2120548] - Revert ixgbevf: Add support for new mailbox communication between PF and VF (Ken Cox) [2120548] - posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Wander Lairson Costa) [2116968] {CVE-2022-2585} - fix race between exit_itimers() and /proc/pid/timers (Wander Lairson Costa) [2116968] {CVE-2022-2585} [5.14.0-161] - x86/ftrace: Use alternative RET encoding (Joe Lawrence) [2121368] - x86/ibt,ftrace: Make function-graph play nice (Joe Lawrence) [2121368] - x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Joe Lawrence) [2121368] - x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR (Joe Lawrence) [2121368] - redhat: remove GL_DISTGIT_USER, RHDISTGIT and unify dist-git cloning (Frantisek Hrbata) - random: allow reseeding DRBG with getrandom (Daiki Ueno) [2114854] [5.14.0-160] - iavf: Fix VLAN_V2 addition/rejection (Ivan Vecera) [2119701] - gve: Recording rx queue before sending to napi (Jordan Kimbrough) [2022916] - gve: fix the wrong AdminQ buffer queue index check (Jordan Kimbrough) [2022916] - gve: Fix GFP flags when allocing pages (Jordan Kimbrough) [2022916] - gve: Add tx|rx-coalesce-usec for DQO (Jordan Kimbrough) [2022916] - gve: Add consumed counts to ethtool stats (Jordan Kimbrough) [2022916] - gve: Implement suspend/resume/shutdown (Jordan Kimbrough) [2022916] - gve: Add optional metadata descriptor type GVE_TXD_MTD (Jordan Kimbrough) [2022916] - gve: remove memory barrier around seqno (Jordan Kimbrough) [2022916] - gve: Update gve_free_queue_page_list signature (Jordan Kimbrough) [2022916] - gve: Move the irq db indexes out of the ntfy block struct (Jordan Kimbrough) [2022916] - gve: Correct order of processing device options (Jordan Kimbrough) [2022916] - gve: fix for null pointer dereference. (Jordan Kimbrough) [2022916] - gve: fix unmatched u64_stats_update_end() (Jordan Kimbrough) [2022916] - gve: Fix off by one in gve_tx_timeout() (Jordan Kimbrough) [2022916] - gve: Add a jumbo-frame device option. (Jordan Kimbrough) [2022916] - gve: Implement packet continuation for RX. (Jordan Kimbrough) [2022916] - gve: Add RX context. (Jordan Kimbrough) [2022916] - gve: Track RX buffer allocation failures (Jordan Kimbrough) [2022916] - gve: Allow pageflips on larger pages (Jordan Kimbrough) [2022916] - gve: Add netif_set_xps_queue call (Jordan Kimbrough) [2022916] - gve: Recover from queue stall due to missed IRQ (Jordan Kimbrough) [2022916] - gve: Do lazy cleanup in TX path (Jordan Kimbrough) [2022916] - gve: Add rx buffer pagecnt bias (Jordan Kimbrough) [2022916] - gve: Switch to use napi_complete_done (Jordan Kimbrough) [2022916] - gve: report 64bit tx_bytes counter from gve_handle_report_stats() (Jordan Kimbrough) [2022916] - gve: fix gve_get_stats() (Jordan Kimbrough) [2022916] - gve: Properly handle errors in gve_assign_qpl (Jordan Kimbrough) [2022916] - gve: Avoid freeing NULL pointer (Jordan Kimbrough) [2022916] - gve: Correct available tx qpl check (Jordan Kimbrough) [2022916] - gve: Use kvcalloc() instead of kvzalloc() (Jordan Kimbrough) [2022916] - gve: DQO: avoid unused variable warnings (Jordan Kimbrough) [2022916] - gve: fix the wrong AdminQ buffer overflow check (Jordan Kimbrough) [2022916] - ath9k: htc: clean up statistics macros (Jose Ignacio Tornos Martinez) [2084600] {CVE-2022-1679} - ath9k: hif_usb: simplify if-if to if-else (Jose Ignacio Tornos Martinez) [2084600] {CVE-2022-1679} - ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (Jose Ignacio Tornos Martinez) [2084600] {CVE-2022-1679} - net: qcom/emac: Fix improper merge resolution in device_get_mac_address (Patrick Talbert) [2108539] - x86/speculation: Add LFENCE to RSB fill sequence (Waiman Long) [2115086] {CVE-2022-26373} - x86/speculation: Add RSB VM Exit protections (Waiman Long) [2115086] {CVE-2022-26373} - tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2115086] - x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (Waiman Long) [2115086] - lkdtm: Disable return thunks in rodata.c (Waiman Long) [2115086] - x86/amd: Use IBPB for firmware calls (Waiman Long) [2115086] - x86/bugs: Warn when ibrs mitigation is selected on Enhanced IBRS parts (Waiman Long) [2115086] - x86/alternative: Report missing return thunk details (Waiman Long) [2115086] - nvme-fc: restart admin queue if the caller needs to restart queue (Ewan D. Milne) [2104461] - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (Rahul Lakkireddy) [2109526] - scsi: csiostor: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (Rahul Lakkireddy) [2109526] MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1184 CVE-2022-28893 CVE-2022-23816 CVE-2022-21499 CVE-2022-39190 CVE-2022-2639 CVE-2022-21123 CVE-2021-3640 CVE-2022-0168 CVE-2022-1679 CVE-2022-21166 CVE-2022-36946 CVE-2022-2586 CVE-2022-20368 CVE-2020-36516 CVE-2022-0617 CVE-2022-28390 CVE-2022-21125 CVE-2022-23825 CVE-2022-26373 CVE-2022-1048 CVE-2022-1353 CVE-2022-1280 CVE-2022-1998 CVE-2022-29581 CVE-2022-29901 CVE-2022-0854 CVE-2022-24448 CVE-2022-29900 CVE-2022-1016 CVE-2022-1852 cpe:/o:oracle:linux:9:1:baseos_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [3.2.3-18] - Resolves: #2111177 - remote arbitrary files write inside the directories of connecting peers [3.2.3-17] - Resolves: #2116669 - zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field [3.2.3-16] - Related: #2081296 - Adding ci.fmf for separation of testing results [3.2.3-15] - Related: #2081296 - Disabling STI [3.2.3-14] - Resolves: #2071514 - A flaw found in zlib when compressing (not decompressing) certain inputs [3.2.3-13] - Resolves: #2079639 - rsync --atimes doesnt work [3.2.3-12] - Resolves: #2081296 - Enable fmf tests in centos stream [3.2.3-11] - Resolves: #2053198 - rsync segmentation fault [3.2.3-10] - Resolves: #2077431 - Read-only files that have changed xattrs fail to allow xattr changes MODERATE Copyright 2022 Oracle, Inc. CVE-2022-37434 cpe:/o:oracle:linux:9:1:baseos_base cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [7.76.1-19] - fix unpreserved file permissions (CVE-2022-32207) - fix HTTP compression denial of service (CVE-2022-32206) - fix FTP-KRB bad message verification (CVE-2022-32208) [7.76.1-18] - fix too eager reuse of TLS and SSH connections (CVE-2022-27782) [7.76.1-17] - fix leak of SRP credentials in redirects (CVE-2022-27774) [7.76.1-16] - add missing tests to Makefile [7.76.1-15] - fix credential leak on redirect (CVE-2022-27774) - fix auth/cookie leak on redirect (CVE-2022-27776) - fix bad local IPv6 connection reuse (CVE-2022-27775) - fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) LOW Copyright 2022 Oracle, Inc. CVE-2022-27775 cpe:/o:oracle:linux:9:1:baseos_base cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [4.16.4-101] - resolves: rhbz#2121317 - Do not require samba package in python3-samba [4.16.4-100] - Rebase to version 4.16.4 - resolves: rhbz#2108332 - Fix CVE-2022-32742 [ 4.16.3-101] - related: rhbz#2077487 - Rebase Samba to 4.16.3 - resolves: rhbz#2097655 - The pcap background queue process should not be stopped - resolves: rhbz#2100105 - Fix net ads info LDAP server and LDAP server name [4.16.2-102] - resolves: rhbz#2106279 - Fix crash in rpcd_classic [4.16.2-101] - resolves: rhbz#2093833 - Fix weak dependency on logrotate - resolves: rhbz#2096813 - Fix printer displays only after 300 seconds timeout [4.16.2-100] - Fix rpminspect abidiff - related: rhbz#2077487 - Rebase Samba to 4.16.2 [4.16.1-100] - resolves: rhbz#2077487 - Rebase Samba to the the latest 4.16.x release MODERATE Copyright 2022 Oracle, Inc. CVE-2022-32742 cpe:/o:oracle:linux:9:1:baseos_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [2.5.2-1] - Rebase to version 2.5.2 - resolves: rhbz#2109017 - Fix CVE-2022-32746 [2.5.1-1] - related: rhbz#2077490 - Rebase to version 2.5.1 [2.5.0-1] - resolves: rhbz#2077490 - Rebase to version 2.5.0 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-32746 cpe:/o:oracle:linux:9:1:baseos_base cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.10.4-9] - Guard face->size - Resolves: #2079280 [2.10.4-8] - Properly guard face_index - Resolves: #2079262 [2.10.4-7] - Avoid invalid face index - Resolves: #2079271 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-27406 CVE-2022-27404 CVE-2022-27405 cpe:/o:oracle:linux:9:1:baseos_base cpe:/a:oracle:linux:9::distro_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_developer cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9:4:baseos_base cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:2:baseos_base Oracle Linux 9 [3.9.14-1] - Update to 3.9.14 - Security fixes for CVE-2020-10735 and CVE-2021-28861 Resolves: rhbz#2120642, rhbz#1834423, rhbz#2128249 [3.9.13-3] - Fix test_get_ciphers in test_ssl.py for FIPS mode Resolves: rhbz#2058233 [3.9.13-2] - Security fix for CVE-2015-20107 Resolves: rhbz#2075390 [3.9.13-1] - Update to 3.9.13 Resolves: rhbz#2054702, rhbz#2059951 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-28861 CVE-2015-20107 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:1:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [1.46.5-3] - Add sanity check to extent manipulation (#2073549) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1304 cpe:/o:oracle:linux:9:1:baseos_base cpe:/a:oracle:linux:9::distro_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9:1:appstream_base cpe:/o:oracle:linux:9::baseos_developer cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:2:baseos_base Oracle Linux 9 [2.7.4-8] - Resolves:rh#2103849 - Update tests.yaml [2.7.4-7] - Resolves:rh#2103849 CVE-2022-33068 - Fix Covscan compiler warning for inclusion of parenthesis - Update tests.yaml [2.7.4-6] - Resolves:rh#2103849 CVE-2022-33068 harfbuzz: integer overflow in the component hb-ot-shape-fallback.c MODERATE Copyright 2022 Oracle, Inc. CVE-2022-33068 cpe:/o:oracle:linux:9:1:baseos_base cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9:1:appstream_base cpe:/o:oracle:linux:9::baseos_developer cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:2:baseos_base Oracle Linux 9 [12:4.4.2-17.b1] - omshell: add support for hmac-sha512 algorithm (#2083553) [12:4.4.2-16.b1] - Fix for CVE-2021-25220 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-25220 cpe:/o:oracle:linux:9:1:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.18.0-7] - lockState: do not print error: when exit code is unaffected (#2090926) [3.18.0-6] - fix potential DoS from unprivileged users via the state file (CVE-2022-1348) * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [3.18.0-4] - make renamecopy and copytruncate override each other (#1934601) - unify documentation of copy/copytruncate/renamecopy (#1934629) - fix resource leaks reported by Coverity [3.18.0-3] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [3.18.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [3.18.0-1] - new upstream version 3.18.0 [3.17.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [3.17.0-2] - Use make macros - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro [3.17.0-1] - new upstream version 3.17.0 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1348 cpe:/o:oracle:linux:9:1:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.3.3] - Rebased to libtirpc-1.3.3 (bz 2118157) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-46828 cpe:/o:oracle:linux:9:1:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [12.0.1-11.2] - Bump release and rebuild resolves: rhbz#2096010 [12.0.1-11.1] - Rebase to Fedora Rawhide resolves: rhbz#2080170 LOW Copyright 2022 Oracle, Inc. CVE-2021-46195 cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2.70.1-2] - Rebuild for mingw-zlib update resolves: rhbz#2116278 LOW Copyright 2022 Oracle, Inc. CVE-2021-28153 cpe:/a:oracle:linux:9::codeready_builder_developer cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1.2.12-2] - Fix changelog Related: rhbz#2068371 [1.2.12-1] - Bump version to 1.2.12 to fix CVE-2018-25032 Related: rhbz#2068371 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2018-25032 cpe:/a:oracle:linux:9::codeready_builder_developer cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [4.2.0-7.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [2:4.2.0-7] - update to the latest content of https://github.com/containers/podman/tree/v4.2.0-rhel (https://github.com/containers/podman/commit/35c0df3) - Resolves: #2120436 [2:4.2.0-6] - update to the latest content of https://github.com/containers/podman/tree/v4.2.0-rhel (https://github.com/containers/podman/commit/d520a5c) - Resolves: #2136845 [2:4.2.0-5] - properly obsolete catatonit - Resolves: #2123319 [2:4.2.0-4] - update to the latest content of https://github.com/containers/podman/tree/v4.2.0-rhel (https://github.com/containers/podman/commit/4978898) - Resolves: #2124676 LOW Copyright 2022 Oracle, Inc. CVE-2022-2990 CVE-2022-2989 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [7.0.100-0.5.rc2.0.1] - Set TargetRid based on os release major version, add OL arm64 RuntimeIdentifier [Orabug: 34671152] [7.0.100-0.5.rc2] - Add lldb as a build dependency - Related: RHBZ#2134641 [7.0.100-0.4.rc2] - Enable ppc64le builds - Related: RHBZ#2134641 [7.0.100-0.3.rc2] - Update to .NET 7 RC 2 - Resolves: RHBZ#2134641 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-41032 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [6.5.1-1] - Update to 6.5.1 Resolves: CVE-2022-3500 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-3500 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [0.8.7-12.1] - Add 0062-multipathd-ignore-duplicated-multipathd-command-keys.patch - Resolves: bz #2133998 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3787 cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 7 [1.20.4-19] - CVE fix for: CVE-2022-3550, CVE-2022-3551 Resolves: rhbz#2140765, rhbz#2140770 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3550 CVE-2022-3551 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 python39 [3.9.13-2] - Fix for CVE-2022-42919 Resolves: rhbz#2138705 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-42919 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 9 [3.9.14-1.1] - Fix for CVE-2022-42919 Resolves: rhbz#2138705 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-42919 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 [102.5.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.5.0-2] - Update to 102.5.0 build2 [102.5.0-1] - Update to 102.5.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-45410 CVE-2022-45412 CVE-2022-45406 CVE-2022-45421 CVE-2022-45404 CVE-2022-45403 CVE-2022-45416 CVE-2022-45409 CVE-2022-45411 CVE-2022-45408 CVE-2022-45420 CVE-2022-45418 CVE-2022-45405 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [102.5.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.5.0-1] - Update to 102.5.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-45418 CVE-2022-45404 CVE-2022-45406 CVE-2022-45410 CVE-2022-45403 CVE-2022-45409 CVE-2022-45420 CVE-2022-45411 CVE-2022-45416 CVE-2022-45412 CVE-2022-45405 CVE-2022-45421 CVE-2022-45408 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [102.5.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.5.0-1] - Update to 102.5.0 build1 [102.4.0-1] - Update to 102.4.0 build1 [102.3.0-7] - Fix for expat CVE-2022-40674 and non functional webrtc IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-45412 CVE-2022-45420 CVE-2022-45405 CVE-2022-45408 CVE-2022-45409 CVE-2022-45403 CVE-2022-45404 CVE-2022-45406 CVE-2022-45418 CVE-2022-45410 CVE-2022-45411 CVE-2022-45421 CVE-2022-45416 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [102.5.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [102.5.0-2] - Update to 102.5.0 build2 [102.5.0-1] - Update to 102.5.0 build1 [102.4.0-1] - Update to 102.4.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-45404 CVE-2022-45416 CVE-2022-45420 CVE-2022-45405 CVE-2022-45421 CVE-2022-45403 CVE-2022-45408 CVE-2022-45412 CVE-2022-45410 CVE-2022-45409 CVE-2022-45418 CVE-2022-45406 CVE-2022-45411 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [1:1.8.1.3-15] - Fix possible remote code execution vulnerability - Resolves: CVE-2022-41853 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-41853 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [102.5.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.5.0-2] - Update to 102.5.0 build2 [102.5.0-1] - Update to 102.5.0 build1 [102.4.0-1] - Update to 102.4.0 build1 [102.3.0-4] - Fix for expat CVE-2022-40674 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-45405 CVE-2022-45418 CVE-2022-45416 CVE-2022-45408 CVE-2022-45409 CVE-2022-45420 CVE-2022-45406 CVE-2022-45403 CVE-2022-45410 CVE-2022-45412 CVE-2022-45421 CVE-2022-45404 CVE-2022-45411 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [102.5.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] [102.5.0-1] - Update to 102.5.0 build1 [102.4.0-1] - Update to 102.4.0 build1 [102.3.0-7] - Fix for expat CVE-2022-40674 and non functional webrtc IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-45421 CVE-2022-45416 CVE-2022-45406 CVE-2022-45403 CVE-2022-45408 CVE-2022-45405 CVE-2022-45411 CVE-2022-45409 CVE-2022-45404 CVE-2022-45410 CVE-2022-45412 CVE-2022-45418 CVE-2022-45420 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.19.1-24.0.1] - Fixed race condition in krb5_set_password() [Orabug: 33609767] [1.19.1-24] - Fix integer overflows in PAC parsing (CVE-2022-42898) - Resolves: rhbz#2140970 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-42898 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:1:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 [1.18.2-22.0.1] - Fixed race condition in krb5_set_password() [Orabug: 33609767] [1.] - Fix integer overflows in PAC parsing (CVE-2022-42898) - Resolves: rhbz#2140967 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-42898 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:7:baseos_patch cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/o:oracle:linux:8:8:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 7 [1.15.1-55.0.1] - Add recursion limit for ASN.1 indefinite lengths [Orabug: 32582360] [1.15.1-55] - Fix integer overflows in PAC parsing (CVE-2022-42898) - Resolves: rhbz#2140961 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-42898 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 9 [6.6.2-2.1] - Resolves: #2142095 - CVE-2022-45060 varnish: Request Forgery Vulnerability IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-45060 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 varnish [6.0.8-2.1] - Resolves: #2142092 - CVE-2022-45060 varnish:6/varnish: Request Forgery Vulnerability [6.0.8-2] - Resolves: #2047650 - CVE-2022-23959 varnish:6/varnish: Varnish HTTP/1 Request Smuggling Vulnerability varnish-modules [0.15.0-6] - Related: #1982862 - rebuild for new varnish version IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-45060 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 7 [10.5.18-24] - ########################################################################## - # RHEL 7.9 (Batch Update 19): - ########################################################################## - Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen) - ########################################################################## - # RHCS 9.7 (Batch Update 19): - ########################################################################## - Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [certificate_system_9.7.z] (ckelley, mharmsen) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2414 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 nodejs [1:18.12.1-1] - Rebase + CVEs - Resolves: #2142809 - Resolves: #2142830, #2142856 nodejs-nodemon [2.0.20-1] - Rebase to 2.0.20 Resolves: CVE-2022-3517 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-43548 CVE-2022-3517 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 8 nodejs [1:18.12.1-2] - Update version of bundled histogram [1:18.12.1-1] - Rebase to version 18.12.1 Resolves: rhbz#2125580 CVE-2022-43548 CVE-2022-3517 [1:18.9.1-1] - Rebase to version 18.9.1 Resolves: CVE-2022-35255 CVE-2022-35256 nodejs-nodemon [2.0.20-1] - Rebase to 2.0.20 Resolves: CVE-2022-3517 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-3517 CVE-2022-43548 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 7 [0:5.2-19] - Fix arbitrary bytecode produced via out-of-bounds writing - Resolves: CVE-2022-42920 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-42920 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 httpd [2.4.37-43.0.2] - scoreboard: fix null pointer deference [Orabug: 33690670][CVE-2021-34798] - fix ap_escape_quote logic [Orabug: 33690686][CVE-2021-39275] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-34798 CVE-2021-39275 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [4.14.35-2047.510.5.2.el7uek] - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33722441] {CVE-2021-4155} [4.14.35-2047.510.5.1.el7uek] - fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33679805] {CVE-2021-0920} - fs: add fget_many() and fput_many() (Jens Axboe) [Orabug: 33679805] [4.14.35-2047.510.5.el7uek] - net/rds: RDS connection shutdown stuck after CQ access violation error (aru kolappan) [Orabug: 33585476] - ocfs2: fix race between searching chunks and release journal_head from buffer_head (Gautham Ananthakrishna) [Orabug: 33501677] - rds: ib: Ack seq not always received in monotonic increasing order (Hakon Bugge) [Orabug: 33620419] - net/rds: Refactor rds_ib_recv_refill_one (Freddy Carrillo) [Orabug: 33265955] - arm64: pcie: Intercept Pensando specific SError (Henry Willard) [Orabug: 33590080] - arm64: pcie: Change bad_mode hook to cap_pciep_access_in_progress() (Henry Willard) [Orabug: 33590080] - arm64: pcie: Remove Pensando SError trapping patch (Henry Willard) [Orabug: 33590080] - take care multiple extents in CoW extent converting (Wengang Wang) [Orabug: 33473949] - net/mlx5e: ethtool, Add support for EEPROM high pages query (Erez Alfasi) [Orabug: 33525560] - ethtool: Add SFF-8436 and SFF-8636 max EEPROM length definitions (Erez Alfasi) [Orabug: 33525560] - net/mlx5: Remove unnecessary prints from mlx5_enter_error_state. (Anand Khoje) [Orabug: 33651549] - uek-rpm: Add _raw_spin_trylock to KABI (John Donnelly) [Orabug: 33651431] - x86/clear_page: add alternative for clear_page_clzero() (Ankur Arora) [Orabug: 33651433] - x86/asm: add clzero based page clearing (Ankur Arora) [Orabug: 33580825] - x86/cpu/amd: enable X86_FEATURE_NT_GOOD on all AMD Zen models (Ankur Arora) [Orabug: 33580825] - x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (Kim Phillips) [Orabug: 33580825] - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (Giovanni Gherdovich) [Orabug: 33651434] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-0920 CVE-2021-4155 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [4.14.35-2047.510.5.2] - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33722441] {CVE-2021-4155} [4.14.35-2047.510.5.1] - fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33679805] {CVE-2021-0920} - fs: add fget_many() and fput_many() (Jens Axboe) [Orabug: 33679805] [4.14.35-2047.510.5] - net/rds: RDS connection shutdown stuck after CQ access violation error (aru kolappan) [Orabug: 33585476] - ocfs2: fix race between searching chunks and release journal_head from buffer_head (Gautham Ananthakrishna) [Orabug: 33501677] - rds: ib: Ack seq not always received in monotonic increasing order (Hakon Bugge) [Orabug: 33620419] - net/rds: Refactor rds_ib_recv_refill_one (Freddy Carrillo) [Orabug: 33265955] - arm64: pcie: Intercept Pensando specific SError (Henry Willard) [Orabug: 33590080] - arm64: pcie: Change bad_mode hook to cap_pciep_access_in_progress() (Henry Willard) [Orabug: 33590080] - arm64: pcie: Remove Pensando SError trapping patch (Henry Willard) [Orabug: 33590080] - take care multiple extents in CoW extent converting (Wengang Wang) [Orabug: 33473949] - net/mlx5e: ethtool, Add support for EEPROM high pages query (Erez Alfasi) [Orabug: 33525560] - ethtool: Add SFF-8436 and SFF-8636 max EEPROM length definitions (Erez Alfasi) [Orabug: 33525560] - net/mlx5: Remove unnecessary prints from mlx5_enter_error_state. (Anand Khoje) [Orabug: 33651549] - uek-rpm: Add _raw_spin_trylock to KABI (John Donnelly) [Orabug: 33651431] - x86/clear_page: add alternative for clear_page_clzero() (Ankur Arora) [Orabug: 33651433] - x86/asm: add clzero based page clearing (Ankur Arora) [Orabug: 33580825] - x86/cpu/amd: enable X86_FEATURE_NT_GOOD on all AMD Zen models (Ankur Arora) [Orabug: 33580825] - x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (Kim Phillips) [Orabug: 33580825] - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (Giovanni Gherdovich) [Orabug: 33651434] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-0920 CVE-2021-4155 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.302.7.2] - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33699625] {CVE-2021-4155} [5.4.17-2136.302.7.1] - fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33691332] {CVE-2021-0920} [5.4.17-2136.302.7] - rds: ib: Reduce the contention caused by the asynchronous workers to flush the mr pool (Praveen Kumar Kannoju) [Orabug: 33671425] - rds: ib: Ack seq not always received in monotonic increasing order (Hakon Bugge) [Orabug: 33671414] - net/rds: Don't pummel the subnet-manager (Gerd Rausch) [Orabug: 33671407] - EDAC/i10nm: Add detection of memory levels for ICX/SPR servers (Qiuxu Zhuo) [Orabug: 33601775] - EDAC/skx_common: Add new ADXL components for 2-level memory (Qiuxu Zhuo) [Orabug: 33601775] - EDAC, skx_common: Refactor so that we initialize dev in result of adxl decode. (Tony Luck) [Orabug: 33601775] - uek-rpm: Add ktime_get_coarse_ts64 to KABI (John Donnelly) [Orabug: 33671383] - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (Giovanni Gherdovich) [Orabug: 33671378] - net: ipv6: Discard next-hop MTU less than minimum link MTU (Georg Kohmann) [Orabug: 33671371] - ocfs2: fix race between searching chunks and release journal_head from buffer_head (Gautham Ananthakrishna) [Orabug: 33671363] - rds/ib: Use both iova and key in free_mr socket call (aru kolappan) [Orabug: 33671236] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-0920 CVE-2021-4155 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.302.7.2] - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33699625] {CVE-2021-4155} [5.4.17-2136.302.7.1] - fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33691332] {CVE-2021-0920} [5.4.17-2136.302.7] - rds: ib: Reduce the contention caused by the asynchronous workers to flush the mr pool (Praveen Kumar Kannoju) [Orabug: 33671425] - rds: ib: Ack seq not always received in monotonic increasing order (Hakon Bugge) [Orabug: 33671414] - net/rds: Don't pummel the subnet-manager (Gerd Rausch) [Orabug: 33671407] - EDAC/i10nm: Add detection of memory levels for ICX/SPR servers (Qiuxu Zhuo) [Orabug: 33601775] - EDAC/skx_common: Add new ADXL components for 2-level memory (Qiuxu Zhuo) [Orabug: 33601775] - EDAC, skx_common: Refactor so that we initialize dev in result of adxl decode. (Tony Luck) [Orabug: 33601775] - uek-rpm: Add ktime_get_coarse_ts64 to KABI (John Donnelly) [Orabug: 33671383] - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (Giovanni Gherdovich) [Orabug: 33671378] - net: ipv6: Discard next-hop MTU less than minimum link MTU (Georg Kohmann) [Orabug: 33671371] - ocfs2: fix race between searching chunks and release journal_head from buffer_head (Gautham Ananthakrishna) [Orabug: 33671363] - rds/ib: Use both iova and key in free_mr socket call (aru kolappan) [Orabug: 33671236] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-4155 CVE-2021-0920 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.59.1.2] - fix regression in 'epoll: Keep a reference on files added to the check list' (Al Viro) [Orabug: 33679854] {CVE-2021-1048} - fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33679806] {CVE-2021-0920} - fs: add fget_many() and fput_many() (Jens Axboe) [Orabug: 33679806] - af_unix: fix garbage collect vs MSG_PEEK (Miklos Szeredi) [Orabug: 33679806] {CVE-2021-0920} - net: split out functions related to registering inflight socket files (Jens Axboe) [Orabug: 33679806] [4.1.12-124.59.1.1] - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33703630] {CVE-2021-4155} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-4155 CVE-2021-0920 CVE-2021-1048 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 7 [1.0.2k-23] - fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings - Resolves: rhbz#1996054 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-3712 cpe:/a:oracle:linux:7::userspace_ksplice Oracle Linux 7 [1.0.2k-23.0.1] - Change Epoch from 1 to 10 - Fix DH self-test to add shared secret comparison [Orabug: 32467026] - Add DH support changes for SP 800-56A rev3 requirements [Orabug: 32467059] - Add TLS KDF self-test [Orabug: 32467193] - Add EC keys pairwise consistency test [Orabug: 32467059] [1.0.2k-23] - fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings - Resolves: rhbz#1996054 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-3712 cpe:/a:oracle:linux:7::u8_security_validation Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.302.7.2.1] - vfs: fs_context: fix up param length parsing in legacy_parse_param (Jamie Hill-Daniel) [Orabug: 33761451] {CVE-2022-0185} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0185 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.302.7.2.1] - vfs: fs_context: fix up param length parsing in legacy_parse_param (Jamie Hill-Daniel) [Orabug: 33761451] {CVE-2022-0185} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0185 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 6 [0:1.2.14-6.4.1] - Fix remote code execution vulnerability - Resolves: CVE-2021-4104 [Orabug: 33689748] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-4104 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 8 [0.12.0-9] - Fix CVE-2022-1471 by using SafeConstructor. IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1471 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [102.6.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] [102.6.0-1] - Update to 102.6.0 build1 [102.5.0-2] - Added libwebrtc screencast patch for newer features IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-46881 CVE-2022-46882 CVE-2022-46880 CVE-2022-46874 CVE-2022-46872 CVE-2022-46878 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [102.6.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.6.0-1] - Update to 102.6.0 build1 [102.5.0-2] - Added libwebrtc screencast patch for newer features IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-46881 CVE-2022-46882 CVE-2022-46874 CVE-2022-46878 CVE-2022-46872 CVE-2022-46880 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [102.6.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.6.0-1] - Update to 102.6.0 build1 [102.5.0-2] - Added libwebrtc screencast patch for newer features IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-46882 CVE-2022-46874 CVE-2022-46872 CVE-2022-46881 CVE-2022-46878 CVE-2022-46880 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 nodejs [1:16.18.1-3] - Update sources of undici WASM blobs Resolves: rhbz#2151546 [1:16.18.1-2] - Record CVE references already addressed in this or previous upstream versions Resolves: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 [1:16.18.1-1] - Rebase + CVE fixes - Resolves: #2142806 - Resolves: #2142837, #2142851 nodejs-nodemon [2.0.20-2] - Record CVE fixed in the current or previous upstream versions Resolves: CVE-2021-44906 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-44906 CVE-2021-44532 CVE-2021-44533 CVE-2022-43548 CVE-2022-21824 CVE-2021-44531 CVE-2022-3517 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 6 [0.96-11.0.1.el6_10.1] - pkexec: local privilege escalation [Orabug: 33789506][CVE-2021-4034] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-4034 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 8 [102.6.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.6.0-2] - Update to 102.6.0 build2 [102.6.0-1] - Update to 102.6.0 build1 [102.5.0-3] - Use openssl for the librnp crypto backend to enable the openpgp encryption IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-46878 CVE-2022-46872 CVE-2022-46874 CVE-2022-46882 CVE-2022-46881 CVE-2022-46880 CVE-2022-45414 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [102.6.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [102.6.0-2] - Update to 102.6.0 build2 [102.6.0-1] - Update to 102.6.0 build1 [102.5.0-3] - Use openssl for the librnp crypto backend to enable the openpgp encryption IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-46882 CVE-2022-45414 CVE-2022-46878 CVE-2022-46881 CVE-2022-46872 CVE-2022-46874 CVE-2022-46880 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [102.6.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.6.0-2] - Update to 102.6.0 build2 [102.6.0-1] - Update to 102.6.0 build1 [102.5.0-3] - Use openssl for the librnp crypto backend to enable the openpgp encryption IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-45414 CVE-2022-46882 CVE-2022-46881 CVE-2022-46872 CVE-2022-46880 CVE-2022-46878 CVE-2022-46874 cpe:/a:oracle:linux:9::appstream Oracle Linux 6 Oracle Linux 7 [4.1.12-124.60.1] - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33699627] [Orabug: 33762471] {CVE-2021-4155} - fix regression in 'epoll: Keep a reference on files added to the check list' (Al Viro) [Orabug: 33679854] [Orabug: 33762505] {CVE-2021-1048} {CVE-2021-1048} - Bluetooth: fix use-after-free error in lock_sock_nested() (Wang ShaoBo) [Orabug: 33406421] {CVE-2021-3752} - vt_kdsetmode: extend console locking (Linus Torvalds) [Orabug: 33406445] {CVE-2021-3753} - Bluetooth: SMP: Fail if remote and local public keys are identical (Luiz Augusto von Dentz) [Orabug: 33556779] {CVE-2021-0129} - Bluetooth: use constant time memory comparison for secret values (Jason A. Donenfeld) [Orabug: 33556779] {CVE-2021-0129} - Bluetooth: Add bt_dev logging macros (Loic Poulain) [Orabug: 33556779] {CVE-2021-0129} - ovl: fix missing negative dentry check in ovl_rename() (Zheng Liang) [Orabug: 33694378] {CVE-2021-20321} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-1048 CVE-2021-3753 CVE-2021-20321 CVE-2021-4155 CVE-2021-0129 CVE-2021-3752 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 6 [32:9.8.2-0.68.rc1.0.3.8] - Backport fix for CVE-2018-5741 [Orabug: 33496185] [32:9.8.2-0.68.rc1.0.2.8] - Backport possible assertion failure on DNAME processing (CVE-2021-25215) [32:9.8.2-0.68.rc1.0.1.8] - Backport the fix for buffer overflow (CVE-2020-8625) (Orabug: 32588749) [32:9.8.2-0.68.rc1.8] - Fix tsig-request verify (CVE-2020-8622) [32:9.8.2-0.68.rc1.7] - Correct tests covering CVE-2020-8617 [32:9.8.2-0.68.rc1.6] - Add additional fix to limit recursions [32:9.8.2-0.68.rc1.5] - Add CVE tests to codebase [32:9.8.2-0.68.rc1.4] - Limit number of queries triggered by a request (CVE-2020-8616) - Fix invalid tsig request (CVE-2020-8617) [32:9.8.2-0.68.rc1.3] - Use only selected documentation files [32:9.8.2-0.68.rc1.2] - Fix CVE-2018-5743 [32:9.8.2-0.68.rc1.1] - Fix CVE-2018-5740 [32:9.8.2-0.68.rc1] - Fix CVE-2017-3145 [32:9.8.2-0.67.rc1] - Change EDNS flags only after successful query (#1416035) - Fix crash in ldap driver at bind-sdb stop (#1426626) [32:9.8.2-0.66.rc1] - Fix CVE-2017-3142 and CVE-2017-3143 [32:9.8.2-0.65.rc1] - Update root servers and trust anchors [32:9.8.2-0.64.rc1] - Fix DNSKEY that encountered a CNAME (#1447872, ISC change 3391) [32:9.8.2-0.63.rc1] - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) [32:9.8.2-0.62.rc1] - Fix and test caching CNAME before DNAME (ISC change 4558) [32:9.8.2-0.61.rc1] - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) [32:9.8.2-0.60.rc1] - Restore SELinux contexts before named restart [32:9.8.2-0.59.rc1] - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path [32:9.8.2-0.58.rc1] - Fix CVE-2016-8864 [32:9.8.2-0.57.rc1] - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) [32:9.8.2-0.56.rc1] - Do not include patch backup in docs (fixes #1325081 patch) [32:9.8.2-0.55.rc1] - Backported relevant parts of [RT #39567] (#1259923) [32:9.8.2-0.54.rc1] - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) [32:9.8.2-0.53.rc1] - Fix multiple realms in nsupdate script like upstream (#1313286) [32:9.8.2-0.52.rc1] - Fix multiple realm in nsupdate script (#1313286) [32:9.8.2-0.51.rc1] - Use resolver-query-timeout high enough to recover all forwarders (#1325081) [32:9.8.2-0.50.rc1] - Fix CVE-2016-2848 [32:9.8.2-0.49.rc1] - Fix infinite loop in start_lookup (#1306504) [32:9.8.2-0.48.rc1] - Fix CVE-2016-2776 [32:9.8.2-0.47.rc1] - Fix CVE-2016-1285 and CVE-2016-1286 [32:9.8.2-0.46.rc1] - Fix CVE-2015-8704 [32:9.8.2-0.45.rc1] - Updated named.ca hints file to the latest version (#1267991) [32:9.8.2-0.44.rc1] - Fix CVE-2015-8000 [32:9.8.2-0.43.rc1] - Fix excessive queries caused by DS chasing with stub zones when DNSSEC is not used (#1227189) - Added the fixed tarball with configuration to Sources (Related: #1223359) [32:9.8.2-0.42.rc1] - Don't use ISC's DLV by default (#1223359) [32:9.8.2-0.41.rc1] - Added support for CAA records (#1252611) [32:9.8.2-0.40.rc1] - Fix CVE-2015-5722 [32:9.8.2-0.39.rc1] - Fix CVE-2015-5477 [32:9.8.2-0.38.rc1] - Fix CVE-2015-4620 [32:9.8.2-0.37.rc1] - Resolves: 1215687 - DNS resolution failure in high load environment with SERVFAIL and 'out of memory/success' in the log [32:9.8.2-0.36.rc1] - Fix CVE-2015-1349 [32:9.8.2-0.35.rc1] - Enable RPZ-NSIP and RPZ-NSDNAME during compilation (#1176476) [32:9.8.2-0.34.rc1] - Fix race condition when using isc__begin_beginexclusive (#1175321) [32:9.8.2-0.33.rc1] - Sanitize SDB API to better handle database errors (#1146893) [32:9.8.2-0.32.rc1] - Fix CVE-2014-8500 (#1171974) [32:9.8.2-0.31.rc1] - Fix RRL slip behavior when set to 1 (#1112356) - Fix issue causing bind to hang after reload if using DYNDB (#1142152) [32:9.8.2-0.30.rc1] - Use /dev/urandom when generating rndc.key file (#951255) [32:9.8.2-0.29.rc1] - Remove bogus file from /usr/share/doc, introduced by fix for bug #1092035 [32:9.8.2-0.28.rc1] - Add support for TLSA resource records (#956685) - Increase defaults for lwresd workers and make workers and client objects number configurable (#1092035) [32:9.8.2-0.27.rc1] - Fix segmentation fault in nsupdate when -r option is used (#1064045) - Fix race condition on send buffer in host tool when sending UDP query (#1008827) - Allow authentication using TSIG in allow-notify configuration statement (#1044545) - Fix SELinux context of /var/named/chroot/etc/localtime (#902431) - Include updated named.ca file with root server addresses (#917356) - Don't generate rndc.key if there is rndc.conf on start-up (#997743) - Fix dig man page regarding how to disable IDN (#1023045) - Handle ICMP Destination unreachable (Protocol unreachable) response (#1066876) [32:9.8.2-0.26.rc1] - Configure BIND with --with-dlopen=yes to support dynamically loadable DLZ drivers (#846065) - Fix initscript to return correct exit value when calling checkconfig/configtest/check/test (#848033) - Don't (un)mount chroot filesystem when running initscript command configtest with running server (#851123) - Fix zone2sqlite tool to accept zones containing '.' or '-' or starting with a digit (#919414) - Fix initscript not to mount chroot filesystem is named is already running (#948743) - Fix initscript to check if the PID in PID-file is really s PID of running named server (#980632) - Correct the installed documentation ownership (#1051283) [32:9.8.2-0.25.rc1] - configure with --enable-filter-aaaa to enable use of filter-aaaa-on-v4 option (#1025008) - Fix race condition when destroying a resolver fetch object (#993612) - Fix the RRL functionality to include referrals-per-second and nodata-per-second options (#1036700) - Fix segfault on SERVFAIL to NXDOMAIN failover (#919545) [32:9.8.2-0.24.rc1] - Fix CVE-2014-0591 [32:9.8.2-0.23.rc1] - Fix gssapictx memory leak (#911167) [32:9.8.2-0.22.rc1] - fix CVE-2013-4854 [32:9.8.2-0.21.rc1] - fix CVE-2013-2266 - ship dns/rrl.h in -devel subpkg [32:9.8.2-0.20.rc1] - remove one bogus file from /usr/share/doc, introduced by RRL patch [32:9.8.2-0.19.rc1] - fix CVE-2012-5689 [32:9.8.2-0.18.rc1] - add response rate limit patch (#873624) [32:9.8.2-0.17.rc1] - fix CVE-2012-5688 [32:9.8.2-0.16.rc1] - initscript: silence spurious 'named.pid: No such file' error [32:9.8.2-0.15.rc1] - fix CVE-2012-5166 [32:9.8.2-0.14.rc1] - allow forward{,ers} statement in static-stub zones [32:9.8.2-0.13.rc1] - fix CVE-2012-4244 [32:9.8.2-0.12.rc1] - fix CVE-2012-3817 [32:9.8.2-0.11.rc1] - fix rbtnode.deadlink INSIST failures in rbtdb.c (#837165) [32:9.8.2-0.10.rc1] - fix CVE-2012-1667 [32:9.8.2-0.9.rc1] - fix race condition in the resolver module - nslookup: return non-zero exit code when fail to get answer (#816164) [32:9.8.2-0.8.rc1] - initscript: don't umount /var/named when didn't mount it [32:9.8.2-0.7.rc1] - don't fail when logfile cannot be opened (#809084) [32:9.8.2-0.6.rc1] - fix multilib regression in bind-devel (#800053) [32:9.8.2-0.5.rc1] - fix errors reported by Coverity - be more strict when caching NS RRsets (CVE-2012-1033) [32:9.8.2-0.4.rc1] - load dynamic-db plugins later (#795414) [32:9.8.2-0.3.rc1] - decrease severity of various errors related to outside DNS environment (#788870) - fixed various bind-chroot packaging errors (#789886) - use portreserve to reserve rndc control port (#790682) [32:9.8.2-0.2.rc1] - harden dns_zone_setmasterswithkeys() to avoid INSIST failures - build with '--enable-fixed-rrset' - fix potential memory leak in code which processes rndc authentication (#749582) - generate rndc.key during (#768798) - nslookup: improve handling of AA responses with recursion off - removed obsolete bind97-rh714049.patch patch [32:9.8.2-0.1.rc1] - update to 9.8.2rc1 - patches merged - bind97-rh754398.patch - bind97-rh700097.patch - bind97-rh734502.patch - bind97-rh746694-1.patch - bind97-rh746694-2.patch - bind97-rh739406-1.patch - bind97-rh739406-2.patch - ship DNSKEY for root zone in default configuration [32:9.7.3-10.P3] - disable atomic ops on ppc* because they caused named to hang/crash [32:9.7.3-9.P3] - fix race condition in resolver.c:validated() - improve error handling in zone.c:zone_refreshkeys() to avoid hang during shutdown [32:9.7.3-8.P3] - fix DOS against recursive servers (#754398) [32:9.7.3-7.P3] - fix memory leak in nsupdate when using SIG(0) keys [32:9.7.3-6.P3] - load/unload dyndb plugins on appropriate places to avoid crashes (#725577) - nsupdate could have failed if server has multiple IPs and the first was unreachable (#714049) - nsupdate returned zero when target zone didn't exist (#700097) - readd configtest target to initscript - print 'the working directory is not writable' as debug message - fix some Coverity warnings [32:9.7.3-5.P3] - fix rare race condition in request.c [32:9.7.3-4.P3] - update to 9.7.3-P3 (CVE-2011-2464) [32:9.7.3-3.P1] - update to 9.7.3-P1 (CVE-2011-1910) [32:9.7.3-2] - don't generate rndc.key during installation [32:9.7.3-1] - update to 9.7.3 (CVE-2011-0414) - patches merged - bind97-gsstsig.patch - bind97-rh664401.patch - bind97-rh623638.patch [32:9.7.2-8.P3] - regenerate fixed nsupdate manual page [32:9.7.2-7.P3] - improve host/dig resolv.conf parser (#rh669163) - improve internal test suite - don't mention that HMAC-MD5 is the only one TSIG algorighm in nsupdate manpage - initscript: sybsys name is always named, not named-sdb [32:9.7.2-6.P3] - named could die on exit after negotiating a GSS-TSIG key (#653486) - fix typo in initscript [32:9.7.2-5.P3] - include root zone DNSKEY in the bind package (#667375) [32:9.7.2-4.P3] - solve conflict between i686 and x86_64 bind-devel packages (#658045) - fix 'service named status' when used with named-sdb - fix 'krb5-self' update-policy rule processing (#664401) - don't check MD5, size and mtime of sysconfig/named [32:9.7.2-3.P3] - use same atomic operations on both ppc and ppc64 (#623638) - add new option DISABLE_ZONE_CHECKING to sysconfig/named (#623673) - document dig exit codes - add Requires: bind-libs to bind subpkgs - remove statement about system-config-bind from named.8 manpage (#660676) [32:9.7.2-2.P3] - host utility now honors 'attempts', 'timeout' and 'debug' options in resolv.conf (#622764) - initscript should kill only the 'correct' named process (#622785) - attempt to reconnect to PostgreSQL during each query if the initial connection failed (#623190) [32:9.7.2-1.P3] - update to 9.7.2-P3 (#623122) - patch bind97-managed-keyfile.patch replaced by bind97-compat-keysdir.patch - patches merged - bind97-rh554316.patch - bind97-rh576906.patch [32:9.7.0-5.P2] - update to 9.7.0-P2 [32:9.7.0-4.P1] - fix occassional crash on keytable.c:286 (#554316) - active query might be destroyed in resume_dslookup() which triggered REQUIRE failure (#507429) [32:9.7.0-3.P1] - update to 9.7.0-P1 release [32:9.7.0-2] - improve automatic DNSSEC reconfiguration trigger - initscript now returns 2 in case that action doesn't exist (#523435) - enable/disable chroot when bind-chroot is installed/uninstalled [32:9.7.0-1] - update to production 9.7.0 release [32:9.7.0-0.14.rc2] - obsolete dnssec-conf - automatically update configuration from old dnssec-conf based - improve default configuration; enable DLV by default - remove obsolete triggerpostun from bind-libs subpackage [32:9.7.0-0.13.rc2] - update to 9.7.0rc2 bugfix release (CVE-2010-0097 and CVE-2010-0290) [32:9.7.0-0.12.rc1] - initscript LSB related fixes (#523435) - revert the 'DEBUG' feature (#510283), it causes too many problems (#545128) [32:9.7.0-0.11.rc1] - disable PKCS11 support. PKCS11 support in openssl is not available in RHEL6 [32:9.7.0-0.10.rc1] - update to 9.7.0rc1 - bind97-headers.patch merged - update default configuration [32:9.7.0-0.9.b3] - update to 9.7.0b3 [32:9.7.0-0.8.b2] - install isc/namespace.h header [32:9.7.0-0.7.b2] - update to 9.7.0b2 [32:9.7.0-0.6.b1] - update to 9.7.0b1 - add bind-pkcs11 subpackage to support PKCS11 compatible keystores for DNSSEC keys [32:9.7.0-0.5.a3] - don't package named-bootconf utility, it is very outdated and unneeded [32:9.7.0-0.4.a3] - determine file size via instead of 32_details 32_list 32_list_to_copy 32_list_to_copy_details 32_list_to_copy_details.out 32_list_to_copy_details.out_1 32_list_to_remove_and_ln 64_details 64_list 64_list_to_copy 64_list_to_copy_details 64_list_to_copy_details.out 64_list_to_copy_details.out_1 64_list_to_remove_and_ln 6.6 67_32_list 67_32_list_1 67_64_list 67_64_list_1 67_src_list 67_src_list_1 bak baselist baselist.out ctllist.ELBA-2020-5554-6 ctllist.ELSA-2022-9117-6 ctllist.RHBA-2020-3543-6 ctllist.RHSA-2019-3756-6 i386_rpms k next.ctllist.ELSA-2015-3055-6 pending sav.ctllist.RHBA-2017-3213-6a src_32_list_to_copy_details src_32_list_to_copy_details.out src_32_list_to_copy_details.out_1 src_64_list_to_copy_details src_64_list_to_copy_details.out src_64_list_to_copy_details.out_1 src_details src_list src_list_to_copy src_list_to_copy_32 src_list_to_copy_64 src_list_to_remove_and_ln src_list_to_remove_and_ln_64 src_rpms x86_64_rpms (#523682) [32:9.7.0-0.3.a3] - update to 9.7.0a3 [32:9.7.0-0.2.a2] - improve chroot related documentation (#507795) - add NetworkManager dispatcher script to reload named when network interface is activated/deactivated (#490275) - don't set/unset named_write_master_zones SELinux boolean every time in initscript, modify it only when it's actually needed [32:9.7.0-0.1.a2] - update to 9.7.0a2 - merged patches - bind-96-db_unregister.patch - bind96-rh507469.patch [32:9.6.1-9.P1] - next attempt to fix the postun trigger (#520385) - remove obsolete bind-9.3.1rc1-fix_libbind_includedir.patch [32:9.6.1-8.P1] - rebuilt with new openssl [32:9.6.1-7.P1] - update the patch for dynamic loading of database backends [32:9.6.1-6.P1] - 9.6.1-P1 release (CVE-2009-0696) - fix postun trigger (#513016, hopefully) [32:9.6.1-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [32:9.6.1-4] - remove useless bind-9.3.3rc2-rndckey.patch [32:9.6.1-3] - fix broken symlinks in bind-libs (#509635) - fix typos in /etc/sysconfig/named (#509650) - add DEBUG option to /etc/sysconfig/named (#510283) [32:9.6.1-2] - improved 'chroot automount' patches (#504596) - host should fail if specified server doesn't respond (#507469) [32:9.6.1-1] - 9.6.1 release - simplify chroot maintenance. Important files and directories are mounted into chroot (see /etc/sysconfig/named for more info, #504596) - fix doc/named.conf.default perms [32:9.6.1-0.4.rc1] - 9.6.1rc1 release [32:9.6.1-0.3.b1] - update the patch for dynamic loading of database backends - create %{_libdir}/bind directory - copy default named.conf to doc directory, shared with s-c-bind (atkac) [32:9.6.1-0.2.b1] - update the patch for dynamic loading of database backends - fix dns_db_unregister() - useradd now takes '-N' instead of '-n' (atkac, #495726) - print nicer error msg when zone file is actually a directory (atkac, #490837) [32:9.6.1-0.1.b1] - 9.6.1b1 release - patches merged - bind-96-isc_header.patch - bind-95-rh469440.patch - bind-96-realloc.patch - bind9-fedora-0001.diff - use -version-number instead of -version-info libtool param [32:9.6.0-11.1.P1] - logrotate configuration file now points to /var/named/data/named.run by default (#489986) [32:9.6.0-11.P1] - fall back to insecure mode when no supported DNSSEC algorithm is found instead of SERVFAIL - don't fall back to non-EDNS0 queries when DO bit is set [32:9.6.0-10.P1] - enable DNSSEC only if it is enabled in sysconfig/dnssec [32:9.6.0-9.P1] - add DNSSEC support to initscript, enabled it per default - add requires dnssec-conf [32:9.6.0-8.P1] - fire away libbind, it is now separate package [32:9.6.0-7.P1] - fixed some read buffer overflows (upstream) [32:9.6.0-6.P1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [32:9.6.0-5.P1] - update the patch for dynamic loading of database backends - include iterated_hash.h [32:9.6.0-4.P1] - rebuild for dependencies [32:9.6.0-3.P1] - rebuild against new openssl [32:9.6.0-2.P1] - 9.6.0-P1 release (CVE-2009-0025) [32:9.6.0-1] - Happy new year - 9.6.0 release [32:9.6.0-0.7.rc2] - 9.6.0rc2 release - bind-96-rh475120.patch merged [32:9.6.0-0.6.rc1] - add patch for dynamic loading of database backends [32:9.6.0-0.5.1.rc1] - allow to reuse address for non-random query-source ports (#475120) [32:9.6.0-0.5.rc1] - 9.6.0rc1 release - patches merged - bind-9.2.0rc3-varrun.patch - bind-95-sdlz-include.patch - bind-96-libxml2.patch - fixed rare use-after-free problem in host utility (#452060) - enabled chase of DNSSEC signature chains in dig [32:9.6.0-0.4.1.b1] - improved sample config file (#473586) [32:9.6.0-0.4.b1] - reverted previous change, koji doesn't like it [32:9.6.0-0.3.b1] - build bind-chroot as noarch [32:9.6.0-0.2.1.b1] - updates due libtool 2.2.6 - don't pass -DLDAP_DEPRECATED to cpp, handle it directly in sources [32:9.6.0-0.2.b1] - make statistics http server working, patch backported from 9.6 HEAD [32:9.6.0-0.1.b1] - 9.6.0b1 release - don't build ODBC and Berkeley DB DLZ drivers - end of bind-chroot-admin script, copy config files to chroot manually - /proc doesn't have to be mounted to chroot - temporary use libbind from 9.5 series, noone has been released for 9.6 yet [32:9.5.1-0.8.4.b2] - dig/host: use only IPv4 addresses when -4 option is specified (#469440) [32:9.5.1-0.8.2.b2] - removed unneeded bind-9.4.1-ldap-api.patch [32:9.5.1-0.8.1.b2] - ship dns/{s,}dlz.h and isc/radix.h in bind-devel [32:9.5.1-0.8.b2] - removed bind-9.4.0-dnssec-directory.patch, it is wrong [32:9.5.1-0.7.b2] - 9.5.1b2 release - patches merged - bind95-rh454783.patch - bind-9.5-edns.patch - bind95-rh450995.patch - bind95-rh457175.patch [32:9.5.1-0.6.b1] - IDN output strings didn't honour locale settings (#461409) [32:9.5.1-0.5.b1] - disable transfer stats on DLZ zones (#454783) [32:9.5.1-0.4.b1] - add forgotten patch for #457175 - build with -O2 [32:9.5.1-0.3.b1] - static libraries are no longer supported - IP acls weren't merged correctly (#457175) - use fPIE on sparcv9/sparc64 (Dennis Gilmore) - add sparc64 to list of 64bit arches in spec (Dennis Gilmore) [32:9.5.1-0.2.b1] - updated patches due new rpm (--fuzz=0 patch parameter) [32:9.5.1-0.1.1.b1] - use %patch0 for Patch0 (#455061) - correct source address (#455118) [32:9.5.1-0.1.b1] - 9.5.1b1 release (CVE-2008-1447) - dropped bind-9.5-recv-race.patch because upstream doesn't want it [32:9.5.0-37.1] - update default named.conf statements (#452708) [32:9.5.0-37] - some compat changes to fix building on RHEL4 [32:9.5.0-36.3] - fixed typo in %posttrans script [32:9.5.0-36.2] - parse inner acls correctly (#450995) [32:9.5.0-36.1] - removed dns-keygen utility in favour of rndc-confgen -a (#449287) - some minor sample fixes (#449274) [32:9.5.0-36] - updated to 9.5.0 final - use getifaddrs to find available interfaces [32:9.5.0-35.rc1] - make /var/run/named writable by named (#448277) - fixed one non-utf8 file [32:9.5.0-34.rc1] - fixes needed to pass package review (#225614) [32:9.5.0-33.1.rc1] - bind-chroot now depends on bind (#446477) [32:9.5.0-33.rc1] - updated to 9.5.0rc1 - merged patches - bind-9.5-libcap.patch - make binaries readable by others (#427826) [32:9.5.0-32.b3] - reverted 'any' patch, upstream says not needed - log EDNS failure only when we really switch to plain EDNS (#275091) - detect configuration file better [32:9.5.0-31.1.b3] - addresses 0.0.0.0 and ::0 really match any (#275091, comment #28) [32:9.5.0-31.b3] - readded bind-9.5-libcap.patch - added bind-9.5-recv-race.patch from F8 branch (#400461) [32:9.5.0-30.1.b3] - build Berkeley DB DLZ backend [32:9.5.0-30.b3] - 9.5.0b3 release - dropped patches (upstream) - bind-9.5-transfer-segv.patch - bind-9.5-mudflap.patch - bind-9.5.0-generate-xml.patch - bind-9.5-libcap.patch [32:9.5.0-29.3.b2] - fixed named.conf.sample file (#437569) [32:9.5.0-29.2.b2] - fixed URLs [32:9.5.0-29.1.b2] - BuildRequires cleanup [32:9.5.0-29.b2] - rebuild without mudflap (#434159) [32:9.5.0-28.b2] - port named to use libcap library, enable threads (#433102) - removed some unneeded Requires [32:9.5.0-27.b2] - removed conditional build with libefence (use -fmudflapth instead) - fixed building of DLZ stuff (#432497) - do not build Berkeley DB DLZ backend - temporary build with --disable-linux-caps and without threads (#433102) - update named.ca file to affect IPv6 changes in root zone [32:9.5.0-26.b2] - build with -D_GNU_SOURCE (#431734) - improved fix for #253537, posttrans script is now used - improved fix for #400461 - 9.5.0b2 - bind-9.3.2b1-PIE.patch replaced by bind-9.5-PIE.patch - only named, named-sdb and lwresd are PIE - bind-9.5-sdb.patch has been updated - bind-9.5-libidn.patch has been updated - bind-9.4.0-sdb-sqlite-bld.patch replaced by bind-9.5-sdb-sqlite-bld.patch - removed bind-9.5-gssapi-header.patch (upstream) - removed bind-9.5-CVE-2008-0122.patch (upstream) - removed bind-9.2.2-nsl.patch - improved sdb_tools Makefile.in [32:9.5.0-25.b1] - fixed segfault during sending notifies (#400461) - rebuild with gcc 4.3 series [32:9.5.0-24.b1] - removed bind-9.3.2-prctl_set_dumpable.patch (upstream) - allow parallel building of libdns library - CVE-2008-0122 [32:9.5.0-23.b1] - fixed initscript wait loop (#426382) - removed dependency on policycoreutils and libselinux (#426515) [32:9.5.0-22.b1] - fixed regression caused by libidn2 patch (#426348) [32:9.5.0-21.b1] - fixed typo in post section (CVE-2007-6283) [32:9.5.0-20.b1] - removed obsoleted triggers - CVE-2007-6283 [32:9.5.0-19.2.b1] - added dst/gssapi.h to -devel subpackage (#419091) - improved fix for (#417431) [32:9.5.0-19.1.b1] - fixed shutdown with initscript when rndc doesn't work (#417431) - fixed IDN patch (#412241) [32:9.5.0-19.b1] - 9.5.0b1 (#405281, #392491) [32:9.5.0-18.6.a7] - Rebuild for deps [32:9.5.0-18.5.a7] - build with -O0 [32:9.5.0-18.4.a7] - bind-9.5-random_ports.patch was removed because upstream doesn't like it. query-source{,v6} options are sufficient (#391931) - bind-chroot-admin called restorecon on /proc filesystem (#405281) [32:9.5.0-18.3.a7] - removed edns patch to keep compatibility with vanilla bind (#275091, comment #20) [32:9.5.0-18.2.a7] - use system port selector instead ISC's (#391931) [32:9.5.0-18.a7] - removed statement from initscript which passes -D to named [32:9.5.0-17.a7] - 9.5.0a7 - dropped patches (upstream) - bind-9.5-update.patch - bind-9.5-pool_badfree.patch - bind-9.5-_res_errno.patch [32:9.5.0-16.5.a6] - added bind-sdb again, contains SDB modules and DLZ modules - bind-9.3.1rc1-sdb.patch replaced by bind-9.5-sdb.patch [32:9.5.0-16.4.a6] - removed Requires: openldap, postgresql, mysql, db4, unixODBC - new L.ROOT-SERVERS.NET address [32:9.5.0-16.3.a6] - completely disable DBUS [32:9.5.0-16.2.a6] - minor cleanup in bind-chroot-admin [32:9.5.0-16.1.a6] - fixed typo in initscript [32:9.5.0-16.a6] - disabled DBUS (dhcdbd doesn't exist & #339191) [32:9.5.0-15.1.a6] - fixed missing va_end () functions (#336601) - fixed memory leak when dbus initialization fails [32:9.5.0-15.a6] - corrected named.5 SDB statement (#326051) [32:9.5.0-14.a6] - added edns patch again (#275091) [32:9.5.0-13.a6] - removed bind-9.3.3-edns.patch patch (see #275091 for reasons) [32:9.5.0-12.4.a6] - build with O2 - removed 'autotools' patch - bugfixing in bind-chroot-admin (#279901) [32:9.5.0-12.a6] - bind-9.5-2119_revert.patch and bind-9.5-fix_h_errno.patch are obsoleted by upstream bind-9.5-_res_errno.patch [32:9.5.0-11.9.a6] - fixed wrong resolver's dispatch pool cleanup (#275011, patch from tmraz redhat com) [32:9.5.0-11.3.a6] - initscript failure message is now printed correctly (#277981, Quentin Armitage (quentin armitage org uk) ) [32:9.5.0-11.2.a6] - temporary revert ISC 2119 change and add 'libbind-errno' patch (#254501) again [32:9.5.0-11.1.a6] - removed end dots from Summary sections (skasal@redhat.com) - fixed wrong file creation by autotools patch (skasal@redhat.com) [32:9.5.0-11.a6] - start using --disable-isc-spnego configure option - remove bind-9.5-spnego-memory_management.patch (source isn't compiled) [32:9.5.0-10.2.a6] - added new initscript option KEYTAB_FILE which specified where is located kerberos .keytab file for named service - obsolete temporary bind-9.5-spnego-memory_management.patch by bind-9.5-gssapictx-free.patch which conforms BIND coding standards (#251853) [32:9.5.0-10.a6] - dropped direct dependency to /etc/openldap/schema directory - changed hardcoded paths to macros - fired away code which configure LDAP server [32:9.5.0-9.1.a6] - named could crash with SRV record UPDATE (#251336) [32:9.5.0-9.a6] - disable 64bit dlz driver patch on alpha and ia64 (#251298) - remove wrong malloc functions from lib/dns/spnego.c (#251853) [32:9.5.0-8.2.a6] - changed licence from BSD-like to ISC [32:9.5.0-8.1.a6] - disabled named on all runlevels by default [32:9.5.0-8.a6] - minor next improvements on autotools patch - dig and host utilities now using libidn instead idnkit for IDN support [32:9.5.0-7.a6] - binutils/gcc bug rebuild (#249435) [32:9.5.0-6.a6] - updated to 9.5.0a6 which contains fixes for CVE-2007-2925 and CVE-2007-2926 - fixed building on 64bits [31:9.5.0a5-5] - integrated 'autotools' patch for testing purposes (upstream will accept it in future, for easier building) [31:9.5.0a5-4.1] - fixed DLZ drivers building on 64bit systems [31:9.5.0a5-4] - fixed relation between logrotated and chroot-ed named [31:9.5.0a5-3.9] - removed bind-sdb package (default named has compiled SDB backend now) - integrated DLZ (Dynamically loadable zones) drivers - integrated GSS-TSIG support (RFC 3645) - build with -O0 (many new features, potential core dumps will be more useful) [31:9.5.0a5-3.2] - initscript should be ready for parallel booting (#246878) [31:9.5.0a5-3] - handle integer overflow in isc_time_secondsastimet function gracefully (#247856) [31:9.5.0a5-2.2] - moved chroot configfiles into chroot subpackage (#248306) [31:9.5.0a5-2] - minor changes in default configuration - fix h_errno assigment during resolver initialization (unbounded recursion, #245857) - removed wrong patch to #150288 [31:9.5.0a5-1] - updated to latest upstream [31:9.4.1-7] - marked caching-nameserver as obsolete (#244604) - fixed typo in initscript (causes that named doesn't detect NetworkManager correctly) - next cleanup in configuration - moved configfiles into config.tar - removed delay between start & stop in restart function in named.init [31:9.4.1-6] - major changes in initscript. Could be LSB compatible now - removed caching-nameserver subpackage. Move configs from this package to main bind package as default configuration and major configuration cleanup [31:9.4.1-5] - very minor compatibility change in bind-chroot-admin (line 215) - enabled IDN support by default and don't distribute IDN libraries - specfile cleanup - add dynamic directory to /var/named. This directory will be primarily used for dynamic DNS zones. ENABLE_ZONE_WRITE and SELinux's named_write_master_zones no longer exist [31:9.4.1-4] - removed ldap-api patch and start using deprecated API - fixed minor problem in bind-chroot-admin script (#241103) [31:9.4.1-3] - fixed bind-chroot-admin dynamic DNS handling (#239149) - updated zone-freeze patch to latest upstream - ldap sdb has been rewriten to latest api (#239802) [31:9.4.1-2.fc7] - test build on new build system [31:9.4.1-1.fc7] - updated to 9.4.1 which contains fix to CVE-2007-2241 [31:9.4.0-8.fc7] - improved 'zone freeze patch' - if multiple zone with same name exists no zone is freezed - minor cleanup in caching-nameserver's config file - fixed race-condition in dbus code (#235809) - added forgotten restorecon statement in bind-chroot-admin [31:9.4.0-7.fc7] - removed DEBUGINFO option because with this option (default) was bind builded with -O0 and without this flag no debuginfo package was produced. (I want faster bind => -O2 + debuginfo) - fixed zone finding (#236426) [31:9.4.0-6.fc7] - added idn support (still under development with upstream, disabled by default) [31:9.4.0-5.fc7] - dnssec-signzone utility now doesn't ignore -d parameter [31:9.4.0-4.fc7] - removed query-source[-v6] options from caching-nameserver config (#209954, increase security) - throw away idn. It won't be ready in fc7 [31:9.4.0-3.fc7] - prepared bind to merge review - added experimental idn support to bind-utils utils (not enabled by default yet) - change chroot policy in caching-nameserver post section - fixed bug in bind-chroot-admin - rootdir function is called properly now [31:9.4.0-2.fc7] - added experimental SQLite support (written by John Boyd <jaboydjr@netwalk.com>) - moved bind-chroot-admin script to chroot package - bind-9.3.2-redhat_doc.patch is always applied (#231738) [31:9.4.0-1.fc7] - updated to 9.4.0 - bind-chroot-admin now sets EAs correctly (#213926) - throw away next_server_on_referral and no_servfail_stops patches (fixed in 9.4.0) [31:9.3.4-7.fc7] - minor cleanup in bind-chroot-admin script [31:9.3.4-6.fc7] - fixed broken bind-chroot-admin script (#227995) [31:9.3.4-5.fc7] - bind-chroot-admin now uses correct chroot path (#227600) [31:9.3.4-4.fc7] - fixed conflict between bind-sdb and ldap - removed duplicated bind directory in bind-libs [31:9.3.4-3.fc7] - fixed building without libbind - fixed post section (selinux commands is now in if-endif statement) - prever macro has been removed from version [31:9.3.4-2.fc7] - redirected output from bind-chroot prep and %preun stages to /dev/null [31:9.3.4-1.fc7] - updated to version 9.3.4 which contains security bugfixes [31:9.3.3-5.fc7] - package bind-libbind-devel has been marked as obsolete [31:9.3.3-4.fc7] - package bind-libbind-devel has beed removed (libs has been moved to bind-devel & bind-libs) - Resolves: #214208 [31:9.3.3-3] - fixed a multi-lib issue - Resolves: rhbz#222717 [31:9.3.3-2] - added namedGetForwarders written in shell (#176100), created by Baris Cicek <baris@nerd.com.tr>. [31:9.3.3-1] - update to 9.3.3 final - fix for #219069: file included twice in src.rpm [31:9.3.3-0.1.rc3] - added back an interval to restart - renamed package, it should meet the N-V-R criteria - fix for #216185: bind-chroot-admin able to change root mode 750 - added fix from #215997: incorrect permissions on dnszone.schema - added a notice to init script when /etc/named.conf doesn't exist (#216075) [30:9.3.3-6] - fix for #200465: named-checkzone and co. cannot be run as non-root user - fix for #212348: chroot'd named causes df permission denied error - fix for #211249, #211083 - problems with stopping named - fix for #212549: init script does not unmount /proc filesystem - fix for #211282: EDNS is globally enabled, crashing CheckPoint FW-1, added edns-enable options to named configuration file which can suppress EDNS in queries to DNS servers (see /usr/share/doc/bind-9.3.3/misc/options) - fix for #212961: bind-chroot doesn't clean up its mess on %preun - update to 9.3.3rc3, removed already merged patches [30:9.3.3-5] - fix for #209359: bind-libs from compatlayer CD will not install on ia64 [30:9.3.3-4] - added fix for #210096: warning: group named does not exist - using root [30:9.3.3-3] - added fix from #209400 - Bind Init Script does not create the PID file always, created by Jeff Means - added timeout to stop section of init script. The default is 100 sec. and can be adjusted by NAMED_SHUTDOWN_TIMEOUT shell variable. [30:9.3.3-2] - removed chcon from %post script, replaced by restorecon (Bug 202547, comment no. 37) [30:9.3.3-1] - updated to the latest upstream (9.3.3rc2) [30:9.3.2-41] - added upstream patch for correct SIG handling - CVE-2006-4095 [30:9.3.2-40] - suppressed messages from bind-chroot-admin - cleared notes about bind-config [30:9.3.2-39] - added fix for #203522 - 'bind-chroot-admin -e' command fails [30:9.3.2-38] - fix for #203194 - tmpfile usage [30:9.3.2-37] - fix for #202542 - /usr/sbin/bind-chroot-admin: No such file or directory - fix for #202547 - file_contexts: invalid context [30:9.3.2-36] - added Provides: bind-config [30:9.3.2-35] - fix bug 197493: renaming subpackage bind-config to caching-nameserver [30:9.3.2-34] - fix bug 199876: make '%exclude libbbind.*' conditional on %{LIBBIND} [30:9.3.2-33] - fix #195881, perms are not packaged correctly [30:9.3.2-32] - fix addenda to bug 189789: determination of selinux enabled was still not 100% correct in bind-chroot-admin - fix addenda to bug 196398: make named.init test for NetworkManager being enabled AFTER testing for -D absence; named.init now supports a 'DISABLE_NAMED_DBUS' /etc/sysconfig/named setting to disable auto-enable of named dbus support if NetworkManager enabled. [30:9.3.2-30] - fix bug 196398 - Enable -D option automatically in initscript if NetworkManager enabled in any runlevel. - fix namedGetForwarders for new dbus - fix bug 195881 - libbind.so should be owned by bind-libbind-devel [30:9.3.2-28.FC6] - Rebuild against new dbus [30:9.3.2-27.FC6] - rebuild with fixed glibc-kernheaders [30:9.3.2-26.FC6.1] - rebuild [30:9.3.2-26.FC6] - fix bugs 191093, 189789 - backport selected fixes from upstream bind9 'v9_3_3b1' CVS version: ( see http://www.isc.org/sw/bind9.3.php 'Fixes' ): o change 2024 / bug 16027: named emitted spurious 'zone serial unchanged' messages on reload o change 2013 / bug 15941: handle unexpected TSIGs on unsigned AXFR/IXFR responses more gracefully o change 2009 / bug 15808: coverity fixes o change 1997 / bug 15818: named was failing to replace negative cache entries when a positive one for the type was learnt o change 1994 / bug 15694: OpenSSL 0.9.8 support o change 1991 / bug 15813: The configuration data, once read, should be treated as readonly. o misc. validator fixes o misc. resolver fixes o misc. dns fixes o misc. isc fixes o misc. libbind fixes o misc. isccfg fix o misc. lwres fix o misc. named fixes o misc. dig fixes o misc. nsupdate fix o misc. tests fixes [30:9.3.2-24.FC6] - and actually put the devel symlinks in the right subpackage [30:9.3.2-23.FC6] - rebuild for -devel deps [30:9.3.2-22] - apply upstream patch for ncache_adderesult segfault bug 173961 addenda - fix bug 188382: rpm --verify permissions inconsistencies - fix bug 189186: use /sbin/service instead of initscript - rebuild for new gcc, glibc-kernheaders [30:9.3.2-20] - fix resolver.c ncache_adderesult segfault reported in addenda to bug 173961 (upstream bugs #15642, #15528 ?) - allow named ability to generate core dumps after setuid (upstream bug #15753) [30:9.3.2-18] - fix bug 187529: make bind-chroot-admin deal with subdirectories properly [30:9.3.2-16] - fix bug 187286: prevent host(1) printing duplicate 'is an alias for' messages for the default AAAA and MX lookups as well as for the A lookup (it now uses the CNAME returned for the A lookup for the AAAA and MX lookups). This is upstream bug #15702 fixed in the unreleased bind-9.3.3 - fix bug 187333: fix SOURCE24 and SOURCE25 transposition [30:9.3.2-14] - fix bug 186577: remove -L/usr/lib from libbind.pc and more .spec file cleanup - add '%doc' sample configuration files in /usr/share/doc/bind*/sample - rebuild with new gcc and glibc [30:9.3.2-12] - fix typo in initscript - fix Requires(post): policycoreutils in sub-packages [30.9.3.2-10] - fix bug 185969: more .spec file cleanup [30.9.3.2-8] - Do not allow package to be installed if named:25 userid creation fails - Give libbind a pkg-config file - remove restorecon from bind-chroot-admin (not required). - fix named.caching-nameserver.conf (listen-on-v6 port 53 { ::1 };) [30:9.3.2-7] - fix issues with bind-chroot-admin [30:9.3.2-6] - replace caching-nameserver with bind-config sub-package - fix bug 177595: handle case where is a link in initscript - fix bug 177001: bind-config creates symlinks OK now - fix bug 176388: named.conf is now never replaced by any RPM - fix bug 176248: remove unecessary creation of rpmsave links - fix bug 174925: no replacement of named.conf - fix bug 173963: existing named.conf never modified - major .spec file cleanup [30:9.3.2-4.1] - bump again for double-long bug on ppc(64) [30:9.3.2-4] - regenerate redhat_doc patch for non-DBUS builds - allow dbus builds to work with dbus version < 0.6 (bz #179816) [30:9.3.2-3] - try supporting without dbus support [30:9.3.2-2.1] - Rebuild for new gcc, glibc, glibc-kernheaders [30:9.3.2-2] - fix bug 177854: temporary fix for broken kernel-2.6.15-1854+ /proc/net/if_inet6 format [30:9.3.2-1] - Upgrade to 9.3.2, released today [28:9.3.2rc1-2] - fix bug 176100: do not Require: perl just for namedGetForwarders ! * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> - rebuilt [28:9.3.2rc-1] - Upgrade to upstream version 9.3.2rc1 - fix namedSetForwarders -> namedGetForwarders SOURCE14 typo [24:9.3.1-26] - rebuild for new dbus 0.6 dependency; remove use of DBUS_NAME_FLAG_PROHIBIT_REPLACEMENT [24:9.3.1-24] - allow D-BUS support to work in bind-chroot environment: workaround latest selinux policy by mounting /var/run/dbus/ under chroot instead of /var/run/dbus/system-bus-socket [24:9.3.1-22] - fix bug 172632 - remove .la files - ship namedGetForwarders and namedSetForwarders scripts - fix detection of -D option in chroot [24:9.3.1-21] - rebuilt with new openssl [24.9.3.1-20] - Allow the -D enable D-BUS option to be used within bind-chroot . - fix bug 171226: supply some documentation for pgsql SDB . [24:9.3.1-18] - fix bug 169969: do NOT call dbus_svc_dispatch() in dbus_mgr_init_dbus() - task->state != task_ready and will cause Abort in task.c if process is waiting for NameOwnerChanged to do a SetForwarders [24:9.3.1-16] - Fix reconnecting to dbus-daemon after it stops & restarts . [24:9.3.1-14] - When forwarder nameservers are changed with D-BUS, flush the cache. [24:9.3.1-12] - fix bug 168302: use %{__cc} for compiling dns-keygen - fix bug 167682: bind-chroot directory permissions - fix issues with -D dbus option when dbus service not running or disabled [24:9.3.1-12] - fix bug 167062: named should be started after syslogd by default [24:9.3.1-11] - fix bug 166227: host: don't do default AAAA and MX lookups with '-t a' option [24:9.3.1-10] - Build with D-BUS patch by default; D-BUS support enabled with named -D option - Enable D-BUS for named_sdb also - fix sdb pgsql's zonetodb.c: must use isc_hash_create() before dns_db_create() - update fix for bug 160914 : test for RD=1 and ARCOUNT=0 also before trying next server - fix named.init script to handle named_sdb properly - fix named.init script checkconfig() to handle named '-c' option and make configtest, test, check configcheck synonyms [24:9.3.1-8] - fix named.init script bugs 163598, 163409, 151852(addendum) [24:9.3.1-7] - fix bug 160914: resolver utilities should try next server on empty referral (now that glibc bug 162625 is fixed) host and nslookup now by default try next server on SERVFAIL (host now has '-s' option to disable, and nslookup given '[no]fail' option similar to dig's [no]fail option). - rebuild and re-test with new glibc & gcc (all tests passed). [24:9.3.1-6] - fix bug 157950: dig / host / nslookup should reject invalid resolv.conf files and not use uninitialized garbage nameserver values (ISC bug 14841 raised). [24:9.3.1-4_FC4] - Fix SDB LDAP [24:9.3.1-4] - Fix bug 157601: give named.init a configtest function - Fix bug 156797: named.init should check SELinux booleans.local before booleans - Fix bug 154335: if no controls in named.conf, stop named with -TERM sig, not rndc - Fix bug 155848: add NOTES section to named.8 man-page with info on all Red Hat BIND quirks and SELinux DDNS / slave zone file configuration - D-BUS patches NOT applied until dhcdbd is in FC [24:9.3.1-4_dbus] - Enhancement to allow dynamic forwarder table management and - DHCP forwarder auto-configuration with D-BUS [24:9.3.1-2_FC4] - Rebuild for bind-sdb libpq.so.3 dependency - fix bug 150981: don't install libbind man-pages if no libbind - fix bug 151852: mount proc on /proc to allow sysconf(...) to work and correct number of CPUs to be determined [24:9.3.1-1_FC4] - Upgrade to ISC BIND 9.3.1 (final release) released today. [22.9.3.1rc1-5] - fix bug 150288: h_errno not being accessed / set correctly in libbind - add libbind man-pages from bind-8.4.6 [22:9.3.1rc1-4] - Rebuild with gcc4 / glibc-2.3.4-14. [22:9.3.1rc1-3] - configure with --with-pic to get PIC libraries [22:9.3.1rc1-2] - fix bug 149183: don't use getifaddrs() . [22:9.3.1rc1-1] - Upgrade to 9.3.1rc1 - Add Simplified Database Backend (SDB) sub-package ( bind-sdb ) - add named_sdb - ldap + pgsql + dir database backend support with - 'ENABLE_SDB' named.sysconfig option - Add BIND resolver library & includes sub-package ( libbind-devel) - fix bug 147824 / 147073 / 145664: ENABLE_ZONE_WRITE in named.init - fix bug 146084 : shutup restorecon [22:9.3.0-2] - Fix bug 143438: named.init will now make correct ownership of /var/named - based on 'named_write_master_zones' SELinux boolean. - Fix bug 143744: dig & nsupdate IPv6 timeout (dup of 140528) [9.3.0-1] - Upgrade BIND to 9.3.0 in Rawhide / FC4 (bugs 134529, 133654...) [20:9.2.4-4] - Fix bugs 140528 and 141113: - 2 second timeouts when IPv6 not configured and root nameserver's - AAAA addresses are queried [20:9.2.4-2] - Fix bug 136243: bind-chroot %post must run restorecon -R /var/named/chroot - Fix bug 135175: named.init must return non-zero if named is not run - Fix bug 134060: bind-chroot %post must use mktemp, not /tmp/named - Fix bug 133423: bind-chroot %files entries should have been %dirs [20:9.2.4-1] - BIND 9.2.4 (final release) released - source code actually - identical to 9.2.4rc8, with only version number change. [10:9.2.4rc8-14] - Upgrade to upstream bind-9.2.4rc8 . - Progress: Finally! Hooray! ISC bind now distributes: - o named.conf(5) and nslookup(8) manpages - 'bind-manpages.bz2' source can now disappear - (could this have something to do with ISC bug I raised about this?) - o 'deprecation_msg' global has vanished - bind-9.2.3rc3-deprecation_msg_shut_up.diff.bz2 can disappear [10:9.2.4rc8-14] - Fix bug 106572/132385: copy /etc/localtime to chroot on start [10:9.2.4rc7-12_EL3] - Fix bug 132303: if ROOTDIR line was replaced after upgrade from - bind-chroot-9.2.2-21, restart named [10:9.2.4rc7-11_EL3] - Fix bug 131803: replace ROOTDIR line removed by broken - bind-chroot 9.2.2-21's '%postun'; added %triggerpostun for bind-chroot [10:9.2.4rc7-10_EL3] - Fix bugs 130121 & 130981 for RHEL-3 [10:9.2.4rc7-10] - Fix bug 130121: add '%ghost' entries for files included in previous - bind-chroot & not in current - ie. named.conf, rndc.key, dev/* - - that RPM removed after upgrade . * Thu Aug 26 2004 Jason Vas Dias <jvdias@redhat.com> - Fix bug 130981: add '-t' option to named-checkconf invocation in - named.init if chroot installed. * Wed Aug 25 2004 Jason Vas Dias <jvdias@redhat.com> - Remove resolver(5) manpage now in man-pages (bug 130792); - Don't create /dev/ entries in bind-chroot if already there (bug 127556); - fix bind-devel Requires (bug 130919) - Set default location for dumpdb & stats files to /var/named/data * Tue Aug 24 2004 Jason Vas Dias <jvdias@redhat.com> - Fix devel Requires for bug 130738 & fix version * Tue Aug 24 2004 Jason Vas Dias <jvdias@redhat.com> - Fix errors on clean install if named group does not exist - (bug 130777) * Thu Aug 19 2004 Jason Vas Dias <jvdias@redhat.com> - Upgrade to bind-9.2.4rc7; applied initscript fix - for bug 102035. * Mon Aug 09 2004 Jason Vas Dias <jvdias@redhat.com> - Fixed bug 129289: bind-chroot install / deinstall - on install, existing config files 'safe_replace'd - with links to chroot copies; on uninstall, moved back. * Fri Aug 06 2004 Jason Vas Dias <jvdias@redhat.com> - Fixed bug 129258: '/var/tmp' typo in spec * Wed Jul 28 2004 Jason Vas Dias <jvdias@redhat.com> - Fixed bug 127124 : 'Requires: kernel >= 2.4' - causes problems with Linux VServers * Tue Jul 27 2004 Jason Vas Dias <jvdias@redhat.com> - Fixed bug 127555 : chroot tar missing var/named/slaves * Fri Jul 16 2004 Jason Vas Dias <jvdias@redhat.com> - Upgraded to ISC version 9.2.4rc6 * Fri Jul 16 2004 Jason Vas Dias <jvdias@redhat.com> - Fixed named.init generation of error messages on - 'service named stop' and 'service named reload' - as per bug 127775 [9.2.3-19] - Bump for rhel 3.0 U3 [9.2.3-18] - remove disable-linux-caps [9.2.3-17] - Update RHEL3 to latest bind * Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com> - rebuilt [9.2.3-15] - Remove device files from chroot, Named uses the system one [9.2.3-14] - Move RFC to devel package [9.2.3-13] - Fix location of restorecon [9.2.3-12] - Tighten security on config files. Should be owned by root [9.2.3-11] - Update key patch to include conf-keygen [9.2.3-10] - fix chroot to only happen once. - fix init script to do kill insteall of killall [9.2.3-9] - Add fix for SELinux security context * Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com> - rebuilt * Sat Feb 28 2004 Florian La Roche <Florian.LaRoche@redhat.de> - run ldconfig for libs subrpm * Mon Feb 23 2004 Tim Waugh <twaugh@redhat.com> - Use ':' instead of '.' as separator for chown. [9.2.3-7] - Add COPYRIGHT * Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com> - rebuilt [9.2.3-5] - Add defattr to libs [9.2.3-4] - Break out library package [9.2.3-3] - Fix condrestart [9.2.3-2] - Move libisc and libdns to bind from bind-util [9.2.3-1] - Move to 9.2.3 [9.2.2.P3-10] - Add PIE support [9.2.2.P3-9] - Add /var/named/slaves directory * Sun Oct 12 2003 Florian La Roche <Florian.LaRoche@redhat.de> - do not link against libnsl, not needed for Linux [9.2.2.P3-6] - Fix local time in log file [9.2.2.P3-5] - Try again [9.2.2.P3-4] - Fix handling of chroot -/dev/random [9.2.2.P3-3] - Stop hammering stuff on update of chroot environment [9.2.2.P3-2] - Fix chroot directory to grab all subdirectories [9.2.2.P3-1] - New patch to support for 'delegation-only' [9.2.2-23] - patch support for 'delegation-only' [9.2.2-22] - Update to build on RHL [9.2.2-21] - Install libraries as exec so debug info will be pulled [9.2.2-20] - Remove BSDCOMPAT (BZ 99454) [9.2.2-19] - Update to build on RHL [9.2.2-18] - Change protections on /var/named and /var/chroot/named [9.2.2-17] - Update to build on RHL [9.2.2-16] - Update to build on RHEL * Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com> - rebuilt [9.2.2-14] - Update to build on RHEL [9.2.2-13] - Fix config description of named.conf in chroot - Change named.init script to check for existence of /etc/sysconfig/network [9.2.2-12] - Update to build on RHEL [9.2.2-11] - Update to build on RHEL [9.2.2-10] - Fix echo OK on starting/stopping service [9.2.2-9] - Update to build on RHEL [9.2.2-8] - Fix echo on startup [9.2.2-7] - Fix problems with chroot environment - Eliminate posix threads [9.2.2-6] - Fix build problems [9.2.2-5] - Fix build on beehive [9.2.2-4] - build bind-chroot kit [9.2.2-3] - Change configure to use proper threads model [9.2.2-2] - update to 9.2.2 [9.2.2-1] - update to 9.2.2 [9.2.1-16] - Put a sleep in restart to make sure stop completes * Wed Jan 22 2003 Tim Powers <timp@redhat.com> - rebuilt [9.2.1-14] - Separate /etc/rndc.key to separate file [9.2.1-13] - Use openssl's pkgconfig data, if available, at build-time. [9.2.1-12] - Fix log rotate to use service named reload - Change service named reload to give success/failure message [73770] - Fix File checking [75710] - Begin change to automatically run in CHROOT environment [9.2.1-10] - Fix startup script to work like all others. [9.2.1-9] - Fix configure to build on x86_64 platforms * Wed Aug 07 2002 Karsten Hopp <karsten@redhat.de> - fix #70583, doesn't build on IA64 [9.2.1-8] - bind-utils shouldn't require bind [9.2.1-7] - fix name of pidfine in logrotate script (#68842) - fix owner of logfile in logrotate script (#41391) - fix nslookup and named.conf man pages (output on stderr) (#63553, #63560, #63561, #54889, #57457) - add rfc1912 (#50005) - gzip all rfc's - fix typo in keygen.c (#54870) - added missing manpages (#64065) - shutdown named properly with rndc stop (#62492) - /sbin/nologin instead of /bin/false (#68607) - move nsupdate to bind-utils (where the manpage already was) (#66209, #66381) - don't kill initscript when rndc fails (reload) (#58750) [9.2.1-5] - Fix #65975 * Fri Jun 21 2002 Tim Powers <timp@redhat.com> - automated rebuild * Thu May 23 2002 Tim Powers <timp@redhat.com> - automated rebuild [9.2.1-2] - Move libisccc, lib isccfg and liblwres from bind-utils to bind, they're not required if you aren't running a nameserver. * Fri May 03 2002 Florian La Roche <Florian.LaRoche@redhat.de> - update to 9.2.1 release [9.2.0-8] - Merge 30+ bug fixes from 9.2.1rc1 code [9.2.0-7] - Don't exit if /etc/named.conf doesn't exist if we're running chroot (#60868) - Revert Elliot's changes, we do require specific glibc/glibc-kernheaders versions or bug #58335 will be back. 'It compiles, therefore it works' isn't always true. [9.2.0-6] - Fix BuildRequires (we don't need specific glibc/glibc-kernheaders versions). - Use _smp_mflags [9.2.0-4] - rebuild, require recent autoconf, automake (#58335) * Fri Jan 25 2002 Tim Powers <timp@redhat.com> - rebuild against new libssl * Wed Jan 09 2002 Tim Powers <timp@redhat.com> - automated rebuild [9.2.0-1] - 9.2.0 [9.2.0-0.rc10.2] - 9.2.0rc10 [9.2.0-0.rc8.2] - Fix up rndc.conf (#55574) [9.2.0-0.rc8.1] - rc8 - Enforce --enable-threads [9.2.0-0.rc7.1] - 9.2.0rc7 - Use rndc status for 'service named status', it's supposed to actually work in 9.2.x. [9.2.0-0.rc5.1] - 9.2.0rc5 - Fix rpm --rebuild with ancient libtool versions (#53938, #54257) [9.2.0-0.rc4.1] - 9.2.0rc4 [9.2.0-0.rc3.1] - 9.2.0rc3 - remove ttl patch, I don't think we need this for 8.0. - remove dig.1.bz2 from the bind8-manpages tar file, 9.2 has a new dig man page - add lwres* man pages to -devel [9.1.3-4] - Make sure /etc/rndc.conf isn't world-readable even after the %post script inserted a random key (#53009) [9.1.3-3] - Add build dependencies (#49368) - Make sure running service named start several times doesn't create useless processes (#47596) - Work around the named parent process returning 0 even if the config file is broken (it's parsed later by the child processes) (#45484) [9.1.3-2] - Don't use rndc status, it's not yet implemented (#48839) * Sun Jul 08 2001 Florian La Roche <Florian.LaRoche@redhat.de> - update to 9.1.3 release [9.1.3-0.rc3.1] - Fix up rndc configuration and improve security (#46586) [9.1.3-0.rc2.2] - Sync with caching-nameserver-7.1-6 [9.1.3-0.rc2.1] - Update to rc2 [9.1.3-0.rc1.3] - Remove resolv.conf(5) man page, it's now in man-pages [9.1.3-0.rc1.2] - Add named.conf man page from bind 8.x (outdated, but better than nothing, - Rename the rndc key (#42895) - Add dnssec* man pages [9.1.3-0.rc1.1] - 9.1.3rc1 - s/Copyright/License/ [9.1.2-1] - 9.1.2 final. No changes between 9.1.2-0.rc1.1 and this one, except for the version number, though. [9.1.2-0.rc1.1] - 9.1.2rc1 [9.1.1-1] - 9.1.1 [9.1.0-10] - Merge fixes from 9.1.1rc5 [9.1.0-9] - Work around bind 8 -> bind 9 migration problem when using buggy zone files: accept zones without a TTL, but spew out a big fat warning. (#31393) * Thu Mar 08 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Add fixes from rc4 * Fri Mar 02 2001 Nalin Dahyabhai <nalin@redhat.com> - rebuild in new environment * Thu Mar 01 2001 Bernhard Rosenkraenzer <bero@redhat.com> - killall -HUP named if rndc reload fails (#30113) * Tue Feb 27 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Merge some fixes from 9.1.1rc3 * Tue Feb 20 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Don't use the standard rndc key from the documentation, instead, create a random one at installation time (#26358) - Make /etc/rndc.conf readable by user named only, it contains secret keys * Tue Feb 20 2001 Bernhard Rosenkraenzer <bero@redhat.com> - 9.1.1 probably won't be out in time, revert to 9.1.0 and apply fixes from 9.1.1rc2 - bind requires bind-utils (#28317) * Tue Feb 13 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Update to rc2, fixes 2 more bugs - Fix build with glibc >= 2.2.1-7 * Thu Feb 08 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Update to 9.1.1rc1; fixes 17 bugs (14 of them affecting us; 1 was fixed in a Red Hat patch already, 2 others are portability improvements) * Wed Feb 07 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Remove initscripts 5.54 requirement (#26489) * Mon Jan 29 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Add named-checkconf, named-checkzone (#25170) * Mon Jan 29 2001 Trond Eivind Glomsrod <teg@redhat.com> - use echo, not gprintf * Wed Jan 24 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Fix problems with Patch from Daniel Roesen <droesen@entire-systems.com> Bug #24890 * Thu Jan 18 2001 Bernhard Rosenkraenzer <bero@redhat.com> - 9.1.0 final * Sat Jan 13 2001 Bernhard Rosenkraenzer <bero@redhat.com> - 9.1.0rc1 - i18nify init script - bzip2 source to save space * Thu Jan 11 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Fix %postun script * Tue Jan 09 2001 Bernhard Rosenkraenzer <bero@redhat.com> - 9.1.0b3 * Mon Jan 08 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Add named.conf man page from bind8 (#23503) * Sun Jan 07 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Make /etc/rndc.conf and /etc/sysconfig/named noreplace - Make devel require bind = %{version} rather than just bind * Sun Jan 07 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Fix init script for real * Sat Jan 06 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Fix init script when ROOTDIR is not set * Thu Jan 04 2001 Bernhard Rosenkraenzer <bero@redhat.com> - Add hooks for setting up named to run chroot (RFE #23246) - Fix up requirements * Fri Dec 29 2000 Bernhard Rosenkraenzer <bero@redhat.com> - 9.1.0b2 * Wed Dec 20 2000 Bernhard Rosenkraenzer <bero@redhat.com> - Move run files to /var/run/named/ - /var/run isn't writable by the user we're running as. (Bug #20665) * Tue Dec 19 2000 Bernhard Rosenkraenzer <bero@redhat.com> - Fix reverse lookups (#22272) - Run ldconfig in %post utils * Tue Dec 12 2000 Karsten Hopp <karsten@redhat.de> - fixed logrotate script (wrong path to kill) - include header files in -devel package - bugzilla #22049, #19147, 21606 * Fri Dec 08 2000 Bernhard Rosenkraenzer <bero@redhat.com> - 9.1.0b1 (9.1.0 is in our timeframe and less buggy) * Mon Nov 13 2000 Bernhard Rosenkraenzer <bero@redhat.com> - 9.0.1 * Mon Oct 30 2000 Bernhard Rosenkraenzer <bero@redhat.com> - Fix initscript (Bug #19956) - Add sample rndc.conf (Bug #19956) - Fix build with tar 1.13.18 * Tue Oct 10 2000 Bernhard Rosenkraenzer <bero@redhat.com> - Add some missing man pages (taken from bind8) (Bug #18794) * Sun Sep 17 2000 Bernhard Rosenkraenzer <bero@redhat.com> - 9.0.0 final * Wed Aug 30 2000 Bernhard Rosenkraenzer <bero@redhat.com> - rc5 - fix up nslookup * Thu Aug 24 2000 Bernhard Rosenkraenzer <bero@redhat.com> - rc4 * Thu Jul 13 2000 Bernhard Rosenkraenzer <bero@redhat.com> - 9.0.0rc1 * Wed Jul 12 2000 Prospector <bugzilla@redhat.com> - automatic rebuild * Sun Jul 09 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add 'exit 0' for uninstall case * Fri Jul 07 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add prereq init.d and cleanup install section * Fri Jun 30 2000 Trond Eivind Glomsrod <teg@redhat.com> - fix the init script * Wed Jun 28 2000 Nalin Dahyabhai <nalin@redhat.com> - make libbind.a and nslookup.help readable again by setting INSTALL_LIB to '' * Mon Jun 26 2000 Bernhard Rosenkranzer <bero@redhat.com> - Fix up the initscript (Bug #13033) - Fix build with current glibc (Bug #12755) - /etc/rc.d/init.d -> /etc/init.d - use %{_mandir} rather than /usr/share/man * Mon Jun 19 2000 Bill Nottingham <notting@redhat.com> - fix conflict with man-pages - remove compatibilty chkconfig links - initscript munging * Wed Jun 14 2000 Nalin Dahyabhai <nalin@redhat.com> - modify logrotate setup to use PID file - temporarily disable optimization by unsetting at build-time - actually bump the release this time * Sun Jun 04 2000 Bernhard Rosenkraenzer <bero@redhat.com> - FHS compliance * Mon Apr 17 2000 Nalin Dahyabhai <nalin@redhat.com> - clean up restart patch * Mon Apr 10 2000 Nalin Dahyabhai <nalin@redhat.com> - provide /var/named (fix for bugs #9847, #10205) - preserve args when restarted via ndc(8) (bug #10227) - make resolv.conf(5) a link to resolver(5) (bug #10245) - fix SYSTYPE bug in all makefiles - move creation of named user from %post into %pre * Mon Feb 28 2000 Bernhard Rosenkranzer <bero@redhat.com> - Fix TTL (patch from ISC, Bug #9820) * Wed Feb 16 2000 Bernhard Rosenkranzer <bero@redhat.com> - fix typo in spec (it's %post, without a leading blank) introduced in -6 - change SYSTYPE to linux * Fri Feb 11 2000 Bill Nottingham <notting@redhat.com> - pick a standard < 100 uid/gid for named * Fri Feb 04 2000 Elliot Lee <sopwith@redhat.com> - Pass named a '-u named' parameter by default, and add/remove user. * Thu Feb 03 2000 Bernhard Rosenkraenzer <bero@redhat.com> - fix host mx bug (Bug #9021) * Mon Jan 31 2000 Cristian Gafton <gafton@redhat.com> - rebuild to fix dependencies - man pages are compressed * Wed Jan 19 2000 Bernhard Rosenkraenzer <bero@redhat.com> - It's /usr/bin/killall, not /usr/sbin/killall (Bug #8063) * Mon Jan 17 2000 Bernhard Rosenkraenzer <bero@redhat.com> - Fix up location of named-bootconf.pl and make it executable (Bug #8028) - bind-devel requires bind * Mon Nov 15 1999 Bernhard Rosenkraenzer <bero@redhat.com> - update to 8.2.2-P5 * Wed Nov 10 1999 Bill Nottingham <notting@redhat.com> - update to 8.2.2-P3 * Tue Oct 12 1999 Cristian Gafton <gafton@redhat.com> - add patch to stop a cache only server from complaining about lame servers on every request. * Fri Sep 24 1999 Preston Brown <pbrown@redhat.com> - use real stop and start in named.init for restart, not ndc restart, it has problems when named has changed during a package update... (# 4890) * Fri Sep 10 1999 Bill Nottingham <notting@redhat.com> - chkconfig --del in %preun, not %postun * Mon Aug 16 1999 Bill Nottingham <notting@redhat.com> - initscript munging * Mon Jul 26 1999 Bill Nottingham <notting@redhat.com> - fix installed chkconfig links to match init file * Sat Jul 03 1999 Jeff Johnson <jbj@redhat.com> - conflict with new (in man-1.24) man pages (#3876,#3877). * Tue Jun 29 1999 Bill Nottingham <notting@redhat.com> - fix named.logrotate (wrong %SOURCE) * Fri Jun 25 1999 Jeff Johnson <jbj@redhat.com> - update to 8.2.1. - add named.logrotate (#3571). - hack around egcs-1.1.2 -m486 bug (#3413, #3485). - vet file list. * Fri Jun 18 1999 Bill Nottingham <notting@redhat.com> - don't run by default * Sun May 30 1999 Jeff Johnson <jbj@redhat.com> - nslookup fixes (#2463). - missing files (#3152). * Sat May 01 1999 Stepan Kasal <kasal@math.cas.cz> - nslookup patched: to count numRecords properly to fix subsequent calls to ls -d to parse 'view' and 'finger' commands properly the view hack updated for bind-8 (using sed) * Wed Mar 31 1999 Bill Nottingham <notting@redhat.com> - add ISC patch - add quick hack to make host not crash - add more docs * Fri Mar 26 1999 Cristian Gafton <gafton@redhat.com> - add probing information in the init file to keep linuxconf happy - dont strip libbind * Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com> - auto rebuild in the new build environment (release 3) * Wed Mar 17 1999 Preston Brown <pbrown@redhat.com> - removed 'done' output at named shutdown. * Tue Mar 16 1999 Cristian Gafton <gafton@redhat.com> - version 8.2 * Wed Dec 30 1998 Cristian Gafton <gafton@redhat.com> - patch to use the __FDS_BITS macro - build for glibc 2.1 * Wed Sep 23 1998 Jeff Johnson <jbj@redhat.com> - change named.restart to /usr/sbin/ndc restart * Sat Sep 19 1998 Jeff Johnson <jbj@redhat.com> - install man pages correctly. - change K10named to K45named. * Wed Aug 12 1998 Jeff Johnson <jbj@redhat.com> - don't start if /etc/named.conf doesn't exist. * Sat Aug 08 1998 Jeff Johnson <jbj@redhat.com> - autmagically create /etc/named.conf from /etc/named.boot in %post - remove echo in %post * Wed Jun 10 1998 Jeff Johnson <jbj@redhat.com> - merge in 5.1 mods * Sun Apr 12 1998 Manuel J. Galan <manolow@step.es> - Several essential modifications to build and install correctly. - Modified 'ndc' to avoid deprecated use of '-' * Mon Dec 22 1997 Scott Lampert <fortunato@heavymetal.org> - Used buildroot - patched bin/named/ns_udp.c to use <libelf/nlist.h> for include on Redhat 5.0 instead of <nlist.h> IMPORTANT Copyright 2022 Oracle, Inc. CVE-2018-5741 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 7 [15:4.2.1-15.el7] - Document CVE-2021-4158 and CVE-2021-3947 as fixed (Mark Kanda) [Orabug: 33719302] [Orabug: 33754145] {CVE-2021-3947} {CVE-2021-4158} - hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196 (Philippe Mathieu-Daude) [Orabug: 32439466] {CVE-2021-20196} - hw/block/fdc: Extract blk_create_empty_drive() (Philippe Mathieu-Daude) [Orabug: 32439466] {CVE-2021-20196} - net: vmxnet3: validate configuration values during activate (CVE-2021-20203) (Prasad J Pandit) [Orabug: 32559476] {CVE-2021-20203} - lan9118: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416} - pcnet: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416} - rtl8139: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416} - tx_pkt: switch to use qemu_receive_packet_iov() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - sungem: switch to use qemu_receive_packet() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - dp8393x: switch to use qemu_receive_packet() for loopback packet (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - e1000: switch to use qemu_receive_packet() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - net: introduce qemu_receive_packet() (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - target/i386: Populate x86_ext_save_areas offsets using cpuid where possible (David Edmondson) - target/i386: Observe XSAVE state area offsets (David Edmondson) - target/i386: Make x86_ext_save_areas visible outside cpu.c (David Edmondson) - target/i386: Pass buffer and length to XSAVE helper (David Edmondson) - target/i386: Clarify the padding requirements of X86XSaveArea (David Edmondson) - target/i386: Consolidate the X86XSaveArea offset checks (David Edmondson) - target/i386: Declare constants for XSAVE offsets (David Edmondson) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-20203 CVE-2021-20196 CVE-2021-3947 CVE-2021-3416 CVE-2021-4158 cpe:/a:oracle:linux:7::developer_kvm_utils cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:linux:7::kvm_utils cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.302.7.2.3] - cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33832574] {CVE-2022-0492} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0492 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.302.7.2.3] - cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33832574] {CVE-2022-0492} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0492 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.304.4.1] - Revert rds/ib: Kernel upgrade to rds_ib_conns info displayed by rds-info (Rohit Nair) [Orabug: 33832625] - cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33832582] {CVE-2022-0492} [5.4.17-2136.304.4] - scsi: libiscsi: Fix iscsi_task use after free() (Mike Christie) [Orabug: 33794250] - scsi: libiscsi: Drop taskqueuelock (Mike Christie) [Orabug: 33794250] - ib/core: add SET_DEVICE_OP call for clear_hw_stats() (Qing Huang) [Orabug: 33495339] - KVM: SVM: Dont intercept #GP for SEV guests (Sean Christopherson) [Orabug: 33446920] - Revert KVM: SVM: avoid infinite loop on NPF from bad address (Sean Christopherson) [Orabug: 33446920] - KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests (Sean Christopherson) [Orabug: 33446920] - rds/ib: Kernel upgrade to rds_ib_conns info displayed by rds-info (Rohit Nair) [Orabug: 33660929] - tee: handle lookup of shm with reference count 0 (Jens Wiklander) [Orabug: 33739582] {CVE-2021-44733} - smp: always continue to process IRQ work (Stephen Brennan) [Orabug: 33802464] [5.4.17-2136.304.3] - vfs: fs_context: fix up param length parsing in legacy_parse_param (Jamie Hill-Daniel) [Orabug: 33766454] {CVE-2022-0185} - LTS tag: v5.4.161 (Sherry Yang) - erofs: fix unsafe pagevec reuse of hooked pclusters (Gao Xiang) - erofs: remove the occupied parameter from z_erofs_pagevec_enqueue() (Yue Hu) - PCI: Add MSI masking quirk for Nvidia ION AHCI (Marc Zyngier) - PCI/MSI: Deal with devices lying about their MSI mask capability (Marc Zyngier) - PCI/MSI: Destroy sysfs before freeing entries (Thomas Gleixner) - parisc/entry: fix trace test in syscall exit path (Sven Schnelle) - fortify: Explicitly disable Clang support (Kees Cook) - scsi: ufs: Fix tm request when non-fatal error happens (Jaegeuk Kim) - ext4: fix lazy initialization next schedule time computation in more granular unit (Shaoying Xu) - MIPS: Fix assembly error from MIPSr2 code used within MIPS_ISA_ARCH_LEVEL (Maciej W. Rozycki) - scsi: ufs: Fix interrupt error message for shared interrupts (Adrian Hunter) - soc/tegra: pmc: Fix imbalanced clock disabling in error code path (Dmitry Osipenko) - LTS tag: v5.4.160 (Sherry Yang) [Orabug: 33536399] - selftests/bpf: Fix also no-alu32 strobemeta selftest (Andrii Nakryiko) - ath10k: fix invalid dma_addr_t token assignment (Arnd Bergmann) - SUNRPC: Partial revert of commit 6f9f17287e78 (Trond Myklebust) - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (Pali Rohar) - powerpc/powernv/prd: Unregister OPAL_MSG_PRD2 notifier during module unload (Vasant Hegde) - s390/cio: make ccw_device_dma_* more robust (Halil Pasic) - s390/tape: fix timer initialization in tape_std_assign() (Sven Schnelle) - s390/cio: check the subchannel validity for dev_busid (Vineeth Vijayan) - video: backlight: Drop maximum brightness override for brightness zero (Marek Vasut) - mm, oom: do not trigger out_of_memory from the #PF (Michal Hocko) - mm, oom: pagefault_out_of_memory: dont force global OOM for dying tasks (Vasily Averin) - powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC (Naveen N. Rao) - powerpc/security: Add a helper to query stf_barrier type (Naveen N. Rao) - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (Naveen N. Rao) - powerpc/bpf: Validate branch ranges (Naveen N. Rao) - powerpc/lib: Add helper to check if offset is within conditional branch range (Naveen N. Rao) - ovl: fix deadlock in splice write (Miklos Szeredi) - 9p/net: fix missing error check in p9_check_errors (Dominique Martinet) - net, neigh: Enable state migration between NUD_PERMANENT and NTF_USE (Daniel Borkmann) - f2fs: should use GFP_NOFS for directory inodes (Jaegeuk Kim) - irqchip/sifive-plic: Fixup EOI failed when masked (Guo Ren) - parisc: Fix set_fixmap() on PA1.x CPUs (Helge Deller) - parisc: Fix backtrace to always include init funtion names (Helge Deller) - ARM: 9156/1: drop cc-option fallbacks for architecture selection (Arnd Bergmann) - ARM: 9155/1: fix early early_iounmap() (Michal Miroslaw) - selftests/net: udpgso_bench_rx: fix port argument (Willem de Bruijn) - cxgb4: fix eeprom len when diagnostics not implemented (Rahul Lakkireddy) - net/smc: fix sk_refcnt underflow on linkdown and fallback (Dust Li) - vsock: prevent unnecessary refcnt inc for nonblocking connect (Eiichi Tsukata) - net: hns3: allow configure ETS bandwidth of all TCs (Guangbin Huang) - net/sched: sch_taprio: fix undefined behavior in ktime_mono_to_any (Eric Dumazet) - bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding (John Fastabend) - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (Arnd Bergmann) - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails (Chengfeng Ye) - llc: fix out-of-bound array index in llc_sk_dev_hash() (Eric Dumazet) - perf bpf: Add missing free to bpf_event__print_bpf_prog_info() (Ian Rogers) - zram: off by one in read_block_state() (Dan Carpenter) - mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() (Miaohe Lin) - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (Huang Guobin) - ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses (Hans de Goede) - net: vlan: fix a UAF in vlan_dev_real_dev() (Ziyang Xuan) - net: davinci_emac: Fix interrupt pacing disable (Maxim Kiselev) - xen-pciback: Fix return in pm_ctrl_init() (YueHaibing) - i2c: xlr: Fix a resource leak in the error handling path of xlr_i2c_probe() (Christophe JAILLET) - NFSv4: Fix a regression in nfs_set_open_stateid_locked() (Trond Myklebust) - scsi: qla2xxx: Turn off target reset during issue_lip (Quinn Tran) - scsi: qla2xxx: Fix gnl list corruption (Quinn Tran) - ar7: fix kernel builds for compiler test (Jackie Liu) - watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT (Ahmad Fatoum) - m68k: set a default value for MEMORY_RESERVE (Randy Dunlap) - signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL) (Eric W. Biederman) - dmaengine: dmaengine_desc_callback_valid(): Check for callback_result (Lars-Peter Clausen) - netfilter: nfnetlink_queue: fix OOB when mac header was cleared (Florian Westphal) - soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read (Robert-Ionut Alexa) - auxdisplay: ht16k33: Fix frame buffer device blanking (Geert Uytterhoeven) - auxdisplay: ht16k33: Connect backlight to fbdev (Geert Uytterhoeven) - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (Geert Uytterhoeven) - dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (Claudiu Beznea) - mtd: core: dont remove debugfs directory if device is in use (Zev Weiss) - mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() (Evgeny Novikov) - fs: orangefs: fix error return code of orangefs_revalidate_lookup() (Jia-Ju Bai) - NFS: Fix deadlocks in nfs_scan_commit_list() (Trond Myklebust) - opp: Fix return in _opp_add_static_v2() (YueHaibing) - PCI: aardvark: Fix preserving PCI_EXP_RTCTL_CRSSVE flag on emulated bridge (Pali Rohar) - PCI: aardvark: Dont spam about PIO Response Status (Marek Behun) - drm/plane-helper: fix uninitialized variable reference (Alex Xu (Hello71)) - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (Baptiste Lepers) - rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined (Arnaud Pouliquen) - apparmor: fix error check (Tom Rix) - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (Hans de Goede) - mips: cm: Convert to bitfield API to fix out-of-bounds access (Geert Uytterhoeven) - powerpc/44x/fsp2: add missing of_node_put (Bixuan Cui) - HID: u2fzero: properly handle timeouts in usb_submit_urb (Andrej Shadura) - HID: u2fzero: clarify error check and length calculations (Andrej Shadura) - serial: xilinx_uartps: Fix race condition causing stuck TX (Anssi Hannula) - phy: qcom-qusb2: Fix a memory leak on probe (Vladimir Zapolskiy) - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (Richard Fitzgerald) - ASoC: cs42l42: Correct some register default values (Richard Fitzgerald) - ARM: dts: stm32: fix SAI sub nodes register range (Olivier Moysan) - staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC (Vegard Nossum) - RDMA/mlx4: Return missed an error if device doesnt support steering (Leon Romanovsky) - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (Dan Carpenter) - power: supply: rt5033_battery: Change voltage values to uV (Jakob Hauser) - usb: gadget: hid: fix error code in do_config() (Dan Carpenter) - serial: 8250_dw: Drop wrong use of ACPI_PTR() (Andy Shevchenko) - video: fbdev: chipsfb: use memset_io() instead of memset() (Christophe Leroy) - clk: at91: check pmc node status before registering syscore ops (Clement Leger) - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (Dongliang Mu) - soc/tegra: Fix an error handling path in tegra_powergate_power_up() (Christophe JAILLET) - arm: dts: omap3-gta04a4: accelerometer irq fix (Andreas Kemnade) - ALSA: hda: Reduce udelay() at SKL+ position reporting (Takashi Iwai) - JFS: fix memleak in jfs_mount (Dongliang Mu) - MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT (Jackie Liu) - scsi: dc395: Fix error case unwinding (Tong Zhang) - ARM: dts: at91: tse850: the emac<->phy interface is rmii (Peter Rosin) - arm64: dts: meson-g12a: Fix the pwm regulator supply properties (Anand Moon) - RDMA/bnxt_re: Fix query SRQ failure (Selvin Xavier) - ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY (Marijn Suijten) - arm64: dts: rockchip: Fix GPU register width for RK3328 (Alex Bee) - ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (Jackie Liu) - clk: mvebu: ap-cpu-clk: Fix a memory leak in error handling paths (Christophe JAILLET) - RDMA/rxe: Fix wrong port_cap_flags (Junji Wei) - ibmvnic: Process crqs after enabling interrupts (Sukadev Bhattiprolu) - ibmvnic: dont stop queue in xmit (Sukadev Bhattiprolu) - udp6: allow SO_MARK ctrl msg to affect routing (Jakub Kicinski) - selftests/bpf: Fix fclose/pclose mismatch in test_progs (Andrea Righi) - crypto: pcrypt - Delay write to padata->info (Daniel Jordan) - net: phylink: avoid mvneta warning when setting pause parameters (Russell King (Oracle)) - net: amd-xgbe: Toggle PLL settings during rate change (Shyam Sundar S K) - drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits (Alex Deucher) - wcn36xx: add proper DMA memory barriers in rx path (Benjamin Li) - libertas: Fix possible memory leak in probe and disconnect (Wang Hai) - libertas_tf: Fix possible memory leak in probe and disconnect (Wang Hai) - KVM: s390: Fix handle_sske page fault handling (Janis Schoetterl-Glausch) - samples/kretprobes: Fix return value if register_kretprobe() failed (Tiezhu Yang) - tcp: dont free a FIN sk_buff in tcp_remove_empty_skb() (Jon Maxwell) - irq: mips: avoid nested irq_enter() (Mark Rutland) - s390/gmap: dont unconditionally call pte_unmap_unlock() in __gmap_zap() (David Hildenbrand) - libbpf: Fix BTF data layout checks and allow empty BTF (Andrii Nakryiko) - smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi (Tetsuo Handa) - drm/msm: Fix potential NULL dereference in DPU SSPP (Jessica Zhang) - clocksource/drivers/timer-ti-dm: Select TIMER_OF (Kees Cook) - PM: hibernate: fix sparse warnings (Anders Roxell) - nvme-rdma: fix error code in nvme_rdma_setup_ctrl (Max Gurtovoy) - phy: micrel: ksz8041nl: do not use power down mode (Stefan Agner) - mwifiex: Send DELBA requests according to spec (Jonas Drenler) - rsi: stop thread firstly in rsi_91x_init() error handling (Ziyang Xuan) - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (Lorenzo Bianconi) - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (Nathan Chancellor) - block: ataflop: fix breakage introduced at blk-mq refactoring (Michael Schmitz) - mmc: mxs-mmc: disable regulator on error and in the remove function (Christophe JAILLET) - net: stream: dont purge sk_error_queue in sk_stream_kill_queues() (Jakub Kicinski) - drm/msm: uninitialized variable in msm_gem_import() (Dan Carpenter) - ath10k: fix max antenna gain unit (Sven Eckelmann) - hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (Zev Weiss) - hwmon: Fix possible memleak in __hwmon_device_register() (Yang Yingliang) - net, neigh: Fix NTF_EXT_LEARNED in combination with NTF_USE (Daniel Borkmann) - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (Dan Carpenter) - memstick: avoid out-of-range warning (Arnd Bergmann) - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (Tony Lindgren) - b43: fix a lower bounds test (Dan Carpenter) - b43legacy: fix a lower bounds test (Dan Carpenter) - hwrng: mtk - Force runtime pm ops for sleep ops (Markus Schneider-Pargmann) - crypto: qat - disregard spurious PFVF interrupts (Giovanni Cabiddu) - crypto: qat - detect PFVF collision after ACK (Giovanni Cabiddu) - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (Evgeny Novikov) - netfilter: nft_dynset: relax superfluous check on set updates (Pablo Neira Ayuso) - EDAC/amd64: Handle three rank interleaving mode (Yazen Ghannam) - ath9k: Fix potential interrupt storm on queue reset (Linus Lussing) - media: em28xx: Dont use ops->suspend if it is NULL (Colin Ian King) - cpuidle: Fix kobject memory leaks in error paths (Anel Orazgaliyeva) - crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (Arnd Bergmann) - kprobes: Do not use local variable when creating debugfs file (Punit Agrawal) - media: cx23885: Fix snd_card_free call on null card pointer (Colin Ian King) - media: tm6000: Avoid card name truncation (Kees Cook) - media: si470x: Avoid card name truncation (Kees Cook) - media: radio-wl1273: Avoid card name truncation (Kees Cook) - media: mtk-vpu: Fix a resource leak in the error handling path of mtk_vpu_probe() (Christophe JAILLET) - media: TDA1997x: handle short reads of hdmi info frame. (Tom Rix) - media: dvb-usb: fix ununit-value in az6027_rc_query (Pavel Skripkin) - media: cxd2880-spi: Fix a null pointer dereference on error handling path (Colin Ian King) - media: em28xx: add missing em28xx_close_extension (Pavel Skripkin) - drm/amdgpu: fix warning for overflow check (Arnd Bergmann) - ath10k: Fix missing frame timestamp for beacon/probe-resp (Loic Poulain) - net: dsa: rtl8366rb: Fix off-by-one bug (Linus Walleij) - rxrpc: Fix _usecs_to_jiffies() by using usecs_to_jiffies() (Jiasheng Jiang) - crypto: caam - disable pkc for non-E SoCs (Michael Walle) - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (Dinghao Liu) - wilc1000: fix possible memory leak in cfg_scan_result() (Ajay Singh) - cgroup: Make rebind_subsystems() disable v2 controllers all at once (Waiman Long) - net: net_namespace: Fix undefined member in key_remove_domain() (Yajun Deng) - virtio-gpu: fix possible memory allocation failure (liuyuntao) - drm/v3d: fix wait for TMU write combiner flush (Iago Toral Quiroga) - rcu: Fix existing exp request check in sync_sched_exp_online_cleanup() (Neeraj Upadhyay) - Bluetooth: fix init and cleanup of sco_conn.timeout_work (Desmond Cheong Zhi Xi) - selftests/bpf: Fix strobemeta selftest regression (Andrii Nakryiko) - netfilter: conntrack: set on IPS_ASSURED if flows enters internal stream state (Pablo Neira Ayuso) - parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling (Sven Schnelle) - parisc/unwind: fix unwinder when CONFIG_64BIT is enabled (Sven Schnelle) - task_stack: Fix end_of_stack() for architectures with upwards-growing stack (Helge Deller) - parisc: fix warning in flush_tlb_all (Sven Schnelle) - x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted (Vitaly Kuznetsov) - spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (Yang Yingliang) - btrfs: do not take the uuid_mutex in btrfs_rm_device (Josef Bacik) - net: annotate data-race in neigh_output() (Eric Dumazet) - vrf: run conntrack only in context of lower/physdev for locally generated packets (Florian Westphal) - ARM: 9136/1: ARMv7-M uses BE-8, not BE-32 (Arnd Bergmann) - gre/sit: Dont generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE (Stephen Suryaputra) - ARM: clang: Do not rely on lr register for stacktrace (Masami Hiramatsu) - smackfs: use __GFP_NOFAIL for smk_cipso_doi() (Tetsuo Handa) - iwlwifi: mvm: disable RX-diversity in powersave (Johannes Berg) - selftests: kvm: fix mismatched fclose() after popen() (Shuah Khan) - PM: hibernate: Get block device exclusively in swsusp_check() (Ye Bin) - nvme: drop scan_lock and always kick requeue list when removing namespaces (Hannes Reinecke) - nvmet-tcp: fix use-after-free when a port is removed (Israel Rukshin) - nvmet: fix use-after-free when a port is removed (Israel Rukshin) - block: remove inaccurate requeue check (Jens Axboe) - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (Zheyu Ma) - tracing/cfi: Fix cmp_entries_* functions signature mismatch (Kalesh Singh) - workqueue: make sysfs of unbound kworker cpumask more clever (Menglong Dong) - lib/xz: Validate the value before assigning it to an enum variable (Lasse Collin) - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (Lasse Collin) - memstick: r592: Fix a UAF bug when removing the driver (Zheyu Ma) - leaking_addresses: Always print a trailing newline (Kees Cook) - ACPI: battery: Accept charges over the design capacity as full (Andre Almeida) - iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value (Andreas Gruenbacher) - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (Tuo Li) - tracefs: Have tracefs directories not set OTH permission bits by default (Steven Rostedt (VMware)) - net-sysfs: try not to restart the syscall if it will fail eventually (Antoine Tenart) - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (Anant Thazhemadam) - media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (Ricardo Ribalda) - media: ipu3-imgu: imgu_fmt: Handle properly try (Ricardo Ribalda) - ACPICA: Avoid evaluating methods too early during system resume (Rafael J. Wysocki) - ipmi: Disable some operations during a panic (Corey Minyard) - media: rcar-csi2: Add checking to rcsi2_start_receiver() (Nadezda Lutovinova) - brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet (Hans de Goede) - ia64: dont do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK (Randy Dunlap) - media: mceusb: return without resubmitting URB in case of -EPROTO error. (Rajat Asthana) - media: imx: set a media_device bus_info string (Martin Kepplinger) - media: s5p-mfc: Add checking to s5p_mfc_probe(). (Nadezda Lutovinova) - media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (Tuo Li) - media: uvcvideo: Set unique vdev name based in type (Ricardo Ribalda) - media: uvcvideo: Return -EIO for control errors (Ricardo Ribalda) - media: uvcvideo: Set capability in s_param (Ricardo Ribalda) - media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() (Dmitriy Ulitin) - media: netup_unidvb: handle interrupt properly according to the firmware (Zheyu Ma) - media: mt9p031: Fix corrupted frame after restarting stream (Dirk Bender) - ath10k: high latency fixes for beacon buffer (Alagu Sankar) - mwifiex: Properly initialize private structure on interface type changes (Jonas Drebler) - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (Jonas Drebler) - x86: Increase exception stack sizes (Peter Zijlstra) - smackfs: Fix use-after-free in netlbl_catmap_walk() (Pawan Gupta) - locking/lockdep: Avoid RCU-induced noinstr fail (Peter Zijlstra) - MIPS: lantiq: dma: reset correct number of channel (Aleksander Jan Bajkowski) - MIPS: lantiq: dma: add small delay after reset (Aleksander Jan Bajkowski) - platform/x86: wmi: do not fail if disabling fails (Barnabas Pocze) - drm/panel-orientation-quirks: add Valve Steam Deck (Simon Ser) - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (Takashi Iwai) {CVE-2021-3640} - drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 (Hans de Goede) - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 (Hans de Goede) - drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) (Hans de Goede) - dma-buf: WARN on dmabuf release with pending attachments (Charan Teja Reddy) - USB: chipidea: fix interrupt deadlock (Johan Hovold) - USB: iowarrior: fix control-message timeouts (Johan Hovold) - USB: serial: keyspan: fix memleak on probe errors (Wang Hai) - iio: dac: ad5446: Fix ad5622_write() return value (Pekka Korpinen) - pinctrl: core: fix possible memory leak in pinctrl_enable() (Yang Yingliang) - quota: correct error number in free_dqentry() (Zhang Yi) - quota: check block number when reading the block in quota file (Zhang Yi) - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (Marek Behun) - PCI: aardvark: Fix return value of MSI domain .alloc() method (Marek Behun) - PCI: aardvark: Fix reporting Data Link Layer Link Active (Pali Rohar) - PCI: aardvark: Do not unmask unused interrupts (Pali Rohar) - PCI: aardvark: Fix checking for link up via LTSSM state (Pali Rohar) - PCI: aardvark: Do not clear status bits of masked interrupts (Pali Rohar) - PCI: pci-bridge-emul: Fix emulation of W1C bits (Marek Behun) - xen/balloon: add late_initcall_sync() for initial ballooning done (Juergen Gross) - ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume (Pavel Skripkin) - ALSA: mixer: oss: Fix racy access to slots (Takashi Iwai) - serial: core: Fix initializing and restoring termios speed (Pali Rohar) - powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found (Xiaoming Ni) - can: j1939: j1939_can_recv(): ignore messages with invalid source address (Zhang Changzhong) - can: j1939: j1939_tp_cmd_recv(): ignore abort message in the BAM transport (Zhang Changzhong) - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (Sean Christopherson) - power: supply: max17042_battery: use VFSOC for capacity when no rsns (Henrik Grimler) - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (Sebastian Krzyszkowiak) - signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT (Eric W. Biederman) - signal: Remove the bogus sigkill_pending in ptrace_stop (Eric W. Biederman) - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (Alok Prasad) - rsi: Fix module dev_oper_mode parameter description (Marek Vasut) - rsi: fix rate mask set leading to P2P failure (Martin Fuzzey) - rsi: fix key enabled check causing unwanted encryption for vap_id > 0 (Martin Fuzzey) - rsi: fix occasional initialisation failure with BT coex (Martin Fuzzey) - wcn36xx: handle connection loss indication (Benjamin Li) - libata: fix checking of DMA state (Reimar Doffinger) - mwifiex: Read a PCI register after writing the TX ring write pointer (Jonas Drebler) - wcn36xx: Fix HT40 capability for 2Ghz band (Loic Poulain) - evm: mark evm_fixmode as __ro_after_init (Austin Kim) - rtl8187: fix control-message timeouts (Johan Hovold) - PCI: Mark Atheros QCA6174 to avoid bus reset (Ingmar Klein) - ath10k: fix division by zero in send path (Johan Hovold) - ath10k: fix control-message timeout (Johan Hovold) - ath6kl: fix control-message timeout (Johan Hovold) - ath6kl: fix division by zero in send path (Johan Hovold) - mwifiex: fix division by zero in fw download path (Johan Hovold) - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (Eric Badger) - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (Krzysztof Kozlowski) - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (Krzysztof Kozlowski) - hwmon: (pmbus/lm25066) Add offset coefficients (Zev Weiss) - ia64: kprobes: Fix to pass correct trampoline address to the handler (Masami Hiramatsu) - btrfs: call btrfs_check_rw_degradable only if there is a missing device (Anand Jain) - btrfs: fix lost error handling when replaying directory deletes (Filipe Manana) - btrfs: clear MISSING device status bit in btrfs_close_one_device (Li Zhang) - net/smc: Correct spelling mistake to TCPF_SYN_RECV (Wen Gu) - nfp: bpf: relax prog rejection for mtu check through max_pkt_offset (Yu Xiao) - vmxnet3: do not stop tx queues after netif_device_detach() (Dongli Zhang) - r8169: Add device 10ec:8162 to driver r8169 (Janghyub Seo) - nvmet-tcp: fix header digest verification (Amit Engel) - drm: panel-orientation-quirks: Add quirk for GPD Win3 (Mario) - watchdog: Fix OMAP watchdog early handling (Walter Stoll) - net: multicast: calculate csum of looped-back and forwarded packets (Cyril Strejc) - spi: spl022: fix Microwire full duplex mode (Thomas Perrot) - nvmet-tcp: fix a memory leak when releasing a queue (Maurizio Lombardi) - bpf: Prevent increasing bpf_jit_limit above max (Lorenz Bauer) - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 (Bryant Mairs) - mmc: winbond: dont build on M68K (Randy Dunlap) - reset: socfpga: add empty driver allowing consumers to probe (Pawel Anikiel) - ARM: dts: sun7i: A20-olinuxino-lime2: Fix ethernet phy-mode (Bastien Roucaries) - hyperv/vmbus: include linux/bitops.h (Arnd Bergmann) - sfc: Dont use netif_info before net_device setup (Erik Ekman) - cavium: Fix return values of the probe function (Zheyu Ma) - scsi: qla2xxx: Fix unmap of already freed sgl (Dmitry Bogdanov) - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (Zheyu Ma) - cavium: Return negative value when pci_alloc_irq_vectors() fails (Zheyu Ma) - x86/irq: Ensure PI wakeup handler is unregistered before module unload (Sean Christopherson) - x86/cpu: Fix migration safety with X86_BUG_NULL_SEL (Jane Malalane) - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (Tom Lendacky) - fuse: fix page stealing (Miklos Szeredi) - ALSA: timer: Unconditionally unlink slave instances, too (Takashi Iwai) - ALSA: timer: Fix use-after-free problem (Wang Wensheng) - ALSA: synth: missing check for possible NULL after the call to kstrdup (Austin Kim) - ALSA: usb-audio: Add registration quirk for JBL Quantum 400 (Alexander Tsoy) - ALSA: line6: fix control and interrupt message timeouts (Johan Hovold) - ALSA: 6fire: fix control and bulk message timeouts (Johan Hovold) - ALSA: ua101: fix division by zero at probe (Johan Hovold) - ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED (Kai-Heng Feng) - ALSA: hda/realtek: Add quirk for ASUS UX550VE (Takashi Iwai) - ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N (Jaroslav Kysela) - ALSA: hda/realtek: Add quirk for Clevo PC70HS (Tim Crawford) - media: v4l2-ioctl: Fix check_ext_ctrls (Ricardo Ribalda) - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (Sean Young) - media: ite-cir: IR receiver stop working after receive overflow (Sean Young) - crypto: s5p-sss - Add error handling in s5p_aes_probe() (Tang Bin) - firmware/psci: fix application of sizeof to pointer (jing yangyang) - tpm: Check for integer overflow in tpm2_map_response_body() (Dan Carpenter) - parisc: Fix ptrace check on syscall return (Helge Deller) - mmc: dw_mmc: Dont wait for DRTO on Write RSP error (Christian Lohle) - scsi: qla2xxx: Fix use after free in eh_abort path (Quinn Tran) - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (Arun Easi) - libata: fix read log timeout value (Damien Le Moal) - Input: i8042 - Add quirk for Fujitsu Lifebook T725 (Takashi Iwai) - Input: elantench - fix misreporting trackpoint coordinates (Phoenix Huang) - Input: iforce - fix control-message timeout (Johan Hovold) - binder: use cred instead of task for getsecid (Todd Kjos) - binder: use cred instead of task for selinux checks (Todd Kjos) - binder: use euid from cred instead of using task (Todd Kjos) - usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform (Nehal Bakulchandra Shah) - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (Mathias Nyman) - LTS tag: v5.4.159 (Sherry Yang) - rsi: fix control-message timeout (Johan Hovold) - media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (Gustavo A. R. Silva) - staging: rtl8192u: fix control-message timeouts (Johan Hovold) - staging: r8712u: fix control-message timeout (Johan Hovold) - comedi: vmk80xx: fix bulk and interrupt message timeouts (Johan Hovold) - comedi: vmk80xx: fix bulk-buffer overflow (Johan Hovold) - comedi: vmk80xx: fix transfer-buffer overflows (Johan Hovold) - comedi: ni_usb6501: fix NULL-deref in command paths (Johan Hovold) - comedi: dt9812: fix DMA buffers on stack (Johan Hovold) - isofs: Fix out of bound access for corrupted isofs image (Jan Kara) - printk/console: Allow to disable console output by using console= or console=null (Petr Mladek) - binder: dont detect sender/target during buffer cleanup (Todd Kjos) - usb-storage: Add compatibility quirk flags for iODD 2531/2541 (James Buren) - usb: musb: Balance list entry in musb_gadget_queue (Viraj Shah) - usb: gadget: Mark USB_FSL_QE broken on 64-bit (Geert Uytterhoeven) - usb: ehci: handshake CMD_RUN instead of STS_HALT (Neal Liu) - Revert x86/kvm: fix vcpu-id indexed array sizes (Juergen Gross) - LTS tag: v5.4.158 (Sherry Yang) - ARM: 9120/1: Revert amba: make use of -1 IRQs warn (Wang Kefeng) - Revert drm/ttm: fix memleak in ttm_transfered_destroy (Greg Kroah-Hartman) - sfc: Fix reading non-legacy supported link modes (Erik Ekman) - Revert usb: core: hcd: Add support for deferring roothub registration (Greg Kroah-Hartman) - Revert xhci: Set HCD flag to defer primary roothub registration (Greg Kroah-Hartman) - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (Dan Carpenter) - net: ethernet: microchip: lan743x: Fix skb allocation failure (Yuiko Oshino) - vrf: Revert Reset skb conntrack connection... (Eugene Crosser) - scsi: core: Put LLD module refcnt after SCSI device is released (Ming Lei) - LTS tag: v5.4.157 (Sherry Yang) - perf script: Check session->header.env.arch before using it (Song Liu) - KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (Halil Pasic) - KVM: s390: clear kicked_mask before sleeping again (Halil Pasic) - cfg80211: correct bridge/4addr mode check (Janusz Dziedzic) - net: use netif_is_bridge_port() to check for IFF_BRIDGE_PORT (Julian Wiedmann) - sctp: add vtag check in sctp_sf_ootb (Xin Long) - sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (Xin Long) - sctp: add vtag check in sctp_sf_violation (Xin Long) - sctp: fix the processing for COOKIE_ECHO chunk (Xin Long) - sctp: fix the processing for INIT_ACK chunk (Xin Long) - sctp: use init_tag from inithdr for ABORT chunk (Xin Long) - phy: phy_start_aneg: Add an unlocked version (Andrew Lunn) - phy: phy_ethtool_ksettings_get: Lock the phy for consistency (Andrew Lunn) - net/tls: Fix flipped sign in async_wait.err assignment (Daniel Jordan) - net: nxp: lpc_eth.c: avoid hang when bringing interface down (Trevor Woerner) - net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent (Yuiko Oshino) - net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails (Yuiko Oshino) - nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST (Guenter Roeck) - RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (Mark Zhang) - net: Prevent infinite while loop in skb_tx_hash() (Michael Chan) - net: batman-adv: fix error handling (Pavel Skripkin) - regmap: Fix possible double-free in regcache_rbtree_exit() (Yang Yingliang) - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (Clement Besch) - RDMA/mlx5: Set user priority for DCT (Patrisious Haddad) - nvme-tcp: fix data digest pointer calculation (Varun Prakash) - nvmet-tcp: fix data digest pointer calculation (Varun Prakash) - IB/hfi1: Fix abba locking issue with sc_disable() (Mike Marciniszyn) - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (Mike Marciniszyn) - tcp_bpf: Fix one concurrency problem in the tcp_bpf_send_verdict function (Liu Jian) - drm/ttm: fix memleak in ttm_transfered_destroy (Christian Konig) - net: lan78xx: fix division by zero in send path (Johan Hovold) - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (Johannes Berg) - mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit (Haibo Chen) - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (Shawn Guo) - mmc: dw_mmc: exynos: fix the finding clock sample value (Jaehoon Chung) - mmc: cqhci: clear HALT state after CQE enable (Wenbin Mei) - mmc: vub300: fix control-message timeouts (Johan Hovold) - net/tls: Fix flipped sign in tls_err_abort() calls (Daniel Jordan) - Revert net: mdiobus: Fix memory leak in __mdiobus_register (Pavel Skripkin) - nfc: port100: fix using -ERRNO as command type mask (Krzysztof Kozlowski) - ata: sata_mv: Fix the error handling of mv_chip_id() (Zheyu Ma) - Revert pinctrl: bcm: ns: support updated DT binding as syscon subnode (Rafal Milecki) - usbnet: fix error return code in usbnet_probe() (Wang Hai) - usbnet: sanity check for maxpacket (Oliver Neukum) - ipv4: use siphash instead of Jenkins in fnhe_hashfun() (Eric Dumazet) - ipv6: use siphash in rt6_exception_hash() (Eric Dumazet) - powerpc/bpf: Fix BPF_MOD when imm == 1 (Naveen N. Rao) - ARM: 9141/1: only warn about XIP address when not compile testing (Arnd Bergmann) - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (Arnd Bergmann) - ARM: 9134/1: remove duplicate memcpy() definition (Arnd Bergmann) - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (Nick Desaulniers) [5.4.17-2136.304.2] - xfs: only relog deferred intent items if free space in the log gets low (Darrick J. Wong) [Orabug: 33548995] - xfs: expose the log push threshold (Darrick J. Wong) [Orabug: 33548995] - xfs: periodically relog deferred intent items (Darrick J. Wong) [Orabug: 33548995] - xfs: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 33548995] - xfs: change the order in which child and parent defer ops are finished (Darrick J. Wong) [Orabug: 33548995] - hugetlb: remove unnecessary set_page_count in prep_compound_gigantic_page (Mike Kravetz) [Orabug: 33652181] - hugetlb: add hugetlb demote page support (Mike Kravetz) [Orabug: 33652181] - hugetlb: add demote bool to gigantic page routines (Mike Kravetz) [Orabug: 33652181] - hugetlb: add demote hugetlb page sysfs interfaces (Mike Kravetz) [Orabug: 33652181] - hugetlb: before freeing hugetlb page set dtor to appropriate value (Mike Kravetz) [Orabug: 33652181] - hugetlb: drop ref count earlier after page allocation (Mike Kravetz) [Orabug: 33652181] - hugetlb: simplify prep_compound_gigantic_page ref count racing code (Mike Kravetz) [Orabug: 33652181] - hugetlb: address ref count racing in prep_compound_gigantic_page (Mike Kravetz) [Orabug: 33652181] - hugetlb: remove prep_compound_huge_page cleanup (Mike Kravetz) [Orabug: 33652181] - hugetlb: add lockdep_assert_held() calls for hugetlb_lock (Mike Kravetz) [Orabug: 33652181] - Revert Revert net/mlx4_core: Add masking for a few queries on HCA caps (Freddy Carrillo) [Orabug: 33666385] - uek-rpm: configs: disable CONFIG_USB_GADGET (aloktiw) [Orabug: 33730433] - rds: ib: Incorporate the stat counter ib_rdma_flush_mr_pool_avoided in the structure rds_ib_stat_names (Praveen Kumar Kannoju) [Orabug: 33742436] - memcg: fix use-after-free in uncharge_batch (Michal Hocko) [Orabug: 33752722] - xfs: force the log offline when log intent item recovery fails (Darrick J. Wong) [Orabug: 33757272] - xfs: cancel intents immediately if process_intents fails (Darrick J. Wong) [Orabug: 33757272] [5.4.17-2136.304.1] - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33745420] {CVE-2021-4155} - Bluetooth: fix use-after-free error in lock_sock_nested() (Wang ShaoBo) [Orabug: 33406414] {CVE-2021-3752} - x86/mce: Correct the detection of invalid notifier priorities (Zhen Lei) [Orabug: 33427594] - x86/mce/dev-mcelog: Do not update kflags on AMD systems (Smita Koralahalli) [Orabug: 33427594] - x86/MCE/AMD, EDAC/mce_amd: Remove struct smca_hwid.xec_bitmap (Yazen Ghannam) [Orabug: 33427594] - RAS/CEC: Fix cec_init() prototype (Luca Stefani) [Orabug: 33427594] - EDAC/mce_amd: Add new error descriptions for existing types (Yazen Ghannam) [Orabug: 33427594] - x86/mce, EDAC/mce_amd: Print PPIN in machine check records (Smita Koralahalli) [Orabug: 33427594] - x86/mce/dev-mcelog: Fix -Wstringop-truncation warning about strncpy() (Tony Luck) [Orabug: 33427594] - x86/mce: Drop bogus comment about mce.kflags (Tony Luck) [Orabug: 33427594] - EDAC: Drop the EDAC report status checks (Tony Luck) [Orabug: 33427594] - x86/mce: Add mce=print_all option (Tony Luck) [Orabug: 33427594] - x86/mce: Change default MCE logger to check mce->kflags (Tony Luck) [Orabug: 33427594] - x86/mce: Fix all mce notifiers to update the mce->kflags bitmask (Tony Luck) [Orabug: 33427594] - x86/mce: Add a struct mce.kflags field (Tony Luck) [Orabug: 33427594] - x86/mce: Convert the CEC to use the MCE notifier (Tony Luck) [Orabug: 33427594] - x86/mce: Rename first function as early (Tony Luck) [Orabug: 33427594] - x86/mce/amd, edac: Remove report_gart_errors (Borislav Petkov) [Orabug: 33427594] - x86/mce/dev-mcelog: Dynamically allocate space for machine check records (Tony Luck) [Orabug: 33427594] - EDAC/mc: Determine mci pointer from the error descriptor (Robert Richter) [Orabug: 33427594] - EDAC: Store error type in struct edac_raw_error_desc (Robert Richter) [Orabug: 33427594] - x86/mce: Take action on UCNA/Deferred errors again (Jan H. Schonherr) [Orabug: 33427594] - EDAC: Unify the mc_event tracepoint call (Robert Richter) [Orabug: 33427594] - EDAC/ghes: Remove intermediate buffer pvt->detail_location (Robert Richter) [Orabug: 33427594] - xfs: fix an incore inode UAF in xfs_bui_recover (Darrick J. Wong) [Orabug: 33541225] - xfs: clean up xfs_bui_item_recover iget/trans_alloc/ilock ordering (Darrick J. Wong) [Orabug: 33541225] - xfs: clean up bmap intent item recovery checking (Darrick J. Wong) [Orabug: 33541225] - x86/ioremap: Map EFI-reserved memory as encrypted for SEV (Tom Lendacky) [Orabug: 33547490] - efi/mokvar: Reserve the table only if it is in boot services data (Borislav Petkov) [Orabug: 33547490] - efi: mokvar: add missing include of asm/early_ioremap.h (Ard Biesheuvel) [Orabug: 33547490] - efi: mokvar-table: fix some issues in new code (Ard Biesheuvel) [Orabug: 33547490] - efi: Support for MOK variable config table (Lenny Szubowicz) [Orabug: 33547490] - efi: Rename arm-init to efi-init common for all arch (Atish Patra) [Orabug: 33547490] - uek-rpm: Update ol7 locklist with fnic symbols (John Donnelly) [Orabug: 33590906] - uek-rpm: Update ol8 locklist with fnic symbols (John Donnelly) [Orabug: 33590906] - rds_rdma: fix non-determinism when comp_vector is zero (Hakon Bugge) [Orabug: 33616020] - net/mlx4: fix non-determinism when comp_vector is zero (Hakon Bugge) [Orabug: 33616020] - net/mlx5: fix non-determinism when comp_vector is zero (Hakon Bugge) [Orabug: 33616020] - IB/core: Introduce IB_CQ_FORCE_ZERO_CV (Hakon Bugge) [Orabug: 33616020] - Revert net/mlx{4,5}: Fix signed formal parameter (Hakon Bugge) [Orabug: 33616020] - Revert net/mlx{4,5},rds_rdma: fix non-determinism when comp_vector is zero (Hakon Bugge) [Orabug: 33616020] - Revert rds: ib: Fix bug when comp_vector is IB_CQ_FORCE_ZERO_CV (Hakon Bugge) [Orabug: 33616020] - mstflint_access: Update driver code to v4.18.0-1 from Github (Sharath Srinivasan) [Orabug: 33646165] - mstflint_access: Update driver code to v4.17.0-1 from Github (Sharath Srinivasan) [Orabug: 33646165] - Revert io_uring: reinforce cancel on flush during exit (Lee Jones) [Orabug: 33687075] - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (George Kennedy) [Orabug: 33731040] - ocfs2: fix data corruption on truncate (Jan Kara) [Orabug: 33740343] [5.4.17-2136.303.3] - xfs: xfs_defer_capture should absorb remaining transaction reservation (Darrick J. Wong) [Orabug: 33520061] - xfs: xfs_defer_capture should absorb remaining block reservations (Darrick J. Wong) [Orabug: 33520061] - xfs: proper replay of deferred ops queued during log recovery (Darrick J. Wong) [Orabug: 33520061] - xfs: attach inode to dquot in xfs_bui_item_recover (Darrick J. Wong) [Orabug: 33520061] - xfs: log new intent items created as part of finishing recovered intent items (Darrick J. Wong) [Orabug: 33520061] - xfs: spell out the parameter name for ->cancel_item (Christoph Hellwig) [Orabug: 33520061] - xfs: use a xfs_btree_cur for the ->finish_cleanup state (Christoph Hellwig) [Orabug: 33520061] - xfs: turn dfp_done into a xfs_log_item (Christoph Hellwig) [Orabug: 33520061] - xfs: refactor xfs_defer_finish_noroll (Christoph Hellwig) [Orabug: 33520061] - xfs: turn dfp_intent into a xfs_log_item (Christoph Hellwig) [Orabug: 33520061] - xfs: merge the ->diff_items defer op into ->create_intent (Christoph Hellwig) [Orabug: 33520061] - xfs: merge the ->log_item defer op into ->create_intent (Christoph Hellwig) [Orabug: 33520061] - xfs: factor out a xfs_defer_create_intent helper (Christoph Hellwig) [Orabug: 33520061] - sched: Fix Core-wide rq->lock for uninitialized CPUs (Peter Zijlstra) [Orabug: 33568834] - admin-guide/hw-vuln: Rephrase a section of core-scheduling.rst (Fabio M. De Francesco) [Orabug: 33568834] - Documentation: Add usecases, design and interface for core scheduling (Joel Fernandes (Google)) [Orabug: 33568834] - kselftest: Add test for core sched prctl interface (Chris Hyser) [Orabug: 33568834] - sched: prctl() core-scheduling interface (Chris Hyser) [Orabug: 33568834] - sched: Inherit task cookie on fork() (Peter Zijlstra) [Orabug: 33568834] - sched: Trivial core scheduling cookie management (Peter Zijlstra) [Orabug: 33568834] - sched: Migration changes for core scheduling (Aubrey Li) [Orabug: 33568834] - sched: Trivial forced-newidle balancer (Peter Zijlstra) [Orabug: 33568834] - sched/fair: Snapshot the min_vruntime of CPUs on force idle (Joel Fernandes (Google)) [Orabug: 33568834] - sched: Fix priority inversion of cookied task with sibling (Joel Fernandes (Google)) [Orabug: 33568834] - sched/fair: Fix forced idle sibling starvation corner case (Vineeth Pillai) [Orabug: 33568834] - sched: Add core wide task selection and scheduling (Peter Zijlstra) [Orabug: 33568834] - sched: Basic tracking of matching tasks (Peter Zijlstra) [Orabug: 33568834] - sched: Introduce sched_class::pick_task() (Peter Zijlstra) [Orabug: 33568834] - sched: Allow sched_core_put() from atomic context (Peter Zijlstra) [Orabug: 33568834] - sched: Optimize rq_lockp() usage (Peter Zijlstra) [Orabug: 33568834] - sched: Core-wide rq->lock (Peter Zijlstra) [Orabug: 33568834] - sched: Prepare for Core-wide rq->lock (Peter Zijlstra) [Orabug: 33568834] - sched: Wrap rq::lock access (Peter Zijlstra) [Orabug: 33568834] - sched: Provide raw_spin_rq_*lock*() helpers (Peter Zijlstra) [Orabug: 33568834] - sched/fair: Add a few assertions (Peter Zijlstra) [Orabug: 33568834] - sched: Extract the task putting code from pick_next_task() (Chen Yu) [Orabug: 33568834] - rss_stat: add support to detect RSS updates of external mm (Joel Fernandes (Google)) [Orabug: 33568834] - Revert sched: Wrap rq::lock access (Kamalesh Babulal) [Orabug: 33568834] - Revert sched: Introduce sched_class::pick_task() (Kamalesh Babulal) [Orabug: 33568834] - Revert sched: Core-wide rq->lock (Kamalesh Babulal) [Orabug: 33568834] - Revert sched/fair: Add a few assertions (Kamalesh Babulal) [Orabug: 33568834] - Revert sched: Basic tracking of matching tasks (Kamalesh Babulal) [Orabug: 33568834] - Revert sched: Update core scheduler queue when taking cpu online/offline (Kamalesh Babulal) [Orabug: 33568834] - Revert sched: Add core wide task selection and scheduling. (Kamalesh Babulal) [Orabug: 33568834] - Revert sched/fair: wrapper for cfs_rq->min_vruntime (Kamalesh Babulal) [Orabug: 33568834] - Revert sched/fair: core wide vruntime comparison (Kamalesh Babulal) [Orabug: 33568834] - Revert sched: Trivial forced-newidle balancer (Kamalesh Babulal) [Orabug: 33568834] - Revert sched: migration changes for core scheduling (Kamalesh Babulal) [Orabug: 33568834] - Revert sched: cgroup tagging interface for core scheduling (Kamalesh Babulal) [Orabug: 33568834] - Revert sched: Cleanup kABI (Kamalesh Babulal) [Orabug: 33568834] - Revert sched: Enable disabling via CONFIG_SCHED_CORE (Kamalesh Babulal) [Orabug: 33568834] - Revert sched/core: remove undesired trace_printk from core scheduling backport (Kamalesh Babulal) [Orabug: 33568834] - Revert sched/core: cleanup kABI for struct rq (Kamalesh Babulal) [Orabug: 33568834] - RDMA/rxe: Bump up default maximum values used via uverbs (Rao Shoaib) [Orabug: 33615342] - xfs: remove all COW fork extents when remounting readonly (Darrick J. Wong) [Orabug: 33676190] - fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33679803] {CVE-2021-0920} [5.4.17-2136.303.2] - atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait (Zekun Shen) [Orabug: 33594983] {CVE-2021-43975} - RDS/IB: Fix error when trying to unallocate ring buffers (Hans Westgaard Ry) [Orabug: 33620311] - rds/ib: Use both iova and key in free_mr socket call (aru kolappan) [Orabug: 33652503] - sched: Mitigate increased latencies for sysctl_sched_wakeup_granularity. (chris hyser) [Orabug: 33107207] - net/rds: RDS connection shutdown stuck after CQ access violation error (aru kolappan) [Orabug: 33585475] - proc: allow pid_revalidate() during LOOKUP_RCU (Stephen Brennan) [Orabug: 33647511] - selinux: slow_avc_audit has become non-blocking (Al Viro) [Orabug: 33647511] - make dump_common_audit_data() safe to be called from RCU pathwalk (Al Viro) [Orabug: 33647511] - new helper: d_find_alias_rcu() (Al Viro) [Orabug: 33647511] [5.4.17-2136.303.1] - Revert fs: align IOCB_* flags with RWF_* flags (Prasad Singamsetty) [Orabug: 33642850] - ocfs2: fix race between searching chunks and release journal_head from buffer_head (Gautham Ananthakrishna) [Orabug: 33501676] - net: ipv6: Discard next-hop MTU less than minimum link MTU (Georg Kohmann) [Orabug: 33520710] - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (Giovanni Gherdovich) [Orabug: 33542895] - uek-rpm: Add ktime_get_coarse_ts64 to KABI (John Donnelly) [Orabug: 33557973] - EDAC/i10nm: Add detection of memory levels for ICX/SPR servers (Qiuxu Zhuo) [Orabug: 33585319] - EDAC/skx_common: Add new ADXL components for 2-level memory (Qiuxu Zhuo) [Orabug: 33585319] - EDAC, skx_common: Refactor so that we initialize dev in result of adxl decode. (Tony Luck) [Orabug: 33585319] - net/rds: Dont pummel the subnet-manager (Gerd Rausch) [Orabug: 33589566] - rds: ib: Ack seq not always received in monotonic increasing order (Hakon Bugge) [Orabug: 33599862] - rds: ib: Reduce the contention caused by the asynchronous workers to flush the mr pool (Praveen Kumar Kannoju) [Orabug: 33619953] [5.4.17-2136.303.0] - LTS tag: v5.4.156 (Jack Vogel) - pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume() (Fabien Dessenne) - ARM: 9122/1: select HAVE_FUTEX_CMPXCHG (Nick Desaulniers) - tracing: Have all levels of checks prevent recursion (Steven Rostedt (VMware)) - net: mdiobus: Fix memory leak in __mdiobus_register (Yanfei Xu) - Input: snvs_pwrkey - add clk handling (Uwe Kleine-Konig) - ALSA: hda: avoid write to STATESTS if controller is in reset (Kai Vehmanen) - platform/x86: intel_scu_ipc: Update timeout value in comment (Prashant Malani) - isdn: mISDN: Fix sleeping function called from invalid context (Zheyu Ma) - ARM: dts: spear3xx: Fix gmac node (Herve Codina) - net: stmmac: add support for dwmac 3.40a (Herve Codina) - btrfs: deal with errors when checking if a dir entry exists during log replay (Filipe Manana) - gcc-plugins/structleak: add makefile var for disabling structleak (Brendan Higgins) - selftests: netfilter: remove stray bash debug line (Florian Westphal) - netfilter: Kconfig: use default y instead of m for bool config option (Vegard Nossum) - isdn: cpai: check ctr->cnr to avoid array index out of bound (Xiaolong Huang) - nfc: nci: fix the UAF of rf_conn_info object (Lin Ma) - mm, slub: fix potential memoryleak in kmem_cache_open() (Miaohe Lin) - mm, slub: fix mismatch between reconstructed freelist depth and cnt (Miaohe Lin) - powerpc/idle: Dont corrupt back chain when going idle (Michael Ellerman) - KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest (Michael Ellerman) - KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest() (Michael Ellerman) - powerpc64/idle: Fix SP offsets when saving GPRs (Christopher M. Riedl) - audit: fix possible null-pointer dereference in audit_filter_rules (Gaosheng Cui) - ASoC: DAPM: Fix missing kctl change notifications (Takashi Iwai) - ALSA: hda/realtek: Add quirk for Clevo PC50HS (Steven Clarkson) - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (Brendan Grieve) - vfs: check fd has read access in kernel_read_file_from_fd() (Matthew Wilcox (Oracle)) - elfcore: correct reference to CONFIG_UML (Lukas Bulwahn) - ocfs2: mount fails with buffer overflow in strlen (Valentin Vidic) - ocfs2: fix data corruption after conversion from inline format (Jan Kara) - ceph: fix handling of meta errors (Jeff Layton) - can: j1939: j1939_xtp_rx_rts_session_new(): abort TP less than 9 bytes (Zhang Changzhong) - can: j1939: j1939_xtp_rx_dat_one(): cancel session if receive TP.DT with error length (Zhang Changzhong) - can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv (Ziyang Xuan) - can: j1939: j1939_tp_rxtimer(): fix errant alert in j1939_tp_rxtimer (Ziyang Xuan) - can: peak_pci: peak_pci_remove(): fix UAF (Zheyu Ma) - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (Stephane Grosjean) - can: rcar_can: fix suspend/resume (Yoshihiro Shimoda) - net: enetc: fix ethtool counter name for PM0_TERR (Vladimir Oltean) - net: stmmac: Fix E2E delay mechanism (Kurt Kanzenbach) - net: hns3: disable sriov before unload hclge layer (Peng Li) - net: hns3: add limit ets dwrr bandwidth cannot be 0 (Guangbin Huang) - net: hns3: reset DWRR of unused tc to zero (Guangbin Huang) - NIOS2: irqflags: rename a redefined register name (Randy Dunlap) - net: dsa: lantiq_gswip: fix register definition (Aleksander Jan Bajkowski) - lan78xx: select CRC32 (Vegard Nossum) - netfilter: ipvs: make global sysctl readonly in non-init netns (Antoine Tenart) - ASoC: wm8960: Fix clock configuration on slave mode (Shengjiu Wang) - dma-debug: fix sg checks in debug_dma_map_sg() (Gerald Schaefer) - NFSD: Keep existing listeners on portlist error (Benjamin Coddington) - xtensa: xtfpga: Try software restart before simulating CPU reset (Guenter Roeck) - xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF (Max Filippov) - ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default (Eugen Hristev) - tee: optee: Fix missing devices unregister during optee_remove (Sumit Garg) - net: switchdev: do not propagate bridge updates across bridges (Russell King) - parisc: math-emu: Fix fall-through warnings (Helge Deller) - LTS tag: v5.4.155 (Jack Vogel) - ionic: dont remove netdev->dev_addr when syncing uc list (Shannon Nelson) - r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256 (Vegard Nossum) - qed: Fix missing error code in qed_slowpath_start() (chongjiapeng) - mqprio: Correct stats in mqprio_dump_class_stats(). (Sebastian Andrzej Siewior) - acpi/arm64: fix next_platform_timer() section mismatch error (Jackie Liu) - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (Dan Carpenter) - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (Dan Carpenter) - drm/msm: Fix null pointer dereference on pointer edp (Colin Ian King) - drm/panel: olimex-lcd-olinuxino: select CRC32 (Vegard Nossum) - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (Vadim Pasternak) - mlxsw: thermal: Fix out-of-bounds memory accesses (Ido Schimmel) - ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (Wang Hai) - pata_legacy: fix a couple uninitialized variable bugs (Dan Carpenter) - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (Ziyang Xuan) - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (Ziyang Xuan) - nfc: fix error handling of nfc_proto_register() (Ziyang Xuan) - ethernet: s2io: fix setting mac address during resume (Arnd Bergmann) - net: encx24j600: check error in devm_regmap_init_encx24j600 (Nanyong Sun) - net: stmmac: fix get_hw_feature() on old hardware (Herve Codina) - net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (Aya Levin) - net: korina: select CRC32 (Vegard Nossum) - net: arc: select CRC32 (Vegard Nossum) - gpio: pca953x: Improve bias setting (Andy Shevchenko) - iio: dac: ti-dac5571: fix an error code in probe() (Dan Carpenter) - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (Dan Carpenter) - iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (Dan Carpenter) - iio: light: opt3001: Fixed timeout error when 0 lux (Jiri Valek - 2N) - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (Hui Liu) - iio: adc128s052: Fix the error handling path of adc128_probe() (Christophe JAILLET) - iio: adc: aspeed: set driver data when adc probe. (Billy Tsai) - powerpc/xive: Discard disabled interrupts in get_irqchip_state() (Cedric Le Goater) - x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically (Borislav Petkov) - nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells (Stephen Boyd) - EDAC/armada-xp: Fix output of uncorrectable error counter (Hans Potsch) - virtio: write back F_VERSION_1 before validate (Halil Pasic) - USB: serial: option: add prod. id for Quectel EG91 (Tomaz Solc) - USB: serial: option: add Telit LE910Cx composition 0x1204 (Daniele Palmas) - USB: serial: option: add Quectel EC200S-CN module support (Yu-Tung Chang) - USB: serial: qcserial: add EM9191 QDL support (Aleksander Morgado) - Input: xpad - add support for another USB ID of Nacon GC-100 (Michael Cullen) - usb: musb: dsps: Fix the probe error path (Miquel Raynal) - efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() (Zhang Jianhua) - efi/cper: use stack buffer for error record decoding (Ard Biesheuvel) - cb710: avoid NULL pointer subtraction (Arnd Bergmann) - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (Nikolay Martynov) - xhci: Fix command ring pointer corruption while aborting a command (Pavankumar Kondeti) - xhci: guard accesses to ep_state in xhci_endpoint_reset() (Jonathan Bell) - mei: me: add Ice Lake-N device id. (Andy Shevchenko) - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (James Morse) - watchdog: orion: use 0 for unset heartbeat (Chris Packham) - btrfs: check for error when looking up inode during dir entry replay (Filipe Manana) - btrfs: deal with errors when adding inode reference during log replay (Filipe Manana) - btrfs: deal with errors when replaying dir entry during log replay (Filipe Manana) - btrfs: unlock newly allocated extent buffer after error (Qu Wenruo) - csky: Fixup regs.sr broken in ptrace (Guo Ren) - csky: dont let sigreturn play with priveleged bits of status register (Al Viro) - s390: fix strrchr() implementation (Roberto Sassu) - nds32/ftrace: Fix Error: invalid operands (*UND* and *UND* sections) for ^ (Steven Rostedt) - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (Hui Wang) - ALSA: hda/realtek - ALC236 headset MIC recording issue (Kailang Yang) - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (Werner Sembach) - ALSA: hda/realtek: Complete partial device name to avoid ambiguity (Werner Sembach) - ALSA: seq: Fix a potential UAF by wrong private_free call order (Takashi Iwai) - ALSA: usb-audio: Add quirk for VF0770 (Jonas Hahnfeld) - ovl: simplify file splice (Miklos Szeredi) - LTS tag: v5.4.154 (Jack Vogel) - sched: Always inline is_percpu_thread() (Peter Zijlstra) - scsi: virtio_scsi: Fix spelling mistake Unsupport -> Unsupported (Colin Ian King) - scsi: ses: Fix unsigned comparison with less than zero (Jiapeng Chong) - drm/amdgpu: fix gart.bo pin_count leak (Leslie Shi) - net: sun: SUNVNET_COMMON should depend on INET (Randy Dunlap) - mac80211: check return value of rhashtable_init (MichelleJin) - net: prevent user from passing illegal stab size - m68k: Handle arrivals of multiple signals correctly (Al Viro) - mac80211: Drop frames from invalid MAC address in ad-hoc mode (YueHaibing) - netfilter: nf_nat_masquerade: defer conntrack walk to work queue (Florian Westphal) - netfilter: nf_nat_masquerade: make async masq_inet6_event handling generic (Florian Westphal) - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (Joshua-Dickens) - netfilter: ip6_tables: zero-initialize fragment offset (Jeremy Sowden) - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (Mizuho Mori) - ext4: correct the error path of ext4_write_inline_data_end() (Zhang Yi) - net: phy: bcm7xxx: Fixed indirect MMD operations (Florian Fainelli) - LTS tag: v5.4.153 (Jack Vogel) - x86/Kconfig: Correct reference to MWINCHIP3D (Lukas Bulwahn) - x86/hpet: Use another crystalball to evaluate HPET usability (Thomas Gleixner) - x86/platform/olpc: Correct ifdef symbol to intended CONFIG_OLPC_XO15_SCI (Lukas Bulwahn) - RISC-V: Include clone3() on rv32 (Palmer Dabbelt) - bpf, s390: Fix potential memory leak about jit_data (Tiezhu Yang) - i2c: acpi: fix resource leak in reconfiguration device addition (Jamie Iles) - net: prefer socket bound to interface when not in VRF (Mike Manning) - i40e: Fix freeing of uninitialized misc IRQ vector (Sylwester Dziedziuch) - i40e: fix endless loop under rtnl (Jiri Benc) - gve: fix gve_get_stats() (Eric Dumazet) - rtnetlink: fix if_nlmsg_stats_size() under estimation (Eric Dumazet) - gve: Correct available tx qpl check (Catherine Sullivan) - drm/nouveau/debugfs: fix file release memory leak (Yang Yingliang) - video: fbdev: gbefb: Only instantiate device when built for IP32 (Mark Brown) - bus: ti-sysc: Use CLKDM_NOAUTO for dra7 dcan1 for errata i893 (Tony Lindgren) - netlink: annotate data races around nlk->bound (Eric Dumazet) - net: sfp: Fix typo in state machine debug string (Sean Anderson) - net/sched: sch_taprio: properly cancel timer from taprio_destroy() (Eric Dumazet) - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (Eric Dumazet) - ARM: imx6: disable the GIC CPU interface before calling stby-poweroff sequence (Oleksij Rempel) - arm64: dts: ls1028a: add missing CAN nodes (Michael Walle) - arm64: dts: freescale: Fix SP805 clock-names (Andre Przywara) - ptp_pch: Load module automatically if ID matches (Andy Shevchenko) - powerpc/fsl/dts: Fix phy-connection-type for fm1mac3 (Pali Rohar) - net_sched: fix NULL deref in fifo_set_limit() (Eric Dumazet) - phy: mdio: fix memory leak (Pavel Skripkin) - bpf, arm: Fix register clobbering in div/mod implementation (Johan Almbladh) - xtensa: call irqchip_init only when CONFIG_USE_OF is selected (Max Filippov) - xtensa: use CONFIG_USE_OF instead of CONFIG_OF (Randy Dunlap) - xtensa: move XCHAL_KIO_* definitions to kmem_layout.h (Max Filippov) - arm64: dts: qcom: pm8150: use qcom,pm8998-pon binding (Dmitry Baryshkov) - ARM: dts: imx: Fix USB host power regulator polarity on M53Menlo (Marek Vasut) - ARM: dts: imx: Add missing pinctrl-names for panel on M53Menlo (Marek Vasut) - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (Shawn Guo) - ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference (Marijn Suijten) - soc: qcom: socinfo: Fixed argument passed to platform_set_data() (Antonio Martorana) - bpf, mips: Validate conditional branch offsets (Piotr Krysiuk) - MIPS: BPF: Restore MIPS32 cBPF JIT (Paul Burton) - ARM: dts: qcom: apq8064: use compatible which contains chipid (David Heidelberg) - ARM: dts: omap3430-sdp: Fix NAND device node (Roger Quadros) - xen/balloon: fix cancelled balloon action (Juergen Gross) - nfsd4: Handle the NFSv4 READDIR dircount hint being zero (Trond Myklebust) - nfsd: fix error handling of register_pernet_subsys() in init_nfsd() (Patrick Ho) - ovl: fix missing negative dentry check in ovl_rename() (Zheng Liang) - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (Neil Armstrong) - xen/privcmd: fix error handling in mmap-resource processing (Jan Beulich) - usb: typec: tcpm: handle SRC_STARTUP state if cc changes (Xu Yang) - USB: cdc-acm: fix break reporting (Johan Hovold) - USB: cdc-acm: fix racy tty buffer accesses (Johan Hovold) - Partially revert usb: Kconfig: using select for USB_COMMON dependency (Ben Hutchings) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-4155 CVE-2021-3640 CVE-2022-0492 CVE-2021-3752 CVE-2021-44733 CVE-2022-0185 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.304.4.1] - Revert rds/ib: Kernel upgrade to rds_ib_conns info displayed by rds-info (Rohit Nair) [Orabug: 33832625] - cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33832582] {CVE-2022-0492} [5.4.17-2136.304.4] - scsi: libiscsi: Fix iscsi_task use after free() (Mike Christie) [Orabug: 33794250] - scsi: libiscsi: Drop taskqueuelock (Mike Christie) [Orabug: 33794250] - ib/core: add SET_DEVICE_OP call for clear_hw_stats() (Qing Huang) [Orabug: 33495339] - KVM: SVM: Dont intercept #GP for SEV guests (Sean Christopherson) [Orabug: 33446920] - Revert KVM: SVM: avoid infinite loop on NPF from bad address (Sean Christopherson) [Orabug: 33446920] - KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests (Sean Christopherson) [Orabug: 33446920] - rds/ib: Kernel upgrade to rds_ib_conns info displayed by rds-info (Rohit Nair) [Orabug: 33660929] - tee: handle lookup of shm with reference count 0 (Jens Wiklander) [Orabug: 33739582] {CVE-2021-44733} - smp: always continue to process IRQ work (Stephen Brennan) [Orabug: 33802464] [5.4.17-2136.304.3] - vfs: fs_context: fix up param length parsing in legacy_parse_param (Jamie Hill-Daniel) [Orabug: 33766454] {CVE-2022-0185} - LTS tag: v5.4.161 (Sherry Yang) - erofs: fix unsafe pagevec reuse of hooked pclusters (Gao Xiang) - erofs: remove the occupied parameter from z_erofs_pagevec_enqueue() (Yue Hu) - PCI: Add MSI masking quirk for Nvidia ION AHCI (Marc Zyngier) - PCI/MSI: Deal with devices lying about their MSI mask capability (Marc Zyngier) - PCI/MSI: Destroy sysfs before freeing entries (Thomas Gleixner) - parisc/entry: fix trace test in syscall exit path (Sven Schnelle) - fortify: Explicitly disable Clang support (Kees Cook) - scsi: ufs: Fix tm request when non-fatal error happens (Jaegeuk Kim) - ext4: fix lazy initialization next schedule time computation in more granular unit (Shaoying Xu) - MIPS: Fix assembly error from MIPSr2 code used within MIPS_ISA_ARCH_LEVEL (Maciej W. Rozycki) - scsi: ufs: Fix interrupt error message for shared interrupts (Adrian Hunter) - soc/tegra: pmc: Fix imbalanced clock disabling in error code path (Dmitry Osipenko) - LTS tag: v5.4.160 (Sherry Yang) [Orabug: 33536399] - selftests/bpf: Fix also no-alu32 strobemeta selftest (Andrii Nakryiko) - ath10k: fix invalid dma_addr_t token assignment (Arnd Bergmann) - SUNRPC: Partial revert of commit 6f9f17287e78 (Trond Myklebust) - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (Pali Rohar) - powerpc/powernv/prd: Unregister OPAL_MSG_PRD2 notifier during module unload (Vasant Hegde) - s390/cio: make ccw_device_dma_* more robust (Halil Pasic) - s390/tape: fix timer initialization in tape_std_assign() (Sven Schnelle) - s390/cio: check the subchannel validity for dev_busid (Vineeth Vijayan) - video: backlight: Drop maximum brightness override for brightness zero (Marek Vasut) - mm, oom: do not trigger out_of_memory from the #PF (Michal Hocko) - mm, oom: pagefault_out_of_memory: dont force global OOM for dying tasks (Vasily Averin) - powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC (Naveen N. Rao) - powerpc/security: Add a helper to query stf_barrier type (Naveen N. Rao) - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (Naveen N. Rao) - powerpc/bpf: Validate branch ranges (Naveen N. Rao) - powerpc/lib: Add helper to check if offset is within conditional branch range (Naveen N. Rao) - ovl: fix deadlock in splice write (Miklos Szeredi) - 9p/net: fix missing error check in p9_check_errors (Dominique Martinet) - net, neigh: Enable state migration between NUD_PERMANENT and NTF_USE (Daniel Borkmann) - f2fs: should use GFP_NOFS for directory inodes (Jaegeuk Kim) - irqchip/sifive-plic: Fixup EOI failed when masked (Guo Ren) - parisc: Fix set_fixmap() on PA1.x CPUs (Helge Deller) - parisc: Fix backtrace to always include init funtion names (Helge Deller) - ARM: 9156/1: drop cc-option fallbacks for architecture selection (Arnd Bergmann) - ARM: 9155/1: fix early early_iounmap() (Michal Miroslaw) - selftests/net: udpgso_bench_rx: fix port argument (Willem de Bruijn) - cxgb4: fix eeprom len when diagnostics not implemented (Rahul Lakkireddy) - net/smc: fix sk_refcnt underflow on linkdown and fallback (Dust Li) - vsock: prevent unnecessary refcnt inc for nonblocking connect (Eiichi Tsukata) - net: hns3: allow configure ETS bandwidth of all TCs (Guangbin Huang) - net/sched: sch_taprio: fix undefined behavior in ktime_mono_to_any (Eric Dumazet) - bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding (John Fastabend) - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (Arnd Bergmann) - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails (Chengfeng Ye) - llc: fix out-of-bound array index in llc_sk_dev_hash() (Eric Dumazet) - perf bpf: Add missing free to bpf_event__print_bpf_prog_info() (Ian Rogers) - zram: off by one in read_block_state() (Dan Carpenter) - mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() (Miaohe Lin) - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (Huang Guobin) - ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses (Hans de Goede) - net: vlan: fix a UAF in vlan_dev_real_dev() (Ziyang Xuan) - net: davinci_emac: Fix interrupt pacing disable (Maxim Kiselev) - xen-pciback: Fix return in pm_ctrl_init() (YueHaibing) - i2c: xlr: Fix a resource leak in the error handling path of xlr_i2c_probe() (Christophe JAILLET) - NFSv4: Fix a regression in nfs_set_open_stateid_locked() (Trond Myklebust) - scsi: qla2xxx: Turn off target reset during issue_lip (Quinn Tran) - scsi: qla2xxx: Fix gnl list corruption (Quinn Tran) - ar7: fix kernel builds for compiler test (Jackie Liu) - watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT (Ahmad Fatoum) - m68k: set a default value for MEMORY_RESERVE (Randy Dunlap) - signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL) (Eric W. Biederman) - dmaengine: dmaengine_desc_callback_valid(): Check for callback_result (Lars-Peter Clausen) - netfilter: nfnetlink_queue: fix OOB when mac header was cleared (Florian Westphal) - soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read (Robert-Ionut Alexa) - auxdisplay: ht16k33: Fix frame buffer device blanking (Geert Uytterhoeven) - auxdisplay: ht16k33: Connect backlight to fbdev (Geert Uytterhoeven) - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (Geert Uytterhoeven) - dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (Claudiu Beznea) - mtd: core: dont remove debugfs directory if device is in use (Zev Weiss) - mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() (Evgeny Novikov) - fs: orangefs: fix error return code of orangefs_revalidate_lookup() (Jia-Ju Bai) - NFS: Fix deadlocks in nfs_scan_commit_list() (Trond Myklebust) - opp: Fix return in _opp_add_static_v2() (YueHaibing) - PCI: aardvark: Fix preserving PCI_EXP_RTCTL_CRSSVE flag on emulated bridge (Pali Rohar) - PCI: aardvark: Dont spam about PIO Response Status (Marek Behun) - drm/plane-helper: fix uninitialized variable reference (Alex Xu (Hello71)) - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (Baptiste Lepers) - rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined (Arnaud Pouliquen) - apparmor: fix error check (Tom Rix) - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (Hans de Goede) - mips: cm: Convert to bitfield API to fix out-of-bounds access (Geert Uytterhoeven) - powerpc/44x/fsp2: add missing of_node_put (Bixuan Cui) - HID: u2fzero: properly handle timeouts in usb_submit_urb (Andrej Shadura) - HID: u2fzero: clarify error check and length calculations (Andrej Shadura) - serial: xilinx_uartps: Fix race condition causing stuck TX (Anssi Hannula) - phy: qcom-qusb2: Fix a memory leak on probe (Vladimir Zapolskiy) - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (Richard Fitzgerald) - ASoC: cs42l42: Correct some register default values (Richard Fitzgerald) - ARM: dts: stm32: fix SAI sub nodes register range (Olivier Moysan) - staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC (Vegard Nossum) - RDMA/mlx4: Return missed an error if device doesnt support steering (Leon Romanovsky) - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (Dan Carpenter) - power: supply: rt5033_battery: Change voltage values to uV (Jakob Hauser) - usb: gadget: hid: fix error code in do_config() (Dan Carpenter) - serial: 8250_dw: Drop wrong use of ACPI_PTR() (Andy Shevchenko) - video: fbdev: chipsfb: use memset_io() instead of memset() (Christophe Leroy) - clk: at91: check pmc node status before registering syscore ops (Clement Leger) - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (Dongliang Mu) - soc/tegra: Fix an error handling path in tegra_powergate_power_up() (Christophe JAILLET) - arm: dts: omap3-gta04a4: accelerometer irq fix (Andreas Kemnade) - ALSA: hda: Reduce udelay() at SKL+ position reporting (Takashi Iwai) - JFS: fix memleak in jfs_mount (Dongliang Mu) - MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT (Jackie Liu) - scsi: dc395: Fix error case unwinding (Tong Zhang) - ARM: dts: at91: tse850: the emac<->phy interface is rmii (Peter Rosin) - arm64: dts: meson-g12a: Fix the pwm regulator supply properties (Anand Moon) - RDMA/bnxt_re: Fix query SRQ failure (Selvin Xavier) - ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY (Marijn Suijten) - arm64: dts: rockchip: Fix GPU register width for RK3328 (Alex Bee) - ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (Jackie Liu) - clk: mvebu: ap-cpu-clk: Fix a memory leak in error handling paths (Christophe JAILLET) - RDMA/rxe: Fix wrong port_cap_flags (Junji Wei) - ibmvnic: Process crqs after enabling interrupts (Sukadev Bhattiprolu) - ibmvnic: dont stop queue in xmit (Sukadev Bhattiprolu) - udp6: allow SO_MARK ctrl msg to affect routing (Jakub Kicinski) - selftests/bpf: Fix fclose/pclose mismatch in test_progs (Andrea Righi) - crypto: pcrypt - Delay write to padata->info (Daniel Jordan) - net: phylink: avoid mvneta warning when setting pause parameters (Russell King (Oracle)) - net: amd-xgbe: Toggle PLL settings during rate change (Shyam Sundar S K) - drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits (Alex Deucher) - wcn36xx: add proper DMA memory barriers in rx path (Benjamin Li) - libertas: Fix possible memory leak in probe and disconnect (Wang Hai) - libertas_tf: Fix possible memory leak in probe and disconnect (Wang Hai) - KVM: s390: Fix handle_sske page fault handling (Janis Schoetterl-Glausch) - samples/kretprobes: Fix return value if register_kretprobe() failed (Tiezhu Yang) - tcp: dont free a FIN sk_buff in tcp_remove_empty_skb() (Jon Maxwell) - irq: mips: avoid nested irq_enter() (Mark Rutland) - s390/gmap: dont unconditionally call pte_unmap_unlock() in __gmap_zap() (David Hildenbrand) - libbpf: Fix BTF data layout checks and allow empty BTF (Andrii Nakryiko) - smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi (Tetsuo Handa) - drm/msm: Fix potential NULL dereference in DPU SSPP (Jessica Zhang) - clocksource/drivers/timer-ti-dm: Select TIMER_OF (Kees Cook) - PM: hibernate: fix sparse warnings (Anders Roxell) - nvme-rdma: fix error code in nvme_rdma_setup_ctrl (Max Gurtovoy) - phy: micrel: ksz8041nl: do not use power down mode (Stefan Agner) - mwifiex: Send DELBA requests according to spec (Jonas Drenler) - rsi: stop thread firstly in rsi_91x_init() error handling (Ziyang Xuan) - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (Lorenzo Bianconi) - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (Nathan Chancellor) - block: ataflop: fix breakage introduced at blk-mq refactoring (Michael Schmitz) - mmc: mxs-mmc: disable regulator on error and in the remove function (Christophe JAILLET) - net: stream: dont purge sk_error_queue in sk_stream_kill_queues() (Jakub Kicinski) - drm/msm: uninitialized variable in msm_gem_import() (Dan Carpenter) - ath10k: fix max antenna gain unit (Sven Eckelmann) - hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (Zev Weiss) - hwmon: Fix possible memleak in __hwmon_device_register() (Yang Yingliang) - net, neigh: Fix NTF_EXT_LEARNED in combination with NTF_USE (Daniel Borkmann) - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (Dan Carpenter) - memstick: avoid out-of-range warning (Arnd Bergmann) - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (Tony Lindgren) - b43: fix a lower bounds test (Dan Carpenter) - b43legacy: fix a lower bounds test (Dan Carpenter) - hwrng: mtk - Force runtime pm ops for sleep ops (Markus Schneider-Pargmann) - crypto: qat - disregard spurious PFVF interrupts (Giovanni Cabiddu) - crypto: qat - detect PFVF collision after ACK (Giovanni Cabiddu) - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (Evgeny Novikov) - netfilter: nft_dynset: relax superfluous check on set updates (Pablo Neira Ayuso) - EDAC/amd64: Handle three rank interleaving mode (Yazen Ghannam) - ath9k: Fix potential interrupt storm on queue reset (Linus Lussing) - media: em28xx: Dont use ops->suspend if it is NULL (Colin Ian King) - cpuidle: Fix kobject memory leaks in error paths (Anel Orazgaliyeva) - crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (Arnd Bergmann) - kprobes: Do not use local variable when creating debugfs file (Punit Agrawal) - media: cx23885: Fix snd_card_free call on null card pointer (Colin Ian King) - media: tm6000: Avoid card name truncation (Kees Cook) - media: si470x: Avoid card name truncation (Kees Cook) - media: radio-wl1273: Avoid card name truncation (Kees Cook) - media: mtk-vpu: Fix a resource leak in the error handling path of mtk_vpu_probe() (Christophe JAILLET) - media: TDA1997x: handle short reads of hdmi info frame. (Tom Rix) - media: dvb-usb: fix ununit-value in az6027_rc_query (Pavel Skripkin) - media: cxd2880-spi: Fix a null pointer dereference on error handling path (Colin Ian King) - media: em28xx: add missing em28xx_close_extension (Pavel Skripkin) - drm/amdgpu: fix warning for overflow check (Arnd Bergmann) - ath10k: Fix missing frame timestamp for beacon/probe-resp (Loic Poulain) - net: dsa: rtl8366rb: Fix off-by-one bug (Linus Walleij) - rxrpc: Fix _usecs_to_jiffies() by using usecs_to_jiffies() (Jiasheng Jiang) - crypto: caam - disable pkc for non-E SoCs (Michael Walle) - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (Dinghao Liu) - wilc1000: fix possible memory leak in cfg_scan_result() (Ajay Singh) - cgroup: Make rebind_subsystems() disable v2 controllers all at once (Waiman Long) - net: net_namespace: Fix undefined member in key_remove_domain() (Yajun Deng) - virtio-gpu: fix possible memory allocation failure (liuyuntao) - drm/v3d: fix wait for TMU write combiner flush (Iago Toral Quiroga) - rcu: Fix existing exp request check in sync_sched_exp_online_cleanup() (Neeraj Upadhyay) - Bluetooth: fix init and cleanup of sco_conn.timeout_work (Desmond Cheong Zhi Xi) - selftests/bpf: Fix strobemeta selftest regression (Andrii Nakryiko) - netfilter: conntrack: set on IPS_ASSURED if flows enters internal stream state (Pablo Neira Ayuso) - parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling (Sven Schnelle) - parisc/unwind: fix unwinder when CONFIG_64BIT is enabled (Sven Schnelle) - task_stack: Fix end_of_stack() for architectures with upwards-growing stack (Helge Deller) - parisc: fix warning in flush_tlb_all (Sven Schnelle) - x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted (Vitaly Kuznetsov) - spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (Yang Yingliang) - btrfs: do not take the uuid_mutex in btrfs_rm_device (Josef Bacik) - net: annotate data-race in neigh_output() (Eric Dumazet) - vrf: run conntrack only in context of lower/physdev for locally generated packets (Florian Westphal) - ARM: 9136/1: ARMv7-M uses BE-8, not BE-32 (Arnd Bergmann) - gre/sit: Dont generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE (Stephen Suryaputra) - ARM: clang: Do not rely on lr register for stacktrace (Masami Hiramatsu) - smackfs: use __GFP_NOFAIL for smk_cipso_doi() (Tetsuo Handa) - iwlwifi: mvm: disable RX-diversity in powersave (Johannes Berg) - selftests: kvm: fix mismatched fclose() after popen() (Shuah Khan) - PM: hibernate: Get block device exclusively in swsusp_check() (Ye Bin) - nvme: drop scan_lock and always kick requeue list when removing namespaces (Hannes Reinecke) - nvmet-tcp: fix use-after-free when a port is removed (Israel Rukshin) - nvmet: fix use-after-free when a port is removed (Israel Rukshin) - block: remove inaccurate requeue check (Jens Axboe) - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (Zheyu Ma) - tracing/cfi: Fix cmp_entries_* functions signature mismatch (Kalesh Singh) - workqueue: make sysfs of unbound kworker cpumask more clever (Menglong Dong) - lib/xz: Validate the value before assigning it to an enum variable (Lasse Collin) - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (Lasse Collin) - memstick: r592: Fix a UAF bug when removing the driver (Zheyu Ma) - leaking_addresses: Always print a trailing newline (Kees Cook) - ACPI: battery: Accept charges over the design capacity as full (Andre Almeida) - iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value (Andreas Gruenbacher) - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (Tuo Li) - tracefs: Have tracefs directories not set OTH permission bits by default (Steven Rostedt (VMware)) - net-sysfs: try not to restart the syscall if it will fail eventually (Antoine Tenart) - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (Anant Thazhemadam) - media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (Ricardo Ribalda) - media: ipu3-imgu: imgu_fmt: Handle properly try (Ricardo Ribalda) - ACPICA: Avoid evaluating methods too early during system resume (Rafael J. Wysocki) - ipmi: Disable some operations during a panic (Corey Minyard) - media: rcar-csi2: Add checking to rcsi2_start_receiver() (Nadezda Lutovinova) - brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet (Hans de Goede) - ia64: dont do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK (Randy Dunlap) - media: mceusb: return without resubmitting URB in case of -EPROTO error. (Rajat Asthana) - media: imx: set a media_device bus_info string (Martin Kepplinger) - media: s5p-mfc: Add checking to s5p_mfc_probe(). (Nadezda Lutovinova) - media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (Tuo Li) - media: uvcvideo: Set unique vdev name based in type (Ricardo Ribalda) - media: uvcvideo: Return -EIO for control errors (Ricardo Ribalda) - media: uvcvideo: Set capability in s_param (Ricardo Ribalda) - media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() (Dmitriy Ulitin) - media: netup_unidvb: handle interrupt properly according to the firmware (Zheyu Ma) - media: mt9p031: Fix corrupted frame after restarting stream (Dirk Bender) - ath10k: high latency fixes for beacon buffer (Alagu Sankar) - mwifiex: Properly initialize private structure on interface type changes (Jonas Drebler) - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (Jonas Drebler) - x86: Increase exception stack sizes (Peter Zijlstra) - smackfs: Fix use-after-free in netlbl_catmap_walk() (Pawan Gupta) - locking/lockdep: Avoid RCU-induced noinstr fail (Peter Zijlstra) - MIPS: lantiq: dma: reset correct number of channel (Aleksander Jan Bajkowski) - MIPS: lantiq: dma: add small delay after reset (Aleksander Jan Bajkowski) - platform/x86: wmi: do not fail if disabling fails (Barnabas Pocze) - drm/panel-orientation-quirks: add Valve Steam Deck (Simon Ser) - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (Takashi Iwai) {CVE-2021-3640} - drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 (Hans de Goede) - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 (Hans de Goede) - drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) (Hans de Goede) - dma-buf: WARN on dmabuf release with pending attachments (Charan Teja Reddy) - USB: chipidea: fix interrupt deadlock (Johan Hovold) - USB: iowarrior: fix control-message timeouts (Johan Hovold) - USB: serial: keyspan: fix memleak on probe errors (Wang Hai) - iio: dac: ad5446: Fix ad5622_write() return value (Pekka Korpinen) - pinctrl: core: fix possible memory leak in pinctrl_enable() (Yang Yingliang) - quota: correct error number in free_dqentry() (Zhang Yi) - quota: check block number when reading the block in quota file (Zhang Yi) - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (Marek Behun) - PCI: aardvark: Fix return value of MSI domain .alloc() method (Marek Behun) - PCI: aardvark: Fix reporting Data Link Layer Link Active (Pali Rohar) - PCI: aardvark: Do not unmask unused interrupts (Pali Rohar) - PCI: aardvark: Fix checking for link up via LTSSM state (Pali Rohar) - PCI: aardvark: Do not clear status bits of masked interrupts (Pali Rohar) - PCI: pci-bridge-emul: Fix emulation of W1C bits (Marek Behun) - xen/balloon: add late_initcall_sync() for initial ballooning done (Juergen Gross) - ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume (Pavel Skripkin) - ALSA: mixer: oss: Fix racy access to slots (Takashi Iwai) - serial: core: Fix initializing and restoring termios speed (Pali Rohar) - powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found (Xiaoming Ni) - can: j1939: j1939_can_recv(): ignore messages with invalid source address (Zhang Changzhong) - can: j1939: j1939_tp_cmd_recv(): ignore abort message in the BAM transport (Zhang Changzhong) - KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (Sean Christopherson) - power: supply: max17042_battery: use VFSOC for capacity when no rsns (Henrik Grimler) - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (Sebastian Krzyszkowiak) - signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT (Eric W. Biederman) - signal: Remove the bogus sigkill_pending in ptrace_stop (Eric W. Biederman) - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (Alok Prasad) - rsi: Fix module dev_oper_mode parameter description (Marek Vasut) - rsi: fix rate mask set leading to P2P failure (Martin Fuzzey) - rsi: fix key enabled check causing unwanted encryption for vap_id > 0 (Martin Fuzzey) - rsi: fix occasional initialisation failure with BT coex (Martin Fuzzey) - wcn36xx: handle connection loss indication (Benjamin Li) - libata: fix checking of DMA state (Reimar Doffinger) - mwifiex: Read a PCI register after writing the TX ring write pointer (Jonas Drebler) - wcn36xx: Fix HT40 capability for 2Ghz band (Loic Poulain) - evm: mark evm_fixmode as __ro_after_init (Austin Kim) - rtl8187: fix control-message timeouts (Johan Hovold) - PCI: Mark Atheros QCA6174 to avoid bus reset (Ingmar Klein) - ath10k: fix division by zero in send path (Johan Hovold) - ath10k: fix control-message timeout (Johan Hovold) - ath6kl: fix control-message timeout (Johan Hovold) - ath6kl: fix division by zero in send path (Johan Hovold) - mwifiex: fix division by zero in fw download path (Johan Hovold) - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (Eric Badger) - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (Krzysztof Kozlowski) - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (Krzysztof Kozlowski) - hwmon: (pmbus/lm25066) Add offset coefficients (Zev Weiss) - ia64: kprobes: Fix to pass correct trampoline address to the handler (Masami Hiramatsu) - btrfs: call btrfs_check_rw_degradable only if there is a missing device (Anand Jain) - btrfs: fix lost error handling when replaying directory deletes (Filipe Manana) - btrfs: clear MISSING device status bit in btrfs_close_one_device (Li Zhang) - net/smc: Correct spelling mistake to TCPF_SYN_RECV (Wen Gu) - nfp: bpf: relax prog rejection for mtu check through max_pkt_offset (Yu Xiao) - vmxnet3: do not stop tx queues after netif_device_detach() (Dongli Zhang) - r8169: Add device 10ec:8162 to driver r8169 (Janghyub Seo) - nvmet-tcp: fix header digest verification (Amit Engel) - drm: panel-orientation-quirks: Add quirk for GPD Win3 (Mario) - watchdog: Fix OMAP watchdog early handling (Walter Stoll) - net: multicast: calculate csum of looped-back and forwarded packets (Cyril Strejc) - spi: spl022: fix Microwire full duplex mode (Thomas Perrot) - nvmet-tcp: fix a memory leak when releasing a queue (Maurizio Lombardi) - bpf: Prevent increasing bpf_jit_limit above max (Lorenz Bauer) - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 (Bryant Mairs) - mmc: winbond: dont build on M68K (Randy Dunlap) - reset: socfpga: add empty driver allowing consumers to probe (Pawel Anikiel) - ARM: dts: sun7i: A20-olinuxino-lime2: Fix ethernet phy-mode (Bastien Roucaries) - hyperv/vmbus: include linux/bitops.h (Arnd Bergmann) - sfc: Dont use netif_info before net_device setup (Erik Ekman) - cavium: Fix return values of the probe function (Zheyu Ma) - scsi: qla2xxx: Fix unmap of already freed sgl (Dmitry Bogdanov) - scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (Zheyu Ma) - cavium: Return negative value when pci_alloc_irq_vectors() fails (Zheyu Ma) - x86/irq: Ensure PI wakeup handler is unregistered before module unload (Sean Christopherson) - x86/cpu: Fix migration safety with X86_BUG_NULL_SEL (Jane Malalane) - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (Tom Lendacky) - fuse: fix page stealing (Miklos Szeredi) - ALSA: timer: Unconditionally unlink slave instances, too (Takashi Iwai) - ALSA: timer: Fix use-after-free problem (Wang Wensheng) - ALSA: synth: missing check for possible NULL after the call to kstrdup (Austin Kim) - ALSA: usb-audio: Add registration quirk for JBL Quantum 400 (Alexander Tsoy) - ALSA: line6: fix control and interrupt message timeouts (Johan Hovold) - ALSA: 6fire: fix control and bulk message timeouts (Johan Hovold) - ALSA: ua101: fix division by zero at probe (Johan Hovold) - ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED (Kai-Heng Feng) - ALSA: hda/realtek: Add quirk for ASUS UX550VE (Takashi Iwai) - ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N (Jaroslav Kysela) - ALSA: hda/realtek: Add quirk for Clevo PC70HS (Tim Crawford) - media: v4l2-ioctl: Fix check_ext_ctrls (Ricardo Ribalda) - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (Sean Young) - media: ite-cir: IR receiver stop working after receive overflow (Sean Young) - crypto: s5p-sss - Add error handling in s5p_aes_probe() (Tang Bin) - firmware/psci: fix application of sizeof to pointer (jing yangyang) - tpm: Check for integer overflow in tpm2_map_response_body() (Dan Carpenter) - parisc: Fix ptrace check on syscall return (Helge Deller) - mmc: dw_mmc: Dont wait for DRTO on Write RSP error (Christian Lohle) - scsi: qla2xxx: Fix use after free in eh_abort path (Quinn Tran) - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (Arun Easi) - libata: fix read log timeout value (Damien Le Moal) - Input: i8042 - Add quirk for Fujitsu Lifebook T725 (Takashi Iwai) - Input: elantench - fix misreporting trackpoint coordinates (Phoenix Huang) - Input: iforce - fix control-message timeout (Johan Hovold) - binder: use cred instead of task for getsecid (Todd Kjos) - binder: use cred instead of task for selinux checks (Todd Kjos) - binder: use euid from cred instead of using task (Todd Kjos) - usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform (Nehal Bakulchandra Shah) - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (Mathias Nyman) - LTS tag: v5.4.159 (Sherry Yang) - rsi: fix control-message timeout (Johan Hovold) - media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (Gustavo A. R. Silva) - staging: rtl8192u: fix control-message timeouts (Johan Hovold) - staging: r8712u: fix control-message timeout (Johan Hovold) - comedi: vmk80xx: fix bulk and interrupt message timeouts (Johan Hovold) - comedi: vmk80xx: fix bulk-buffer overflow (Johan Hovold) - comedi: vmk80xx: fix transfer-buffer overflows (Johan Hovold) - comedi: ni_usb6501: fix NULL-deref in command paths (Johan Hovold) - comedi: dt9812: fix DMA buffers on stack (Johan Hovold) - isofs: Fix out of bound access for corrupted isofs image (Jan Kara) - printk/console: Allow to disable console output by using console= or console=null (Petr Mladek) - binder: dont detect sender/target during buffer cleanup (Todd Kjos) - usb-storage: Add compatibility quirk flags for iODD 2531/2541 (James Buren) - usb: musb: Balance list entry in musb_gadget_queue (Viraj Shah) - usb: gadget: Mark USB_FSL_QE broken on 64-bit (Geert Uytterhoeven) - usb: ehci: handshake CMD_RUN instead of STS_HALT (Neal Liu) - Revert x86/kvm: fix vcpu-id indexed array sizes (Juergen Gross) - LTS tag: v5.4.158 (Sherry Yang) - ARM: 9120/1: Revert amba: make use of -1 IRQs warn (Wang Kefeng) - Revert drm/ttm: fix memleak in ttm_transfered_destroy (Greg Kroah-Hartman) - sfc: Fix reading non-legacy supported link modes (Erik Ekman) - Revert usb: core: hcd: Add support for deferring roothub registration (Greg Kroah-Hartman) - Revert xhci: Set HCD flag to defer primary roothub registration (Greg Kroah-Hartman) - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (Dan Carpenter) - net: ethernet: microchip: lan743x: Fix skb allocation failure (Yuiko Oshino) - vrf: Revert Reset skb conntrack connection... (Eugene Crosser) - scsi: core: Put LLD module refcnt after SCSI device is released (Ming Lei) - LTS tag: v5.4.157 (Sherry Yang) - perf script: Check session->header.env.arch before using it (Song Liu) - KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (Halil Pasic) - KVM: s390: clear kicked_mask before sleeping again (Halil Pasic) - cfg80211: correct bridge/4addr mode check (Janusz Dziedzic) - net: use netif_is_bridge_port() to check for IFF_BRIDGE_PORT (Julian Wiedmann) - sctp: add vtag check in sctp_sf_ootb (Xin Long) - sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (Xin Long) - sctp: add vtag check in sctp_sf_violation (Xin Long) - sctp: fix the processing for COOKIE_ECHO chunk (Xin Long) - sctp: fix the processing for INIT_ACK chunk (Xin Long) - sctp: use init_tag from inithdr for ABORT chunk (Xin Long) - phy: phy_start_aneg: Add an unlocked version (Andrew Lunn) - phy: phy_ethtool_ksettings_get: Lock the phy for consistency (Andrew Lunn) - net/tls: Fix flipped sign in async_wait.err assignment (Daniel Jordan) - net: nxp: lpc_eth.c: avoid hang when bringing interface down (Trevor Woerner) - net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent (Yuiko Oshino) - net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails (Yuiko Oshino) - nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST (Guenter Roeck) - RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (Mark Zhang) - net: Prevent infinite while loop in skb_tx_hash() (Michael Chan) - net: batman-adv: fix error handling (Pavel Skripkin) - regmap: Fix possible double-free in regcache_rbtree_exit() (Yang Yingliang) - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (Clement Besch) - RDMA/mlx5: Set user priority for DCT (Patrisious Haddad) - nvme-tcp: fix data digest pointer calculation (Varun Prakash) - nvmet-tcp: fix data digest pointer calculation (Varun Prakash) - IB/hfi1: Fix abba locking issue with sc_disable() (Mike Marciniszyn) - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (Mike Marciniszyn) - tcp_bpf: Fix one concurrency problem in the tcp_bpf_send_verdict function (Liu Jian) - drm/ttm: fix memleak in ttm_transfered_destroy (Christian Konig) - net: lan78xx: fix division by zero in send path (Johan Hovold) - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (Johannes Berg) - mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit (Haibo Chen) - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (Shawn Guo) - mmc: dw_mmc: exynos: fix the finding clock sample value (Jaehoon Chung) - mmc: cqhci: clear HALT state after CQE enable (Wenbin Mei) - mmc: vub300: fix control-message timeouts (Johan Hovold) - net/tls: Fix flipped sign in tls_err_abort() calls (Daniel Jordan) - Revert net: mdiobus: Fix memory leak in __mdiobus_register (Pavel Skripkin) - nfc: port100: fix using -ERRNO as command type mask (Krzysztof Kozlowski) - ata: sata_mv: Fix the error handling of mv_chip_id() (Zheyu Ma) - Revert pinctrl: bcm: ns: support updated DT binding as syscon subnode (Rafal Milecki) - usbnet: fix error return code in usbnet_probe() (Wang Hai) - usbnet: sanity check for maxpacket (Oliver Neukum) - ipv4: use siphash instead of Jenkins in fnhe_hashfun() (Eric Dumazet) - ipv6: use siphash in rt6_exception_hash() (Eric Dumazet) - powerpc/bpf: Fix BPF_MOD when imm == 1 (Naveen N. Rao) - ARM: 9141/1: only warn about XIP address when not compile testing (Arnd Bergmann) - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (Arnd Bergmann) - ARM: 9134/1: remove duplicate memcpy() definition (Arnd Bergmann) - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (Nick Desaulniers) [5.4.17-2136.304.2] - xfs: only relog deferred intent items if free space in the log gets low (Darrick J. Wong) [Orabug: 33548995] - xfs: expose the log push threshold (Darrick J. Wong) [Orabug: 33548995] - xfs: periodically relog deferred intent items (Darrick J. Wong) [Orabug: 33548995] - xfs: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 33548995] - xfs: change the order in which child and parent defer ops are finished (Darrick J. Wong) [Orabug: 33548995] - hugetlb: remove unnecessary set_page_count in prep_compound_gigantic_page (Mike Kravetz) [Orabug: 33652181] - hugetlb: add hugetlb demote page support (Mike Kravetz) [Orabug: 33652181] - hugetlb: add demote bool to gigantic page routines (Mike Kravetz) [Orabug: 33652181] - hugetlb: add demote hugetlb page sysfs interfaces (Mike Kravetz) [Orabug: 33652181] - hugetlb: before freeing hugetlb page set dtor to appropriate value (Mike Kravetz) [Orabug: 33652181] - hugetlb: drop ref count earlier after page allocation (Mike Kravetz) [Orabug: 33652181] - hugetlb: simplify prep_compound_gigantic_page ref count racing code (Mike Kravetz) [Orabug: 33652181] - hugetlb: address ref count racing in prep_compound_gigantic_page (Mike Kravetz) [Orabug: 33652181] - hugetlb: remove prep_compound_huge_page cleanup (Mike Kravetz) [Orabug: 33652181] - hugetlb: add lockdep_assert_held() calls for hugetlb_lock (Mike Kravetz) [Orabug: 33652181] - Revert Revert net/mlx4_core: Add masking for a few queries on HCA caps (Freddy Carrillo) [Orabug: 33666385] - uek-rpm: configs: disable CONFIG_USB_GADGET (aloktiw) [Orabug: 33730433] - rds: ib: Incorporate the stat counter ib_rdma_flush_mr_pool_avoided in the structure rds_ib_stat_names (Praveen Kumar Kannoju) [Orabug: 33742436] - memcg: fix use-after-free in uncharge_batch (Michal Hocko) [Orabug: 33752722] - xfs: force the log offline when log intent item recovery fails (Darrick J. Wong) [Orabug: 33757272] - xfs: cancel intents immediately if process_intents fails (Darrick J. Wong) [Orabug: 33757272] [5.4.17-2136.304.1] - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33745420] {CVE-2021-4155} - Bluetooth: fix use-after-free error in lock_sock_nested() (Wang ShaoBo) [Orabug: 33406414] {CVE-2021-3752} - x86/mce: Correct the detection of invalid notifier priorities (Zhen Lei) [Orabug: 33427594] - x86/mce/dev-mcelog: Do not update kflags on AMD systems (Smita Koralahalli) [Orabug: 33427594] - x86/MCE/AMD, EDAC/mce_amd: Remove struct smca_hwid.xec_bitmap (Yazen Ghannam) [Orabug: 33427594] - RAS/CEC: Fix cec_init() prototype (Luca Stefani) [Orabug: 33427594] - EDAC/mce_amd: Add new error descriptions for existing types (Yazen Ghannam) [Orabug: 33427594] - x86/mce, EDAC/mce_amd: Print PPIN in machine check records (Smita Koralahalli) [Orabug: 33427594] - x86/mce/dev-mcelog: Fix -Wstringop-truncation warning about strncpy() (Tony Luck) [Orabug: 33427594] - x86/mce: Drop bogus comment about mce.kflags (Tony Luck) [Orabug: 33427594] - EDAC: Drop the EDAC report status checks (Tony Luck) [Orabug: 33427594] - x86/mce: Add mce=print_all option (Tony Luck) [Orabug: 33427594] - x86/mce: Change default MCE logger to check mce->kflags (Tony Luck) [Orabug: 33427594] - x86/mce: Fix all mce notifiers to update the mce->kflags bitmask (Tony Luck) [Orabug: 33427594] - x86/mce: Add a struct mce.kflags field (Tony Luck) [Orabug: 33427594] - x86/mce: Convert the CEC to use the MCE notifier (Tony Luck) [Orabug: 33427594] - x86/mce: Rename first function as early (Tony Luck) [Orabug: 33427594] - x86/mce/amd, edac: Remove report_gart_errors (Borislav Petkov) [Orabug: 33427594] - x86/mce/dev-mcelog: Dynamically allocate space for machine check records (Tony Luck) [Orabug: 33427594] - EDAC/mc: Determine mci pointer from the error descriptor (Robert Richter) [Orabug: 33427594] - EDAC: Store error type in struct edac_raw_error_desc (Robert Richter) [Orabug: 33427594] - x86/mce: Take action on UCNA/Deferred errors again (Jan H. Schonherr) [Orabug: 33427594] - EDAC: Unify the mc_event tracepoint call (Robert Richter) [Orabug: 33427594] - EDAC/ghes: Remove intermediate buffer pvt->detail_location (Robert Richter) [Orabug: 33427594] - xfs: fix an incore inode UAF in xfs_bui_recover (Darrick J. Wong) [Orabug: 33541225] - xfs: clean up xfs_bui_item_recover iget/trans_alloc/ilock ordering (Darrick J. Wong) [Orabug: 33541225] - xfs: clean up bmap intent item recovery checking (Darrick J. Wong) [Orabug: 33541225] - x86/ioremap: Map EFI-reserved memory as encrypted for SEV (Tom Lendacky) [Orabug: 33547490] - efi/mokvar: Reserve the table only if it is in boot services data (Borislav Petkov) [Orabug: 33547490] - efi: mokvar: add missing include of asm/early_ioremap.h (Ard Biesheuvel) [Orabug: 33547490] - efi: mokvar-table: fix some issues in new code (Ard Biesheuvel) [Orabug: 33547490] - efi: Support for MOK variable config table (Lenny Szubowicz) [Orabug: 33547490] - efi: Rename arm-init to efi-init common for all arch (Atish Patra) [Orabug: 33547490] - uek-rpm: Update ol7 locklist with fnic symbols (John Donnelly) [Orabug: 33590906] - uek-rpm: Update ol8 locklist with fnic symbols (John Donnelly) [Orabug: 33590906] - rds_rdma: fix non-determinism when comp_vector is zero (Hakon Bugge) [Orabug: 33616020] - net/mlx4: fix non-determinism when comp_vector is zero (Hakon Bugge) [Orabug: 33616020] - net/mlx5: fix non-determinism when comp_vector is zero (Hakon Bugge) [Orabug: 33616020] - IB/core: Introduce IB_CQ_FORCE_ZERO_CV (Hakon Bugge) [Orabug: 33616020] - Revert net/mlx{4,5}: Fix signed formal parameter (Hakon Bugge) [Orabug: 33616020] - Revert net/mlx{4,5},rds_rdma: fix non-determinism when comp_vector is zero (Hakon Bugge) [Orabug: 33616020] - Revert rds: ib: Fix bug when comp_vector is IB_CQ_FORCE_ZERO_CV (Hakon Bugge) [Orabug: 33616020] - mstflint_access: Update driver code to v4.18.0-1 from Github (Sharath Srinivasan) [Orabug: 33646165] - mstflint_access: Update driver code to v4.17.0-1 from Github (Sharath Srinivasan) [Orabug: 33646165] - Revert io_uring: reinforce cancel on flush during exit (Lee Jones) [Orabug: 33687075] - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (George Kennedy) [Orabug: 33731040] - ocfs2: fix data corruption on truncate (Jan Kara) [Orabug: 33740343] [5.4.17-2136.303.3] - xfs: xfs_defer_capture should absorb remaining transaction reservation (Darrick J. Wong) [Orabug: 33520061] - xfs: xfs_defer_capture should absorb remaining block reservations (Darrick J. Wong) [Orabug: 33520061] - xfs: proper replay of deferred ops queued during log recovery (Darrick J. Wong) [Orabug: 33520061] - xfs: attach inode to dquot in xfs_bui_item_recover (Darrick J. Wong) [Orabug: 33520061] - xfs: log new intent items created as part of finishing recovered intent items (Darrick J. Wong) [Orabug: 33520061] - xfs: spell out the parameter name for ->cancel_item (Christoph Hellwig) [Orabug: 33520061] - xfs: use a xfs_btree_cur for the ->finish_cleanup state (Christoph Hellwig) [Orabug: 33520061] - xfs: turn dfp_done into a xfs_log_item (Christoph Hellwig) [Orabug: 33520061] - xfs: refactor xfs_defer_finish_noroll (Christoph Hellwig) [Orabug: 33520061] - xfs: turn dfp_intent into a xfs_log_item (Christoph Hellwig) [Orabug: 33520061] - xfs: merge the ->diff_items defer op into ->create_intent (Christoph Hellwig) [Orabug: 33520061] - xfs: merge the ->log_item defer op into ->create_intent (Christoph Hellwig) [Orabug: 33520061] - xfs: factor out a xfs_defer_create_intent helper (Christoph Hellwig) [Orabug: 33520061] - sched: Fix Core-wide rq->lock for uninitialized CPUs (Peter Zijlstra) [Orabug: 33568834] - admin-guide/hw-vuln: Rephrase a section of core-scheduling.rst (Fabio M. De Francesco) [Orabug: 33568834] - Documentation: Add usecases, design and interface for core scheduling (Joel Fernandes (Google)) [Orabug: 33568834] - kselftest: Add test for core sched prctl interface (Chris Hyser) [Orabug: 33568834] - sched: prctl() core-scheduling interface (Chris Hyser) [Orabug: 33568834] - sched: Inherit task cookie on fork() (Peter Zijlstra) [Orabug: 33568834] - sched: Trivial core scheduling cookie management (Peter Zijlstra) [Orabug: 33568834] - sched: Migration changes for core scheduling (Aubrey Li) [Orabug: 33568834] - sched: Trivial forced-newidle balancer (Peter Zijlstra) [Orabug: 33568834] - sched/fair: Snapshot the min_vruntime of CPUs on force idle (Joel Fernandes (Google)) [Orabug: 33568834] - sched: Fix priority inversion of cookied task with sibling (Joel Fernandes (Google)) [Orabug: 33568834] - sched/fair: Fix forced idle sibling starvation corner case (Vineeth Pillai) [Orabug: 33568834] - sched: Add core wide task selection and scheduling (Peter Zijlstra) [Orabug: 33568834] - sched: Basic tracking of matching tasks (Peter Zijlstra) [Orabug: 33568834] - sched: Introduce sched_class::pick_task() (Peter Zijlstra) [Orabug: 33568834] - sched: Allow sched_core_put() from atomic context (Peter Zijlstra) [Orabug: 33568834] - sched: Optimize rq_lockp() usage (Peter Zijlstra) [Orabug: 33568834] - sched: Core-wide rq->lock (Peter Zijlstra) [Orabug: 33568834] - sched: Prepare for Core-wide rq->lock (Peter Zijlstra) [Orabug: 33568834] - sched: Wrap rq::lock access (Peter Zijlstra) [Orabug: 33568834] - sched: Provide raw_spin_rq_*lock*() helpers (Peter Zijlstra) [Orabug: 33568834] - sched/fair: Add a few assertions (Peter Zijlstra) [Orabug: 33568834] - sched: Extract the task putting code from pick_next_task() (Chen Yu) [Orabug: 33568834] - rss_stat: add support to detect RSS updates of external mm (Joel Fernandes (Google)) [Orabug: 33568834] - Revert sched: Wrap rq::lock access (Kamalesh Babulal) [Orabug: 33568834] - Revert sched: Introduce sched_class::pick_task() (Kamalesh Babulal) [Orabug: 33568834] - Revert sched: Core-wide rq->lock (Kamalesh Babulal) [Orabug: 33568834] - Revert sched/fair: Add a few assertions (Kamalesh Babulal) [Orabug: 33568834] - Revert sched: Basic tracking of matching tasks (Kamalesh Babulal) [Orabug: 33568834] - Revert sched: Update core scheduler queue when taking cpu online/offline (Kamalesh Babulal) [Orabug: 33568834] - Revert sched: Add core wide task selection and scheduling. (Kamalesh Babulal) [Orabug: 33568834] - Revert sched/fair: wrapper for cfs_rq->min_vruntime (Kamalesh Babulal) [Orabug: 33568834] - Revert sched/fair: core wide vruntime comparison (Kamalesh Babulal) [Orabug: 33568834] - Revert sched: Trivial forced-newidle balancer (Kamalesh Babulal) [Orabug: 33568834] - Revert sched: migration changes for core scheduling (Kamalesh Babulal) [Orabug: 33568834] - Revert sched: cgroup tagging interface for core scheduling (Kamalesh Babulal) [Orabug: 33568834] - Revert sched: Cleanup kABI (Kamalesh Babulal) [Orabug: 33568834] - Revert sched: Enable disabling via CONFIG_SCHED_CORE (Kamalesh Babulal) [Orabug: 33568834] - Revert sched/core: remove undesired trace_printk from core scheduling backport (Kamalesh Babulal) [Orabug: 33568834] - Revert sched/core: cleanup kABI for struct rq (Kamalesh Babulal) [Orabug: 33568834] - RDMA/rxe: Bump up default maximum values used via uverbs (Rao Shoaib) [Orabug: 33615342] - xfs: remove all COW fork extents when remounting readonly (Darrick J. Wong) [Orabug: 33676190] - fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33679803] {CVE-2021-0920} [5.4.17-2136.303.2] - atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait (Zekun Shen) [Orabug: 33594983] {CVE-2021-43975} - RDS/IB: Fix error when trying to unallocate ring buffers (Hans Westgaard Ry) [Orabug: 33620311] - rds/ib: Use both iova and key in free_mr socket call (aru kolappan) [Orabug: 33652503] - sched: Mitigate increased latencies for sysctl_sched_wakeup_granularity. (chris hyser) [Orabug: 33107207] - net/rds: RDS connection shutdown stuck after CQ access violation error (aru kolappan) [Orabug: 33585475] - proc: allow pid_revalidate() during LOOKUP_RCU (Stephen Brennan) [Orabug: 33647511] - selinux: slow_avc_audit has become non-blocking (Al Viro) [Orabug: 33647511] - make dump_common_audit_data() safe to be called from RCU pathwalk (Al Viro) [Orabug: 33647511] - new helper: d_find_alias_rcu() (Al Viro) [Orabug: 33647511] [5.4.17-2136.303.1] - Revert fs: align IOCB_* flags with RWF_* flags (Prasad Singamsetty) [Orabug: 33642850] - ocfs2: fix race between searching chunks and release journal_head from buffer_head (Gautham Ananthakrishna) [Orabug: 33501676] - net: ipv6: Discard next-hop MTU less than minimum link MTU (Georg Kohmann) [Orabug: 33520710] - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (Giovanni Gherdovich) [Orabug: 33542895] - uek-rpm: Add ktime_get_coarse_ts64 to KABI (John Donnelly) [Orabug: 33557973] - EDAC/i10nm: Add detection of memory levels for ICX/SPR servers (Qiuxu Zhuo) [Orabug: 33585319] - EDAC/skx_common: Add new ADXL components for 2-level memory (Qiuxu Zhuo) [Orabug: 33585319] - EDAC, skx_common: Refactor so that we initialize dev in result of adxl decode. (Tony Luck) [Orabug: 33585319] - net/rds: Dont pummel the subnet-manager (Gerd Rausch) [Orabug: 33589566] - rds: ib: Ack seq not always received in monotonic increasing order (Hakon Bugge) [Orabug: 33599862] - rds: ib: Reduce the contention caused by the asynchronous workers to flush the mr pool (Praveen Kumar Kannoju) [Orabug: 33619953] [5.4.17-2136.303.0] - LTS tag: v5.4.156 (Jack Vogel) - pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume() (Fabien Dessenne) - ARM: 9122/1: select HAVE_FUTEX_CMPXCHG (Nick Desaulniers) - tracing: Have all levels of checks prevent recursion (Steven Rostedt (VMware)) - net: mdiobus: Fix memory leak in __mdiobus_register (Yanfei Xu) - Input: snvs_pwrkey - add clk handling (Uwe Kleine-Konig) - ALSA: hda: avoid write to STATESTS if controller is in reset (Kai Vehmanen) - platform/x86: intel_scu_ipc: Update timeout value in comment (Prashant Malani) - isdn: mISDN: Fix sleeping function called from invalid context (Zheyu Ma) - ARM: dts: spear3xx: Fix gmac node (Herve Codina) - net: stmmac: add support for dwmac 3.40a (Herve Codina) - btrfs: deal with errors when checking if a dir entry exists during log replay (Filipe Manana) - gcc-plugins/structleak: add makefile var for disabling structleak (Brendan Higgins) - selftests: netfilter: remove stray bash debug line (Florian Westphal) - netfilter: Kconfig: use default y instead of m for bool config option (Vegard Nossum) - isdn: cpai: check ctr->cnr to avoid array index out of bound (Xiaolong Huang) - nfc: nci: fix the UAF of rf_conn_info object (Lin Ma) - mm, slub: fix potential memoryleak in kmem_cache_open() (Miaohe Lin) - mm, slub: fix mismatch between reconstructed freelist depth and cnt (Miaohe Lin) - powerpc/idle: Dont corrupt back chain when going idle (Michael Ellerman) - KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest (Michael Ellerman) - KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest() (Michael Ellerman) - powerpc64/idle: Fix SP offsets when saving GPRs (Christopher M. Riedl) - audit: fix possible null-pointer dereference in audit_filter_rules (Gaosheng Cui) - ASoC: DAPM: Fix missing kctl change notifications (Takashi Iwai) - ALSA: hda/realtek: Add quirk for Clevo PC50HS (Steven Clarkson) - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (Brendan Grieve) - vfs: check fd has read access in kernel_read_file_from_fd() (Matthew Wilcox (Oracle)) - elfcore: correct reference to CONFIG_UML (Lukas Bulwahn) - ocfs2: mount fails with buffer overflow in strlen (Valentin Vidic) - ocfs2: fix data corruption after conversion from inline format (Jan Kara) - ceph: fix handling of meta errors (Jeff Layton) - can: j1939: j1939_xtp_rx_rts_session_new(): abort TP less than 9 bytes (Zhang Changzhong) - can: j1939: j1939_xtp_rx_dat_one(): cancel session if receive TP.DT with error length (Zhang Changzhong) - can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv (Ziyang Xuan) - can: j1939: j1939_tp_rxtimer(): fix errant alert in j1939_tp_rxtimer (Ziyang Xuan) - can: peak_pci: peak_pci_remove(): fix UAF (Zheyu Ma) - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (Stephane Grosjean) - can: rcar_can: fix suspend/resume (Yoshihiro Shimoda) - net: enetc: fix ethtool counter name for PM0_TERR (Vladimir Oltean) - net: stmmac: Fix E2E delay mechanism (Kurt Kanzenbach) - net: hns3: disable sriov before unload hclge layer (Peng Li) - net: hns3: add limit ets dwrr bandwidth cannot be 0 (Guangbin Huang) - net: hns3: reset DWRR of unused tc to zero (Guangbin Huang) - NIOS2: irqflags: rename a redefined register name (Randy Dunlap) - net: dsa: lantiq_gswip: fix register definition (Aleksander Jan Bajkowski) - lan78xx: select CRC32 (Vegard Nossum) - netfilter: ipvs: make global sysctl readonly in non-init netns (Antoine Tenart) - ASoC: wm8960: Fix clock configuration on slave mode (Shengjiu Wang) - dma-debug: fix sg checks in debug_dma_map_sg() (Gerald Schaefer) - NFSD: Keep existing listeners on portlist error (Benjamin Coddington) - xtensa: xtfpga: Try software restart before simulating CPU reset (Guenter Roeck) - xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF (Max Filippov) - ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default (Eugen Hristev) - tee: optee: Fix missing devices unregister during optee_remove (Sumit Garg) - net: switchdev: do not propagate bridge updates across bridges (Russell King) - parisc: math-emu: Fix fall-through warnings (Helge Deller) - LTS tag: v5.4.155 (Jack Vogel) - ionic: dont remove netdev->dev_addr when syncing uc list (Shannon Nelson) - r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256 (Vegard Nossum) - qed: Fix missing error code in qed_slowpath_start() (chongjiapeng) - mqprio: Correct stats in mqprio_dump_class_stats(). (Sebastian Andrzej Siewior) - acpi/arm64: fix next_platform_timer() section mismatch error (Jackie Liu) - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (Dan Carpenter) - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (Dan Carpenter) - drm/msm: Fix null pointer dereference on pointer edp (Colin Ian King) - drm/panel: olimex-lcd-olinuxino: select CRC32 (Vegard Nossum) - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (Vadim Pasternak) - mlxsw: thermal: Fix out-of-bounds memory accesses (Ido Schimmel) - ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (Wang Hai) - pata_legacy: fix a couple uninitialized variable bugs (Dan Carpenter) - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (Ziyang Xuan) - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (Ziyang Xuan) - nfc: fix error handling of nfc_proto_register() (Ziyang Xuan) - ethernet: s2io: fix setting mac address during resume (Arnd Bergmann) - net: encx24j600: check error in devm_regmap_init_encx24j600 (Nanyong Sun) - net: stmmac: fix get_hw_feature() on old hardware (Herve Codina) - net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (Aya Levin) - net: korina: select CRC32 (Vegard Nossum) - net: arc: select CRC32 (Vegard Nossum) - gpio: pca953x: Improve bias setting (Andy Shevchenko) - iio: dac: ti-dac5571: fix an error code in probe() (Dan Carpenter) - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (Dan Carpenter) - iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (Dan Carpenter) - iio: light: opt3001: Fixed timeout error when 0 lux (Jiri Valek - 2N) - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (Hui Liu) - iio: adc128s052: Fix the error handling path of adc128_probe() (Christophe JAILLET) - iio: adc: aspeed: set driver data when adc probe. (Billy Tsai) - powerpc/xive: Discard disabled interrupts in get_irqchip_state() (Cedric Le Goater) - x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically (Borislav Petkov) - nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells (Stephen Boyd) - EDAC/armada-xp: Fix output of uncorrectable error counter (Hans Potsch) - virtio: write back F_VERSION_1 before validate (Halil Pasic) - USB: serial: option: add prod. id for Quectel EG91 (Tomaz Solc) - USB: serial: option: add Telit LE910Cx composition 0x1204 (Daniele Palmas) - USB: serial: option: add Quectel EC200S-CN module support (Yu-Tung Chang) - USB: serial: qcserial: add EM9191 QDL support (Aleksander Morgado) - Input: xpad - add support for another USB ID of Nacon GC-100 (Michael Cullen) - usb: musb: dsps: Fix the probe error path (Miquel Raynal) - efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() (Zhang Jianhua) - efi/cper: use stack buffer for error record decoding (Ard Biesheuvel) - cb710: avoid NULL pointer subtraction (Arnd Bergmann) - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (Nikolay Martynov) - xhci: Fix command ring pointer corruption while aborting a command (Pavankumar Kondeti) - xhci: guard accesses to ep_state in xhci_endpoint_reset() (Jonathan Bell) - mei: me: add Ice Lake-N device id. (Andy Shevchenko) - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (James Morse) - watchdog: orion: use 0 for unset heartbeat (Chris Packham) - btrfs: check for error when looking up inode during dir entry replay (Filipe Manana) - btrfs: deal with errors when adding inode reference during log replay (Filipe Manana) - btrfs: deal with errors when replaying dir entry during log replay (Filipe Manana) - btrfs: unlock newly allocated extent buffer after error (Qu Wenruo) - csky: Fixup regs.sr broken in ptrace (Guo Ren) - csky: dont let sigreturn play with priveleged bits of status register (Al Viro) - s390: fix strrchr() implementation (Roberto Sassu) - nds32/ftrace: Fix Error: invalid operands (*UND* and *UND* sections) for ^ (Steven Rostedt) - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (Hui Wang) - ALSA: hda/realtek - ALC236 headset MIC recording issue (Kailang Yang) - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (Werner Sembach) - ALSA: hda/realtek: Complete partial device name to avoid ambiguity (Werner Sembach) - ALSA: seq: Fix a potential UAF by wrong private_free call order (Takashi Iwai) - ALSA: usb-audio: Add quirk for VF0770 (Jonas Hahnfeld) - ovl: simplify file splice (Miklos Szeredi) - LTS tag: v5.4.154 (Jack Vogel) - sched: Always inline is_percpu_thread() (Peter Zijlstra) - scsi: virtio_scsi: Fix spelling mistake Unsupport -> Unsupported (Colin Ian King) - scsi: ses: Fix unsigned comparison with less than zero (Jiapeng Chong) - drm/amdgpu: fix gart.bo pin_count leak (Leslie Shi) - net: sun: SUNVNET_COMMON should depend on INET (Randy Dunlap) - mac80211: check return value of rhashtable_init (MichelleJin) - net: prevent user from passing illegal stab size - m68k: Handle arrivals of multiple signals correctly (Al Viro) - mac80211: Drop frames from invalid MAC address in ad-hoc mode (YueHaibing) - netfilter: nf_nat_masquerade: defer conntrack walk to work queue (Florian Westphal) - netfilter: nf_nat_masquerade: make async masq_inet6_event handling generic (Florian Westphal) - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (Joshua-Dickens) - netfilter: ip6_tables: zero-initialize fragment offset (Jeremy Sowden) - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (Mizuho Mori) - ext4: correct the error path of ext4_write_inline_data_end() (Zhang Yi) - net: phy: bcm7xxx: Fixed indirect MMD operations (Florian Fainelli) - LTS tag: v5.4.153 (Jack Vogel) - x86/Kconfig: Correct reference to MWINCHIP3D (Lukas Bulwahn) - x86/hpet: Use another crystalball to evaluate HPET usability (Thomas Gleixner) - x86/platform/olpc: Correct ifdef symbol to intended CONFIG_OLPC_XO15_SCI (Lukas Bulwahn) - RISC-V: Include clone3() on rv32 (Palmer Dabbelt) - bpf, s390: Fix potential memory leak about jit_data (Tiezhu Yang) - i2c: acpi: fix resource leak in reconfiguration device addition (Jamie Iles) - net: prefer socket bound to interface when not in VRF (Mike Manning) - i40e: Fix freeing of uninitialized misc IRQ vector (Sylwester Dziedziuch) - i40e: fix endless loop under rtnl (Jiri Benc) - gve: fix gve_get_stats() (Eric Dumazet) - rtnetlink: fix if_nlmsg_stats_size() under estimation (Eric Dumazet) - gve: Correct available tx qpl check (Catherine Sullivan) - drm/nouveau/debugfs: fix file release memory leak (Yang Yingliang) - video: fbdev: gbefb: Only instantiate device when built for IP32 (Mark Brown) - bus: ti-sysc: Use CLKDM_NOAUTO for dra7 dcan1 for errata i893 (Tony Lindgren) - netlink: annotate data races around nlk->bound (Eric Dumazet) - net: sfp: Fix typo in state machine debug string (Sean Anderson) - net/sched: sch_taprio: properly cancel timer from taprio_destroy() (Eric Dumazet) - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (Eric Dumazet) - ARM: imx6: disable the GIC CPU interface before calling stby-poweroff sequence (Oleksij Rempel) - arm64: dts: ls1028a: add missing CAN nodes (Michael Walle) - arm64: dts: freescale: Fix SP805 clock-names (Andre Przywara) - ptp_pch: Load module automatically if ID matches (Andy Shevchenko) - powerpc/fsl/dts: Fix phy-connection-type for fm1mac3 (Pali Rohar) - net_sched: fix NULL deref in fifo_set_limit() (Eric Dumazet) - phy: mdio: fix memory leak (Pavel Skripkin) - bpf, arm: Fix register clobbering in div/mod implementation (Johan Almbladh) - xtensa: call irqchip_init only when CONFIG_USE_OF is selected (Max Filippov) - xtensa: use CONFIG_USE_OF instead of CONFIG_OF (Randy Dunlap) - xtensa: move XCHAL_KIO_* definitions to kmem_layout.h (Max Filippov) - arm64: dts: qcom: pm8150: use qcom,pm8998-pon binding (Dmitry Baryshkov) - ARM: dts: imx: Fix USB host power regulator polarity on M53Menlo (Marek Vasut) - ARM: dts: imx: Add missing pinctrl-names for panel on M53Menlo (Marek Vasut) - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (Shawn Guo) - ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference (Marijn Suijten) - soc: qcom: socinfo: Fixed argument passed to platform_set_data() (Antonio Martorana) - bpf, mips: Validate conditional branch offsets (Piotr Krysiuk) - MIPS: BPF: Restore MIPS32 cBPF JIT (Paul Burton) - ARM: dts: qcom: apq8064: use compatible which contains chipid (David Heidelberg) - ARM: dts: omap3430-sdp: Fix NAND device node (Roger Quadros) - xen/balloon: fix cancelled balloon action (Juergen Gross) - nfsd4: Handle the NFSv4 READDIR dircount hint being zero (Trond Myklebust) - nfsd: fix error handling of register_pernet_subsys() in init_nfsd() (Patrick Ho) - ovl: fix missing negative dentry check in ovl_rename() (Zheng Liang) - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (Neil Armstrong) - xen/privcmd: fix error handling in mmap-resource processing (Jan Beulich) - usb: typec: tcpm: handle SRC_STARTUP state if cc changes (Xu Yang) - USB: cdc-acm: fix break reporting (Johan Hovold) - USB: cdc-acm: fix racy tty buffer accesses (Johan Hovold) - Partially revert 'usb: Kconfig: using select for USB_COMMON dependency' (Ben Hutchings) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0185 CVE-2021-3752 CVE-2021-3640 CVE-2021-44733 CVE-2022-0492 CVE-2021-4155 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 6 [0.14-11.0.1] - precalculate buffer size in base64 functions [Orabug: 33835910][CVE-2021-45417] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-45417 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 8 hivex [1.3.18-21] - Bounds check for block exceeding page length (CVE-2021-3504) resolves: rhbz#1950501 libguestfs [1.40.2-28.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.40.2-28] - daemon: lvm: Use lvcreate --yes to avoid interactive prompts resolves: rhbz#1933640 [1:1.40.2-27] - selinux-relabel does not work if SELINUXTYPE != targeted - tar-in command does not allow restoring file capabilities resolves: rhbz#1384241 rhbz#1828952 [1:1.40.2-26] - insufficient default memsize to open anaconda default RHEL 8.2 luks device resolves: rhbz#1837765 libnbd [1.2.2] - Resolves: bz#1844296 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) libvirt [5.7.0-32.el8] - qemu: Validate config->exadata before reaping guests (Wim ten Have) [Orabug: 33763967] - qemu: Make vNUMA/SMT pCPU packing L3-cache aware on AMD/E4 (Wim ten Have) [Orabug: 33268059] - qemu: work exadataConfig flags directly from the QEMUdriver structure (Wim ten Have) [Orabug: 33268059] - qemu: Label restore path outside of secdriver transactions (Michal Privoznik) [Orabug: 33351242] - security: Introduce virSecurityManagerDomainSetPathLabelRO (Michal Privoznik) [Orabug: 33351242] libvirt-python [5.7.0-1.el8] - libvirt-python.spec: Add a .spec file for libvirt-python qemu-kvm [4.2.1.15.el8] - qemu-kvm.spec: Add support for reading vmdk, vhdx, vpc, https, and ssh disk image formats from qemu-kvm (Karl Heubaum) [Orabug: 33741340] - Document CVE-2021-4158 and CVE-2021-3947 as fixed (Mark Kanda) [Orabug: 33719302] [Orabug: 33754145] {CVE-2021-4158} {CVE-2021-3947} - hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196 (Philippe Mathieu-Daude) [Orabug: 32439466] {CVE-2021-20196} - hw/block/fdc: Extract blk_create_empty_drive() (Philippe Mathieu-Daude) [Orabug: 32439466] {CVE-2021-20196} - net: vmxnet3: validate configuration values during activate (CVE-2021-20203) (Prasad J Pandit) [Orabug: 32559476] {CVE-2021-20203} - lan9118: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416} - pcnet: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416} - rtl8139: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416} - tx_pkt: switch to use qemu_receive_packet_iov() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - sungem: switch to use qemu_receive_packet() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - dp8393x: switch to use qemu_receive_packet() for loopback packet (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - e1000: switch to use qemu_receive_packet() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - net: introduce qemu_receive_packet() (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - target/i386: Populate x86_ext_save_areas offsets using cpuid where possible (Paolo Bonzini) - target/i386: Observe XSAVE state area offsets (Paolo Bonzini) - target/i386: Make x86_ext_save_areas visible outside cpu.c (Paolo Bonzini) - target/i386: Pass buffer and length to XSAVE helper (Paolo Bonzini) - target/i386: Clarify the padding requirements of X86XSaveArea (Paolo Bonzini) - target/i386: Consolidate the X86XSaveArea offset checks (Paolo Bonzini) - target/i386: Declare constants for XSAVE offsets (Paolo Bonzini) [4.2.1-14.el8] - scsi: fix sense code for EREMOTEIO (Paolo Bonzini) [Orabug: 33537443] - scsi: move host_status handling into SCSI drivers (Hannes Reinecke) [Orabug: 33537443] - scsi: inline sg_io_sense_from_errno() into the callers (Hannes Reinecke) [Orabug: 33537443] - scsi-generic: do not snoop the output of failed commands (Paolo Bonzini) [Orabug: 33537443] - scsi: Add mapping for generic SCSI_HOST status to sense codes (Hannes Reinecke) [Orabug: 33537443] - scsi: Rename linux-specific SG_ERR codes to generic SCSI_HOST error codes (Hannes Reinecke) [Orabug: 33537443] - scsi: drop 'result' argument from command_complete callback (Hannes Reinecke) [Orabug: 33537443] - scsi-disk: pass guest recoverable errors through even for rerror=stop (Paolo Bonzini) [Orabug: 33537443] - scsi-disk: pass SCSI status to scsi_handle_rw_error (Paolo Bonzini) [Orabug: 33537443] - scsi: introduce scsi_sense_from_errno() (Paolo Bonzini) [Orabug: 33537443] - scsi-disk: do not complete requests early for rerror/werror=ignore (Paolo Bonzini) [Orabug: 33537443] - scsi-disk: move scsi_handle_rw_error earlier (Paolo Bonzini) [Orabug: 33537443] - scsi-disk: convert more errno values back to SCSI statuses (Paolo Bonzini) [Orabug: 33537443] [4.2.1-13.el8] - pcie: Do not set power state for some hot-plugged devices (Annie Li) [Orabug: 33642532] [4.2.1-12.1.el8] - Update slirp to address various CVEs (Mark Kanda) [Orabug: 32208456] [Orabug: 33014409] [Orabug: 33014414] [Orabug: 33014417] [Orabug: 33014420] {CVE-2020-29129} {CVE-2020-29130} {CVE-2021-3592} {CVE-2021-3593} {CVE-2021-3594} {CVE-2021-3595} - hw/pflash_cfi01: Allow backing devices to be smaller than memory region (David Edmondson) - pcie: expire pending delete (Gerd Hoffmann) [Orabug: 33450706] - pcie: fast unplug when slot power is off (Gerd Hoffmann) [Orabug: 33450706] - pcie: factor out pcie_cap_slot_unplug() (Gerd Hoffmann) [Orabug: 33450706] - pcie: add power indicator blink check (Gerd Hoffmann) [Orabug: 33450706] - pcie: implement slot power control for pcie root ports (Gerd Hoffmann) [Orabug: 33450706] - pci: implement power state (Gerd Hoffmann) [Orabug: 33450706] - hw/pci/pcie: Move hot plug capability check to pre_plug callback (Julia Suvorova) [Orabug: 33450706] - hw/pci/pcie: Replace PCI_DEVICE() casts with existing variable (Julia Suvorova) [Orabug: 33450706] - hw/pci/pcie: Forbid hot-plug if it's disabled on the slot (Julia Suvorova) [Orabug: 33450706] - pcie_root_port: Add hotplug disabling option (Julia Suvorova) [Orabug: 33450706] - qdev-monitor: Forbid repeated device_del (Julia Suvorova) [Orabug: 33450706] - i386:acpi: Remove _HID from the SMBus ACPI entry (Corey Minyard) - uas: add stream number sanity checks (Gerd Hoffmann) [Orabug: 33280793] {CVE-2021-3713} - usbredir: fix free call (Gerd Hoffmann) [Orabug: 33198441] {CVE-2021-3682} - hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands (Mauro Matteo Cascella) [Orabug: 33548490] {CVE-2021-3930} - e1000: fix tx re-entrancy problem (Jon Maloy) [Orabug: 32560552] {CVE-2021-20257} - virtio-net-pci: Don't use 'efi-virtio.rom' on AArch64 (Mark Kanda) [Orabug: 33537594] - MAINTAINERS: Add ACPI/HEST/GHES entries (Dongjiu Geng) - target-arm: kvm64: handle SIGBUS signal from kernel or KVM (Dongjiu Geng) - ACPI: Record Generic Error Status Block(GESB) table (Dongjiu Geng) - KVM: Move hwpoison page related functions into kvm-all.c (Dongjiu Geng) - ACPI: Record the Generic Error Status Block address (Dongjiu Geng) - ACPI: Build Hardware Error Source Table (Dongjiu Geng) - ACPI: Build related register address fields via hardware error fw_cfg blob (Dongjiu Geng) - docs: APEI GHES generation and CPER record description (Dongjiu Geng) - hw/arm/virt: Introduce a RAS machine option (Dongjiu Geng) - acpi: nvdimm: change NVDIMM_UUID_LE to a common macro (Dongjiu Geng) - block/curl: HTTP header field names are case insensitive (David Edmondson) [Orabug: 33287589] - block/curl: HTTP header fields allow whitespace around values (David Edmondson) [Orabug: 33287589] [4.2.1-11.el8] - trace: use STAP_SDT_V2 to work around symbol visibility (Stefan Hajnoczi) [Orabug: 33272428] [4.2.1-11.el8] - pvrdma: Fix the ring init error flow (Marcel Apfelbaum) [Orabug: 33120142] {CVE-2021-3608} - pvrdma: Ensure correct input on ring init (Marcel Apfelbaum) [Orabug: 33120146] {CVE-2021-3607} - hw/rdma: Fix possible mremap overflow in the pvrdma device (Marcel Apfelbaum) [Orabug: 33120084] {CVE-2021-3582} - vhost-user-gpu: reorder free calls (Gerd Hoffmann) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: abstract vg_cleanup_mapping_iov (Li Qiang) [Orabug: 32950716] {CVE-2021-3546} - vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' (Li Qiang) [Orabug: 32950716] {CVE-2021-3546} - vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix memory leak in vg_resource_attach_backing (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info (Li Qiang) [Orabug: 32950708] {CVE-2021-3545} - usb: limit combined packets to 1 MiB (Gerd Hoffmann) [Orabug: 32842778] {CVE-2021-3527} - usb/redir: avoid dynamic stack allocation (Gerd Hoffmann) [Orabug: 32842778] {CVE-2021-3527} - mptsas: Remove unused MPTSASState 'pending' field (Michael Tokarev) [Orabug: 32470463] {CVE-2021-3392} - oslib-posix: initialize backend memory objects in parallel (Mark Kanda) [Orabug: 32555402] - oslib-posix: refactor memory prealloc threads (Mark Kanda) [Orabug: 32555402] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-3593 CVE-2021-3713 CVE-2020-29130 CVE-2021-3594 CVE-2021-3595 CVE-2021-20257 CVE-2021-4158 CVE-2021-3947 CVE-2021-20203 CVE-2021-20196 CVE-2021-3416 CVE-2020-29129 CVE-2021-3592 CVE-2021-3930 CVE-2021-3682 cpe:/a:oracle:linux:8::kvm_appstream Oracle Linux 7 [1.10.4.custom-4.0.1] - Backport jQuery CVE-2020-11022 and CVE-2020-11023 fixes to bundled jQuery v1.10.2 [Orabug: 33869588] [1.10.4.custom-4] - removed %%defattr from specfile - removed Group from specfile - removed BuildRoot from specfiles * Tue May 10 2016 Grant Gainey 1.10.4.custom-3 - jquery-ui: build on openSUSE [1.10.4.custom-2] - fix jquery-ui source url [1.10.4.custom-1] - initial jquery-ui build IMPORTANT Copyright 2022 Oracle, Inc. CVE-2020-11023 CVE-2020-11022 cpe:/a:oracle:linux:7::oraclelinuxmanager210_server Oracle Linux 7 [4.14.35-2047.511.5.2] - cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33876756] {CVE-2022-0492} - scsi: libiscsi: Hold back_lock when calling iscsi_complete_task (Gulam Mohamed) [Orabug: 33876755] [4.14.35-2047.511.5.1] - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (Ard Biesheuvel) [Orabug: 33836770] [4.14.35-2047.511.5] - irq/msi: add extra step when both old and new affinity are not current cpu (Joe Jin) [Orabug: 33789982] - Revert rds/ib: Kernel change to extend rds-info functionality (Rohit Nair) [Orabug: 33795472] - smp: always continue to process IRQ work (Stephen Brennan) [Orabug: 33775326] - scsi: libiscsi: Fix iscsi_task use after free() (Mike Christie) [Orabug: 33674803] - scsi: libiscsi: Drop taskqueuelock (Mike Christie) [Orabug: 33674803] - netfilter: fix regression in looped (broad|multi)casts MAC handling (Ignacy Gawedzki) - PM: hibernate: use correct mode for swsusp_close() (Thomas Zeitlhofer) - tracefs: Set all files to the same group ownership as the mount option (Steven Rostedt (VMware)) - binder: fix test regression due to sender_euid change (Todd Kjos) - IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() (Jose Exposito) [4.14.35-2047.511.4] - net/rds: Refactor rds_ib_recv_refill_one (Freddy Carrillo) [Orabug: 33811840] - net/rds: RDS connection shutdown stuck after CQ access violation error (aru kolappan) [Orabug: 33811824] - ocfs2: fix race between searching chunks and release journal_head from buffer_head (Gautham Ananthakrishna) [Orabug: 33811779] - rds: ib: Ack seq not always received in monotonic increasing order (Hakon Bugge) [Orabug: 33810922] - arm64: pcie: Intercept Pensando specific SError (Henry Willard) [Orabug: 33811771] - arm64: pcie: Change bad_mode hook to cap_pciep_access_in_progress() (Henry Willard) [Orabug: 33811771] - arm64: pcie: Remove Pensando SError trapping patch (Henry Willard) [Orabug: 33811771] - take care multiple extents in CoW extent converting (Wengang Wang) [Orabug: 33811755] [4.14.35-2047.511.3] - scsi: vmw_pvscsi: Set residual data length conditionally (Alexey Makhalov) [Orabug: 33761308] - xfs: force the log offline when log intent item recovery fails (Darrick J. Wong) [Orabug: 33757273] - xfs: cancel intents immediately if process_intents fails (Darrick J. Wong) [Orabug: 33757273] - arm64/efi: remove spurious WARN_ON for !4K kernels (Mark Rutland) [Orabug: 33749641] - irqchip/gic-v3-its: Allow use of LPI tables in reserved memory (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Register LPI tables with EFI config table (Marc Zyngier) [Orabug: 33749641] - efi: add API to reserve memory persistently across kexec reboot (Ard Biesheuvel) [Orabug: 33749641] - efi/arm: libstub: add a root memreserve config table (Ard Biesheuvel) [Orabug: 33749641] - efi: honour memory reservations passed via a linux specific config table (Ard Biesheuvel) [Orabug: 33749641] - irqchip/gic-v3-its: Check that all RDs have the same property table (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Use pre-programmed redistributor tables with kdump kernels (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Allow use of pre-programmed LPI tables (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Keep track of property tables PA and VA (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Move pending table allocation to init time (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Split property table clearing from allocation (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Simplify LPI_PENDBASE_SZ usage (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Change initialization ordering for LPIs (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Cap lpi_id_bits to reduce memory footprint (Jia He) [Orabug: 33749641] - irqchip/gic-v3-its: Make its_lock a raw_spin_lock_t (Sebastian Andrzej Siewior) [Orabug: 33749641] - irqchip/gic-v3-its: Honor hypervisor enforced LPI range (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3: Expose GICD_TYPER in the rdist structure (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Drop chunk allocation compatibility (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Move minimum LPI requirements to individual busses (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Use full range of LPIs (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Refactor LPI allocator (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Fix reprogramming of redistributors on CPU hotplug (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Only emit VSYNC if targetting a valid collection (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Only emit SYNC if targetting a valid collection (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3: Ensure GICR_CTLR.EnableLPI=0 is observed before enabling (Shanker Donthineni) [Orabug: 33749641] - irqchip/gic-v3-its: Pass its_node pointer to each command builder (Marc Zyngier) [Orabug: 33749641] - tee: handle lookup of shm with reference count 0 (Jens Wiklander) [Orabug: 33739583] {CVE-2021-44733} - rds/ib: Kernel change to extend rds-info functionality (Rohit Nair) [Orabug: 33660978] - net/mlx5: Fix eeprom support for SFP module (Eran Ben Elisha) [Orabug: 33541468] - x86/vector: search CPU vector starts from last successfully assigned (Joe Jin) [Orabug: 33290504] [4.14.35-2047.511.2] - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33756155] {CVE-2021-4155} - net/mlx5e: ethtool, Add support for EEPROM high pages query (Erez Alfasi) [Orabug: 33755527] - ethtool: Add SFF-8436 and SFF-8636 max EEPROM length definitions (Erez Alfasi) [Orabug: 33755527] - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (George Kennedy) [Orabug: 33731361] - uek-rpm: configs: disable CONFIG_USB_GADGET (aloktiw) [Orabug: 33730434] - rds: ib: Incorporate the stat counter ib_rdma_flush_mr_pool_avoided in the structure rds_ib_stat_names (Praveen Kumar Kannoju) [Orabug: 33720886] - panic: reinitialize logbuf locks before notifiers (Stephen Brennan) [Orabug: 33703438] - panic: disable optimistic spin after halting CPUs (Stephen Brennan) [Orabug: 33703438] - atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait (Zekun Shen) [Orabug: 33594985] {CVE-2021-43975} - x86/MCE/AMD, EDAC/mce_amd: Remove struct smca_hwid.xec_bitmap (Yazen Ghannam) [Orabug: 33427596] - EDAC/mce_amd: Add new error descriptions for existing types (Yazen Ghannam) [Orabug: 33427596] - x86/mce, EDAC/mce_amd: Print PPIN in machine check records (Smita Koralahalli) [Orabug: 33427596] - x86/mce/amd, edac: Remove report_gart_errors (Borislav Petkov) [Orabug: 33427596] - x86/mce/amd: Add PPIN support for AMD MCE (Wei Huang) [Orabug: 33427596] - x86/mce: Take action on UCNA/Deferred errors again (Jan H. Schonherr) [Orabug: 33427596] - xen/mcelog: add PPIN to record when available (Jan Beulich) [Orabug: 33427596] - xen/mcelog: drop __MC_MSR_MCGCAP (Jan Beulich) [Orabug: 33427596] - x86/MCE/AMD: Dont report L1 BTB MCA errors on some family 17h models (Yazen Ghannam) [Orabug: 33427596] - x86/MCE: Add an MCE-record filtering function (Yazen Ghannam) [Orabug: 33427596] - EDAC, mce_amd: Print ExtErrorCode and description on a single line (Yazen Ghannam) [Orabug: 33427596] - mstflint_access: Update driver code to v4.18.0-1 from Github (Sharath Srinivasan) [Orabug: 33186485] - mstflint_access: Update driver code to v4.17.0-1 from Github (Sharath Srinivasan) [Orabug: 33186485] - mstflint_access: Add README.txt (Sharath Srinivasan) [Orabug: 33186485] - Revert Revert net/mlx4_core: Add masking for a few queries on HCA caps (Freddy Carrillo) [Orabug: 32603654] [4.14.35-2047.511.1] - uek-rpm: Update ol7 locklist with fnic symbols (Saeed Mirzamohammadi) [Orabug: 33590914] - mm, oom: dump stack of victim when reaping failed (David Rientjes) [Orabug: 33647102] - memcg: prohibit unconditional exceeding the limit of dying tasks (Vasily Averin) [Orabug: 33647102] - memcg: enable memcg oom-kill for __GFP_NOFAIL (Shakeel Butt) [Orabug: 33647102] - memcg, oom: no oom-kill for __GFP_RETRY_MAYFAIL (Shakeel Butt) [Orabug: 33647102] - memcg: killed threads should not invoke memcg OOM killer (Tetsuo Handa) [Orabug: 33647102] - memcg, oom: notify on oom killer invocation from the charge path (Michal Hocko) [Orabug: 33647102] - mm: memcontrol: print proper OOM header when no eligible victim left (Johannes Weiner) [Orabug: 33647102] - memcg, oom: move out_of_memory back to the charge path (Michal Hocko) [Orabug: 33647102] - rds/ib: Use both iova and key in free_mr socket call (aru kolappan) [Orabug: 33671340] - arm64: kexec: Suppress kexec on embedded systems (smartnics) (Henry Willard) [Orabug: 33699776] - fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33679805] {CVE-2021-0920} - fs: add fget_many() and fput_many() (Jens Axboe) [Orabug: 33679805] - xfs: remove all COW fork extents when remounting readonly (Darrick J. Wong) [Orabug: 33676191] - RDS/IB: Fix error when trying to unallocate ring buffers (Hans Westgaard Ry) [Orabug: 33620350] - net: macsec: Severe performance regression in ...preserve ordering (Venkat Venkatsubra) [Orabug: 33557957] - Linux 4.14.256 (Greg Kroah-Hartman) - soc/tegra: pmc: Fix imbalanced clock disabling in error code path (Dmitry Osipenko) - usb: max-3421: Use driver data instead of maintaining a list of bound devices (Uwe Kleine-Konig) - RDMA/netlink: Add __maybe_unused to static inline in C file (Leon Romanovsky) - batman-adv: Dont always reallocate the fragmentation skb head (Sven Eckelmann) - batman-adv: Reserve needed_*room for fragments (Sven Eckelmann) - batman-adv: Consider fragmentation for needed_headroom (Sven Eckelmann) - batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh (Linus Lussing) - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN (Linus Lussing) - perf/core: Avoid put_page() when GUP fails (Greg Thelen) - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (hongao) - drm/udl: fix control-message timeout (Johan Hovold) - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (Nguyen Dinh Phi) - parisc/sticon: fix reverse colors (Sven Schnelle) - btrfs: fix memory ordering between normal and ordered work functions (Nikolay Borisov) - mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag (Rustam Kovhaev) - hexagon: export raw I/O routines for modules (Nathan Chancellor) - tun: fix bonding active backup with arp monitoring (Nicolas Dichtel) - perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server (Alexander Antonov) - perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server (Alexander Antonov) - NFC: reorder the logic in nfc_{un,}register_device (Lin Ma) - NFC: reorganize the functions in nci_request (Lin Ma) - i40e: Fix NULL ptr dereference on VSI filter sync (Michal Maloszewski) - net: virtio_net_hdr_to_skb: count transport header in UFO (Jonathan Davies) - platform/x86: hp_accel: Fix an error handling path in lis3lv02d_probe() (Christophe JAILLET) - mips: lantiq: add support for clk_get_parent() (Randy Dunlap) - mips: bcm63xx: add support for clk_get_parent() (Randy Dunlap) - MIPS: generic/yamon-dt: fix uninitialized variable error (Colin Ian King) - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (Surabhi Boob) - net: bnx2x: fix variable dereferenced before check (Pavel Skripkin) - sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() (Vincent Donnefort) - mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set (Randy Dunlap) - sh: define __BIG_ENDIAN for math-emu (Randy Dunlap) - sh: fix kconfig unmet dependency warning for FRAME_POINTER (Randy Dunlap) - maple: fix wrong return value of maple_bus_init(). (Lu Wei) - sh: check return code of request_irq (Nick Desaulniers) - powerpc/dcr: Use cmplwi instead of 3-argument cmpli (Michael Ellerman) - ALSA: gus: fix null pointer dereference on pointer block (Chengfeng Ye) - powerpc/5200: dts: fix memory node unit name (Anatolij Gustschin) - scsi: target: Fix alua_tg_pt_gps_count tracking (Mike Christie) - scsi: target: Fix ordered tag handling (Mike Christie) - MIPS: sni: Fix the build (Bart Van Assche) - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (Guanghui Feng) - usb: host: ohci-tmio: check return value after calling platform_get_resource() (Yang Yingliang) - ARM: dts: omap: fix gpmc,mux-add-data type (Roger Quadros) - scsi: advansys: Fix kernel pointer leak (Guo Zhi) - usb: musb: tusb6010: check return value after calling platform_get_resource() (Yang Yingliang) - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (James Smart) - arm64: zynqmp: Fix serial compatible string (Michal Simek) - PCI/MSI: Destroy sysfs before freeing entries (Thomas Gleixner) - parisc/entry: fix trace test in syscall exit path (Sven Schnelle) - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT (Paul Burton) - ext4: fix lazy initialization next schedule time computation in more granular unit (Shaoying Xu) - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (Pali Rohar) - s390/cio: check the subchannel validity for dev_busid (Vineeth Vijayan) - mm, oom: do not trigger out_of_memory from the #PF (Michal Hocko) - mm, oom: pagefault_out_of_memory: dont force global OOM for dying tasks (Vasily Averin) - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (Naveen N. Rao) - powerpc/bpf: Validate branch ranges (Naveen N. Rao) - powerpc/lib: Add helper to check if offset is within conditional branch range (Naveen N. Rao) - ARM: 9156/1: drop cc-option fallbacks for architecture selection (Arnd Bergmann) - ARM: 9155/1: fix early early_iounmap() (Michal Miroslaw) - USB: chipidea: fix interrupt deadlock (Johan Hovold) - vsock: prevent unnecessary refcnt inc for nonblocking connect (Eiichi Tsukata) - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails (Chengfeng Ye) - llc: fix out-of-bound array index in llc_sk_dev_hash() (Eric Dumazet) - mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() (Miaohe Lin) - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (Huang Guobin) - ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses (Hans de Goede) - net: davinci_emac: Fix interrupt pacing disable (Maxim Kiselev) - xen-pciback: Fix return in pm_ctrl_init() (YueHaibing) - i2c: xlr: Fix a resource leak in the error handling path of xlr_i2c_probe() (Christophe JAILLET) - scsi: qla2xxx: Turn off target reset during issue_lip (Quinn Tran) - ar7: fix kernel builds for compiler test (Jackie Liu) - watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT (Ahmad Fatoum) - m68k: set a default value for MEMORY_RESERVE (Randy Dunlap) - dmaengine: dmaengine_desc_callback_valid(): Check for (Lars-Peter Clausen) - netfilter: nfnetlink_queue: fix OOB when mac header was cleared (Florian Westphal) - auxdisplay: ht16k33: Fix frame buffer device blanking (Geert Uytterhoeven) - auxdisplay: ht16k33: Connect backlight to fbdev (Geert Uytterhoeven) - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (Geert Uytterhoeven) - dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (Claudiu Beznea) - mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() (Evgeny Novikov) - fs: orangefs: fix error return code of orangefs_revalidate_lookup() (Jia-Ju Bai) - NFS: Fix deadlocks in nfs_scan_commit_list() (Trond Myklebust) - PCI: aardvark: Dont spam about PIO Response Status (Marek Behun) - drm/plane-helper: fix uninitialized variable reference (Alex Xu (Hello71)) - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (Baptiste Lepers) - rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined (Arnaud Pouliquen) - apparmor: fix error check (Tom Rix) - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (Hans de Goede) - mips: cm: Convert to bitfield API to fix out-of-bounds access (Geert Uytterhoeven) - serial: xilinx_uartps: Fix race condition causing stuck TX (Anssi Hannula) - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (Richard Fitzgerald) - ASoC: cs42l42: Correct some register default values (Richard Fitzgerald) - RDMA/mlx4: Return missed an error if device doesnt support steering (Leon Romanovsky) - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (Dan Carpenter) - power: supply: rt5033_battery: Change voltage values to uV (Jakob Hauser) - usb: gadget: hid: fix error code in do_config() (Dan Carpenter) - serial: 8250_dw: Drop wrong use of ACPI_PTR() (Andy Shevchenko) - video: fbdev: chipsfb: use memset_io() instead of memset() (Christophe Leroy) - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (Dongliang Mu) - soc/tegra: Fix an error handling path in tegra_powergate_power_up() (Christophe JAILLET) - arm: dts: omap3-gta04a4: accelerometer irq fix (Andreas Kemnade) - ALSA: hda: Reduce udelay() at SKL+ position reporting (Takashi Iwai) - JFS: fix memleak in jfs_mount (Dongliang Mu) - MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT (Jackie Liu) - scsi: dc395: Fix error case unwinding (Tong Zhang) - ARM: dts: at91: tse850: the emac<->phy interface is rmii (Peter Rosin) - ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (Jackie Liu) - RDMA/rxe: Fix wrong port_cap_flags (Junji Wei) - ibmvnic: Process crqs after enabling interrupts (Sukadev Bhattiprolu) - crypto: pcrypt - Delay write to padata->info (Daniel Jordan) - net: phylink: avoid mvneta warning when setting pause parameters (Russell King (Oracle)) - net: amd-xgbe: Toggle PLL settings during rate change (Shyam Sundar S K) - libertas: Fix possible memory leak in probe and disconnect (Wang Hai) - libertas_tf: Fix possible memory leak in probe and disconnect (Wang Hai) - samples/kretprobes: Fix return value if register_kretprobe() failed (Tiezhu Yang) - irq: mips: avoid nested irq_enter() (Mark Rutland) - s390/gmap: dont unconditionally call pte_unmap_unlock() in __gmap_zap() (David Hildenbrand) - smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi (Tetsuo Handa) - PM: hibernate: fix sparse warnings (Anders Roxell) - phy: micrel: ksz8041nl: do not use power down mode (Stefan Agner) - mwifiex: Send DELBA requests according to spec (Jonas Drebler) - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (Nathan Chancellor) - mmc: mxs-mmc: disable regulator on error and in the remove function (Christophe JAILLET) - net: stream: dont purge sk_error_queue in sk_stream_kill_queues() (Jakub Kicinski) - drm/msm: uninitialized variable in msm_gem_import() (Dan Carpenter) - ath10k: fix max antenna gain unit (Sven Eckelmann) - hwmon: Fix possible memleak in __hwmon_device_register() (Yang Yingliang) - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (Dan Carpenter) - memstick: avoid out-of-range warning (Arnd Bergmann) - b43: fix a lower bounds test (Dan Carpenter) - b43legacy: fix a lower bounds test (Dan Carpenter) - hwrng: mtk - Force runtime pm ops for sleep ops (Markus Schneider-Pargmann) - crypto: qat - disregard spurious PFVF interrupts (Giovanni Cabiddu) - crypto: qat - detect PFVF collision after ACK (Giovanni Cabiddu) - ath9k: Fix potential interrupt storm on queue reset (Linus Lussing) - cpuidle: Fix kobject memory leaks in error paths (Anel Orazgaliyeva) - media: cx23885: Fix snd_card_free call on null card pointer (Colin Ian King) - media: si470x: Avoid card name truncation (Kees Cook) - media: mtk-vpu: Fix a resource leak in the error handling path of mtk_vpu_probe() (Christophe JAILLET) - media: dvb-usb: fix ununit-value in az6027_rc_query (Pavel Skripkin) - cgroup: Make rebind_subsystems() disable v2 controllers all at once (Waiman Long) - parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling (Sven Schnelle) - task_stack: Fix end_of_stack() for architectures with upwards-growing stack (Helge Deller) - parisc: fix warning in flush_tlb_all (Sven Schnelle) - spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (Yang Yingliang) - ARM: 9136/1: ARMv7-M uses BE-8, not BE-32 (Arnd Bergmann) - gre/sit: Dont generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE (Stephen Suryaputra) - ARM: clang: Do not rely on lr register for stacktrace (Masami Hiramatsu) - smackfs: use __GFP_NOFAIL for smk_cipso_doi() (Tetsuo Handa) - iwlwifi: mvm: disable RX-diversity in powersave (Johannes Berg) - PM: hibernate: Get block device exclusively in swsusp_check() (Ye Bin) - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (Zheyu Ma) - tracing/cfi: Fix cmp_entries_* functions signature mismatch (Kalesh Singh) - lib/xz: Validate the value before assigning it to an enum variable (Lasse Collin) - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (Lasse Collin) - memstick: r592: Fix a UAF bug when removing the driver (Zheyu Ma) - leaking_addresses: Always print a trailing newline (Kees Cook) - ACPI: battery: Accept charges over the design capacity as full (Andre Almeida) - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (Tuo Li) - tracefs: Have tracefs directories not set OTH permission bits by default (Steven Rostedt (VMware)) - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (Anant Thazhemadam) - ACPICA: Avoid evaluating methods too early during system resume (Rafael J. Wysocki) - ia64: dont do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK (Randy Dunlap) - media: mceusb: return without resubmitting URB in case of -EPROTO error. (Rajat Asthana) - media: s5p-mfc: Add checking to s5p_mfc_probe(). (Nadezda Lutovinova) - media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (Tuo Li) - media: uvcvideo: Set capability in s_param (Ricardo Ribalda) - media: netup_unidvb: handle interrupt properly according to the firmware (Zheyu Ma) - media: mt9p031: Fix corrupted frame after restarting stream (Dirk Bender) - mwifiex: Properly initialize private structure on interface type changes (Jonas Drebler) - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (Jonas Drebler) - x86: Increase exception stack sizes (Peter Zijlstra) - smackfs: Fix use-after-free in netlbl_catmap_walk() (Pawan Gupta) - locking/lockdep: Avoid RCU-induced noinstr fail (Peter Zijlstra) - MIPS: lantiq: dma: reset correct number of channel (Aleksander Jan Bajkowski) - MIPS: lantiq: dma: add small delay after reset (Aleksander Jan Bajkowski) - platform/x86: wmi: do not fail if disabling fails (Barnabas Pocze) - Bluetooth: fix use-after-free error in lock_sock_nested() (Wang ShaoBo) - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (Takashi Iwai) {CVE-2021-3640} - USB: iowarrior: fix control-message timeouts (Johan Hovold) - USB: serial: keyspan: fix memleak on probe errors (Wang Hai) - iio: dac: ad5446: Fix ad5622_write() return value (Pekka Korpinen) - pinctrl: core: fix possible memory leak in pinctrl_enable() (Yang Yingliang) - quota: correct error number in free_dqentry() (Zhang Yi) - quota: check block number when reading the block in quota file (Zhang Yi) - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (Marek Behun) - PCI: aardvark: Fix return value of MSI domain .alloc() method (Marek Behun) - PCI: aardvark: Do not unmask unused interrupts (Pali Rohar) - PCI: aardvark: Do not clear status bits of masked interrupts (Pali Rohar) - xen/balloon: add late_initcall_sync() for initial ballooning done (Juergen Gross) - ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume (Pavel Skripkin) - ALSA: mixer: oss: Fix racy access to slots (Takashi Iwai) - serial: core: Fix initializing and restoring termios speed (Pali Rohar) - powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found (Xiaoming Ni) - power: supply: max17042_battery: use VFSOC for capacity when no rsns (Henrik Grimler) - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (Sebastian Krzyszkowiak) - signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT (Eric W. Biederman) - signal: Remove the bogus sigkill_pending in ptrace_stop (Eric W. Biederman) - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (Alok Prasad) - wcn36xx: handle connection loss indication (Benjamin Li) - libata: fix checking of DMA state (Reimar Doffinger) - mwifiex: Read a PCI register after writing the TX ring write pointer (Jonas Drebler) - wcn36xx: Fix HT40 capability for 2Ghz band (Loic Poulain) - evm: mark evm_fixmode as __ro_after_init (Austin Kim) - rtl8187: fix control-message timeouts (Johan Hovold) - PCI: Mark Atheros QCA6174 to avoid bus reset (Ingmar Klein) - ath10k: fix division by zero in send path (Johan Hovold) - ath10k: fix control-message timeout (Johan Hovold) - ath6kl: fix control-message timeout (Johan Hovold) - ath6kl: fix division by zero in send path (Johan Hovold) - mwifiex: fix division by zero in fw download path (Johan Hovold) - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (Eric Badger) - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (Krzysztof Kozlowski) - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (Krzysztof Kozlowski) - hwmon: (pmbus/lm25066) Add offset coefficients (Zev Weiss) - btrfs: fix lost error handling when replaying directory deletes (Filipe Manana) - vmxnet3: do not stop tx queues after netif_device_detach() (Dongli Zhang) - watchdog: Fix OMAP watchdog early handling (Walter Stoll) - spi: spl022: fix Microwire full duplex mode (Thomas Perrot) - bpf: Prevent increasing bpf_jit_limit above max (Lorenz Bauer) - mmc: winbond: dont build on M68K (Randy Dunlap) - hyperv/vmbus: include linux/bitops.h (Arnd Bergmann) - sfc: Dont use netif_info before net_device setup (Erik Ekman) - cavium: Fix return values of the probe function (Zheyu Ma) - scsi: qla2xxx: Fix unmap of already freed sgl (Dmitry Bogdanov) - cavium: Return negative value when pci_alloc_irq_vectors() fails (Zheyu Ma) - x86/irq: Ensure PI wakeup handler is unregistered before module unload (Sean Christopherson) - ALSA: timer: Unconditionally unlink slave instances, too (Takashi Iwai) - ALSA: timer: Fix use-after-free problem (Wang Wensheng) - ALSA: synth: missing check for possible NULL after the call to kstrdup (Austin Kim) - ALSA: line6: fix control and interrupt message timeouts (Johan Hovold) - ALSA: 6fire: fix control and bulk message timeouts (Johan Hovold) - ALSA: ua101: fix division by zero at probe (Johan Hovold) - media: ite-cir: IR receiver stop working after receive overflow (Sean Young) - tpm: Check for integer overflow in tpm2_map_response_body() (Dan Carpenter) - parisc: Fix ptrace check on syscall return (Helge Deller) - mmc: dw_mmc: Dont wait for DRTO on Write RSP error (Christian Lohle) - ocfs2: fix data corruption on truncate (Jan Kara) - libata: fix read log timeout value (Damien Le Moal) - Input: i8042 - Add quirk for Fujitsu Lifebook T725 (Takashi Iwai) - Input: elantench - fix misreporting trackpoint coordinates (Phoenix Huang) - binder: use cred instead of task for selinux checks (Todd Kjos) - binder: use euid from cred instead of using task (Todd Kjos) - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (Mathias Nyman) - Linux 4.14.255 (Greg Kroah-Hartman) - rsi: fix control-message timeout (Johan Hovold) - staging: rtl8192u: fix control-message timeouts (Johan Hovold) - staging: r8712u: fix control-message timeout (Johan Hovold) - comedi: vmk80xx: fix bulk and interrupt message timeouts (Johan Hovold) - comedi: vmk80xx: fix bulk-buffer overflow (Johan Hovold) - comedi: vmk80xx: fix transfer-buffer overflows (Johan Hovold) - comedi: ni_usb6501: fix NULL-deref in command paths (Johan Hovold) - comedi: dt9812: fix DMA buffers on stack (Johan Hovold) - isofs: Fix out of bound access for corrupted isofs image (Jan Kara) - printk/console: Allow to disable console output by using console= or console=null (Petr Mladek) - usb-storage: Add compatibility quirk flags for iODD 2531/2541 (James Buren) - usb: musb: Balance list entry in musb_gadget_queue (Viraj Shah) - usb: gadget: Mark USB_FSL_QE broken on 64-bit (Geert Uytterhoeven) - Revert x86/kvm: fix vcpu-id indexed array sizes (Juergen Gross) - block: introduce multi-page bvec helpers (Ming Lei) - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (Mike Marciniszyn) - IB/qib: Use struct_size() helper (Gustavo A. R. Silva) - ARM: 9120/1: Revert amba: make use of -1 IRQs warn (Wang Kefeng) - arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed (Arnd Bergmann) - mm/zsmalloc: Prepare to variable MAX_PHYSMEM_BITS (Kirill A. Shutemov) - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (Dan Carpenter) - scsi: core: Put LLD module refcnt after SCSI device is released (Ming Lei) - Linux 4.14.254 (Greg Kroah-Hartman) - sctp: add vtag check in sctp_sf_ootb (Xin Long) - sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (Xin Long) - sctp: add vtag check in sctp_sf_violation (Xin Long) - sctp: fix the processing for COOKIE_ECHO chunk (Xin Long) - sctp: use init_tag from inithdr for ABORT chunk (Xin Long) - net: nxp: lpc_eth.c: avoid hang when bringing interface down (Trevor Woerner) - nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST (Guenter Roeck) - net: batman-adv: fix error handling (Pavel Skripkin) - regmap: Fix possible double-free in regcache_rbtree_exit() (Yang Yingliang) - net: lan78xx: fix division by zero in send path (Johan Hovold) - mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit (Haibo Chen) - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (Shawn Guo) - mmc: dw_mmc: exynos: fix the finding clock sample value (Jaehoon Chung) - mmc: vub300: fix control-message timeouts (Johan Hovold) - ipv4: use siphash instead of Jenkins in fnhe_hashfun() (Eric Dumazet) - Revert net: mdiobus: Fix memory leak in __mdiobus_register (Pavel Skripkin) - nfc: port100: fix using -ERRNO as command type mask (Krzysztof Kozlowski) - ata: sata_mv: Fix the error handling of mv_chip_id() (Zheyu Ma) - usbnet: fix error return code in usbnet_probe() (Wang Hai) - usbnet: sanity check for maxpacket (Oliver Neukum) - ARM: 8819/1: Remove -p from LDFLAGS (Nathan Chancellor) - powerpc/bpf: Fix BPF_MOD when imm == 1 (Naveen N. Rao) - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (Arnd Bergmann) - ARM: 9134/1: remove duplicate memcpy() definition (Arnd Bergmann) - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (Nick Desaulniers) [4.14.35-2047.511.0] - Linux 4.14.253 (Greg Kroah-Hartman) - ASoC: DAPM: Cover regression by kctl change notification fix (Takashi Iwai) - ARM: 9122/1: select HAVE_FUTEX_CMPXCHG (Nick Desaulniers) - tracing: Have all levels of checks prevent recursion (Steven Rostedt (VMware)) - net: mdiobus: Fix memory leak in __mdiobus_register (Yanfei Xu) - ALSA: hda: avoid write to STATESTS if controller is in reset (Kai Vehmanen) - platform/x86: intel_scu_ipc: Update timeout value in comment (Prashant Malani) - isdn: mISDN: Fix sleeping function called from invalid context (Zheyu Ma) - ARM: dts: spear3xx: Fix gmac node (Herve Codina) - net: stmmac: add support for dwmac 3.40a (Herve Codina) - btrfs: deal with errors when checking if a dir entry exists during log replay (Filipe Manana) - netfilter: Kconfig: use default y instead of m for bool config option (Vegard Nossum) - isdn: cpai: check ctr->cnr to avoid array index out of bound (Xiaolong Huang) - nfc: nci: fix the UAF of rf_conn_info object (Lin Ma) - ASoC: DAPM: Fix missing kctl change notifications (Takashi Iwai) - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (Brendan Grieve) - vfs: check fd has read access in kernel_read_file_from_fd() (Matthew Wilcox (Oracle)) - elfcore: correct reference to CONFIG_UML (Lukas Bulwahn) - ocfs2: mount fails with buffer overflow in strlen (Valentin Vidic) - ocfs2: fix data corruption after conversion from inline format (Jan Kara) - can: peak_pci: peak_pci_remove(): fix UAF (Zheyu Ma) - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (Stephane Grosjean) - can: rcar_can: fix suspend/resume (Yoshihiro Shimoda) - NIOS2: irqflags: rename a redefined register name (Randy Dunlap) - netfilter: ipvs: make global sysctl readonly in non-init netns (Antoine Tenart) - NFSD: Keep existing listeners on portlist error (Benjamin Coddington) - xtensa: xtfpga: Try software restart before simulating CPU reset (Guenter Roeck) - xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF (Max Filippov) - ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default (Eugen Hristev) - uek-rpm: Add _raw_spin_trylock to KABI (John Donnelly) [Orabug: 33557961] - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (Giovanni Gherdovich) [Orabug: 33581183] - RDMA/rxe: Bump up default maximum values used via uverbs (Rao Shoaib) [Orabug: 33615343] - net: ipv6: Discard next-hop MTU less than minimum link MTU (Georg Kohmann) [Orabug: 33615357] - rds: ib: Reduce the contention caused by the asynchronous workers to flush the mr pool (Praveen Kumar Kannoju) [Orabug: 33611440] - net/mlx5: Remove unnecessary prints from mlx5_enter_error_state. (Anand Khoje) [Orabug: 33175315] - net/rds: Dont pummel the subnet-manager (Gerd Rausch) [Orabug: 33589568] - x86/clear_page: add alternative for clear_page_clzero() (Ankur Arora) [Orabug: 33580825] - x86/asm: add clzero based page clearing (Ankur Arora) [Orabug: 33580825] - x86/cpu/amd: enable X86_FEATURE_NT_GOOD on all AMD Zen models (Ankur Arora) [Orabug: 33580825] - x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (Kim Phillips) [Orabug: 33580825] - uek-rpm: Add smartpqi driver module in ueknano kernel (Somasundaram Krishnasamy) [Orabug: 33590163] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0492 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [4.14.35-2047.511.5.2.el7] - cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33876756] {CVE-2022-0492} - scsi: libiscsi: Hold back_lock when calling iscsi_complete_task (Gulam Mohamed) [Orabug: 33876755] [4.14.35-2047.511.5.1] - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (Ard Biesheuvel) [Orabug: 33836770] [4.14.35-2047.511.5] - irq/msi: add extra step when both old and new affinity are not current cpu (Joe Jin) [Orabug: 33789982] - Revert rds/ib: Kernel change to extend rds-info functionality (Rohit Nair) [Orabug: 33795472] - smp: always continue to process IRQ work (Stephen Brennan) [Orabug: 33775326] - scsi: libiscsi: Fix iscsi_task use after free() (Mike Christie) [Orabug: 33674803] - scsi: libiscsi: Drop taskqueuelock (Mike Christie) [Orabug: 33674803] - netfilter: fix regression in looped (broad|multi)casts MAC handling (Ignacy Gawedzki) - PM: hibernate: use correct mode for swsusp_close() (Thomas Zeitlhofer) - tracefs: Set all files to the same group ownership as the mount option (Steven Rostedt (VMware)) - binder: fix test regression due to sender_euid change (Todd Kjos) - IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() (Jose Exposito) [4.14.35-2047.511.4] - net/rds: Refactor rds_ib_recv_refill_one (Freddy Carrillo) [Orabug: 33811840] - net/rds: RDS connection shutdown stuck after CQ access violation error (aru kolappan) [Orabug: 33811824] - ocfs2: fix race between searching chunks and release journal_head from buffer_head (Gautham Ananthakrishna) [Orabug: 33811779] - rds: ib: Ack seq not always received in monotonic increasing order (Hakon Bugge) [Orabug: 33810922] - arm64: pcie: Intercept Pensando specific SError (Henry Willard) [Orabug: 33811771] - arm64: pcie: Change bad_mode hook to cap_pciep_access_in_progress() (Henry Willard) [Orabug: 33811771] - arm64: pcie: Remove Pensando SError trapping patch (Henry Willard) [Orabug: 33811771] - take care multiple extents in CoW extent converting (Wengang Wang) [Orabug: 33811755] [4.14.35-2047.511.3] - scsi: vmw_pvscsi: Set residual data length conditionally (Alexey Makhalov) [Orabug: 33761308] - xfs: force the log offline when log intent item recovery fails (Darrick J. Wong) [Orabug: 33757273] - xfs: cancel intents immediately if process_intents fails (Darrick J. Wong) [Orabug: 33757273] - arm64/efi: remove spurious WARN_ON for !4K kernels (Mark Rutland) [Orabug: 33749641] - irqchip/gic-v3-its: Allow use of LPI tables in reserved memory (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Register LPI tables with EFI config table (Marc Zyngier) [Orabug: 33749641] - efi: add API to reserve memory persistently across kexec reboot (Ard Biesheuvel) [Orabug: 33749641] - efi/arm: libstub: add a root memreserve config table (Ard Biesheuvel) [Orabug: 33749641] - efi: honour memory reservations passed via a linux specific config table (Ard Biesheuvel) [Orabug: 33749641] - irqchip/gic-v3-its: Check that all RDs have the same property table (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Use pre-programmed redistributor tables with kdump kernels (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Allow use of pre-programmed LPI tables (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Keep track of property tables PA and VA (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Move pending table allocation to init time (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Split property table clearing from allocation (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Simplify LPI_PENDBASE_SZ usage (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Change initialization ordering for LPIs (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Cap lpi_id_bits to reduce memory footprint (Jia He) [Orabug: 33749641] - irqchip/gic-v3-its: Make its_lock a raw_spin_lock_t (Sebastian Andrzej Siewior) [Orabug: 33749641] - irqchip/gic-v3-its: Honor hypervisor enforced LPI range (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3: Expose GICD_TYPER in the rdist structure (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Drop chunk allocation compatibility (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Move minimum LPI requirements to individual busses (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Use full range of LPIs (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Refactor LPI allocator (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Fix reprogramming of redistributors on CPU hotplug (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Only emit VSYNC if targetting a valid collection (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3-its: Only emit SYNC if targetting a valid collection (Marc Zyngier) [Orabug: 33749641] - irqchip/gic-v3: Ensure GICR_CTLR.EnableLPI=0 is observed before enabling (Shanker Donthineni) [Orabug: 33749641] - irqchip/gic-v3-its: Pass its_node pointer to each command builder (Marc Zyngier) [Orabug: 33749641] - tee: handle lookup of shm with reference count 0 (Jens Wiklander) [Orabug: 33739583] {CVE-2021-44733} - rds/ib: Kernel change to extend rds-info functionality (Rohit Nair) [Orabug: 33660978] - net/mlx5: Fix eeprom support for SFP module (Eran Ben Elisha) [Orabug: 33541468] - x86/vector: search CPU vector starts from last successfully assigned (Joe Jin) [Orabug: 33290504] [4.14.35-2047.511.2] - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33756155] {CVE-2021-4155} - net/mlx5e: ethtool, Add support for EEPROM high pages query (Erez Alfasi) [Orabug: 33755527] - ethtool: Add SFF-8436 and SFF-8636 max EEPROM length definitions (Erez Alfasi) [Orabug: 33755527] - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (George Kennedy) [Orabug: 33731361] - uek-rpm: configs: disable CONFIG_USB_GADGET (aloktiw) [Orabug: 33730434] - rds: ib: Incorporate the stat counter ib_rdma_flush_mr_pool_avoided in the structure rds_ib_stat_names (Praveen Kumar Kannoju) [Orabug: 33720886] - panic: reinitialize logbuf locks before notifiers (Stephen Brennan) [Orabug: 33703438] - panic: disable optimistic spin after halting CPUs (Stephen Brennan) [Orabug: 33703438] - atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait (Zekun Shen) [Orabug: 33594985] {CVE-2021-43975} - x86/MCE/AMD, EDAC/mce_amd: Remove struct smca_hwid.xec_bitmap (Yazen Ghannam) [Orabug: 33427596] - EDAC/mce_amd: Add new error descriptions for existing types (Yazen Ghannam) [Orabug: 33427596] - x86/mce, EDAC/mce_amd: Print PPIN in machine check records (Smita Koralahalli) [Orabug: 33427596] - x86/mce/amd, edac: Remove report_gart_errors (Borislav Petkov) [Orabug: 33427596] - x86/mce/amd: Add PPIN support for AMD MCE (Wei Huang) [Orabug: 33427596] - x86/mce: Take action on UCNA/Deferred errors again (Jan H. Schonherr) [Orabug: 33427596] - xen/mcelog: add PPIN to record when available (Jan Beulich) [Orabug: 33427596] - xen/mcelog: drop __MC_MSR_MCGCAP (Jan Beulich) [Orabug: 33427596] - x86/MCE/AMD: Dont report L1 BTB MCA errors on some family 17h models (Yazen Ghannam) [Orabug: 33427596] - x86/MCE: Add an MCE-record filtering function (Yazen Ghannam) [Orabug: 33427596] - EDAC, mce_amd: Print ExtErrorCode and description on a single line (Yazen Ghannam) [Orabug: 33427596] - mstflint_access: Update driver code to v4.18.0-1 from Github (Sharath Srinivasan) [Orabug: 33186485] - mstflint_access: Update driver code to v4.17.0-1 from Github (Sharath Srinivasan) [Orabug: 33186485] - mstflint_access: Add README.txt (Sharath Srinivasan) [Orabug: 33186485] - Revert Revert net/mlx4_core: Add masking for a few queries on HCA caps (Freddy Carrillo) [Orabug: 32603654] [4.14.35-2047.511.1] - uek-rpm: Update ol7 locklist with fnic symbols (Saeed Mirzamohammadi) [Orabug: 33590914] - mm, oom: dump stack of victim when reaping failed (David Rientjes) [Orabug: 33647102] - memcg: prohibit unconditional exceeding the limit of dying tasks (Vasily Averin) [Orabug: 33647102] - memcg: enable memcg oom-kill for __GFP_NOFAIL (Shakeel Butt) [Orabug: 33647102] - memcg, oom: no oom-kill for __GFP_RETRY_MAYFAIL (Shakeel Butt) [Orabug: 33647102] - memcg: killed threads should not invoke memcg OOM killer (Tetsuo Handa) [Orabug: 33647102] - memcg, oom: notify on oom killer invocation from the charge path (Michal Hocko) [Orabug: 33647102] - mm: memcontrol: print proper OOM header when no eligible victim left (Johannes Weiner) [Orabug: 33647102] - memcg, oom: move out_of_memory back to the charge path (Michal Hocko) [Orabug: 33647102] - rds/ib: Use both iova and key in free_mr socket call (aru kolappan) [Orabug: 33671340] - arm64: kexec: Suppress kexec on embedded systems (smartnics) (Henry Willard) [Orabug: 33699776] - fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33679805] {CVE-2021-0920} - fs: add fget_many() and fput_many() (Jens Axboe) [Orabug: 33679805] - xfs: remove all COW fork extents when remounting readonly (Darrick J. Wong) [Orabug: 33676191] - RDS/IB: Fix error when trying to unallocate ring buffers (Hans Westgaard Ry) [Orabug: 33620350] - net: macsec: Severe performance regression in ...preserve ordering (Venkat Venkatsubra) [Orabug: 33557957] - Linux 4.14.256 (Greg Kroah-Hartman) - soc/tegra: pmc: Fix imbalanced clock disabling in error code path (Dmitry Osipenko) - usb: max-3421: Use driver data instead of maintaining a list of bound devices (Uwe Kleine-Konig) - RDMA/netlink: Add __maybe_unused to static inline in C file (Leon Romanovsky) - batman-adv: Dont always reallocate the fragmentation skb head (Sven Eckelmann) - batman-adv: Reserve needed_*room for fragments (Sven Eckelmann) - batman-adv: Consider fragmentation for needed_headroom (Sven Eckelmann) - batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh (Linus Lussing) - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN (Linus Lussing) - perf/core: Avoid put_page() when GUP fails (Greg Thelen) - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (hongao) - drm/udl: fix control-message timeout (Johan Hovold) - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (Nguyen Dinh Phi) - parisc/sticon: fix reverse colors (Sven Schnelle) - btrfs: fix memory ordering between normal and ordered work functions (Nikolay Borisov) - mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag (Rustam Kovhaev) - hexagon: export raw I/O routines for modules (Nathan Chancellor) - tun: fix bonding active backup with arp monitoring (Nicolas Dichtel) - perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server (Alexander Antonov) - perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server (Alexander Antonov) - NFC: reorder the logic in nfc_{un,}register_device (Lin Ma) - NFC: reorganize the functions in nci_request (Lin Ma) - i40e: Fix NULL ptr dereference on VSI filter sync (Michal Maloszewski) - net: virtio_net_hdr_to_skb: count transport header in UFO (Jonathan Davies) - platform/x86: hp_accel: Fix an error handling path in lis3lv02d_probe() (Christophe JAILLET) - mips: lantiq: add support for clk_get_parent() (Randy Dunlap) - mips: bcm63xx: add support for clk_get_parent() (Randy Dunlap) - MIPS: generic/yamon-dt: fix uninitialized variable error (Colin Ian King) - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (Surabhi Boob) - net: bnx2x: fix variable dereferenced before check (Pavel Skripkin) - sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() (Vincent Donnefort) - mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set (Randy Dunlap) - sh: define __BIG_ENDIAN for math-emu (Randy Dunlap) - sh: fix kconfig unmet dependency warning for FRAME_POINTER (Randy Dunlap) - maple: fix wrong return value of maple_bus_init(). (Lu Wei) - sh: check return code of request_irq (Nick Desaulniers) - powerpc/dcr: Use cmplwi instead of 3-argument cmpli (Michael Ellerman) - ALSA: gus: fix null pointer dereference on pointer block (Chengfeng Ye) - powerpc/5200: dts: fix memory node unit name (Anatolij Gustschin) - scsi: target: Fix alua_tg_pt_gps_count tracking (Mike Christie) - scsi: target: Fix ordered tag handling (Mike Christie) - MIPS: sni: Fix the build (Bart Van Assche) - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (Guanghui Feng) - usb: host: ohci-tmio: check return value after calling platform_get_resource() (Yang Yingliang) - ARM: dts: omap: fix gpmc,mux-add-data type (Roger Quadros) - scsi: advansys: Fix kernel pointer leak (Guo Zhi) - usb: musb: tusb6010: check return value after calling platform_get_resource() (Yang Yingliang) - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (James Smart) - arm64: zynqmp: Fix serial compatible string (Michal Simek) - PCI/MSI: Destroy sysfs before freeing entries (Thomas Gleixner) - parisc/entry: fix trace test in syscall exit path (Sven Schnelle) - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT (Paul Burton) - ext4: fix lazy initialization next schedule time computation in more granular unit (Shaoying Xu) - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (Pali Rohar) - s390/cio: check the subchannel validity for dev_busid (Vineeth Vijayan) - mm, oom: do not trigger out_of_memory from the #PF (Michal Hocko) - mm, oom: pagefault_out_of_memory: dont force global OOM for dying tasks (Vasily Averin) - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (Naveen N. Rao) - powerpc/bpf: Validate branch ranges (Naveen N. Rao) - powerpc/lib: Add helper to check if offset is within conditional branch range (Naveen N. Rao) - ARM: 9156/1: drop cc-option fallbacks for architecture selection (Arnd Bergmann) - ARM: 9155/1: fix early early_iounmap() (Michal Miroslaw) - USB: chipidea: fix interrupt deadlock (Johan Hovold) - vsock: prevent unnecessary refcnt inc for nonblocking connect (Eiichi Tsukata) - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails (Chengfeng Ye) - llc: fix out-of-bound array index in llc_sk_dev_hash() (Eric Dumazet) - mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() (Miaohe Lin) - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (Huang Guobin) - ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses (Hans de Goede) - net: davinci_emac: Fix interrupt pacing disable (Maxim Kiselev) - xen-pciback: Fix return in pm_ctrl_init() (YueHaibing) - i2c: xlr: Fix a resource leak in the error handling path of xlr_i2c_probe() (Christophe JAILLET) - scsi: qla2xxx: Turn off target reset during issue_lip (Quinn Tran) - ar7: fix kernel builds for compiler test (Jackie Liu) - watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT (Ahmad Fatoum) - m68k: set a default value for MEMORY_RESERVE (Randy Dunlap) - dmaengine: dmaengine_desc_callback_valid(): Check for (Lars-Peter Clausen) - netfilter: nfnetlink_queue: fix OOB when mac header was cleared (Florian Westphal) - auxdisplay: ht16k33: Fix frame buffer device blanking (Geert Uytterhoeven) - auxdisplay: ht16k33: Connect backlight to fbdev (Geert Uytterhoeven) - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (Geert Uytterhoeven) - dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (Claudiu Beznea) - mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() (Evgeny Novikov) - fs: orangefs: fix error return code of orangefs_revalidate_lookup() (Jia-Ju Bai) - NFS: Fix deadlocks in nfs_scan_commit_list() (Trond Myklebust) - PCI: aardvark: Dont spam about PIO Response Status (Marek Behun) - drm/plane-helper: fix uninitialized variable reference (Alex Xu (Hello71)) - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (Baptiste Lepers) - rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined (Arnaud Pouliquen) - apparmor: fix error check (Tom Rix) - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (Hans de Goede) - mips: cm: Convert to bitfield API to fix out-of-bounds access (Geert Uytterhoeven) - serial: xilinx_uartps: Fix race condition causing stuck TX (Anssi Hannula) - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (Richard Fitzgerald) - ASoC: cs42l42: Correct some register default values (Richard Fitzgerald) - RDMA/mlx4: Return missed an error if device doesnt support steering (Leon Romanovsky) - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (Dan Carpenter) - power: supply: rt5033_battery: Change voltage values to uV (Jakob Hauser) - usb: gadget: hid: fix error code in do_config() (Dan Carpenter) - serial: 8250_dw: Drop wrong use of ACPI_PTR() (Andy Shevchenko) - video: fbdev: chipsfb: use memset_io() instead of memset() (Christophe Leroy) - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (Dongliang Mu) - soc/tegra: Fix an error handling path in tegra_powergate_power_up() (Christophe JAILLET) - arm: dts: omap3-gta04a4: accelerometer irq fix (Andreas Kemnade) - ALSA: hda: Reduce udelay() at SKL+ position reporting (Takashi Iwai) - JFS: fix memleak in jfs_mount (Dongliang Mu) - MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT (Jackie Liu) - scsi: dc395: Fix error case unwinding (Tong Zhang) - ARM: dts: at91: tse850: the emac<->phy interface is rmii (Peter Rosin) - ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (Jackie Liu) - RDMA/rxe: Fix wrong port_cap_flags (Junji Wei) - ibmvnic: Process crqs after enabling interrupts (Sukadev Bhattiprolu) - crypto: pcrypt - Delay write to padata->info (Daniel Jordan) - net: phylink: avoid mvneta warning when setting pause parameters (Russell King (Oracle)) - net: amd-xgbe: Toggle PLL settings during rate change (Shyam Sundar S K) - libertas: Fix possible memory leak in probe and disconnect (Wang Hai) - libertas_tf: Fix possible memory leak in probe and disconnect (Wang Hai) - samples/kretprobes: Fix return value if register_kretprobe() failed (Tiezhu Yang) - irq: mips: avoid nested irq_enter() (Mark Rutland) - s390/gmap: dont unconditionally call pte_unmap_unlock() in __gmap_zap() (David Hildenbrand) - smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi (Tetsuo Handa) - PM: hibernate: fix sparse warnings (Anders Roxell) - phy: micrel: ksz8041nl: do not use power down mode (Stefan Agner) - mwifiex: Send DELBA requests according to spec (Jonas Drebler) - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (Nathan Chancellor) - mmc: mxs-mmc: disable regulator on error and in the remove function (Christophe JAILLET) - net: stream: dont purge sk_error_queue in sk_stream_kill_queues() (Jakub Kicinski) - drm/msm: uninitialized variable in msm_gem_import() (Dan Carpenter) - ath10k: fix max antenna gain unit (Sven Eckelmann) - hwmon: Fix possible memleak in __hwmon_device_register() (Yang Yingliang) - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (Dan Carpenter) - memstick: avoid out-of-range warning (Arnd Bergmann) - b43: fix a lower bounds test (Dan Carpenter) - b43legacy: fix a lower bounds test (Dan Carpenter) - hwrng: mtk - Force runtime pm ops for sleep ops (Markus Schneider-Pargmann) - crypto: qat - disregard spurious PFVF interrupts (Giovanni Cabiddu) - crypto: qat - detect PFVF collision after ACK (Giovanni Cabiddu) - ath9k: Fix potential interrupt storm on queue reset (Linus Lussing) - cpuidle: Fix kobject memory leaks in error paths (Anel Orazgaliyeva) - media: cx23885: Fix snd_card_free call on null card pointer (Colin Ian King) - media: si470x: Avoid card name truncation (Kees Cook) - media: mtk-vpu: Fix a resource leak in the error handling path of mtk_vpu_probe() (Christophe JAILLET) - media: dvb-usb: fix ununit-value in az6027_rc_query (Pavel Skripkin) - cgroup: Make rebind_subsystems() disable v2 controllers all at once (Waiman Long) - parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling (Sven Schnelle) - task_stack: Fix end_of_stack() for architectures with upwards-growing stack (Helge Deller) - parisc: fix warning in flush_tlb_all (Sven Schnelle) - spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (Yang Yingliang) - ARM: 9136/1: ARMv7-M uses BE-8, not BE-32 (Arnd Bergmann) - gre/sit: Dont generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE (Stephen Suryaputra) - ARM: clang: Do not rely on lr register for stacktrace (Masami Hiramatsu) - smackfs: use __GFP_NOFAIL for smk_cipso_doi() (Tetsuo Handa) - iwlwifi: mvm: disable RX-diversity in powersave (Johannes Berg) - PM: hibernate: Get block device exclusively in swsusp_check() (Ye Bin) - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (Zheyu Ma) - tracing/cfi: Fix cmp_entries_* functions signature mismatch (Kalesh Singh) - lib/xz: Validate the value before assigning it to an enum variable (Lasse Collin) - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (Lasse Collin) - memstick: r592: Fix a UAF bug when removing the driver (Zheyu Ma) - leaking_addresses: Always print a trailing newline (Kees Cook) - ACPI: battery: Accept charges over the design capacity as full (Andre Almeida) - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (Tuo Li) - tracefs: Have tracefs directories not set OTH permission bits by default (Steven Rostedt (VMware)) - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (Anant Thazhemadam) - ACPICA: Avoid evaluating methods too early during system resume (Rafael J. Wysocki) - ia64: dont do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK (Randy Dunlap) - media: mceusb: return without resubmitting URB in case of -EPROTO error. (Rajat Asthana) - media: s5p-mfc: Add checking to s5p_mfc_probe(). (Nadezda Lutovinova) - media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (Tuo Li) - media: uvcvideo: Set capability in s_param (Ricardo Ribalda) - media: netup_unidvb: handle interrupt properly according to the firmware (Zheyu Ma) - media: mt9p031: Fix corrupted frame after restarting stream (Dirk Bender) - mwifiex: Properly initialize private structure on interface type changes (Jonas Drebler) - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (Jonas Drebler) - x86: Increase exception stack sizes (Peter Zijlstra) - smackfs: Fix use-after-free in netlbl_catmap_walk() (Pawan Gupta) - locking/lockdep: Avoid RCU-induced noinstr fail (Peter Zijlstra) - MIPS: lantiq: dma: reset correct number of channel (Aleksander Jan Bajkowski) - MIPS: lantiq: dma: add small delay after reset (Aleksander Jan Bajkowski) - platform/x86: wmi: do not fail if disabling fails (Barnabas Pocze) - Bluetooth: fix use-after-free error in lock_sock_nested() (Wang ShaoBo) - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (Takashi Iwai) {CVE-2021-3640} - USB: iowarrior: fix control-message timeouts (Johan Hovold) - USB: serial: keyspan: fix memleak on probe errors (Wang Hai) - iio: dac: ad5446: Fix ad5622_write() return value (Pekka Korpinen) - pinctrl: core: fix possible memory leak in pinctrl_enable() (Yang Yingliang) - quota: correct error number in free_dqentry() (Zhang Yi) - quota: check block number when reading the block in quota file (Zhang Yi) - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (Marek Behun) - PCI: aardvark: Fix return value of MSI domain .alloc() method (Marek Behun) - PCI: aardvark: Do not unmask unused interrupts (Pali Rohar) - PCI: aardvark: Do not clear status bits of masked interrupts (Pali Rohar) - xen/balloon: add late_initcall_sync() for initial ballooning done (Juergen Gross) - ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume (Pavel Skripkin) - ALSA: mixer: oss: Fix racy access to slots (Takashi Iwai) - serial: core: Fix initializing and restoring termios speed (Pali Rohar) - powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found (Xiaoming Ni) - power: supply: max17042_battery: use VFSOC for capacity when no rsns (Henrik Grimler) - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (Sebastian Krzyszkowiak) - signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT (Eric W. Biederman) - signal: Remove the bogus sigkill_pending in ptrace_stop (Eric W. Biederman) - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (Alok Prasad) - wcn36xx: handle connection loss indication (Benjamin Li) - libata: fix checking of DMA state (Reimar Doffinger) - mwifiex: Read a PCI register after writing the TX ring write pointer (Jonas Drebler) - wcn36xx: Fix HT40 capability for 2Ghz band (Loic Poulain) - evm: mark evm_fixmode as __ro_after_init (Austin Kim) - rtl8187: fix control-message timeouts (Johan Hovold) - PCI: Mark Atheros QCA6174 to avoid bus reset (Ingmar Klein) - ath10k: fix division by zero in send path (Johan Hovold) - ath10k: fix control-message timeout (Johan Hovold) - ath6kl: fix control-message timeout (Johan Hovold) - ath6kl: fix division by zero in send path (Johan Hovold) - mwifiex: fix division by zero in fw download path (Johan Hovold) - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (Eric Badger) - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (Krzysztof Kozlowski) - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (Krzysztof Kozlowski) - hwmon: (pmbus/lm25066) Add offset coefficients (Zev Weiss) - btrfs: fix lost error handling when replaying directory deletes (Filipe Manana) - vmxnet3: do not stop tx queues after netif_device_detach() (Dongli Zhang) - watchdog: Fix OMAP watchdog early handling (Walter Stoll) - spi: spl022: fix Microwire full duplex mode (Thomas Perrot) - bpf: Prevent increasing bpf_jit_limit above max (Lorenz Bauer) - mmc: winbond: dont build on M68K (Randy Dunlap) - hyperv/vmbus: include linux/bitops.h (Arnd Bergmann) - sfc: Dont use netif_info before net_device setup (Erik Ekman) - cavium: Fix return values of the probe function (Zheyu Ma) - scsi: qla2xxx: Fix unmap of already freed sgl (Dmitry Bogdanov) - cavium: Return negative value when pci_alloc_irq_vectors() fails (Zheyu Ma) - x86/irq: Ensure PI wakeup handler is unregistered before module unload (Sean Christopherson) - ALSA: timer: Unconditionally unlink slave instances, too (Takashi Iwai) - ALSA: timer: Fix use-after-free problem (Wang Wensheng) - ALSA: synth: missing check for possible NULL after the call to kstrdup (Austin Kim) - ALSA: line6: fix control and interrupt message timeouts (Johan Hovold) - ALSA: 6fire: fix control and bulk message timeouts (Johan Hovold) - ALSA: ua101: fix division by zero at probe (Johan Hovold) - media: ite-cir: IR receiver stop working after receive overflow (Sean Young) - tpm: Check for integer overflow in tpm2_map_response_body() (Dan Carpenter) - parisc: Fix ptrace check on syscall return (Helge Deller) - mmc: dw_mmc: Dont wait for DRTO on Write RSP error (Christian Lohle) - ocfs2: fix data corruption on truncate (Jan Kara) - libata: fix read log timeout value (Damien Le Moal) - Input: i8042 - Add quirk for Fujitsu Lifebook T725 (Takashi Iwai) - Input: elantench - fix misreporting trackpoint coordinates (Phoenix Huang) - binder: use cred instead of task for selinux checks (Todd Kjos) - binder: use euid from cred instead of using task (Todd Kjos) - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (Mathias Nyman) - Linux 4.14.255 (Greg Kroah-Hartman) - rsi: fix control-message timeout (Johan Hovold) - staging: rtl8192u: fix control-message timeouts (Johan Hovold) - staging: r8712u: fix control-message timeout (Johan Hovold) - comedi: vmk80xx: fix bulk and interrupt message timeouts (Johan Hovold) - comedi: vmk80xx: fix bulk-buffer overflow (Johan Hovold) - comedi: vmk80xx: fix transfer-buffer overflows (Johan Hovold) - comedi: ni_usb6501: fix NULL-deref in command paths (Johan Hovold) - comedi: dt9812: fix DMA buffers on stack (Johan Hovold) - isofs: Fix out of bound access for corrupted isofs image (Jan Kara) - printk/console: Allow to disable console output by using console= or console=null (Petr Mladek) - usb-storage: Add compatibility quirk flags for iODD 2531/2541 (James Buren) - usb: musb: Balance list entry in musb_gadget_queue (Viraj Shah) - usb: gadget: Mark USB_FSL_QE broken on 64-bit (Geert Uytterhoeven) - Revert x86/kvm: fix vcpu-id indexed array sizes (Juergen Gross) - block: introduce multi-page bvec helpers (Ming Lei) - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (Mike Marciniszyn) - IB/qib: Use struct_size() helper (Gustavo A. R. Silva) - ARM: 9120/1: Revert amba: make use of -1 IRQs warn (Wang Kefeng) - arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed (Arnd Bergmann) - mm/zsmalloc: Prepare to variable MAX_PHYSMEM_BITS (Kirill A. Shutemov) - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (Dan Carpenter) - scsi: core: Put LLD module refcnt after SCSI device is released (Ming Lei) - Linux 4.14.254 (Greg Kroah-Hartman) - sctp: add vtag check in sctp_sf_ootb (Xin Long) - sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (Xin Long) - sctp: add vtag check in sctp_sf_violation (Xin Long) - sctp: fix the processing for COOKIE_ECHO chunk (Xin Long) - sctp: use init_tag from inithdr for ABORT chunk (Xin Long) - net: nxp: lpc_eth.c: avoid hang when bringing interface down (Trevor Woerner) - nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST (Guenter Roeck) - net: batman-adv: fix error handling (Pavel Skripkin) - regmap: Fix possible double-free in regcache_rbtree_exit() (Yang Yingliang) - net: lan78xx: fix division by zero in send path (Johan Hovold) - mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit (Haibo Chen) - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (Shawn Guo) - mmc: dw_mmc: exynos: fix the finding clock sample value (Jaehoon Chung) - mmc: vub300: fix control-message timeouts (Johan Hovold) - ipv4: use siphash instead of Jenkins in fnhe_hashfun() (Eric Dumazet) - Revert net: mdiobus: Fix memory leak in __mdiobus_register (Pavel Skripkin) - nfc: port100: fix using -ERRNO as command type mask (Krzysztof Kozlowski) - ata: sata_mv: Fix the error handling of mv_chip_id() (Zheyu Ma) - usbnet: fix error return code in usbnet_probe() (Wang Hai) - usbnet: sanity check for maxpacket (Oliver Neukum) - ARM: 8819/1: Remove -p from LDFLAGS (Nathan Chancellor) - powerpc/bpf: Fix BPF_MOD when imm == 1 (Naveen N. Rao) - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (Arnd Bergmann) - ARM: 9134/1: remove duplicate memcpy() definition (Arnd Bergmann) - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (Nick Desaulniers) [4.14.35-2047.511.0] - Linux 4.14.253 (Greg Kroah-Hartman) - ASoC: DAPM: Cover regression by kctl change notification fix (Takashi Iwai) - ARM: 9122/1: select HAVE_FUTEX_CMPXCHG (Nick Desaulniers) - tracing: Have all levels of checks prevent recursion (Steven Rostedt (VMware)) - net: mdiobus: Fix memory leak in __mdiobus_register (Yanfei Xu) - ALSA: hda: avoid write to STATESTS if controller is in reset (Kai Vehmanen) - platform/x86: intel_scu_ipc: Update timeout value in comment (Prashant Malani) - isdn: mISDN: Fix sleeping function called from invalid context (Zheyu Ma) - ARM: dts: spear3xx: Fix gmac node (Herve Codina) - net: stmmac: add support for dwmac 3.40a (Herve Codina) - btrfs: deal with errors when checking if a dir entry exists during log replay (Filipe Manana) - netfilter: Kconfig: use default y instead of m for bool config option (Vegard Nossum) - isdn: cpai: check ctr->cnr to avoid array index out of bound (Xiaolong Huang) - nfc: nci: fix the UAF of rf_conn_info object (Lin Ma) - ASoC: DAPM: Fix missing kctl change notifications (Takashi Iwai) - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (Brendan Grieve) - vfs: check fd has read access in kernel_read_file_from_fd() (Matthew Wilcox (Oracle)) - elfcore: correct reference to CONFIG_UML (Lukas Bulwahn) - ocfs2: mount fails with buffer overflow in strlen (Valentin Vidic) - ocfs2: fix data corruption after conversion from inline format (Jan Kara) - can: peak_pci: peak_pci_remove(): fix UAF (Zheyu Ma) - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (Stephane Grosjean) - can: rcar_can: fix suspend/resume (Yoshihiro Shimoda) - NIOS2: irqflags: rename a redefined register name (Randy Dunlap) - netfilter: ipvs: make global sysctl readonly in non-init netns (Antoine Tenart) - NFSD: Keep existing listeners on portlist error (Benjamin Coddington) - xtensa: xtfpga: Try software restart before simulating CPU reset (Guenter Roeck) - xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF (Max Filippov) - ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default (Eugen Hristev) - uek-rpm: Add _raw_spin_trylock to KABI (John Donnelly) [Orabug: 33557961] - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (Giovanni Gherdovich) [Orabug: 33581183] - RDMA/rxe: Bump up default maximum values used via uverbs (Rao Shoaib) [Orabug: 33615343] - net: ipv6: Discard next-hop MTU less than minimum link MTU (Georg Kohmann) [Orabug: 33615357] - rds: ib: Reduce the contention caused by the asynchronous workers to flush the mr pool (Praveen Kumar Kannoju) [Orabug: 33611440] - net/mlx5: Remove unnecessary prints from mlx5_enter_error_state. (Anand Khoje) [Orabug: 33175315] - net/rds: Dont pummel the subnet-manager (Gerd Rausch) [Orabug: 33589568] - x86/clear_page: add alternative for clear_page_clzero() (Ankur Arora) [Orabug: 33580825] - x86/asm: add clzero based page clearing (Ankur Arora) [Orabug: 33580825] - x86/cpu/amd: enable X86_FEATURE_NT_GOOD on all AMD Zen models (Ankur Arora) [Orabug: 33580825] - x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (Kim Phillips) [Orabug: 33580825] - uek-rpm: Add smartpqi driver module in ueknano kernel (Somasundaram Krishnasamy) [Orabug: 33590163] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0492 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.304.4.2] - netfilter: nf_tables_offload: incorrect flow offload action array size (Pablo Neira Ayuso) [Orabug: 33899500] {CVE-2022-25636} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-25636 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 7 Oracle Linux 8 - 5.4.17-2136.304.4.2.el7 - netfilter: nf_tables_offload: incorrect flow offload action array size (Pablo Neira Ayuso) [Orabug: 33899500] {CVE-2022-25636} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-25636 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 [4.14.35-2047.511.5.4] - x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33922122] {CVE-2021-26341} - x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33922122] {CVE-2021-26341} - x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33922122] {CVE-2021-26341} - x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33922122] {CVE-2021-26341} - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33922122] {CVE-2021-26341} - Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33922122] {CVE-2021-26341} - x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33922122] {CVE-2021-26341} - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33922122] {CVE-2021-26341} - x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33922122] {CVE-2021-26341} - x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33922122] {CVE-2021-26341} - x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33922122] {CVE-2021-26341} - bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33926438] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-26341 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.304.4.4] - arm64: Use the clearbhb instruction in mitigations (James Morse) [Orabug: 33921646] - arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly) [Orabug: 33921646] - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse) [Orabug: 33921646] - arm64: Mitigate spectre style branch history side channels (James Morse) [Orabug: 33921646] - KVM: arm64: Add templates for BHB mitigation sequences (James Morse) [Orabug: 33921646] - arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) [Orabug: 33921646] - arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) [Orabug: 33921646] - arm64: Add part number for Arm Cortex-A77 (Rob Herring) [Orabug: 33921646] - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse) [Orabug: 33921646] - arm64: Add percpu vectors for EL1 (James Morse) [Orabug: 33921646] - arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) [Orabug: 33921646] - arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) [Orabug: 33921646] - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) [Orabug: 33921646] - arm64: entry: Allow the trampoline text to occupy multiple pages (James Morse) [Orabug: 33921646] - arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) [Orabug: 33921646] - arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) [Orabug: 33921646] - arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) [Orabug: 33921646] - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse) [Orabug: 33921646] - arm64: entry: Move the trampoline data page before the text page (James Morse) [Orabug: 33921646] - arm64: entry: Free up another register on kpti's tramp_exit path (James Morse) [Orabug: 33921646] - arm64: entry: Make the trampoline cleanup optional (James Morse) [Orabug: 33921646] - arm64: entry.S: Add ventry overflow sanity checks (James Morse) [Orabug: 33921646] - Revert 'BACKPORT: VARIANT 2: arm64: Add initial retpoline support' (Russell King) [Orabug: 33921646] - Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33921646] - Revert 'BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA.' (Russell King) [Orabug: 33921646] - Revert 'BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr.' (Russell King) [Orabug: 33921646] - Revert 'BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block.' (Russell King) [Orabug: 33921646] - Revert 'BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline.' (Russell King) [Orabug: 33921646] - Revert 'Arm64: add retpoline to cpu_show_spectre_v2' (Russell King) [Orabug: 33921646] - Revert 'arm64: retpoline: Don't use retpoline in KVM's HYP part.' (Russell King) [Orabug: 33921646] - Revert 'uek-rpm: aarch64 config enable RETPOLINE' (Russell King) [Orabug: 33921646] - Revert 'uek-rpm: aarch64 config enable RETPOLINE OL8' (Russell King) [Orabug: 33921646] - x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33922121] {CVE-2021-26341} - Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341} - bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33926314] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-26341 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.304.4.4] - arm64: Use the clearbhb instruction in mitigations (James Morse) [Orabug: 33921646] - arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly) [Orabug: 33921646] - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse) [Orabug: 33921646] - arm64: Mitigate spectre style branch history side channels (James Morse) [Orabug: 33921646] - KVM: arm64: Add templates for BHB mitigation sequences (James Morse) [Orabug: 33921646] - arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) [Orabug: 33921646] - arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) [Orabug: 33921646] - arm64: Add part number for Arm Cortex-A77 (Rob Herring) [Orabug: 33921646] - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse) [Orabug: 33921646] - arm64: Add percpu vectors for EL1 (James Morse) [Orabug: 33921646] - arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) [Orabug: 33921646] - arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) [Orabug: 33921646] - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) [Orabug: 33921646] - arm64: entry: Allow the trampoline text to occupy multiple pages (James Morse) [Orabug: 33921646] - arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) [Orabug: 33921646] - arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) [Orabug: 33921646] - arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) [Orabug: 33921646] - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse) [Orabug: 33921646] - arm64: entry: Move the trampoline data page before the text page (James Morse) [Orabug: 33921646] - arm64: entry: Free up another register on kpti's tramp_exit path (James Morse) [Orabug: 33921646] - arm64: entry: Make the trampoline cleanup optional (James Morse) [Orabug: 33921646] - arm64: entry.S: Add ventry overflow sanity checks (James Morse) [Orabug: 33921646] - Revert 'BACKPORT: VARIANT 2: arm64: Add initial retpoline support' (Russell King) [Orabug: 33921646] - Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33921646] - Revert 'BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA.' (Russell King) [Orabug: 33921646] - Revert 'BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr.' (Russell King) [Orabug: 33921646] - Revert 'BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block.' (Russell King) [Orabug: 33921646] - Revert 'BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline.' (Russell King) [Orabug: 33921646] - Revert 'Arm64: add retpoline to cpu_show_spectre_v2' (Russell King) [Orabug: 33921646] - Revert 'arm64: retpoline: Don't use retpoline in KVM's HYP part.' (Russell King) [Orabug: 33921646] - Revert 'uek-rpm: aarch64 config enable RETPOLINE' (Russell King) [Orabug: 33921646] - Revert 'uek-rpm: aarch64 config enable RETPOLINE OL8' (Russell King) [Orabug: 33921646] - x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33922121] {CVE-2021-26341} - Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341} - x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341} - bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33926314] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-26341 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 - 4.14.35-2047.511.5.4.el7 - x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33922122] {CVE-2021-26341} - x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33922122] {CVE-2021-26341} - x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33922122] {CVE-2021-26341} - x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33922122] {CVE-2021-26341} - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33922122] {CVE-2021-26341} - Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33922122] {CVE-2021-26341} - x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33922122] {CVE-2021-26341} - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33922122] {CVE-2021-26341} - x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33922122] {CVE-2021-26341} - x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33922122] {CVE-2021-26341} - x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33922122] {CVE-2021-26341} - bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33926438] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-26341 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 7 [9.0.3-8.0.1] - CVE-2019-20916 [Orabug: 33861505] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2019-20916 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 Oracle Linux 7 [4.14.35-2047.511.5.6] - lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33942242] {CVE-2022-0847} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0847 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.304.4.5] - lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33942329] {CVE-2022-0847} - bpf: Disallow unprivileged bpf by default (Pawan Gupta) [Orabug: 33942374] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0847 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.304.4.5] - lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33942329] {CVE-2022-0847} - bpf: Disallow unprivileged bpf by default (Pawan Gupta) [Orabug: 33942374] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0847 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 [4.14.35-2047.511.5.6.el7] - lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33942242] {CVE-2022-0847} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0847 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 8 [3.6.16-4.0.1_fips] - Allow RSA keygen with modulus sizes bigger than 3072 bits and validate the seed length as defined in FIPS 186-4 section B.3.2 [Orabug: 33200526] - Allow bigger known RSA modulus sizes when calling rsa_generate_fips186_4_keypair directly [Orabug: 33200526] - Change Epoch from 1 to 10 [3.6.16-4] - p11tool: Document ID reuse behavior when importing certs (#1776250) [3.6.16-3] - Treat SHA-1 signed CA in the trusted set differently (#1965445) [3.6.16-2] - Filter certificate_types in TLS 1.2 CR based on signature algorithms (#1942216) [3.6.16-1] - Update to upstream 3.6.16 release (#1956783) - Fix potential use-after-free in key_share handling (#1927597) - Fix potential use-after-free in pre_shared_key handling (#1927593) - Stop gnutls-serv relying on AI_ADDRCONFIG to decide listening address (#1908334) - Fix cert expiration issue in tests (#1908110) [3.6.14-10] - Port fixes for potential miscalculation in ecdsa_verify (#1942931) [3.6.14-9] - Revert the previous change MODERATE Copyright 2022 Oracle, Inc. CVE-2021-3580 CVE-2021-20232 CVE-2021-20231 cpe:/a:oracle:linux:8::u4_security_validation Oracle Linux 7 [1.0.2k-24.0.3] - fix CVE-2022-0778 - possible infinite loop in BN_mod_sqrt() IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0778 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [1.0.2k-24.0.3] - fix CVE-2022-0778 openssl: Fix possible infinite loop in BN_mod_sqrt() - Change Epoch from 1 to 10 - Fix DH self-test to add shared secret comparison [Orabug: 32467026] - Add DH support changes for SP 800-56A rev3 requirements [Orabug: 32467059] - Add TLS KDF self-test [Orabug: 32467193] - Add EC keys pairwise consistency test [Orabug: 32467059] [1.0.2k-24] - Updates patch openssl-1.0.2k-cve-2021-3712.patch to only free on push failure. - Resolves: rhbz#2039993 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0778 cpe:/a:oracle:linux:7::u8_security_validation Oracle Linux 7 [2.1.0-12.0.1] - lib: Prevent integer overflow on groupSize [CVE-2021-46143][Orabug: 33910302] - lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910302] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-46143 CVE-2022-23990 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 Oracle Linux 8 [1.20.7-1] - Added Oracle Specifile Files for cri-o IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0811 cpe:/a:oracle:linux:7::olcne13 cpe:/a:oracle:linux:8::olcne13 Oracle Linux 7 Oracle Linux 8 [1.21.6-1] - Added Oracle Specifile Files for cri-o IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0811 cpe:/a:oracle:linux:8::olcne14 cpe:/a:oracle:linux:7::olcne14 Oracle Linux 8 [2.2.5-4.0.1.3] - lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-23990 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 8 [1:1.1.1k-5.0.1] - fix CVE-2022-0778 - possible infinite loop in BN_mod_sqrt() [Orabug: 33974871] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0778 cpe:/o:oracle:linux:8:5:baseos_patch cpe:/o:oracle:linux:8::baseos_latest Oracle Linux 8 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-23219 CVE-2022-23218 CVE-2021-3999 cpe:/a:oracle:linux:8::userspace_ksplice Oracle Linux 7 [1.0.2k-24.0.3] - fix CVE-2022-0778 - possible infinite loop in BN_mod_sqrt() IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0778 cpe:/a:oracle:linux:7::userspace_ksplice Oracle Linux 6 [2.1.23-15.0.1.2] - Escape password for SQL insert/update commands [CVE-2022-24407][Orabug: 33936121] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-24407 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:linux:6:10:ELS cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 Oracle Linux 7 libtpms [0.8.8-1.el7] - spec: Update spec file to version 0.8.8 * Fri Sep 17 2021 Stefan Berger - 0.8.7-1 - tpm2: Fixes for building and running with OpenSSL 3.0 * Fri Sep 10 2021 Stefan Berger - 0.8.6-1 - tpm2: Marshal event sequence objects' hash state * Wed Sep 01 2021 Stefan Berger - 0.8.5-1 - tpm2: NVMarshal: Handle index orderly RAM without 0-sized terminating node - tpm2: Initialize a whole OBJECT before using it * Wed Jun 23 2021 Stefan Berger - 0.8.4-1 - tpm2: Reset too large size indicators in TPM2B to avoid access beyond buffer * Tue Jun 01 2021 Stefan Berger - 0.8.3-1 - tpm2: Work-around for Windows 2016 & 2019 bug related to ContextLoad swtpm [0.3.4-5.el7] - swtpm: Check header size indicator against expected size (CID 375869) (Stefan Berger) [Orabug: 33876933] {CVE-2022-23645} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-23645 CVE-2021-3623 cpe:/a:oracle:linux:7::kvm_utils Oracle Linux 8 [1:1.1.1k-5.0.1] - fix CVE-2022-0778 - possible infinite loop in BN_mod_sqrt() [Orabug: 33974871] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0778 cpe:/a:oracle:linux:8::userspace_ksplice Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.305.5.3] - bpf: fix out-of-tree module build (Alan Maguire) [Orabug: 33973548] - ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33973543] - Revert 'btrfs: inode: refactor the parameters of insert_reserved_file_extent()' (Srikanth C S) [Orabug: 33973491] - Revert 'btrfs: fix metadata reservation for fallocate that leads to transaction aborts' (Srikanth C S) [Orabug: 33973491] [5.4.17-2136.305.5.2] - lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33942325] {CVE-2022-0847} [5.4.17-2136.305.5.1] - arm64: Use the clearbhb instruction in mitigations (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly) [Orabug: 33937423] {CVE-2022-23960} - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: Mitigate spectre style branch history side channels (James Morse) [Orabug: 33937423] {CVE-2022-23960} - KVM: arm64: Add templates for BHB mitigation sequences (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) [Orabug: 33937423] {CVE-2022-23960} - arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) [Orabug: 33937423] {CVE-2022-23960} - arm64: Add part number for Arm Cortex-A77 (Rob Herring) [Orabug: 33937423] {CVE-2022-23960} - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: Add percpu vectors for EL1 (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: entry: Allow the trampoline text to occupy multiple pages (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: entry: Move the trampoline data page before the text page (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: entry: Free up another register on kpti's tramp_exit path (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: entry: Make the trampoline cleanup optional (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: entry.S: Add ventry overflow sanity checks (James Morse) [Orabug: 33937423] {CVE-2022-23960} - Revert 'BACKPORT: VARIANT 2: arm64: Add initial retpoline support' (Russell King) [Orabug: 33937423] {CVE-2022-23960} - Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33937423] {CVE-2022-23960} - Revert 'BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA.' (Russell King) [Orabug: 33937423] {CVE-2022-23960} - Revert 'BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr.' (Russell King) [Orabug: 33937423] {CVE-2022-23960} - Revert 'BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block.' (Russell King) [Orabug: 33937423] {CVE-2022-23960} - Revert 'BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline.' (Russell King) [Orabug: 33937423] {CVE-2022-23960} - Revert 'Arm64: add retpoline to cpu_show_spectre_v2' (Russell King) [Orabug: 33937423] {CVE-2022-23960} - Revert 'arm64: retpoline: Don't use retpoline in KVM's HYP part.' (Russell King) [Orabug: 33937423] {CVE-2022-23960} - Revert 'uek-rpm: aarch64 config enable RETPOLINE' (Russell King) [Orabug: 33937423] {CVE-2022-23960} - Revert 'uek-rpm: aarch64 config enable RETPOLINE OL8' (Russell King) [Orabug: 33937423] {CVE-2022-23960} - x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33937344] {CVE-2021-26401} - x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33937344] {CVE-2021-26401} - x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33937344] {CVE-2021-26401} - x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33937344] {CVE-2021-26401} - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33937344] {CVE-2021-26401} - Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33937344] {CVE-2021-26401} - x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33937344] {CVE-2021-26401} - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33937344] {CVE-2021-26401} - x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33937389] - x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33937344] {CVE-2021-26401} - x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33937344] {CVE-2021-26401} - x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33937344] {CVE-2021-26401} [5.4.17-2136.305.5] - netfilter: nf_tables_offload: incorrect flow offload action array size (Pablo Neira Ayuso) [Orabug: 33900416] {CVE-2022-25636} [5.4.17-2136.305.4] - net/mlx5e: Fix page DMA map/unmap attributes (Aya Levin) [Orabug: 33382242] - DMA/rxe: Update default value of RXE_MAX_PDN (Rao Shoaib) [Orabug: 33676597] - uek-rpm: enable VIRTIO_PCI_LIB_LEGACY config (Si-Wei Liu) [Orabug: 33749636] - vdpa/mlx5: Fix tracking of current number of VQs (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Fix is_index_valid() to refer to features (Eli Cohen) [Orabug: 33749636] - vdpa: Protect vdpa reset with cf_mutex (Eli Cohen) [Orabug: 33749636] - vdpa: Avoid taking cf_mutex lock on get status (Eli Cohen) [Orabug: 33749636] - vdpa/vdpa_sim_net: Report max device capabilities (Eli Cohen) [Orabug: 33749636] - vdpa: Use BIT_ULL for bit operations (Eli Cohen) [Orabug: 33749636] - vdpa/vdpa_sim: Configure max supported virtqueues (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Report max device capabilities (Eli Cohen) [Orabug: 33749636] - vdpa: Support reporting max device capabilities (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Restore cur_num_vqs in case of failure in change_num_qps() (Eli Cohen) [Orabug: 33749636] - vdpa: Add support for returning device configuration information (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Support configuring max data virtqueue (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Fix config_attr_mask assignment (Eli Cohen) [Orabug: 33749636] - vdpa: Allow to configure max data virtqueues (Eli Cohen) [Orabug: 33749636] - vdpa: Read device configuration only if FEATURES_OK (Eli Cohen) [Orabug: 33749636] - vdpa: Sync calls set/get config/status with cf_mutex (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Distribute RX virtqueues in RQT object (Eli Cohen) [Orabug: 33749636] - vdpa: Provide interface to read driver features (Eli Cohen) [Orabug: 33749636] - vdpa: clean up get_config_size ret value handling (Laura Abbott) [Orabug: 33749636] - vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (Eli Cohen) [Orabug: 33749636] - virtio/virtio_pci_legacy_dev: ensure the correct return value (Peng Hao) [Orabug: 33749636] - virtio: fix a typo in function 'vp_modern_remove' comments. (Dapeng Mi) [Orabug: 33749636] - virtio-pci: fix the confusing error message [Orabug: 33749636] - vdpa: Mark vdpa_config_ops.get_vq_notification as optional (Eugenio Perez) [Orabug: 33749636] - vdpa: Avoid duplicate call to vp_vdpa get_status (Eugenio Perez) [Orabug: 33749636] - net/mlx5_vdpa: Offer VIRTIO_NET_F_MTU when setting MTU (Eli Cohen) [Orabug: 33749636] - vdpa: add driver_override support (Stefano Garzarella) [Orabug: 33749636] - docs: document sysfs ABI for vDPA bus (Stefano Garzarella) [Orabug: 33749636] - vdpa: Consider device id larger than 31 (Parav Pandit) [Orabug: 33749636] - virtio: always enter drivers/virtio/ (Arnd Bergmann) [Orabug: 33749636] - vdpa: check that offsets are within bounds (Dan Carpenter) [Orabug: 33749636] - vdpa_sim: avoid putting an uninitialized iova_domain (Longpeng) [Orabug: 33749636] - vhost-vdpa: clean irqs before reseting vdpa device (Wu Zongyong) [Orabug: 33749636] - vdpa/mlx5: Forward only packets with allowed MAC address (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Support configuration of MAC (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Fix clearing of VIRTIO_NET_F_MAC feature bit (Parav Pandit) [Orabug: 33749636] - vdpa_sim_net: Enable user to set mac address and mtu (Parav Pandit) [Orabug: 33749636] - vdpa: Enable user to set mac and mtu of vdpa device (Parav Pandit) [Orabug: 33749636] - vdpa: Use kernel coding style for structure comments (Parav Pandit) [Orabug: 33749636] - vdpa: Introduce query of device config layout (Parav Pandit) [Orabug: 33749636] - vdpa: Introduce and use vdpa device get, set config helpers (Parav Pandit) [Orabug: 33749636] - vdpa/mlx5: Propagate link status from device to vdpa driver (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Rename control VQ workqueue to vdpa wq (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Remove mtu field from vdpa net device (Eli Cohen) [Orabug: 33749636] - vdpa: add new attribute VDPA_ATTR_DEV_MIN_VQ_SIZE (Wu Zongyong) [Orabug: 33749636] - virtio_vdpa: setup correct vq size with callbacks get_vq_num_{max,min} (Wu Zongyong) [Orabug: 33749636] - vdpa: min vq num of vdpa device cannot be greater than max vq num (Wu Zongyong) [Orabug: 33749636] - vdpa: add new callback get_vq_num_min in vdpa_config_ops (Wu Zongyong) [Orabug: 33749636] - vp_vdpa: add vq irq offloading support (Wu Zongyong) [Orabug: 33749636] - vdpa: fix typo (Wu Zongyong) [Orabug: 33749636] - virtio-pci: introduce legacy device module (Wu Zongyong) [Orabug: 33749636] - vhost-vdpa: Fix the wrong input in config_cb (Cindy Lu) [Orabug: 33749636] - vhost_vdpa: unset vq irq before freeing irq (Wu Zongyong) [Orabug: 33749636] - vdpa: potential uninitialized return in vhost_vdpa_va_map() (Dan Carpenter) [Orabug: 33749636] - vdpa/mlx5: Avoid executing set_vq_ready() if device is reset (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Clear ready indication for control VQ (Eli Cohen) [Orabug: 33749636] - vdpa: Support transferring virtual addressing during DMA mapping (Xie Yongji) [Orabug: 33749636] - vdpa: factor out vhost_vdpa_pa_map() and vhost_vdpa_pa_unmap() (Xie Yongji) [Orabug: 33749636] - vdpa: Add an opaque pointer for vdpa_config_ops.dma_map() (Xie Yongji) [Orabug: 33749636] - vhost-iotlb: Add an opaque pointer for vhost IOTLB (Xie Yongji) [Orabug: 33749636] - vhost-vdpa: Handle the failure of vdpa_reset() (Xie Yongji) [Orabug: 33749636] - vdpa: Add reset callback in vdpa_config_ops (Xie Yongji) [Orabug: 33749636] - vdpa: Fix some coding style issues (Xie Yongji) [Orabug: 33749636] - vdpa: Make use of PFN_PHYS/PFN_UP/PFN_DOWN helper macro (Cai Huoqing) [Orabug: 33749636] - vdpa_sim: Use iova_shift() for the size passed to alloc_iova() (Xie Yongji) [Orabug: 33749636] - vdpa/mlx5: Add multiqueue support (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Add support for control VQ and MAC setting (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Ensure valid indices are provided (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Decouple virtqueue callback from struct mlx5_vdpa_virtqueue (Eli Cohen) [Orabug: 33749636] - Revert 'vdpa/mlx5: fix feature negotiation across device reset' (Si-Wei Liu) [Orabug: 33749636] - vdpa/mlx5: function prototype modifications in preparation to control VQ (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Remove redundant header file inclusion (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Fix queue type selection logic (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Avoid destroying MR on empty iotlb (Eli Cohen) [Orabug: 33749636] - virtio_vdpa: reject invalid vq indices (Vincent Whitchurch) [Orabug: 33749636] - vdpa: Add documentation for vdpa_alloc_device() macro (Xie Yongji) [Orabug: 33749636] - vp_vdpa: Fix return value check for vdpa_alloc_device() (Xie Yongji) [Orabug: 33749636] - vdpa_sim: Fix return value check for vdpa_alloc_device() (Xie Yongji) [Orabug: 33749636] - vhost-vdpa: Fix integer overflow in vhost_vdpa_process_iotlb_update() (Xie Yongji) [Orabug: 33749636] - xfs: remove incorrect ASSERT in xfs_rename (Eric Sandeen) [Orabug: 33803847] - KVM: nVMX: Filter out all unsupported controls when eVMCS was activated (Vitaly Kuznetsov) [Orabug: 33805849] - crypto: ccp - Add support for new CCP/PSP device ID (John Allen) [Orabug: 33805849] - KVM: VMX: Wake vCPU when delivering posted IRQ even if vCPU == this vCPU (Sean Christopherson) [Orabug: 33805849] - KVM: fix avic_set_running for preemptable kernels (Paolo Bonzini) [Orabug: 33805849] - KVM: x86: Drop guest CPUID check for host initiated writes to MSR_IA32_PERF_CAPABILITIES (Vitaly Kuznetsov) [Orabug: 33805849] - KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall (Vitaly Kuznetsov) [Orabug: 33805849] - KVM: x86: Swap order of CPUID entry 'index' vs. 'significant flag' checks (Sean Christopherson) [Orabug: 33805849] - KVM: x86: nSVM: don't copy virt_ext from vmcb12 (Maxim Levitsky) [Orabug: 33805849] {CVE-2021-3653} {CVE-2021-3656} - KVM: x86: nSVM: restore int_vector in svm_clear_vintr (Maxim Levitsky) [Orabug: 33805849] - KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect() (Vitaly Kuznetsov) [Orabug: 33805849] - KVM: x86: Mark all registers as avail/dirty at vCPU creation (Sean Christopherson) [Orabug: 33805849] - KVM: nVMX: Sync all PGDs on nested transition with shadow paging (Sean Christopherson) [Orabug: 33805849] - KVM: SVM: Revert clearing of C-bit on GPA in #NPF handler (Sean Christopherson) [Orabug: 33805849] - KVM: SVM: Don't strip the C-bit from CR2 on #PF interception (Sean Christopherson) [Orabug: 33805849] - rds/ib: Kernel change to extend rds-info functionality (Rohit Nair) [Orabug: 33821340] - nvmet-tcp: fix a race condition between release_queue and io_work (Maurizio Lombardi) [Orabug: 33825776] - nvmet-tcp: add an helper to free the cmd buffers (Maurizio Lombardi) [Orabug: 33825776] - drm/i915: Flush TLBs before releasing backing store (Tvrtko Ursulin) [Orabug: 33835810] {CVE-2022-0330} - rds: ib: Make selection of completion_vector QoS aware (Hakon Bugge) [Orabug: 33845918] - tipc: improve size validations for received domain records (Jon Maloy) [Orabug: 33850801] {CVE-2022-0435} {CVE-2022-0435} - uek-rpm: Synchronize Module.kabi and lockedlist (Stephen Brennan) [Orabug: 33871538] [5.4.17-2136.305.3] - net/mlx5: Enable mlx5 IPsec build options on OL7/OL8 (Qing Huang) [Orabug: 32936614] - net/mlx5e: Fix SWP offsets when vlan inserted by driver (Moshe Shemesh) [Orabug: 32936614] - net/mlx5e: Fix missing IPsec statistics on uplink representor (Raed Salem) [Orabug: 32936614] - net/mlx5e: Add IPsec support to uplink representor (Raed Salem) [Orabug: 32936614] - net/mlx5: Fix checksum issue of VXLAN and IPsec crypto offload (Huy Nguyen) [Orabug: 32936614] - net/xfrm: Add inner_ipproto into sec_path (Huy Nguyen) [Orabug: 32936614] - net/mlx5: Optimize mlx5e_feature_checks for non IPsec packet (Huy Nguyen) [Orabug: 32936614] - net/mlx5e: IPsec/rep_tc: Fix rep_tc_update_skb drops IPsec packet (Huy Nguyen) [Orabug: 32936614] - net/mlx5: Replace spaces with tab at the start of a line (Wenpeng Liang) [Orabug: 32936614] - net/mlx5e: Enable XDP for Connect-X IPsec capable devices (Raed Salem) [Orabug: 32936614] - net/mlx5e: Enable striding RQ for Connect-X IPsec capable devices (Raed Salem) [Orabug: 32936614] - net/mlx5e: Release skb in case of failure in tc update skb (Maor Dickman) [Orabug: 32936614] - net/mlx5e: Move set vxlan nic info to profile init (Roi Dayan) [Orabug: 32936614] - net/mlx5e: Fix IPSEC stats (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: IPsec, Remove unnecessary config flag usage (Tariq Toukan) [Orabug: 32936614] - net/mlx5e: IPsec, Inline feature_check fast-path function (Tariq Toukan) [Orabug: 32936614] - net/mlx5e: IPsec, Avoid unreachable return (Tariq Toukan) [Orabug: 32936614] - net/mlx5e: IPsec, Enclose csum logic under ipsec config (Tariq Toukan) [Orabug: 32936614] - net/mlx5e: Split between RX/TX tunnel FW support indication (Aya Levin) [Orabug: 32936614] - net/mlx5e: Allow RQ outside of channel context (Aya Levin) [Orabug: 32936614] - net/mlx5e: Allow CQ outside of channel context (Aya Levin) [Orabug: 32936614] - net/mlx5e: Free drop RQ in a dedicated function (Tariq Toukan) [Orabug: 32936614] - net/mlx5e: kTLS, Enforce HW TX csum offload with kTLS (Tariq Toukan) [Orabug: 32936614] - net/mlx5: Expose IP-in-IP TX and RX capability bits (Aya Levin) [Orabug: 32936614] - net/mlx5e: Fix IPsec packet drop by mlx5e_tc_update_skb (Huy Nguyen) [Orabug: 32936614] - net/mlx5e: Set IPsec WAs only in IP's non checksum partial case. (Huy Nguyen) [Orabug: 32936614] - net/mlx5e: IPsec: Add Connect-X IPsec Tx data path offload (Raed Salem) [Orabug: 32936614] - net/mlx5e: IPsec: Add TX steering rule per IPsec state (Huy Nguyen) [Orabug: 32936614] - net/mlx5: Add NIC TX domain namespace (Huy Nguyen) [Orabug: 32936614] - net/mlx5e: Add tc chains offload support for nic flows (Ariel Levkovich) [Orabug: 32936614] - net/mlx5: Refactor tc flow attributes structure (Ariel Levkovich) [Orabug: 32936614] - net/mlx5e: Split nic tc flow allocation and creation (Ariel Levkovich) [Orabug: 32936614] - net/mlx5e: Tc nic flows to use mlx5_chains flow tables (Ariel Levkovich) [Orabug: 32936614] - net/mlx5: Refactor multi chains and prios support (Ariel Levkovich) [Orabug: 32936614] - net/mlx5e: Enhanced TX MPWQE for SKBs (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Move TX code into functions to be used by MPWQE (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Rename xmit-related structs to generalize them (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Generalize TX MPWQE checks for full session (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Support multiple SKBs in a TX WQE (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Move the TLS resync check out of the function (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Unify constants for WQE_EMPTY_DS_COUNT (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Small improvements for XDP TX MPWQE logic (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Refactor xmit functions (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Move mlx5e_tx_wqe_inline_mode to en_tx.c (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Use struct assignment to initialize mlx5e_tx_wqe_info (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Refactor inline header size calculation in the TX path (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Fix endianness when calculating pedit mask first bit (Maor Dickman) [Orabug: 32936614] - net/mlx5e: CT: Fix freeing ct_label mapping (Roi Dayan) [Orabug: 32936614] - net/mlx5e: Fix memory leak of tunnel info when rule under multipath not ready (Jianbo Liu) [Orabug: 32936614] - net/mlx5e: Use synchronize_rcu to sync with NAPI (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Use RCU to protect rq->xdp_prog (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: RX, Add a prefetch command for small L1_CACHE_BYTES (Tariq Toukan) [Orabug: 32936614] - net: Take common prefetch code structure into a function (Tariq Toukan) [Orabug: 32936614] - net/mlx5e: Use indirect call wrappers for RX post WQEs functions (Tariq Toukan) [Orabug: 32936614] - net/mlx5e: CT: Map 128 bits labels to 32 bit map ID (Eli Britstein) [Orabug: 32936614] - net/mlx5e: XDP, Avoid indirect call in TX flow (Tariq Toukan) [Orabug: 32936614] - net/mlx5e: IPsec: Add Connect-X IPsec ESN update offload support (Raed Salem) [Orabug: 32936614] - net/mlx5e: IPsec: Add IPsec steering in local NIC RX (Huy Nguyen) [Orabug: 32936614] - net/mlx5: Add IPsec related Flow steering entry's fields (Huy Nguyen) [Orabug: 32936614] - net/mlx5: IPsec: Add HW crypto offload support (Raed Salem) [Orabug: 32936614] - net/mlx5: Accel, Add core IPsec support for the Connect-X family (Raed Salem) [Orabug: 32936614] - net/mlx5e: Fix build break when CONFIG_XPS is not set (Saeed Mahameed) [Orabug: 32936614] - net/mlx5e: CT: Fix releasing ft entries (Roi Dayan) [Orabug: 32936614] - net/mlx5e: CT: Remove unused function param (Saeed Mahameed) [Orabug: 32936614] - net/mlx5e: CT: Return err_ptr from internal functions (Saeed Mahameed) [Orabug: 32936614] - net/mlx5e: CT: Use mapping for zone restore register (Paul Blakey) [Orabug: 32936614] - net/mlx5e: CT: Re-use tuple modify headers for identical modify actions (Paul Blakey) [Orabug: 32936614] - net/mlx5e: Export sharing of mod headers to a new file (Paul Blakey) [Orabug: 32936614] - net/mlx5e: CT: Restore ct state from lookup in zone instead of tupleid (Paul Blakey) [Orabug: 32936614] - net/mlx5e: CT: Don't offload tuple rewrites for established tuples (Paul Blakey) [Orabug: 32936614] - net/mlx5e: Use netdev_info instead of pr_info (Oz Shlomo) [Orabug: 32936614] - net/mlx5e: CT: Allow header rewrite of 5-tuple and ct clear action (Paul Blakey) [Orabug: 32936614] - net/mlx5e: CT: Save ct entries tuples in hashtables (Paul Blakey) [Orabug: 32936614] - net/mlx5e: Fix VXLAN configuration restore after function reload (Aya Levin) [Orabug: 32936614] - net/mlx5e: Enhance TX timeout recovery (Aya Levin) [Orabug: 32936614] - net/mlx5e: Enhance ICOSQ data on RX reporter's diagnose (Aya Levin) [Orabug: 32936614] - net/mlx5e: Add EQ info to TX/RX reporter's diagnose (Aya Levin) [Orabug: 32936614] - net/mlx5e: Rename reporter's helpers (Aya Levin) [Orabug: 32936614] - net/mlx5e: Add helper to get the RQ WQE counter (Aya Levin) [Orabug: 32936614] - net/mlx5e: Add helper to get RQ WQE's head (Aya Levin) [Orabug: 32936614] - net/mlx5e: Align RX/TX reporters diagnose output format (Aya Levin) [Orabug: 32936614] - net/mlx5e: Refactor build channel params (Tariq Toukan) [Orabug: 32936614] - net/mlx5e: vxlan: Use RCU for vxlan table lookup (Saeed Mahameed) [Orabug: 32936614] - net/mlx5e: Move TC-specific function definitions into MLX5_CLS_ACT (Vlad Buslov) [Orabug: 32936614] - net/mlx5e: CT: Fix ipv6 nat header rewrite actions (Oz Shlomo) [Orabug: 32936614] - net/mlx5e: en_tc: Fix cast to restricted __be32 warning (Saeed Mahameed) [Orabug: 32936614] - net/mlx5e: Don't use err uninitialized in mlx5e_attach_decap (Nathan Chancellor) [Orabug: 32936614] - net/mlx5e: Optimize performance for IPv4/IPv6 ethertype (Eli Britstein) [Orabug: 32936614] - net/mlx5e: Helper function to set ethertype (Eli Britstein) [Orabug: 32936614] - net/mlx5e: CT: Correctly get flow rule (Roi Dayan) [Orabug: 32936614] - net/mlx5e: Support pedit on mpls over UDP decap (Eli Cohen) [Orabug: 32936614] - xsk: Fix xsk_umem_xdp_frame_sz() (Bjorn Topel) [Orabug: 32936614] - net/mlx5e: CT: Fix offload with CT action after CT NAT action (Roi Dayan) [Orabug: 32936614] - mlx5: Rx queue setup time determine frame_sz for XDP (Jesper Dangaard Brouer) [Orabug: 32936614] - xdp: For Intel AF_XDP drivers add XDP frame_sz (Jesper Dangaard Brouer) [Orabug: 32936614] - xdp: Add frame size to xdp_buff (Jesper Dangaard Brouer) [Orabug: 32936614] - net: remove newlines in NL_SET_ERR_MSG_MOD (Jacob Keller) [Orabug: 32936614] - net/mlx5: CT: Remove unused variables (Paul Blakey) [Orabug: 32936614] - net/mlx5e: CT: Avoid false warning about rule may be used uninitialized (Roi Dayan) [Orabug: 32936614] - net/mlx5e: Remove unneeded semicolon (Zheng Bin) [Orabug: 32936614] - net/mlx5: IPsec, Fix coverity issue (Raed Salem) [Orabug: 32936614] - net/mlx5: TX WQE Add trailer insertion field (Raed Salem) [Orabug: 32936614] - net/mlx5: Introduce IPsec Connect-X offload hardware bits and structures (Raed Salem) [Orabug: 32936614] - net/mlx5: Update vxlan.c new cmd interface (Leon Romanovsky) [Orabug: 32936614] - net/mlx5: Update cq.c to new cmd interface (Leon Romanovsky) [Orabug: 32936614] - net/mlx5: CT: Change idr to xarray to protect parallel tuple id allocation (Paul Blakey) [Orabug: 32936614] - net/mlx5: IPsec, Refactor SA handle creation and destruction (Raed Salem) [Orabug: 32936614] - net/mlx5e: IPSec, Expose IPsec HW stat only for supporting HW (Raed Salem) [Orabug: 32936614] - net/mlx5: Refactor mlx5_accel_esp_create_hw_context parameter list (Raed Salem) [Orabug: 32936614] - net/mlx5: Use the correct IPsec capability function for FPGA ops (Raed Salem) [Orabug: 32936614] - net/mlx5e: CT: Use rhashtable's ct entries instead of a separate list (Paul Blakey) [Orabug: 32936614] - net/mlx5: Add support for RDMA TX steering (Michael Guralnik) [Orabug: 32936614] - net/mlx5e: Fix actions_match_supported() return (Dan Carpenter) [Orabug: 32936614] - net/mlx5: Eswitch, enable forwarding back to uplink port (Eli Cohen) [Orabug: 32936614] - net/mlx5e: Add support for offloading traffic from uplink to uplink (Eli Cohen) [Orabug: 32936614] - net/mlx5e: Fix rejecting all egress rules not on vlan (Roi Dayan) [Orabug: 32936614] - net/mlx5e: CT: Fix stack usage compiler warning (Saeed Mahameed) [Orabug: 32936614] - net/mlx5e: CT: remove set but not used variable 'unnew' (YueHaibing) [Orabug: 32936614] - net/mlx5e: Fix an IS_ERR() vs NULL check (Dan Carpenter) [Orabug: 32936614] - net/mlx5: Introduce TLS and IPSec objects enums (Saeed Mahameed) [Orabug: 32936614] - net/mlx5e: Fix endianness handling in pedit mask (Sebastian Hense) [Orabug: 32936614] - net/mlx5e: Remove redundant comment about goto slow path (Roi Dayan) [Orabug: 32936614] - net/mlx5e: Reduce number of arguments in slow path handling (Eli Cohen) [Orabug: 32936614] - net/mlx5e: Use netdev_warn() instead of pr_err() for errors (Roi Dayan) [Orabug: 32936614] - net/mlx5e: Add devlink fdb_large_groups parameter (Jianbo Liu) [Orabug: 32936614] - net/mlx5: Change the name of steering mode param id (Jianbo Liu) [Orabug: 32936614] - net/mlx5: Eswitch, avoid redundant mask (Eli Cohen) [Orabug: 32936614] - net/mlx5: Fix header guard in rsc_dump.h (Nathan Chancellor) [Orabug: 32936614] - net/mlx5e: Add context to the preactivate hook (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Allow mlx5e_switch_priv_channels to fail and recover (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Remove unneeded netif_set_real_num_tx_queues (Maxim Mikityanskiy) [Orabug: 32936614] - ESP: Export esp_output_fill_trailer function (Raed Salem) [Orabug: 32936614] - net/mlx5: Remove a useless 'drain_workqueue()' call in 'mlx5e_ipsec_cleanup()' (Christophe JAILLET) [Orabug: 32936614] - mlx5: Use proper logging and tracing line terminations (Joe Perches) [Orabug: 32936614] - net/mlx5e: Support dump callback in RX reporter (Aya Levin) [Orabug: 32936614] - net/mlx5e: Support dump callback in TX reporter (Aya Levin) [Orabug: 32936614] - net/mlx5e: Gather reporters APIs together (Aya Levin) [Orabug: 32936614] - net/mlx5: Add support for resource dump (Aya Levin) [Orabug: 32936614] - net/mlx5e: Create q counters on uplink representors (Vlad Buslov) [Orabug: 32936614] - net/mlx5: Expose resource dump register mapping (Aya Levin) [Orabug: 32936614] - net/mlx5: Add structures and defines for MIRC register (Eran Ben Elisha) [Orabug: 32936614] - net/mlx5: WQ, Move short getters into header file (Tariq Toukan) [Orabug: 32936614] - Revert 'net/mlx5e: Fix SWP offsets when vlan inserted by driver' (Mikhael Goikhman) [Orabug: 32936614] - uek-rpm: ensure BPF Type Format (BTF) section is retained in modules (Alan Maguire) [Orabug: 33774133] - kbuild: Skip module BTF generation for out-of-tree external modules (Andrii Nakryiko) [Orabug: 33774133] - bpf: Load and verify kernel module BTFs (Andrii Nakryiko) [Orabug: 33774133] - kbuild: Build kernel module BTFs if BTF is enabled and pahole supports it (Andrii Nakryiko) [Orabug: 33774133] - arm64: Add assembly annotations for weak-PI-alias madness (Robin Murphy) [Orabug: 33816089] - arm64: Import updated version of Cortex Strings' strlen (Sam Tebbs) [Orabug: 33816089] - arm64: Import latest memcpy()/memmove() implementation (Robin Murphy) [Orabug: 33816089] - arm64: Import latest version of Cortex Strings' memcmp (Sam Tebbs) [Orabug: 33816089] - arm64: Better optimised memchr() (Robin Murphy) [Orabug: 33816089] - net/rds: Fix memory leak in __rds_conn_create() on alloc_ordered_workqueue fail (Freddy Carrillo) [Orabug: 33821540] - x86/smpboot: check cpu_initialized_mask first after returning from schedule() (Dongli Zhang) [Orabug: 33825645] - uek-rpm/ol/config-aarch64: Enable CONFIG_ARM_RASPBERRYPI_CPUFREQ for RPi (Vijay Kumar) - KVM: x86: Initialize tdp_level during vCPU creation (Sean Christopherson) [Orabug: 33841857] - KVM: x86/mmu: Capture TDP level when updating CPUID (Sean Christopherson) [Orabug: 33841857] - xen/netback: don't queue unlimited number of packages (Juergen Gross) [Orabug: 33851834] - xen/netback: fix rx queue stall detection (Juergen Gross) [Orabug: 33851834] - Fix conflict of LTS commit 'PCI: aardvark: Configure PCIe resources from 'ranges' DT property' (Sherry Yang) [Orabug: 33862617] [5.4.17-2136.305.2] - LTS tag: v5.4.163 (Sherry Yang) - tty: hvc: replace BUG_ON() with negative return value (Juergen Gross) - xen/netfront: don't trust the backend response data blindly (Juergen Gross) - xen/netfront: disentangle tx_skb_freelist (Juergen Gross) - xen/netfront: don't read data from request on the ring page (Juergen Gross) - xen/netfront: read response from backend only once (Juergen Gross) - xen/blkfront: don't trust the backend response data blindly (Juergen Gross) - xen/blkfront: don't take local copy of a request from the ring page (Juergen Gross) - xen/blkfront: read response from backend only once (Juergen Gross) - xen: sync include/xen/interface/io/ring.h with Xen's newest version (Juergen Gross) - fuse: release pipe buf after last use (Miklos Szeredi) - NFC: add NCI_UNREG flag to eliminate the race (Lin Ma) - shm: extend forced shm destroy to support objects from several IPC nses (Alexander Mikhalitsyn) - s390/mm: validate VMA in PGSTE manipulation functions (David Hildenbrand) - tracing: Check pid filtering when creating events (Steven Rostedt (VMware)) - vhost/vsock: fix incorrect used length reported to the guest (Stefano Garzarella) - smb3: do not error on fsync when readonly (Steve French) - f2fs: set SBI_NEED_FSCK flag when inconsistent node block found (Weichao Guo) - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (Vladimir Oltean) - net: mscc: ocelot: don't downgrade timestamping RX filters in SIOCSHWTSTAMP (Vladimir Oltean) - net: hns3: fix VF RSS failed problem after PF enable multi-TCs (Guangbin Huang) - net/smc: Don't call clcsock shutdown twice when smc shutdown (Tony Lu) - net: vlan: fix underflow for the real_dev refcnt (Ziyang Xuan) - MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 (Huang Pei) - igb: fix netpoll exit with traffic (Jesse Brandeburg) - nvmet: use IOCB_NOWAIT only if the filesystem supports it (Maurizio Lombardi) - tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows (Eric Dumazet) - PM: hibernate: use correct mode for swsusp_close() (Thomas Zeitlhofer) - net/ncsi : Add payload to be 32-bit aligned to fix dropped packets (Kumar Thangavel) - nvmet-tcp: fix incomplete data digest send (Varun Prakash) - net/smc: Ensure the active closing peer first closes clcsock (Tony Lu) - scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (Mike Christie) - net: nexthop: release IPv6 per-cpu dsts when replacing a nexthop group (Nikolay Aleksandrov) - net: ipv6: add fib6_nh_release_dsts stub (Nikolay Aleksandrov) - nfp: checking parameter process for rx-usecs/tx-usecs is invalid (Diana Wang) - ipv6: fix typos in __ip6_finish_output() (Eric Dumazet) - iavf: Prevent changing static ITR values if adaptive moderation is on (Nitesh B Venkatesh) - drm/vc4: fix error code in vc4_create_object() (Dan Carpenter) - scsi: mpt3sas: Fix kernel panic during drive powercycle test (Sreekanth Reddy) - ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (Takashi Iwai) - NFSv42: Don't fail clone() unless the OP_CLONE operation failed (Trond Myklebust) - firmware: arm_scmi: pm: Propagate return value to caller (Peng Fan) - net: ieee802154: handle iftypes as u32 (Alexander Aring) - ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) - ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer (Srinivas Kandagatla) - ARM: dts: BCM5301X: Add interrupt properties to GPIO node (Florian Fainelli) - ARM: dts: BCM5301X: Fix I2C controller interrupt (Florian Fainelli) - netfilter: ipvs: Fix reuse connection if RS weight is 0 (yangxingwu) - proc/vmcore: fix clearing user buffer by properly using clear_user() (David Hildenbrand) - arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (Marek Behun) - pinctrl: armada-37xx: Correct PWM pins definitions (Marek Behun) - PCI: aardvark: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge (Pali Rohar) - PCI: aardvark: Set PCI Bridge Class Code to PCI Bridge (Pali Rohar) - PCI: aardvark: Fix support for bus mastering and PCI_COMMAND on emulated bridge (Pali Rohar) - PCI: aardvark: Fix link training (Pali Rohar) - PCI: aardvark: Simplify initialization of rootcap on virtual bridge (Pali Rohar) - PCI: aardvark: Implement re-issuing config requests on CRS response (Pali Rohar) - PCI: aardvark: Fix PCIe Max Payload Size setting (Pali Rohar) - PCI: aardvark: Configure PCIe resources from 'ranges' DT property (Pali Rohar) - PCI: pci-bridge-emul: Fix array overruns, improve safety (Russell King) - PCI: aardvark: Update comment about disabling link training (Pali Rohar) - PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() (Pali Rohar) - PCI: aardvark: Fix compilation on s390 (Pali Rohar) - PCI: aardvark: Don't touch PCIe registers if no card connected (Pali Rohar) - PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros (Pali Rohar) - PCI: aardvark: Issue PERST via GPIO (Pali Rohar) - PCI: aardvark: Improve link training (Marek Behun) - PCI: aardvark: Train link immediately after enabling training (Pali Rohar) - PCI: aardvark: Fix big endian support (Grzegorz Jaszczyk) - PCI: aardvark: Wait for endpoint to be ready before training link (Remi Pommarel) - PCI: aardvark: Deduplicate code in advk_pcie_rd_conf() (Marek Behun) - mdio: aspeed: Fix 'Link is Down' issue (Dylan Hung) - mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB (Adrian Hunter) - tracing: Fix pid filtering when triggers are attached (Steven Rostedt (VMware)) - tracing/uprobe: Fix uprobe_perf_open probes iteration (Jiri Olsa) - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (Nicholas Piggin) - xen: detect uninitialized xenbus in xenbus_init (Stefano Stabellini) - xen: don't continue xenstore initialization in case of errors (Stefano Stabellini) - staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (Dan Carpenter) - staging/fbtft: Fix backlight (Noralf Tronnes) - HID: wacom: Use 'Confidence' flag to prevent reporting invalid contacts (Jason Gerecke) - Revert 'parisc: Fix backtrace to always include init funtion names' (Helge Deller) - media: cec: copy sequence field for the reply (Hans Verkuil) - ALSA: ctxfi: Fix out-of-range access (Takashi Iwai) - binder: fix test regression due to sender_euid change (Todd Kjos) - usb: hub: Fix locking issues with address0_mutex (Mathias Nyman) - usb: hub: Fix usb enumeration issue due to address0 race (Mathias Nyman) - usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts (Ondrej Jirman) - net: nexthop: fix null pointer dereference when IPv6 is not enabled (Nikolay Aleksandrov) - usb: dwc2: hcd_queue: Fix use of floating point literal (Nathan Chancellor) - usb: dwc2: gadget: Fix ISOC flow for elapsed frames (Minas Harutyunyan) - USB: serial: option: add Fibocom FM101-GL variants (Mingjie Zhang) - USB: serial: option: add Telit LE910S1 0x9200 composition (Daniele Palmas) - LTS tag: v5.4.162 (Sherry Yang) - ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() (Pierre-Louis Bossart) - ALSA: hda: hdac_ext_stream: fix potential locking issues (Pierre-Louis Bossart) - hugetlbfs: flush TLBs correctly after huge_pmd_unshare (Nadav Amit) - tlb: mmu_gather: add tlb_flush_*_range APIs (Peter Zijlstra (Intel)) - ice: Delete always true check of PF pointer (Leon Romanovsky) - usb: max-3421: Use driver data instead of maintaining a list of bound devices (Uwe Kleine-Konig) - ASoC: DAPM: Cover regression by kctl change notification fix (Takashi Iwai) - batman-adv: Don't always reallocate the fragmentation skb head (Sven Eckelmann) - batman-adv: Reserve needed_*room for fragments (Sven Eckelmann) - batman-adv: Consider fragmentation for needed_headroom (Sven Eckelmann) - perf/core: Avoid put_page() when GUP fails (Greg Thelen) - Revert 'net: mvpp2: disable force link UP during port init procedure' (Greg Kroah-Hartman) - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (hongao) - drm/i915/dp: Ensure sink rate values are always valid (Imre Deak) - drm/nouveau: use drm_dev_unplug() during device removal (Jeremy Cline) - drm/udl: fix control-message timeout (Johan Hovold) - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (Nguyen Dinh Phi) - parisc/sticon: fix reverse colors (Sven Schnelle) - btrfs: fix memory ordering between normal and ordered work functions (Nikolay Borisov) - udf: Fix crash after seekdir (Jan Kara) - s390/kexec: fix memory leak of ipl report buffer (Baoquan He) - x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails (Sean Christopherson) - mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag (Rustam Kovhaev) - ipc: WARN if trying to remove ipc object which is absent (Alexander Mikhalitsyn) - hexagon: export raw I/O routines for modules (Nathan Chancellor) - tun: fix bonding active backup with arp monitoring (Nicolas Dichtel) - arm64: vdso32: suppress error message for 'make mrproper' (Nick Desaulniers) - s390/kexec: fix return code handling (Heiko Carstens) - perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server (Alexander Antonov) - perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server (Alexander Antonov) - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (Michael Ellerman) - NFC: reorder the logic in nfc_{un,}register_device (Lin Ma) - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (Hans Verkuil) - NFC: reorganize the functions in nci_request (Lin Ma) - i40e: Fix display error code in dmesg (Grzegorz Szczurek) - i40e: Fix creation of first queue by omitting it if is not power of two (Jedrzej Jagielski) - i40e: Fix ping is lost after configuring ADq on VF (Eryk Rybak) - i40e: Fix changing previously set num_queue_pairs for PFs (Eryk Rybak) - i40e: Fix NULL ptr dereference on VSI filter sync (Michal Maloszewski) - i40e: Fix correct max_pkt_size on VF RX queue (Eryk Rybak) - net: virtio_net_hdr_to_skb: count transport header in UFO (Jonathan Davies) - net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove (Pavel Skripkin) - net: sched: act_mirred: drop dst for the direction from egress to ingress (Xin Long) - scsi: core: sysfs: Fix hang when device state is set via sysfs (Mike Christie) - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (Christophe JAILLET) - mips: lantiq: add support for clk_get_parent() (Randy Dunlap) - mips: bcm63xx: add support for clk_get_parent() (Randy Dunlap) - MIPS: generic/yamon-dt: fix uninitialized variable error (Colin Ian King) - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (Surabhi Boob) - iavf: validate pointers (Mitch Williams) - iavf: prevent accidental free of filter structure (Jacob Keller) - iavf: Fix failure to exit out from last all-multicast mode (Piotr Marczak) - iavf: free q_vectors before queues in iavf_disable_vf (Nicholas Nunley) - iavf: check for null in iavf_fix_features (Nicholas Nunley) - net: bnx2x: fix variable dereferenced before check (Pavel Skripkin) - perf tests: Remove bash construct from record+zstd_comp_decomp.sh (James Clark) - perf bench futex: Fix memory leak of perf_cpu_map__new() (Sohaib Mohamed) - perf bpf: Avoid memory leak from perf_env__insert_btf() (Ian Rogers) - RDMA/netlink: Add __maybe_unused to static inline in C file (Leon Romanovsky) - tracing/histogram: Do not copy the fixed-size char array field over the field size (Masami Hiramatsu) - tracing: Save normal string variables (Tom Zanussi) - sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() (Vincent Donnefort) - mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set (Randy Dunlap) - clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk (Dmitry Baryshkov) - clk/ast2600: Fix soc revision for AHB (Joel Stanley) - clk: ingenic: Fix bugs with divided dividers (Paul Cercueil) - sh: define __BIG_ENDIAN for math-emu (Randy Dunlap) - sh: math-emu: drop unused functions (Randy Dunlap) - sh: fix kconfig unmet dependency warning for FRAME_POINTER (Randy Dunlap) - f2fs: fix up f2fs_lookup tracepoints (Gao Xiang) - maple: fix wrong return value of maple_bus_init(). (Lu Wei) - sh: check return code of request_irq (Nick Desaulniers) - powerpc/dcr: Use cmplwi instead of 3-argument cmpli (Michael Ellerman) - ALSA: gus: fix null pointer dereference on pointer block (Chengfeng Ye) - powerpc/5200: dts: fix memory node unit name (Anatolij Gustschin) - iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() (Teng Qi) - scsi: target: Fix alua_tg_pt_gps_count tracking (Mike Christie) - scsi: target: Fix ordered tag handling (Mike Christie) - MIPS: sni: Fix the build (Bart Van Assche) - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (Guanghui Feng) - ALSA: ISA: not for M68K (Randy Dunlap) - ARM: dts: ls1021a-tsn: use generic 'jedec,spi-nor' compatible for flash (Li Yang) - ARM: dts: ls1021a: move thermal-zones node out of soc/ (Li Yang) - usb: host: ohci-tmio: check return value after calling platform_get_resource() (Yang Yingliang) - ARM: dts: omap: fix gpmc,mux-add-data type (Roger Quadros) - firmware_loader: fix pre-allocated buf built-in firmware use (Luis Chamberlain) - scsi: advansys: Fix kernel pointer leak (Guo Zhi) - ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect (Hans de Goede) - clk: imx: imx6ul: Move csi_sel mux to correct base register (Stefan Riedmueller) - ASoC: SOF: Intel: hda-dai: fix potential locking issue (Pierre-Louis Bossart) - arm64: dts: freescale: fix arm,sp805 compatible string (Michael Walle) - arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency (AngeloGioacchino Del Regno) - usb: typec: tipd: Remove WARN_ON in tps6598x_block_read (Sven Peter) - usb: musb: tusb6010: check return value after calling platform_get_resource() (Yang Yingliang) - RDMA/bnxt_re: Check if the vlan is valid before reporting (Selvin Xavier) - arm64: dts: hisilicon: fix arm,sp805 compatible string (Michael Walle) - ARM: dts: NSP: Fix mpcore, mmc node names (Matthew Hagan) - arm64: zynqmp: Fix serial compatible string (Michal Simek) - arm64: zynqmp: Do not duplicate flash partition label property (Amit Kumar Mahapatra) - net/mlx5: Add back multicast stats for uplink representor (Huy Nguyen) [Orabug: 33519567] - net/mlx5: E-Switch, Protect changing mode while adding rules (Roi Dayan) [Orabug: 33519567] - net/mlx5e: Do not reload ethernet ports when changing eswitch mode (Roi Dayan) [Orabug: 33519567] - net/mlx5: Move devlink port from mlx5e priv to mlx5e resources (Roi Dayan) [Orabug: 33519567] - net/mlx5: Move mlx5e hw resources into a sub object (Roi Dayan) [Orabug: 33519567] - net/mlx5e: Move devlink port register and unregister calls (Roi Dayan) [Orabug: 33519567] - net/mlx5e: Verify dev is present in some ndos (Roi Dayan) [Orabug: 33519567] - net/mlx5e: Use nic mode netdev ndos and ethtool ops for uplink representor (Roi Dayan) [Orabug: 33519567] - net/mlx5e: Add offload stats ndos to nic netdev ops (Roi Dayan) [Orabug: 33519567] - net/mlx5e: Distinguish nic and esw offload in tc setup block cb (Roi Dayan) [Orabug: 33519567] - net/mlx5e: Allow legacy vf ndos only if in legacy mode (Roi Dayan) [Orabug: 33519567] - net/mlx5e: Same max num channels for both nic and uplink profiles (Saeed Mahameed) [Orabug: 33519567] - net: Change dev parameter to const in netif_device_present() (Roi Dayan) [Orabug: 33519567] - net/mlx5: Cleanup prototype warning (Saeed Mahameed) [Orabug: 33519567] - net/mxl5e: Add change profile method (Saeed Mahameed) [Orabug: 33519567] - net/mlx5e: Disable hw-tc-offload when MLX5_CLS_ACT config is disabled (Maor Dickman) [Orabug: 33519567] - net/tls: Fix wrong record sn in async mode of device resync (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: Fix multicast counter not up-to-date in 'ip -s' (Ron Diskin) [Orabug: 33519567] - net/mlx5e: Add support for PCI relaxed ordering (Aya Levin) [Orabug: 33519567] - net/mlx5e: Move exposure of datapath function to txrx header (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: RX, Re-work initializaiton of RX function pointers (Tariq Toukan) [Orabug: 33519567] - RDMA/mlx5: ConnectX-7 new capabilities to set relaxed ordering by UMR (Meir Lichtinger) [Orabug: 33519567] - net/mlx5e: IPsec: Add Connect-X IPsec Rx data path offload (Raed Salem) [Orabug: 33519567] - net/mlx5e: Fix usage of rcu-protected pointer (Vlad Buslov) [Orabug: 33519567] - net/mlx5e: Move RQ helpers to txrx.h (Aya Levin) [Orabug: 33519567] - net/mlx5e: Remove redundant RQ state query (Aya Levin) [Orabug: 33519567] - net/mlx5e: Change reporters create functions to return void (Eran Ben Elisha) [Orabug: 33519567] - net/tls: fix sign extension issue when left shifting u16 value (Colin Ian King) [Orabug: 33519567] - net/mlx5e: kTLS, Improve rx handler function call (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: kTLS, Add kTLS RX stats (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: kTLS, Add kTLS RX resync support (Tariq Toukan) [Orabug: 33519567] - net/tls: Add asynchronous resync (Boris Pismenny) [Orabug: 33519567] - Revert 'net/tls: Add force_resync for driver resync' (Boris Pismenny) [Orabug: 33519567] - net/mlx5e: kTLS, Add kTLS RX HW offload support (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: kTLS, Improve TLS feature modularity (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: Accel, Expose flow steering API for rules add/del (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: Receive flow steering framework for accelerated TCP flows (Boris Pismenny) [Orabug: 33519567] - net/mlx5e: API to manipulate TTC rules destinations (Saeed Mahameed) [Orabug: 33519567] - net/mlx5e: Turn XSK ICOSQ into a general asynchronous one (Tariq Toukan) [Orabug: 33519567] - net/mlx5: kTLS, Improve TLS params layout structures (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: Support tc block sharing for representors (Vu Pham) [Orabug: 33519567] - net/tls: Add force_resync for driver resync (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: Calculate SQ stop room in a robust way (Maxim Mikityanskiy) [Orabug: 33519567] - net/mlx5e: IPoIB, Enable loopback packets for IPoIB interfaces (Erez Shitrit) [Orabug: 33519567] - net/mlx5e: Enhance ICOSQ WQE info fields (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: Use struct assignment for WQE info updates (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: Take TX WQE info structures out of general EN header (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: kTLS, Do not fill edge for the DUMP WQEs in TX flow (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: kTLS, Fill work queue edge separately in TX flow (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: Split TX acceleration offloads into two phases (Maxim Mikityanskiy) [Orabug: 33519567] - net/mlx5e: Update UDP fields of the SKB for GSO first (Maxim Mikityanskiy) [Orabug: 33519567] - net/mlx5e: Make TLS offload independent of wqe and pi (Maxim Mikityanskiy) [Orabug: 33519567] - net/mlx5e: Pass only eseg to IPSEC offload (Maxim Mikityanskiy) [Orabug: 33519567] - net/mlx5e: Return void from mlx5e_sq_xmit and mlx5i_sq_xmit (Maxim Mikityanskiy) [Orabug: 33519567] - net/mlx5e: Unify checks of TLS offloads (Maxim Mikityanskiy) [Orabug: 33519567] - net/mlx5e: Return bool from TLS and IPSEC offloads (Maxim Mikityanskiy) [Orabug: 33519567] - net/mlx5e: Unify reserving space for WQEs (Maxim Mikityanskiy) [Orabug: 33519567] - net/mlx5e: Rename ICOSQ WQE info struct and field (Maxim Mikityanskiy) [Orabug: 33519567] - net/mlx5e: Fetch WQE: reuse code and enforce typing (Maxim Mikityanskiy) [Orabug: 33519567] - net/mlx5e: TX, Generalise code and usage of error CQE dump (Tariq Toukan) [Orabug: 33519567] - net/mlx5: Introduce TLS RX offload hardware bits (Tariq Toukan) [Orabug: 33519567] - net/mlx5: Update transobj.c new cmd interface (Leon Romanovsky) [Orabug: 33519567] - net/mlx5e: en_accel, Add missing net/geneve.h include (Raed Salem) [Orabug: 33519567] - net/mlx5e: Show/set Rx network flow classification rules on ul rep (Vlad Buslov) [Orabug: 33519567] - net/mlx5e: Show/set Rx flow indir table and RSS hash key on ul rep (Vlad Buslov) [Orabug: 33519567] - mlx5: reject unsupported coalescing params (Jakub Kicinski) [Orabug: 33519567] - net/mlx5e: RX, Use indirect calls wrapper for posting descriptors (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: Replace zero-length array with flexible-array member (Gustavo A. R. Silva) [Orabug: 33519567] - net/mlx5e: TX, Error completion is for last WQE in batch (Tariq Toukan) [Orabug: 33519567] - net/mlx5: Expose relaxed ordering bits (Michael Guralnik) [Orabug: 33519567] - net/mlx5e: TX, Dump WQs wqe descriptors on CQE with error events (Saeed Mahameed) [Orabug: 33519567] [5.4.17-2136.305.1] - btrfs: fix metadata reservation for fallocate that leads to transaction aborts (Filipe Manana) [Orabug: 32675999] - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (Qu Wenruo) [Orabug: 32675999] - uek-rpm: Enable QAT 4XXX device (Thomas Tai) [Orabug: 33440215] - crypto: qat - power up 4xxx device (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - fix naming of PF/VF enable functions (Marco Chiappero) [Orabug: 33440215] - crypto: qat - complete all the init steps before service notification (Marco Chiappero) [Orabug: 33440215] - crypto: qat - move IO virtualization functions (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - rename compatibility version definition (Marco Chiappero) [Orabug: 33440215] - crypto: qat - enable interrupts only after ISR allocation (Marco Chiappero) [Orabug: 33440215] - crypto: qat - simplify code and axe the use of a deprecated API (Christophe JAILLET) [Orabug: 33440215] - crypto: qat - enable detection of accelerators hang (Wojciech Ziemba) [Orabug: 33440215] - crypto: qat - configure arbiter mapping based on engines enabled (Wojciech Ziemba) [Orabug: 33440215] - crypto: qat - replace CRYPTO_AES with CRYPTO_LIB_AES in Kconfig (Marco Chiappero) [Orabug: 33440215] - crypto: qat - add CRYPTO_AES to Kconfig dependencies (Marco Chiappero) [Orabug: 33440215] - crypto: qat - add capability detection logic in qat_4xxx (Marco Chiappero) [Orabug: 33440215] - crypto: qat - add AES-XTS support for QAT GEN4 devices (Marco Chiappero) [Orabug: 33440215] - crypto: qat - add AES-CTR support for QAT GEN4 devices (Marco Chiappero) [Orabug: 33440215] - crypto: qat - add qat_4xxx driver (Thomas Tai) [Orabug: 33440215] - crypto: qat - add hook to initialize vector routing table (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - target fw images to specific AEs (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - add gen4 firmware loader (Jack Xu) [Orabug: 33440215] - crypto: qat - add support for broadcasting mode (Jack Xu) [Orabug: 33440215] - crypto: qat - add support for shared ustore (Jack Xu) [Orabug: 33440215] - crypto: qat - allow to target specific AEs (Jack Xu) [Orabug: 33440215] - crypto: qat - add FCU CSRs to chip info (Jack Xu) [Orabug: 33440215] - crypto: qat - add CSS3K support (Jack Xu) [Orabug: 33440215] - crypto: qat - use ae_mask (Jack Xu) [Orabug: 33440215] - crypto: qat - add misc control CSR to chip info (Jack Xu) [Orabug: 33440215] - crypto: qat - add wake up event to chip info (Jack Xu) [Orabug: 33440215] - crypto: qat - add clock enable CSR to chip info (Jack Xu) [Orabug: 33440215] - crypto: qat - add reset CSR and mask to chip info (Jack Xu) [Orabug: 33440215] - crypto: qat - add local memory size to chip info (Jack Xu) [Orabug: 33440215] - crypto: qat - add support for lm2 and lm3 (Jack Xu) [Orabug: 33440215] - crypto: qat - add next neighbor to chip_info (Jack Xu) [Orabug: 33440215] - crypto: qat - introduce chip info structure (Jack Xu) [Orabug: 33440215] - crypto: qat - refactor long expressions (Jack Xu) [Orabug: 33440215] - crypto: qat - refactor qat_uclo_set_ae_mode() (Jack Xu) [Orabug: 33440215] - crypto: qat - move defines to header files (Jack Xu) [Orabug: 33440215] - crypto: qat - remove global CSRs helpers (Jack Xu) [Orabug: 33440215] - crypto: qat - refactor AE start (Jack Xu) [Orabug: 33440215] - crypto: qat - rename qat_uclo_del_uof_obj() (Jack Xu) [Orabug: 33440215] - crypto: qat - remove unnecessary parenthesis (Jack Xu) [Orabug: 33440215] - crypto: qat - support for mof format in fw loader (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - allow for instances in different banks (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - refactor qat_crypto_dev_config() (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - refactor qat_crypto_create_instances() (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - remove unnecessary void* casts (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - call functions in adf_sriov if available (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - abstract writes to arbiter enable (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - use BIT_ULL() - 1 pattern for masks (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - replace constant masks with GENMASK (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - abstract build ring base (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - enable ring after pair is programmed (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - register crypto instances based on capability (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - add support for capability detection (Marco Chiappero) [Orabug: 33440215] - crypto: qat - abstract arbiter access (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - remove unused macros in arbiter module (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - remove writes into WQCFG (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - update constants table (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - use admin mask to send fw constants (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - change admin sequence (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - rename ME in AE (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - add packed to init admin structures (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - abstract admin interface (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - relocate GEN2 CSR access code (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - split transport CSR access logic (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - fix configuration of iov threads (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - num_rings_per_bank is device dependent (Ahsan Atta) [Orabug: 33440215] - crypto: qat - mask device capabilities with soft straps (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - update IV in software (Marco Chiappero) [Orabug: 33440215] - crypto: qat - drop input parameter from adf_enable_aer() (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - replace device ids defines (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - add delay before polling mailbox (Giovanni Cabiddu) [Orabug: 33440215] - PCI: Add Intel QuickAssist device IDs (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - fallback for xts with 192 bit keys (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - remove unused field in skcipher ctx (Thomas Tai) [Orabug: 33440215] - crypto: qat - validate xts key (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - allow xts requests not multiple of block (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - update timeout logic in put admin msg (Wojciech Ziemba) [Orabug: 33440215] - crypto: qat - send admin messages to set of AEs (Wojciech Ziemba) [Orabug: 33440215] - crypto: qat - update fw init admin msg (Wojciech Ziemba) [Orabug: 33440215] - crypto: qat - replace user types with kernel ABI __u types (Wojciech Ziemba) [Orabug: 33440215] - crypto: qat - replace user types with kernel u types (Wojciech Ziemba) [Orabug: 33440215] - crypto: qat - convert to SPDX License Identifiers (Giovanni Cabiddu) [Orabug: 33440215] - iopoll: introduce read_poll_timeout macro (Dejin Zheng) [Orabug: 33440215] - crypto: qat - simplify the qat_crypto function (Tianjia Zhang) [Orabug: 33440215] - crypto: qat - switch to skcipher API (Ard Biesheuvel) [Orabug: 33440215] - io_uring: fix false WARN_ONCE (Pavel Begunkov) [Orabug: 33731046] - scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (James Smart) [Orabug: 33731165] - scsi: lpfc: Fix link down processing to address NULL pointer dereference (James Smart) [Orabug: 33731165] - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (James Smart) [Orabug: 33731165] - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (James Smart) [Orabug: 33731165] - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (James Smart) [Orabug: 33731165] - scsi: lpfc: Add support for optional PLDV handling (James Smart) [Orabug: 33731165] - scsi: lpfc: Fix mailbox command failure during driver initialization (James Smart) [Orabug: 33731165] - scsi: lpfc: Improve PBDE checks during SGL processing (James Smart) [Orabug: 33731165] - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (James Smart) [Orabug: 33731165] - scsi: lpfc: Fix NVMe I/O failover to non-optimized path (James Smart) [Orabug: 33731165] - scsi: lpfc: Don't remove ndlp on PRLI errors in P2P mode (James Smart) [Orabug: 33731165] - scsi: lpfc: Fix rediscovery of tape device after LIP (James Smart) [Orabug: 33731165] - scsi: lpfc: Don't release final kref on Fport node while ABTS outstanding (James Smart) [Orabug: 33731165] - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (James Smart) [Orabug: 33731165] - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (Ewan D. Milne) [Orabug: 33731165] - scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (James Smart) [Orabug: 33731165] - scsi: lpfc: Revise Topology and RAS support checks for new adapters (James Smart) [Orabug: 33731165] - scsi: lpfc: Copyright updates for 12.8.0.11 patches (James Smart) [Orabug: 33731165] - scsi: lpfc: Update lpfc version to 12.8.0.11 (James Smart) [Orabug: 33731165] - scsi: lpfc: Skip issuing ADISC when node is in NPR state (James Smart) [Orabug: 33731165] - scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (James Smart) [Orabug: 33731165] - scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (James Smart) [Orabug: 33731165] - scsi: lpfc: Clear outstanding active mailbox during PCI function reset (James Smart) [Orabug: 33731165] - scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (James Smart) [Orabug: 33731165] - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (James Smart) [Orabug: 33731165] - scsi: lpfc: Fix target reset handler from falsely returning FAILURE (James Smart) [Orabug: 33731165] - scsi: lpfc: Discovery state machine fixes for LOGO handling (James Smart) [Orabug: 33731165] - scsi: lpfc: Remove use of kmalloc() in trace event logging (James Smart) [Orabug: 33731165] - scsi: lpfc: Fix failure to transmit ABTS on FC link (James Smart) [Orabug: 33731165] - bpf: Disallow unprivileged bpf by default (Pawan Gupta) [Orabug: 33734681] - bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33734681] - USB: gadget: bRequestType is a bitfield, not a enum (Greg Kroah-Hartman) [Orabug: 33739525] {CVE-2021-39685} - USB: gadget: zero allocate endpoint 0 buffers (Greg Kroah-Hartman) [Orabug: 33739525] {CVE-2021-39685} - USB: gadget: detect too-big endpoint 0 requests (Greg Kroah-Hartman) [Orabug: 33739525] {CVE-2021-39685} - scsi: vmw_pvscsi: Set residual data length conditionally (Alexey Makhalov) [Orabug: 33761343] - hwmon: (k10temp) Add support for Zen3 CPUs (Rahul Rohit) [Orabug: 33782833] - Revert 'rds/ib: Kernel upgrade to rds_ib_conns info displayed by rds-info' (Rohit Nair) [Orabug: 33812555] - uek-rpm: Add missing dax modules to kernel-ueknano (Somasundaram Krishnasamy) [Orabug: 33821042] - cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33825687] {CVE-2022-0492} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-3653 CVE-2022-23960 CVE-2021-3656 CVE-2021-39685 CVE-2022-0435 CVE-2022-0847 CVE-2021-26401 CVE-2022-0330 CVE-2022-0492 CVE-2022-25636 cpe:/o:oracle:linux:8:5:baseos_patch cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:8::developer_UEKR6 cpe:/a:oracle:linux:7::developer_UEKR6 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.305.5.3] - bpf: fix out-of-tree module build (Alan Maguire) [Orabug: 33973548] - ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33973543] - Revert 'btrfs: inode: refactor the parameters of insert_reserved_file_extent()' (Srikanth C S) [Orabug: 33973491] - Revert 'btrfs: fix metadata reservation for fallocate that leads to transaction aborts' (Srikanth C S) [Orabug: 33973491] [5.4.17-2136.305.5.2] - lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33942325] {CVE-2022-0847} [5.4.17-2136.305.5.1] - arm64: Use the clearbhb instruction in mitigations (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly) [Orabug: 33937423] {CVE-2022-23960} - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: Mitigate spectre style branch history side channels (James Morse) [Orabug: 33937423] {CVE-2022-23960} - KVM: arm64: Add templates for BHB mitigation sequences (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) [Orabug: 33937423] {CVE-2022-23960} - arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) [Orabug: 33937423] {CVE-2022-23960} - arm64: Add part number for Arm Cortex-A77 (Rob Herring) [Orabug: 33937423] {CVE-2022-23960} - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: Add percpu vectors for EL1 (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: entry: Allow the trampoline text to occupy multiple pages (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: entry: Move the trampoline data page before the text page (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: entry: Free up another register on kpti's tramp_exit path (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: entry: Make the trampoline cleanup optional (James Morse) [Orabug: 33937423] {CVE-2022-23960} - arm64: entry.S: Add ventry overflow sanity checks (James Morse) [Orabug: 33937423] {CVE-2022-23960} - Revert 'BACKPORT: VARIANT 2: arm64: Add initial retpoline support' (Russell King) [Orabug: 33937423] {CVE-2022-23960} - Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33937423] {CVE-2022-23960} - Revert 'BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA.' (Russell King) [Orabug: 33937423] {CVE-2022-23960} - Revert 'BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr.' (Russell King) [Orabug: 33937423] {CVE-2022-23960} - Revert 'BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block.' (Russell King) [Orabug: 33937423] {CVE-2022-23960} - Revert 'BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline.' (Russell King) [Orabug: 33937423] {CVE-2022-23960} - Revert 'Arm64: add retpoline to cpu_show_spectre_v2' (Russell King) [Orabug: 33937423] {CVE-2022-23960} - Revert 'arm64: retpoline: Don't use retpoline in KVM's HYP part.' (Russell King) [Orabug: 33937423] {CVE-2022-23960} - Revert 'uek-rpm: aarch64 config enable RETPOLINE' (Russell King) [Orabug: 33937423] {CVE-2022-23960} - Revert 'uek-rpm: aarch64 config enable RETPOLINE OL8' (Russell King) [Orabug: 33937423] {CVE-2022-23960} - x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33937344] {CVE-2021-26401} - x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33937344] {CVE-2021-26401} - x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33937344] {CVE-2021-26401} - x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33937344] {CVE-2021-26401} - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33937344] {CVE-2021-26401} - Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33937344] {CVE-2021-26401} - x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33937344] {CVE-2021-26401} - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33937344] {CVE-2021-26401} - x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33937389] - x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33937344] {CVE-2021-26401} - x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33937344] {CVE-2021-26401} - x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33937344] {CVE-2021-26401} [5.4.17-2136.305.5] - netfilter: nf_tables_offload: incorrect flow offload action array size (Pablo Neira Ayuso) [Orabug: 33900416] {CVE-2022-25636} [5.4.17-2136.305.4] - net/mlx5e: Fix page DMA map/unmap attributes (Aya Levin) [Orabug: 33382242] - DMA/rxe: Update default value of RXE_MAX_PDN (Rao Shoaib) [Orabug: 33676597] - uek-rpm: enable VIRTIO_PCI_LIB_LEGACY config (Si-Wei Liu) [Orabug: 33749636] - vdpa/mlx5: Fix tracking of current number of VQs (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Fix is_index_valid() to refer to features (Eli Cohen) [Orabug: 33749636] - vdpa: Protect vdpa reset with cf_mutex (Eli Cohen) [Orabug: 33749636] - vdpa: Avoid taking cf_mutex lock on get status (Eli Cohen) [Orabug: 33749636] - vdpa/vdpa_sim_net: Report max device capabilities (Eli Cohen) [Orabug: 33749636] - vdpa: Use BIT_ULL for bit operations (Eli Cohen) [Orabug: 33749636] - vdpa/vdpa_sim: Configure max supported virtqueues (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Report max device capabilities (Eli Cohen) [Orabug: 33749636] - vdpa: Support reporting max device capabilities (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Restore cur_num_vqs in case of failure in change_num_qps() (Eli Cohen) [Orabug: 33749636] - vdpa: Add support for returning device configuration information (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Support configuring max data virtqueue (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Fix config_attr_mask assignment (Eli Cohen) [Orabug: 33749636] - vdpa: Allow to configure max data virtqueues (Eli Cohen) [Orabug: 33749636] - vdpa: Read device configuration only if FEATURES_OK (Eli Cohen) [Orabug: 33749636] - vdpa: Sync calls set/get config/status with cf_mutex (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Distribute RX virtqueues in RQT object (Eli Cohen) [Orabug: 33749636] - vdpa: Provide interface to read driver features (Eli Cohen) [Orabug: 33749636] - vdpa: clean up get_config_size ret value handling (Laura Abbott) [Orabug: 33749636] - vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (Eli Cohen) [Orabug: 33749636] - virtio/virtio_pci_legacy_dev: ensure the correct return value (Peng Hao) [Orabug: 33749636] - virtio: fix a typo in function 'vp_modern_remove' comments. (Dapeng Mi) [Orabug: 33749636] - virtio-pci: fix the confusing error message [Orabug: 33749636] - vdpa: Mark vdpa_config_ops.get_vq_notification as optional (Eugenio Perez) [Orabug: 33749636] - vdpa: Avoid duplicate call to vp_vdpa get_status (Eugenio Perez) [Orabug: 33749636] - net/mlx5_vdpa: Offer VIRTIO_NET_F_MTU when setting MTU (Eli Cohen) [Orabug: 33749636] - vdpa: add driver_override support (Stefano Garzarella) [Orabug: 33749636] - docs: document sysfs ABI for vDPA bus (Stefano Garzarella) [Orabug: 33749636] - vdpa: Consider device id larger than 31 (Parav Pandit) [Orabug: 33749636] - virtio: always enter drivers/virtio/ (Arnd Bergmann) [Orabug: 33749636] - vdpa: check that offsets are within bounds (Dan Carpenter) [Orabug: 33749636] - vdpa_sim: avoid putting an uninitialized iova_domain (Longpeng) [Orabug: 33749636] - vhost-vdpa: clean irqs before reseting vdpa device (Wu Zongyong) [Orabug: 33749636] - vdpa/mlx5: Forward only packets with allowed MAC address (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Support configuration of MAC (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Fix clearing of VIRTIO_NET_F_MAC feature bit (Parav Pandit) [Orabug: 33749636] - vdpa_sim_net: Enable user to set mac address and mtu (Parav Pandit) [Orabug: 33749636] - vdpa: Enable user to set mac and mtu of vdpa device (Parav Pandit) [Orabug: 33749636] - vdpa: Use kernel coding style for structure comments (Parav Pandit) [Orabug: 33749636] - vdpa: Introduce query of device config layout (Parav Pandit) [Orabug: 33749636] - vdpa: Introduce and use vdpa device get, set config helpers (Parav Pandit) [Orabug: 33749636] - vdpa/mlx5: Propagate link status from device to vdpa driver (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Rename control VQ workqueue to vdpa wq (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Remove mtu field from vdpa net device (Eli Cohen) [Orabug: 33749636] - vdpa: add new attribute VDPA_ATTR_DEV_MIN_VQ_SIZE (Wu Zongyong) [Orabug: 33749636] - virtio_vdpa: setup correct vq size with callbacks get_vq_num_{max,min} (Wu Zongyong) [Orabug: 33749636] - vdpa: min vq num of vdpa device cannot be greater than max vq num (Wu Zongyong) [Orabug: 33749636] - vdpa: add new callback get_vq_num_min in vdpa_config_ops (Wu Zongyong) [Orabug: 33749636] - vp_vdpa: add vq irq offloading support (Wu Zongyong) [Orabug: 33749636] - vdpa: fix typo (Wu Zongyong) [Orabug: 33749636] - virtio-pci: introduce legacy device module (Wu Zongyong) [Orabug: 33749636] - vhost-vdpa: Fix the wrong input in config_cb (Cindy Lu) [Orabug: 33749636] - vhost_vdpa: unset vq irq before freeing irq (Wu Zongyong) [Orabug: 33749636] - vdpa: potential uninitialized return in vhost_vdpa_va_map() (Dan Carpenter) [Orabug: 33749636] - vdpa/mlx5: Avoid executing set_vq_ready() if device is reset (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Clear ready indication for control VQ (Eli Cohen) [Orabug: 33749636] - vdpa: Support transferring virtual addressing during DMA mapping (Xie Yongji) [Orabug: 33749636] - vdpa: factor out vhost_vdpa_pa_map() and vhost_vdpa_pa_unmap() (Xie Yongji) [Orabug: 33749636] - vdpa: Add an opaque pointer for vdpa_config_ops.dma_map() (Xie Yongji) [Orabug: 33749636] - vhost-iotlb: Add an opaque pointer for vhost IOTLB (Xie Yongji) [Orabug: 33749636] - vhost-vdpa: Handle the failure of vdpa_reset() (Xie Yongji) [Orabug: 33749636] - vdpa: Add reset callback in vdpa_config_ops (Xie Yongji) [Orabug: 33749636] - vdpa: Fix some coding style issues (Xie Yongji) [Orabug: 33749636] - vdpa: Make use of PFN_PHYS/PFN_UP/PFN_DOWN helper macro (Cai Huoqing) [Orabug: 33749636] - vdpa_sim: Use iova_shift() for the size passed to alloc_iova() (Xie Yongji) [Orabug: 33749636] - vdpa/mlx5: Add multiqueue support (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Add support for control VQ and MAC setting (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Ensure valid indices are provided (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Decouple virtqueue callback from struct mlx5_vdpa_virtqueue (Eli Cohen) [Orabug: 33749636] - Revert 'vdpa/mlx5: fix feature negotiation across device reset' (Si-Wei Liu) [Orabug: 33749636] - vdpa/mlx5: function prototype modifications in preparation to control VQ (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Remove redundant header file inclusion (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Fix queue type selection logic (Eli Cohen) [Orabug: 33749636] - vdpa/mlx5: Avoid destroying MR on empty iotlb (Eli Cohen) [Orabug: 33749636] - virtio_vdpa: reject invalid vq indices (Vincent Whitchurch) [Orabug: 33749636] - vdpa: Add documentation for vdpa_alloc_device() macro (Xie Yongji) [Orabug: 33749636] - vp_vdpa: Fix return value check for vdpa_alloc_device() (Xie Yongji) [Orabug: 33749636] - vdpa_sim: Fix return value check for vdpa_alloc_device() (Xie Yongji) [Orabug: 33749636] - vhost-vdpa: Fix integer overflow in vhost_vdpa_process_iotlb_update() (Xie Yongji) [Orabug: 33749636] - xfs: remove incorrect ASSERT in xfs_rename (Eric Sandeen) [Orabug: 33803847] - KVM: nVMX: Filter out all unsupported controls when eVMCS was activated (Vitaly Kuznetsov) [Orabug: 33805849] - crypto: ccp - Add support for new CCP/PSP device ID (John Allen) [Orabug: 33805849] - KVM: VMX: Wake vCPU when delivering posted IRQ even if vCPU == this vCPU (Sean Christopherson) [Orabug: 33805849] - KVM: fix avic_set_running for preemptable kernels (Paolo Bonzini) [Orabug: 33805849] - KVM: x86: Drop guest CPUID check for host initiated writes to MSR_IA32_PERF_CAPABILITIES (Vitaly Kuznetsov) [Orabug: 33805849] - KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall (Vitaly Kuznetsov) [Orabug: 33805849] - KVM: x86: Swap order of CPUID entry 'index' vs. 'significant flag' checks (Sean Christopherson) [Orabug: 33805849] - KVM: x86: nSVM: don't copy virt_ext from vmcb12 (Maxim Levitsky) [Orabug: 33805849] {CVE-2021-3653} {CVE-2021-3656} - KVM: x86: nSVM: restore int_vector in svm_clear_vintr (Maxim Levitsky) [Orabug: 33805849] - KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect() (Vitaly Kuznetsov) [Orabug: 33805849] - KVM: x86: Mark all registers as avail/dirty at vCPU creation (Sean Christopherson) [Orabug: 33805849] - KVM: nVMX: Sync all PGDs on nested transition with shadow paging (Sean Christopherson) [Orabug: 33805849] - KVM: SVM: Revert clearing of C-bit on GPA in #NPF handler (Sean Christopherson) [Orabug: 33805849] - KVM: SVM: Don't strip the C-bit from CR2 on #PF interception (Sean Christopherson) [Orabug: 33805849] - rds/ib: Kernel change to extend rds-info functionality (Rohit Nair) [Orabug: 33821340] - nvmet-tcp: fix a race condition between release_queue and io_work (Maurizio Lombardi) [Orabug: 33825776] - nvmet-tcp: add an helper to free the cmd buffers (Maurizio Lombardi) [Orabug: 33825776] - drm/i915: Flush TLBs before releasing backing store (Tvrtko Ursulin) [Orabug: 33835810] {CVE-2022-0330} - rds: ib: Make selection of completion_vector QoS aware (Hakon Bugge) [Orabug: 33845918] - tipc: improve size validations for received domain records (Jon Maloy) [Orabug: 33850801] {CVE-2022-0435} {CVE-2022-0435} - uek-rpm: Synchronize Module.kabi and lockedlist (Stephen Brennan) [Orabug: 33871538] [5.4.17-2136.305.3] - net/mlx5: Enable mlx5 IPsec build options on OL7/OL8 (Qing Huang) [Orabug: 32936614] - net/mlx5e: Fix SWP offsets when vlan inserted by driver (Moshe Shemesh) [Orabug: 32936614] - net/mlx5e: Fix missing IPsec statistics on uplink representor (Raed Salem) [Orabug: 32936614] - net/mlx5e: Add IPsec support to uplink representor (Raed Salem) [Orabug: 32936614] - net/mlx5: Fix checksum issue of VXLAN and IPsec crypto offload (Huy Nguyen) [Orabug: 32936614] - net/xfrm: Add inner_ipproto into sec_path (Huy Nguyen) [Orabug: 32936614] - net/mlx5: Optimize mlx5e_feature_checks for non IPsec packet (Huy Nguyen) [Orabug: 32936614] - net/mlx5e: IPsec/rep_tc: Fix rep_tc_update_skb drops IPsec packet (Huy Nguyen) [Orabug: 32936614] - net/mlx5: Replace spaces with tab at the start of a line (Wenpeng Liang) [Orabug: 32936614] - net/mlx5e: Enable XDP for Connect-X IPsec capable devices (Raed Salem) [Orabug: 32936614] - net/mlx5e: Enable striding RQ for Connect-X IPsec capable devices (Raed Salem) [Orabug: 32936614] - net/mlx5e: Release skb in case of failure in tc update skb (Maor Dickman) [Orabug: 32936614] - net/mlx5e: Move set vxlan nic info to profile init (Roi Dayan) [Orabug: 32936614] - net/mlx5e: Fix IPSEC stats (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: IPsec, Remove unnecessary config flag usage (Tariq Toukan) [Orabug: 32936614] - net/mlx5e: IPsec, Inline feature_check fast-path function (Tariq Toukan) [Orabug: 32936614] - net/mlx5e: IPsec, Avoid unreachable return (Tariq Toukan) [Orabug: 32936614] - net/mlx5e: IPsec, Enclose csum logic under ipsec config (Tariq Toukan) [Orabug: 32936614] - net/mlx5e: Split between RX/TX tunnel FW support indication (Aya Levin) [Orabug: 32936614] - net/mlx5e: Allow RQ outside of channel context (Aya Levin) [Orabug: 32936614] - net/mlx5e: Allow CQ outside of channel context (Aya Levin) [Orabug: 32936614] - net/mlx5e: Free drop RQ in a dedicated function (Tariq Toukan) [Orabug: 32936614] - net/mlx5e: kTLS, Enforce HW TX csum offload with kTLS (Tariq Toukan) [Orabug: 32936614] - net/mlx5: Expose IP-in-IP TX and RX capability bits (Aya Levin) [Orabug: 32936614] - net/mlx5e: Fix IPsec packet drop by mlx5e_tc_update_skb (Huy Nguyen) [Orabug: 32936614] - net/mlx5e: Set IPsec WAs only in IP's non checksum partial case. (Huy Nguyen) [Orabug: 32936614] - net/mlx5e: IPsec: Add Connect-X IPsec Tx data path offload (Raed Salem) [Orabug: 32936614] - net/mlx5e: IPsec: Add TX steering rule per IPsec state (Huy Nguyen) [Orabug: 32936614] - net/mlx5: Add NIC TX domain namespace (Huy Nguyen) [Orabug: 32936614] - net/mlx5e: Add tc chains offload support for nic flows (Ariel Levkovich) [Orabug: 32936614] - net/mlx5: Refactor tc flow attributes structure (Ariel Levkovich) [Orabug: 32936614] - net/mlx5e: Split nic tc flow allocation and creation (Ariel Levkovich) [Orabug: 32936614] - net/mlx5e: Tc nic flows to use mlx5_chains flow tables (Ariel Levkovich) [Orabug: 32936614] - net/mlx5: Refactor multi chains and prios support (Ariel Levkovich) [Orabug: 32936614] - net/mlx5e: Enhanced TX MPWQE for SKBs (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Move TX code into functions to be used by MPWQE (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Rename xmit-related structs to generalize them (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Generalize TX MPWQE checks for full session (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Support multiple SKBs in a TX WQE (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Move the TLS resync check out of the function (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Unify constants for WQE_EMPTY_DS_COUNT (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Small improvements for XDP TX MPWQE logic (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Refactor xmit functions (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Move mlx5e_tx_wqe_inline_mode to en_tx.c (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Use struct assignment to initialize mlx5e_tx_wqe_info (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Refactor inline header size calculation in the TX path (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Fix endianness when calculating pedit mask first bit (Maor Dickman) [Orabug: 32936614] - net/mlx5e: CT: Fix freeing ct_label mapping (Roi Dayan) [Orabug: 32936614] - net/mlx5e: Fix memory leak of tunnel info when rule under multipath not ready (Jianbo Liu) [Orabug: 32936614] - net/mlx5e: Use synchronize_rcu to sync with NAPI (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Use RCU to protect rq->xdp_prog (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: RX, Add a prefetch command for small L1_CACHE_BYTES (Tariq Toukan) [Orabug: 32936614] - net: Take common prefetch code structure into a function (Tariq Toukan) [Orabug: 32936614] - net/mlx5e: Use indirect call wrappers for RX post WQEs functions (Tariq Toukan) [Orabug: 32936614] - net/mlx5e: CT: Map 128 bits labels to 32 bit map ID (Eli Britstein) [Orabug: 32936614] - net/mlx5e: XDP, Avoid indirect call in TX flow (Tariq Toukan) [Orabug: 32936614] - net/mlx5e: IPsec: Add Connect-X IPsec ESN update offload support (Raed Salem) [Orabug: 32936614] - net/mlx5e: IPsec: Add IPsec steering in local NIC RX (Huy Nguyen) [Orabug: 32936614] - net/mlx5: Add IPsec related Flow steering entry's fields (Huy Nguyen) [Orabug: 32936614] - net/mlx5: IPsec: Add HW crypto offload support (Raed Salem) [Orabug: 32936614] - net/mlx5: Accel, Add core IPsec support for the Connect-X family (Raed Salem) [Orabug: 32936614] - net/mlx5e: Fix build break when CONFIG_XPS is not set (Saeed Mahameed) [Orabug: 32936614] - net/mlx5e: CT: Fix releasing ft entries (Roi Dayan) [Orabug: 32936614] - net/mlx5e: CT: Remove unused function param (Saeed Mahameed) [Orabug: 32936614] - net/mlx5e: CT: Return err_ptr from internal functions (Saeed Mahameed) [Orabug: 32936614] - net/mlx5e: CT: Use mapping for zone restore register (Paul Blakey) [Orabug: 32936614] - net/mlx5e: CT: Re-use tuple modify headers for identical modify actions (Paul Blakey) [Orabug: 32936614] - net/mlx5e: Export sharing of mod headers to a new file (Paul Blakey) [Orabug: 32936614] - net/mlx5e: CT: Restore ct state from lookup in zone instead of tupleid (Paul Blakey) [Orabug: 32936614] - net/mlx5e: CT: Don't offload tuple rewrites for established tuples (Paul Blakey) [Orabug: 32936614] - net/mlx5e: Use netdev_info instead of pr_info (Oz Shlomo) [Orabug: 32936614] - net/mlx5e: CT: Allow header rewrite of 5-tuple and ct clear action (Paul Blakey) [Orabug: 32936614] - net/mlx5e: CT: Save ct entries tuples in hashtables (Paul Blakey) [Orabug: 32936614] - net/mlx5e: Fix VXLAN configuration restore after function reload (Aya Levin) [Orabug: 32936614] - net/mlx5e: Enhance TX timeout recovery (Aya Levin) [Orabug: 32936614] - net/mlx5e: Enhance ICOSQ data on RX reporter's diagnose (Aya Levin) [Orabug: 32936614] - net/mlx5e: Add EQ info to TX/RX reporter's diagnose (Aya Levin) [Orabug: 32936614] - net/mlx5e: Rename reporter's helpers (Aya Levin) [Orabug: 32936614] - net/mlx5e: Add helper to get the RQ WQE counter (Aya Levin) [Orabug: 32936614] - net/mlx5e: Add helper to get RQ WQE's head (Aya Levin) [Orabug: 32936614] - net/mlx5e: Align RX/TX reporters diagnose output format (Aya Levin) [Orabug: 32936614] - net/mlx5e: Refactor build channel params (Tariq Toukan) [Orabug: 32936614] - net/mlx5e: vxlan: Use RCU for vxlan table lookup (Saeed Mahameed) [Orabug: 32936614] - net/mlx5e: Move TC-specific function definitions into MLX5_CLS_ACT (Vlad Buslov) [Orabug: 32936614] - net/mlx5e: CT: Fix ipv6 nat header rewrite actions (Oz Shlomo) [Orabug: 32936614] - net/mlx5e: en_tc: Fix cast to restricted __be32 warning (Saeed Mahameed) [Orabug: 32936614] - net/mlx5e: Don't use err uninitialized in mlx5e_attach_decap (Nathan Chancellor) [Orabug: 32936614] - net/mlx5e: Optimize performance for IPv4/IPv6 ethertype (Eli Britstein) [Orabug: 32936614] - net/mlx5e: Helper function to set ethertype (Eli Britstein) [Orabug: 32936614] - net/mlx5e: CT: Correctly get flow rule (Roi Dayan) [Orabug: 32936614] - net/mlx5e: Support pedit on mpls over UDP decap (Eli Cohen) [Orabug: 32936614] - xsk: Fix xsk_umem_xdp_frame_sz() (Bjorn Topel) [Orabug: 32936614] - net/mlx5e: CT: Fix offload with CT action after CT NAT action (Roi Dayan) [Orabug: 32936614] - mlx5: Rx queue setup time determine frame_sz for XDP (Jesper Dangaard Brouer) [Orabug: 32936614] - xdp: For Intel AF_XDP drivers add XDP frame_sz (Jesper Dangaard Brouer) [Orabug: 32936614] - xdp: Add frame size to xdp_buff (Jesper Dangaard Brouer) [Orabug: 32936614] - net: remove newlines in NL_SET_ERR_MSG_MOD (Jacob Keller) [Orabug: 32936614] - net/mlx5: CT: Remove unused variables (Paul Blakey) [Orabug: 32936614] - net/mlx5e: CT: Avoid false warning about rule may be used uninitialized (Roi Dayan) [Orabug: 32936614] - net/mlx5e: Remove unneeded semicolon (Zheng Bin) [Orabug: 32936614] - net/mlx5: IPsec, Fix coverity issue (Raed Salem) [Orabug: 32936614] - net/mlx5: TX WQE Add trailer insertion field (Raed Salem) [Orabug: 32936614] - net/mlx5: Introduce IPsec Connect-X offload hardware bits and structures (Raed Salem) [Orabug: 32936614] - net/mlx5: Update vxlan.c new cmd interface (Leon Romanovsky) [Orabug: 32936614] - net/mlx5: Update cq.c to new cmd interface (Leon Romanovsky) [Orabug: 32936614] - net/mlx5: CT: Change idr to xarray to protect parallel tuple id allocation (Paul Blakey) [Orabug: 32936614] - net/mlx5: IPsec, Refactor SA handle creation and destruction (Raed Salem) [Orabug: 32936614] - net/mlx5e: IPSec, Expose IPsec HW stat only for supporting HW (Raed Salem) [Orabug: 32936614] - net/mlx5: Refactor mlx5_accel_esp_create_hw_context parameter list (Raed Salem) [Orabug: 32936614] - net/mlx5: Use the correct IPsec capability function for FPGA ops (Raed Salem) [Orabug: 32936614] - net/mlx5e: CT: Use rhashtable's ct entries instead of a separate list (Paul Blakey) [Orabug: 32936614] - net/mlx5: Add support for RDMA TX steering (Michael Guralnik) [Orabug: 32936614] - net/mlx5e: Fix actions_match_supported() return (Dan Carpenter) [Orabug: 32936614] - net/mlx5: Eswitch, enable forwarding back to uplink port (Eli Cohen) [Orabug: 32936614] - net/mlx5e: Add support for offloading traffic from uplink to uplink (Eli Cohen) [Orabug: 32936614] - net/mlx5e: Fix rejecting all egress rules not on vlan (Roi Dayan) [Orabug: 32936614] - net/mlx5e: CT: Fix stack usage compiler warning (Saeed Mahameed) [Orabug: 32936614] - net/mlx5e: CT: remove set but not used variable 'unnew' (YueHaibing) [Orabug: 32936614] - net/mlx5e: Fix an IS_ERR() vs NULL check (Dan Carpenter) [Orabug: 32936614] - net/mlx5: Introduce TLS and IPSec objects enums (Saeed Mahameed) [Orabug: 32936614] - net/mlx5e: Fix endianness handling in pedit mask (Sebastian Hense) [Orabug: 32936614] - net/mlx5e: Remove redundant comment about goto slow path (Roi Dayan) [Orabug: 32936614] - net/mlx5e: Reduce number of arguments in slow path handling (Eli Cohen) [Orabug: 32936614] - net/mlx5e: Use netdev_warn() instead of pr_err() for errors (Roi Dayan) [Orabug: 32936614] - net/mlx5e: Add devlink fdb_large_groups parameter (Jianbo Liu) [Orabug: 32936614] - net/mlx5: Change the name of steering mode param id (Jianbo Liu) [Orabug: 32936614] - net/mlx5: Eswitch, avoid redundant mask (Eli Cohen) [Orabug: 32936614] - net/mlx5: Fix header guard in rsc_dump.h (Nathan Chancellor) [Orabug: 32936614] - net/mlx5e: Add context to the preactivate hook (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Allow mlx5e_switch_priv_channels to fail and recover (Maxim Mikityanskiy) [Orabug: 32936614] - net/mlx5e: Remove unneeded netif_set_real_num_tx_queues (Maxim Mikityanskiy) [Orabug: 32936614] - ESP: Export esp_output_fill_trailer function (Raed Salem) [Orabug: 32936614] - net/mlx5: Remove a useless 'drain_workqueue()' call in 'mlx5e_ipsec_cleanup()' (Christophe JAILLET) [Orabug: 32936614] - mlx5: Use proper logging and tracing line terminations (Joe Perches) [Orabug: 32936614] - net/mlx5e: Support dump callback in RX reporter (Aya Levin) [Orabug: 32936614] - net/mlx5e: Support dump callback in TX reporter (Aya Levin) [Orabug: 32936614] - net/mlx5e: Gather reporters APIs together (Aya Levin) [Orabug: 32936614] - net/mlx5: Add support for resource dump (Aya Levin) [Orabug: 32936614] - net/mlx5e: Create q counters on uplink representors (Vlad Buslov) [Orabug: 32936614] - net/mlx5: Expose resource dump register mapping (Aya Levin) [Orabug: 32936614] - net/mlx5: Add structures and defines for MIRC register (Eran Ben Elisha) [Orabug: 32936614] - net/mlx5: WQ, Move short getters into header file (Tariq Toukan) [Orabug: 32936614] - Revert 'net/mlx5e: Fix SWP offsets when vlan inserted by driver' (Mikhael Goikhman) [Orabug: 32936614] - uek-rpm: ensure BPF Type Format (BTF) section is retained in modules (Alan Maguire) [Orabug: 33774133] - kbuild: Skip module BTF generation for out-of-tree external modules (Andrii Nakryiko) [Orabug: 33774133] - bpf: Load and verify kernel module BTFs (Andrii Nakryiko) [Orabug: 33774133] - kbuild: Build kernel module BTFs if BTF is enabled and pahole supports it (Andrii Nakryiko) [Orabug: 33774133] - arm64: Add assembly annotations for weak-PI-alias madness (Robin Murphy) [Orabug: 33816089] - arm64: Import updated version of Cortex Strings' strlen (Sam Tebbs) [Orabug: 33816089] - arm64: Import latest memcpy()/memmove() implementation (Robin Murphy) [Orabug: 33816089] - arm64: Import latest version of Cortex Strings' memcmp (Sam Tebbs) [Orabug: 33816089] - arm64: Better optimised memchr() (Robin Murphy) [Orabug: 33816089] - net/rds: Fix memory leak in __rds_conn_create() on alloc_ordered_workqueue fail (Freddy Carrillo) [Orabug: 33821540] - x86/smpboot: check cpu_initialized_mask first after returning from schedule() (Dongli Zhang) [Orabug: 33825645] - uek-rpm/ol/config-aarch64: Enable CONFIG_ARM_RASPBERRYPI_CPUFREQ for RPi (Vijay Kumar) - KVM: x86: Initialize tdp_level during vCPU creation (Sean Christopherson) [Orabug: 33841857] - KVM: x86/mmu: Capture TDP level when updating CPUID (Sean Christopherson) [Orabug: 33841857] - xen/netback: don't queue unlimited number of packages (Juergen Gross) [Orabug: 33851834] - xen/netback: fix rx queue stall detection (Juergen Gross) [Orabug: 33851834] - Fix conflict of LTS commit 'PCI: aardvark: Configure PCIe resources from 'ranges' DT property' (Sherry Yang) [Orabug: 33862617] [5.4.17-2136.305.2] - LTS tag: v5.4.163 (Sherry Yang) - tty: hvc: replace BUG_ON() with negative return value (Juergen Gross) - xen/netfront: don't trust the backend response data blindly (Juergen Gross) - xen/netfront: disentangle tx_skb_freelist (Juergen Gross) - xen/netfront: don't read data from request on the ring page (Juergen Gross) - xen/netfront: read response from backend only once (Juergen Gross) - xen/blkfront: don't trust the backend response data blindly (Juergen Gross) - xen/blkfront: don't take local copy of a request from the ring page (Juergen Gross) - xen/blkfront: read response from backend only once (Juergen Gross) - xen: sync include/xen/interface/io/ring.h with Xen's newest version (Juergen Gross) - fuse: release pipe buf after last use (Miklos Szeredi) - NFC: add NCI_UNREG flag to eliminate the race (Lin Ma) - shm: extend forced shm destroy to support objects from several IPC nses (Alexander Mikhalitsyn) - s390/mm: validate VMA in PGSTE manipulation functions (David Hildenbrand) - tracing: Check pid filtering when creating events (Steven Rostedt (VMware)) - vhost/vsock: fix incorrect used length reported to the guest (Stefano Garzarella) - smb3: do not error on fsync when readonly (Steve French) - f2fs: set SBI_NEED_FSCK flag when inconsistent node block found (Weichao Guo) - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (Vladimir Oltean) - net: mscc: ocelot: don't downgrade timestamping RX filters in SIOCSHWTSTAMP (Vladimir Oltean) - net: hns3: fix VF RSS failed problem after PF enable multi-TCs (Guangbin Huang) - net/smc: Don't call clcsock shutdown twice when smc shutdown (Tony Lu) - net: vlan: fix underflow for the real_dev refcnt (Ziyang Xuan) - MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 (Huang Pei) - igb: fix netpoll exit with traffic (Jesse Brandeburg) - nvmet: use IOCB_NOWAIT only if the filesystem supports it (Maurizio Lombardi) - tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows (Eric Dumazet) - PM: hibernate: use correct mode for swsusp_close() (Thomas Zeitlhofer) - net/ncsi : Add payload to be 32-bit aligned to fix dropped packets (Kumar Thangavel) - nvmet-tcp: fix incomplete data digest send (Varun Prakash) - net/smc: Ensure the active closing peer first closes clcsock (Tony Lu) - scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (Mike Christie) - net: nexthop: release IPv6 per-cpu dsts when replacing a nexthop group (Nikolay Aleksandrov) - net: ipv6: add fib6_nh_release_dsts stub (Nikolay Aleksandrov) - nfp: checking parameter process for rx-usecs/tx-usecs is invalid (Diana Wang) - ipv6: fix typos in __ip6_finish_output() (Eric Dumazet) - iavf: Prevent changing static ITR values if adaptive moderation is on (Nitesh B Venkatesh) - drm/vc4: fix error code in vc4_create_object() (Dan Carpenter) - scsi: mpt3sas: Fix kernel panic during drive powercycle test (Sreekanth Reddy) - ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (Takashi Iwai) - NFSv42: Don't fail clone() unless the OP_CLONE operation failed (Trond Myklebust) - firmware: arm_scmi: pm: Propagate return value to caller (Peng Fan) - net: ieee802154: handle iftypes as u32 (Alexander Aring) - ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) - ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer (Srinivas Kandagatla) - ARM: dts: BCM5301X: Add interrupt properties to GPIO node (Florian Fainelli) - ARM: dts: BCM5301X: Fix I2C controller interrupt (Florian Fainelli) - netfilter: ipvs: Fix reuse connection if RS weight is 0 (yangxingwu) - proc/vmcore: fix clearing user buffer by properly using clear_user() (David Hildenbrand) - arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (Marek Behun) - pinctrl: armada-37xx: Correct PWM pins definitions (Marek Behun) - PCI: aardvark: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge (Pali Rohar) - PCI: aardvark: Set PCI Bridge Class Code to PCI Bridge (Pali Rohar) - PCI: aardvark: Fix support for bus mastering and PCI_COMMAND on emulated bridge (Pali Rohar) - PCI: aardvark: Fix link training (Pali Rohar) - PCI: aardvark: Simplify initialization of rootcap on virtual bridge (Pali Rohar) - PCI: aardvark: Implement re-issuing config requests on CRS response (Pali Rohar) - PCI: aardvark: Fix PCIe Max Payload Size setting (Pali Rohar) - PCI: aardvark: Configure PCIe resources from 'ranges' DT property (Pali Rohar) - PCI: pci-bridge-emul: Fix array overruns, improve safety (Russell King) - PCI: aardvark: Update comment about disabling link training (Pali Rohar) - PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() (Pali Rohar) - PCI: aardvark: Fix compilation on s390 (Pali Rohar) - PCI: aardvark: Don't touch PCIe registers if no card connected (Pali Rohar) - PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros (Pali Rohar) - PCI: aardvark: Issue PERST via GPIO (Pali Rohar) - PCI: aardvark: Improve link training (Marek Behun) - PCI: aardvark: Train link immediately after enabling training (Pali Rohar) - PCI: aardvark: Fix big endian support (Grzegorz Jaszczyk) - PCI: aardvark: Wait for endpoint to be ready before training link (Remi Pommarel) - PCI: aardvark: Deduplicate code in advk_pcie_rd_conf() (Marek Behun) - mdio: aspeed: Fix 'Link is Down' issue (Dylan Hung) - mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB (Adrian Hunter) - tracing: Fix pid filtering when triggers are attached (Steven Rostedt (VMware)) - tracing/uprobe: Fix uprobe_perf_open probes iteration (Jiri Olsa) - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (Nicholas Piggin) - xen: detect uninitialized xenbus in xenbus_init (Stefano Stabellini) - xen: don't continue xenstore initialization in case of errors (Stefano Stabellini) - staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (Dan Carpenter) - staging/fbtft: Fix backlight (Noralf Tronnes) - HID: wacom: Use 'Confidence' flag to prevent reporting invalid contacts (Jason Gerecke) - Revert 'parisc: Fix backtrace to always include init funtion names' (Helge Deller) - media: cec: copy sequence field for the reply (Hans Verkuil) - ALSA: ctxfi: Fix out-of-range access (Takashi Iwai) - binder: fix test regression due to sender_euid change (Todd Kjos) - usb: hub: Fix locking issues with address0_mutex (Mathias Nyman) - usb: hub: Fix usb enumeration issue due to address0 race (Mathias Nyman) - usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts (Ondrej Jirman) - net: nexthop: fix null pointer dereference when IPv6 is not enabled (Nikolay Aleksandrov) - usb: dwc2: hcd_queue: Fix use of floating point literal (Nathan Chancellor) - usb: dwc2: gadget: Fix ISOC flow for elapsed frames (Minas Harutyunyan) - USB: serial: option: add Fibocom FM101-GL variants (Mingjie Zhang) - USB: serial: option: add Telit LE910S1 0x9200 composition (Daniele Palmas) - LTS tag: v5.4.162 (Sherry Yang) - ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() (Pierre-Louis Bossart) - ALSA: hda: hdac_ext_stream: fix potential locking issues (Pierre-Louis Bossart) - hugetlbfs: flush TLBs correctly after huge_pmd_unshare (Nadav Amit) - tlb: mmu_gather: add tlb_flush_*_range APIs (Peter Zijlstra (Intel)) - ice: Delete always true check of PF pointer (Leon Romanovsky) - usb: max-3421: Use driver data instead of maintaining a list of bound devices (Uwe Kleine-Konig) - ASoC: DAPM: Cover regression by kctl change notification fix (Takashi Iwai) - batman-adv: Don't always reallocate the fragmentation skb head (Sven Eckelmann) - batman-adv: Reserve needed_*room for fragments (Sven Eckelmann) - batman-adv: Consider fragmentation for needed_headroom (Sven Eckelmann) - perf/core: Avoid put_page() when GUP fails (Greg Thelen) - Revert 'net: mvpp2: disable force link UP during port init procedure' (Greg Kroah-Hartman) - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (hongao) - drm/i915/dp: Ensure sink rate values are always valid (Imre Deak) - drm/nouveau: use drm_dev_unplug() during device removal (Jeremy Cline) - drm/udl: fix control-message timeout (Johan Hovold) - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (Nguyen Dinh Phi) - parisc/sticon: fix reverse colors (Sven Schnelle) - btrfs: fix memory ordering between normal and ordered work functions (Nikolay Borisov) - udf: Fix crash after seekdir (Jan Kara) - s390/kexec: fix memory leak of ipl report buffer (Baoquan He) - x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails (Sean Christopherson) - mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag (Rustam Kovhaev) - ipc: WARN if trying to remove ipc object which is absent (Alexander Mikhalitsyn) - hexagon: export raw I/O routines for modules (Nathan Chancellor) - tun: fix bonding active backup with arp monitoring (Nicolas Dichtel) - arm64: vdso32: suppress error message for 'make mrproper' (Nick Desaulniers) - s390/kexec: fix return code handling (Heiko Carstens) - perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server (Alexander Antonov) - perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server (Alexander Antonov) - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (Michael Ellerman) - NFC: reorder the logic in nfc_{un,}register_device (Lin Ma) - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (Hans Verkuil) - NFC: reorganize the functions in nci_request (Lin Ma) - i40e: Fix display error code in dmesg (Grzegorz Szczurek) - i40e: Fix creation of first queue by omitting it if is not power of two (Jedrzej Jagielski) - i40e: Fix ping is lost after configuring ADq on VF (Eryk Rybak) - i40e: Fix changing previously set num_queue_pairs for PFs (Eryk Rybak) - i40e: Fix NULL ptr dereference on VSI filter sync (Michal Maloszewski) - i40e: Fix correct max_pkt_size on VF RX queue (Eryk Rybak) - net: virtio_net_hdr_to_skb: count transport header in UFO (Jonathan Davies) - net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove (Pavel Skripkin) - net: sched: act_mirred: drop dst for the direction from egress to ingress (Xin Long) - scsi: core: sysfs: Fix hang when device state is set via sysfs (Mike Christie) - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (Christophe JAILLET) - mips: lantiq: add support for clk_get_parent() (Randy Dunlap) - mips: bcm63xx: add support for clk_get_parent() (Randy Dunlap) - MIPS: generic/yamon-dt: fix uninitialized variable error (Colin Ian King) - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (Surabhi Boob) - iavf: validate pointers (Mitch Williams) - iavf: prevent accidental free of filter structure (Jacob Keller) - iavf: Fix failure to exit out from last all-multicast mode (Piotr Marczak) - iavf: free q_vectors before queues in iavf_disable_vf (Nicholas Nunley) - iavf: check for null in iavf_fix_features (Nicholas Nunley) - net: bnx2x: fix variable dereferenced before check (Pavel Skripkin) - perf tests: Remove bash construct from record+zstd_comp_decomp.sh (James Clark) - perf bench futex: Fix memory leak of perf_cpu_map__new() (Sohaib Mohamed) - perf bpf: Avoid memory leak from perf_env__insert_btf() (Ian Rogers) - RDMA/netlink: Add __maybe_unused to static inline in C file (Leon Romanovsky) - tracing/histogram: Do not copy the fixed-size char array field over the field size (Masami Hiramatsu) - tracing: Save normal string variables (Tom Zanussi) - sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() (Vincent Donnefort) - mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set (Randy Dunlap) - clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk (Dmitry Baryshkov) - clk/ast2600: Fix soc revision for AHB (Joel Stanley) - clk: ingenic: Fix bugs with divided dividers (Paul Cercueil) - sh: define __BIG_ENDIAN for math-emu (Randy Dunlap) - sh: math-emu: drop unused functions (Randy Dunlap) - sh: fix kconfig unmet dependency warning for FRAME_POINTER (Randy Dunlap) - f2fs: fix up f2fs_lookup tracepoints (Gao Xiang) - maple: fix wrong return value of maple_bus_init(). (Lu Wei) - sh: check return code of request_irq (Nick Desaulniers) - powerpc/dcr: Use cmplwi instead of 3-argument cmpli (Michael Ellerman) - ALSA: gus: fix null pointer dereference on pointer block (Chengfeng Ye) - powerpc/5200: dts: fix memory node unit name (Anatolij Gustschin) - iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() (Teng Qi) - scsi: target: Fix alua_tg_pt_gps_count tracking (Mike Christie) - scsi: target: Fix ordered tag handling (Mike Christie) - MIPS: sni: Fix the build (Bart Van Assche) - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (Guanghui Feng) - ALSA: ISA: not for M68K (Randy Dunlap) - ARM: dts: ls1021a-tsn: use generic 'jedec,spi-nor' compatible for flash (Li Yang) - ARM: dts: ls1021a: move thermal-zones node out of soc/ (Li Yang) - usb: host: ohci-tmio: check return value after calling platform_get_resource() (Yang Yingliang) - ARM: dts: omap: fix gpmc,mux-add-data type (Roger Quadros) - firmware_loader: fix pre-allocated buf built-in firmware use (Luis Chamberlain) - scsi: advansys: Fix kernel pointer leak (Guo Zhi) - ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect (Hans de Goede) - clk: imx: imx6ul: Move csi_sel mux to correct base register (Stefan Riedmueller) - ASoC: SOF: Intel: hda-dai: fix potential locking issue (Pierre-Louis Bossart) - arm64: dts: freescale: fix arm,sp805 compatible string (Michael Walle) - arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency (AngeloGioacchino Del Regno) - usb: typec: tipd: Remove WARN_ON in tps6598x_block_read (Sven Peter) - usb: musb: tusb6010: check return value after calling platform_get_resource() (Yang Yingliang) - RDMA/bnxt_re: Check if the vlan is valid before reporting (Selvin Xavier) - arm64: dts: hisilicon: fix arm,sp805 compatible string (Michael Walle) - ARM: dts: NSP: Fix mpcore, mmc node names (Matthew Hagan) - arm64: zynqmp: Fix serial compatible string (Michal Simek) - arm64: zynqmp: Do not duplicate flash partition label property (Amit Kumar Mahapatra) - net/mlx5: Add back multicast stats for uplink representor (Huy Nguyen) [Orabug: 33519567] - net/mlx5: E-Switch, Protect changing mode while adding rules (Roi Dayan) [Orabug: 33519567] - net/mlx5e: Do not reload ethernet ports when changing eswitch mode (Roi Dayan) [Orabug: 33519567] - net/mlx5: Move devlink port from mlx5e priv to mlx5e resources (Roi Dayan) [Orabug: 33519567] - net/mlx5: Move mlx5e hw resources into a sub object (Roi Dayan) [Orabug: 33519567] - net/mlx5e: Move devlink port register and unregister calls (Roi Dayan) [Orabug: 33519567] - net/mlx5e: Verify dev is present in some ndos (Roi Dayan) [Orabug: 33519567] - net/mlx5e: Use nic mode netdev ndos and ethtool ops for uplink representor (Roi Dayan) [Orabug: 33519567] - net/mlx5e: Add offload stats ndos to nic netdev ops (Roi Dayan) [Orabug: 33519567] - net/mlx5e: Distinguish nic and esw offload in tc setup block cb (Roi Dayan) [Orabug: 33519567] - net/mlx5e: Allow legacy vf ndos only if in legacy mode (Roi Dayan) [Orabug: 33519567] - net/mlx5e: Same max num channels for both nic and uplink profiles (Saeed Mahameed) [Orabug: 33519567] - net: Change dev parameter to const in netif_device_present() (Roi Dayan) [Orabug: 33519567] - net/mlx5: Cleanup prototype warning (Saeed Mahameed) [Orabug: 33519567] - net/mxl5e: Add change profile method (Saeed Mahameed) [Orabug: 33519567] - net/mlx5e: Disable hw-tc-offload when MLX5_CLS_ACT config is disabled (Maor Dickman) [Orabug: 33519567] - net/tls: Fix wrong record sn in async mode of device resync (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: Fix multicast counter not up-to-date in 'ip -s' (Ron Diskin) [Orabug: 33519567] - net/mlx5e: Add support for PCI relaxed ordering (Aya Levin) [Orabug: 33519567] - net/mlx5e: Move exposure of datapath function to txrx header (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: RX, Re-work initializaiton of RX function pointers (Tariq Toukan) [Orabug: 33519567] - RDMA/mlx5: ConnectX-7 new capabilities to set relaxed ordering by UMR (Meir Lichtinger) [Orabug: 33519567] - net/mlx5e: IPsec: Add Connect-X IPsec Rx data path offload (Raed Salem) [Orabug: 33519567] - net/mlx5e: Fix usage of rcu-protected pointer (Vlad Buslov) [Orabug: 33519567] - net/mlx5e: Move RQ helpers to txrx.h (Aya Levin) [Orabug: 33519567] - net/mlx5e: Remove redundant RQ state query (Aya Levin) [Orabug: 33519567] - net/mlx5e: Change reporters create functions to return void (Eran Ben Elisha) [Orabug: 33519567] - net/tls: fix sign extension issue when left shifting u16 value (Colin Ian King) [Orabug: 33519567] - net/mlx5e: kTLS, Improve rx handler function call (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: kTLS, Add kTLS RX stats (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: kTLS, Add kTLS RX resync support (Tariq Toukan) [Orabug: 33519567] - net/tls: Add asynchronous resync (Boris Pismenny) [Orabug: 33519567] - Revert 'net/tls: Add force_resync for driver resync' (Boris Pismenny) [Orabug: 33519567] - net/mlx5e: kTLS, Add kTLS RX HW offload support (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: kTLS, Improve TLS feature modularity (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: Accel, Expose flow steering API for rules add/del (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: Receive flow steering framework for accelerated TCP flows (Boris Pismenny) [Orabug: 33519567] - net/mlx5e: API to manipulate TTC rules destinations (Saeed Mahameed) [Orabug: 33519567] - net/mlx5e: Turn XSK ICOSQ into a general asynchronous one (Tariq Toukan) [Orabug: 33519567] - net/mlx5: kTLS, Improve TLS params layout structures (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: Support tc block sharing for representors (Vu Pham) [Orabug: 33519567] - net/tls: Add force_resync for driver resync (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: Calculate SQ stop room in a robust way (Maxim Mikityanskiy) [Orabug: 33519567] - net/mlx5e: IPoIB, Enable loopback packets for IPoIB interfaces (Erez Shitrit) [Orabug: 33519567] - net/mlx5e: Enhance ICOSQ WQE info fields (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: Use struct assignment for WQE info updates (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: Take TX WQE info structures out of general EN header (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: kTLS, Do not fill edge for the DUMP WQEs in TX flow (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: kTLS, Fill work queue edge separately in TX flow (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: Split TX acceleration offloads into two phases (Maxim Mikityanskiy) [Orabug: 33519567] - net/mlx5e: Update UDP fields of the SKB for GSO first (Maxim Mikityanskiy) [Orabug: 33519567] - net/mlx5e: Make TLS offload independent of wqe and pi (Maxim Mikityanskiy) [Orabug: 33519567] - net/mlx5e: Pass only eseg to IPSEC offload (Maxim Mikityanskiy) [Orabug: 33519567] - net/mlx5e: Return void from mlx5e_sq_xmit and mlx5i_sq_xmit (Maxim Mikityanskiy) [Orabug: 33519567] - net/mlx5e: Unify checks of TLS offloads (Maxim Mikityanskiy) [Orabug: 33519567] - net/mlx5e: Return bool from TLS and IPSEC offloads (Maxim Mikityanskiy) [Orabug: 33519567] - net/mlx5e: Unify reserving space for WQEs (Maxim Mikityanskiy) [Orabug: 33519567] - net/mlx5e: Rename ICOSQ WQE info struct and field (Maxim Mikityanskiy) [Orabug: 33519567] - net/mlx5e: Fetch WQE: reuse code and enforce typing (Maxim Mikityanskiy) [Orabug: 33519567] - net/mlx5e: TX, Generalise code and usage of error CQE dump (Tariq Toukan) [Orabug: 33519567] - net/mlx5: Introduce TLS RX offload hardware bits (Tariq Toukan) [Orabug: 33519567] - net/mlx5: Update transobj.c new cmd interface (Leon Romanovsky) [Orabug: 33519567] - net/mlx5e: en_accel, Add missing net/geneve.h include (Raed Salem) [Orabug: 33519567] - net/mlx5e: Show/set Rx network flow classification rules on ul rep (Vlad Buslov) [Orabug: 33519567] - net/mlx5e: Show/set Rx flow indir table and RSS hash key on ul rep (Vlad Buslov) [Orabug: 33519567] - mlx5: reject unsupported coalescing params (Jakub Kicinski) [Orabug: 33519567] - net/mlx5e: RX, Use indirect calls wrapper for posting descriptors (Tariq Toukan) [Orabug: 33519567] - net/mlx5e: Replace zero-length array with flexible-array member (Gustavo A. R. Silva) [Orabug: 33519567] - net/mlx5e: TX, Error completion is for last WQE in batch (Tariq Toukan) [Orabug: 33519567] - net/mlx5: Expose relaxed ordering bits (Michael Guralnik) [Orabug: 33519567] - net/mlx5e: TX, Dump WQs wqe descriptors on CQE with error events (Saeed Mahameed) [Orabug: 33519567] [5.4.17-2136.305.1] - btrfs: fix metadata reservation for fallocate that leads to transaction aborts (Filipe Manana) [Orabug: 32675999] - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (Qu Wenruo) [Orabug: 32675999] - uek-rpm: Enable QAT 4XXX device (Thomas Tai) [Orabug: 33440215] - crypto: qat - power up 4xxx device (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - fix naming of PF/VF enable functions (Marco Chiappero) [Orabug: 33440215] - crypto: qat - complete all the init steps before service notification (Marco Chiappero) [Orabug: 33440215] - crypto: qat - move IO virtualization functions (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - rename compatibility version definition (Marco Chiappero) [Orabug: 33440215] - crypto: qat - enable interrupts only after ISR allocation (Marco Chiappero) [Orabug: 33440215] - crypto: qat - simplify code and axe the use of a deprecated API (Christophe JAILLET) [Orabug: 33440215] - crypto: qat - enable detection of accelerators hang (Wojciech Ziemba) [Orabug: 33440215] - crypto: qat - configure arbiter mapping based on engines enabled (Wojciech Ziemba) [Orabug: 33440215] - crypto: qat - replace CRYPTO_AES with CRYPTO_LIB_AES in Kconfig (Marco Chiappero) [Orabug: 33440215] - crypto: qat - add CRYPTO_AES to Kconfig dependencies (Marco Chiappero) [Orabug: 33440215] - crypto: qat - add capability detection logic in qat_4xxx (Marco Chiappero) [Orabug: 33440215] - crypto: qat - add AES-XTS support for QAT GEN4 devices (Marco Chiappero) [Orabug: 33440215] - crypto: qat - add AES-CTR support for QAT GEN4 devices (Marco Chiappero) [Orabug: 33440215] - crypto: qat - add qat_4xxx driver (Thomas Tai) [Orabug: 33440215] - crypto: qat - add hook to initialize vector routing table (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - target fw images to specific AEs (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - add gen4 firmware loader (Jack Xu) [Orabug: 33440215] - crypto: qat - add support for broadcasting mode (Jack Xu) [Orabug: 33440215] - crypto: qat - add support for shared ustore (Jack Xu) [Orabug: 33440215] - crypto: qat - allow to target specific AEs (Jack Xu) [Orabug: 33440215] - crypto: qat - add FCU CSRs to chip info (Jack Xu) [Orabug: 33440215] - crypto: qat - add CSS3K support (Jack Xu) [Orabug: 33440215] - crypto: qat - use ae_mask (Jack Xu) [Orabug: 33440215] - crypto: qat - add misc control CSR to chip info (Jack Xu) [Orabug: 33440215] - crypto: qat - add wake up event to chip info (Jack Xu) [Orabug: 33440215] - crypto: qat - add clock enable CSR to chip info (Jack Xu) [Orabug: 33440215] - crypto: qat - add reset CSR and mask to chip info (Jack Xu) [Orabug: 33440215] - crypto: qat - add local memory size to chip info (Jack Xu) [Orabug: 33440215] - crypto: qat - add support for lm2 and lm3 (Jack Xu) [Orabug: 33440215] - crypto: qat - add next neighbor to chip_info (Jack Xu) [Orabug: 33440215] - crypto: qat - introduce chip info structure (Jack Xu) [Orabug: 33440215] - crypto: qat - refactor long expressions (Jack Xu) [Orabug: 33440215] - crypto: qat - refactor qat_uclo_set_ae_mode() (Jack Xu) [Orabug: 33440215] - crypto: qat - move defines to header files (Jack Xu) [Orabug: 33440215] - crypto: qat - remove global CSRs helpers (Jack Xu) [Orabug: 33440215] - crypto: qat - refactor AE start (Jack Xu) [Orabug: 33440215] - crypto: qat - rename qat_uclo_del_uof_obj() (Jack Xu) [Orabug: 33440215] - crypto: qat - remove unnecessary parenthesis (Jack Xu) [Orabug: 33440215] - crypto: qat - support for mof format in fw loader (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - allow for instances in different banks (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - refactor qat_crypto_dev_config() (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - refactor qat_crypto_create_instances() (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - remove unnecessary void* casts (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - call functions in adf_sriov if available (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - abstract writes to arbiter enable (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - use BIT_ULL() - 1 pattern for masks (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - replace constant masks with GENMASK (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - abstract build ring base (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - enable ring after pair is programmed (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - register crypto instances based on capability (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - add support for capability detection (Marco Chiappero) [Orabug: 33440215] - crypto: qat - abstract arbiter access (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - remove unused macros in arbiter module (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - remove writes into WQCFG (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - update constants table (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - use admin mask to send fw constants (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - change admin sequence (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - rename ME in AE (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - add packed to init admin structures (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - abstract admin interface (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - relocate GEN2 CSR access code (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - split transport CSR access logic (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - fix configuration of iov threads (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - num_rings_per_bank is device dependent (Ahsan Atta) [Orabug: 33440215] - crypto: qat - mask device capabilities with soft straps (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - update IV in software (Marco Chiappero) [Orabug: 33440215] - crypto: qat - drop input parameter from adf_enable_aer() (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - replace device ids defines (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - add delay before polling mailbox (Giovanni Cabiddu) [Orabug: 33440215] - PCI: Add Intel QuickAssist device IDs (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - fallback for xts with 192 bit keys (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - remove unused field in skcipher ctx (Thomas Tai) [Orabug: 33440215] - crypto: qat - validate xts key (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - allow xts requests not multiple of block (Giovanni Cabiddu) [Orabug: 33440215] - crypto: qat - update timeout logic in put admin msg (Wojciech Ziemba) [Orabug: 33440215] - crypto: qat - send admin messages to set of AEs (Wojciech Ziemba) [Orabug: 33440215] - crypto: qat - update fw init admin msg (Wojciech Ziemba) [Orabug: 33440215] - crypto: qat - replace user types with kernel ABI __u types (Wojciech Ziemba) [Orabug: 33440215] - crypto: qat - replace user types with kernel u types (Wojciech Ziemba) [Orabug: 33440215] - crypto: qat - convert to SPDX License Identifiers (Giovanni Cabiddu) [Orabug: 33440215] - iopoll: introduce read_poll_timeout macro (Dejin Zheng) [Orabug: 33440215] - crypto: qat - simplify the qat_crypto function (Tianjia Zhang) [Orabug: 33440215] - crypto: qat - switch to skcipher API (Ard Biesheuvel) [Orabug: 33440215] - io_uring: fix false WARN_ONCE (Pavel Begunkov) [Orabug: 33731046] - scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (James Smart) [Orabug: 33731165] - scsi: lpfc: Fix link down processing to address NULL pointer dereference (James Smart) [Orabug: 33731165] - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (James Smart) [Orabug: 33731165] - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (James Smart) [Orabug: 33731165] - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (James Smart) [Orabug: 33731165] - scsi: lpfc: Add support for optional PLDV handling (James Smart) [Orabug: 33731165] - scsi: lpfc: Fix mailbox command failure during driver initialization (James Smart) [Orabug: 33731165] - scsi: lpfc: Improve PBDE checks during SGL processing (James Smart) [Orabug: 33731165] - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (James Smart) [Orabug: 33731165] - scsi: lpfc: Fix NVMe I/O failover to non-optimized path (James Smart) [Orabug: 33731165] - scsi: lpfc: Don't remove ndlp on PRLI errors in P2P mode (James Smart) [Orabug: 33731165] - scsi: lpfc: Fix rediscovery of tape device after LIP (James Smart) [Orabug: 33731165] - scsi: lpfc: Don't release final kref on Fport node while ABTS outstanding (James Smart) [Orabug: 33731165] - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (James Smart) [Orabug: 33731165] - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (Ewan D. Milne) [Orabug: 33731165] - scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (James Smart) [Orabug: 33731165] - scsi: lpfc: Revise Topology and RAS support checks for new adapters (James Smart) [Orabug: 33731165] - scsi: lpfc: Copyright updates for 12.8.0.11 patches (James Smart) [Orabug: 33731165] - scsi: lpfc: Update lpfc version to 12.8.0.11 (James Smart) [Orabug: 33731165] - scsi: lpfc: Skip issuing ADISC when node is in NPR state (James Smart) [Orabug: 33731165] - scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (James Smart) [Orabug: 33731165] - scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (James Smart) [Orabug: 33731165] - scsi: lpfc: Clear outstanding active mailbox during PCI function reset (James Smart) [Orabug: 33731165] - scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (James Smart) [Orabug: 33731165] - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (James Smart) [Orabug: 33731165] - scsi: lpfc: Fix target reset handler from falsely returning FAILURE (James Smart) [Orabug: 33731165] - scsi: lpfc: Discovery state machine fixes for LOGO handling (James Smart) [Orabug: 33731165] - scsi: lpfc: Remove use of kmalloc() in trace event logging (James Smart) [Orabug: 33731165] - scsi: lpfc: Fix failure to transmit ABTS on FC link (James Smart) [Orabug: 33731165] - bpf: Disallow unprivileged bpf by default (Pawan Gupta) [Orabug: 33734681] - bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33734681] - USB: gadget: bRequestType is a bitfield, not a enum (Greg Kroah-Hartman) [Orabug: 33739525] {CVE-2021-39685} - USB: gadget: zero allocate endpoint 0 buffers (Greg Kroah-Hartman) [Orabug: 33739525] {CVE-2021-39685} - USB: gadget: detect too-big endpoint 0 requests (Greg Kroah-Hartman) [Orabug: 33739525] {CVE-2021-39685} - scsi: vmw_pvscsi: Set residual data length conditionally (Alexey Makhalov) [Orabug: 33761343] - hwmon: (k10temp) Add support for Zen3 CPUs (Rahul Rohit) [Orabug: 33782833] - Revert 'rds/ib: Kernel upgrade to rds_ib_conns info displayed by rds-info' (Rohit Nair) [Orabug: 33812555] - uek-rpm: Add missing dax modules to kernel-ueknano (Somasundaram Krishnasamy) [Orabug: 33821042] - cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33825687] {CVE-2022-0492} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-23960 CVE-2022-25636 CVE-2022-0435 CVE-2022-0492 CVE-2021-3656 CVE-2022-0847 CVE-2021-3653 CVE-2022-0330 CVE-2021-39685 CVE-2021-26401 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 6 [1.0.1e-59.0.3] - Fix possible infinite loop in BN_mod_sqrt() [CVE-2022-0778][Orabug: 33969800] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0778 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 7 [1.0.2k-25_fips] - Change Epoch from 1 to 10 - Fix DH self-test to add shared secret comparison [Orabug: 32467026] - Add DH support changes for SP 800-56A rev3 requirements [Orabug: 32467059] - Add TLS KDF self-test [Orabug: 32467193] - Add EC keys pairwise consistency test [Orabug: 32467059] [1:1.0.2k-25] - Fixes CVE-2022-2078 Infinite loop in BN_mod_sqrt() reachable when parsing certificates - Related: rhbz#2067160 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0778 cpe:/a:oracle:linux:7::u8_security_validation Oracle Linux 7 [1:1.0.2k-25] - Fixes CVE-2022-2078 Infinite loop in BN_mod_sqrt() reachable when parsing certificates - Related: rhbz#2067160 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0778 cpe:/a:oracle:linux:7::userspace_ksplice Oracle Linux 6 [2.2.15-69.0.3] - core: Simpler connection close logic [CVE-2022-22720][Orabug: 33991577] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-22720 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 8 [1:1.1.1k-6] - Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates - Resolves: rhbz#2067144 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0778 cpe:/a:oracle:linux:8::userspace_ksplice Oracle Linux 6 Oracle Linux 7 [4.1.12-124.61.2] - exec, elf: ignore invalid note data (Anthony Yznaga) [Orabug: 34023956] [4.1.12-124.61.1] - drm/i915: Flush TLBs before releasing backing store (Tvrtko Ursulin) [Orabug: 33835812] {CVE-2022-0330} - drm/i915: Reduce locking in execlist command submission (Chris Wilson) [Orabug: 33835812] {CVE-2022-0330} - ipv4: make exception cache less predictible (Eric Dumazet) [Orabug: 33894531] {CVE-2021-20322} - route: also update fnhe_genid when updating a route cache (Xin Long) [Orabug: 33894531] {CVE-2021-20322} - ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516} - sctp: add vtag check in sctp_sf_violation (Xin Long) [Orabug: 33924717] {CVE-2021-3772} - sctp: use init_tag from inithdr for ABORT chunk (Xin Long) [Orabug: 33924717] {CVE-2021-3772} - sr9700: sanity check for packet length (Oliver Neukum) [Orabug: 33962995] {CVE-2022-26966} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-20322 CVE-2021-3772 CVE-2022-26966 CVE-2020-36516 CVE-2022-0330 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 8 [1.8.5-6_fips] - Add API to provide hash calculation in RSA/DSA/ECDSA signature operations [Orabug: 33081130] - Change Epoch from 1 to 10 [1.8.5-6] - Fix for CVE-2021-33560 (#1971421) - Enable HW optimizations in FIPS (#1976137) - Performance enchancements for ChaCha20 and Poly1305 (#1855231) [1.8.5-5] - Performance enchancements for AES-GCM, CRC32 and SHA2 (#1855231) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-33560 cpe:/a:oracle:linux:8::u4_security_validation Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.305.5.5] - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (Paolo Bonzini) [Orabug: 34034594] {CVE-2022-1158} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1158 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.305.5.5] - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (Paolo Bonzini) [Orabug: 34034594] {CVE-2022-1158} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1158 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 [4.14.35-2047.511.5.5.1.el7uek] - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34018777] {CVE-2022-1016} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1016 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [4.14.35-2047.511.5.5.1.el7uek] - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34018777] {CVE-2022-1016} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1016 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 7 [4.14.35-2047.511.5.8.el7uek] - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34048826] {CVE-2022-1016} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1016 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [4.14.35-2047.511.5.8.el7uek] - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34048826] {CVE-2022-1016} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1016 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 6 [1.0.1e-59.0.3] - Fix possible infinite loop in BN_mod_sqrt() [CVE-2022-0778][Orabug: 33969800] [1.0.1e-59.0.1] - Backport fixes for CVE-2020-1971 [Orabug: 32654738] [1.0.1e-58.0.1] - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fix CVE-2018-0739 - Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz - sha256 is used for the RSA pairwise consistency test instead of sha1 [1.0.1e-58] - fix CVE-2019-1559 - 0-byte record padding oracle [1.0.1e-57] - fix CVE-2017-3731 - DoS via truncated packets with RC4-MD5 cipher [1.0.1e-55] - fix CVE-2016-8610 - DoS of single-threaded servers via excessive alerts [1.0.1e-54] - fix handling of ciphersuites present after the FALLBACK_SCSV ciphersuite entry (#1386350) [1.0.1e-53] - add README.legacy-settings [1.0.1e-52] - deprecate and disable verification of insecure hash algorithms - disallow DH keys with less than 1024 bits in TLS client - remove support for weak and export ciphersuites - use correct digest when exporting keying material in TLS1.2 (#1376741) [1.0.1e-50] - fix CVE-2016-2177 - possible integer overflow - fix CVE-2016-2178 - non-constant time DSA operations - fix CVE-2016-2179 - further DoS issues in DTLS - fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio() - fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue - fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec() - fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check - fix CVE-2016-6304 - unbound memory growth with OCSP status request - fix CVE-2016-6306 - certificate message OOB reads - mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to 112 bit effective strength - replace expired testing certificates [1.0.1e-49] - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate() - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO - fix CVE-2016-0799 - memory issues in BIO_printf [1.0.1e-48] - fix CVE-2016-0702 - side channel attack on modular exponentiation - fix CVE-2016-0705 - double-free in DSA private key parsing - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn [1.0.1e-47] - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method [1.0.1e-46] - fix 1-byte memory leak in pkcs12 parse (#1229871) - document some options of the speed command (#1197095) [1.0.1e-45] - fix high-precision timestamps in timestamping authority [1.0.1e-44] - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 [1.0.1e-43] - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint [1.0.1e-42] - fix regression caused by mistake in fix for CVE-2015-1791 [1.0.1e-41] - improved fix for CVE-2015-1791 - add missing parts of CVE-2015-0209 fix for corectness although unexploitable [1.0.1e-40] - fix CVE-2014-8176 - invalid free in DTLS buffering code - fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time - fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent - fix CVE-2015-1791 - race condition handling NewSessionTicket - fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function [1.0.1e-39] - fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on read in multithreaded applications [1.0.1e-38] - fix CVE-2015-4000 - prevent the logjam attack on client - restrict the DH key size to at least 768 bits (limit will be increased in future) [1.0.1e-37] - drop the AES-GCM restriction of 2^32 operations because the IV is always 96 bits (32 bit fixed field + 64 bit invocation field) [1.0.1e-36] - update fix for CVE-2015-0287 to what was released upstream [1.0.1e-35] - fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey() - fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison - fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption - fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference - fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data - fix CVE-2015-0292 - integer underflow in base64 decoder - fix CVE-2015-0293 - triggerable assert in SSLv2 server [1.0.1e-34] - copy digest algorithm when handling SNI context switch - improve documentation of ciphersuites - patch by Hubert Kario - add support for setting Kerberos service and keytab in s_server and s_client [1.0.1e-33] - fix CVE-2014-3570 - incorrect computation in BN_sqr() - fix CVE-2014-3571 - possible crash in dtls1_get_record() - fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state - fix CVE-2014-8275 - various certificate fingerprint issues - fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export ciphersuites and on server - fix CVE-2015-0205 - do not allow unauthenticated client DH certificate - fix CVE-2015-0206 - possible memory leak when buffering DTLS records [1.0.1e-32] - use FIPS approved method for computation of d in RSA [1.0.1e-31] - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV to partially mitigate CVE-2014-3566 (padding attack on SSL3) [1.0.1e-30] - add ECC TLS extensions to DTLS (#1119800) [1.0.1e-29] - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3507 - avoid memory leak in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3509 - fix race condition when parsing server hello - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS - fix CVE-2014-3511 - disallow protocol downgrade via fragmentation [1.0.1e-28] - fix CVE-2014-0224 fix that broke EAP-FAST session resumption support [1.0.1e-26] - drop EXPORT, RC2, and DES from the default cipher list (#1057520) - print ephemeral key size negotiated in TLS handshake (#1057715) - do not include ECC ciphersuites in SSLv2 client hello (#1090952) - properly detect encryption failure in BIO (#1100819) - fail on hmac integrity check if the .hmac file is empty (#1105567) - FIPS mode: make the limitations on DSA, DH, and RSA keygen length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment variable is set [1.0.1e-25] - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerability - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH [1.0.1e-24] - add back support for secp521r1 EC curve [1.0.1e-23] - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension [1.0.1e-22] - use 2048 bit RSA key in FIPS selftests [1.0.1e-21] - add DH_compute_key_padded needed for FIPS CAVS testing - make 3des strength to be 128 bits instead of 168 (#1056616) - FIPS mode: do not generate DSA keys and DH parameters < 2048 bits - FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys) - FIPS mode: add DH selftest - FIPS mode: reseed DRBG properly on RAND_add() - FIPS mode: add RSA encrypt/decrypt selftest - FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key - use the key length from configuration file if req -newkey rsa is invoked [1.0.1e-20] - fix CVE-2013-4353 - Invalid TLS handshake crash [1.0.1e-19] - fix CVE-2013-6450 - possible MiTM attack on DTLS1 [1.0.1e-18] - fix CVE-2013-6449 - crash when version in SSL structure is incorrect [1.0.1e-17] - add back some no-op symbols that were inadvertently dropped [1.0.1e-16] - do not advertise ECC curves we do not support - fix CPU identification on Cyrix CPUs [1.0.1e-15] - make DTLS1 work in FIPS mode - avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode [1.0.1e-14] - installation of dracut-fips marks that the FIPS module is installed [1.0.1e-13] - avoid dlopening libssl.so from libcrypto [1.0.1e-12] - fix small memory leak in FIPS aes selftest - fix segfault in openssl speed hmac in the FIPS mode [1.0.1e-11] - document the nextprotoneg option in manual pages original patch by Hubert Kario [1.0.1e-9] - always perform the FIPS selftests in library constructor if FIPS module is installed [1.0.1e-8] - fix use of rdrand if available - more commits cherry picked from upstream - documentation fixes [1.0.1e-7] - additional manual page fix - use symbol versioning also for the textual version [1.0.1e-6] - additional manual page fixes - cleanup speed command output for ECDH ECDSA [1.0.1e-5] - use _prefix macro [1.0.1e-4] - add relro linking flag [1.0.1e-2] - add support for the -trusted_first option for certificate chain verification [1.0.1e-1] - rebase to the 1.0.1e upstream version [1.0.0-28] - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv() everywhere instead of getenv() (#839735) [1.0.0-27] - fix sslrand(1) and sslpasswd(1) reference in openssl(1) manpage (#841645) - drop superfluous lib64 fixup in pkgconfig .pc files (#770872) - force BIO_accept_new(*:<port-number>) to listen on IPv4 [1.0.0-26] - use PKCS#8 when writing private keys in FIPS mode as the old PEM encryption mode is not FIPS compatible (#812348) [1.0.0-25] - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - properly initialize tkeylen in the CVE-2012-0884 fix [1.0.0-24] - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185) [1.0.0-23] - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) [1.0.0-22] - fix incorrect encryption of unaligned chunks in CFB, OFB and CTR modes [1.0.0-21] - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) [1.0.0-20] - fix x86cpuid.pl - patch by Paolo Bonzini [1.0.0-19] - add known answer test for SHA2 algorithms [1.0.0-18] - fix missing initialization of a variable in the CHIL engine (#740188) [1.0.0-17] - initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207 (#736087) [1.0.0-16] - merge the optimizations for AES-NI, SHA1, and RC4 from the intelx engine to the internal implementations [1.0.0-15] - better documentation of the available digests in apps (#693858) - backported CHIL engine fixes (#693863) - allow testing build without downstream patches (#708511) - enable partial RELRO when linking (#723994) - add intelx engine with improved performance on new Intel CPUs - add OPENSSL_DISABLE_AES_NI environment variable which disables the AES-NI support (does not affect the intelx engine) [1.0.0-14] - use the AES-NI engine in the FIPS mode [1.0.0-11] - add API necessary for CAVS testing of the new DSA parameter generation [1.0.0-10] - fix OCSP stapling vulnerability - CVE-2011-0014 (#676063) - correct the README.FIPS document IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0778 cpe:/a:oracle:linux:6:10:userspace_ksplice_ELS Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.306.1.3] - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (Paolo Bonzini) [Orabug: 34053807] {CVE-2022-1158} [5.4.17-2136.306.1.2] - Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34045203] [5.4.17-2136.306.1.1] - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34035701] {CVE-2022-1016} - exec, elf: ignore invalid note data (Anthony Yznaga) [Orabug: 34035682] [5.4.17-2136.306.1] - sr9700: sanity check for packet length (Brian Maly) [Orabug: 33962705] {CVE-2022-26966} - net/packet: rx_owner_map depends on pg_vec (Willem de Bruijn) [Orabug: 33835787] {CVE-2021-22600} - KVM: SVM: Don't flush cache if hardware enforces cache coherency across encryption domains (Krish Sadhukhan) [Orabug: 33921125] - x86/mm/pat: Don't flush cache if hardware enforces cache coherency across encryption domnains (Krish Sadhukhan) [Orabug: 33921125] - rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940519] - NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958154] {CVE-2022-24448} - Revert 'btrfs: inode: refactor the parameters of insert_reserved_file_extent()' (Srikanth C S) [Orabug: 33958240] - Revert 'btrfs: fix metadata reservation for fallocate that leads to transaction aborts' (Srikanth C S) [Orabug: 33958240] - ovl: fix WARN_ON nlink drop to zero (Miklos Szeredi) [Orabug: 33687076] - panic: reinitialize logbuf locks before notifiers (Stephen Brennan) [Orabug: 33740420] - printk: Drop console_sem during panic (Stephen Brennan) [Orabug: 33740420] - printk: Avoid livelock with heavy printk during panic (Stephen Brennan) [Orabug: 33740420] - printk: disable optimistic spin during panic (Stephen Brennan) [Orabug: 33740420] - printk: Add panic_in_progress helper (Stephen Brennan) [Orabug: 33740420] - sched: Put vcpu preemption idle check into a SCHED_FEAT. (chris hyser) [Orabug: 33806261] - rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820776] - drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840432] {CVE-2022-22942} - udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870266] {CVE-2022-0617} - udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870266] {CVE-2022-0617} - ACPI: sysfs: copy ACPI data using io memory copying (Colin Ian King) [Orabug: 33876016] - Enable CONFIG_DM_DUST and nano for UEK6 (Gulam Mohamed) [Orabug: 33897851] - arm64/efi: remove spurious WARN_ON for !4K kernels (Mark Rutland) [Orabug: 33900748] - lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33910799] - ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917056] {CVE-2020-36516} - ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917056] {CVE-2020-36516} - bpf: fix out-of-tree module build (Alan Maguire) [Orabug: 33919430] - ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925471] - arm64: Use the clearbhb instruction in mitigations (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly) [Orabug: 33921736] {CVE-2022-23960} - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: Mitigate spectre style branch history side channels (James Morse) [Orabug: 33921736] {CVE-2022-23960} - KVM: arm64: Add templates for BHB mitigation sequences (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) [Orabug: 33921736] {CVE-2022-23960} - arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) [Orabug: 33921736] {CVE-2022-23960} - arm64: Add part number for Arm Cortex-A77 (Rob Herring) [Orabug: 33921736] {CVE-2022-23960} - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: Add percpu vectors for EL1 (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Allow the trampoline text to occupy multiple pages (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Move the trampoline data page before the text page (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Free up another register on kpti's tramp_exit path (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Make the trampoline cleanup optional (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: entry.S: Add ventry overflow sanity checks (James Morse) [Orabug: 33921736] {CVE-2022-23960} - Revert 'BACKPORT: VARIANT 2: arm64: Add initial retpoline support' (Russell King) [Orabug: 33921736] {CVE-2022-23960} - Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33921736] {CVE-2022-23960} - Revert 'BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA.' (Russell King) [Orabug: 33921736] {CVE-2022-23960} - Revert 'BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr.' (Russell King) [Orabug: 33921736] {CVE-2022-23960} - Revert 'BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block.' (Russell King) [Orabug: 33921736] {CVE-2022-23960} - Revert 'BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline.' (Russell King) [Orabug: 33921736] {CVE-2022-23960} - Revert 'Arm64: add retpoline to cpu_show_spectre_v2' (Russell King) [Orabug: 33921736] {CVE-2022-23960} - Revert 'arm64: retpoline: Don't use retpoline in KVM's HYP part.' (Russell King) [Orabug: 33921736] {CVE-2022-23960} - Revert 'uek-rpm: aarch64 config enable RETPOLINE' (Russell King) [Orabug: 33921736] {CVE-2022-23960} - Revert 'uek-rpm: aarch64 config enable RETPOLINE OL8' (Russell King) [Orabug: 33921736] {CVE-2022-23960} - x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33941936] {CVE-2021-26401} - Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33917127] - x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401} - ovl: fix WARN_ON nlink drop to zero (Miklos Szeredi) [Orabug: 33687076] - panic: reinitialize logbuf locks before notifiers (Stephen Brennan) [Orabug: 33740420] - printk: Drop console_sem during panic (Stephen Brennan) [Orabug: 33740420] - printk: Avoid livelock with heavy printk during panic (Stephen Brennan) [Orabug: 33740420] - printk: disable optimistic spin during panic (Stephen Brennan) [Orabug: 33740420] - printk: Add panic_in_progress helper (Stephen Brennan) [Orabug: 33740420] - sched: Put vcpu preemption idle check into a SCHED_FEAT. (chris hyser) [Orabug: 33806261] - rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820776] - drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840432] {CVE-2022-22942} - udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870266] {CVE-2022-0617} - udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870266] {CVE-2022-0617} - ACPI: sysfs: copy ACPI data using io memory copying (Colin Ian King) [Orabug: 33876016] - Enable CONFIG_DM_DUST and nano for UEK6 (Gulam Mohamed) [Orabug: 33897851] - arm64/efi: remove spurious WARN_ON for !4K kernels (Mark Rutland) [Orabug: 33900748] - lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33910799] - ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917056] {CVE-2020-36516} - ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917056] {CVE-2020-36516} - bpf: fix out-of-tree module build (Alan Maguire) [Orabug: 33919430] - ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925471] - arm64: Use the clearbhb instruction in mitigations (James Morse) [Orabug: 33921736] - arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly) [Orabug: 33921736] - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse) [Orabug: 33921736] - arm64: Mitigate spectre style branch history side channels (James Morse) [Orabug: 33921736] - KVM: arm64: Add templates for BHB mitigation sequences (James Morse) [Orabug: 33921736] - arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) [Orabug: 33921736] - arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) [Orabug: 33921736] - arm64: Add part number for Arm Cortex-A77 (Rob Herring) [Orabug: 33921736] - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse) [Orabug: 33921736] - arm64: Add percpu vectors for EL1 (James Morse) [Orabug: 33921736] - arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) [Orabug: 33921736] - arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) [Orabug: 33921736] - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) [Orabug: 33921736] - arm64: entry: Allow the trampoline text to occupy multiple pages (James Morse) [Orabug: 33921736] - arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) [Orabug: 33921736] - arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) [Orabug: 33921736] - arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) [Orabug: 33921736] - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse) [Orabug: 33921736] - arm64: entry: Move the trampoline data page before the text page (James Morse) [Orabug: 33921736] - arm64: entry: Free up another register on kpti's tramp_exit path (James Morse) [Orabug: 33921736] - arm64: entry: Make the trampoline cleanup optional (James Morse) [Orabug: 33921736] - arm64: entry.S: Add ventry overflow sanity checks (James Morse) [Orabug: 33921736] - Revert 'BACKPORT: VARIANT 2: arm64: Add initial retpoline support' (Russell King) [Orabug: 33921736] - Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33921736] - Revert 'BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA.' (Russell King) [Orabug: 33921736] - Revert 'BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr.' (Russell King) [Orabug: 33921736] - Revert 'BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block.' (Russell King) [Orabug: 33921736] - Revert 'BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline.' (Russell King) [Orabug: 33921736] - Revert 'Arm64: add retpoline to cpu_show_spectre_v2' (Russell King) [Orabug: 33921736] - Revert 'arm64: retpoline: Don't use retpoline in KVM's HYP part.' (Russell King) [Orabug: 33921736] - Revert 'uek-rpm: aarch64 config enable RETPOLINE' (Russell King) [Orabug: 33921736] - Revert 'uek-rpm: aarch64 config enable RETPOLINE OL8' (Russell King) [Orabug: 33921736] - x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33941936] {CVE-2021-26341} - x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33941936] {CVE-2021-26341} - x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33941936] {CVE-2021-26341} - x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33941936] {CVE-2021-26341} - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33941936] {CVE-2021-26341} - Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33941936] {CVE-2021-26341} - x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33941936] {CVE-2021-26341} - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33941936] {CVE-2021-26341} - x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33917127] - x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33941936] {CVE-2021-26341} - x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33941936] {CVE-2021-26341} - x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33941936] {CVE-2021-26341} - rds/ib: handle posted ACK during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820760] - rds/ib: reap tx completions during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820760] - rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820760] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-22600 CVE-2021-26401 CVE-2022-0617 CVE-2022-23960 CVE-2022-22942 CVE-2022-1016 CVE-2021-26341 CVE-2022-1158 CVE-2020-36516 CVE-2022-26966 CVE-2022-24448 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.306.1.3] - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (Paolo Bonzini) [Orabug: 34053807] {CVE-2022-1158} [5.4.17-2136.306.1.2] - Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34045203] [5.4.17-2136.306.1.1] - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34035701] {CVE-2022-1016} - exec, elf: ignore invalid note data (Anthony Yznaga) [Orabug: 34035682] [5.4.17-2136.306.1] - sr9700: sanity check for packet length (Brian Maly) [Orabug: 33962705] {CVE-2022-26966} - net/packet: rx_owner_map depends on pg_vec (Willem de Bruijn) [Orabug: 33835787] {CVE-2021-22600} - KVM: SVM: Don't flush cache if hardware enforces cache coherency across encryption domains (Krish Sadhukhan) [Orabug: 33921125] - x86/mm/pat: Don't flush cache if hardware enforces cache coherency across encryption domnains (Krish Sadhukhan) [Orabug: 33921125] - rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940519] - NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958154] {CVE-2022-24448} - Revert 'btrfs: inode: refactor the parameters of insert_reserved_file_extent()' (Srikanth C S) [Orabug: 33958240] - Revert 'btrfs: fix metadata reservation for fallocate that leads to transaction aborts' (Srikanth C S) [Orabug: 33958240] - ovl: fix WARN_ON nlink drop to zero (Miklos Szeredi) [Orabug: 33687076] - panic: reinitialize logbuf locks before notifiers (Stephen Brennan) [Orabug: 33740420] - printk: Drop console_sem during panic (Stephen Brennan) [Orabug: 33740420] - printk: Avoid livelock with heavy printk during panic (Stephen Brennan) [Orabug: 33740420] - printk: disable optimistic spin during panic (Stephen Brennan) [Orabug: 33740420] - printk: Add panic_in_progress helper (Stephen Brennan) [Orabug: 33740420] - sched: Put vcpu preemption idle check into a SCHED_FEAT. (chris hyser) [Orabug: 33806261] - rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820776] - drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840432] {CVE-2022-22942} - udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870266] {CVE-2022-0617} - udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870266] {CVE-2022-0617} - ACPI: sysfs: copy ACPI data using io memory copying (Colin Ian King) [Orabug: 33876016] - Enable CONFIG_DM_DUST and nano for UEK6 (Gulam Mohamed) [Orabug: 33897851] - arm64/efi: remove spurious WARN_ON for !4K kernels (Mark Rutland) [Orabug: 33900748] - lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33910799] - ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917056] {CVE-2020-36516} - ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917056] {CVE-2020-36516} - bpf: fix out-of-tree module build (Alan Maguire) [Orabug: 33919430] - ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925471] - arm64: Use the clearbhb instruction in mitigations (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly) [Orabug: 33921736] {CVE-2022-23960} - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: Mitigate spectre style branch history side channels (James Morse) [Orabug: 33921736] {CVE-2022-23960} - KVM: arm64: Add templates for BHB mitigation sequences (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) [Orabug: 33921736] {CVE-2022-23960} - arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) [Orabug: 33921736] {CVE-2022-23960} - arm64: Add part number for Arm Cortex-A77 (Rob Herring) [Orabug: 33921736] {CVE-2022-23960} - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: Add percpu vectors for EL1 (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Allow the trampoline text to occupy multiple pages (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Move the trampoline data page before the text page (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Free up another register on kpti's tramp_exit path (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: entry: Make the trampoline cleanup optional (James Morse) [Orabug: 33921736] {CVE-2022-23960} - arm64: entry.S: Add ventry overflow sanity checks (James Morse) [Orabug: 33921736] {CVE-2022-23960} - Revert 'BACKPORT: VARIANT 2: arm64: Add initial retpoline support' (Russell King) [Orabug: 33921736] {CVE-2022-23960} - Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33921736] {CVE-2022-23960} - Revert 'BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA.' (Russell King) [Orabug: 33921736] {CVE-2022-23960} - Revert 'BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr.' (Russell King) [Orabug: 33921736] {CVE-2022-23960} - Revert 'BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block.' (Russell King) [Orabug: 33921736] {CVE-2022-23960} - Revert 'BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline.' (Russell King) [Orabug: 33921736] {CVE-2022-23960} - Revert 'Arm64: add retpoline to cpu_show_spectre_v2' (Russell King) [Orabug: 33921736] {CVE-2022-23960} - Revert 'arm64: retpoline: Don't use retpoline in KVM's HYP part.' (Russell King) [Orabug: 33921736] {CVE-2022-23960} - Revert 'uek-rpm: aarch64 config enable RETPOLINE' (Russell King) [Orabug: 33921736] {CVE-2022-23960} - Revert 'uek-rpm: aarch64 config enable RETPOLINE OL8' (Russell King) [Orabug: 33921736] {CVE-2022-23960} - x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33941936] {CVE-2021-26401} - Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33917127] - x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401} - x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401} - Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33921736] - rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820760] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-22600 CVE-2022-23960 CVE-2022-22942 CVE-2022-1158 CVE-2022-1016 CVE-2022-24448 CVE-2022-26966 CVE-2020-36516 CVE-2021-26401 CVE-2022-0617 CVE-2021-26341 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 8 [2.4.37-43.0.3.3] - Resolves: CVE-2021-33193 a crafted method sent through HTTP/2 will bypass validation [Orabug: 33942809] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-33193 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [4.14.35-2047.512.6] - Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34039271] - uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33993774] [4.14.35-2047.512.5] - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34012925] {CVE-2022-1016} - rds: Fix incorrect initialization order (Hakon Bugge) [Orabug: 33923372] - btrfs: unlock newly allocated extent buffer after error (Qu Wenruo) [Orabug: 33997138] {CVE-2021-4149} - sr9700: sanity check for packet length (Oliver Neukum) [Orabug: 33962706] {CVE-2022-26966} [4.14.35-2047.512.4] - Linux 4.14.265 (Greg Kroah-Hartman) - ext4: fix error handling in ext4_restore_inline_data() (Ritesh Harjani) - EDAC/xgene: Fix deferred probing (Sergey Shtylyov) - EDAC/altera: Fix deferred probing (Sergey Shtylyov) - rtc: cmos: Evaluate century appropriate (Riwen Lu) - selftests: futex: Use variable MAKE instead of make (Muhammad Usama Anjum) - nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. (Dai Ngo) - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (John Meneghini) - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (Miaoqian Lin) - drm/i915/overlay: Prevent divide by zero bugs in scaling (Dan Carpenter) - net: macsec: Verify that send_sci is on when setting Tx sci explicitly (Lior Nahmanson) - net: ieee802154: Return meaningful error codes from the netlink helpers (Miquel Raynal) - net: ieee802154: ca8210: Stop leaking skb's (Miquel Raynal) - spi: meson-spicc: add IRQ check in meson_spicc_probe (Miaoqian Lin) - spi: mediatek: Avoid NULL pointer crash in interrupt (Benjamin Gaignard) - spi: bcm-qspi: check for valid cs before applying chip select (Kamal Dasu) - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (Joerg Roedel) - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (Guoqing Jiang) - RDMA/mlx4: Don't continue event handler after memory allocation failure (Leon Romanovsky) - block: bio-integrity: Advance seed correctly for larger interval sizes (Martin K. Petersen) - drm/nouveau: fix off by one in BIOS boundary checking (Nick Lopez) - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (Mark Brown) - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (Mark Brown) - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (Mark Brown) - audit: improve audit queue handling when 'audit=1' on cmdline (Paul Moore) - af_packet: fix data-race in packet_setsockopt / packet_setsockopt (Eric Dumazet) - rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (Eric Dumazet) - net: amd-xgbe: Fix skb data length underflow (Shyam Sundar S K) - net: amd-xgbe: ensure to reset the tx_timer_active flag (Raju Rangoju) - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (Georgi Valkov) - netfilter: nat: limit port clash resolution attempts (Florian Westphal) - netfilter: nat: remove l4 protocol port rovers (Florian Westphal) - bpf: fix truncated jump targets on heavy expansions (Daniel Borkmann) - ipv4: raw: lock the socket in raw_bind() (Eric Dumazet) - yam: fix a memory leak in yam_siocdevprivate() (Hangyu Hua) - ibmvnic: don't spin in tasklet (Sukadev Bhattiprolu) - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (Jose Exposito) - drm/msm: Fix wrong size calculation (Xianting Tian) - net-procfs: show net devices bound packet types (Jianguo Wu) - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (Trond Myklebust) - NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) - hwmon: (lm90) Reduce maximum conversion rate for G781 (Guenter Roeck) - ping: fix the sk_bound_dev_if match in ping_lookup (Xin Long) - net: fix information leakage in /proc/net/ptype (Saeed Mirzamohammadi) - ipv6_tunnel: Rate limit warning messages (Ido Schimmel) - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (John Meneghini) - rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (Matthias Kaehlcke) - rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (Sujit Kautkar) - i40e: fix unsigned stat widths (Joe Damato) - i40e: Increase delay to 1 s after global EMP reset (Jedrzej Jagielski) - lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() (Christophe Leroy) - powerpc/32: Fix boot failure with GCC latent entropy plugin (Christophe Leroy) - net: sfp: ignore disabled SFP node (Marek Behun) - usb: typec: tcpm: Do not disconnect while receiving VBUS off (Badhri Jagan Sridharan) - USB: core: Fix hang in usb_kill_urb by adding memory barriers (Alan Stern) - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (Pavankumar Kondeti) - usb: common: ulpi: Fix crash in ulpi_match() (Jon Hunter) - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (Alan Stern) - tty: Add support for Brainboxes UC cards. (Cameron Williams) - tty: n_gsm: fix SW flow control encoding/handling (daniel.starke@siemens.com) - serial: stm32: fix software flow control transfer (Valentin Caron) - netfilter: nft_payload: do not update layer 4 checksum when mangling fragments (Pablo Neira Ayuso) - PM: wakeup: simplify the output logic of pm_show_wakelocks() (Greg Kroah-Hartman) - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (Steffen Maier) - s390/hypfs: include z/VM guests with access control group set (Vasily Gorbik) - Bluetooth: refactor malicious adv data check (Brian Gix) - Linux 4.14.264 (Greg Kroah-Hartman) - can: bcm: fix UAF of bcm op (Ziyang Xuan) - Linux 4.14.263 (Greg Kroah-Hartman) - gianfar: fix jumbo packets+napi+rx overrun crash (Michael Braun) - gianfar: simplify FCS handling and fix memory leak (Andy Spencer) - drm/ttm/nouveau: don't call tt destroy callback on alloc failure. (Dave Airlie) - mips,s390,sh,sparc: gup: Work around the 'COW can break either way' issue (Ben Hutchings) - lib82596: Fix IRQ check in sni_82596_probe (Miaoqian Lin) - scripts/dtc: dtx_diff: remove broken example from help text (Matthias Schiffer) - bcmgenet: add WOL IRQ check (Sergey Shtylyov) - net_sched: restore 'mpu xxx' handling (Kevin Bracey) - dmaengine: at_xdmac: Fix at_xdmac_lld struct definition (Tudor Ambarus) - dmaengine: at_xdmac: Fix lld view setting (Tudor Ambarus) - dmaengine: at_xdmac: Print debug message after realeasing the lock (Tudor Ambarus) - dmaengine: at_xdmac: Don't start transactions at tx_submit level (Tudor Ambarus) - libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() (Guillaume Nault) - netns: add schedule point in ops_exit_list() (Eric Dumazet) - net: axienet: fix number of TX ring slots for available check (Robert Hancock) - net: axienet: Wait for PhyRstCmplt after core reset (Robert Hancock) - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (Eric Dumazet) - parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries (Miaoqian Lin) - net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (Tobias Waldekranz) - powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses (Tobias Waldekranz) - powerpc/cell: Fix clang -Wimplicit-fallthrough warning (Anders Roxell) - RDMA/rxe: Fix a typo in opcode name (Chengguang Xu) - RDMA/hns: Modify the mapping attribute of doorbell to device (Yixing Liu) - Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization (Lukas Bulwahn) - firmware: Update Kconfig help text for Google firmware (Ben Hutchings) - drm/radeon: fix error handling in radeon_driver_open_kms (Christian Konig) - crypto: stm32/crc32 - Fix kernel BUG triggered in probe() (Marek Vasut) - ext4: don't use the orphan list when migrating an inode (Theodore Ts'o) - ext4: Fix BUG_ON in ext4_bread when write quota data (Ye Bin) - ext4: set csum seed in tmp inode while migrating to extents (Luis Henriques) - ext4: make sure quota gets properly shutdown on error (Jan Kara) - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (Ilan Peer) - cputime, cpuacct: Include guest time in user time in cpuacct.stat (Andrey Ryabinin) - serial: Fix incorrect rs485 polarity on uart open (Lukas Wunner) - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (Petr Cvachoucek) - power: bq25890: Enable continuous conversion for ADC at charging (Yauhen Kharuzhy) - ASoC: mediatek: mt8173: fix device_node leak (Tzung-Bi Shih) - scsi: sr: Don't use GFP_DMA (Christoph Hellwig) - MIPS: Octeon: Fix build errors using clang (Tianjia Zhang) - i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (Lakshmi Sowjanya D) - MIPS: OCTEON: add put_device() after of_find_device_by_node() (Ye Guojin) - ALSA: seq: Set upper limit of processed events (Takashi Iwai) - w1: Misuse of get_user()/put_user() reported by sparse (Christophe Leroy) - i2c: mpc: Correct I2C reset procedure (Joakim Tjernlund) - powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING (Michael Ellerman) - i2c: i801: Don't silently correct invalid transfer size (Heiner Kallweit) - powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (Nicholas Piggin) - powerpc/btext: add missing of_node_put (Julia Lawall) - powerpc/cell: add missing of_node_put (Julia Lawall) - powerpc/powernv: add missing of_node_put (Julia Lawall) - powerpc/6xx: add missing of_node_put (Julia Lawall) - parisc: Avoid calling faulthandler_disabled() twice (John David Anglin) - serial: core: Keep mctrl register state and cached copy in sync (Lukas Wunner) - serial: pl010: Drop CR register reset on set_termios (Lukas Wunner) - net: phy: marvell: configure RGMII delays for 88E1118 (Russell King (Oracle)) - dm space map common: add bounds check to sm_ll_lookup_bitmap() (Joe Thornber) - dm btree: add a defensive bounds check to insert_at() (Joe Thornber) - mac80211: allow non-standard VHT MCS-10/11 (Ping-Ke Shih) - net: mdio: Demote probed message to debug print (Florian Fainelli) - btrfs: remove BUG_ON(!eie) in find_parent_nodes (Josef Bacik) - btrfs: remove BUG_ON() in find_parent_nodes() (Josef Bacik) - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (Kirill A. Shutemov) - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (Rafael J. Wysocki) - ACPICA: Utilities: Avoid deleting the same object twice in a row (Rafael J. Wysocki) - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (Mark Langsdorf) - jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (Kyeong Yoo) - um: registers: Rename function names to avoid conflicts and build problems (Randy Dunlap) - iwlwifi: remove module loading failure message (Johannes Berg) - iwlwifi: fix leaks/bad data after failed firmware load (Johannes Berg) - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (Zekun Shen) - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (Kai-Heng Feng) - arm64: tegra: Adjust length of CCPLEX cluster MMIO region (Thierry Reding) - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (Ulf Hansson) - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang) - media: igorplugusb: receiver overflow should be reported (Sean Young) - bpf: Do not WARN in bpf_warn_invalid_xdp_action() (Paolo Abeni) - net: bonding: debug: avoid printing debug logs when bond is not notifying peers (Suresh Kumar) - ath10k: Fix tx hanging (Sebastian Gottschall) - iwlwifi: mvm: synchronize with FW after multicast commands (Johannes Berg) - media: m920x: don't use stack on USB reads (Mauro Carvalho Chehab) - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang) - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds. (James Hilliard) - floppy: Add max size check for user space request (Xiongwei Song) - usb: uhci: add aspeed ast2600 uhci support (Neal Liu) - mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (Zekun Shen) - HSI: core: Fix return freed object in hsi_new_client (Chengfeng Ye) - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (Hans de Goede) - drm/bridge: megachips: Ensure both bridges are probed before registration (Martyn Welch) - mlxsw: pci: Add shutdown method in PCI driver (Danielle Ratson) - media: b2c2: Add missing check in flexcop_pci_isr: (Zheyu Ma) - HID: apple: Do not reset quirks when the Fn key is not found (Jose Exposito) - usb: gadget: f_fs: Use stream_open() for endpoint files (Pavankumar Kondeti) - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (Ben Skeggs) - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (Zekun Shen) - fs: dlm: filter user dlm messages for kernel locks (Alexander Aring) - Bluetooth: Fix debugfs entry leak in hci_register_dev() (Wei Yongjun) - RDMA/cxgb4: Set queue pair state when being queried (Kamal Heib) - mips: bcm63xx: add support for clk_set_parent() (Randy Dunlap) - mips: lantiq: add support for clk_set_parent() (Randy Dunlap) - misc: lattice-ecp3-config: Fix task hung when firmware load failed (Wei Yongjun) - ASoC: samsung: idma: Check of ioremap return value (Jiasheng Jiang) - iommu/iova: Fix race between FQ timeout and teardown (Xiongfeng Wang) - dmaengine: pxa/mmp: stop referencing config->slave_id (Arnd Bergmann) - RDMA/core: Let ib_find_gid() continue search even after empty entry (Avihai Horon) - scsi: ufs: Fix race conditions related to driver data (Bart Van Assche) - char/mwave: Adjust io port register size (Kees Cook) - ALSA: oss: fix compile error when OSS_DEBUG is enabled (Bixuan Cui) - powerpc/prom_init: Fix improper check of prom_getprop() (Peiwei Hu) - RDMA/hns: Validate the pkey index (Kamal Heib) - ALSA: hda: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) - ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) - ALSA: jack: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) - ext4: avoid trim error on fs with small groups (Jan Kara) - net: mcs7830: handle usb read errors properly (Pavel Skripkin) - pcmcia: fix setting of kthread task states (Dominik Brodowski) - can: xilinx_can: xcan_probe(): check for error irq (Jiasheng Jiang) - can: softing: softing_startstop(): fix set but not used variable warning (Marc Kleine-Budde) - tpm: add request_locality before write TPM_INT_ENABLE (Chen Jun) - spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe (Miaoqian Lin) - fsl/fman: Check for null pointer after calling devm_ioremap (Jiasheng Jiang) - ppp: ensure minimum packet size in ppp_write() (Eric Dumazet) - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() (Zhou Qingyang) - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() (Zhou Qingyang) - x86/mce/inject: Avoid out-of-bounds write when setting flags (Zhang Zixun) - usb: ftdi-elan: fix memory leak on device disconnect (Wei Yongjun) - media: msi001: fix possible null-ptr-deref in msi001_probe() (Wang Hai) - media: dw2102: Fix use after free (Anton Vasilyev) - sched/rt: Try to restart rt period timer when rt runtime exceeded (Li Hua) - media: si2157: Fix 'warm' tuner state detection (Robert Schlabbach) - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (Zhou Qingyang) - media: dib8000: Fix a memleak in dib8000_init() (Zhou Qingyang) - floppy: Fix hang in watchdog when disk is ejected (Tasos Sahanidis) - serial: amba-pl011: do not request memory region twice (Lino Sanfilippo) - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (Zhou Qingyang) - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (Zhou Qingyang) - arm64: dts: qcom: msm8916: fix MMC controller aliases (Dmitry Baryshkov) - netfilter: bridge: add support for pppoe filtering (Florian Westphal) - media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released (Dafna Hirschfeld) - tty: serial: atmel: Call dma_async_issue_pending() (Tudor Ambarus) - tty: serial: atmel: Check return code of dmaengine_submit() (Tudor Ambarus) - crypto: qce - fix uaf on qce_ahash_register_one (Chengfeng Ye) - media: dmxdev: fix UAF when dvb_register_device() fails (Wang Hai) - Bluetooth: stop proccessing malicious adv data (Pavel Skripkin) - media: em28xx: fix memory leak in em28xx_init_dev (Dongliang Mu) - wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND (Bryan O'Donoghue) - clk: bcm-2835: Remove rounding up the dividers (Maxime Ripard) - clk: bcm-2835: Pick the closest clock rate (Maxime Ripard) - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (Wang Hai) - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (Yifeng Li) - shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode (Gang Li) - can: softing_cs: softingcs_probe(): fix memleak on registration failure (Johan Hovold) - media: stk1160: fix control-message timeouts (Johan Hovold) - media: pvrusb2: fix control-message timeouts (Johan Hovold) - media: redrat3: fix control-message timeouts (Johan Hovold) - media: dib0700: fix undefined behavior in tuner shutdown (Michael Kuron) - media: s2255: fix control-message timeouts (Johan Hovold) - media: cpia2: fix control-message timeouts (Johan Hovold) - media: em28xx: fix control-message timeouts (Johan Hovold) - media: mceusb: fix control-message timeouts (Johan Hovold) - media: flexcop-usb: fix control-message timeouts (Johan Hovold) - rtc: cmos: take rtc_lock while reading from CMOS (Mateusz Jonczyk) - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (Krzysztof Kozlowski) - HID: wacom: Avoid using stale array indicies to read contact count (Jason Gerecke) - HID: wacom: Ignore the confidence flag when a touch is removed (Jason Gerecke) - HID: uhid: Fix worker destroying device without any protection (Jann Horn) - Bluetooth: fix init and cleanup of sco_conn.timeout_work (Desmond Cheong Zhi Xi) - Bluetooth: schedule SCO timeouts with delayed_work (Desmond Cheong Zhi Xi) - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (Larry Finger) - media: uvcvideo: fix division by zero at stream start (Johan Hovold) - orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (Christophe JAILLET) - drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (Nathan Chancellor) - staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() (Nathan Chancellor) - random: fix data race on crng init time (Eric Biggers) - random: fix data race on crng_node_pool (Eric Biggers) - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (Brian Silverman) - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (Marc Kleine-Budde) - mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() (Andy Shevchenko) - USB: Fix 'slab-out-of-bounds Write' bug in usb_hcd_poll_rh_status (Alan Stern) - USB: core: Fix bug in resuming hub's handling of wakeup requests (Alan Stern) - Bluetooth: bfusb: fix division by zero in send path (Johan Hovold) - Linux 4.14.262 (Greg Kroah-Hartman) - mISDN: change function names to avoid conflicts (wolfgang huang) - net: udp: fix alignment problem in udp4_seq_show() (yangxingwu) - ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate (William Zhao) - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (Lixiaokeng) - ipv6: Do cleanup if attribute validation fails in multipath route (David Ahern) - ipv6: Continue processing multipath route even if gateway attribute is invalid (David Ahern) - phonet: refcount leak in pep_sock_accep (Hangyu Hua) - rndis_host: support Hytera digital radios (Thomas Toye) - power: reset: ltc2952: Fix use of floating point literals (Nathan Chancellor) - sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc (Eric Dumazet) - ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route (David Ahern) - ipv6: Check attribute length for RTA_GATEWAY in multipath route (David Ahern) - i40e: Fix incorrect netdev's real number of RX/TX queues (Jedrzej Jagielski) - i40e: fix use-after-free in i40e_sync_filters_subtask() (Di Zhu) - mac80211: initialize variable have_higher_than_11mbit (Tom Rix) - RDMA/core: Don't infoleak GRH fields (Leon Romanovsky) - ieee802154: atusb: fix uninit value in atusb_set_extended_addr (Pavel Skripkin) - virtio_pci: Support surprise removal of virtio pci device (Parav Pandit) - tracing: Tag trace_percpu_buffer as a percpu pointer (Naveen N. Rao) - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (Naveen N. Rao) - Bluetooth: btusb: Apply QCA Rome patches for some ATH3012 models (Takashi Iwai) [4.14.35-2047.512.3] - lib/timerqueue: Rely on rbtree semantics for next timer (Davidlohr Bueso) [Orabug: 33406086] {CVE-2021-20317} {CVE-2021-20317} - rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940520] - uek-rpm: remove uek-rpm/ol8 (John Donnelly) [Orabug: 33665655] - uek-rpm: Enable config CONFIG_SCSI_MQ_DEFAULT (Saeed Mirzamohammadi) [Orabug: 33973455] - sched: restore the sliding search window for select_idle_cpu() (Libo Chen) [Orabug: 33965297] - NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958155] {CVE-2022-24448} - Linux 4.14.261 (Greg Kroah-Hartman) - sctp: use call_rcu to free endpoint (Xin Long) - net: fix use-after-free in tw_timer_handler (Muchun Song) - Input: spaceball - fix parsing of movement data packets (Leo L. Schwab) - Input: appletouch - initialize work before device registration (Pavel Skripkin) - binder: fix async_free_space accounting for empty parcels (Todd Kjos) - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. (Vincent Pelletier) - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. (Mathias Nyman) - uapi: fix linux/nfc.h userspace compilation errors (Dmitry V. Levin) - nfc: uapi: use kernel size_t to fix user-space builds (Krzysztof Kozlowski) - fsl/fman: Fix missing put_device() call in fman_port_probe (Miaoqian Lin) - NFC: st21nfca: Fix memory leak in device probe and remove (Wei Yongjun) - net: usb: pegasus: Do not drop long Ethernet frames (Matthias-Christian Ott) - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (Dan Carpenter) - selinux: initialize proto variable in selinux_ip_postroute_compat() (Tom Rix) - recordmcount.pl: fix typo in s390 mcount regex (Heiko Carstens) - platform/x86: apple-gmux: use resource_size() with res (Wang Qing) - HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option (Hans de Goede) - Linux 4.14.260 (Greg Kroah-Hartman) - phonet/pep: refuse to enable an unbound pipe (Remi Denis-Courmont) - hamradio: improve the incomplete fix to avoid NPD (Lin Ma) - hamradio: defer ax25 kfree after unregister_netdev (Lin Ma) - ax25: NPD bug when detaching AX25 device (Lin Ma) - hwmon: (lm90) Do not report 'busy' status bit as alarm (Guenter Roeck) - KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (Sean Christopherson) - usb: gadget: u_ether: fix race in setting MAC address in setup phase (Marian Postevca) - f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() (Chao Yu) - ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (Ard Biesheuvel) - pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines (Fabien Dessenne) - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (Andrew Cooper) - Input: atmel_mxt_ts - fix double free in mxt_read_info_block (Jose Exposito) - ALSA: drivers: opl3: Fix incorrect use of vp->state (Colin Ian King) - ALSA: jack: Check the return value of kstrdup() (Xiaoke Wang) - hwmon: (lm90) Fix usage of CONFIG2 register in detect function (Guenter Roeck) - sfc: falcon: Check null pointer of rx_queue->page_ring (Jiasheng Jiang) - drivers: net: smc911x: Check for error irq (Jiasheng Jiang) - fjes: Check for error irq (Jiasheng Jiang) - bonding: fix ad_actor_system option setting to default (Fernando Fernandez Mancera) - net: skip virtio_net_hdr_set_proto if protocol already set (Willem de Bruijn) - qlcnic: potential dereference null pointer of rx_queue->page_ring (Jiasheng Jiang) - spi: change clk_disable_unprepare to clk_unprepare (Dongliang Mu) - HID: holtek: fix mouse probing (Benjamin Tissoires) - can: kvaser_usb: get CAN clock frequency from device (Jimmy Assarsson) - net: usb: lan78xx: add Allied Telesis AT29M2-AF (Greg Jesionowski) - x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33937656] {CVE-2021-26401} - Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Fix bug in retpoline mode on AMD with 'spectre_v2=none' (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401} - ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925502] - ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516} - ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516} - lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33910800] {CVE-2022-0847} - x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33890092] - udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870267] {CVE-2022-0617} - udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870267] {CVE-2022-0617} - scsi: libiscsi: Hold back_lock when calling iscsi_complete_task (Gulam Mohamed) [Orabug: 33851182] - drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840433] {CVE-2022-22942} - drm/i915: Flush TLBs before releasing backing store (Tvrtko Ursulin) [Orabug: 33835811] {CVE-2022-0330} - proc/vmcore: fix clearing user buffer by properly using clear_user() (David Hildenbrand) [Orabug: 33832650] - rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820767] - rds: ib: Make selection of completion_vector QoS aware (Hakon Bugge) [Orabug: 33819408] - Enable CONFIG_DM_DUST and nano for UEK5 (Gulam Mohamed) [Orabug: 33653698] - dm dust: use dust block size for badblocklist index (Bryan Gurney) [Orabug: 33653698] - dm dust: Make dm_dust_init and dm_dust_exit static (YueHaibing) [Orabug: 33653698] - dm dust: remove redundant unsigned comparison to less than zero (Colin Ian King) [Orabug: 33653698] - dm: add dust target (Bryan Gurney) [Orabug: 33653698] - hugetlbfs: flush TLBs correctly after huge_pmd_unshare (Nadav Amit) [Orabug: 33617219] {CVE-2021-4002} - rds/ib: handle posted ACK during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820747] - rds/ib: reap tx completions during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820747] - rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820747] - rds/ib: Kernel change to extend rds-info functionality (Rohit Nair) [Orabug: 33821341] - uek-rpm: Add missing symbols to kabi_lockedlist (Stephen Brennan) [Orabug: 33871558] [4.14.35-2047.512.1] - Revert 'stable: clamp SUBLEVEL in 4.14' (Alan Maguire) [Orabug: 33861950] - tipc: improve size validations for received domain records (Jon Maloy) [Orabug: 33850803] {CVE-2022-0435} {CVE-2022-0435} - cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33825688] {CVE-2022-0492} - blk-stat: delete useless code (Shaohua Li) [Orabug: 33772945] - DMA/rxe: Update default value of RXE_MAX_PDN (Rao Shoaib) [Orabug: 33676598] [4.14.35-2047.512.0] - bpf: Disallow unprivileged bpf by default (Pawan Gupta) [Orabug: 33734682] - bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33734682] - RDMA/rxe: Use correct sizing on buffers holding page DMA addresses (Shiraz Saleem) [Orabug: 33676942] - hwmon: (k10temp) Add support for Zen3 CPUs (Rahul Rohit) [Orabug: 33782835] - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (Ard Biesheuvel) [Orabug: 33787546] - uek-rpm: Pensando: Enable Elba EDAC (Dave Kleikamp) [Orabug: 33831294] - dsc-drivers: update for 1.15.9-C-64 (Dave Kleikamp) [Orabug: 33831294] - drivers/hwmon: Adding support LTC3888 (David Clear) [Orabug: 33831294] - drivers/edac: Add Elba EDAC support (David Clear) [Orabug: 33831294] - arm64/configs: Remove CONFIG_PENSANDO_SOC_CAPMEM_HUGEPAGE (David Clear) [Orabug: 33831294] - drivers/soc/pensando: Add reset cause driver (David Clear) [Orabug: 33831294] - net/rds: Fix memory leak in __rds_conn_create() on alloc_ordered_workqueue fail (Freddy Carrillo) [Orabug: 33811475] - x86/smpboot: check cpu_initialized_mask first after returning from schedule() (Dongli Zhang) [Orabug: 33544127] - Linux 4.14.259 (Greg Kroah-Hartman) - xen/console: harden hvc_xen against event channel storms (Juergen Gross) - Input: touchscreen - avoid bitwise vs logical OR warning (Nathan Chancellor) - ARM: 8800/1: use choice for kernel unwinders (Stefan Agner) - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (Nathan Chancellor) - ARM: 8805/2: remove unneeded naked function usage (Nicolas Pitre) - net: lan78xx: Avoid unnecessary self assignment (Nathan Chancellor) - fuse: annotate lock in fuse_reverse_inval_entry() (Miklos Szeredi) - ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (Fabio Estevam) - firmware: arm_scpi: Fix string overflow in SCPI genpd driver (Sudeep Holla) - net: systemport: Add global locking for descriptor lifecycle (Florian Fainelli) - libata: if T_LENGTH is zero, dma direction should be DMA_NONE (George Kennedy) - timekeeping: Really make sure wall_to_monotonic isn't positive (Yu Liao) - USB: serial: option: add Telit FN990 compositions (Daniele Palmas) - PCI/MSI: Mask MSI-X vectors only on success (Stefan Roese) - PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (Thomas Gleixner) - USB: gadget: bRequestType is a bitfield, not a enum (Greg Kroah-Hartman) - sit: do not call ipip6_dev_free() from sit_init_net() (Eric Dumazet) - net/packet: rx_owner_map depends on pg_vec (Willem de Bruijn) - ixgbe: set X550 MDIO speed before talking to PHY (Cyril Novikov) - igbvf: fix double free in 'igbvf_probe' (Letu Ren) - soc/tegra: fuse: Fix bitwise vs. logical OR warning (Nathan Chancellor) - dmaengine: st_fdma: fix MODULE_ALIAS (Alyssa Ross) - ARM: socfpga: dts: fix qspi node compatible (Dinh Nguyen) - x86/sme: Explicitly map new EFI memmap table as encrypted (Tom Lendacky) - nfsd: fix use-after-free due to delegation race (J. Bruce Fields) - audit: improve robustness of the audit queue handling (Paul Moore) - dm btree remove: fix use after free in rebalance_children() (Joe Thornber) - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (Jerome Marchand) - mac80211: send ADDBA requests using the tid/queue of the aggregation session (Felix Fietkau) - hwmon: (dell-smm) Fix warning on /proc/i8k creation error (Armin Wolf) - bpf: fix panic due to oob in bpf_prog_test_run_skb (Daniel Borkmann) - tracing: Fix a kmemleak false positive in tracing_map (Chen Jun) - net: netlink: af_netlink: Prevent empty skb by adding a check on len. (Harshit Mogalapalli) - i2c: rk3x: Handle a spurious start completion interrupt flag (Ondrej Jirman) - parisc/agp: Annotate parisc agp init functions with __init (Helge Deller) - net/mlx4_en: Update reported link modes for 1/10G (Erik Ekman) - drm/msm/dsi: set default num_data_lanes (Philip Chen) - nfc: fix segfault in nfc_genl_dump_devices_done (Tadeusz Struk) - Linux 4.14.258 (Greg Kroah-Hartman) - irqchip: nvic: Fix offset for Interrupt Priority Offsets (Vladimir Murzin) - irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL (Wudi Wang) - irqchip/armada-370-xp: Fix support for Multi-MSI interrupts (Pali Rohar) - irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() (Pali Rohar) - iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove (Yang Yingliang) - iio: adc: axp20x_adc: fix charging current reporting on AXP22x (Evgeny Boger) - iio: dln2: Check return value of devm_iio_trigger_register() (Lars-Peter Clausen) - iio: dln2-adc: Fix lockdep complaint (Noralf Tronnes) - iio: itg3200: Call iio_trigger_notify_done() on error (Lars-Peter Clausen) - iio: kxsd9: Don't return error code in trigger handler (Lars-Peter Clausen) - iio: ltr501: Don't return error code in trigger handler (Lars-Peter Clausen) - iio: mma8452: Fix trigger reference couting (Lars-Peter Clausen) - iio: stk3310: Don't return error code in interrupt handler (Lars-Peter Clausen) - iio: trigger: stm32-timer: fix MODULE_ALIAS (Alyssa Ross) - iio: trigger: Fix reference counting (Lars-Peter Clausen) - usb: core: config: using bit mask instead of individual bits (Pavel Hofman) - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending (Kai-Heng Feng) - usb: core: config: fix validation of wMaxPacketValue entries (Pavel Hofman) - USB: gadget: zero allocate endpoint 0 buffers (Greg Kroah-Hartman) - USB: gadget: detect too-big endpoint 0 requests (Greg Kroah-Hartman) - net/qla3xxx: fix an error code in ql_adapter_up() (Dan Carpenter) - net, neigh: clear whole pneigh_entry at alloc time (Eric Dumazet) - net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (Joakim Zhang) - net: altera: set a couple error code in probe() (Dan Carpenter) - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (Lee Jones) - qede: validate non LSO skb length (Manish Chopra) - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (Davidlohr Bueso) - tracefs: Set all files to the same group ownership as the mount option (Steven Rostedt (VMware)) - signalfd: use wake_up_pollfree() (Eric Biggers) - binder: use wake_up_pollfree() (Eric Biggers) - wait: add wake_up_pollfree() (Eric Biggers) - libata: add horkage for ASMedia 1092 (Hannes Reinecke) - can: m_can: Disable and ignore ELO interrupt (Brian Silverman) - can: pch_can: pch_can_rx_normal: fix use after free (Vincent Mailhol) - tracefs: Have new files inherit the ownership of their parent (Steven Rostedt (VMware)) - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() (Takashi Iwai) - ALSA: pcm: oss: Limit the period size to 16MB (Takashi Iwai) - ALSA: pcm: oss: Fix negative period/buffer sizes (Takashi Iwai) - ALSA: ctl: Fix copy of updated id with element read/write (Alan Young) - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (Manjong Lee) - IB/hfi1: Correct guard on eager buffer deallocation (Mike Marciniszyn) - seg6: fix the iif in the IPv6 socket control block (Andrea Mayer) - nfp: Fix memory leak in nfp_cpp_area_cache_add() (Jianglei Nie) - bpf: Fix the off-by-two error in range markings (Maxim Mikityanskiy) - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (Krzysztof Kozlowski) - can: sja1000: fix use after free in ems_pcmcia_add_card() (Dan Carpenter) - HID: check for valid USB device for many HID drivers (Greg Kroah-Hartman) - HID: wacom: fix problems when device is not a valid USB device (Greg Kroah-Hartman) - HID: add USB_HID dependancy on some USB HID drivers (Greg Kroah-Hartman) - HID: add USB_HID dependancy to hid-chicony (Greg Kroah-Hartman) - HID: add USB_HID dependancy to hid-prodikeys (Greg Kroah-Hartman) - HID: add hid_is_usb() function to make it simpler for USB detection (Greg Kroah-Hartman) - Linux 4.14.257 (Greg Kroah-Hartman) {CVE-2021-38199} - parisc: Mark cr16 CPU clocksource unstable on all SMP machines (Helge Deller) - serial: core: fix transmit-buffer reset and memleak (Johan Hovold) - serial: pl011: Add ACPI SBSA UART match id (Pierre Gondois) - tty: serial: msm_serial: Deactivate RX DMA for polling support (Sven Eckelmann) - x86/64/mm: Map all kernel memory into trampoline_pgd (Joerg Roedel) - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (Badhri Jagan Sridharan) - xhci: Fix commad ring abort, write all 64 bits to CRCR register. (Mathias Nyman) - vgacon: Propagate console boot parameters before calling 'vc_resize' (Maciej W. Rozycki) - parisc: Fix 'make install' on newer debian releases (Helge Deller) - parisc: Fix KBUILD_IMAGE for self-extracting kernel (Helge Deller) - net/smc: Keep smc_close_final rc during active close (Tony Lu) - net/rds: correct socket tunable error in rds_tcp_tune() (William Kucharski) - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (Sven Schuchmann) - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (Zhou Qingyang) - siphash: use _unaligned version by default (Arnd Bergmann) - net: mpls: Fix notifications when deleting a device (Benjamin Poirier) - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (Zhou Qingyang) - natsemi: xtensa: fix section mismatch warnings (Randy Dunlap) - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (Baokun Li) - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (Baokun Li) - kprobes: Limit max data_size of the kretprobe instances (Masami Hiramatsu) - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (Stephen Suryaputra) - perf hist: Fix memory leak of a perf_hpp_fmt (Ian Rogers) - net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() (Teng Qi) - net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound (zhangyue) - ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (Teng Qi) - scsi: iscsi: Unblock session then wake up error handler (Mike Christie) - thermal: core: Reset previous low and high trip during thermal zone init (Manaf Meethalavalappu Pallikunhi) - btrfs: check-integrity: fix a warning on write caching disabled disk (Wang Yugui) - s390/setup: avoid using memblock_enforce_memory_limit (Vasily Gorbik) - platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep (Slark Xiao) - net: return correct error code (liuguoqiang) - NFSv42: Fix pagecache invalidation after COPY/CLONE (Benjamin Coddington) - ipc: WARN if trying to remove ipc object which is absent (Alexander Mikhalitsyn) - shm: extend forced shm destroy to support objects from several IPC nses (Alexander Mikhalitsyn) - tty: hvc: replace BUG_ON() with negative return value (Juergen Gross) - xen: sync include/xen/interface/io/ring.h with Xen's newest version (Juergen Gross) - fuse: release pipe buf after last use (Miklos Szeredi) - NFC: add NCI_UNREG flag to eliminate the race (Lin Ma) - arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (Marek Behun) - arm64: dts: marvell: armada-37xx: declare PCIe reset pin (Miquel Raynal) - pinctrl: armada-37xx: Correct PWM pins definitions (Marek Behun) - pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup (Gregory CLEMENT) - pinctrl: armada-37xx: Correct mpp definitions (Marek Behun) - PCI: aardvark: Fix checking for link up via LTSSM state (Pali Rohar) - PCI: aardvark: Fix link training (Pali Rohar) - PCI: aardvark: Fix PCIe Max Payload Size setting (Pali Rohar) - PCI: aardvark: Configure PCIe resources from 'ranges' DT property (Pali Rohar) - PCI: aardvark: Remove PCIe outbound window configuration (Evan Wang) - PCI: aardvark: Update comment about disabling link training (Pali Rohar) - PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() (Pali Rohar) - PCI: aardvark: Fix compilation on s390 (Pali Rohar) - PCI: aardvark: Don't touch PCIe registers if no card connected (Pali Rohar) - PCI: aardvark: Introduce an advk_pcie_valid_device() helper (Thomas Petazzoni) - PCI: aardvark: Indicate error in 'val' when config read fails (Pali Rohar) - PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros (Pali Rohar) - PCI: aardvark: Issue PERST via GPIO (Pali Rohar) - PCI: aardvark: Improve link training (Marek Behun) - PCI: aardvark: Train link immediately after enabling training (Pali Rohar) - PCI: aardvark: Wait for endpoint to be ready before training link (Remi Pommarel) - PCI: aardvark: Fix a leaked reference by adding missing of_node_put() (Wen Yang) - PCI: aardvark: Fix I/O space page leak (Sergei Shtylyov) - s390/mm: validate VMA in PGSTE manipulation functions (David Hildenbrand) - tracing: Check pid filtering when creating events (Steven Rostedt (VMware)) - vhost/vsock: fix incorrect used length reported to the guest (Stefano Garzarella) - net/smc: Don't call clcsock shutdown twice when smc shutdown (Tony Lu) - MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 (Huang Pei) - tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows (Eric Dumazet) - net/smc: Ensure the active closing peer first closes clcsock (Tony Lu) - ipv6: fix typos in __ip6_finish_output() (Eric Dumazet) - drm/vc4: fix error code in vc4_create_object() (Dan Carpenter) - scsi: mpt3sas: Fix kernel panic during drive powercycle test (Sreekanth Reddy) - ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (Takashi Iwai) - NFSv42: Don't fail clone() unless the OP_CLONE operation failed (Trond Myklebust) - net: ieee802154: handle iftypes as u32 (Alexander Aring) - ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) - ARM: dts: BCM5301X: Add interrupt properties to GPIO node (Florian Fainelli) - ARM: dts: BCM5301X: Fix I2C controller interrupt (Florian Fainelli) - netfilter: ipvs: Fix reuse connection if RS weight is 0 (yangxingwu) - tracing: Fix pid filtering when triggers are attached (Steven Rostedt (VMware)) - xen: detect uninitialized xenbus in xenbus_init (Stefano Stabellini) - xen: don't continue xenstore initialization in case of errors (Stefano Stabellini) - fuse: fix page stealing (Miklos Szeredi) - staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (Dan Carpenter) - HID: wacom: Use 'Confidence' flag to prevent reporting invalid contacts (Jason Gerecke) - media: cec: copy sequence field for the reply (Hans Verkuil) - ALSA: ctxfi: Fix out-of-range access (Takashi Iwai) - usb: hub: Fix locking issues with address0_mutex (Mathias Nyman) - usb: hub: Fix usb enumeration issue due to address0 race (Mathias Nyman) - USB: serial: option: add Fibocom FM101-GL variants (Mingjie Zhang) - USB: serial: option: add Telit LE910S1 0x9200 composition (Daniele Palmas) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-22942 CVE-2021-4002 CVE-2022-0847 CVE-2022-0435 CVE-2022-0617 CVE-2020-36516 CVE-2022-0330 CVE-2022-24448 CVE-2021-20317 CVE-2022-1016 CVE-2021-26401 CVE-2021-4149 CVE-2022-0492 CVE-2022-26966 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [4.14.35-2047.512.6.el7] - Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34039271] - uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33993774] [4.14.35-2047.512.5] - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34012925] {CVE-2022-1016} - rds: Fix incorrect initialization order (Hakon Bugge) [Orabug: 33923372] - btrfs: unlock newly allocated extent buffer after error (Qu Wenruo) [Orabug: 33997138] {CVE-2021-4149} - sr9700: sanity check for packet length (Oliver Neukum) [Orabug: 33962706] {CVE-2022-26966} [4.14.35-2047.512.4] - Linux 4.14.265 (Greg Kroah-Hartman) - ext4: fix error handling in ext4_restore_inline_data() (Ritesh Harjani) - EDAC/xgene: Fix deferred probing (Sergey Shtylyov) - EDAC/altera: Fix deferred probing (Sergey Shtylyov) - rtc: cmos: Evaluate century appropriate (Riwen Lu) - selftests: futex: Use variable MAKE instead of make (Muhammad Usama Anjum) - nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. (Dai Ngo) - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (John Meneghini) - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (Miaoqian Lin) - drm/i915/overlay: Prevent divide by zero bugs in scaling (Dan Carpenter) - net: macsec: Verify that send_sci is on when setting Tx sci explicitly (Lior Nahmanson) - net: ieee802154: Return meaningful error codes from the netlink helpers (Miquel Raynal) - net: ieee802154: ca8210: Stop leaking skb's (Miquel Raynal) - spi: meson-spicc: add IRQ check in meson_spicc_probe (Miaoqian Lin) - spi: mediatek: Avoid NULL pointer crash in interrupt (Benjamin Gaignard) - spi: bcm-qspi: check for valid cs before applying chip select (Kamal Dasu) - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (Joerg Roedel) - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (Guoqing Jiang) - RDMA/mlx4: Don't continue event handler after memory allocation failure (Leon Romanovsky) - block: bio-integrity: Advance seed correctly for larger interval sizes (Martin K. Petersen) - drm/nouveau: fix off by one in BIOS boundary checking (Nick Lopez) - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (Mark Brown) - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (Mark Brown) - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (Mark Brown) - audit: improve audit queue handling when 'audit=1' on cmdline (Paul Moore) - af_packet: fix data-race in packet_setsockopt / packet_setsockopt (Eric Dumazet) - rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (Eric Dumazet) - net: amd-xgbe: Fix skb data length underflow (Shyam Sundar S K) - net: amd-xgbe: ensure to reset the tx_timer_active flag (Raju Rangoju) - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (Georgi Valkov) - netfilter: nat: limit port clash resolution attempts (Florian Westphal) - netfilter: nat: remove l4 protocol port rovers (Florian Westphal) - bpf: fix truncated jump targets on heavy expansions (Daniel Borkmann) - ipv4: raw: lock the socket in raw_bind() (Eric Dumazet) - yam: fix a memory leak in yam_siocdevprivate() (Hangyu Hua) - ibmvnic: don't spin in tasklet (Sukadev Bhattiprolu) - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (Jose Exposito) - drm/msm: Fix wrong size calculation (Xianting Tian) - net-procfs: show net devices bound packet types (Jianguo Wu) - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (Trond Myklebust) - NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) - hwmon: (lm90) Reduce maximum conversion rate for G781 (Guenter Roeck) - ping: fix the sk_bound_dev_if match in ping_lookup (Xin Long) - net: fix information leakage in /proc/net/ptype (Saeed Mirzamohammadi) - ipv6_tunnel: Rate limit warning messages (Ido Schimmel) - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (John Meneghini) - rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (Matthias Kaehlcke) - rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (Sujit Kautkar) - i40e: fix unsigned stat widths (Joe Damato) - i40e: Increase delay to 1 s after global EMP reset (Jedrzej Jagielski) - lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() (Christophe Leroy) - powerpc/32: Fix boot failure with GCC latent entropy plugin (Christophe Leroy) - net: sfp: ignore disabled SFP node (Marek Behun) - usb: typec: tcpm: Do not disconnect while receiving VBUS off (Badhri Jagan Sridharan) - USB: core: Fix hang in usb_kill_urb by adding memory barriers (Alan Stern) - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (Pavankumar Kondeti) - usb: common: ulpi: Fix crash in ulpi_match() (Jon Hunter) - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (Alan Stern) - tty: Add support for Brainboxes UC cards. (Cameron Williams) - tty: n_gsm: fix SW flow control encoding/handling (daniel.starke@siemens.com) - serial: stm32: fix software flow control transfer (Valentin Caron) - netfilter: nft_payload: do not update layer 4 checksum when mangling fragments (Pablo Neira Ayuso) - PM: wakeup: simplify the output logic of pm_show_wakelocks() (Greg Kroah-Hartman) - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (Steffen Maier) - s390/hypfs: include z/VM guests with access control group set (Vasily Gorbik) - Bluetooth: refactor malicious adv data check (Brian Gix) - Linux 4.14.264 (Greg Kroah-Hartman) - can: bcm: fix UAF of bcm op (Ziyang Xuan) - Linux 4.14.263 (Greg Kroah-Hartman) - gianfar: fix jumbo packets+napi+rx overrun crash (Michael Braun) - gianfar: simplify FCS handling and fix memory leak (Andy Spencer) - drm/ttm/nouveau: don't call tt destroy callback on alloc failure. (Dave Airlie) - mips,s390,sh,sparc: gup: Work around the 'COW can break either way' issue (Ben Hutchings) - lib82596: Fix IRQ check in sni_82596_probe (Miaoqian Lin) - scripts/dtc: dtx_diff: remove broken example from help text (Matthias Schiffer) - bcmgenet: add WOL IRQ check (Sergey Shtylyov) - net_sched: restore 'mpu xxx' handling (Kevin Bracey) - dmaengine: at_xdmac: Fix at_xdmac_lld struct definition (Tudor Ambarus) - dmaengine: at_xdmac: Fix lld view setting (Tudor Ambarus) - dmaengine: at_xdmac: Print debug message after realeasing the lock (Tudor Ambarus) - dmaengine: at_xdmac: Don't start transactions at tx_submit level (Tudor Ambarus) - libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() (Guillaume Nault) - netns: add schedule point in ops_exit_list() (Eric Dumazet) - net: axienet: fix number of TX ring slots for available check (Robert Hancock) - net: axienet: Wait for PhyRstCmplt after core reset (Robert Hancock) - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (Eric Dumazet) - parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries (Miaoqian Lin) - net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (Tobias Waldekranz) - powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses (Tobias Waldekranz) - powerpc/cell: Fix clang -Wimplicit-fallthrough warning (Anders Roxell) - RDMA/rxe: Fix a typo in opcode name (Chengguang Xu) - RDMA/hns: Modify the mapping attribute of doorbell to device (Yixing Liu) - Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization (Lukas Bulwahn) - firmware: Update Kconfig help text for Google firmware (Ben Hutchings) - drm/radeon: fix error handling in radeon_driver_open_kms (Christian Konig) - crypto: stm32/crc32 - Fix kernel BUG triggered in probe() (Marek Vasut) - ext4: don't use the orphan list when migrating an inode (Theodore Ts'o) - ext4: Fix BUG_ON in ext4_bread when write quota data (Ye Bin) - ext4: set csum seed in tmp inode while migrating to extents (Luis Henriques) - ext4: make sure quota gets properly shutdown on error (Jan Kara) - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (Ilan Peer) - cputime, cpuacct: Include guest time in user time in cpuacct.stat (Andrey Ryabinin) - serial: Fix incorrect rs485 polarity on uart open (Lukas Wunner) - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (Petr Cvachoucek) - power: bq25890: Enable continuous conversion for ADC at charging (Yauhen Kharuzhy) - ASoC: mediatek: mt8173: fix device_node leak (Tzung-Bi Shih) - scsi: sr: Don't use GFP_DMA (Christoph Hellwig) - MIPS: Octeon: Fix build errors using clang (Tianjia Zhang) - i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (Lakshmi Sowjanya D) - MIPS: OCTEON: add put_device() after of_find_device_by_node() (Ye Guojin) - ALSA: seq: Set upper limit of processed events (Takashi Iwai) - w1: Misuse of get_user()/put_user() reported by sparse (Christophe Leroy) - i2c: mpc: Correct I2C reset procedure (Joakim Tjernlund) - powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING (Michael Ellerman) - i2c: i801: Don't silently correct invalid transfer size (Heiner Kallweit) - powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (Nicholas Piggin) - powerpc/btext: add missing of_node_put (Julia Lawall) - powerpc/cell: add missing of_node_put (Julia Lawall) - powerpc/powernv: add missing of_node_put (Julia Lawall) - powerpc/6xx: add missing of_node_put (Julia Lawall) - parisc: Avoid calling faulthandler_disabled() twice (John David Anglin) - serial: core: Keep mctrl register state and cached copy in sync (Lukas Wunner) - serial: pl010: Drop CR register reset on set_termios (Lukas Wunner) - net: phy: marvell: configure RGMII delays for 88E1118 (Russell King (Oracle)) - dm space map common: add bounds check to sm_ll_lookup_bitmap() (Joe Thornber) - dm btree: add a defensive bounds check to insert_at() (Joe Thornber) - mac80211: allow non-standard VHT MCS-10/11 (Ping-Ke Shih) - net: mdio: Demote probed message to debug print (Florian Fainelli) - btrfs: remove BUG_ON(!eie) in find_parent_nodes (Josef Bacik) - btrfs: remove BUG_ON() in find_parent_nodes() (Josef Bacik) - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (Kirill A. Shutemov) - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (Rafael J. Wysocki) - ACPICA: Utilities: Avoid deleting the same object twice in a row (Rafael J. Wysocki) - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (Mark Langsdorf) - jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (Kyeong Yoo) - um: registers: Rename function names to avoid conflicts and build problems (Randy Dunlap) - iwlwifi: remove module loading failure message (Johannes Berg) - iwlwifi: fix leaks/bad data after failed firmware load (Johannes Berg) - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (Zekun Shen) - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (Kai-Heng Feng) - arm64: tegra: Adjust length of CCPLEX cluster MMIO region (Thierry Reding) - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (Ulf Hansson) - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang) - media: igorplugusb: receiver overflow should be reported (Sean Young) - bpf: Do not WARN in bpf_warn_invalid_xdp_action() (Paolo Abeni) - net: bonding: debug: avoid printing debug logs when bond is not notifying peers (Suresh Kumar) - ath10k: Fix tx hanging (Sebastian Gottschall) - iwlwifi: mvm: synchronize with FW after multicast commands (Johannes Berg) - media: m920x: don't use stack on USB reads (Mauro Carvalho Chehab) - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang) - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds. (James Hilliard) - floppy: Add max size check for user space request (Xiongwei Song) - usb: uhci: add aspeed ast2600 uhci support (Neal Liu) - mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (Zekun Shen) - HSI: core: Fix return freed object in hsi_new_client (Chengfeng Ye) - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (Hans de Goede) - drm/bridge: megachips: Ensure both bridges are probed before registration (Martyn Welch) - mlxsw: pci: Add shutdown method in PCI driver (Danielle Ratson) - media: b2c2: Add missing check in flexcop_pci_isr: (Zheyu Ma) - HID: apple: Do not reset quirks when the Fn key is not found (Jose Exposito) - usb: gadget: f_fs: Use stream_open() for endpoint files (Pavankumar Kondeti) - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (Ben Skeggs) - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (Zekun Shen) - fs: dlm: filter user dlm messages for kernel locks (Alexander Aring) - Bluetooth: Fix debugfs entry leak in hci_register_dev() (Wei Yongjun) - RDMA/cxgb4: Set queue pair state when being queried (Kamal Heib) - mips: bcm63xx: add support for clk_set_parent() (Randy Dunlap) - mips: lantiq: add support for clk_set_parent() (Randy Dunlap) - misc: lattice-ecp3-config: Fix task hung when firmware load failed (Wei Yongjun) - ASoC: samsung: idma: Check of ioremap return value (Jiasheng Jiang) - iommu/iova: Fix race between FQ timeout and teardown (Xiongfeng Wang) - dmaengine: pxa/mmp: stop referencing config->slave_id (Arnd Bergmann) - RDMA/core: Let ib_find_gid() continue search even after empty entry (Avihai Horon) - scsi: ufs: Fix race conditions related to driver data (Bart Van Assche) - char/mwave: Adjust io port register size (Kees Cook) - ALSA: oss: fix compile error when OSS_DEBUG is enabled (Bixuan Cui) - powerpc/prom_init: Fix improper check of prom_getprop() (Peiwei Hu) - RDMA/hns: Validate the pkey index (Kamal Heib) - ALSA: hda: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) - ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) - ALSA: jack: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) - ext4: avoid trim error on fs with small groups (Jan Kara) - net: mcs7830: handle usb read errors properly (Pavel Skripkin) - pcmcia: fix setting of kthread task states (Dominik Brodowski) - can: xilinx_can: xcan_probe(): check for error irq (Jiasheng Jiang) - can: softing: softing_startstop(): fix set but not used variable warning (Marc Kleine-Budde) - tpm: add request_locality before write TPM_INT_ENABLE (Chen Jun) - spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe (Miaoqian Lin) - fsl/fman: Check for null pointer after calling devm_ioremap (Jiasheng Jiang) - ppp: ensure minimum packet size in ppp_write() (Eric Dumazet) - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() (Zhou Qingyang) - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() (Zhou Qingyang) - x86/mce/inject: Avoid out-of-bounds write when setting flags (Zhang Zixun) - usb: ftdi-elan: fix memory leak on device disconnect (Wei Yongjun) - media: msi001: fix possible null-ptr-deref in msi001_probe() (Wang Hai) - media: dw2102: Fix use after free (Anton Vasilyev) - sched/rt: Try to restart rt period timer when rt runtime exceeded (Li Hua) - media: si2157: Fix 'warm' tuner state detection (Robert Schlabbach) - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (Zhou Qingyang) - media: dib8000: Fix a memleak in dib8000_init() (Zhou Qingyang) - floppy: Fix hang in watchdog when disk is ejected (Tasos Sahanidis) - serial: amba-pl011: do not request memory region twice (Lino Sanfilippo) - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (Zhou Qingyang) - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (Zhou Qingyang) - arm64: dts: qcom: msm8916: fix MMC controller aliases (Dmitry Baryshkov) - netfilter: bridge: add support for pppoe filtering (Florian Westphal) - media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released (Dafna Hirschfeld) - tty: serial: atmel: Call dma_async_issue_pending() (Tudor Ambarus) - tty: serial: atmel: Check return code of dmaengine_submit() (Tudor Ambarus) - crypto: qce - fix uaf on qce_ahash_register_one (Chengfeng Ye) - media: dmxdev: fix UAF when dvb_register_device() fails (Wang Hai) - Bluetooth: stop proccessing malicious adv data (Pavel Skripkin) - media: em28xx: fix memory leak in em28xx_init_dev (Dongliang Mu) - wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND (Bryan O'Donoghue) - clk: bcm-2835: Remove rounding up the dividers (Maxime Ripard) - clk: bcm-2835: Pick the closest clock rate (Maxime Ripard) - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (Wang Hai) - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (Yifeng Li) - shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode (Gang Li) - can: softing_cs: softingcs_probe(): fix memleak on registration failure (Johan Hovold) - media: stk1160: fix control-message timeouts (Johan Hovold) - media: pvrusb2: fix control-message timeouts (Johan Hovold) - media: redrat3: fix control-message timeouts (Johan Hovold) - media: dib0700: fix undefined behavior in tuner shutdown (Michael Kuron) - media: s2255: fix control-message timeouts (Johan Hovold) - media: cpia2: fix control-message timeouts (Johan Hovold) - media: em28xx: fix control-message timeouts (Johan Hovold) - media: mceusb: fix control-message timeouts (Johan Hovold) - media: flexcop-usb: fix control-message timeouts (Johan Hovold) - rtc: cmos: take rtc_lock while reading from CMOS (Mateusz Jonczyk) - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (Krzysztof Kozlowski) - HID: wacom: Avoid using stale array indicies to read contact count (Jason Gerecke) - HID: wacom: Ignore the confidence flag when a touch is removed (Jason Gerecke) - HID: uhid: Fix worker destroying device without any protection (Jann Horn) - Bluetooth: fix init and cleanup of sco_conn.timeout_work (Desmond Cheong Zhi Xi) - Bluetooth: schedule SCO timeouts with delayed_work (Desmond Cheong Zhi Xi) - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (Larry Finger) - media: uvcvideo: fix division by zero at stream start (Johan Hovold) - orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (Christophe JAILLET) - drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (Nathan Chancellor) - staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() (Nathan Chancellor) - random: fix data race on crng init time (Eric Biggers) - random: fix data race on crng_node_pool (Eric Biggers) - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (Brian Silverman) - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (Marc Kleine-Budde) - mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() (Andy Shevchenko) - USB: Fix 'slab-out-of-bounds Write' bug in usb_hcd_poll_rh_status (Alan Stern) - USB: core: Fix bug in resuming hub's handling of wakeup requests (Alan Stern) - Bluetooth: bfusb: fix division by zero in send path (Johan Hovold) - Linux 4.14.262 (Greg Kroah-Hartman) - mISDN: change function names to avoid conflicts (wolfgang huang) - net: udp: fix alignment problem in udp4_seq_show() (yangxingwu) - ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate (William Zhao) - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (Lixiaokeng) - ipv6: Do cleanup if attribute validation fails in multipath route (David Ahern) - ipv6: Continue processing multipath route even if gateway attribute is invalid (David Ahern) - phonet: refcount leak in pep_sock_accep (Hangyu Hua) - rndis_host: support Hytera digital radios (Thomas Toye) - power: reset: ltc2952: Fix use of floating point literals (Nathan Chancellor) - sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc (Eric Dumazet) - ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route (David Ahern) - ipv6: Check attribute length for RTA_GATEWAY in multipath route (David Ahern) - i40e: Fix incorrect netdev's real number of RX/TX queues (Jedrzej Jagielski) - i40e: fix use-after-free in i40e_sync_filters_subtask() (Di Zhu) - mac80211: initialize variable have_higher_than_11mbit (Tom Rix) - RDMA/core: Don't infoleak GRH fields (Leon Romanovsky) - ieee802154: atusb: fix uninit value in atusb_set_extended_addr (Pavel Skripkin) - virtio_pci: Support surprise removal of virtio pci device (Parav Pandit) - tracing: Tag trace_percpu_buffer as a percpu pointer (Naveen N. Rao) - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (Naveen N. Rao) - Bluetooth: btusb: Apply QCA Rome patches for some ATH3012 models (Takashi Iwai) [4.14.35-2047.512.3] - lib/timerqueue: Rely on rbtree semantics for next timer (Davidlohr Bueso) [Orabug: 33406086] {CVE-2021-20317} {CVE-2021-20317} - rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940520] - uek-rpm: remove uek-rpm/ol8 (John Donnelly) [Orabug: 33665655] - uek-rpm: Enable config CONFIG_SCSI_MQ_DEFAULT (Saeed Mirzamohammadi) [Orabug: 33973455] - sched: restore the sliding search window for select_idle_cpu() (Libo Chen) [Orabug: 33965297] - NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958155] {CVE-2022-24448} - Linux 4.14.261 (Greg Kroah-Hartman) - sctp: use call_rcu to free endpoint (Xin Long) - net: fix use-after-free in tw_timer_handler (Muchun Song) - Input: spaceball - fix parsing of movement data packets (Leo L. Schwab) - Input: appletouch - initialize work before device registration (Pavel Skripkin) - binder: fix async_free_space accounting for empty parcels (Todd Kjos) - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. (Vincent Pelletier) - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. (Mathias Nyman) - uapi: fix linux/nfc.h userspace compilation errors (Dmitry V. Levin) - nfc: uapi: use kernel size_t to fix user-space builds (Krzysztof Kozlowski) - fsl/fman: Fix missing put_device() call in fman_port_probe (Miaoqian Lin) - NFC: st21nfca: Fix memory leak in device probe and remove (Wei Yongjun) - net: usb: pegasus: Do not drop long Ethernet frames (Matthias-Christian Ott) - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (Dan Carpenter) - selinux: initialize proto variable in selinux_ip_postroute_compat() (Tom Rix) - recordmcount.pl: fix typo in s390 mcount regex (Heiko Carstens) - platform/x86: apple-gmux: use resource_size() with res (Wang Qing) - HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option (Hans de Goede) - Linux 4.14.260 (Greg Kroah-Hartman) - phonet/pep: refuse to enable an unbound pipe (Remi Denis-Courmont) - hamradio: improve the incomplete fix to avoid NPD (Lin Ma) - hamradio: defer ax25 kfree after unregister_netdev (Lin Ma) - ax25: NPD bug when detaching AX25 device (Lin Ma) - hwmon: (lm90) Do not report 'busy' status bit as alarm (Guenter Roeck) - KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (Sean Christopherson) - usb: gadget: u_ether: fix race in setting MAC address in setup phase (Marian Postevca) - f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() (Chao Yu) - ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (Ard Biesheuvel) - pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines (Fabien Dessenne) - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (Andrew Cooper) - Input: atmel_mxt_ts - fix double free in mxt_read_info_block (Jose Exposito) - ALSA: drivers: opl3: Fix incorrect use of vp->state (Colin Ian King) - ALSA: jack: Check the return value of kstrdup() (Xiaoke Wang) - hwmon: (lm90) Fix usage of CONFIG2 register in detect function (Guenter Roeck) - sfc: falcon: Check null pointer of rx_queue->page_ring (Jiasheng Jiang) - drivers: net: smc911x: Check for error irq (Jiasheng Jiang) - fjes: Check for error irq (Jiasheng Jiang) - bonding: fix ad_actor_system option setting to default (Fernando Fernandez Mancera) - net: skip virtio_net_hdr_set_proto if protocol already set (Willem de Bruijn) - qlcnic: potential dereference null pointer of rx_queue->page_ring (Jiasheng Jiang) - spi: change clk_disable_unprepare to clk_unprepare (Dongliang Mu) - HID: holtek: fix mouse probing (Benjamin Tissoires) - can: kvaser_usb: get CAN clock frequency from device (Jimmy Assarsson) - net: usb: lan78xx: add Allied Telesis AT29M2-AF (Greg Jesionowski) - x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33937656] {CVE-2021-26401} - Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Fix bug in retpoline mode on AMD with 'spectre_v2=none' (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401} - ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925502] - ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516} - ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516} - lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33910800] {CVE-2022-0847} - x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33890092] - udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870267] {CVE-2022-0617} - udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870267] {CVE-2022-0617} - scsi: libiscsi: Hold back_lock when calling iscsi_complete_task (Gulam Mohamed) [Orabug: 33851182] - drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840433] {CVE-2022-22942} - drm/i915: Flush TLBs before releasing backing store (Tvrtko Ursulin) [Orabug: 33835811] {CVE-2022-0330} - proc/vmcore: fix clearing user buffer by properly using clear_user() (David Hildenbrand) [Orabug: 33832650] - rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820767] - rds: ib: Make selection of completion_vector QoS aware (Hakon Bugge) [Orabug: 33819408] - Enable CONFIG_DM_DUST and nano for UEK5 (Gulam Mohamed) [Orabug: 33653698] - dm dust: use dust block size for badblocklist index (Bryan Gurney) [Orabug: 33653698] - dm dust: Make dm_dust_init and dm_dust_exit static (YueHaibing) [Orabug: 33653698] - dm dust: remove redundant unsigned comparison to less than zero (Colin Ian King) [Orabug: 33653698] - dm: add dust target (Bryan Gurney) [Orabug: 33653698] - hugetlbfs: flush TLBs correctly after huge_pmd_unshare (Nadav Amit) [Orabug: 33617219] {CVE-2021-4002} - rds/ib: handle posted ACK during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820747] - rds/ib: reap tx completions during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820747] - rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820747] - rds/ib: Kernel change to extend rds-info functionality (Rohit Nair) [Orabug: 33821341] - uek-rpm: Add missing symbols to kabi_lockedlist (Stephen Brennan) [Orabug: 33871558] [4.14.35-2047.512.1] - Revert 'stable: clamp SUBLEVEL in 4.14' (Alan Maguire) [Orabug: 33861950] - tipc: improve size validations for received domain records (Jon Maloy) [Orabug: 33850803] {CVE-2022-0435} {CVE-2022-0435} - cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33825688] {CVE-2022-0492} - blk-stat: delete useless code (Shaohua Li) [Orabug: 33772945] - DMA/rxe: Update default value of RXE_MAX_PDN (Rao Shoaib) [Orabug: 33676598] [4.14.35-2047.512.0] - bpf: Disallow unprivileged bpf by default (Pawan Gupta) [Orabug: 33734682] - bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33734682] - RDMA/rxe: Use correct sizing on buffers holding page DMA addresses (Shiraz Saleem) [Orabug: 33676942] - hwmon: (k10temp) Add support for Zen3 CPUs (Rahul Rohit) [Orabug: 33782835] - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (Ard Biesheuvel) [Orabug: 33787546] - uek-rpm: Pensando: Enable Elba EDAC (Dave Kleikamp) [Orabug: 33831294] - dsc-drivers: update for 1.15.9-C-64 (Dave Kleikamp) [Orabug: 33831294] - drivers/hwmon: Adding support LTC3888 (David Clear) [Orabug: 33831294] - drivers/edac: Add Elba EDAC support (David Clear) [Orabug: 33831294] - arm64/configs: Remove CONFIG_PENSANDO_SOC_CAPMEM_HUGEPAGE (David Clear) [Orabug: 33831294] - drivers/soc/pensando: Add reset cause driver (David Clear) [Orabug: 33831294] - net/rds: Fix memory leak in __rds_conn_create() on alloc_ordered_workqueue fail (Freddy Carrillo) [Orabug: 33811475] - x86/smpboot: check cpu_initialized_mask first after returning from schedule() (Dongli Zhang) [Orabug: 33544127] - Linux 4.14.259 (Greg Kroah-Hartman) - xen/console: harden hvc_xen against event channel storms (Juergen Gross) - Input: touchscreen - avoid bitwise vs logical OR warning (Nathan Chancellor) - ARM: 8800/1: use choice for kernel unwinders (Stefan Agner) - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (Nathan Chancellor) - ARM: 8805/2: remove unneeded naked function usage (Nicolas Pitre) - net: lan78xx: Avoid unnecessary self assignment (Nathan Chancellor) - fuse: annotate lock in fuse_reverse_inval_entry() (Miklos Szeredi) - ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (Fabio Estevam) - firmware: arm_scpi: Fix string overflow in SCPI genpd driver (Sudeep Holla) - net: systemport: Add global locking for descriptor lifecycle (Florian Fainelli) - libata: if T_LENGTH is zero, dma direction should be DMA_NONE (George Kennedy) - timekeeping: Really make sure wall_to_monotonic isn't positive (Yu Liao) - USB: serial: option: add Telit FN990 compositions (Daniele Palmas) - PCI/MSI: Mask MSI-X vectors only on success (Stefan Roese) - PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (Thomas Gleixner) - USB: gadget: bRequestType is a bitfield, not a enum (Greg Kroah-Hartman) - sit: do not call ipip6_dev_free() from sit_init_net() (Eric Dumazet) - net/packet: rx_owner_map depends on pg_vec (Willem de Bruijn) - ixgbe: set X550 MDIO speed before talking to PHY (Cyril Novikov) - igbvf: fix double free in 'igbvf_probe' (Letu Ren) - soc/tegra: fuse: Fix bitwise vs. logical OR warning (Nathan Chancellor) - dmaengine: st_fdma: fix MODULE_ALIAS (Alyssa Ross) - ARM: socfpga: dts: fix qspi node compatible (Dinh Nguyen) - x86/sme: Explicitly map new EFI memmap table as encrypted (Tom Lendacky) - nfsd: fix use-after-free due to delegation race (J. Bruce Fields) - audit: improve robustness of the audit queue handling (Paul Moore) - dm btree remove: fix use after free in rebalance_children() (Joe Thornber) - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (Jerome Marchand) - mac80211: send ADDBA requests using the tid/queue of the aggregation session (Felix Fietkau) - hwmon: (dell-smm) Fix warning on /proc/i8k creation error (Armin Wolf) - bpf: fix panic due to oob in bpf_prog_test_run_skb (Daniel Borkmann) - tracing: Fix a kmemleak false positive in tracing_map (Chen Jun) - net: netlink: af_netlink: Prevent empty skb by adding a check on len. (Harshit Mogalapalli) - i2c: rk3x: Handle a spurious start completion interrupt flag (Ondrej Jirman) - parisc/agp: Annotate parisc agp init functions with __init (Helge Deller) - net/mlx4_en: Update reported link modes for 1/10G (Erik Ekman) - drm/msm/dsi: set default num_data_lanes (Philip Chen) - nfc: fix segfault in nfc_genl_dump_devices_done (Tadeusz Struk) - Linux 4.14.258 (Greg Kroah-Hartman) - irqchip: nvic: Fix offset for Interrupt Priority Offsets (Vladimir Murzin) - irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL (Wudi Wang) - irqchip/armada-370-xp: Fix support for Multi-MSI interrupts (Pali Rohar) - irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() (Pali Rohar) - iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove (Yang Yingliang) - iio: adc: axp20x_adc: fix charging current reporting on AXP22x (Evgeny Boger) - iio: dln2: Check return value of devm_iio_trigger_register() (Lars-Peter Clausen) - iio: dln2-adc: Fix lockdep complaint (Noralf Tronnes) - iio: itg3200: Call iio_trigger_notify_done() on error (Lars-Peter Clausen) - iio: kxsd9: Don't return error code in trigger handler (Lars-Peter Clausen) - iio: ltr501: Don't return error code in trigger handler (Lars-Peter Clausen) - iio: mma8452: Fix trigger reference couting (Lars-Peter Clausen) - iio: stk3310: Don't return error code in interrupt handler (Lars-Peter Clausen) - iio: trigger: stm32-timer: fix MODULE_ALIAS (Alyssa Ross) - iio: trigger: Fix reference counting (Lars-Peter Clausen) - usb: core: config: using bit mask instead of individual bits (Pavel Hofman) - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending (Kai-Heng Feng) - usb: core: config: fix validation of wMaxPacketValue entries (Pavel Hofman) - USB: gadget: zero allocate endpoint 0 buffers (Greg Kroah-Hartman) - USB: gadget: detect too-big endpoint 0 requests (Greg Kroah-Hartman) - net/qla3xxx: fix an error code in ql_adapter_up() (Dan Carpenter) - net, neigh: clear whole pneigh_entry at alloc time (Eric Dumazet) - net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (Joakim Zhang) - net: altera: set a couple error code in probe() (Dan Carpenter) - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (Lee Jones) - qede: validate non LSO skb length (Manish Chopra) - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (Davidlohr Bueso) - tracefs: Set all files to the same group ownership as the mount option (Steven Rostedt (VMware)) - signalfd: use wake_up_pollfree() (Eric Biggers) - binder: use wake_up_pollfree() (Eric Biggers) - wait: add wake_up_pollfree() (Eric Biggers) - libata: add horkage for ASMedia 1092 (Hannes Reinecke) - can: m_can: Disable and ignore ELO interrupt (Brian Silverman) - can: pch_can: pch_can_rx_normal: fix use after free (Vincent Mailhol) - tracefs: Have new files inherit the ownership of their parent (Steven Rostedt (VMware)) - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() (Takashi Iwai) - ALSA: pcm: oss: Limit the period size to 16MB (Takashi Iwai) - ALSA: pcm: oss: Fix negative period/buffer sizes (Takashi Iwai) - ALSA: ctl: Fix copy of updated id with element read/write (Alan Young) - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (Manjong Lee) - IB/hfi1: Correct guard on eager buffer deallocation (Mike Marciniszyn) - seg6: fix the iif in the IPv6 socket control block (Andrea Mayer) - nfp: Fix memory leak in nfp_cpp_area_cache_add() (Jianglei Nie) - bpf: Fix the off-by-two error in range markings (Maxim Mikityanskiy) - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (Krzysztof Kozlowski) - can: sja1000: fix use after free in ems_pcmcia_add_card() (Dan Carpenter) - HID: check for valid USB device for many HID drivers (Greg Kroah-Hartman) - HID: wacom: fix problems when device is not a valid USB device (Greg Kroah-Hartman) - HID: add USB_HID dependancy on some USB HID drivers (Greg Kroah-Hartman) - HID: add USB_HID dependancy to hid-chicony (Greg Kroah-Hartman) - HID: add USB_HID dependancy to hid-prodikeys (Greg Kroah-Hartman) - HID: add hid_is_usb() function to make it simpler for USB detection (Greg Kroah-Hartman) - Linux 4.14.257 (Greg Kroah-Hartman) {CVE-2021-38199} - parisc: Mark cr16 CPU clocksource unstable on all SMP machines (Helge Deller) - serial: core: fix transmit-buffer reset and memleak (Johan Hovold) - serial: pl011: Add ACPI SBSA UART match id (Pierre Gondois) - tty: serial: msm_serial: Deactivate RX DMA for polling support (Sven Eckelmann) - x86/64/mm: Map all kernel memory into trampoline_pgd (Joerg Roedel) - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (Badhri Jagan Sridharan) - xhci: Fix commad ring abort, write all 64 bits to CRCR register. (Mathias Nyman) - vgacon: Propagate console boot parameters before calling 'vc_resize' (Maciej W. Rozycki) - parisc: Fix 'make install' on newer debian releases (Helge Deller) - parisc: Fix KBUILD_IMAGE for self-extracting kernel (Helge Deller) - net/smc: Keep smc_close_final rc during active close (Tony Lu) - net/rds: correct socket tunable error in rds_tcp_tune() (William Kucharski) - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (Sven Schuchmann) - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (Zhou Qingyang) - siphash: use _unaligned version by default (Arnd Bergmann) - net: mpls: Fix notifications when deleting a device (Benjamin Poirier) - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (Zhou Qingyang) - natsemi: xtensa: fix section mismatch warnings (Randy Dunlap) - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (Baokun Li) - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (Baokun Li) - kprobes: Limit max data_size of the kretprobe instances (Masami Hiramatsu) - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (Stephen Suryaputra) - perf hist: Fix memory leak of a perf_hpp_fmt (Ian Rogers) - net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() (Teng Qi) - net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound (zhangyue) - ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (Teng Qi) - scsi: iscsi: Unblock session then wake up error handler (Mike Christie) - thermal: core: Reset previous low and high trip during thermal zone init (Manaf Meethalavalappu Pallikunhi) - btrfs: check-integrity: fix a warning on write caching disabled disk (Wang Yugui) - s390/setup: avoid using memblock_enforce_memory_limit (Vasily Gorbik) - platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep (Slark Xiao) - net: return correct error code (liuguoqiang) - NFSv42: Fix pagecache invalidation after COPY/CLONE (Benjamin Coddington) - ipc: WARN if trying to remove ipc object which is absent (Alexander Mikhalitsyn) - shm: extend forced shm destroy to support objects from several IPC nses (Alexander Mikhalitsyn) - tty: hvc: replace BUG_ON() with negative return value (Juergen Gross) - xen: sync include/xen/interface/io/ring.h with Xen's newest version (Juergen Gross) - fuse: release pipe buf after last use (Miklos Szeredi) - NFC: add NCI_UNREG flag to eliminate the race (Lin Ma) - arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (Marek Behun) - arm64: dts: marvell: armada-37xx: declare PCIe reset pin (Miquel Raynal) - pinctrl: armada-37xx: Correct PWM pins definitions (Marek Behun) - pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup (Gregory CLEMENT) - pinctrl: armada-37xx: Correct mpp definitions (Marek Behun) - PCI: aardvark: Fix checking for link up via LTSSM state (Pali Rohar) - PCI: aardvark: Fix link training (Pali Rohar) - PCI: aardvark: Fix PCIe Max Payload Size setting (Pali Rohar) - PCI: aardvark: Configure PCIe resources from 'ranges' DT property (Pali Rohar) - PCI: aardvark: Remove PCIe outbound window configuration (Evan Wang) - PCI: aardvark: Update comment about disabling link training (Pali Rohar) - PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() (Pali Rohar) - PCI: aardvark: Fix compilation on s390 (Pali Rohar) - PCI: aardvark: Don't touch PCIe registers if no card connected (Pali Rohar) - PCI: aardvark: Introduce an advk_pcie_valid_device() helper (Thomas Petazzoni) - PCI: aardvark: Indicate error in 'val' when config read fails (Pali Rohar) - PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros (Pali Rohar) - PCI: aardvark: Issue PERST via GPIO (Pali Rohar) - PCI: aardvark: Improve link training (Marek Behun) - PCI: aardvark: Train link immediately after enabling training (Pali Rohar) - PCI: aardvark: Wait for endpoint to be ready before training link (Remi Pommarel) - PCI: aardvark: Fix a leaked reference by adding missing of_node_put() (Wen Yang) - PCI: aardvark: Fix I/O space page leak (Sergei Shtylyov) - s390/mm: validate VMA in PGSTE manipulation functions (David Hildenbrand) - tracing: Check pid filtering when creating events (Steven Rostedt (VMware)) - vhost/vsock: fix incorrect used length reported to the guest (Stefano Garzarella) - net/smc: Don't call clcsock shutdown twice when smc shutdown (Tony Lu) - MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 (Huang Pei) - tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows (Eric Dumazet) - net/smc: Ensure the active closing peer first closes clcsock (Tony Lu) - ipv6: fix typos in __ip6_finish_output() (Eric Dumazet) - drm/vc4: fix error code in vc4_create_object() (Dan Carpenter) - scsi: mpt3sas: Fix kernel panic during drive powercycle test (Sreekanth Reddy) - ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (Takashi Iwai) - NFSv42: Don't fail clone() unless the OP_CLONE operation failed (Trond Myklebust) - net: ieee802154: handle iftypes as u32 (Alexander Aring) - ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) - ARM: dts: BCM5301X: Add interrupt properties to GPIO node (Florian Fainelli) - ARM: dts: BCM5301X: Fix I2C controller interrupt (Florian Fainelli) - netfilter: ipvs: Fix reuse connection if RS weight is 0 (yangxingwu) - tracing: Fix pid filtering when triggers are attached (Steven Rostedt (VMware)) - xen: detect uninitialized xenbus in xenbus_init (Stefano Stabellini) - xen: don't continue xenstore initialization in case of errors (Stefano Stabellini) - fuse: fix page stealing (Miklos Szeredi) - staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (Dan Carpenter) - HID: wacom: Use 'Confidence' flag to prevent reporting invalid contacts (Jason Gerecke) - media: cec: copy sequence field for the reply (Hans Verkuil) - ALSA: ctxfi: Fix out-of-range access (Takashi Iwai) - usb: hub: Fix locking issues with address0_mutex (Mathias Nyman) - usb: hub: Fix usb enumeration issue due to address0 race (Mathias Nyman) - USB: serial: option: add Fibocom FM101-GL variants (Mingjie Zhang) - USB: serial: option: add Telit LE910S1 0x9200 composition (Daniele Palmas) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2020-36516 CVE-2022-0617 CVE-2022-24448 CVE-2022-26966 CVE-2021-20317 CVE-2022-1016 CVE-2021-4149 CVE-2022-22942 CVE-2022-0492 CVE-2022-0330 CVE-2022-0435 CVE-2021-26401 CVE-2022-0847 CVE-2021-4002 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 8 [1.0.2-1.el8] - Fix multiple CVEs : CVE-2017-18342, CVE-2020-10109, CVE-2020-10108, CVE-2021-33203, CVE-2021-33571, CVE-2021-44420, CVE-2021-31542, CVE-2021-28658, CVE-2021-28957, CVE-2021-43818, CVE-2020-27783 [Orabug: 34109801] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2017-18342 CVE-2021-28658 CVE-2021-28957 CVE-2020-10109 CVE-2021-43818 CVE-2020-27783 CVE-2021-33571 CVE-2021-33203 CVE-2021-31542 CVE-2020-10108 CVE-2021-44420 cpe:/a:oracle:linux:8::automation Oracle Linux 7 [15:4.2.1-16.el7] - Document CVE-2021-4145 as fixed (Mark Kanda) [Orabug: 33791496] {CVE-2021-4145} - migration: Tally pre-copy, downtime and post-copy bytes independently (David Edmondson) - migration: Introduce ram_transferred_add() (David Edmondson) - ACPI ERST: specification for ERST support (Eric DeVolder) - ACPI ERST: step 6 of bios-tables-test.c (Eric DeVolder) - ACPI ERST: bios-tables-test testcase (Eric DeVolder) - ACPI ERST: qtest for ERST (Eric DeVolder) - ACPI ERST: create ACPI ERST table for pc/x86 machines (Eric DeVolder) - ACPI ERST: build the ACPI ERST table (Eric DeVolder) - ACPI ERST: support for ACPI ERST feature (Eric DeVolder) - ACPI ERST: header file for ERST (Eric DeVolder) - ACPI ERST: PCI device_id for ERST (Eric DeVolder) - ACPI ERST: bios-tables-test.c steps 1 and 2 (Eric DeVolder) - ACPI: cleanup bios-tables-test state (Eric DeVolder) - KVM: x86: believe what KVM says about WAITPKG (Paolo Bonzini) [Orabug: 33832295] - cputlb: destroy CPUTLB with tlb_destroy (Emilio G. Cota) [Orabug: 33428107] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-4145 cpe:/a:oracle:linux:7::developer_kvm_utils cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:linux:7::kvm_utils cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 6 Oracle Linux 7 [4.1.12-124.62.3] - fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33679806] {CVE-2021-0920} - fs: add fget_many() and fput_many() (Jens Axboe) [Orabug: 33679806] - af_unix: fix garbage collect vs MSG_PEEK (Miklos Szeredi) [Orabug: 33679806] {CVE-2021-0920} - net: split out functions related to registering inflight socket files (Jens Axboe) [Orabug: 33679806] [4.1.12-124.62.2] - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34012926] {CVE-2022-1016} - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (Nikola Livic) [Orabug: 34020970] {CVE-2021-4157} [4.1.12-124.62.1] - Bluetooth: use correct lock to prevent UAF of hdev object (Lin Ma) [Orabug: 33014054] {CVE-2021-3573} - hugetlbfs: flush TLBs correctly after huge_pmd_unshare (Nadav Amit) [Orabug: 33617221] {CVE-2021-4002} - udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870269] {CVE-2022-0617} - udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870269] {CVE-2022-0617} - phonet: refcount leak in pep_sock_accep (Hangyu Hua) [Orabug: 33962762] {CVE-2021-45095} - btrfs: unlock newly allocated extent buffer after error (Qu Wenruo) [Orabug: 33997139] {CVE-2021-4149} - quota: correct error number in free_dqentry() (Zhang Yi) [Orabug: 33997256] {CVE-2021-45868} - quota: check block number when reading the block in quota file (Zhang Yi) [Orabug: 33997256] {CVE-2021-45868} - af_unix: fix races in sk_peer_pid and sk_peer_cred accesses (Eric Dumazet) [Orabug: 34006847] {CVE-2021-4203} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-3573 CVE-2021-4002 CVE-2021-45868 CVE-2022-0617 CVE-2021-4149 CVE-2021-4203 CVE-2021-0920 CVE-2021-45095 CVE-2022-1016 CVE-2021-4157 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 7 [2.17-325.0.6] - OraBug 33968985 Security Patches - This release fixes CVE-2022-23219, CVE-2022-23218, and CVE-2021-3999 Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [2.17-325.0.3] - OraBug 33968985 Security Patches This release fixes CVE-2022-23219, CVE-2022-23218, and CVE-2021-3999 Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-23219 CVE-2022-23218 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 6 [2.0.1-13.0.1] - Prevent integer overflow in storeRawNames [CVE-2022-25315][Orabug: 34059442] - Add missing validation of encoding [CVE-2022-25235][Orabug: 34059442] - Protect against malicious namespace declarations [CVE-2022-25236][Orabug: 34059442] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-25236 CVE-2022-25235 CVE-2022-25315 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 7 Oracle Linux 8 olcne [1.4.3-1] - Update Istio to 1.13.2 istio [1.12.6-1] - Addresses CVE-2022-24726, CVE-2022-24921 istio [1.13.2-1] - Added Oracle specific files for 1.13.2-1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-24921 CVE-2022-24726 cpe:/a:oracle:linux:8::olcne14 cpe:/a:oracle:linux:8::olcne15 cpe:/a:oracle:linux:8::olcne13 cpe:/a:oracle:linux:7::olcne13 cpe:/a:oracle:linux:7::olcne15 cpe:/a:oracle:linux:7::olcne14 Oracle Linux 7 Oracle Linux 8 olcne [1.3.5-1] - Update Istio to 1.12.6(prometheus-2.30.1, grafana-7.5.15) istio [1.12.6-1] - Addresses CVE-2022-24726, CVE-2022-24921 istio [1.11.4-1] - Added Oracle specific files for 1.11.4-1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-24726 CVE-2022-24921 cpe:/a:oracle:linux:8::olcne14 cpe:/a:oracle:linux:8::olcne15 cpe:/a:oracle:linux:8::olcne13 cpe:/a:oracle:linux:7::olcne13 cpe:/a:oracle:linux:7::olcne15 cpe:/a:oracle:linux:7::olcne14 Oracle Linux 8 qemu-kvm [4.2.1.16.el8] - Document CVE-2021-4145 as fixed (Mark Kanda) [Orabug: 33791496] {CVE-2021-4145} - migration: Tally pre-copy, downtime and post-copy bytes independently (David Edmondson) - migration: Introduce ram_transferred_add() (David Edmondson) - ACPI ERST: specification for ERST support (Eric DeVolder) - ACPI ERST: step 6 of bios-tables-test.c (Eric DeVolder) - ACPI ERST: bios-tables-test testcase (Eric DeVolder) - ACPI ERST: qtest for ERST (Eric DeVolder) - ACPI ERST: create ACPI ERST table for pc/x86 machines (Eric DeVolder) - ACPI ERST: build the ACPI ERST table (Eric DeVolder) - ACPI ERST: support for ACPI ERST feature (Eric DeVolder) - ACPI ERST: header file for ERST (Eric DeVolder) - ACPI ERST: PCI device_id for ERST (Eric DeVolder) - ACPI ERST: bios-tables-test.c steps 1 and 2 (Eric DeVolder) - ACPI: cleanup bios-tables-test state (Eric DeVolder) - KVM: x86: believe what KVM says about WAITPKG (Paolo Bonzini) [Orabug: 33832295] - cputlb: destroy CPUTLB with tlb_destroy (Emilio G. Cota) [Orabug: 33428107] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-4145 cpe:/a:oracle:linux:8::kvm_appstream Oracle Linux 7 Oracle Linux 8 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-27666 CVE-2020-24504 CVE-2021-45095 CVE-2022-1158 CVE-2020-24502 CVE-2020-24503 CVE-2022-1055 CVE-2022-1016 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:6:baseos_base cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 cpe:/o:oracle:linux:8:5:baseos_patch Oracle Linux 7 [4.14.35-2047.513.2.el7] - Revert 'rds/ib: recover rds connection from stuck tx path' (Nagappan Ramasamy Palaniappan) [Orabug: 34124234] [4.14.35-2047.513.1.el7] - mm/page-writeback: Fix performance when BDI's share of ratio is 0. (Chi Wu) [Orabug: 34050050] - esp: Fix possible buffer overflow in ESP transformation (Steffen Klassert) [Orabug: 33997301] {CVE-2022-27666} [4.14.35-2047.513.0.el7] - rds: ib: Initialize SG table properly (Hakon Bugge) [Orabug: 34031914] - rds: ib: Fix racy credit tracepoints (Hakon Bugge) [Orabug: 33980856] - net/rds: Fix math on error code (Freddy Carrillo) [Orabug: 33945366] - ice: Add E810-XXV pci device ids to UEK5 (John Donnelly) [Orabug: 33750110] [4.14.35-2047.512.6.el7] - Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34039271] [4.14.35-2047.512.5.el7] - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34012925] {CVE-2022-1016} - rds: Fix incorrect initialization order (Hakon Bugge) [Orabug: 33923372] - btrfs: unlock newly allocated extent buffer after error (Qu Wenruo) [Orabug: 33997138] {CVE-2021-4149} - sr9700: sanity check for packet length (Oliver Neukum) [Orabug: 33962706] {CVE-2022-26966} [4.14.35-2047.512.4.el7] - Linux 4.14.265 (Greg Kroah-Hartman) - ext4: fix error handling in ext4_restore_inline_data() (Ritesh Harjani) - EDAC/xgene: Fix deferred probing (Sergey Shtylyov) - EDAC/altera: Fix deferred probing (Sergey Shtylyov) - rtc: cmos: Evaluate century appropriate (Riwen Lu) - selftests: futex: Use variable MAKE instead of make (Muhammad Usama Anjum) - nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. (Dai Ngo) - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (John Meneghini) - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (Miaoqian Lin) - drm/i915/overlay: Prevent divide by zero bugs in scaling (Dan Carpenter) - net: macsec: Verify that send_sci is on when setting Tx sci explicitly (Lior Nahmanson) - net: ieee802154: Return meaningful error codes from the netlink helpers (Miquel Raynal) - net: ieee802154: ca8210: Stop leaking skb's (Miquel Raynal) - spi: meson-spicc: add IRQ check in meson_spicc_probe (Miaoqian Lin) - spi: mediatek: Avoid NULL pointer crash in interrupt (Benjamin Gaignard) - spi: bcm-qspi: check for valid cs before applying chip select (Kamal Dasu) - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (Joerg Roedel) - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (Guoqing Jiang) - RDMA/mlx4: Don't continue event handler after memory allocation failure (Leon Romanovsky) - block: bio-integrity: Advance seed correctly for larger interval sizes (Martin K. Petersen) - drm/nouveau: fix off by one in BIOS boundary checking (Nick Lopez) - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (Mark Brown) - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (Mark Brown) - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (Mark Brown) - audit: improve audit queue handling when 'audit=1' on cmdline (Paul Moore) - af_packet: fix data-race in packet_setsockopt / packet_setsockopt (Eric Dumazet) - rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (Eric Dumazet) - net: amd-xgbe: Fix skb data length underflow (Shyam Sundar S K) - net: amd-xgbe: ensure to reset the tx_timer_active flag (Raju Rangoju) - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (Georgi Valkov) - netfilter: nat: limit port clash resolution attempts (Florian Westphal) - netfilter: nat: remove l4 protocol port rovers (Florian Westphal) - bpf: fix truncated jump targets on heavy expansions (Daniel Borkmann) - ipv4: raw: lock the socket in raw_bind() (Eric Dumazet) - yam: fix a memory leak in yam_siocdevprivate() (Hangyu Hua) - ibmvnic: don't spin in tasklet (Sukadev Bhattiprolu) - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (Jose Exposito) - drm/msm: Fix wrong size calculation (Xianting Tian) - net-procfs: show net devices bound packet types (Jianguo Wu) - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (Trond Myklebust) - hwmon: (lm90) Reduce maximum conversion rate for G781 (Guenter Roeck) - ping: fix the sk_bound_dev_if match in ping_lookup (Xin Long) - net: fix information leakage in /proc/net/ptype (Saeed Mirzamohammadi) - ipv6_tunnel: Rate limit warning messages (Ido Schimmel) - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (John Meneghini) - rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (Matthias Kaehlcke) - rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (Sujit Kautkar) - i40e: fix unsigned stat widths (Joe Damato) - i40e: Increase delay to 1 s after global EMP reset (Jedrzej Jagielski) - lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() (Christophe Leroy) - powerpc/32: Fix boot failure with GCC latent entropy plugin (Christophe Leroy) - net: sfp: ignore disabled SFP node (Marek Behun) - usb: typec: tcpm: Do not disconnect while receiving VBUS off (Badhri Jagan Sridharan) - USB: core: Fix hang in usb_kill_urb by adding memory barriers (Alan Stern) - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (Pavankumar Kondeti) - usb: common: ulpi: Fix crash in ulpi_match() (Jon Hunter) - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (Alan Stern) - tty: Add support for Brainboxes UC cards. (Cameron Williams) - tty: n_gsm: fix SW flow control encoding/handling (daniel.starke@siemens.com) - serial: stm32: fix software flow control transfer (Valentin Caron) - netfilter: nft_payload: do not update layer 4 checksum when mangling fragments (Pablo Neira Ayuso) - PM: wakeup: simplify the output logic of pm_show_wakelocks() (Greg Kroah-Hartman) - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (Steffen Maier) - s390/hypfs: include z/VM guests with access control group set (Vasily Gorbik) - Bluetooth: refactor malicious adv data check (Brian Gix) - Linux 4.14.264 (Greg Kroah-Hartman) - can: bcm: fix UAF of bcm op (Ziyang Xuan) - Linux 4.14.263 (Greg Kroah-Hartman) - gianfar: fix jumbo packets+napi+rx overrun crash (Michael Braun) - gianfar: simplify FCS handling and fix memory leak (Andy Spencer) - drm/ttm/nouveau: don't call tt destroy callback on alloc failure. (Dave Airlie) - mips,s390,sh,sparc: gup: Work around the 'COW can break either way' issue (Ben Hutchings) - lib82596: Fix IRQ check in sni_82596_probe (Miaoqian Lin) - scripts/dtc: dtx_diff: remove broken example from help text (Matthias Schiffer) - bcmgenet: add WOL IRQ check (Sergey Shtylyov) - net_sched: restore 'mpu xxx' handling (Kevin Bracey) - dmaengine: at_xdmac: Fix at_xdmac_lld struct definition (Tudor Ambarus) - dmaengine: at_xdmac: Fix lld view setting (Tudor Ambarus) - dmaengine: at_xdmac: Print debug message after realeasing the lock (Tudor Ambarus) - dmaengine: at_xdmac: Don't start transactions at tx_submit level (Tudor Ambarus) - libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() (Guillaume Nault) - netns: add schedule point in ops_exit_list() (Eric Dumazet) - net: axienet: fix number of TX ring slots for available check (Robert Hancock) - net: axienet: Wait for PhyRstCmplt after core reset (Robert Hancock) - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (Eric Dumazet) - parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries (Miaoqian Lin) - net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (Tobias Waldekranz) - powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses (Tobias Waldekranz) - powerpc/cell: Fix clang -Wimplicit-fallthrough warning (Anders Roxell) - RDMA/rxe: Fix a typo in opcode name (Chengguang Xu) - RDMA/hns: Modify the mapping attribute of doorbell to device (Yixing Liu) - Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization (Lukas Bulwahn) - firmware: Update Kconfig help text for Google firmware (Ben Hutchings) - drm/radeon: fix error handling in radeon_driver_open_kms (Christian Konig) - crypto: stm32/crc32 - Fix kernel BUG triggered in probe() (Marek Vasut) - ext4: don't use the orphan list when migrating an inode (Theodore Ts'o) - ext4: Fix BUG_ON in ext4_bread when write quota data (Ye Bin) - ext4: set csum seed in tmp inode while migrating to extents (Luis Henriques) - ext4: make sure quota gets properly shutdown on error (Jan Kara) - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (Ilan Peer) - cputime, cpuacct: Include guest time in user time in cpuacct.stat (Andrey Ryabinin) - serial: Fix incorrect rs485 polarity on uart open (Lukas Wunner) - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (Petr Cvachoucek) - power: bq25890: Enable continuous conversion for ADC at charging (Yauhen Kharuzhy) - ASoC: mediatek: mt8173: fix device_node leak (Tzung-Bi Shih) - scsi: sr: Don't use GFP_DMA (Christoph Hellwig) - MIPS: Octeon: Fix build errors using clang (Tianjia Zhang) - i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (Lakshmi Sowjanya D) - MIPS: OCTEON: add put_device() after of_find_device_by_node() (Ye Guojin) - ALSA: seq: Set upper limit of processed events (Takashi Iwai) - w1: Misuse of get_user()/put_user() reported by sparse (Christophe Leroy) - i2c: mpc: Correct I2C reset procedure (Joakim Tjernlund) - powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING (Michael Ellerman) - i2c: i801: Don't silently correct invalid transfer size (Heiner Kallweit) - powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (Nicholas Piggin) - powerpc/btext: add missing of_node_put (Julia Lawall) - powerpc/cell: add missing of_node_put (Julia Lawall) - powerpc/powernv: add missing of_node_put (Julia Lawall) - powerpc/6xx: add missing of_node_put (Julia Lawall) - parisc: Avoid calling faulthandler_disabled() twice (John David Anglin) - serial: core: Keep mctrl register state and cached copy in sync (Lukas Wunner) - serial: pl010: Drop CR register reset on set_termios (Lukas Wunner) - net: phy: marvell: configure RGMII delays for 88E1118 (Russell King (Oracle)) - dm space map common: add bounds check to sm_ll_lookup_bitmap() (Joe Thornber) - dm btree: add a defensive bounds check to insert_at() (Joe Thornber) - mac80211: allow non-standard VHT MCS-10/11 (Ping-Ke Shih) - net: mdio: Demote probed message to debug print (Florian Fainelli) - btrfs: remove BUG_ON(!eie) in find_parent_nodes (Josef Bacik) - btrfs: remove BUG_ON() in find_parent_nodes() (Josef Bacik) - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (Kirill A. Shutemov) - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (Rafael J. Wysocki) - ACPICA: Utilities: Avoid deleting the same object twice in a row (Rafael J. Wysocki) - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (Mark Langsdorf) - jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (Kyeong Yoo) - um: registers: Rename function names to avoid conflicts and build problems (Randy Dunlap) - iwlwifi: remove module loading failure message (Johannes Berg) - iwlwifi: fix leaks/bad data after failed firmware load (Johannes Berg) - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (Zekun Shen) - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (Kai-Heng Feng) - arm64: tegra: Adjust length of CCPLEX cluster MMIO region (Thierry Reding) - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (Ulf Hansson) - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang) - media: igorplugusb: receiver overflow should be reported (Sean Young) - bpf: Do not WARN in bpf_warn_invalid_xdp_action() (Paolo Abeni) - net: bonding: debug: avoid printing debug logs when bond is not notifying peers (Suresh Kumar) - ath10k: Fix tx hanging (Sebastian Gottschall) - iwlwifi: mvm: synchronize with FW after multicast commands (Johannes Berg) - media: m920x: don't use stack on USB reads (Mauro Carvalho Chehab) - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang) - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds. (James Hilliard) - floppy: Add max size check for user space request (Xiongwei Song) - usb: uhci: add aspeed ast2600 uhci support (Neal Liu) - mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (Zekun Shen) - HSI: core: Fix return freed object in hsi_new_client (Chengfeng Ye) - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (Hans de Goede) - drm/bridge: megachips: Ensure both bridges are probed before registration (Martyn Welch) - mlxsw: pci: Add shutdown method in PCI driver (Danielle Ratson) - media: b2c2: Add missing check in flexcop_pci_isr: (Zheyu Ma) - HID: apple: Do not reset quirks when the Fn key is not found (Jose Exposito) - usb: gadget: f_fs: Use stream_open() for endpoint files (Pavankumar Kondeti) - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (Ben Skeggs) - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (Zekun Shen) - fs: dlm: filter user dlm messages for kernel locks (Alexander Aring) - Bluetooth: Fix debugfs entry leak in hci_register_dev() (Wei Yongjun) - RDMA/cxgb4: Set queue pair state when being queried (Kamal Heib) - mips: bcm63xx: add support for clk_set_parent() (Randy Dunlap) - mips: lantiq: add support for clk_set_parent() (Randy Dunlap) - misc: lattice-ecp3-config: Fix task hung when firmware load failed (Wei Yongjun) - ASoC: samsung: idma: Check of ioremap return value (Jiasheng Jiang) - iommu/iova: Fix race between FQ timeout and teardown (Xiongfeng Wang) - dmaengine: pxa/mmp: stop referencing config->slave_id (Arnd Bergmann) - RDMA/core: Let ib_find_gid() continue search even after empty entry (Avihai Horon) - scsi: ufs: Fix race conditions related to driver data (Bart Van Assche) - char/mwave: Adjust io port register size (Kees Cook) - ALSA: oss: fix compile error when OSS_DEBUG is enabled (Bixuan Cui) - powerpc/prom_init: Fix improper check of prom_getprop() (Peiwei Hu) - RDMA/hns: Validate the pkey index (Kamal Heib) - ALSA: hda: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) - ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) - ALSA: jack: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) - ext4: avoid trim error on fs with small groups (Jan Kara) - net: mcs7830: handle usb read errors properly (Pavel Skripkin) - pcmcia: fix setting of kthread task states (Dominik Brodowski) - can: xilinx_can: xcan_probe(): check for error irq (Jiasheng Jiang) - can: softing: softing_startstop(): fix set but not used variable warning (Marc Kleine-Budde) - tpm: add request_locality before write TPM_INT_ENABLE (Chen Jun) - spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe (Miaoqian Lin) - fsl/fman: Check for null pointer after calling devm_ioremap (Jiasheng Jiang) - ppp: ensure minimum packet size in ppp_write() (Eric Dumazet) - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() (Zhou Qingyang) - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() (Zhou Qingyang) - x86/mce/inject: Avoid out-of-bounds write when setting flags (Zhang Zixun) - usb: ftdi-elan: fix memory leak on device disconnect (Wei Yongjun) - media: msi001: fix possible null-ptr-deref in msi001_probe() (Wang Hai) - media: dw2102: Fix use after free (Anton Vasilyev) - sched/rt: Try to restart rt period timer when rt runtime exceeded (Li Hua) - media: si2157: Fix 'warm' tuner state detection (Robert Schlabbach) - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (Zhou Qingyang) - media: dib8000: Fix a memleak in dib8000_init() (Zhou Qingyang) - floppy: Fix hang in watchdog when disk is ejected (Tasos Sahanidis) - serial: amba-pl011: do not request memory region twice (Lino Sanfilippo) - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (Zhou Qingyang) - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (Zhou Qingyang) - arm64: dts: qcom: msm8916: fix MMC controller aliases (Dmitry Baryshkov) - netfilter: bridge: add support for pppoe filtering (Florian Westphal) - media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released (Dafna Hirschfeld) - tty: serial: atmel: Call dma_async_issue_pending() (Tudor Ambarus) - tty: serial: atmel: Check return code of dmaengine_submit() (Tudor Ambarus) - crypto: qce - fix uaf on qce_ahash_register_one (Chengfeng Ye) - media: dmxdev: fix UAF when dvb_register_device() fails (Wang Hai) - Bluetooth: stop proccessing malicious adv data (Pavel Skripkin) - media: em28xx: fix memory leak in em28xx_init_dev (Dongliang Mu) - wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND (Bryan O'Donoghue) - clk: bcm-2835: Remove rounding up the dividers (Maxime Ripard) - clk: bcm-2835: Pick the closest clock rate (Maxime Ripard) - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (Wang Hai) - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (Yifeng Li) - shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode (Gang Li) - can: softing_cs: softingcs_probe(): fix memleak on registration failure (Johan Hovold) - media: stk1160: fix control-message timeouts (Johan Hovold) - media: pvrusb2: fix control-message timeouts (Johan Hovold) - media: redrat3: fix control-message timeouts (Johan Hovold) - media: dib0700: fix undefined behavior in tuner shutdown (Michael Kuron) - media: s2255: fix control-message timeouts (Johan Hovold) - media: cpia2: fix control-message timeouts (Johan Hovold) - media: em28xx: fix control-message timeouts (Johan Hovold) - media: mceusb: fix control-message timeouts (Johan Hovold) - media: flexcop-usb: fix control-message timeouts (Johan Hovold) - rtc: cmos: take rtc_lock while reading from CMOS (Mateusz Jonczyk) - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (Krzysztof Kozlowski) - HID: wacom: Avoid using stale array indicies to read contact count (Jason Gerecke) - HID: wacom: Ignore the confidence flag when a touch is removed (Jason Gerecke) - HID: uhid: Fix worker destroying device without any protection (Jann Horn) - Bluetooth: fix init and cleanup of sco_conn.timeout_work (Desmond Cheong Zhi Xi) - Bluetooth: schedule SCO timeouts with delayed_work (Desmond Cheong Zhi Xi) - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (Larry Finger) - media: uvcvideo: fix division by zero at stream start (Johan Hovold) - orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (Christophe JAILLET) - drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (Nathan Chancellor) - staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() (Nathan Chancellor) - random: fix data race on crng init time (Eric Biggers) - random: fix data race on crng_node_pool (Eric Biggers) - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (Brian Silverman) - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (Marc Kleine-Budde) - mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() (Andy Shevchenko) - USB: Fix 'slab-out-of-bounds Write' bug in usb_hcd_poll_rh_status (Alan Stern) - USB: core: Fix bug in resuming hub's handling of wakeup requests (Alan Stern) - Bluetooth: bfusb: fix division by zero in send path (Johan Hovold) - Linux 4.14.262 (Greg Kroah-Hartman) - mISDN: change function names to avoid conflicts (wolfgang huang) - net: udp: fix alignment problem in udp4_seq_show() (yangxingwu) - ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate (William Zhao) - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (Lixiaokeng) - ipv6: Do cleanup if attribute validation fails in multipath route (David Ahern) - ipv6: Continue processing multipath route even if gateway attribute is invalid (David Ahern) - phonet: refcount leak in pep_sock_accep (Hangyu Hua) - rndis_host: support Hytera digital radios (Thomas Toye) - power: reset: ltc2952: Fix use of floating point literals (Nathan Chancellor) - sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc (Eric Dumazet) - ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route (David Ahern) - ipv6: Check attribute length for RTA_GATEWAY in multipath route (David Ahern) - i40e: Fix incorrect netdev's real number of RX/TX queues (Jedrzej Jagielski) - i40e: fix use-after-free in i40e_sync_filters_subtask() (Di Zhu) - mac80211: initialize variable have_higher_than_11mbit (Tom Rix) - RDMA/core: Don't infoleak GRH fields (Leon Romanovsky) - ieee802154: atusb: fix uninit value in atusb_set_extended_addr (Pavel Skripkin) - virtio_pci: Support surprise removal of virtio pci device (Parav Pandit) - tracing: Tag trace_percpu_buffer as a percpu pointer (Naveen N. Rao) - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (Naveen N. Rao) - Bluetooth: btusb: Apply QCA Rome patches for some ATH3012 models (Takashi Iwai) [4.14.35-2047.512.3.el7] - lib/timerqueue: Rely on rbtree semantics for next timer (Davidlohr Bueso) [Orabug: 33406086] {CVE-2021-20317} - rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940520] - uek-rpm: remove uek-rpm/ol8 (John Donnelly) [Orabug: 33665655] - uek-rpm: Enable config CONFIG_SCSI_MQ_DEFAULT (Saeed Mirzamohammadi) [Orabug: 33973455] - sched: restore the sliding search window for select_idle_cpu() (Libo Chen) [Orabug: 33965297] - NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958155] {CVE-2022-24448} - Linux 4.14.261 (Greg Kroah-Hartman) - sctp: use call_rcu to free endpoint (Xin Long) - net: fix use-after-free in tw_timer_handler (Muchun Song) - Input: spaceball - fix parsing of movement data packets (Leo L. Schwab) - Input: appletouch - initialize work before device registration (Pavel Skripkin) - binder: fix async_free_space accounting for empty parcels (Todd Kjos) - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. (Vincent Pelletier) - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. (Mathias Nyman) - uapi: fix linux/nfc.h userspace compilation errors (Dmitry V. Levin) - nfc: uapi: use kernel size_t to fix user-space builds (Krzysztof Kozlowski) - fsl/fman: Fix missing put_device() call in fman_port_probe (Miaoqian Lin) - NFC: st21nfca: Fix memory leak in device probe and remove (Wei Yongjun) - net: usb: pegasus: Do not drop long Ethernet frames (Matthias-Christian Ott) - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (Dan Carpenter) - selinux: initialize proto variable in selinux_ip_postroute_compat() (Tom Rix) - recordmcount.pl: fix typo in s390 mcount regex (Heiko Carstens) - platform/x86: apple-gmux: use resource_size() with res (Wang Qing) - HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option (Hans de Goede) - Linux 4.14.260 (Greg Kroah-Hartman) - phonet/pep: refuse to enable an unbound pipe (Remi Denis-Courmont) - hamradio: improve the incomplete fix to avoid NPD (Lin Ma) - hamradio: defer ax25 kfree after unregister_netdev (Lin Ma) - ax25: NPD bug when detaching AX25 device (Lin Ma) - hwmon: (lm90) Do not report 'busy' status bit as alarm (Guenter Roeck) - KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (Sean Christopherson) - usb: gadget: u_ether: fix race in setting MAC address in setup phase (Marian Postevca) - f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() (Chao Yu) - ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (Ard Biesheuvel) - pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines (Fabien Dessenne) - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (Andrew Cooper) - Input: atmel_mxt_ts - fix double free in mxt_read_info_block (Jose Exposito) - ALSA: drivers: opl3: Fix incorrect use of vp->state (Colin Ian King) - ALSA: jack: Check the return value of kstrdup() (Xiaoke Wang) - hwmon: (lm90) Fix usage of CONFIG2 register in detect function (Guenter Roeck) - sfc: falcon: Check null pointer of rx_queue->page_ring (Jiasheng Jiang) - drivers: net: smc911x: Check for error irq (Jiasheng Jiang) - fjes: Check for error irq (Jiasheng Jiang) - bonding: fix ad_actor_system option setting to default (Fernando Fernandez Mancera) - net: skip virtio_net_hdr_set_proto if protocol already set (Willem de Bruijn) - qlcnic: potential dereference null pointer of rx_queue->page_ring (Jiasheng Jiang) - spi: change clk_disable_unprepare to clk_unprepare (Dongliang Mu) - HID: holtek: fix mouse probing (Benjamin Tissoires) - can: kvaser_usb: get CAN clock frequency from device (Jimmy Assarsson) - net: usb: lan78xx: add Allied Telesis AT29M2-AF (Greg Jesionowski) - x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33937656] {CVE-2021-26401} - Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Fix bug in retpoline mode on AMD with 'spectre_v2=none' (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401} - ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925502] - ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516} - ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516} - lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33910800] {CVE-2022-0847} - x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33890092] - udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870267] {CVE-2022-0617} - udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870267] {CVE-2022-0617} - scsi: libiscsi: Hold back_lock when calling iscsi_complete_task (Gulam Mohamed) [Orabug: 33851182] - drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840433] {CVE-2022-22942} - drm/i915: Flush TLBs before releasing backing store (Tvrtko Ursulin) [Orabug: 33835811] {CVE-2022-0330} - proc/vmcore: fix clearing user buffer by properly using clear_user() (David Hildenbrand) [Orabug: 33832650] - rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820767] - rds: ib: Make selection of completion_vector QoS aware (Hakon Bugge) [Orabug: 33819408] - Enable CONFIG_DM_DUST and nano for UEK5 (Gulam Mohamed) [Orabug: 33653698] - dm dust: use dust block size for badblocklist index (Bryan Gurney) [Orabug: 33653698] - dm dust: Make dm_dust_init and dm_dust_exit static (YueHaibing) [Orabug: 33653698] - dm dust: remove redundant unsigned comparison to less than zero (Colin Ian King) [Orabug: 33653698] - dm: add dust target (Bryan Gurney) [Orabug: 33653698] - hugetlbfs: flush TLBs correctly after huge_pmd_unshare (Nadav Amit) [Orabug: 33617219] {CVE-2021-4002} - rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820747] - uek-rpm: Add missing symbols to kabi_lockedlist (Stephen Brennan) [Orabug: 33871558] [4.14.35-2047.512.1.el7] - Revert 'stable: clamp SUBLEVEL in 4.14' (Alan Maguire) [Orabug: 33861950] - tipc: improve size validations for received domain records (Jon Maloy) [Orabug: 33850803] {CVE-2022-0435} - cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33825688] {CVE-2022-0492} - blk-stat: delete useless code (Shaohua Li) [Orabug: 33772945] - DMA/rxe: Update default value of RXE_MAX_PDN (Rao Shoaib) [Orabug: 33676598] [4.14.35-2047.512.0.el7] - bpf: Disallow unprivileged bpf by default (Pawan Gupta) [Orabug: 33734682] - bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33734682] - RDMA/rxe: Use correct sizing on buffers holding page DMA addresses (Shiraz Saleem) [Orabug: 33676942] - hwmon: (k10temp) Add support for Zen3 CPUs (Rahul Rohit) [Orabug: 33782835] - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (Ard Biesheuvel) [Orabug: 33787546] - uek-rpm: Pensando: Enable Elba EDAC (Dave Kleikamp) [Orabug: 33831294] - dsc-drivers: update for 1.15.9-C-64 (Dave Kleikamp) [Orabug: 33831294] - drivers/hwmon: Adding support LTC3888 (David Clear) [Orabug: 33831294] - drivers/edac: Add Elba EDAC support (David Clear) [Orabug: 33831294] - arm64/configs: Remove CONFIG_PENSANDO_SOC_CAPMEM_HUGEPAGE (David Clear) [Orabug: 33831294] - drivers/soc/pensando: Add reset cause driver (David Clear) [Orabug: 33831294] - net/rds: Fix memory leak in __rds_conn_create() on alloc_ordered_workqueue fail (Freddy Carrillo) [Orabug: 33811475] - x86/smpboot: check cpu_initialized_mask first after returning from schedule() (Dongli Zhang) [Orabug: 33544127] - Linux 4.14.259 (Greg Kroah-Hartman) - xen/console: harden hvc_xen against event channel storms (Juergen Gross) - Input: touchscreen - avoid bitwise vs logical OR warning (Nathan Chancellor) - ARM: 8800/1: use choice for kernel unwinders (Stefan Agner) - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (Nathan Chancellor) - ARM: 8805/2: remove unneeded naked function usage (Nicolas Pitre) - net: lan78xx: Avoid unnecessary self assignment (Nathan Chancellor) - fuse: annotate lock in fuse_reverse_inval_entry() (Miklos Szeredi) - ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (Fabio Estevam) - firmware: arm_scpi: Fix string overflow in SCPI genpd driver (Sudeep Holla) - net: systemport: Add global locking for descriptor lifecycle (Florian Fainelli) - libata: if T_LENGTH is zero, dma direction should be DMA_NONE (George Kennedy) - timekeeping: Really make sure wall_to_monotonic isn't positive (Yu Liao) - USB: serial: option: add Telit FN990 compositions (Daniele Palmas) - PCI/MSI: Mask MSI-X vectors only on success (Stefan Roese) - PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (Thomas Gleixner) - USB: gadget: bRequestType is a bitfield, not a enum (Greg Kroah-Hartman) - sit: do not call ipip6_dev_free() from sit_init_net() (Eric Dumazet) - net/packet: rx_owner_map depends on pg_vec (Willem de Bruijn) - ixgbe: set X550 MDIO speed before talking to PHY (Cyril Novikov) - igbvf: fix double free in 'igbvf_probe' (Letu Ren) - soc/tegra: fuse: Fix bitwise vs. logical OR warning (Nathan Chancellor) - dmaengine: st_fdma: fix MODULE_ALIAS (Alyssa Ross) - ARM: socfpga: dts: fix qspi node compatible (Dinh Nguyen) - x86/sme: Explicitly map new EFI memmap table as encrypted (Tom Lendacky) - nfsd: fix use-after-free due to delegation race (J. Bruce Fields) - audit: improve robustness of the audit queue handling (Paul Moore) - dm btree remove: fix use after free in rebalance_children() (Joe Thornber) - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (Jerome Marchand) - mac80211: send ADDBA requests using the tid/queue of the aggregation session (Felix Fietkau) - hwmon: (dell-smm) Fix warning on /proc/i8k creation error (Armin Wolf) - bpf: fix panic due to oob in bpf_prog_test_run_skb (Daniel Borkmann) - tracing: Fix a kmemleak false positive in tracing_map (Chen Jun) - net: netlink: af_netlink: Prevent empty skb by adding a check on len. (Harshit Mogalapalli) - i2c: rk3x: Handle a spurious start completion interrupt flag (Ondrej Jirman) - parisc/agp: Annotate parisc agp init functions with __init (Helge Deller) - net/mlx4_en: Update reported link modes for 1/10G (Erik Ekman) - drm/msm/dsi: set default num_data_lanes (Philip Chen) - nfc: fix segfault in nfc_genl_dump_devices_done (Tadeusz Struk) - Linux 4.14.258 (Greg Kroah-Hartman) - irqchip: nvic: Fix offset for Interrupt Priority Offsets (Vladimir Murzin) - irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL (Wudi Wang) - irqchip/armada-370-xp: Fix support for Multi-MSI interrupts (Pali Rohar) - irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() (Pali Rohar) - iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove (Yang Yingliang) - iio: adc: axp20x_adc: fix charging current reporting on AXP22x (Evgeny Boger) - iio: dln2: Check return value of devm_iio_trigger_register() (Lars-Peter Clausen) - iio: dln2-adc: Fix lockdep complaint (Noralf Tronnes) - iio: itg3200: Call iio_trigger_notify_done() on error (Lars-Peter Clausen) - iio: kxsd9: Don't return error code in trigger handler (Lars-Peter Clausen) - iio: ltr501: Don't return error code in trigger handler (Lars-Peter Clausen) - iio: mma8452: Fix trigger reference couting (Lars-Peter Clausen) - iio: stk3310: Don't return error code in interrupt handler (Lars-Peter Clausen) - iio: trigger: stm32-timer: fix MODULE_ALIAS (Alyssa Ross) - iio: trigger: Fix reference counting (Lars-Peter Clausen) - usb: core: config: using bit mask instead of individual bits (Pavel Hofman) - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending (Kai-Heng Feng) - usb: core: config: fix validation of wMaxPacketValue entries (Pavel Hofman) - USB: gadget: zero allocate endpoint 0 buffers (Greg Kroah-Hartman) - USB: gadget: detect too-big endpoint 0 requests (Greg Kroah-Hartman) - net/qla3xxx: fix an error code in ql_adapter_up() (Dan Carpenter) - net, neigh: clear whole pneigh_entry at alloc time (Eric Dumazet) - net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (Joakim Zhang) - net: altera: set a couple error code in probe() (Dan Carpenter) - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (Lee Jones) - qede: validate non LSO skb length (Manish Chopra) - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (Davidlohr Bueso) - signalfd: use wake_up_pollfree() (Eric Biggers) - binder: use wake_up_pollfree() (Eric Biggers) - wait: add wake_up_pollfree() (Eric Biggers) - libata: add horkage for ASMedia 1092 (Hannes Reinecke) - can: m_can: Disable and ignore ELO interrupt (Brian Silverman) - can: pch_can: pch_can_rx_normal: fix use after free (Vincent Mailhol) - tracefs: Have new files inherit the ownership of their parent (Steven Rostedt (VMware)) - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() (Takashi Iwai) - ALSA: pcm: oss: Limit the period size to 16MB (Takashi Iwai) - ALSA: pcm: oss: Fix negative period/buffer sizes (Takashi Iwai) - ALSA: ctl: Fix copy of updated id with element read/write (Alan Young) - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (Manjong Lee) - IB/hfi1: Correct guard on eager buffer deallocation (Mike Marciniszyn) - seg6: fix the iif in the IPv6 socket control block (Andrea Mayer) - nfp: Fix memory leak in nfp_cpp_area_cache_add() (Jianglei Nie) - bpf: Fix the off-by-two error in range markings (Maxim Mikityanskiy) - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (Krzysztof Kozlowski) - can: sja1000: fix use after free in ems_pcmcia_add_card() (Dan Carpenter) - HID: check for valid USB device for many HID drivers (Greg Kroah-Hartman) - HID: wacom: fix problems when device is not a valid USB device (Greg Kroah-Hartman) - HID: add USB_HID dependancy on some USB HID drivers (Greg Kroah-Hartman) - HID: add USB_HID dependancy to hid-chicony (Greg Kroah-Hartman) - HID: add USB_HID dependancy to hid-prodikeys (Greg Kroah-Hartman) - HID: add hid_is_usb() function to make it simpler for USB detection (Greg Kroah-Hartman) - Linux 4.14.257 (Greg Kroah-Hartman) {CVE-2021-38199} - parisc: Mark cr16 CPU clocksource unstable on all SMP machines (Helge Deller) - serial: core: fix transmit-buffer reset and memleak (Johan Hovold) - serial: pl011: Add ACPI SBSA UART match id (Pierre Gondois) - tty: serial: msm_serial: Deactivate RX DMA for polling support (Sven Eckelmann) - x86/64/mm: Map all kernel memory into trampoline_pgd (Joerg Roedel) - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (Badhri Jagan Sridharan) - xhci: Fix commad ring abort, write all 64 bits to CRCR register. (Mathias Nyman) - vgacon: Propagate console boot parameters before calling 'vc_resize' (Maciej W. Rozycki) - parisc: Fix 'make install' on newer debian releases (Helge Deller) - parisc: Fix KBUILD_IMAGE for self-extracting kernel (Helge Deller) - net/smc: Keep smc_close_final rc during active close (Tony Lu) - net/rds: correct socket tunable error in rds_tcp_tune() (William Kucharski) - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (Sven Schuchmann) - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (Zhou Qingyang) - siphash: use _unaligned version by default (Arnd Bergmann) - net: mpls: Fix notifications when deleting a device (Benjamin Poirier) - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (Zhou Qingyang) - natsemi: xtensa: fix section mismatch warnings (Randy Dunlap) - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (Baokun Li) - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (Baokun Li) - kprobes: Limit max data_size of the kretprobe instances (Masami Hiramatsu) - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (Stephen Suryaputra) - perf hist: Fix memory leak of a perf_hpp_fmt (Ian Rogers) - net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() (Teng Qi) - net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound (zhangyue) - ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (Teng Qi) - scsi: iscsi: Unblock session then wake up error handler (Mike Christie) - thermal: core: Reset previous low and high trip during thermal zone init (Manaf Meethalavalappu Pallikunhi) - btrfs: check-integrity: fix a warning on write caching disabled disk (Wang Yugui) - s390/setup: avoid using memblock_enforce_memory_limit (Vasily Gorbik) - platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep (Slark Xiao) - net: return correct error code (liuguoqiang) - NFSv42: Fix pagecache invalidation after COPY/CLONE (Benjamin Coddington) - ipc: WARN if trying to remove ipc object which is absent (Alexander Mikhalitsyn) - shm: extend forced shm destroy to support objects from several IPC nses (Alexander Mikhalitsyn) - tty: hvc: replace BUG_ON() with negative return value (Juergen Gross) - xen: sync include/xen/interface/io/ring.h with Xen's newest version (Juergen Gross) - fuse: release pipe buf after last use (Miklos Szeredi) - NFC: add NCI_UNREG flag to eliminate the race (Lin Ma) - arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (Marek Behun) - arm64: dts: marvell: armada-37xx: declare PCIe reset pin (Miquel Raynal) - pinctrl: armada-37xx: Correct PWM pins definitions (Marek Behun) - pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup (Gregory CLEMENT) - pinctrl: armada-37xx: Correct mpp definitions (Marek Behun) - PCI: aardvark: Fix checking for link up via LTSSM state (Pali Rohar) - PCI: aardvark: Fix link training (Pali Rohar) - PCI: aardvark: Fix PCIe Max Payload Size setting (Pali Rohar) - PCI: aardvark: Configure PCIe resources from 'ranges' DT property (Pali Rohar) - PCI: aardvark: Remove PCIe outbound window configuration (Evan Wang) - PCI: aardvark: Update comment about disabling link training (Pali Rohar) - PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() (Pali Rohar) - PCI: aardvark: Fix compilation on s390 (Pali Rohar) - PCI: aardvark: Don't touch PCIe registers if no card connected (Pali Rohar) - PCI: aardvark: Introduce an advk_pcie_valid_device() helper (Thomas Petazzoni) - PCI: aardvark: Indicate error in 'val' when config read fails (Pali Rohar) - PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros (Pali Rohar) - PCI: aardvark: Issue PERST via GPIO (Pali Rohar) - PCI: aardvark: Improve link training (Marek Behun) - PCI: aardvark: Train link immediately after enabling training (Pali Rohar) - PCI: aardvark: Wait for endpoint to be ready before training link (Remi Pommarel) - PCI: aardvark: Fix a leaked reference by adding missing of_node_put() (Wen Yang) - PCI: aardvark: Fix I/O space page leak (Sergei Shtylyov) - s390/mm: validate VMA in PGSTE manipulation functions (David Hildenbrand) - tracing: Check pid filtering when creating events (Steven Rostedt (VMware)) - vhost/vsock: fix incorrect used length reported to the guest (Stefano Garzarella) - net/smc: Don't call clcsock shutdown twice when smc shutdown (Tony Lu) - MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 (Huang Pei) - tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows (Eric Dumazet) - net/smc: Ensure the active closing peer first closes clcsock (Tony Lu) - ipv6: fix typos in __ip6_finish_output() (Eric Dumazet) - drm/vc4: fix error code in vc4_create_object() (Dan Carpenter) - scsi: mpt3sas: Fix kernel panic during drive powercycle test (Sreekanth Reddy) - ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (Takashi Iwai) - NFSv42: Don't fail clone() unless the OP_CLONE operation failed (Trond Myklebust) - net: ieee802154: handle iftypes as u32 (Alexander Aring) - ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) - ARM: dts: BCM5301X: Add interrupt properties to GPIO node (Florian Fainelli) - ARM: dts: BCM5301X: Fix I2C controller interrupt (Florian Fainelli) - netfilter: ipvs: Fix reuse connection if RS weight is 0 (yangxingwu) - tracing: Fix pid filtering when triggers are attached (Steven Rostedt (VMware)) - xen: detect uninitialized xenbus in xenbus_init (Stefano Stabellini) - xen: don't continue xenstore initialization in case of errors (Stefano Stabellini) - fuse: fix page stealing (Miklos Szeredi) - staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (Dan Carpenter) - HID: wacom: Use 'Confidence' flag to prevent reporting invalid contacts (Jason Gerecke) - media: cec: copy sequence field for the reply (Hans Verkuil) - ALSA: ctxfi: Fix out-of-range access (Takashi Iwai) - usb: hub: Fix locking issues with address0_mutex (Mathias Nyman) - usb: hub: Fix usb enumeration issue due to address0 race (Mathias Nyman) - USB: serial: option: add Fibocom FM101-GL variants (Mingjie Zhang) - USB: serial: option: add Telit LE910S1 0x9200 composition (Daniele Palmas) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-27666 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 7 [4.14.35-2047.513.2] - Revert 'rds/ib: recover rds connection from stuck tx path' (Nagappan Ramasamy Palaniappan) [Orabug: 34124234] [4.14.35-2047.513.1] - mm/page-writeback: Fix performance when BDI's share of ratio is 0. (Chi Wu) [Orabug: 34050050] - esp: Fix possible buffer overflow in ESP transformation (Steffen Klassert) [Orabug: 33997301] {CVE-2022-27666} [4.14.35-2047.513.0] - rds: ib: Initialize SG table properly (Hakon Bugge) [Orabug: 34031914] - rds: ib: Fix racy credit tracepoints (Hakon Bugge) [Orabug: 33980856] - net/rds: Fix math on error code (Freddy Carrillo) [Orabug: 33945366] - ice: Add E810-XXV pci device ids to UEK5 (John Donnelly) [Orabug: 33750110] [4.14.35-2047.512.6] - Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34039271] [4.14.35-2047.512.5] - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34012925] {CVE-2022-1016} - rds: Fix incorrect initialization order (Hakon Bugge) [Orabug: 33923372] - btrfs: unlock newly allocated extent buffer after error (Qu Wenruo) [Orabug: 33997138] {CVE-2021-4149} - sr9700: sanity check for packet length (Oliver Neukum) [Orabug: 33962706] {CVE-2022-26966} [4.14.35-2047.512.4] - Linux 4.14.265 (Greg Kroah-Hartman) - ext4: fix error handling in ext4_restore_inline_data() (Ritesh Harjani) - EDAC/xgene: Fix deferred probing (Sergey Shtylyov) - EDAC/altera: Fix deferred probing (Sergey Shtylyov) - rtc: cmos: Evaluate century appropriate (Riwen Lu) - selftests: futex: Use variable MAKE instead of make (Muhammad Usama Anjum) - nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. (Dai Ngo) - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (John Meneghini) - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (Miaoqian Lin) - drm/i915/overlay: Prevent divide by zero bugs in scaling (Dan Carpenter) - net: macsec: Verify that send_sci is on when setting Tx sci explicitly (Lior Nahmanson) - net: ieee802154: Return meaningful error codes from the netlink helpers (Miquel Raynal) - net: ieee802154: ca8210: Stop leaking skb's (Miquel Raynal) - spi: meson-spicc: add IRQ check in meson_spicc_probe (Miaoqian Lin) - spi: mediatek: Avoid NULL pointer crash in interrupt (Benjamin Gaignard) - spi: bcm-qspi: check for valid cs before applying chip select (Kamal Dasu) - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (Joerg Roedel) - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (Guoqing Jiang) - RDMA/mlx4: Don't continue event handler after memory allocation failure (Leon Romanovsky) - block: bio-integrity: Advance seed correctly for larger interval sizes (Martin K. Petersen) - drm/nouveau: fix off by one in BIOS boundary checking (Nick Lopez) - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (Mark Brown) - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (Mark Brown) - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (Mark Brown) - audit: improve audit queue handling when 'audit=1' on cmdline (Paul Moore) - af_packet: fix data-race in packet_setsockopt / packet_setsockopt (Eric Dumazet) - rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (Eric Dumazet) - net: amd-xgbe: Fix skb data length underflow (Shyam Sundar S K) - net: amd-xgbe: ensure to reset the tx_timer_active flag (Raju Rangoju) - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (Georgi Valkov) - netfilter: nat: limit port clash resolution attempts (Florian Westphal) - netfilter: nat: remove l4 protocol port rovers (Florian Westphal) - bpf: fix truncated jump targets on heavy expansions (Daniel Borkmann) - ipv4: raw: lock the socket in raw_bind() (Eric Dumazet) - yam: fix a memory leak in yam_siocdevprivate() (Hangyu Hua) - ibmvnic: don't spin in tasklet (Sukadev Bhattiprolu) - drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (Jose Exposito) - drm/msm: Fix wrong size calculation (Xianting Tian) - net-procfs: show net devices bound packet types (Jianguo Wu) - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (Trond Myklebust) - hwmon: (lm90) Reduce maximum conversion rate for G781 (Guenter Roeck) - ping: fix the sk_bound_dev_if match in ping_lookup (Xin Long) - net: fix information leakage in /proc/net/ptype (Saeed Mirzamohammadi) - ipv6_tunnel: Rate limit warning messages (Ido Schimmel) - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (John Meneghini) - rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (Matthias Kaehlcke) - rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (Sujit Kautkar) - i40e: fix unsigned stat widths (Joe Damato) - i40e: Increase delay to 1 s after global EMP reset (Jedrzej Jagielski) - lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() (Christophe Leroy) - powerpc/32: Fix boot failure with GCC latent entropy plugin (Christophe Leroy) - net: sfp: ignore disabled SFP node (Marek Behun) - usb: typec: tcpm: Do not disconnect while receiving VBUS off (Badhri Jagan Sridharan) - USB: core: Fix hang in usb_kill_urb by adding memory barriers (Alan Stern) - usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (Pavankumar Kondeti) - usb: common: ulpi: Fix crash in ulpi_match() (Jon Hunter) - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (Alan Stern) - tty: Add support for Brainboxes UC cards. (Cameron Williams) - tty: n_gsm: fix SW flow control encoding/handling (daniel.starke@siemens.com) - serial: stm32: fix software flow control transfer (Valentin Caron) - netfilter: nft_payload: do not update layer 4 checksum when mangling fragments (Pablo Neira Ayuso) - PM: wakeup: simplify the output logic of pm_show_wakelocks() (Greg Kroah-Hartman) - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (Steffen Maier) - s390/hypfs: include z/VM guests with access control group set (Vasily Gorbik) - Bluetooth: refactor malicious adv data check (Brian Gix) - Linux 4.14.264 (Greg Kroah-Hartman) - can: bcm: fix UAF of bcm op (Ziyang Xuan) - Linux 4.14.263 (Greg Kroah-Hartman) - gianfar: fix jumbo packets+napi+rx overrun crash (Michael Braun) - gianfar: simplify FCS handling and fix memory leak (Andy Spencer) - drm/ttm/nouveau: don't call tt destroy callback on alloc failure. (Dave Airlie) - mips,s390,sh,sparc: gup: Work around the 'COW can break either way' issue (Ben Hutchings) - lib82596: Fix IRQ check in sni_82596_probe (Miaoqian Lin) - scripts/dtc: dtx_diff: remove broken example from help text (Matthias Schiffer) - bcmgenet: add WOL IRQ check (Sergey Shtylyov) - net_sched: restore 'mpu xxx' handling (Kevin Bracey) - dmaengine: at_xdmac: Fix at_xdmac_lld struct definition (Tudor Ambarus) - dmaengine: at_xdmac: Fix lld view setting (Tudor Ambarus) - dmaengine: at_xdmac: Print debug message after realeasing the lock (Tudor Ambarus) - dmaengine: at_xdmac: Don't start transactions at tx_submit level (Tudor Ambarus) - libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() (Guillaume Nault) - netns: add schedule point in ops_exit_list() (Eric Dumazet) - net: axienet: fix number of TX ring slots for available check (Robert Hancock) - net: axienet: Wait for PhyRstCmplt after core reset (Robert Hancock) - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (Eric Dumazet) - parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries (Miaoqian Lin) - net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (Tobias Waldekranz) - powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses (Tobias Waldekranz) - powerpc/cell: Fix clang -Wimplicit-fallthrough warning (Anders Roxell) - RDMA/rxe: Fix a typo in opcode name (Chengguang Xu) - RDMA/hns: Modify the mapping attribute of doorbell to device (Yixing Liu) - Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization (Lukas Bulwahn) - firmware: Update Kconfig help text for Google firmware (Ben Hutchings) - drm/radeon: fix error handling in radeon_driver_open_kms (Christian Konig) - crypto: stm32/crc32 - Fix kernel BUG triggered in probe() (Marek Vasut) - ext4: don't use the orphan list when migrating an inode (Theodore Ts'o) - ext4: Fix BUG_ON in ext4_bread when write quota data (Ye Bin) - ext4: set csum seed in tmp inode while migrating to extents (Luis Henriques) - ext4: make sure quota gets properly shutdown on error (Jan Kara) - iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (Ilan Peer) - cputime, cpuacct: Include guest time in user time in cpuacct.stat (Andrey Ryabinin) - serial: Fix incorrect rs485 polarity on uart open (Lukas Wunner) - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (Petr Cvachoucek) - power: bq25890: Enable continuous conversion for ADC at charging (Yauhen Kharuzhy) - ASoC: mediatek: mt8173: fix device_node leak (Tzung-Bi Shih) - scsi: sr: Don't use GFP_DMA (Christoph Hellwig) - MIPS: Octeon: Fix build errors using clang (Tianjia Zhang) - i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (Lakshmi Sowjanya D) - MIPS: OCTEON: add put_device() after of_find_device_by_node() (Ye Guojin) - ALSA: seq: Set upper limit of processed events (Takashi Iwai) - w1: Misuse of get_user()/put_user() reported by sparse (Christophe Leroy) - i2c: mpc: Correct I2C reset procedure (Joakim Tjernlund) - powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING (Michael Ellerman) - i2c: i801: Don't silently correct invalid transfer size (Heiner Kallweit) - powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (Nicholas Piggin) - powerpc/btext: add missing of_node_put (Julia Lawall) - powerpc/cell: add missing of_node_put (Julia Lawall) - powerpc/powernv: add missing of_node_put (Julia Lawall) - powerpc/6xx: add missing of_node_put (Julia Lawall) - parisc: Avoid calling faulthandler_disabled() twice (John David Anglin) - serial: core: Keep mctrl register state and cached copy in sync (Lukas Wunner) - serial: pl010: Drop CR register reset on set_termios (Lukas Wunner) - net: phy: marvell: configure RGMII delays for 88E1118 (Russell King (Oracle)) - dm space map common: add bounds check to sm_ll_lookup_bitmap() (Joe Thornber) - dm btree: add a defensive bounds check to insert_at() (Joe Thornber) - mac80211: allow non-standard VHT MCS-10/11 (Ping-Ke Shih) - net: mdio: Demote probed message to debug print (Florian Fainelli) - btrfs: remove BUG_ON(!eie) in find_parent_nodes (Josef Bacik) - btrfs: remove BUG_ON() in find_parent_nodes() (Josef Bacik) - ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (Kirill A. Shutemov) - ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (Rafael J. Wysocki) - ACPICA: Utilities: Avoid deleting the same object twice in a row (Rafael J. Wysocki) - ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (Mark Langsdorf) - jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (Kyeong Yoo) - um: registers: Rename function names to avoid conflicts and build problems (Randy Dunlap) - iwlwifi: remove module loading failure message (Johannes Berg) - iwlwifi: fix leaks/bad data after failed firmware load (Johannes Berg) - ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (Zekun Shen) - usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (Kai-Heng Feng) - arm64: tegra: Adjust length of CCPLEX cluster MMIO region (Thierry Reding) - mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (Ulf Hansson) - media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang) - media: igorplugusb: receiver overflow should be reported (Sean Young) - bpf: Do not WARN in bpf_warn_invalid_xdp_action() (Paolo Abeni) - net: bonding: debug: avoid printing debug logs when bond is not notifying peers (Suresh Kumar) - ath10k: Fix tx hanging (Sebastian Gottschall) - iwlwifi: mvm: synchronize with FW after multicast commands (Johannes Berg) - media: m920x: don't use stack on USB reads (Mauro Carvalho Chehab) - media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (Zhou Qingyang) - media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds. (James Hilliard) - floppy: Add max size check for user space request (Xiongwei Song) - usb: uhci: add aspeed ast2600 uhci support (Neal Liu) - mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (Zekun Shen) - HSI: core: Fix return freed object in hsi_new_client (Chengfeng Ye) - gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (Hans de Goede) - drm/bridge: megachips: Ensure both bridges are probed before registration (Martyn Welch) - mlxsw: pci: Add shutdown method in PCI driver (Danielle Ratson) - media: b2c2: Add missing check in flexcop_pci_isr: (Zheyu Ma) - HID: apple: Do not reset quirks when the Fn key is not found (Jose Exposito) - usb: gadget: f_fs: Use stream_open() for endpoint files (Pavankumar Kondeti) - drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (Ben Skeggs) - ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (Zekun Shen) - fs: dlm: filter user dlm messages for kernel locks (Alexander Aring) - Bluetooth: Fix debugfs entry leak in hci_register_dev() (Wei Yongjun) - RDMA/cxgb4: Set queue pair state when being queried (Kamal Heib) - mips: bcm63xx: add support for clk_set_parent() (Randy Dunlap) - mips: lantiq: add support for clk_set_parent() (Randy Dunlap) - misc: lattice-ecp3-config: Fix task hung when firmware load failed (Wei Yongjun) - ASoC: samsung: idma: Check of ioremap return value (Jiasheng Jiang) - iommu/iova: Fix race between FQ timeout and teardown (Xiongfeng Wang) - dmaengine: pxa/mmp: stop referencing config->slave_id (Arnd Bergmann) - RDMA/core: Let ib_find_gid() continue search even after empty entry (Avihai Horon) - scsi: ufs: Fix race conditions related to driver data (Bart Van Assche) - char/mwave: Adjust io port register size (Kees Cook) - ALSA: oss: fix compile error when OSS_DEBUG is enabled (Bixuan Cui) - powerpc/prom_init: Fix improper check of prom_getprop() (Peiwei Hu) - RDMA/hns: Validate the pkey index (Kamal Heib) - ALSA: hda: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) - ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) - ALSA: jack: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) - ext4: avoid trim error on fs with small groups (Jan Kara) - net: mcs7830: handle usb read errors properly (Pavel Skripkin) - pcmcia: fix setting of kthread task states (Dominik Brodowski) - can: xilinx_can: xcan_probe(): check for error irq (Jiasheng Jiang) - can: softing: softing_startstop(): fix set but not used variable warning (Marc Kleine-Budde) - tpm: add request_locality before write TPM_INT_ENABLE (Chen Jun) - spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe (Miaoqian Lin) - fsl/fman: Check for null pointer after calling devm_ioremap (Jiasheng Jiang) - ppp: ensure minimum packet size in ppp_write() (Eric Dumazet) - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() (Zhou Qingyang) - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() (Zhou Qingyang) - x86/mce/inject: Avoid out-of-bounds write when setting flags (Zhang Zixun) - usb: ftdi-elan: fix memory leak on device disconnect (Wei Yongjun) - media: msi001: fix possible null-ptr-deref in msi001_probe() (Wang Hai) - media: dw2102: Fix use after free (Anton Vasilyev) - sched/rt: Try to restart rt period timer when rt runtime exceeded (Li Hua) - media: si2157: Fix 'warm' tuner state detection (Robert Schlabbach) - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (Zhou Qingyang) - media: dib8000: Fix a memleak in dib8000_init() (Zhou Qingyang) - floppy: Fix hang in watchdog when disk is ejected (Tasos Sahanidis) - serial: amba-pl011: do not request memory region twice (Lino Sanfilippo) - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (Zhou Qingyang) - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (Zhou Qingyang) - arm64: dts: qcom: msm8916: fix MMC controller aliases (Dmitry Baryshkov) - netfilter: bridge: add support for pppoe filtering (Florian Westphal) - media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released (Dafna Hirschfeld) - tty: serial: atmel: Call dma_async_issue_pending() (Tudor Ambarus) - tty: serial: atmel: Check return code of dmaengine_submit() (Tudor Ambarus) - crypto: qce - fix uaf on qce_ahash_register_one (Chengfeng Ye) - media: dmxdev: fix UAF when dvb_register_device() fails (Wang Hai) - Bluetooth: stop proccessing malicious adv data (Pavel Skripkin) - media: em28xx: fix memory leak in em28xx_init_dev (Dongliang Mu) - wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND (Bryan O'Donoghue) - clk: bcm-2835: Remove rounding up the dividers (Maxime Ripard) - clk: bcm-2835: Pick the closest clock rate (Maxime Ripard) - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (Wang Hai) - PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (Yifeng Li) - shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode (Gang Li) - can: softing_cs: softingcs_probe(): fix memleak on registration failure (Johan Hovold) - media: stk1160: fix control-message timeouts (Johan Hovold) - media: pvrusb2: fix control-message timeouts (Johan Hovold) - media: redrat3: fix control-message timeouts (Johan Hovold) - media: dib0700: fix undefined behavior in tuner shutdown (Michael Kuron) - media: s2255: fix control-message timeouts (Johan Hovold) - media: cpia2: fix control-message timeouts (Johan Hovold) - media: em28xx: fix control-message timeouts (Johan Hovold) - media: mceusb: fix control-message timeouts (Johan Hovold) - media: flexcop-usb: fix control-message timeouts (Johan Hovold) - rtc: cmos: take rtc_lock while reading from CMOS (Mateusz Jonczyk) - nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (Krzysztof Kozlowski) - HID: wacom: Avoid using stale array indicies to read contact count (Jason Gerecke) - HID: wacom: Ignore the confidence flag when a touch is removed (Jason Gerecke) - HID: uhid: Fix worker destroying device without any protection (Jann Horn) - Bluetooth: fix init and cleanup of sco_conn.timeout_work (Desmond Cheong Zhi Xi) - Bluetooth: schedule SCO timeouts with delayed_work (Desmond Cheong Zhi Xi) - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (Larry Finger) - media: uvcvideo: fix division by zero at stream start (Johan Hovold) - orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (Christophe JAILLET) - drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (Nathan Chancellor) - staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() (Nathan Chancellor) - random: fix data race on crng init time (Eric Biggers) - random: fix data race on crng_node_pool (Eric Biggers) - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (Brian Silverman) - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (Marc Kleine-Budde) - mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() (Andy Shevchenko) - USB: Fix 'slab-out-of-bounds Write' bug in usb_hcd_poll_rh_status (Alan Stern) - USB: core: Fix bug in resuming hub's handling of wakeup requests (Alan Stern) - Bluetooth: bfusb: fix division by zero in send path (Johan Hovold) - Linux 4.14.262 (Greg Kroah-Hartman) - mISDN: change function names to avoid conflicts (wolfgang huang) - net: udp: fix alignment problem in udp4_seq_show() (yangxingwu) - ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate (William Zhao) - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (Lixiaokeng) - ipv6: Do cleanup if attribute validation fails in multipath route (David Ahern) - ipv6: Continue processing multipath route even if gateway attribute is invalid (David Ahern) - phonet: refcount leak in pep_sock_accep (Hangyu Hua) - rndis_host: support Hytera digital radios (Thomas Toye) - power: reset: ltc2952: Fix use of floating point literals (Nathan Chancellor) - sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc (Eric Dumazet) - ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route (David Ahern) - ipv6: Check attribute length for RTA_GATEWAY in multipath route (David Ahern) - i40e: Fix incorrect netdev's real number of RX/TX queues (Jedrzej Jagielski) - i40e: fix use-after-free in i40e_sync_filters_subtask() (Di Zhu) - mac80211: initialize variable have_higher_than_11mbit (Tom Rix) - RDMA/core: Don't infoleak GRH fields (Leon Romanovsky) - ieee802154: atusb: fix uninit value in atusb_set_extended_addr (Pavel Skripkin) - virtio_pci: Support surprise removal of virtio pci device (Parav Pandit) - tracing: Tag trace_percpu_buffer as a percpu pointer (Naveen N. Rao) - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (Naveen N. Rao) - Bluetooth: btusb: Apply QCA Rome patches for some ATH3012 models (Takashi Iwai) [4.14.35-2047.512.3] - lib/timerqueue: Rely on rbtree semantics for next timer (Davidlohr Bueso) [Orabug: 33406086] {CVE-2021-20317} - rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940520] - uek-rpm: remove uek-rpm/ol8 (John Donnelly) [Orabug: 33665655] - uek-rpm: Enable config CONFIG_SCSI_MQ_DEFAULT (Saeed Mirzamohammadi) [Orabug: 33973455] - sched: restore the sliding search window for select_idle_cpu() (Libo Chen) [Orabug: 33965297] - NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958155] {CVE-2022-24448} - Linux 4.14.261 (Greg Kroah-Hartman) - sctp: use call_rcu to free endpoint (Xin Long) - net: fix use-after-free in tw_timer_handler (Muchun Song) - Input: spaceball - fix parsing of movement data packets (Leo L. Schwab) - Input: appletouch - initialize work before device registration (Pavel Skripkin) - binder: fix async_free_space accounting for empty parcels (Todd Kjos) - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. (Vincent Pelletier) - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. (Mathias Nyman) - uapi: fix linux/nfc.h userspace compilation errors (Dmitry V. Levin) - nfc: uapi: use kernel size_t to fix user-space builds (Krzysztof Kozlowski) - fsl/fman: Fix missing put_device() call in fman_port_probe (Miaoqian Lin) - NFC: st21nfca: Fix memory leak in device probe and remove (Wei Yongjun) - net: usb: pegasus: Do not drop long Ethernet frames (Matthias-Christian Ott) - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (Dan Carpenter) - selinux: initialize proto variable in selinux_ip_postroute_compat() (Tom Rix) - recordmcount.pl: fix typo in s390 mcount regex (Heiko Carstens) - platform/x86: apple-gmux: use resource_size() with res (Wang Qing) - HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option (Hans de Goede) - Linux 4.14.260 (Greg Kroah-Hartman) - phonet/pep: refuse to enable an unbound pipe (Remi Denis-Courmont) - hamradio: improve the incomplete fix to avoid NPD (Lin Ma) - hamradio: defer ax25 kfree after unregister_netdev (Lin Ma) - ax25: NPD bug when detaching AX25 device (Lin Ma) - hwmon: (lm90) Do not report 'busy' status bit as alarm (Guenter Roeck) - KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (Sean Christopherson) - usb: gadget: u_ether: fix race in setting MAC address in setup phase (Marian Postevca) - f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() (Chao Yu) - ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (Ard Biesheuvel) - pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines (Fabien Dessenne) - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (Andrew Cooper) - Input: atmel_mxt_ts - fix double free in mxt_read_info_block (Jose Exposito) - ALSA: drivers: opl3: Fix incorrect use of vp->state (Colin Ian King) - ALSA: jack: Check the return value of kstrdup() (Xiaoke Wang) - hwmon: (lm90) Fix usage of CONFIG2 register in detect function (Guenter Roeck) - sfc: falcon: Check null pointer of rx_queue->page_ring (Jiasheng Jiang) - drivers: net: smc911x: Check for error irq (Jiasheng Jiang) - fjes: Check for error irq (Jiasheng Jiang) - bonding: fix ad_actor_system option setting to default (Fernando Fernandez Mancera) - net: skip virtio_net_hdr_set_proto if protocol already set (Willem de Bruijn) - qlcnic: potential dereference null pointer of rx_queue->page_ring (Jiasheng Jiang) - spi: change clk_disable_unprepare to clk_unprepare (Dongliang Mu) - HID: holtek: fix mouse probing (Benjamin Tissoires) - can: kvaser_usb: get CAN clock frequency from device (Jimmy Assarsson) - net: usb: lan78xx: add Allied Telesis AT29M2-AF (Greg Jesionowski) - x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33937656] {CVE-2021-26401} - Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401} - x86/speculation: Fix bug in retpoline mode on AMD with 'spectre_v2=none' (Patrick Colp) [Orabug: 33937656] {CVE-2021-26401} - ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925502] - ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516} - ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917057] {CVE-2020-36516} - lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33910800] {CVE-2022-0847} - x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33890092] - udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870267] {CVE-2022-0617} - udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870267] {CVE-2022-0617} - scsi: libiscsi: Hold back_lock when calling iscsi_complete_task (Gulam Mohamed) [Orabug: 33851182] - drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840433] {CVE-2022-22942} - drm/i915: Flush TLBs before releasing backing store (Tvrtko Ursulin) [Orabug: 33835811] {CVE-2022-0330} - proc/vmcore: fix clearing user buffer by properly using clear_user() (David Hildenbrand) [Orabug: 33832650] - rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820767] - rds: ib: Make selection of completion_vector QoS aware (Hakon Bugge) [Orabug: 33819408] - Enable CONFIG_DM_DUST and nano for UEK5 (Gulam Mohamed) [Orabug: 33653698] - dm dust: use dust block size for badblocklist index (Bryan Gurney) [Orabug: 33653698] - dm dust: Make dm_dust_init and dm_dust_exit static (YueHaibing) [Orabug: 33653698] - dm dust: remove redundant unsigned comparison to less than zero (Colin Ian King) [Orabug: 33653698] - dm: add dust target (Bryan Gurney) [Orabug: 33653698] - hugetlbfs: flush TLBs correctly after huge_pmd_unshare (Nadav Amit) [Orabug: 33617219] {CVE-2021-4002} - rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820747] - uek-rpm: Add missing symbols to kabi_lockedlist (Stephen Brennan) [Orabug: 33871558] [4.14.35-2047.512.1] - Revert 'stable: clamp SUBLEVEL in 4.14' (Alan Maguire) [Orabug: 33861950] - tipc: improve size validations for received domain records (Jon Maloy) [Orabug: 33850803] {CVE-2022-0435} - cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33825688] {CVE-2022-0492} - blk-stat: delete useless code (Shaohua Li) [Orabug: 33772945] - DMA/rxe: Update default value of RXE_MAX_PDN (Rao Shoaib) [Orabug: 33676598] [4.14.35-2047.512.0] - bpf: Disallow unprivileged bpf by default (Pawan Gupta) [Orabug: 33734682] - bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33734682] - RDMA/rxe: Use correct sizing on buffers holding page DMA addresses (Shiraz Saleem) [Orabug: 33676942] - hwmon: (k10temp) Add support for Zen3 CPUs (Rahul Rohit) [Orabug: 33782835] - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (Ard Biesheuvel) [Orabug: 33787546] - uek-rpm: Pensando: Enable Elba EDAC (Dave Kleikamp) [Orabug: 33831294] - dsc-drivers: update for 1.15.9-C-64 (Dave Kleikamp) [Orabug: 33831294] - drivers/hwmon: Adding support LTC3888 (David Clear) [Orabug: 33831294] - drivers/edac: Add Elba EDAC support (David Clear) [Orabug: 33831294] - arm64/configs: Remove CONFIG_PENSANDO_SOC_CAPMEM_HUGEPAGE (David Clear) [Orabug: 33831294] - drivers/soc/pensando: Add reset cause driver (David Clear) [Orabug: 33831294] - net/rds: Fix memory leak in __rds_conn_create() on alloc_ordered_workqueue fail (Freddy Carrillo) [Orabug: 33811475] - x86/smpboot: check cpu_initialized_mask first after returning from schedule() (Dongli Zhang) [Orabug: 33544127] - Linux 4.14.259 (Greg Kroah-Hartman) - xen/console: harden hvc_xen against event channel storms (Juergen Gross) - Input: touchscreen - avoid bitwise vs logical OR warning (Nathan Chancellor) - ARM: 8800/1: use choice for kernel unwinders (Stefan Agner) - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (Nathan Chancellor) - ARM: 8805/2: remove unneeded naked function usage (Nicolas Pitre) - net: lan78xx: Avoid unnecessary self assignment (Nathan Chancellor) - fuse: annotate lock in fuse_reverse_inval_entry() (Miklos Szeredi) - ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (Fabio Estevam) - firmware: arm_scpi: Fix string overflow in SCPI genpd driver (Sudeep Holla) - net: systemport: Add global locking for descriptor lifecycle (Florian Fainelli) - libata: if T_LENGTH is zero, dma direction should be DMA_NONE (George Kennedy) - timekeeping: Really make sure wall_to_monotonic isn't positive (Yu Liao) - USB: serial: option: add Telit FN990 compositions (Daniele Palmas) - PCI/MSI: Mask MSI-X vectors only on success (Stefan Roese) - PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (Thomas Gleixner) - USB: gadget: bRequestType is a bitfield, not a enum (Greg Kroah-Hartman) - sit: do not call ipip6_dev_free() from sit_init_net() (Eric Dumazet) - net/packet: rx_owner_map depends on pg_vec (Willem de Bruijn) - ixgbe: set X550 MDIO speed before talking to PHY (Cyril Novikov) - igbvf: fix double free in 'igbvf_probe' (Letu Ren) - soc/tegra: fuse: Fix bitwise vs. logical OR warning (Nathan Chancellor) - dmaengine: st_fdma: fix MODULE_ALIAS (Alyssa Ross) - ARM: socfpga: dts: fix qspi node compatible (Dinh Nguyen) - x86/sme: Explicitly map new EFI memmap table as encrypted (Tom Lendacky) - nfsd: fix use-after-free due to delegation race (J. Bruce Fields) - audit: improve robustness of the audit queue handling (Paul Moore) - dm btree remove: fix use after free in rebalance_children() (Joe Thornber) - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (Jerome Marchand) - mac80211: send ADDBA requests using the tid/queue of the aggregation session (Felix Fietkau) - hwmon: (dell-smm) Fix warning on /proc/i8k creation error (Armin Wolf) - bpf: fix panic due to oob in bpf_prog_test_run_skb (Daniel Borkmann) - tracing: Fix a kmemleak false positive in tracing_map (Chen Jun) - net: netlink: af_netlink: Prevent empty skb by adding a check on len. (Harshit Mogalapalli) - i2c: rk3x: Handle a spurious start completion interrupt flag (Ondrej Jirman) - parisc/agp: Annotate parisc agp init functions with __init (Helge Deller) - net/mlx4_en: Update reported link modes for 1/10G (Erik Ekman) - drm/msm/dsi: set default num_data_lanes (Philip Chen) - nfc: fix segfault in nfc_genl_dump_devices_done (Tadeusz Struk) - Linux 4.14.258 (Greg Kroah-Hartman) - irqchip: nvic: Fix offset for Interrupt Priority Offsets (Vladimir Murzin) - irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL (Wudi Wang) - irqchip/armada-370-xp: Fix support for Multi-MSI interrupts (Pali Rohar) - irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() (Pali Rohar) - iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove (Yang Yingliang) - iio: adc: axp20x_adc: fix charging current reporting on AXP22x (Evgeny Boger) - iio: dln2: Check return value of devm_iio_trigger_register() (Lars-Peter Clausen) - iio: dln2-adc: Fix lockdep complaint (Noralf Tronnes) - iio: itg3200: Call iio_trigger_notify_done() on error (Lars-Peter Clausen) - iio: kxsd9: Don't return error code in trigger handler (Lars-Peter Clausen) - iio: ltr501: Don't return error code in trigger handler (Lars-Peter Clausen) - iio: mma8452: Fix trigger reference couting (Lars-Peter Clausen) - iio: stk3310: Don't return error code in interrupt handler (Lars-Peter Clausen) - iio: trigger: stm32-timer: fix MODULE_ALIAS (Alyssa Ross) - iio: trigger: Fix reference counting (Lars-Peter Clausen) - usb: core: config: using bit mask instead of individual bits (Pavel Hofman) - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending (Kai-Heng Feng) - usb: core: config: fix validation of wMaxPacketValue entries (Pavel Hofman) - USB: gadget: zero allocate endpoint 0 buffers (Greg Kroah-Hartman) - USB: gadget: detect too-big endpoint 0 requests (Greg Kroah-Hartman) - net/qla3xxx: fix an error code in ql_adapter_up() (Dan Carpenter) - net, neigh: clear whole pneigh_entry at alloc time (Eric Dumazet) - net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (Joakim Zhang) - net: altera: set a couple error code in probe() (Dan Carpenter) - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (Lee Jones) - qede: validate non LSO skb length (Manish Chopra) - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (Davidlohr Bueso) - signalfd: use wake_up_pollfree() (Eric Biggers) - binder: use wake_up_pollfree() (Eric Biggers) - wait: add wake_up_pollfree() (Eric Biggers) - libata: add horkage for ASMedia 1092 (Hannes Reinecke) - can: m_can: Disable and ignore ELO interrupt (Brian Silverman) - can: pch_can: pch_can_rx_normal: fix use after free (Vincent Mailhol) - tracefs: Have new files inherit the ownership of their parent (Steven Rostedt (VMware)) - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() (Takashi Iwai) - ALSA: pcm: oss: Limit the period size to 16MB (Takashi Iwai) - ALSA: pcm: oss: Fix negative period/buffer sizes (Takashi Iwai) - ALSA: ctl: Fix copy of updated id with element read/write (Alan Young) - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (Manjong Lee) - IB/hfi1: Correct guard on eager buffer deallocation (Mike Marciniszyn) - seg6: fix the iif in the IPv6 socket control block (Andrea Mayer) - nfp: Fix memory leak in nfp_cpp_area_cache_add() (Jianglei Nie) - bpf: Fix the off-by-two error in range markings (Maxim Mikityanskiy) - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (Krzysztof Kozlowski) - can: sja1000: fix use after free in ems_pcmcia_add_card() (Dan Carpenter) - HID: check for valid USB device for many HID drivers (Greg Kroah-Hartman) - HID: wacom: fix problems when device is not a valid USB device (Greg Kroah-Hartman) - HID: add USB_HID dependancy on some USB HID drivers (Greg Kroah-Hartman) - HID: add USB_HID dependancy to hid-chicony (Greg Kroah-Hartman) - HID: add USB_HID dependancy to hid-prodikeys (Greg Kroah-Hartman) - HID: add hid_is_usb() function to make it simpler for USB detection (Greg Kroah-Hartman) - Linux 4.14.257 (Greg Kroah-Hartman) {CVE-2021-38199} - parisc: Mark cr16 CPU clocksource unstable on all SMP machines (Helge Deller) - serial: core: fix transmit-buffer reset and memleak (Johan Hovold) - serial: pl011: Add ACPI SBSA UART match id (Pierre Gondois) - tty: serial: msm_serial: Deactivate RX DMA for polling support (Sven Eckelmann) - x86/64/mm: Map all kernel memory into trampoline_pgd (Joerg Roedel) - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (Badhri Jagan Sridharan) - xhci: Fix commad ring abort, write all 64 bits to CRCR register. (Mathias Nyman) - vgacon: Propagate console boot parameters before calling 'vc_resize' (Maciej W. Rozycki) - parisc: Fix 'make install' on newer debian releases (Helge Deller) - parisc: Fix KBUILD_IMAGE for self-extracting kernel (Helge Deller) - net/smc: Keep smc_close_final rc during active close (Tony Lu) - net/rds: correct socket tunable error in rds_tcp_tune() (William Kucharski) - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (Sven Schuchmann) - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (Zhou Qingyang) - siphash: use _unaligned version by default (Arnd Bergmann) - net: mpls: Fix notifications when deleting a device (Benjamin Poirier) - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (Zhou Qingyang) - natsemi: xtensa: fix section mismatch warnings (Randy Dunlap) - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (Baokun Li) - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (Baokun Li) - kprobes: Limit max data_size of the kretprobe instances (Masami Hiramatsu) - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (Stephen Suryaputra) - perf hist: Fix memory leak of a perf_hpp_fmt (Ian Rogers) - net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() (Teng Qi) - net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound (zhangyue) - ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (Teng Qi) - scsi: iscsi: Unblock session then wake up error handler (Mike Christie) - thermal: core: Reset previous low and high trip during thermal zone init (Manaf Meethalavalappu Pallikunhi) - btrfs: check-integrity: fix a warning on write caching disabled disk (Wang Yugui) - s390/setup: avoid using memblock_enforce_memory_limit (Vasily Gorbik) - platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep (Slark Xiao) - net: return correct error code (liuguoqiang) - NFSv42: Fix pagecache invalidation after COPY/CLONE (Benjamin Coddington) - ipc: WARN if trying to remove ipc object which is absent (Alexander Mikhalitsyn) - shm: extend forced shm destroy to support objects from several IPC nses (Alexander Mikhalitsyn) - tty: hvc: replace BUG_ON() with negative return value (Juergen Gross) - xen: sync include/xen/interface/io/ring.h with Xen's newest version (Juergen Gross) - fuse: release pipe buf after last use (Miklos Szeredi) - NFC: add NCI_UNREG flag to eliminate the race (Lin Ma) - arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (Marek Behun) - arm64: dts: marvell: armada-37xx: declare PCIe reset pin (Miquel Raynal) - pinctrl: armada-37xx: Correct PWM pins definitions (Marek Behun) - pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup (Gregory CLEMENT) - pinctrl: armada-37xx: Correct mpp definitions (Marek Behun) - PCI: aardvark: Fix checking for link up via LTSSM state (Pali Rohar) - PCI: aardvark: Fix link training (Pali Rohar) - PCI: aardvark: Fix PCIe Max Payload Size setting (Pali Rohar) - PCI: aardvark: Configure PCIe resources from 'ranges' DT property (Pali Rohar) - PCI: aardvark: Remove PCIe outbound window configuration (Evan Wang) - PCI: aardvark: Update comment about disabling link training (Pali Rohar) - PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() (Pali Rohar) - PCI: aardvark: Fix compilation on s390 (Pali Rohar) - PCI: aardvark: Don't touch PCIe registers if no card connected (Pali Rohar) - PCI: aardvark: Introduce an advk_pcie_valid_device() helper (Thomas Petazzoni) - PCI: aardvark: Indicate error in 'val' when config read fails (Pali Rohar) - PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros (Pali Rohar) - PCI: aardvark: Issue PERST via GPIO (Pali Rohar) - PCI: aardvark: Improve link training (Marek Behun) - PCI: aardvark: Train link immediately after enabling training (Pali Rohar) - PCI: aardvark: Wait for endpoint to be ready before training link (Remi Pommarel) - PCI: aardvark: Fix a leaked reference by adding missing of_node_put() (Wen Yang) - PCI: aardvark: Fix I/O space page leak (Sergei Shtylyov) - s390/mm: validate VMA in PGSTE manipulation functions (David Hildenbrand) - tracing: Check pid filtering when creating events (Steven Rostedt (VMware)) - vhost/vsock: fix incorrect used length reported to the guest (Stefano Garzarella) - net/smc: Don't call clcsock shutdown twice when smc shutdown (Tony Lu) - MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 (Huang Pei) - tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows (Eric Dumazet) - net/smc: Ensure the active closing peer first closes clcsock (Tony Lu) - ipv6: fix typos in __ip6_finish_output() (Eric Dumazet) - drm/vc4: fix error code in vc4_create_object() (Dan Carpenter) - scsi: mpt3sas: Fix kernel panic during drive powercycle test (Sreekanth Reddy) - ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (Takashi Iwai) - NFSv42: Don't fail clone() unless the OP_CLONE operation failed (Trond Myklebust) - net: ieee802154: handle iftypes as u32 (Alexander Aring) - ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (Takashi Iwai) - ARM: dts: BCM5301X: Add interrupt properties to GPIO node (Florian Fainelli) - ARM: dts: BCM5301X: Fix I2C controller interrupt (Florian Fainelli) - netfilter: ipvs: Fix reuse connection if RS weight is 0 (yangxingwu) - tracing: Fix pid filtering when triggers are attached (Steven Rostedt (VMware)) - xen: detect uninitialized xenbus in xenbus_init (Stefano Stabellini) - xen: don't continue xenstore initialization in case of errors (Stefano Stabellini) - fuse: fix page stealing (Miklos Szeredi) - staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (Dan Carpenter) - HID: wacom: Use 'Confidence' flag to prevent reporting invalid contacts (Jason Gerecke) - media: cec: copy sequence field for the reply (Hans Verkuil) - ALSA: ctxfi: Fix out-of-range access (Takashi Iwai) - usb: hub: Fix locking issues with address0_mutex (Mathias Nyman) - usb: hub: Fix usb enumeration issue due to address0 race (Mathias Nyman) - USB: serial: option: add Fibocom FM101-GL variants (Mingjie Zhang) - USB: serial: option: add Telit LE910S1 0x9200 composition (Daniele Palmas) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-27666 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.307.3.1] - Revert 'rds/ib: recover rds connection from stuck tx path' (Nagappan Ramasamy Palaniappan) [Orabug: 34124233] [5.4.17-2136.307.3] - kvm: debugfs: fix memory leak in kvm_create_vm_debugfs (Pavel Skripkin) [Orabug: 33099019] - KVM: debugfs: Reuse binary stats descriptors (Jing Zhang) [Orabug: 33099019] - KVM: selftests: Add selftest for KVM statistics data binary interface (Jing Zhang) [Orabug: 33099019] - KVM: stats: Add documentation for binary statistics interface (Jing Zhang) [Orabug: 33099019] - KVM: stats: Support binary stats retrieval for a VCPU (Jing Zhang) [Orabug: 33099019] - KVM: stats: Support binary stats retrieval for a VM (Jing Zhang) [Orabug: 33099019] - KVM: stats: Add fd-based API to read binary stats data (Jing Zhang) [Orabug: 33099019] - KVM: stats: Separate generic stats from architecture specific ones (Jing Zhang) [Orabug: 33099019] - KVM: switch per-VM stats to u64 (Paolo Bonzini) [Orabug: 33099019] - kvm_host: unify VM_STAT and VCPU_STAT definitions in a single place (Emanuele Giuseppe Esposito) [Orabug: 33099019] - kvm: Refactor handling of VM debugfs files (Milan Pandurov) [Orabug: 33099019] - mpt3sas: avoid SOFT_RESET on shutdown (John Donnelly) [Orabug: 33666018] - scsi: mpt3sas: Clean up some inconsistent indenting (Colin Ian King) [Orabug: 33666018] - scsi: mpt3sas: Fix incorrectly assigned error return and check (Colin Ian King) [Orabug: 33666018] - scsi: mpt3sas: Introduce sas_ncq_prio_supported sysfs sttribute (Damien Le Moal) [Orabug: 33666018] - scsi: mpt3sas: Update driver version to 39.100.00.00 (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Use firmware recommended queue depth (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Bump driver version to 38.100.00.00 (Sreekanth Reddy) [Orabug: 33666018] - scsi: mpt3sas: Transition IOC to Ready state during shutdown (Sreekanth Reddy) [Orabug: 33666018] - scsi: mpt3sas: Fix Coverity reported issue (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Fix fall-through warnings for Clang (Gustavo A. R. Silva) [Orabug: 33666018] - scsi: mpt3sas: Handle firmware faults during second (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Handle firmware faults during first half of IOC init (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Fix deadlock while cancelling the running firmware event (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Documentation cleanup (Randy Dunlap) [Orabug: 33666018] - scsi: mpt3sas: Fix two kernel-doc headers (Bart Van Assche) [Orabug: 33666018] - scsi: mpt3sas: Fix out-of-bounds warnings in _ctl_addnl_diag_query (Gustavo A. R. Silva) [Orabug: 33666018] - scsi: mpt3sas: Fix endianness for ActiveCablePowerRequirement (Sreekanth Reddy) [Orabug: 33666018] - scsi: mpt3sas: Only one vSES is present even when IOC has multi vSES (Sreekanth Reddy) [Orabug: 33666018] - scsi: mpt3sas: Fix a typo (Bhaskar Chowdhury) [Orabug: 33666018] - scsi: mpt3sas: Fix a few kernel-doc issues (Lee Jones) [Orabug: 33666018] - scsi: mpt3sas: Update driver version to 37.101.00.00 (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Force reply post array allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Force reply post buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Force reply buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Force sense buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Force chain buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Force PCIe scatterlist allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Replace unnecessary dynamic allocation with a static one (Gustavo A. R. Silva) [Orabug: 33666018] - scsi: mpt3sas: Do not use GFP_KERNEL in atomic context (Christophe JAILLET) [Orabug: 33666018] - scsi: mpt3sas: Fix some kernel-doc misnaming issues (Lee Jones) [Orabug: 33666018] - scsi: mpt3sas: Fix a couple of misdocumented functions/params (Lee Jones) [Orabug: 33666018] - scsi: mpt3sas: Fix a bunch of potential naming doc-rot (Lee Jones) [Orabug: 33666018] - scsi: mpt3sas: Move a little data from the stack onto the heap (Lee Jones) [Orabug: 33666018] - scsi: mpt3sas: Fix misspelling of _base_put_smid_default_atomic() (Lee Jones) [Orabug: 33666018] - scsi: mpt3sas: Update driver version to 37.100.00.00 (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Additional diagnostic buffer query interface (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Fix ReplyPostFree pool allocation (Sreekanth Reddy) [Orabug: 33666018] - scsi: mpt3sas: Simplify bool comparison (YANG LI) [Orabug: 33666018] - scsi: mpt3sas: Fix spelling mistake in Kconfig 'compatiblity' -> 'compatibility' (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Signedness bug in _base_get_diag_triggers() (Dan Carpenter) [Orabug: 33666018] - mei: me: disable driver on the ign firmware (Alexander Usyskin) [Orabug: 34018919] - mei: add device kind to sysfs (Alexander Usyskin) [Orabug: 34018919] - mei: me: add MEI device for SPT with ITPS capability (Tomas Winkler) [Orabug: 34018919] - mei: me: make mei_me_fw_sku_sps_4() less cryptic (Tomas Winkler) [Orabug: 34018919] - mei: me: constify the device parameter to the probe quirk (Tomas Winkler) [Orabug: 34018919] - mei: me: disable mei interface on Mehlow server platforms (Tomas Winkler) [Orabug: 34018919] - mei: fix CNL itouch device number to match the spec. (Alexander Usyskin) [Orabug: 34018919] - mei: me: disable mei interface on LBG servers. (Tomas Winkler) [Orabug: 34018919] - mei: me: mei_me_dev_init() use struct device instead of struct pci_dev. (Tomas Winkler) [Orabug: 34018919] - x86/speculation: Restore speculation related MSRs during S3 resume (Pawan Gupta) [Orabug: 34053700] - net: bpf: Make bpf_ktime_get_ns() available to non GPL programs (Maciej zenczykowski) [Orabug: 34079481] [5.4.17-2136.307.2] - net: sched: fix use-after-free in tc_new_tfilter() (Eric Dumazet) [Orabug: 34027161] {CVE-2022-1055} - rds: ib: Initialize SG table properly (Hakon Bugge) [Orabug: 34031913] - Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34039270] - mm: memcontrol: slab: fix obtain a reference to a freeing memcg (Muchun Song) [Orabug: 34045826] - mm: memcg/slab: fix use after free in obj_cgroup_charge (Muchun Song) [Orabug: 34045826] - mm/page-writeback: Fix performance when BDI's share of ratio is 0. (Chi Wu) [Orabug: 34050049] - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (Paolo Bonzini) [Orabug: 34034594] {CVE-2022-1158} [5.4.17-2136.307.1] - oracleasm: Fix block layer error conversion (Martin K. Petersen) [Orabug: 33413872] - oracleasm: Fix memory leak inadvertently caused by block layer changes (Martin K. Petersen) [Orabug: 33413872] - rds: Fix incorrect initialization order (Hakon Bugge) [Orabug: 33519061] - Fix switchdev transition after configuring 256 SFs (Mikhael Goikhman) [Orabug: 33913142] - net/mlx5: Remove all auxiliary devices at the unregister event (Leon Romanovsky) [Orabug: 33913153] - net/mlx5: E-Switch, handle devcom events only for ports on the same device (Roi Dayan) [Orabug: 33913153] - net/mlx5e: Don't create devices during unload flow (Dmytro Linkin) [Orabug: 33913153] - net/mlx5: Delete auxiliary bus driver eth-rep first (Maor Dickman) [Orabug: 33913153] - Fix deadlock with SFs created and devlink reload of parent PF (Mikhael Goikhman) [Orabug: 33913153] - phonet: refcount leak in pep_sock_accep (Hangyu Hua) [Orabug: 33962760] {CVE-2021-45095} - bpf: Lift hashtab key_size limit (Florian Lehner) [Orabug: 33968668] - net/rds: Fix math on error code (Freddy Carrillo) [Orabug: 33974713] - rds: ib: Fix racy credit tracepoints (Hakon Bugge) [Orabug: 33980855] - mm: fix MADV_DONTEXEC to clear VM_EXEC_KEEP (Anthony Yznaga) [Orabug: 33987399] - ice: create scheduler aggregator node config and move VSIs (Kiran Patil) [Orabug: 33993157] {CVE-2020-24502} {CVE-2020-245024} {CVE-2020-24503} - sched/topology: Don't set SD_BALANCE_WAKE on cpuset domain relax (Valentin Schneider) [Orabug: 33994395] - esp: Fix possible buffer overflow in ESP transformation (Steffen Klassert) [Orabug: 33997299] {CVE-2022-27666} - exec, elf: ignore invalid note data (Anthony Yznaga) [Orabug: 34003080] - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34012924] {CVE-2022-1016} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1016 CVE-2022-1055 CVE-2022-1158 CVE-2022-27666 CVE-2020-24504 CVE-2020-24502 CVE-2021-45095 CVE-2020-24503 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.307.3.2] - perf: Fix sys_perf_event_open() race against self (Peter Zijlstra) [Orabug: 34172709] {CVE-2022-1729} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1729 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 [4.14.35-2047.513.2.1] - perf: Fix sys_perf_event_open() race against self (Peter Zijlstra) [Orabug: 34175592] {CVE-2022-1729} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1729 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [4.14.35-2047.513.2.1.el7] - perf: Fix sys_perf_event_open() race against self (Peter Zijlstra) [Orabug: 34175592] {CVE-2022-1729} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1729 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.307.3.2] - perf: Fix sys_perf_event_open() race against self (Peter Zijlstra) [Orabug: 34172709] {CVE-2022-1729} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1729 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 8 [0.10.12-6.0.1.el8_6.1] - Replace HAM-logo.png with a generic one [0.10.12-6.el8_6.1] - Updated bundled rubygems: sinatra, rack-protection - Resolves: rhbz#2081331 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29970 cpe:/a:oracle:linux:8::addons Oracle Linux 6 [0:1.2.14-6.4.2] - Fix CVE-2022-23302, CVE-2022-23305, CVE-2022-23307, CVE-2017-5645 - [Orabug: 33868008] [0:1.2.14-6.4.1] - Fix remote code execution vulnerability - Resolves: CVE-2021-4104 [Orabug: 33689748] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-23307 CVE-2017-5645 CVE-2022-23305 CVE-2022-23302 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 7 [2.17-325.0.3.ksplice1] - Latest Ksplice-aware release. [2.17-325.0.3] - OraBug 33968985 Security Patches This release fixes CVE-2022-23219, CVE-2022-23218, and CVE-2021-3999 Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-23219 CVE-2022-23218 cpe:/a:oracle:linux:7::userspace_ksplice Oracle Linux 6 Oracle Linux 7 [4.1.12-124.62.3.1] - debug: Lock down kgdb (Stephen Brennan) [Orabug: 34152701] {CVE-2022-21499} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21499 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 7 [4.14.35-2047.513.2.2] - debug: Lock down kgdb (Stephen Brennan) [Orabug: 34152700] {CVE-2022-21499} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21499 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.307.3.4] - io_uring: always use original task when preparing req identity (Jens Axboe) [Orabug: 34186552] {CVE-2022-1786} [5.4.17-2136.307.3.3] - debug: Lock down kgdb (Stephen Brennan) [Orabug: 34152699] {CVE-2022-21499} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21499 CVE-2022-1786 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.307.3.4] - io_uring: always use original task when preparing req identity (Jens Axboe) [Orabug: 34186552] {CVE-2022-1786} [5.4.17-2136.307.3.3] - debug: Lock down kgdb (Stephen Brennan) [Orabug: 34152699] {CVE-2022-21499} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21499 CVE-2022-1786 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 [4.14.35-2047.513.2.2.el7] - debug: Lock down kgdb (Stephen Brennan) [Orabug: 34152700] {CVE-2022-21499} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21499 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 7 [15:4.2.1-17.el7] - arm/acpi: fix an out of spec _UID for PCI root (Michael S. Tsirkin) - arm/acpi: fix duplicated _UID of PCI interrupt link devices (Heyi Guo) - arm/acpi: fix PCI _PRT definition (Heyi Guo) - docs: fix references to docs/devel/atomics.rst (Stefano Garzarella) [Orabug: 33659123] - rcu: do not mention atomic_mb_read/set in documentation (Paolo Bonzini) [Orabug: 33659123] - atomics: update documentation (Paolo Bonzini) [Orabug: 33659123] - atomics: convert to reStructuredText (Paolo Bonzini) [Orabug: 33659123] - async: use explicit memory barriers (Paolo Bonzini) [Orabug: 33659123] - aio-wait: delegate polling of main AioContext if BQL not held (Paolo Bonzini) [Orabug: 33659123] - qapi: Add '@allow-write-only-overlay' feature for 'blockdev-snapshot' (Peter Krempa) [Orabug: 33888021] - iotests: Add iothread cases to 155 (Kevin Wolf) [Orabug: 33888021] - block: Fix cross-AioContext blockdev-snapshot (Kevin Wolf) [Orabug: 33888021] - iotests: Test mirror with temporarily disabled target backing file (Kevin Wolf) [Orabug: 33888021] - iotests: Fix run_job() with use_log=False (Kevin Wolf) [Orabug: 33888021] - block: Relax restrictions for blockdev-snapshot (Kevin Wolf) [Orabug: 33888021] - block: Make bdrv_get_cumulative_perm() public (Kevin Wolf) [Orabug: 33888021] - iotests: Use complete_and_wait() in 155 (Max Reitz) [Orabug: 33888021] - iotests: Support job-complete in run_job() (Kevin Wolf) [Orabug: 33888021] - linux-headers: update again to 5.8 (Paolo Bonzini) [Orabug: 34022218] - virtio-net: fix map leaking on error during receive (Jason Wang) [Orabug: 33941879] {CVE-2022-26353} - vhost-vsock: detach the virqueue element in case of error (Stefano Garzarella) [Orabug: 33941844] {CVE-2022-26354} - virtio-net: fix use after unmap/free for sg (Jason Wang) [Orabug: 33972912] {CVE-2021-3748} - migration: Report the error returned when save_live_iterate fails (David Edmondson) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-26354 CVE-2022-26353 CVE-2021-3748 cpe:/a:oracle:linux:7::developer_kvm_utils cpe:/a:oracle:linux:7::kvm_utils cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 libvirt [5.7.0-33.el7] - qemu: refresh vNUMA/SMT pinning. (Wim ten Have) [Orabug: 34083505] - qemu driver: Check exadataConfig and packCPUs whenever vNUMA/SMT applies (Wim ten Have) [Orabug: 34023508] - nwfilter: fix crash when counting number of network filters (Daniel P. Berrange) [Orabug: 33973639] {CVE-2022-0897} libvirt-python [5.7.0-33.el7] - bump and rebuild IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0897 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:linux:7::kvm_utils cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.307.3.5] - KVM: x86: avoid calling x86 emulator without a decoded instruction (Sean Christopherson) [Orabug: 34211496] {CVE-2022-1852} {CVE-2022-1852} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1852 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.307.3.5] - KVM: x86: avoid calling x86 emulator without a decoded instruction (Sean Christopherson) [Orabug: 34211496] {CVE-2022-1852} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1852 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 8 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-26353 CVE-2021-3748 CVE-2022-26354 CVE-2022-0897 cpe:/a:oracle:linux:8::kvm_appstream Oracle Linux 8 [15.6-1.0.3] - Update shimx64.efi and shimia32.efi signed by Microsoft [JIRA: OLDIS-16370] [15.6-1.0.2] - Update to shim-unsigned v15.6.rc2 [JIRA: OLDIS-16370] [15.6-1.0.1] - Update to shim-unsigned v15.6.rc1 [JIRA: OLDIS-16370] [15.5-1.0.3] - Update vendor certs [JIRA: OLDIS-16370] - Update oracle(grub2-sig-key) [JIRA: OLDIS-16370] [15.5-1.0.1] - Allow MokListTrusted to be enabled by default [Orabug: 33770149] - Add patchset to load additional certificates from vendor signed EFI binary [Orabug: 33770149] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-28737 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/o:oracle:linux:8:7:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 Oracle Linux 7 [15.6-1.0.7] - Update shimx64.efi and shimia32.efi signed by Microsoft [JIRA: OLDIS-16370] [15.6-1.0.5] - Update to shim-unsigned v15.6.rc2 [JIRA: OLDIS-16370] [15.6-1.0.3] - Add all algorithms using OPENSSL_add_all_algorithms [JIRA: OLDIS-16370] [15.6-1.0.1] - Update to 15.6.rc1 [JIRA: OLDIS-16370] - update CVE-2022-28737 patches [JIRA: OLDIS-16370] - Fix CVE-2022-28737 [JIRA: OLDIS-16370] [15.5-1.0.1] - update mokutils [JIRA: OLDIS-16370] - Import shim-15.5-1.0.1 [JIRA: OLDIS-16370] - Update vendor certs [JIRA: OLDIS-16370] - Update oracle(grub2-sig-key) [JIRA: OLDIS-16370] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-28737 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 7 [2.02-0.87.0.21.el7_9.9] - Add CVE-2022-28736 to the list [JIRA: OLDIS-16371] [2.02-0.87.0.19.el7_9.9] - Fix: CVE-2021-3695, CVE-2021-3696, CVE-2021-3697, CVE-2022-28733, CVE-2022-28734, CVE-2022-28735 [JIRA: OLDIS-16371] - Various coverity fixes [JIRA: OLDIS-16371] - bump SBAT generation [JIRA: OLDIS-16371] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-28733 CVE-2022-28734 CVE-2021-3696 CVE-2021-3697 CVE-2022-28735 CVE-2022-28736 CVE-2021-3695 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [2.02-123.0.3] - Add CVE-2022-28736 to the list [JIRA: OLDIS-16371] [2.02-123.0.2] - Fix: CVE-2021-3695, CVE-2021-3696, CVE-2021-3697, CVE-2022-28733, CVE-2022-28734, CVE-2022-28735 [JIRA: OLDIS-16371] - Various coverity fixes [JIRA: OLDIS-16371] - bump SBAT generation IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-3696 CVE-2022-28733 CVE-2021-3697 CVE-2022-28734 CVE-2021-3695 CVE-2022-28735 CVE-2022-28736 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest Oracle Linux 7 [4.14.35-2047.514.3] - uek-rpm: Update OL7 SecureBoot certificate files (Saeed Mirzamohammadi) [Orabug: 34219958] [4.14.35-2047.514.2] - perf: Fix sys_perf_event_open() race against self (Peter Zijlstra) [Orabug: 34207044] {CVE-2022-1729} - debug: Lock down kgdb (Stephen Brennan) [Orabug: 34207043] {CVE-2022-21499} [4.14.35-2047.514.1] - uek: kabi: Correct kABI symbols (Saeed Mirzamohammadi) [Orabug: 34162205] - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (Takashi Iwai) [Orabug: 34007906] {CVE-2022-1048} - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (Takashi Iwai) [Orabug: 34007906] {CVE-2022-1048} - ALSA: pcm: Fix races among concurrent prealloc proc writes (Takashi Iwai) [Orabug: 34007906] {CVE-2022-1048} - ALSA: pcm: Fix races among concurrent read/write and buffer changes (Takashi Iwai) [Orabug: 34007906] {CVE-2022-1048} - Revert 'net: micrel: fix KS8851_MLL Kconfig' (Marek Vasut) - Revert 'net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link' (Greg Kroah-Hartman) - x86/cpu: Load microcode during restore_processor_state() (Borislav Petkov) - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (Codrin Ciubotariu) [4.14.35-2047.514.0] - memstick: rtsx_usb_ms: fix UAF (Tong Zhang) [Orabug: 34132125] {CVE-2022-0487} - A/A Bonding: Allow setting rdmaip_active_bonding_failback param (Sharath Srinivasan) [Orabug: 34130294] - drm/vgem: Close use-after-free race in vgem_gem_create (Daniel Vetter) [Orabug: 34111756] - drm/vgem: Reclassify buffer creation debug message (Chris Wilson) [Orabug: 34111756] - nbd: Fix NULL pointer in flush_workqueue (Sun Ke) [Orabug: 34111753] - IB/cma: Allow XRC INI QPs to set their local ACK timeout (Hakon Bugge) [Orabug: 34094202] - vfs: make sync_filesystem return errors from ->sync_fs (Darrick J. Wong) [Orabug: 34084997] - xfs: prevent UAF in xfs_log_item_in_current_chkpt (Darrick J. Wong) [Orabug: 34084997] - xfs: check sb_meta_uuid for dabuf buffer recovery (Dave Chinner) [Orabug: 34084997] - xfs: only run COW extent recovery when there are no live extents (Darrick J. Wong) [Orabug: 34084997] - rds/ib: Fix ib_rx_total_frags while freeing frags (Praveen Kumar Kannoju) [Orabug: 34066623] - rds: ib: Force 16-byte alignment on rds_ib_device (Hakon Bugge) [Orabug: 34043118] - rds: ib: INFO: trying to register non-static key during rmmod (Freddy Carrillo) [Orabug: 34041727] - mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin Guay) [Orabug: 26526968] [Orabug: 33602562] - xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26526923] [Orabug: 33602562] - Linux 4.14.276 (Greg Kroah-Hartman) - i2c: pasemi: Wait for write xfers to finish (Martin Poviser) - smp: Fix offline cpu check in flush_smp_call_function_queue() (Nadav Amit) - ARM: davinci: da850-evm: Avoid NULL pointer dereference (Nathan Chancellor) - ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (Fabio M. De Francesco) - gcc-plugins: latent_entropy: use /dev/urandom (Jason A. Donenfeld) - mm: kmemleak: take a full lowmem check in kmemleak_*_phys() (Patrick Wang) - mm, page_alloc: fix build_zonerefs_node() (Juergen Gross) - drivers: net: slip: fix NPD bug in sl_tx_timeout() (Duoming Zhou) - scsi: mvsas: Add PCI ID of RocketRaid 2640 (Alexey Galakhov) - gpu: ipu-v3: Fix dev_dbg frequency output (Leo Ruan) - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (Christian Lamparter) - net: micrel: fix KS8851_MLL Kconfig (Randy Dunlap) - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (Tyrel Datwyler) - scsi: target: tcmu: Fix possible page UAF (Xiaoguang Wang) - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (Michael Kelley) - drm/amdkfd: Check for potential null return of kmalloc_array() (QintaoShen) - drm/amd: Add USBC connector ID (Aurabindo Pillai) - cifs: potential buffer overflow in handling symlinks (Harshit Mogalapalli) - nfc: nci: add flush_workqueue to prevent uaf (Lin Ma) - net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link (Dinh Nguyen) - mlxsw: i2c: Fix initialization error flow (Vadim Pasternak) - gpiolib: acpi: use correct format characters (Linus Torvalds) - veth: Ensure eth header is in skb's linear part (Guillaume Nault) - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (Miaoqian Lin) - xfrm: policy: match with both mark and mask on user interfaces (Xin Long) - cgroup: Use open-time cgroup namespace for process migration perm checks (Tejun Heo) - cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv (Tejun Heo) - cgroup: Use open-time credentials for process migraton perm checks (Tejun Heo) - mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning (Waiman Long) - arm64: module: remove (NOLOAD) from linker script (Fangrui Song) - mm: don't skip swap entry even if zap_details specified (Peter Xu) - dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (Vinod Koul) - tools build: Use instead of to get embedded libperl's ccopts (Arnaldo Carvalho de Melo) - perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - arm64: patch_text: Fixup last cpu should be master (Guo Ren) - btrfs: fix qgroup reserve overflow the qgroup limit (Ethan Lien) - x86/speculation: Restore speculation related MSRs during S3 resume (Pawan Gupta) - x86/pm: Save the MSR validity status at context setup (Pawan Gupta) - mm/mempolicy: fix mpol_new leak in shared_policy_replace (Miaohe Lin) - mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0) (Paolo Bonzini) - Revert 'mmc: sdhci-xenon: fix annoying 1.8V regulator warning' (Pali Rohar) - drbd: Fix five use after free bugs in get_initial_state (Lv Yunlong) - drm/imx: Fix memory leak in imx_pd_connector_get_modes (Jose Exposito) - net: stmmac: Fix unset max_speed difference between DT and non-DT platforms (Chen-Yu Tsai) - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (Christophe JAILLET) - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (Dan Carpenter) - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (Mauricio Faria de Oliveira) - net: add missing SOF_TIMESTAMPING_OPT_ID support (Willem de Bruijn) - ipv6: add missing tx timestamping on IPPROTO_RAW (Willem de Bruijn) - parisc: Fix CPU affinity for Lasi, WAX and Dino chips (Helge Deller) - jfs: prevent NULL deref in diFree (Haimin Zhang) - virtio_console: eliminate anonymous module_init & module_exit (Randy Dunlap) - serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() (Jiri Slaby) - NFS: swap-out must always use STABLE writes. (NeilBrown) - NFS: swap IO handling is slightly different for O_DIRECT IO (NeilBrown) - SUNRPC/call_alloc: async tasks mustn't block waiting for memory (NeilBrown) - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (Lucas Denefle) - init/main.c: return 1 from handled __setup() functions (Randy Dunlap) - Bluetooth: Fix use after free in hci_send_acl (Luiz Augusto von Dentz) - xtensa: fix DTC warning unit_address_format (Max Filippov) - usb: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (H. Nikolaus Schaller) - scsi: libfc: Fix use after free in fc_exch_abts_resp() (Jianglei Nie) - MIPS: fix fortify panic when copying asm exception handlers (Alexander Lobakin) - bnxt_en: Eliminate unintended link toggle during FW reset (Michael Chan) - macvtap: advertise link netns via netlink (Sven Eckelmann) - net/smc: correct settings of RMB window update limit (Dust Li) - scsi: aha152x: Fix aha152x_setup() __setup handler return value (Randy Dunlap) - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (Damien Le Moal) - dm ioctl: prevent potential spectre v1 gadget (Jordy Zomer) - iommu/arm-smmu-v3: fix event handling soft lockup (Zhou Guanghui) - PCI: aardvark: Fix support for MSI interrupts (Pali Rohar) - powerpc: Set crashkernel offset to mid of RMA region (Sourabh Jain) - power: supply: axp20x_battery: properly report current when discharging (Evgeny Boger) - scsi: bfa: Replace snprintf() with sysfs_emit() (Yang Guang) - scsi: mvsas: Replace snprintf() with sysfs_emit() (Yang Guang) - powerpc: dts: t104xrdb: fix phy type for FMAN 4/5 (Maxim Kiselev) - ptp: replace snprintf with sysfs_emit (Yang Guang) - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (Zekun Shen) - KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs (Jim Mattson) - ARM: 9187/1: JIVE: fix return value of __setup handler (Randy Dunlap) - rtc: wm8350: Handle error for wm8350_register_irq (Jiasheng Jiang) - ubifs: Rectify space amount budget for mkdir/tmpfile operations (Zhihao Cheng) - KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated (Vitaly Kuznetsov) - openvswitch: Fixed nd target mask field in the flow dump. (Martin Varghese) - ARM: dts: spear13xx: Update SPI dma properties (Kuldeep Singh) - ARM: dts: spear1340: Update serial node properties (Kuldeep Singh) - ASoC: topology: Allow TLV control to be either read or write (Amadeusz Slawinski) - ubi: fastmap: Return error code if memory allocation fails in add_aeb() (Zhihao Cheng) - mm/memcontrol: return 1 from cgroup.memory __setup() handler (Randy Dunlap) - mm/mmap: return 1 from stack_guard_gap __setup() handler (Randy Dunlap) - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (Rafael J. Wysocki) - ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl (Baokun Li) - pinctrl: pinconf-generic: Print arguments for bias-pull-* (Chen-Yu Tsai) - gfs2: Make sure FITRIM minlen is rounded up to fs block size (Andrew Price) - can: mcba_usb: properly check endpoint type (Pavel Skripkin) - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (Hangyu Hua) - ubifs: rename_whiteout: correct old_dir size computing (Baokun Li) - ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (Zhihao Cheng) - ubifs: Add missing iput if do_tmpfile() failed in rename whiteout (Zhihao Cheng) - ubifs: rename_whiteout: Fix double free for whiteout_ui->data (Zhihao Cheng) - KVM: Prevent module exit until all VMs are freed (David Matlack) - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (Saurav Kashyap) - powerpc/lib/sstep: Fix build errors with newer binutils (Anders Roxell) - powerpc/lib/sstep: Fix 'sthcx' instruction (Anders Roxell) - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (Ulf Hansson) - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (Dongliang Mu) - video: fbdev: sm712fb: Fix crash in smtcfb_write() (Zheyu Ma) - ARM: mmp: Fix failure to remove sram device (Uwe Kleine-Konig) - ARM: tegra: tamonten: Fix I2C3 pad setting (Richard Leitner) - media: cx88-mpeg: clear interrupt status register before streaming video (Daniel Gonzalez Cabanelas) - ASoC: soc-core: skip zero num_dai component in searching dai name (Shengjiu Wang) - video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf() (Jing Yao) - video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() (Jing Yao) - ARM: dts: bcm2837: Add the missing L1/L2 cache information (Richard Schleich) - ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 (David Heidelberg) - video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit (Yang Guang) - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (George Kennedy) - video: fbdev: w100fb: Reset global state (Evgeny Novikov) - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (Tim Gardner) - ntfs: add sanity check on allocation size (Dongliang Mu) - ext4: don't BUG if someone dirty pages without asking ext4 first (Theodore Ts'o) - spi: tegra20: Use of_device_get_match_data() (Minghao Chi) - PM: core: keep irq flags in device_pm_check_callbacks() (Dmitry Baryshkov) - ACPI/APEI: Limit printable size of BERT table data (Darren Hart) - ACPICA: Avoid walking the ACPI Namespace if it is not there (Rafael J. Wysocki) - irqchip/nvic: Release nvic_base upon failure (Souptick Joarder (HPE)) - Fix incorrect type in assignment of ipv6 port for audit (Casey Schaufler) - loop: use sysfs_emit() in the sysfs xxx show() (Chaitanya Kulkarni) - selinux: use correct type for context length (Christian Gottsche) - lib/test: use after free in register_test_dev_kmod() (Dan Carpenter) - NFSv4/pNFS: Fix another issue with a list iterator pointing to the head (Trond Myklebust) - net/x25: Fix null-ptr-deref caused by x25_disconnect (Duoming Zhou) - qlcnic: dcb: default to returning -EOPNOTSUPP (Tom Rix) - net: phy: broadcom: Fix brcm_fet_config_init() (Florian Fainelli) - xen: fix is_xen_pmu() (Juergen Gross) - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (Pablo Neira Ayuso) - jfs: fix divide error in dbNextAG (Pavel Skripkin) - kgdbts: fix return value of __setup handler (Randy Dunlap) - kgdboc: fix return value of __setup handler (Randy Dunlap) - tty: hvc: fix return value of __setup handler (Randy Dunlap) - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (Miaoqian Lin) - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (Miaoqian Lin) - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (Miaoqian Lin) - NFS: remove unneeded check in decode_devicenotify_args() (Alexey Khoroshilov) - clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (Miaoqian Lin) - clk: clps711x: Terminate clk_div_table with sentinel element (Jonathan Neuschafer) - clk: loongson1: Terminate clk_div_table with sentinel element (Jonathan Neuschafer) - remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (Miaoqian Lin) - clk: qcom: clk-rcg2: Update the frac table for pixel clock (Taniya Das) - iio: adc: Add check for devm_request_threaded_irq (Jiasheng Jiang) - serial: 8250: Fix race condition in RTS-after-send handling (Uwe Kleine-Konig) - serial: 8250_mid: Balance reference count for PCI DMA device (Andy Shevchenko) - staging:iio:adc:ad7280a: Fix handing of device address bit reversing. (Jonathan Cameron) - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (Uwe Kleine-Konig) - mxser: fix xmit_buf leak in activate when LSR == 0xff (Jiri Slaby) - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (Miaoqian Lin) - tcp: ensure PMTU updates are processed during fastopen (Jakub Kicinski) - i2c: mux: demux-pinctrl: do not deactivate a master that is not active (Peter Rosin) - af_netlink: Fix shift out of bounds in group mask calculation (Petr Machata) - USB: storage: ums-realtek: fix error code in rts51x_read_mem() (Dan Carpenter) - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (Xin Xiong) - MIPS: RB532: fix return value of __setup handler (Randy Dunlap) - vxcan: enable local echo for sent CAN frames (Oliver Hartkopp) - mfd: mc13xxx: Add check for mc13xxx_irq_request (Jiasheng Jiang) - powerpc/sysdev: fix incorrect use to determine if list is empty (Jakob Koschel) - power: supply: wm8350-power: Add missing free in free_charger_irq (Jiasheng Jiang) - power: supply: wm8350-power: Handle error for wm8350_register_irq (Jiasheng Jiang) - i2c: xiic: Make bus names unique (Robert Hancock) - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (Hou Wenlong) - KVM: x86: Fix emulation in writing cr8 (Zhenzhong Duan) - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (Hans de Goede) - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (Miaoqian Lin) - ext2: correct max file size computing (Zhang Yi) - TOMOYO: fix __setup handlers return values (Randy Dunlap) - scsi: pm8001: Fix abort all task initialization (Damien Le Moal) - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (Damien Le Moal) - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (Damien Le Moal) - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (Damien Le Moal) - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (Aashish Sharma) - iwlwifi: Fix -EIO error code that is never returned (Colin Ian King) - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (Dmitry Torokhov) - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (Miaoqian Lin) - ray_cs: Check ioremap return value (Jiasheng Jiang) - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (Miaoqian Lin) - ath9k_htc: fix uninit value bugs (Pavel Skripkin) - drm/edid: Don't clear formats if using deep color (Maxime Ripard) - mtd: onenand: Check for error irq (Jiasheng Jiang) - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (Miaoqian Lin) - ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (Wang Wensheng) - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (Miaoqian Lin) - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (Codrin Ciubotariu) - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (Miaoqian Lin) - ASoC: fsi: Add check for clk_enable (Jiasheng Jiang) - ASoC: wm8350: Handle error for wm8350_register_irq (Jiasheng Jiang) - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (Miaoqian Lin) - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (Dafna Hirschfeld) - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (Takashi Sakamoto) - memory: emif: check the pointer temp in get_device_details() (Jia-Ju Bai) - memory: emif: Add check for setup_interrupts (Jiasheng Jiang) - ASoC: atmel_ssc_dai: Handle errors for clk_enable (Jiasheng Jiang) - ASoC: mxs-saif: Handle errors for clk_enable (Jiasheng Jiang) - printk: fix return value of printk.devkmsg __setup handler (Randy Dunlap) - arm64: dts: broadcom: Fix sata nodename (Frank Wunderlich) - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (Kuldeep Singh) - ALSA: spi: Add check for clk_enable() (Jiasheng Jiang) - ASoC: ti: davinci-i2s: Add check for clk_enable() (Jiasheng Jiang) - media: usb: go7007: s2250-board: fix leak in probe() (Dan Carpenter) - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (Miaoqian Lin) - ARM: dts: qcom: ipq4019: fix sleep clock (Pavel Kubelun) - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (Dan Carpenter) - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (Wang Hai) - media: coda: Fix missing put_device() call in coda_get_vdoa_data (Miaoqian Lin) - perf/x86/intel/pt: Fix address filter config for 32-bit kernel (Adrian Hunter) - perf/core: Fix address filter parser for multiple filters (Adrian Hunter) - sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa (Bharata B Rao) - clocksource: acpi_pm: fix return value of __setup handler (Randy Dunlap) - hwmon: (pmbus) Add Vin unit off handling (Brandon Wyman) - crypto: ccp - ccp_dmaengine_unregister release dma channels (Davis Mosans) - ACPI: APEI: fix return value of __setup handlers (Randy Dunlap) - crypto: vmx - add missing dependencies (Petr Vorel) - hwrng: atmel - disable trng on failure path (Claudiu Beznea) - PM: suspend: fix return value of __setup handler (Randy Dunlap) - PM: hibernate: fix __setup handler error handling (Randy Dunlap) - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (Armin Wolf) - hwmon: (pmbus) Add mutex to regulator ops (Patrick Rudolph) - spi: pxa2xx-pci: Balance reference count for PCI DMA device (Andy Shevchenko) - selftests/x86: Add validity check and allow field splitting (Muhammad Usama Anjum) - spi: tegra114: Add missing IRQ check in tegra_spi_probe (Miaoqian Lin) - crypto: mxs-dcp - Fix scatterlist processing (Tomas Paukrt) - crypto: authenc - Fix sleep in atomic context in decrypt_tail (Herbert Xu) - PCI: pciehp: Clear cmd_busy bit in polling mode (Liguang Zhang) - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (Hector Martin) - brcmfmac: firmware: Allocate space for default boardrev in nvram (Hector Martin) - media: davinci: vpif: fix unbalanced runtime PM get (Johan Hovold) - DEC: Limit PMAX memory probing to R3k systems (Maciej W. Rozycki) - lib/raid6/test: fix multiple definition linking error (Dirk Muller) - thermal: int340x: Increase bitmap size (Srinivas Pandruvada) - carl9170: fix missing bit-wise or operator for tx_params (Colin Ian King) - ARM: dts: exynos: add missing HDMI supplies on SMDK5420 (Krzysztof Kozlowski) - ARM: dts: exynos: add missing HDMI supplies on SMDK5250 (Krzysztof Kozlowski) - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (Krzysztof Kozlowski) - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (Tudor Ambarus) - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (Michael Schmitz) - video: fbdev: sm712fb: Fix crash in smtcfb_read() (Helge Deller) - drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() (Duoming Zhou) - ACPI: properties: Consistently return -ENOENT if there are no more references (Sakari Ailus) - drbd: fix potential silent data corruption (Lars Ellenberg) - ALSA: cs4236: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - Revert 'Input: clear BTN_RIGHT/MIDDLE on buttonpads' (Jose Exposito) - qed: validate and restrict untrusted VFs vlan promisc mode (Manish Chopra) - qed: display VF trust config (Manish Chopra) - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (Damien Le Moal) - mempolicy: mbind_range() set_policy() after vma_merge() (Hugh Dickins) - mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node (Alistair Popple) - jffs2: fix memory leak in jffs2_scan_medium (Baokun Li) - jffs2: fix memory leak in jffs2_do_mount_fs (Baokun Li) - jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (Baokun Li) - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) - pinctrl: samsung: drop pin banks references on error paths (Krzysztof Kozlowski) - NFSD: prevent underflow in nfssvc_decode_writeargs() (Dan Carpenter) - SUNRPC: avoid race between mod_timer() and del_timer_sync() (NeilBrown) - Documentation: update stable tree link (Bagas Sanjaya) - Documentation: add link to stable release candidate tree (Bagas Sanjaya) - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (Jann Horn) - clk: uniphier: Fix fixed-rate initialization (Kunihiko Hayashi) - iio: inkern: make a best effort on offset calculation (Liam Beguin) - iio: inkern: apply consumer scale when no channel scale is available (Liam Beguin) - iio: inkern: apply consumer scale on IIO_VAL_INT cases (Liam Beguin) - coresight: Fix TRCCONFIGR.QE sysfs interface (James Clark) - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (Alan Stern) - virtio-blk: Use blk_validate_block_size() to validate block size (Xie Yongji) - block: Add a helper to validate the block size (Xie Yongji) - tpm: fix reference counting for struct tpm_chip (Lino Sanfilippo) - fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) - af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (Haimin Zhang) - spi: Fix erroneous sgs value with min_t() (Biju Das) - spi: Fix invalid sgs value (Biju Das) - ethernet: sun: Free the coherent when failing in probing (Zheyu Ma) - virtio_console: break out of buf poll on remove (Michael S. Tsirkin) - netdevice: add the case if dev is NULL (Yajun Deng) - USB: serial: simple: add Nokia phone driver (Johan Hovold) - USB: serial: pl2303: add IBM device IDs (Eddie James) - Linux 4.14.275 (Greg Kroah-Hartman) - arm64: add ID_AA64ISAR2_EL1 sys register (James Morse) - arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) - arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) - arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) - arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) - arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) - arm64: entry: Move the trampoline data page before the text page (James Morse) - arm64: entry: Make the trampoline cleanup optional (James Morse) - arm64: entry.S: Add ventry overflow sanity checks (James Morse) - arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) - arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) - arm64: Add part number for Arm Cortex-A77 (Rob Herring) - arm64: Add part number for Neoverse N1 (Marc Zyngier) - arm64: Make ARM64_ERRATUM_1188873 depend on COMPAT (Marc Zyngier) - arm64: Add silicon-errata.txt entry for ARM erratum 1188873 (Marc Zyngier) - arm64: arch_timer: avoid unused function warning (Arnd Bergmann) - arm64: arch_timer: Add workaround for ARM erratum 1188873 (Marc Zyngier) - Linux 4.14.274 (Greg Kroah-Hartman) - llc: only change llc->dev when bind() succeeds (Eric Dumazet) - mac80211: fix potential double free on mesh join (Linus Lussing) - crypto: qat - disable registration of algorithms (Giovanni Cabiddu) - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (Werner Sembach) - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (Maximilian Luz) - ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (Mark Cilissen) - drivers: net: xgene: Fix regression in CRC stripping (Stephane Graber) - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (Giacomo Guiduzzi) - ALSA: cmipci: Restore aux vol on suspend/resume (Jonathan Teh) - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (Lars-Peter Clausen) - ALSA: pcm: Add stream lock during PCM reset ioctl operations (Takashi Iwai) - llc: fix netdevice reference leaks in llc_ui_bind() (Eric Dumazet) - thermal: int340x: fix memory leak in int3400_notify() (Chuansheng Liu) - staging: fbtft: fb_st7789v: reset display before initialization (Oliver Graute) - net: ipv6: fix skb_over_panic in __ip6_append_data (Tadeusz Struk) - nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION (Jordy Zomer) - Linux 4.14.273 (Greg Kroah-Hartman) - perf symbols: Fix symbol size calculation condition (Michael Petlan) - Input: aiptek - properly check endpoint type (Pavel Skripkin) - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (Alan Stern) - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (Dan Carpenter) - net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() (Nicolas Dichtel) - atm: eni: Add check for dma_map_single (Jiasheng Jiang) - net/packet: fix slab-out-of-bounds access in packet_recvmsg() (Eric Dumazet) - efi: fix return value of __setup handlers (Randy Dunlap) - fs: sysfs_emit: Remove PAGE_SIZE alignment check (Lucas Wei) - kselftest/vm: fix tests build with old libc (Chengming Zhou) - sfc: extend the locking on mcdi->seqno (Niels Dossche) - tcp: make tcp_read_sock() more robust (Eric Dumazet) - nl80211: Update bss channel on channel switch for P2P_CLIENT (Sreeramya Soratkal) - atm: firestream: check the return value of ioremap() in fs_init() (Jia-Ju Bai) - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (Lad Prabhakar) - ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE (Julian Braha) - MIPS: smp: fill in sibling and core maps earlier (Alexander Lobakin) - ARM: dts: rockchip: fix a typo on rk3288 crypto-controller (Corentin Labbe) - arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity (Jakob Unterwurzacher) - xfrm: Fix xfrm migrate issues when address family changes (Yan Yan) - sctp: fix the processing for INIT_ACK chunk (Xin Long) - sctp: fix the processing for INIT chunk (Xin Long) - Linux 4.14.272 (Greg Kroah-Hartman) - ext4: add check to prevent attempting to resize an fs with sparse_super2 (Josh Triplett) - ARM: fix Thumb2 regression with Spectre BHB (Russell King (Oracle)) - virtio: acknowledge all features before access (Michael S. Tsirkin) - virtio: unexport virtio_finalize_features (Michael S. Tsirkin) - staging: gdm724x: fix use after free in gdm_lte_rx() (Dan Carpenter) - ARM: Spectre-BHB: provide empty stub for non-config (Randy Dunlap) - selftests/memfd: clean up mapping in mfd_fail_write (Mike Kravetz) - tracing: Ensure trace buffer is at least 4096 bytes large (Sven Schnelle) - Revert 'xen-netback: Check for hotplug-status existence before watching' (Marek Marczykowski-Gorecki) - Revert 'xen-netback: remove 'hotplug-status' once it has served its purpose' (Marek Marczykowski-Gorecki) - net-sysfs: add check for netdevice being present to speed_show (suresh kumar) - sctp: fix kernel-infoleak for SCTP sockets (Eric Dumazet) - gpio: ts4900: Do not set DAT and OE together (Mark Featherston) - NFC: port100: fix use-after-free in port100_send_complete (Pavel Skripkin) - net/mlx5: Fix size field in bufferx_reg struct (Mohammad Kabat) - ax25: Fix NULL pointer dereference in ax25_kill_by_device (Duoming Zhou) - net: ethernet: lpc_eth: Handle error for clk_enable (Jiasheng Jiang) - net: ethernet: ti: cpts: Handle error for clk_enable (Jiasheng Jiang) - ethernet: Fix error handling in xemaclite_of_probe (Miaoqian Lin) - qed: return status of qed_iov_get_link (Tom Rix) - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (Jia-Ju Bai) - Linux 4.14.271 (Greg Kroah-Hartman) - xen/9p: use alloc/free_pages_exact() (Juergen Gross) {CVE-2022-23041} - xen/gntalloc: don't use gnttab_query_foreign_access() (Juergen Gross) {CVE-2022-23039} - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (Juergen Gross) {CVE-2022-23038} - xen/grant-table: add gnttab_try_end_foreign_access() (Juergen Gross) {CVE-2022-23036} {CVE-2022-23038} - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (Juergen Gross) {CVE-2022-23040} - ARM: fix build warning in proc-v7-bugs.c (Russell King (Oracle)) - ARM: Do not use NOCROSSREFS directive with ld.lld (Nathan Chancellor) - ARM: fix co-processor register typo (Russell King (Oracle)) - ARM: fix build error when BPF_SYSCALL is disabled (Emmanuel Gil Peyrot) - ARM: include unprivileged BPF status in Spectre V2 reporting (Russell King (Oracle)) - ARM: Spectre-BHB workaround (Russell King (Oracle)) - ARM: use LOADADDR() to get load address of sections (Russell King (Oracle)) - ARM: early traps initialisation (Russell King (Oracle)) - ARM: report Spectre v2 status through sysfs (Russell King (Oracle)) - arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit() (Mark Rutland) - arm/arm64: Provide a wrapper for SMCCC 1.1 calls (Steven Price) - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (Josh Poimboeuf) - Linux 4.14.270 (Greg Kroah-Hartman) - hamradio: fix macro redefine warning (Huang Pei) - net: dcb: disable softirqs in dcbnl_flush_dev() (Vladimir Oltean) - memfd: fix F_SEAL_WRITE after shmem huge page allocated (Hugh Dickins) - HID: add mapping for KEY_ALL_APPLICATIONS (William Mahon) - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (Hans de Goede) - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (Hans de Goede) - nl80211: Handle nla_memdup failures in handle_nan_filter (Jiasheng Jiang) - net: chelsio: cxgb3: check the return value of pci_find_capability() (Jia-Ju Bai) - soc: fsl: qe: Check of ioremap return value (Jiasheng Jiang) - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (Randy Dunlap) - can: gs_usb: change active_channels's type from atomic_t to u8 (Vincent Mailhol) - efivars: Respect 'block' flag in efivar_entry_set_safe() (Jann Horn) - net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() (Zheyu Ma) - net: sxgbe: fix return value of __setup handler (Randy Dunlap) - net: stmmac: fix return value of __setup handler (Randy Dunlap) - mac80211: fix forwarded mesh frames AC & queue selection (Nicolas Escande) - firmware: qemu_fw_cfg: fix kobject leak in probe error path (Johan Hovold) - firmware: Fix a reference count leak. (Qiushi Wu) - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server (D. Wythe) - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client (D. Wythe) - net: dcb: flush lingering app table entries for unregistered devices (Vladimir Oltean) - batman-adv: Don't expect inter-netns unique iflink indices (Sven Eckelmann) - batman-adv: Request iflink once in batadv_get_real_netdevice (Sven Eckelmann) - batman-adv: Request iflink once in batadv-on-batadv check (Sven Eckelmann) - netfilter: nf_queue: fix possible use-after-free (Florian Westphal) - netfilter: nf_queue: don't assume sk is full socket (Florian Westphal) - xfrm: enforce validity of offload input flags (Leon Romanovsky) - netfilter: fix use-after-free in __nf_register_net_hook() (Eric Dumazet) - xfrm: fix MTU regression (Jiri Bohac) - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (Marek Vasut) - ALSA: intel_hdmi: Fix reference to PCM buffer address (Zhen Ni) - ata: pata_hpt37x: fix PCI clock detection (Sergey Shtylyov) - usb: gadget: clear related members when goto fail (Hangyu Hua) - usb: gadget: don't release an existing dev->buf (Hangyu Hua) - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (Daniele Palmas) - i2c: qup: allow COMPILE_TEST (Wolfram Sang) - i2c: cadence: allow COMPILE_TEST (Wolfram Sang) - dmaengine: shdma: Fix runtime PM imbalance on error (Yongzhi Liu) - cifs: fix double free race when mount fails in cifs_get_root() (Ronnie Sahlberg) - Input: clear BTN_RIGHT/MIDDLE on buttonpads (Jose Exposito) - i2c: bcm2835: Avoid clock stretching timeouts (Eric Anholt) - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (JaeMan Park) - mac80211_hwsim: report NOACK frames in tx_status (Benjamin Beichler) - Linux 4.14.269 (Greg Kroah-Hartman) - fget: clarify and improve __fget_files() implementation (Linus Torvalds) - memblock: use kfree() to release kmalloced memblock regions (Miaohe Lin) - Revert 'drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR' (Karol Herbst) - tty: n_gsm: fix proper link termination after failed open (daniel.starke@siemens.com) - tty: n_gsm: fix encoding of control signal octet bit DV (daniel.starke@siemens.com) - xhci: Prevent futile URB re-submissions due to incorrect return value. (Hongyu Xie) - xhci: re-initialize the HC during resume if HCE was set (Puma Hsu) - usb: dwc3: gadget: Let the interrupt handler disable bottom halves. (Sebastian Andrzej Siewior) - USB: serial: option: add Telit LE910R1 compositions (Daniele Palmas) - USB: serial: option: add support for DW5829e (Slark Xiao) - tracefs: Set the group ownership in apply_options() not parse_options() (Steven Rostedt (Google)) - USB: gadget: validate endpoint index for xilinx udc (Szymon Heidrich) - usb: gadget: rndis: add spinlock for rndis response list (Daehwan Jung) - Revert 'USB: serial: ch341: add new Product ID for CH341A' (Dmytro Bagrii) - ata: pata_hpt37x: disable primary channel on HPT371 (Sergey Shtylyov) - iio: adc: men_z188_adc: Fix a resource leak in an error handling path (Christophe JAILLET) - RDMA/ib_srp: Fix a deadlock (Bart Van Assche) - configfs: fix a race in configfs_{,un}register_subsystem() (ChenXiaoSong) - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman) - drm/edid: Always set RGB444 (Maxime Ripard) - openvswitch: Fix setting ipv6 fields causing hw csum failure (Paul Blakey) - gso: do not skip outer ip header in case of ipip and net_failover (Tao Liu) - net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends (Eric Dumazet) - ping: remove pr_err from ping_lookup (Xin Long) - serial: 8250: of: Fix mapped region size when using reg-offset property (Robert Hancock) - USB: zaurus: support another broken Zaurus (Oliver Neukum) - parisc/unaligned: Fix ldw() and stw() unalignment handlers (Helge Deller) - parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel (Helge Deller) - vhost/vsock: don't check owner in vhost_vsock_stop() while releasing (Stefano Garzarella) - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug (Zhang Qiao) - Linux 4.14.268 (Greg Kroah-Hartman) - net: macb: Align the dma and coherent dma masks (Marc St-Amand) - net: usb: qmi_wwan: Add support for Dell DW5829e (Slark Xiao) - tracing: Fix tp_printk option related with tp_printk_stop_on_boot (JaeSang Yoo) - ata: libata-core: Disable TRIM on M88V29 (Zoltan Boszormenyi) - ARM: OMAP2+: hwmod: Add of_node_put() before break (Wan Jiabing) - NFS: Do not report writeback errors in nfs_getattr() (Trond Myklebust) - KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW (Jim Mattson) - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (david regan) - mtd: rawnand: brcmnand: Refactored code to introduce helper functions (Kamal Dasu) - i2c: brcmstb: fix support for DSL and CM variants (Rafal Milecki) - dmaengine: sh: rcar-dmac: Check for error num after setting mask (Jiasheng Jiang) - net: sched: limit TC_ACT_REPEAT loops (Eric Dumazet) - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (Eliav Farber) - NFS: LOOKUP_DIRECTORY is also ok with symlinks (Trond Myklebust) - powerpc/lib/sstep: fix 'ptesync' build error (Anders Roxell) - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (Mark Brown) - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (Mark Brown) - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (Takashi Iwai) - ALSA: hda: Fix regression on forced probe mask option (Takashi Iwai) - libsubcmd: Fix use-after-free for realloc(..., 0) (Kees Cook) - bonding: fix data-races around agg_select_timer (Eric Dumazet) - drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit (Eric Dumazet) - ping: fix the dif and sdif check in ping_lookup (Xin Long) - net: ieee802154: ca8210: Fix lifs/sifs periods (Miquel Raynal) - iwlwifi: pcie: gen2: fix locking when 'HW not ready' (Johannes Berg) - iwlwifi: pcie: fix locking when 'HW not ready' (Johannes Berg) - vsock: remove vsock from connected table when connect is interrupted by a signal (Seth Forshee) - taskstats: Cleanup the use of task->exit_code (Eric W. Biederman) - xfrm: Don't accidentally set RTO_ONLINK in decode_session4() (Guillaume Nault) - drm/radeon: Fix backlight control on iMac 12,1 (Nicholas Bishop) - iwlwifi: fix use-after-free (Johannes Berg) - Revert 'module, async: async_synchronize_full() on module init iff async is used' (Igor Pylypiv) - quota: make dquot_quota_sync return errors from ->sync_fs (Darrick J. Wong) - vfs: make freeze_super abort when sync_filesystem returns error (Darrick J. Wong) - ax25: improve the incomplete fix to avoid UAF and NPD bugs (Duoming Zhou) - selftests/zram: Adapt the situation that /dev/zram0 is being used (Yang Xu) - selftests/zram01.sh: Fix compression ratio calculation (Yang Xu) - selftests/zram: Skip max_comp_streams interface on newer kernel (Yang Xu) - net: ieee802154: at86rf230: Stop leaking skb's (Miquel Raynal) - btrfs: send: in case of IO error log it (Davis Mosans) - parisc: Fix sglist access in ccio-dma.c (John David Anglin) - parisc: Fix data TLB miss in sba_unmap_sg (John David Anglin) - serial: parisc: GSC: fix build when IOSAPIC is not set (Randy Dunlap) - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (Jann Horn) - Makefile.extrawarn: Move -Wunaligned-access to W=1 (Nathan Chancellor) - Linux 4.14.267 (Greg Kroah-Hartman) - perf: Fix list corruption in perf_cgroup_switch() (Song Liu) - hwmon: (dell-smm) Speed up setting of fan speed (Armin Wolf) - seccomp: Invalidate seccomp mode to catch death failures (Kees Cook) - USB: serial: cp210x: add CPI Bulk Coin Recycler id (Johan Hovold) - USB: serial: cp210x: add NCR Retail IO box id (Johan Hovold) - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (Stephan Brunner) - USB: serial: option: add ZTE MF286D modem (Pawel Dembicki) - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (Cameron Williams) - usb: gadget: rndis: check size of RNDIS_MSG_SET command (Greg Kroah-Hartman) - USB: gadget: validate interface OS descriptor requests (Szymon Heidrich) - usb: dwc3: gadget: Prevent core from processing stale TRBs (Udipto Goswami) - usb: ulpi: Call of_node_put correctly (Sean Anderson) - usb: ulpi: Move of_node_put to ulpi_dev_release (Sean Anderson) - n_tty: wake up poll(POLLRDNORM) on receiving data (TATSUKAWA KOSUKE - vt_ioctl: add array_index_nospec to VT_ACTIVATE (Jakob Koschel) - vt_ioctl: fix array_index_nospec in vt_setactivate (Jakob Koschel) - net: amd-xgbe: disable interrupts during pci removal (Raju Rangoju) - tipc: rate limit warning for received illegal binding update (Jon Maloy) - net: fix a memleak when uncloning an skb dst and its metadata (Antoine Tenart) - net: do not keep the dst cache when uncloning an skb dst and its metadata (Antoine Tenart) - ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path (Eric Dumazet) - bonding: pair enable_port with slave_arr_updates (Mahesh Bandewar) - usb: f_fs: Fix use-after-free for epfile (Udipto Goswami) - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (Fabio Estevam) - staging: fbtft: Fix error path in fbtft_driver_module_init() (Uwe Kleine-Konig) - ARM: dts: meson: Fix the UART compatible strings (Martin Blumenstingl) - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (Fabio Estevam) - Revert 'net: axienet: Wait for PhyRstCmplt after core reset' (Sasha Levin) - net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout() (Jisheng Zhang) - usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend (Amelie Delaunay) - scsi: target: iscsi: Make sure the np under each tpg is unique (ZouMingzhe) - NFSv4 expose nfs_parse_server_name function (Olga Kornievskaia) - NFSv4 remove zero number of fs_locations entries error check (Olga Kornievskaia) - NFSv4.1: Fix uninitialised variable in devicenotify (Trond Myklebust) - nfs: nfs4clinet: check the return value of kstrdup() (Xiaoke Wang) - NFSv4 only print the label when its queried (Olga Kornievskaia) - NFSD: Clamp WRITE offsets (Chuck Lever) - NFS: Fix initialisation of nfs_client cl_flags field (Trond Myklebust) - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (Pavel Parkhomenko) - mmc: sdhci-of-esdhc: Check for error num after setting mask (Jiasheng Jiang) - ima: Allow template selection with ima_template[_fmt]= after ima_hash= (Roberto Sassu) - ima: Remove ima_policy file before directory (Stefan Berger) - integrity: check the return value of audit_log_start() (Xiaoke Wang) - Linux 4.14.266 (Greg Kroah-Hartman) - moxart: fix potential use-after-free on remove path (Greg Kroah-Hartman) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-23036 CVE-2022-23039 CVE-2022-23041 CVE-2022-1048 CVE-2022-23038 CVE-2022-0487 CVE-2022-23040 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [4.14.35-2047.514.3.el7] - uek-rpm: Update OL7 SecureBoot certificate files (Saeed Mirzamohammadi) [Orabug: 34219958] [4.14.35-2047.514.2] - perf: Fix sys_perf_event_open() race against self (Peter Zijlstra) [Orabug: 34207044] {CVE-2022-1729} - debug: Lock down kgdb (Stephen Brennan) [Orabug: 34207043] {CVE-2022-21499} [4.14.35-2047.514.1] - uek: kabi: Correct kABI symbols (Saeed Mirzamohammadi) [Orabug: 34162205] - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (Takashi Iwai) [Orabug: 34007906] {CVE-2022-1048} - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (Takashi Iwai) [Orabug: 34007906] {CVE-2022-1048} - ALSA: pcm: Fix races among concurrent prealloc proc writes (Takashi Iwai) [Orabug: 34007906] {CVE-2022-1048} - ALSA: pcm: Fix races among concurrent read/write and buffer changes (Takashi Iwai) [Orabug: 34007906] {CVE-2022-1048} - Revert 'net: micrel: fix KS8851_MLL Kconfig' (Marek Vasut) - Revert 'net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link' (Greg Kroah-Hartman) - x86/cpu: Load microcode during restore_processor_state() (Borislav Petkov) - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (Codrin Ciubotariu) [4.14.35-2047.514.0] - memstick: rtsx_usb_ms: fix UAF (Tong Zhang) [Orabug: 34132125] {CVE-2022-0487} - A/A Bonding: Allow setting rdmaip_active_bonding_failback param (Sharath Srinivasan) [Orabug: 34130294] - drm/vgem: Close use-after-free race in vgem_gem_create (Daniel Vetter) [Orabug: 34111756] - drm/vgem: Reclassify buffer creation debug message (Chris Wilson) [Orabug: 34111756] - nbd: Fix NULL pointer in flush_workqueue (Sun Ke) [Orabug: 34111753] - IB/cma: Allow XRC INI QPs to set their local ACK timeout (Hakon Bugge) [Orabug: 34094202] - vfs: make sync_filesystem return errors from ->sync_fs (Darrick J. Wong) [Orabug: 34084997] - xfs: prevent UAF in xfs_log_item_in_current_chkpt (Darrick J. Wong) [Orabug: 34084997] - xfs: check sb_meta_uuid for dabuf buffer recovery (Dave Chinner) [Orabug: 34084997] - xfs: only run COW extent recovery when there are no live extents (Darrick J. Wong) [Orabug: 34084997] - rds/ib: Fix ib_rx_total_frags while freeing frags (Praveen Kumar Kannoju) [Orabug: 34066623] - rds: ib: Force 16-byte alignment on rds_ib_device (Hakon Bugge) [Orabug: 34043118] - rds: ib: INFO: trying to register non-static key during rmmod (Freddy Carrillo) [Orabug: 34041727] - mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin Guay) [Orabug: 26526968] [Orabug: 33602562] - xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26526923] [Orabug: 33602562] - Linux 4.14.276 (Greg Kroah-Hartman) - i2c: pasemi: Wait for write xfers to finish (Martin Poviser) - smp: Fix offline cpu check in flush_smp_call_function_queue() (Nadav Amit) - ARM: davinci: da850-evm: Avoid NULL pointer dereference (Nathan Chancellor) - ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (Fabio M. De Francesco) - gcc-plugins: latent_entropy: use /dev/urandom (Jason A. Donenfeld) - mm: kmemleak: take a full lowmem check in kmemleak_*_phys() (Patrick Wang) - mm, page_alloc: fix build_zonerefs_node() (Juergen Gross) - drivers: net: slip: fix NPD bug in sl_tx_timeout() (Duoming Zhou) - scsi: mvsas: Add PCI ID of RocketRaid 2640 (Alexey Galakhov) - gpu: ipu-v3: Fix dev_dbg frequency output (Leo Ruan) - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (Christian Lamparter) - net: micrel: fix KS8851_MLL Kconfig (Randy Dunlap) - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (Tyrel Datwyler) - scsi: target: tcmu: Fix possible page UAF (Xiaoguang Wang) - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (Michael Kelley) - drm/amdkfd: Check for potential null return of kmalloc_array() (QintaoShen) - drm/amd: Add USBC connector ID (Aurabindo Pillai) - cifs: potential buffer overflow in handling symlinks (Harshit Mogalapalli) - nfc: nci: add flush_workqueue to prevent uaf (Lin Ma) - net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link (Dinh Nguyen) - mlxsw: i2c: Fix initialization error flow (Vadim Pasternak) - gpiolib: acpi: use correct format characters (Linus Torvalds) - veth: Ensure eth header is in skb's linear part (Guillaume Nault) - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (Miaoqian Lin) - xfrm: policy: match with both mark and mask on user interfaces (Xin Long) - cgroup: Use open-time cgroup namespace for process migration perm checks (Tejun Heo) - cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv (Tejun Heo) - cgroup: Use open-time credentials for process migraton perm checks (Tejun Heo) - mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning (Waiman Long) - arm64: module: remove (NOLOAD) from linker script (Fangrui Song) - mm: don't skip swap entry even if zap_details specified (Peter Xu) - dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (Vinod Koul) - tools build: Use instead of to get embedded libperl's ccopts (Arnaldo Carvalho de Melo) - perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - arm64: patch_text: Fixup last cpu should be master (Guo Ren) - btrfs: fix qgroup reserve overflow the qgroup limit (Ethan Lien) - x86/speculation: Restore speculation related MSRs during S3 resume (Pawan Gupta) - x86/pm: Save the MSR validity status at context setup (Pawan Gupta) - mm/mempolicy: fix mpol_new leak in shared_policy_replace (Miaohe Lin) - mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0) (Paolo Bonzini) - Revert 'mmc: sdhci-xenon: fix annoying 1.8V regulator warning' (Pali Rohar) - drbd: Fix five use after free bugs in get_initial_state (Lv Yunlong) - drm/imx: Fix memory leak in imx_pd_connector_get_modes (Jose Exposito) - net: stmmac: Fix unset max_speed difference between DT and non-DT platforms (Chen-Yu Tsai) - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (Christophe JAILLET) - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (Dan Carpenter) - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (Mauricio Faria de Oliveira) - net: add missing SOF_TIMESTAMPING_OPT_ID support (Willem de Bruijn) - ipv6: add missing tx timestamping on IPPROTO_RAW (Willem de Bruijn) - parisc: Fix CPU affinity for Lasi, WAX and Dino chips (Helge Deller) - jfs: prevent NULL deref in diFree (Haimin Zhang) - virtio_console: eliminate anonymous module_init & module_exit (Randy Dunlap) - serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() (Jiri Slaby) - NFS: swap-out must always use STABLE writes. (NeilBrown) - NFS: swap IO handling is slightly different for O_DIRECT IO (NeilBrown) - SUNRPC/call_alloc: async tasks mustn't block waiting for memory (NeilBrown) - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (Lucas Denefle) - init/main.c: return 1 from handled __setup() functions (Randy Dunlap) - Bluetooth: Fix use after free in hci_send_acl (Luiz Augusto von Dentz) - xtensa: fix DTC warning unit_address_format (Max Filippov) - usb: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (H. Nikolaus Schaller) - scsi: libfc: Fix use after free in fc_exch_abts_resp() (Jianglei Nie) - MIPS: fix fortify panic when copying asm exception handlers (Alexander Lobakin) - bnxt_en: Eliminate unintended link toggle during FW reset (Michael Chan) - macvtap: advertise link netns via netlink (Sven Eckelmann) - net/smc: correct settings of RMB window update limit (Dust Li) - scsi: aha152x: Fix aha152x_setup() __setup handler return value (Randy Dunlap) - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (Damien Le Moal) - dm ioctl: prevent potential spectre v1 gadget (Jordy Zomer) - iommu/arm-smmu-v3: fix event handling soft lockup (Zhou Guanghui) - PCI: aardvark: Fix support for MSI interrupts (Pali Rohar) - powerpc: Set crashkernel offset to mid of RMA region (Sourabh Jain) - power: supply: axp20x_battery: properly report current when discharging (Evgeny Boger) - scsi: bfa: Replace snprintf() with sysfs_emit() (Yang Guang) - scsi: mvsas: Replace snprintf() with sysfs_emit() (Yang Guang) - powerpc: dts: t104xrdb: fix phy type for FMAN 4/5 (Maxim Kiselev) - ptp: replace snprintf with sysfs_emit (Yang Guang) - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (Zekun Shen) - KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs (Jim Mattson) - ARM: 9187/1: JIVE: fix return value of __setup handler (Randy Dunlap) - rtc: wm8350: Handle error for wm8350_register_irq (Jiasheng Jiang) - ubifs: Rectify space amount budget for mkdir/tmpfile operations (Zhihao Cheng) - KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated (Vitaly Kuznetsov) - openvswitch: Fixed nd target mask field in the flow dump. (Martin Varghese) - ARM: dts: spear13xx: Update SPI dma properties (Kuldeep Singh) - ARM: dts: spear1340: Update serial node properties (Kuldeep Singh) - ASoC: topology: Allow TLV control to be either read or write (Amadeusz Slawinski) - ubi: fastmap: Return error code if memory allocation fails in add_aeb() (Zhihao Cheng) - mm/memcontrol: return 1 from cgroup.memory __setup() handler (Randy Dunlap) - mm/mmap: return 1 from stack_guard_gap __setup() handler (Randy Dunlap) - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (Rafael J. Wysocki) - ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl (Baokun Li) - pinctrl: pinconf-generic: Print arguments for bias-pull-* (Chen-Yu Tsai) - gfs2: Make sure FITRIM minlen is rounded up to fs block size (Andrew Price) - can: mcba_usb: properly check endpoint type (Pavel Skripkin) - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (Hangyu Hua) - ubifs: rename_whiteout: correct old_dir size computing (Baokun Li) - ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (Zhihao Cheng) - ubifs: Add missing iput if do_tmpfile() failed in rename whiteout (Zhihao Cheng) - ubifs: rename_whiteout: Fix double free for whiteout_ui->data (Zhihao Cheng) - KVM: Prevent module exit until all VMs are freed (David Matlack) - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (Saurav Kashyap) - powerpc/lib/sstep: Fix build errors with newer binutils (Anders Roxell) - powerpc/lib/sstep: Fix 'sthcx' instruction (Anders Roxell) - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (Ulf Hansson) - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (Dongliang Mu) - video: fbdev: sm712fb: Fix crash in smtcfb_write() (Zheyu Ma) - ARM: mmp: Fix failure to remove sram device (Uwe Kleine-Konig) - ARM: tegra: tamonten: Fix I2C3 pad setting (Richard Leitner) - media: cx88-mpeg: clear interrupt status register before streaming video (Daniel Gonzalez Cabanelas) - ASoC: soc-core: skip zero num_dai component in searching dai name (Shengjiu Wang) - video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf() (Jing Yao) - video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() (Jing Yao) - ARM: dts: bcm2837: Add the missing L1/L2 cache information (Richard Schleich) - ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 (David Heidelberg) - video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit (Yang Guang) - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (George Kennedy) - video: fbdev: w100fb: Reset global state (Evgeny Novikov) - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (Tim Gardner) - ntfs: add sanity check on allocation size (Dongliang Mu) - ext4: don't BUG if someone dirty pages without asking ext4 first (Theodore Ts'o) - spi: tegra20: Use of_device_get_match_data() (Minghao Chi) - PM: core: keep irq flags in device_pm_check_callbacks() (Dmitry Baryshkov) - ACPI/APEI: Limit printable size of BERT table data (Darren Hart) - ACPICA: Avoid walking the ACPI Namespace if it is not there (Rafael J. Wysocki) - irqchip/nvic: Release nvic_base upon failure (Souptick Joarder (HPE)) - Fix incorrect type in assignment of ipv6 port for audit (Casey Schaufler) - loop: use sysfs_emit() in the sysfs xxx show() (Chaitanya Kulkarni) - selinux: use correct type for context length (Christian Gottsche) - lib/test: use after free in register_test_dev_kmod() (Dan Carpenter) - NFSv4/pNFS: Fix another issue with a list iterator pointing to the head (Trond Myklebust) - net/x25: Fix null-ptr-deref caused by x25_disconnect (Duoming Zhou) - qlcnic: dcb: default to returning -EOPNOTSUPP (Tom Rix) - net: phy: broadcom: Fix brcm_fet_config_init() (Florian Fainelli) - xen: fix is_xen_pmu() (Juergen Gross) - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (Pablo Neira Ayuso) - jfs: fix divide error in dbNextAG (Pavel Skripkin) - kgdbts: fix return value of __setup handler (Randy Dunlap) - kgdboc: fix return value of __setup handler (Randy Dunlap) - tty: hvc: fix return value of __setup handler (Randy Dunlap) - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (Miaoqian Lin) - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (Miaoqian Lin) - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (Miaoqian Lin) - NFS: remove unneeded check in decode_devicenotify_args() (Alexey Khoroshilov) - clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (Miaoqian Lin) - clk: clps711x: Terminate clk_div_table with sentinel element (Jonathan Neuschafer) - clk: loongson1: Terminate clk_div_table with sentinel element (Jonathan Neuschafer) - remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (Miaoqian Lin) - clk: qcom: clk-rcg2: Update the frac table for pixel clock (Taniya Das) - iio: adc: Add check for devm_request_threaded_irq (Jiasheng Jiang) - serial: 8250: Fix race condition in RTS-after-send handling (Uwe Kleine-Konig) - serial: 8250_mid: Balance reference count for PCI DMA device (Andy Shevchenko) - staging:iio:adc:ad7280a: Fix handing of device address bit reversing. (Jonathan Cameron) - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (Uwe Kleine-Konig) - mxser: fix xmit_buf leak in activate when LSR == 0xff (Jiri Slaby) - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (Miaoqian Lin) - tcp: ensure PMTU updates are processed during fastopen (Jakub Kicinski) - i2c: mux: demux-pinctrl: do not deactivate a master that is not active (Peter Rosin) - af_netlink: Fix shift out of bounds in group mask calculation (Petr Machata) - USB: storage: ums-realtek: fix error code in rts51x_read_mem() (Dan Carpenter) - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (Xin Xiong) - MIPS: RB532: fix return value of __setup handler (Randy Dunlap) - vxcan: enable local echo for sent CAN frames (Oliver Hartkopp) - mfd: mc13xxx: Add check for mc13xxx_irq_request (Jiasheng Jiang) - powerpc/sysdev: fix incorrect use to determine if list is empty (Jakob Koschel) - power: supply: wm8350-power: Add missing free in free_charger_irq (Jiasheng Jiang) - power: supply: wm8350-power: Handle error for wm8350_register_irq (Jiasheng Jiang) - i2c: xiic: Make bus names unique (Robert Hancock) - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (Hou Wenlong) - KVM: x86: Fix emulation in writing cr8 (Zhenzhong Duan) - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (Hans de Goede) - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (Miaoqian Lin) - ext2: correct max file size computing (Zhang Yi) - TOMOYO: fix __setup handlers return values (Randy Dunlap) - scsi: pm8001: Fix abort all task initialization (Damien Le Moal) - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (Damien Le Moal) - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (Damien Le Moal) - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (Damien Le Moal) - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (Aashish Sharma) - iwlwifi: Fix -EIO error code that is never returned (Colin Ian King) - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (Dmitry Torokhov) - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (Miaoqian Lin) - ray_cs: Check ioremap return value (Jiasheng Jiang) - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (Miaoqian Lin) - ath9k_htc: fix uninit value bugs (Pavel Skripkin) - drm/edid: Don't clear formats if using deep color (Maxime Ripard) - mtd: onenand: Check for error irq (Jiasheng Jiang) - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (Miaoqian Lin) - ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (Wang Wensheng) - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (Miaoqian Lin) - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (Codrin Ciubotariu) - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (Miaoqian Lin) - ASoC: fsi: Add check for clk_enable (Jiasheng Jiang) - ASoC: wm8350: Handle error for wm8350_register_irq (Jiasheng Jiang) - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (Miaoqian Lin) - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (Dafna Hirschfeld) - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (Takashi Sakamoto) - memory: emif: check the pointer temp in get_device_details() (Jia-Ju Bai) - memory: emif: Add check for setup_interrupts (Jiasheng Jiang) - ASoC: atmel_ssc_dai: Handle errors for clk_enable (Jiasheng Jiang) - ASoC: mxs-saif: Handle errors for clk_enable (Jiasheng Jiang) - printk: fix return value of printk.devkmsg __setup handler (Randy Dunlap) - arm64: dts: broadcom: Fix sata nodename (Frank Wunderlich) - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (Kuldeep Singh) - ALSA: spi: Add check for clk_enable() (Jiasheng Jiang) - ASoC: ti: davinci-i2s: Add check for clk_enable() (Jiasheng Jiang) - media: usb: go7007: s2250-board: fix leak in probe() (Dan Carpenter) - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (Miaoqian Lin) - ARM: dts: qcom: ipq4019: fix sleep clock (Pavel Kubelun) - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (Dan Carpenter) - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (Wang Hai) - media: coda: Fix missing put_device() call in coda_get_vdoa_data (Miaoqian Lin) - perf/x86/intel/pt: Fix address filter config for 32-bit kernel (Adrian Hunter) - perf/core: Fix address filter parser for multiple filters (Adrian Hunter) - sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa (Bharata B Rao) - clocksource: acpi_pm: fix return value of __setup handler (Randy Dunlap) - hwmon: (pmbus) Add Vin unit off handling (Brandon Wyman) - crypto: ccp - ccp_dmaengine_unregister release dma channels (Davis Mosans) - ACPI: APEI: fix return value of __setup handlers (Randy Dunlap) - crypto: vmx - add missing dependencies (Petr Vorel) - hwrng: atmel - disable trng on failure path (Claudiu Beznea) - PM: suspend: fix return value of __setup handler (Randy Dunlap) - PM: hibernate: fix __setup handler error handling (Randy Dunlap) - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (Armin Wolf) - hwmon: (pmbus) Add mutex to regulator ops (Patrick Rudolph) - spi: pxa2xx-pci: Balance reference count for PCI DMA device (Andy Shevchenko) - selftests/x86: Add validity check and allow field splitting (Muhammad Usama Anjum) - spi: tegra114: Add missing IRQ check in tegra_spi_probe (Miaoqian Lin) - crypto: mxs-dcp - Fix scatterlist processing (Tomas Paukrt) - crypto: authenc - Fix sleep in atomic context in decrypt_tail (Herbert Xu) - PCI: pciehp: Clear cmd_busy bit in polling mode (Liguang Zhang) - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (Hector Martin) - brcmfmac: firmware: Allocate space for default boardrev in nvram (Hector Martin) - media: davinci: vpif: fix unbalanced runtime PM get (Johan Hovold) - DEC: Limit PMAX memory probing to R3k systems (Maciej W. Rozycki) - lib/raid6/test: fix multiple definition linking error (Dirk Muller) - thermal: int340x: Increase bitmap size (Srinivas Pandruvada) - carl9170: fix missing bit-wise or operator for tx_params (Colin Ian King) - ARM: dts: exynos: add missing HDMI supplies on SMDK5420 (Krzysztof Kozlowski) - ARM: dts: exynos: add missing HDMI supplies on SMDK5250 (Krzysztof Kozlowski) - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (Krzysztof Kozlowski) - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (Tudor Ambarus) - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (Michael Schmitz) - video: fbdev: sm712fb: Fix crash in smtcfb_read() (Helge Deller) - drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() (Duoming Zhou) - ACPI: properties: Consistently return -ENOENT if there are no more references (Sakari Ailus) - drbd: fix potential silent data corruption (Lars Ellenberg) - ALSA: cs4236: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - Revert 'Input: clear BTN_RIGHT/MIDDLE on buttonpads' (Jose Exposito) - qed: validate and restrict untrusted VFs vlan promisc mode (Manish Chopra) - qed: display VF trust config (Manish Chopra) - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (Damien Le Moal) - mempolicy: mbind_range() set_policy() after vma_merge() (Hugh Dickins) - mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node (Alistair Popple) - jffs2: fix memory leak in jffs2_scan_medium (Baokun Li) - jffs2: fix memory leak in jffs2_do_mount_fs (Baokun Li) - jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (Baokun Li) - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) - pinctrl: samsung: drop pin banks references on error paths (Krzysztof Kozlowski) - NFSD: prevent underflow in nfssvc_decode_writeargs() (Dan Carpenter) - SUNRPC: avoid race between mod_timer() and del_timer_sync() (NeilBrown) - Documentation: update stable tree link (Bagas Sanjaya) - Documentation: add link to stable release candidate tree (Bagas Sanjaya) - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (Jann Horn) - clk: uniphier: Fix fixed-rate initialization (Kunihiko Hayashi) - iio: inkern: make a best effort on offset calculation (Liam Beguin) - iio: inkern: apply consumer scale when no channel scale is available (Liam Beguin) - iio: inkern: apply consumer scale on IIO_VAL_INT cases (Liam Beguin) - coresight: Fix TRCCONFIGR.QE sysfs interface (James Clark) - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (Alan Stern) - virtio-blk: Use blk_validate_block_size() to validate block size (Xie Yongji) - block: Add a helper to validate the block size (Xie Yongji) - tpm: fix reference counting for struct tpm_chip (Lino Sanfilippo) - fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) - af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (Haimin Zhang) - spi: Fix erroneous sgs value with min_t() (Biju Das) - spi: Fix invalid sgs value (Biju Das) - ethernet: sun: Free the coherent when failing in probing (Zheyu Ma) - virtio_console: break out of buf poll on remove (Michael S. Tsirkin) - netdevice: add the case if dev is NULL (Yajun Deng) - USB: serial: simple: add Nokia phone driver (Johan Hovold) - USB: serial: pl2303: add IBM device IDs (Eddie James) - Linux 4.14.275 (Greg Kroah-Hartman) - arm64: add ID_AA64ISAR2_EL1 sys register (James Morse) - arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) - arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) - arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) - arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) - arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) - arm64: entry: Move the trampoline data page before the text page (James Morse) - arm64: entry: Make the trampoline cleanup optional (James Morse) - arm64: entry.S: Add ventry overflow sanity checks (James Morse) - arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) - arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) - arm64: Add part number for Arm Cortex-A77 (Rob Herring) - arm64: Add part number for Neoverse N1 (Marc Zyngier) - arm64: Make ARM64_ERRATUM_1188873 depend on COMPAT (Marc Zyngier) - arm64: Add silicon-errata.txt entry for ARM erratum 1188873 (Marc Zyngier) - arm64: arch_timer: avoid unused function warning (Arnd Bergmann) - arm64: arch_timer: Add workaround for ARM erratum 1188873 (Marc Zyngier) - Linux 4.14.274 (Greg Kroah-Hartman) - llc: only change llc->dev when bind() succeeds (Eric Dumazet) - mac80211: fix potential double free on mesh join (Linus Lussing) - crypto: qat - disable registration of algorithms (Giovanni Cabiddu) - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (Werner Sembach) - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (Maximilian Luz) - ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (Mark Cilissen) - drivers: net: xgene: Fix regression in CRC stripping (Stephane Graber) - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (Giacomo Guiduzzi) - ALSA: cmipci: Restore aux vol on suspend/resume (Jonathan Teh) - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (Lars-Peter Clausen) - ALSA: pcm: Add stream lock during PCM reset ioctl operations (Takashi Iwai) - llc: fix netdevice reference leaks in llc_ui_bind() (Eric Dumazet) - thermal: int340x: fix memory leak in int3400_notify() (Chuansheng Liu) - staging: fbtft: fb_st7789v: reset display before initialization (Oliver Graute) - net: ipv6: fix skb_over_panic in __ip6_append_data (Tadeusz Struk) - nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION (Jordy Zomer) - Linux 4.14.273 (Greg Kroah-Hartman) - perf symbols: Fix symbol size calculation condition (Michael Petlan) - Input: aiptek - properly check endpoint type (Pavel Skripkin) - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (Alan Stern) - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (Dan Carpenter) - net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() (Nicolas Dichtel) - atm: eni: Add check for dma_map_single (Jiasheng Jiang) - net/packet: fix slab-out-of-bounds access in packet_recvmsg() (Eric Dumazet) - efi: fix return value of __setup handlers (Randy Dunlap) - fs: sysfs_emit: Remove PAGE_SIZE alignment check (Lucas Wei) - kselftest/vm: fix tests build with old libc (Chengming Zhou) - sfc: extend the locking on mcdi->seqno (Niels Dossche) - tcp: make tcp_read_sock() more robust (Eric Dumazet) - nl80211: Update bss channel on channel switch for P2P_CLIENT (Sreeramya Soratkal) - atm: firestream: check the return value of ioremap() in fs_init() (Jia-Ju Bai) - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (Lad Prabhakar) - ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE (Julian Braha) - MIPS: smp: fill in sibling and core maps earlier (Alexander Lobakin) - ARM: dts: rockchip: fix a typo on rk3288 crypto-controller (Corentin Labbe) - arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity (Jakob Unterwurzacher) - xfrm: Fix xfrm migrate issues when address family changes (Yan Yan) - sctp: fix the processing for INIT_ACK chunk (Xin Long) - sctp: fix the processing for INIT chunk (Xin Long) - Linux 4.14.272 (Greg Kroah-Hartman) - ext4: add check to prevent attempting to resize an fs with sparse_super2 (Josh Triplett) - ARM: fix Thumb2 regression with Spectre BHB (Russell King (Oracle)) - virtio: acknowledge all features before access (Michael S. Tsirkin) - virtio: unexport virtio_finalize_features (Michael S. Tsirkin) - staging: gdm724x: fix use after free in gdm_lte_rx() (Dan Carpenter) - ARM: Spectre-BHB: provide empty stub for non-config (Randy Dunlap) - selftests/memfd: clean up mapping in mfd_fail_write (Mike Kravetz) - tracing: Ensure trace buffer is at least 4096 bytes large (Sven Schnelle) - Revert 'xen-netback: Check for hotplug-status existence before watching' (Marek Marczykowski-Gorecki) - Revert 'xen-netback: remove 'hotplug-status' once it has served its purpose' (Marek Marczykowski-Gorecki) - net-sysfs: add check for netdevice being present to speed_show (suresh kumar) - sctp: fix kernel-infoleak for SCTP sockets (Eric Dumazet) - gpio: ts4900: Do not set DAT and OE together (Mark Featherston) - NFC: port100: fix use-after-free in port100_send_complete (Pavel Skripkin) - net/mlx5: Fix size field in bufferx_reg struct (Mohammad Kabat) - ax25: Fix NULL pointer dereference in ax25_kill_by_device (Duoming Zhou) - net: ethernet: lpc_eth: Handle error for clk_enable (Jiasheng Jiang) - net: ethernet: ti: cpts: Handle error for clk_enable (Jiasheng Jiang) - ethernet: Fix error handling in xemaclite_of_probe (Miaoqian Lin) - qed: return status of qed_iov_get_link (Tom Rix) - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (Jia-Ju Bai) - Linux 4.14.271 (Greg Kroah-Hartman) - xen/9p: use alloc/free_pages_exact() (Juergen Gross) {CVE-2022-23041} - xen/gntalloc: don't use gnttab_query_foreign_access() (Juergen Gross) {CVE-2022-23039} - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (Juergen Gross) {CVE-2022-23038} - xen/grant-table: add gnttab_try_end_foreign_access() (Juergen Gross) {CVE-2022-23036} {CVE-2022-23038} - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (Juergen Gross) {CVE-2022-23040} - ARM: fix build warning in proc-v7-bugs.c (Russell King (Oracle)) - ARM: Do not use NOCROSSREFS directive with ld.lld (Nathan Chancellor) - ARM: fix co-processor register typo (Russell King (Oracle)) - ARM: fix build error when BPF_SYSCALL is disabled (Emmanuel Gil Peyrot) - ARM: include unprivileged BPF status in Spectre V2 reporting (Russell King (Oracle)) - ARM: Spectre-BHB workaround (Russell King (Oracle)) - ARM: use LOADADDR() to get load address of sections (Russell King (Oracle)) - ARM: early traps initialisation (Russell King (Oracle)) - ARM: report Spectre v2 status through sysfs (Russell King (Oracle)) - arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit() (Mark Rutland) - arm/arm64: Provide a wrapper for SMCCC 1.1 calls (Steven Price) - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (Josh Poimboeuf) - Linux 4.14.270 (Greg Kroah-Hartman) - hamradio: fix macro redefine warning (Huang Pei) - net: dcb: disable softirqs in dcbnl_flush_dev() (Vladimir Oltean) - memfd: fix F_SEAL_WRITE after shmem huge page allocated (Hugh Dickins) - HID: add mapping for KEY_ALL_APPLICATIONS (William Mahon) - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (Hans de Goede) - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (Hans de Goede) - nl80211: Handle nla_memdup failures in handle_nan_filter (Jiasheng Jiang) - net: chelsio: cxgb3: check the return value of pci_find_capability() (Jia-Ju Bai) - soc: fsl: qe: Check of ioremap return value (Jiasheng Jiang) - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (Randy Dunlap) - can: gs_usb: change active_channels's type from atomic_t to u8 (Vincent Mailhol) - efivars: Respect 'block' flag in efivar_entry_set_safe() (Jann Horn) - net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() (Zheyu Ma) - net: sxgbe: fix return value of __setup handler (Randy Dunlap) - net: stmmac: fix return value of __setup handler (Randy Dunlap) - mac80211: fix forwarded mesh frames AC & queue selection (Nicolas Escande) - firmware: qemu_fw_cfg: fix kobject leak in probe error path (Johan Hovold) - firmware: Fix a reference count leak. (Qiushi Wu) - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server (D. Wythe) - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client (D. Wythe) - net: dcb: flush lingering app table entries for unregistered devices (Vladimir Oltean) - batman-adv: Don't expect inter-netns unique iflink indices (Sven Eckelmann) - batman-adv: Request iflink once in batadv_get_real_netdevice (Sven Eckelmann) - batman-adv: Request iflink once in batadv-on-batadv check (Sven Eckelmann) - netfilter: nf_queue: fix possible use-after-free (Florian Westphal) - netfilter: nf_queue: don't assume sk is full socket (Florian Westphal) - xfrm: enforce validity of offload input flags (Leon Romanovsky) - netfilter: fix use-after-free in __nf_register_net_hook() (Eric Dumazet) - xfrm: fix MTU regression (Jiri Bohac) - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (Marek Vasut) - ALSA: intel_hdmi: Fix reference to PCM buffer address (Zhen Ni) - ata: pata_hpt37x: fix PCI clock detection (Sergey Shtylyov) - usb: gadget: clear related members when goto fail (Hangyu Hua) - usb: gadget: don't release an existing dev->buf (Hangyu Hua) - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (Daniele Palmas) - i2c: qup: allow COMPILE_TEST (Wolfram Sang) - i2c: cadence: allow COMPILE_TEST (Wolfram Sang) - dmaengine: shdma: Fix runtime PM imbalance on error (Yongzhi Liu) - cifs: fix double free race when mount fails in cifs_get_root() (Ronnie Sahlberg) - Input: clear BTN_RIGHT/MIDDLE on buttonpads (Jose Exposito) - i2c: bcm2835: Avoid clock stretching timeouts (Eric Anholt) - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (JaeMan Park) - mac80211_hwsim: report NOACK frames in tx_status (Benjamin Beichler) - Linux 4.14.269 (Greg Kroah-Hartman) - fget: clarify and improve __fget_files() implementation (Linus Torvalds) - memblock: use kfree() to release kmalloced memblock regions (Miaohe Lin) - Revert 'drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR' (Karol Herbst) - tty: n_gsm: fix proper link termination after failed open (daniel.starke@siemens.com) - tty: n_gsm: fix encoding of control signal octet bit DV (daniel.starke@siemens.com) - xhci: Prevent futile URB re-submissions due to incorrect return value. (Hongyu Xie) - xhci: re-initialize the HC during resume if HCE was set (Puma Hsu) - usb: dwc3: gadget: Let the interrupt handler disable bottom halves. (Sebastian Andrzej Siewior) - USB: serial: option: add Telit LE910R1 compositions (Daniele Palmas) - USB: serial: option: add support for DW5829e (Slark Xiao) - tracefs: Set the group ownership in apply_options() not parse_options() (Steven Rostedt (Google)) - USB: gadget: validate endpoint index for xilinx udc (Szymon Heidrich) - usb: gadget: rndis: add spinlock for rndis response list (Daehwan Jung) - Revert 'USB: serial: ch341: add new Product ID for CH341A' (Dmytro Bagrii) - ata: pata_hpt37x: disable primary channel on HPT371 (Sergey Shtylyov) - iio: adc: men_z188_adc: Fix a resource leak in an error handling path (Christophe JAILLET) - RDMA/ib_srp: Fix a deadlock (Bart Van Assche) - configfs: fix a race in configfs_{,un}register_subsystem() (ChenXiaoSong) - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman) - drm/edid: Always set RGB444 (Maxime Ripard) - openvswitch: Fix setting ipv6 fields causing hw csum failure (Paul Blakey) - gso: do not skip outer ip header in case of ipip and net_failover (Tao Liu) - net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends (Eric Dumazet) - ping: remove pr_err from ping_lookup (Xin Long) - serial: 8250: of: Fix mapped region size when using reg-offset property (Robert Hancock) - USB: zaurus: support another broken Zaurus (Oliver Neukum) - parisc/unaligned: Fix ldw() and stw() unalignment handlers (Helge Deller) - parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel (Helge Deller) - vhost/vsock: don't check owner in vhost_vsock_stop() while releasing (Stefano Garzarella) - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug (Zhang Qiao) - Linux 4.14.268 (Greg Kroah-Hartman) - net: macb: Align the dma and coherent dma masks (Marc St-Amand) - net: usb: qmi_wwan: Add support for Dell DW5829e (Slark Xiao) - tracing: Fix tp_printk option related with tp_printk_stop_on_boot (JaeSang Yoo) - ata: libata-core: Disable TRIM on M88V29 (Zoltan Boszormenyi) - ARM: OMAP2+: hwmod: Add of_node_put() before break (Wan Jiabing) - NFS: Do not report writeback errors in nfs_getattr() (Trond Myklebust) - KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW (Jim Mattson) - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (david regan) - mtd: rawnand: brcmnand: Refactored code to introduce helper functions (Kamal Dasu) - i2c: brcmstb: fix support for DSL and CM variants (Rafal Milecki) - dmaengine: sh: rcar-dmac: Check for error num after setting mask (Jiasheng Jiang) - net: sched: limit TC_ACT_REPEAT loops (Eric Dumazet) - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (Eliav Farber) - NFS: LOOKUP_DIRECTORY is also ok with symlinks (Trond Myklebust) - powerpc/lib/sstep: fix 'ptesync' build error (Anders Roxell) - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (Mark Brown) - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (Mark Brown) - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (Takashi Iwai) - ALSA: hda: Fix regression on forced probe mask option (Takashi Iwai) - libsubcmd: Fix use-after-free for realloc(..., 0) (Kees Cook) - bonding: fix data-races around agg_select_timer (Eric Dumazet) - drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit (Eric Dumazet) - ping: fix the dif and sdif check in ping_lookup (Xin Long) - net: ieee802154: ca8210: Fix lifs/sifs periods (Miquel Raynal) - iwlwifi: pcie: gen2: fix locking when 'HW not ready' (Johannes Berg) - iwlwifi: pcie: fix locking when 'HW not ready' (Johannes Berg) - vsock: remove vsock from connected table when connect is interrupted by a signal (Seth Forshee) - taskstats: Cleanup the use of task->exit_code (Eric W. Biederman) - xfrm: Don't accidentally set RTO_ONLINK in decode_session4() (Guillaume Nault) - drm/radeon: Fix backlight control on iMac 12,1 (Nicholas Bishop) - iwlwifi: fix use-after-free (Johannes Berg) - Revert 'module, async: async_synchronize_full() on module init iff async is used' (Igor Pylypiv) - quota: make dquot_quota_sync return errors from ->sync_fs (Darrick J. Wong) - vfs: make freeze_super abort when sync_filesystem returns error (Darrick J. Wong) - ax25: improve the incomplete fix to avoid UAF and NPD bugs (Duoming Zhou) - selftests/zram: Adapt the situation that /dev/zram0 is being used (Yang Xu) - selftests/zram01.sh: Fix compression ratio calculation (Yang Xu) - selftests/zram: Skip max_comp_streams interface on newer kernel (Yang Xu) - net: ieee802154: at86rf230: Stop leaking skb's (Miquel Raynal) - btrfs: send: in case of IO error log it (Davis Mosans) - parisc: Fix sglist access in ccio-dma.c (John David Anglin) - parisc: Fix data TLB miss in sba_unmap_sg (John David Anglin) - serial: parisc: GSC: fix build when IOSAPIC is not set (Randy Dunlap) - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (Jann Horn) - Makefile.extrawarn: Move -Wunaligned-access to W=1 (Nathan Chancellor) - Linux 4.14.267 (Greg Kroah-Hartman) - perf: Fix list corruption in perf_cgroup_switch() (Song Liu) - hwmon: (dell-smm) Speed up setting of fan speed (Armin Wolf) - seccomp: Invalidate seccomp mode to catch death failures (Kees Cook) - USB: serial: cp210x: add CPI Bulk Coin Recycler id (Johan Hovold) - USB: serial: cp210x: add NCR Retail IO box id (Johan Hovold) - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (Stephan Brunner) - USB: serial: option: add ZTE MF286D modem (Pawel Dembicki) - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (Cameron Williams) - usb: gadget: rndis: check size of RNDIS_MSG_SET command (Greg Kroah-Hartman) - USB: gadget: validate interface OS descriptor requests (Szymon Heidrich) - usb: dwc3: gadget: Prevent core from processing stale TRBs (Udipto Goswami) - usb: ulpi: Call of_node_put correctly (Sean Anderson) - usb: ulpi: Move of_node_put to ulpi_dev_release (Sean Anderson) - n_tty: wake up poll(POLLRDNORM) on receiving data (TATSUKAWA KOSUKE - vt_ioctl: add array_index_nospec to VT_ACTIVATE (Jakob Koschel) - vt_ioctl: fix array_index_nospec in vt_setactivate (Jakob Koschel) - net: amd-xgbe: disable interrupts during pci removal (Raju Rangoju) - tipc: rate limit warning for received illegal binding update (Jon Maloy) - net: fix a memleak when uncloning an skb dst and its metadata (Antoine Tenart) - net: do not keep the dst cache when uncloning an skb dst and its metadata (Antoine Tenart) - ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path (Eric Dumazet) - bonding: pair enable_port with slave_arr_updates (Mahesh Bandewar) - usb: f_fs: Fix use-after-free for epfile (Udipto Goswami) - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (Fabio Estevam) - staging: fbtft: Fix error path in fbtft_driver_module_init() (Uwe Kleine-Konig) - ARM: dts: meson: Fix the UART compatible strings (Martin Blumenstingl) - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (Fabio Estevam) - Revert 'net: axienet: Wait for PhyRstCmplt after core reset' (Sasha Levin) - net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout() (Jisheng Zhang) - usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend (Amelie Delaunay) - scsi: target: iscsi: Make sure the np under each tpg is unique (ZouMingzhe) - NFSv4 expose nfs_parse_server_name function (Olga Kornievskaia) - NFSv4 remove zero number of fs_locations entries error check (Olga Kornievskaia) - NFSv4.1: Fix uninitialised variable in devicenotify (Trond Myklebust) - nfs: nfs4clinet: check the return value of kstrdup() (Xiaoke Wang) - NFSv4 only print the label when its queried (Olga Kornievskaia) - NFSD: Clamp WRITE offsets (Chuck Lever) - NFS: Fix initialisation of nfs_client cl_flags field (Trond Myklebust) - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (Pavel Parkhomenko) - mmc: sdhci-of-esdhc: Check for error num after setting mask (Jiasheng Jiang) - ima: Allow template selection with ima_template[_fmt]= after ima_hash= (Roberto Sassu) - ima: Remove ima_policy file before directory (Stefan Berger) - integrity: check the return value of audit_log_start() (Xiaoke Wang) - Linux 4.14.266 (Greg Kroah-Hartman) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1048 CVE-2022-23038 CVE-2022-0487 CVE-2022-23041 CVE-2022-23039 CVE-2022-23040 CVE-2022-23036 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.308.7] - uek-rpm: Update OL7/8 Secureboot certificate and shim versions (Sherry Yang) [Orabug: 34248329] [5.4.17-2136.308.6] - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) - arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL (Mike Rapoport) - x86/cpu: Load microcode during restore_processor_state() (Borislav Petkov) - net/smc: Fix sock leak when release after smc_shutdown() (Tony Lu) - dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (Vinod Koul) - scsi: qla2xxx: Fix warning for missing error code (Nilesh Javali) - media: Revert 'media: em28xx: add missing em28xx_close_extension' (Pavel Skripkin) - regulator: qcom_smd: fix for_each_child.cocci warnings (kernel test robot) - Revert 'Input: clear BTN_RIGHT/MIDDLE on buttonpads' (Jose Exposito) - f2fs: fix to unlock page correctly in error path of is_alive() (Chao Yu) - perf: Fix sys_perf_event_open() race against self (Peter Zijlstra) [Orabug: 34211086] {CVE-2022-1729} - debug: Lock down kgdb (Stephen Brennan) [Orabug: 34211075] {CVE-2022-21499} - io_uring: always use original task when preparing req identity (Jens Axboe) [Orabug: 34211070] {CVE-2022-1786} - ALSA: pcm: Fix races among concurrent prealloc proc writes (Takashi Iwai) [Orabug: 34007905] {CVE-2022-1048} - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (Takashi Iwai) [Orabug: 34007905] {CVE-2022-1048} - ALSA: pcm: Fix races among concurrent read/write and buffer changes (Takashi Iwai) [Orabug: 34007905] {CVE-2022-1048} - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (Takashi Iwai) [Orabug: 34007905] {CVE-2022-1048} - KVM: x86: avoid calling x86 emulator without a decoded instruction (Sean Christopherson) [Orabug: 34205799] {CVE-2022-1852} {CVE-2022-1852} [5.4.17-2136.308.5] - vfio/type1: misalignment sanity check broken when mapping dma (Anthony Yznaga) [Orabug: 34124949] - uek-rpm: configs: enable 9P_FS for x86_64 (Todd Vierling) [Orabug: 34146030] [5.4.17-2136.308.4] - bpf: parse BTF with linkage set for functions (Alan Maguire) [Orabug: 34068157] - selftests/bpf: remove BPF skeleton-based tests that got pulled in via backports (Alan Maguire) [Orabug: 34068157] - uek-rpm: default for COMMON_CLK_MARVELL_OTX2 should be 'n' (Henry Willard) [Orabug: 34138118] [5.4.17-2136.308.3] - xfs: only bother with sync_filesystem during readonly remount (Darrick J. Wong) [Orabug: 34085023] - vfs: make sync_filesystem return errors from ->sync_fs (Darrick J. Wong) [Orabug: 34085023] - xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (Darrick J. Wong) [Orabug: 34085023] - xfs: prevent UAF in xfs_log_item_in_current_chkpt (Darrick J. Wong) [Orabug: 34085023] - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (Dan Carpenter) [Orabug: 34085023] - xfs: check sb_meta_uuid for dabuf buffer recovery (Dave Chinner) [Orabug: 34085023] - xfs: only run COW extent recovery when there are no live extents (Darrick J. Wong) [Orabug: 34085023] - x86/platform/uv: Log gap hole end size (Mike Travis) [Orabug: 34100339] - x86/platform/uv: Update TSC sync state for UV5 (Mike Travis) [Orabug: 34100339] - x86/platform/uv: Update NMI Handler for UV5 (Mike Travis) [Orabug: 34100339] - perf/x86/intel/uncore: Fix the build on !CONFIG_PHYS_ADDR_T_64BIT (Ingo Molnar) [Orabug: 34100339] - perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (Steve Wahl) [Orabug: 34100339] - net/rds: Delayed DR_SOCK_CANCEL (Gerd Rausch) [Orabug: 34105318] - mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin Guay) [Orabug: 34111386] - xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 34111386] - staging: mmal-vchiq: Reset buffers_with_vpu on port_enable (Dave Stevenson) [Orabug: 34125311] - af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (Haimin Zhang) [Orabug: 34135343] {CVE-2022-1353} - clocksource: Avoid accidental unstable marking of clocksources (Waiman Long) [Orabug: 34145210] - clocksource: Reduce clocksource-skew threshold (Paul E. McKenney) [Orabug: 34145210] - Revert 'rds/ib: recover rds connection from stuck tx path' (Nagappan Ramasamy Palaniappan) [Orabug: 34152863] - Revert 'rds/ib: reap tx completions during connection shutdown' (Nagappan Ramasamy Palaniappan) [Orabug: 34152863] - Revert 'rds/ib: handle posted ACK during connection shutdown' (Nagappan Ramasamy Palaniappan) [Orabug: 34152863] [5.4.17-2136.308.2] - KVM: arm64: Check arm64_get_bp_hardening_data() didn't return NULL (James Morse) - LTS tag: v5.4.188 (Sherry Yang) - llc: only change llc->dev when bind() succeeds (Eric Dumazet) - nds32: fix access_ok() checks in get/put_user (Arnd Bergmann) - tpm: use try_get_ops() in tpm-space.c (James Bottomley) - mac80211: fix potential double free on mesh join (Linus Lussing) - rcu: Don't deboost before reporting expedited quiescent state (Paul E. McKenney) - crypto: qat - disable registration of algorithms (Giovanni Cabiddu) - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (Werner Sembach) - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (Maximilian Luz) - ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (Mark Cilissen) - ALSA: hda/realtek: Add quirk for ASUS GA402 (Jason Zheng) - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (huangwenhui) - ALSA: oss: Fix PCM OSS buffer allocation overflow (Takashi Iwai) - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (Takashi Iwai) - drivers: net: xgene: Fix regression in CRC stripping (Stephane Graber) - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (Giacomo Guiduzzi) - ALSA: cmipci: Restore aux vol on suspend/resume (Jonathan Teh) - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (Lars-Peter Clausen) - ALSA: pcm: Add stream lock during PCM reset ioctl operations (Takashi Iwai) - llc: fix netdevice reference leaks in llc_ui_bind() (Eric Dumazet) - thermal: int340x: fix memory leak in int3400_notify() (Chuansheng Liu) - staging: fbtft: fb_st7789v: reset display before initialization (Oliver Graute) - tpm: Fix error handling in async work (Tadeusz Struk) - net: ipv6: fix skb_over_panic in __ip6_append_data (Tadeusz Struk) - nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION (Jordy Zomer) - nfsd: Containerise filecache laundrette (Trond Myklebust) - nfsd: cleanup nfsd_file_lru_dispose() (Trond Myklebust) - LTS tag: v5.4.187 (Sherry Yang) - Revert 'selftests/bpf: Add test for bpf_timer overwriting crash' (Greg Kroah-Hartman) - perf symbols: Fix symbol size calculation condition (Michael Petlan) - Input: aiptek - properly check endpoint type (Pavel Skripkin) - usb: usbtmc: Fix bug in pipe direction for control transfers (Alan Stern) - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (Alan Stern) - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (Dan Carpenter) - arm64: fix clang warning about TRAMP_VALIAS (Arnd Bergmann) - net: dsa: Add missing of_node_put() in dsa_port_parse_of (Miaoqian Lin) - net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() (Nicolas Dichtel) - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (Marek Vasut) - hv_netvsc: Add check for kvmalloc_array (Jiasheng Jiang) - atm: eni: Add check for dma_map_single (Jiasheng Jiang) - net/packet: fix slab-out-of-bounds access in packet_recvmsg() (Eric Dumazet) - net: phy: marvell: Fix invalid comparison in the resume and suspend functions (Kurt Cancemi) - efi: fix return value of __setup handlers (Randy Dunlap) - ocfs2: fix crash when initialize filecheck kobj fails (Joseph Qi) - crypto: qcom-rng - ensure buffer for generate is completely filled (Brian Masney) - LTS tag: v5.4.186 (Sherry Yang) - fixup for 'arm64 entry: Add macro for reading symbol address from the trampoline' (James Morse) - kselftest/vm: fix tests build with old libc (Chengming Zhou) - sfc: extend the locking on mcdi->seqno (Niels Dossche) - tcp: make tcp_read_sock() more robust (Eric Dumazet) - nl80211: Update bss channel on channel switch for P2P_CLIENT (Sreeramya Soratkal) - drm/vrr: Set VRR capable prop only if it is attached to connector (Manasi Navare) - iwlwifi: don't advertise TWT support (Golan Ben Ami) - atm: firestream: check the return value of ioremap() in fs_init() (Jia-Ju Bai) - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (Lad Prabhakar) - ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE (Julian Braha) - MIPS: smp: fill in sibling and core maps earlier (Alexander Lobakin) - mac80211: refuse aggregations sessions before authorized (Johannes Berg) - ARM: dts: rockchip: fix a typo on rk3288 crypto-controller (Corentin Labbe) - ARM: dts: rockchip: reorder rk322x hmdi clocks (Sascha Hauer) - arm64: dts: agilex: use the compatible 'intel,socfpga-agilex-hsotg' (Dinh Nguyen) - arm64: dts: rockchip: reorder rk3399 hdmi clocks (Sascha Hauer) - arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity (Jakob Unterwurzacher) - xfrm: Fix xfrm migrate issues when address family changes (Yan Yan) - xfrm: Check if_id in xfrm_migrate (Yan Yan) - sctp: fix the processing for INIT chunk (Xin Long) - Revert 'xfrm: state and policy should fail if XFRMA_IF_ID 0' (Kai Lueke) - LTS tag: v5.4.185 (Sherry Yang) - ext4: add check to prevent attempting to resize an fs with sparse_super2 (Josh Triplett) - ARM: fix Thumb2 regression with Spectre BHB (Russell King (Oracle)) - virtio: acknowledge all features before access (Michael S. Tsirkin) - virtio: unexport virtio_finalize_features (Michael S. Tsirkin) - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (Pali Rohar) - riscv: Fix auipc+jalr relocation range checks (Emil Renner Berthing) - mmc: meson: Fix usage of meson_mmc_post_req() (Rong Chen) - net: macb: Fix lost RX packet wakeup race in NAPI receive (Robert Hancock) - staging: gdm724x: fix use after free in gdm_lte_rx() (Dan Carpenter) - fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) - ARM: Spectre-BHB: provide empty stub for non-config (Randy Dunlap) - selftests/memfd: clean up mapping in mfd_fail_write (Mike Kravetz) - selftest/vm: fix map_fixed_noreplace test failure (Aneesh Kumar K.V) - tracing: Ensure trace buffer is at least 4096 bytes large (Sven Schnelle) - ipv6: prevent a possible race condition with lifetimes (Niels Dossche) - Revert 'xen-netback: Check for hotplug-status existence before watching' (Marek Marczykowski-Gorecki) - Revert 'xen-netback: remove 'hotplug-status' once it has served its purpose' (Marek Marczykowski-Gorecki) - net-sysfs: add check for netdevice being present to speed_show (suresh kumar) - selftests/bpf: Add test for bpf_timer overwriting crash (Kumar Kartikeya Dwivedi) - net: bcmgenet: Don't claim WOL when its not available (Jeremy Linton) - sctp: fix kernel-infoleak for SCTP sockets (Eric Dumazet) - net: phy: DP83822: clear MISR2 register to disable interrupts (Clement Leger) - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (Miaoqian Lin) - gpio: ts4900: Do not set DAT and OE together (Mark Featherston) - selftests: pmtu.sh: Kill tcpdump processes launched by subshell. (Guillaume Nault) - NFC: port100: fix use-after-free in port100_send_complete (Pavel Skripkin) - net/mlx5: Fix a race on command flush flow (Moshe Shemesh) - net/mlx5: Fix size field in bufferx_reg struct (Mohammad Kabat) - ax25: Fix NULL pointer dereference in ax25_kill_by_device (Duoming Zhou) - net: ethernet: lpc_eth: Handle error for clk_enable (Jiasheng Jiang) - net: ethernet: ti: cpts: Handle error for clk_enable (Jiasheng Jiang) - ethernet: Fix error handling in xemaclite_of_probe (Miaoqian Lin) - ARM: dts: aspeed: Fix AST2600 quad spi group (Joel Stanley) - drm/sun4i: mixer: Fix P010 and P210 format numbers (Jernej Skrabec) - qed: return status of qed_iov_get_link (Tom Rix) - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (Jia-Ju Bai) - virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (Xie Yongji) - arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias (Pali Rohar) - clk: qcom: gdsc: Add support to update GDSC transition delay (Taniya Das) - LTS tag: v5.4.184 (Sherry Yang) - Revert 'ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE' (Greg Kroah-Hartman) - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (Juergen Gross) {CVE-2022-23042} - xen/gnttab: fix gnttab_end_foreign_access() without page specified (Juergen Gross) {CVE-2022-23041} - xen/pvcalls: use alloc/free_pages_exact() (Juergen Gross) {CVE-2022-23041} - xen/9p: use alloc/free_pages_exact() (Juergen Gross) {CVE-2022-23041} - xen: remove gnttab_query_foreign_access() (Juergen Gross) - xen/gntalloc: don't use gnttab_query_foreign_access() (Juergen Gross) {CVE-2022-23039} - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (Juergen Gross) {CVE-2022-23038} - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (Juergen Gross) {CVE-2022-23037} - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (Juergen Gross) {CVE-2022-23036} - xen/grant-table: add gnttab_try_end_foreign_access() (Juergen Gross) {CVE-2022-23036} {CVE-2022-23038} - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (Juergen Gross) {CVE-2022-23040} - ARM: fix build warning in proc-v7-bugs.c (Russell King (Oracle)) - ARM: Do not use NOCROSSREFS directive with ld.lld (Nathan Chancellor) - ARM: fix co-processor register typo (Russell King (Oracle)) - ARM: fix build error when BPF_SYSCALL is disabled (Emmanuel Gil Peyrot) - ARM: include unprivileged BPF status in Spectre V2 reporting (Russell King (Oracle)) - ARM: Spectre-BHB workaround (Russell King (Oracle)) - ARM: use LOADADDR() to get load address of sections (Russell King (Oracle)) - ARM: early traps initialisation (Russell King (Oracle)) - ARM: report Spectre v2 status through sysfs (Russell King (Oracle)) - arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit() (Mark Rutland) - arm/arm64: Provide a wrapper for SMCCC 1.1 calls (Steven Price) - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (Josh Poimboeuf) - x86/speculation: Warn about Spectre v2 LFENCE mitigation (Josh Poimboeuf) - LTS tag: v5.4.183 (Sherry Yang) - hamradio: fix macro redefine warning (Huang Pei) - net: dcb: disable softirqs in dcbnl_flush_dev() (Vladimir Oltean) - Revert 'xfrm: xfrm_state_mtu should return at least 1280 for ipv6' (Jiri Bohac) - btrfs: add missing run of delayed items after unlink during log replay (Filipe Manana) - btrfs: qgroup: fix deadlock between rescan worker and remove qgroup (Sidong Yang) - btrfs: fix lost prealloc extents beyond eof after full fsync (Filipe Manana) - tracing: Fix return value of __setup handlers (Randy Dunlap) - tracing/histogram: Fix sorting on old 'cpu' value (Steven Rostedt (Google)) - HID: add mapping for KEY_ALL_APPLICATIONS (William Mahon) - HID: add mapping for KEY_DICTATE (William Mahon) - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (Hans de Goede) - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (Hans de Goede) - nl80211: Handle nla_memdup failures in handle_nan_filter (Jiasheng Jiang) - net: chelsio: cxgb3: check the return value of pci_find_capability() (Jia-Ju Bai) - soc: fsl: qe: Check of ioremap return value (Jiasheng Jiang) - memfd: fix F_SEAL_WRITE after shmem huge page allocated (Hugh Dickins) - ibmvnic: free reset-work-item when flushing (Sukadev Bhattiprolu) - igc: igc_write_phy_reg_gpy: drop premature return (Sasha Neftin) - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (Randy Dunlap) - ARM: Fix kgdb breakpoint for Thumb2 (Russell King (Oracle)) - igc: igc_read_phy_reg_gpy: drop premature return (Corinna Vinschen) - arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (Brian Norris) - can: gs_usb: change active_channels's type from atomic_t to u8 (Vincent Mailhol) - ASoC: cs4265: Fix the duplicated control name (Fabio Estevam) - firmware: arm_scmi: Remove space in MODULE_ALIAS name (Alyssa Ross) - efivars: Respect 'block' flag in efivar_entry_set_safe() (Jann Horn) - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (Maciej Fijalkowski) - net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() (Zheyu Ma) - net: sxgbe: fix return value of __setup handler (Randy Dunlap) - iavf: Fix missing check for running netdev (Slawomir Laba) - net: stmmac: fix return value of __setup handler (Randy Dunlap) - mac80211: fix forwarded mesh frames AC & queue selection (Nicolas Escande) - ia64: ensure proper NUMA distance and possible map initialization (Valentin Schneider) - sched/topology: Fix sched_domain_topology_level alloc in sched_init_numa() (Dietmar Eggemann) - sched/topology: Make sched_init_numa() use a set for the deduplicating sort (Valentin Schneider) - xen/netfront: destroy queues before real_num_tx_queues is zeroed (Marek Marczykowski-Gorecki) - block: Fix fsync always failed if once failed (Ye Bin) - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server (D. Wythe) - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client (D. Wythe) - net: dcb: flush lingering app table entries for unregistered devices (Vladimir Oltean) - batman-adv: Don't expect inter-netns unique iflink indices (Sven Eckelmann) - batman-adv: Request iflink once in batadv_get_real_netdevice (Sven Eckelmann) - batman-adv: Request iflink once in batadv-on-batadv check (Sven Eckelmann) - netfilter: nf_queue: fix possible use-after-free (Florian Westphal) - netfilter: nf_queue: don't assume sk is full socket (Florian Westphal) - xfrm: enforce validity of offload input flags (Leon Romanovsky) - xfrm: fix the if_id check in changelink (Antony Antony) - netfilter: fix use-after-free in __nf_register_net_hook() (Eric Dumazet) - xfrm: fix MTU regression (Jiri Bohac) - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (Marek Vasut) - ALSA: intel_hdmi: Fix reference to PCM buffer address (Zhen Ni) - ata: pata_hpt37x: fix PCI clock detection (Sergey Shtylyov) - usb: gadget: clear related members when goto fail (Hangyu Hua) - usb: gadget: don't release an existing dev->buf (Hangyu Hua) - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (Daniele Palmas) - i2c: qup: allow COMPILE_TEST (Wolfram Sang) - i2c: cadence: allow COMPILE_TEST (Wolfram Sang) - dmaengine: shdma: Fix runtime PM imbalance on error (Yongzhi Liu) - cifs: fix double free race when mount fails in cifs_get_root() (Ronnie Sahlberg) - Input: clear BTN_RIGHT/MIDDLE on buttonpads (Jose Exposito) - ASoC: rt5682: do not block workqueue if card is unbound (Kai Vehmanen) - ASoC: rt5668: do not block workqueue if card is unbound (Kai Vehmanen) - i2c: bcm2835: Avoid clock stretching timeouts (Eric Anholt) - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (JaeMan Park) - mac80211_hwsim: report NOACK frames in tx_status (Benjamin Beichler) - LTS tag: v5.4.182 (Sherry Yang) - fget: clarify and improve __fget_files() implementation (Linus Torvalds) - memblock: use kfree() to release kmalloced memblock regions (Miaohe Lin) - Revert 'drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR' (Karol Herbst) - gpio: tegra186: Fix chip_data type confusion (Marc Zyngier) - tty: n_gsm: fix NULL pointer access due to DLCI release (daniel.starke@siemens.com) - tty: n_gsm: fix proper link termination after failed open (daniel.starke@siemens.com) - tty: n_gsm: fix encoding of control signal octet bit DV (daniel.starke@siemens.com) - xhci: Prevent futile URB re-submissions due to incorrect return value. (Hongyu Xie) - xhci: re-initialize the HC during resume if HCE was set (Puma Hsu) - usb: dwc3: gadget: Let the interrupt handler disable bottom halves. (Sebastian Andrzej Siewior) - usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (Hans de Goede) - USB: serial: option: add Telit LE910R1 compositions (Daniele Palmas) - USB: serial: option: add support for DW5829e (Slark Xiao) - tracefs: Set the group ownership in apply_options() not parse_options() (Steven Rostedt (Google)) - USB: gadget: validate endpoint index for xilinx udc (Szymon Heidrich) - usb: gadget: rndis: add spinlock for rndis response list (Daehwan Jung) - Revert 'USB: serial: ch341: add new Product ID for CH341A' (Dmytro Bagrii) - ata: pata_hpt37x: disable primary channel on HPT371 (Sergey Shtylyov) - iio: Fix error handling for PM (Miaoqian Lin) - iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits (Cosmin Tanislav) - iio: adc: men_z188_adc: Fix a resource leak in an error handling path (Christophe JAILLET) - tracing: Have traceon and traceoff trigger honor the instance (Steven Rostedt (Google)) - RDMA/ib_srp: Fix a deadlock (Bart Van Assche) - configfs: fix a race in configfs_{,un}register_subsystem() (ChenXiaoSong) - spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (Zhou Qingyang) - net/mlx5: Fix wrong limitation of metadata match on ecpf (Ariel Levkovich) - net/mlx5: Fix possible deadlock on rule deletion (Maor Gottlieb) - netfilter: nf_tables: fix memory leak during stateful obj update (Florian Westphal) - nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (Christophe JAILLET) - net: Force inlining of checksum functions in net/checksum.h (Christophe Leroy) - net: ll_temac: check the return value of devm_kmalloc() (Xiaoke Wang) - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman) - drm/edid: Always set RGB444 (Maxime Ripard) - openvswitch: Fix setting ipv6 fields causing hw csum failure (Paul Blakey) - gso: do not skip outer ip header in case of ipip and net_failover (Tao Liu) - tipc: Fix end of loop tests for list_for_each_entry() (Dan Carpenter) - net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends (Eric Dumazet) - bpf: Do not try bpf_msg_push_data with len 0 (Felix Maurer) - perf data: Fix double free in perf_session__delete() (Alexey Bayduraev) - ping: remove pr_err from ping_lookup (Xin Long) - lan743x: fix deadlock in lan743x_phy_link_status_change() (Heiner Kallweit) - optee: use driver internal tee_context for some rpc (Jens Wiklander) - tee: export teedev_open() and teedev_close_context() (Jens Wiklander) - x86/fpu: Correct pkru/xstate inconsistency (Brian Geffon) - USB: zaurus: support another broken Zaurus (Oliver Neukum) - drm/amdgpu: disable MMHUB PG for Picasso (Evan Quan) - parisc/unaligned: Fix ldw() and stw() unalignment handlers (Helge Deller) - parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel (Helge Deller) - vhost/vsock: don't check owner in vhost_vsock_stop() while releasing (Stefano Garzarella) - clk: jz4725b: fix mmc0 clock gating (Siarhei Volkau) - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug (Zhang Qiao) - LTS tag: v5.4.181 (Sherry Yang) - kconfig: fix failing to generate auto.conf (Jing Leng) - net: macb: Align the dma and coherent dma masks (Marc St-Amand) - net: usb: qmi_wwan: Add support for Dell DW5829e (Slark Xiao) - tracing: Fix tp_printk option related with tp_printk_stop_on_boot (JaeSang Yoo) - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (Sascha Hauer) - ata: libata-core: Disable TRIM on M88V29 (Zoltan Boszormenyi) - kconfig: let 'shell' return enough output for deep path names (Brenda Streiff) - arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610 (Christian Hewitt) - arm64: dts: meson-g12: add ATF BL32 reserved-memory region (Christian Hewitt) - arm64: dts: meson-gx: add ATF BL32 reserved-memory region (Christian Hewitt) - netfilter: conntrack: don't refresh sctp entries in closed state (Florian Westphal) - irqchip/sifive-plic: Add missing thead,c900-plic match string (Guo Ren) - ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of (Ye Guojin) - ARM: OMAP2+: hwmod: Add of_node_put() before break (Wan Jiabing) - KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW (Jim Mattson) - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (Miaoqian Lin) - i2c: brcmstb: fix support for DSL and CM variants (Rafal Milecki) - copy_process(): Move fd_install() out of sighand->siglock critical section (Waiman Long) - dmaengine: sh: rcar-dmac: Check for error num after setting mask (Jiasheng Jiang) - net: sched: limit TC_ACT_REPEAT loops (Eric Dumazet) - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (Eliav Farber) - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (James Smart) - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (david regan) - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (Bryan O'Donoghue) - NFS: Do not report writeback errors in nfs_getattr() (Trond Myklebust) - NFS: LOOKUP_DIRECTORY is also ok with symlinks (Trond Myklebust) - block/wbt: fix negative inflight counter when remove scsi device (Laibin Qiu) - mtd: rawnand: gpmi: don't leak PM reference in error path (Christian Eggers) - powerpc/lib/sstep: fix 'ptesync' build error (Anders Roxell) - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (Mark Brown) - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (Mark Brown) - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (Takashi Iwai) - ALSA: hda: Fix regression on forced probe mask option (Takashi Iwai) - libsubcmd: Fix use-after-free for realloc(..., 0) (Kees Cook) - bonding: fix data-races around agg_select_timer (Eric Dumazet) - drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit (Eric Dumazet) - bonding: force carrier update when releasing slave (Zhang Changzhong) - ping: fix the dif and sdif check in ping_lookup (Xin Long) - net: ieee802154: ca8210: Fix lifs/sifs periods (Miquel Raynal) - net: dsa: lan9303: fix reset on probe (Mans Rullgard) - netfilter: nft_synproxy: unregister hooks on init error path (Pablo Neira Ayuso) - iwlwifi: pcie: gen2: fix locking when 'HW not ready' (Johannes Berg) - iwlwifi: pcie: fix locking when 'HW not ready' (Johannes Berg) - mmc: block: fix read single on recovery logic (Christian Lohle) - vsock: remove vsock from connected table when connect is interrupted by a signal (Seth Forshee) - dmaengine: at_xdmac: Start transfer for cyclic channels in issue_pending (Tudor Ambarus) - taskstats: Cleanup the use of task->exit_code (Eric W. Biederman) - ext4: prevent partial update of the extent blocks (Zhang Yi) - ext4: check for inconsistent extents between index and leaf block (Zhang Yi) - ext4: check for out-of-order index extents in ext4_valid_extent_entries() (Zhang Yi) - drm/radeon: Fix backlight control on iMac 12,1 (Nicholas Bishop) - iwlwifi: fix use-after-free (Johannes Berg) - arm64: module/ftrace: intialize PLT at load time (Mark Rutland) - arm64: module: rework special section handling (Mark Rutland) - module/ftrace: handle patchable-function-entry (Mark Rutland) - ftrace: add ftrace_init_nop() (Mark Rutland) - Revert 'module, async: async_synchronize_full() on module init iff async is used' (Igor Pylypiv) - drm/amdgpu: fix logic inversion in check (Christian Konig) - nvme-rdma: fix possible use-after-free in transport error_recovery work (Sagi Grimberg) - nvme-tcp: fix possible use-after-free in transport error_recovery work (Sagi Grimberg) - nvme: fix a possible use-after-free in controller reset during load (Sagi Grimberg) - quota: make dquot_quota_sync return errors from ->sync_fs (Darrick J. Wong) - vfs: make freeze_super abort when sync_filesystem returns error (Darrick J. Wong) - ax25: improve the incomplete fix to avoid UAF and NPD bugs (Duoming Zhou) - selftests/zram: Adapt the situation that /dev/zram0 is being used (Yang Xu) - selftests/zram01.sh: Fix compression ratio calculation (Yang Xu) - selftests/zram: Skip max_comp_streams interface on newer kernel (Yang Xu) - net: ieee802154: at86rf230: Stop leaking skb's (Miquel Raynal) - selftests: rtc: Increase test timeout so that all tests run (Nicolas F. R. A. Prado) - platform/x86: ISST: Fix possible circular locking dependency detected (Srinivas Pandruvada) - btrfs: send: in case of IO error log it (Davis Mosans) - parisc: Fix sglist access in ccio-dma.c (John David Anglin) - parisc: Fix data TLB miss in sba_unmap_sg (John David Anglin) - parisc: Drop __init from map_pages declaration (John David Anglin) - serial: parisc: GSC: fix build when IOSAPIC is not set (Randy Dunlap) - Revert 'svm: Add warning message for AVIC IPI invalid target' (Sean Christopherson) - HID:Add support for UGTABLET WP5540 (Sergio Costas) - Makefile.extrawarn: Move -Wunaligned-access to W=1 (Nathan Chancellor) - LTS tag: v5.4.180 (Sherry Yang) - ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE (Rafael J. Wysocki) - perf: Fix list corruption in perf_cgroup_switch() (Song Liu) - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (James Smart) - hwmon: (dell-smm) Speed up setting of fan speed (Armin Wolf) - seccomp: Invalidate seccomp mode to catch death failures (Kees Cook) - USB: serial: cp210x: add CPI Bulk Coin Recycler id (Johan Hovold) - USB: serial: cp210x: add NCR Retail IO box id (Johan Hovold) - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (Stephan Brunner) - USB: serial: option: add ZTE MF286D modem (Pawel Dembicki) - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (Cameron Williams) - usb: gadget: f_uac2: Define specific wTerminalType (Pavel Hofman) - usb: gadget: rndis: check size of RNDIS_MSG_SET command (Greg Kroah-Hartman) - USB: gadget: validate interface OS descriptor requests (Szymon Heidrich) - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (Adam Ford) - usb: dwc3: gadget: Prevent core from processing stale TRBs (Udipto Goswami) - usb: ulpi: Call of_node_put correctly (Sean Anderson) - usb: ulpi: Move of_node_put to ulpi_dev_release (Sean Anderson) - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (Jann Horn) - eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX (Jonas Malaco) - n_tty: wake up poll(POLLRDNORM) on receiving data (TATSUKAWA KOSUKE - vt_ioctl: add array_index_nospec to VT_ACTIVATE (Jakob Koschel) - vt_ioctl: fix array_index_nospec in vt_setactivate (Jakob Koschel) - net: amd-xgbe: disable interrupts during pci removal (Raju Rangoju) - tipc: rate limit warning for received illegal binding update (Jon Maloy) - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (Joel Stanley) - veth: fix races around rq->rx_notify_masked (Eric Dumazet) - net: fix a memleak when uncloning an skb dst and its metadata (Antoine Tenart) - net: do not keep the dst cache when uncloning an skb dst and its metadata (Antoine Tenart) - nfp: flower: fix ida_idx not being released (Louis Peens) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-23040 CVE-2022-23042 CVE-2022-1048 CVE-2021-4197 CVE-2022-1353 CVE-2022-23039 CVE-2022-23041 CVE-2022-23038 CVE-2022-23037 CVE-2022-23036 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 Oracle Linux 8 - 5.4.17-2136.308.7.el7 - uek-rpm: Update OL7/8 Secureboot certificate and shim versions (Sherry Yang) [Orabug: 34248329] [5.4.17-2136.308.6] - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) - arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL (Mike Rapoport) - x86/cpu: Load microcode during restore_processor_state() (Borislav Petkov) - net/smc: Fix sock leak when release after smc_shutdown() (Tony Lu) - dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (Vinod Koul) - scsi: qla2xxx: Fix warning for missing error code (Nilesh Javali) - media: Revert 'media: em28xx: add missing em28xx_close_extension' (Pavel Skripkin) - regulator: qcom_smd: fix for_each_child.cocci warnings (kernel test robot) - Revert 'Input: clear BTN_RIGHT/MIDDLE on buttonpads' (Jose Exposito) - f2fs: fix to unlock page correctly in error path of is_alive() (Chao Yu) - perf: Fix sys_perf_event_open() race against self (Peter Zijlstra) [Orabug: 34211086] {CVE-2022-1729} - debug: Lock down kgdb (Stephen Brennan) [Orabug: 34211075] {CVE-2022-21499} - io_uring: always use original task when preparing req identity (Jens Axboe) [Orabug: 34211070] {CVE-2022-1786} - ALSA: pcm: Fix races among concurrent prealloc proc writes (Takashi Iwai) [Orabug: 34007905] {CVE-2022-1048} - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (Takashi Iwai) [Orabug: 34007905] {CVE-2022-1048} - ALSA: pcm: Fix races among concurrent read/write and buffer changes (Takashi Iwai) [Orabug: 34007905] {CVE-2022-1048} - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (Takashi Iwai) [Orabug: 34007905] {CVE-2022-1048} - KVM: x86: avoid calling x86 emulator without a decoded instruction (Sean Christopherson) [Orabug: 34205799] {CVE-2022-1852} {CVE-2022-1852} [5.4.17-2136.308.5] - vfio/type1: misalignment sanity check broken when mapping dma (Anthony Yznaga) [Orabug: 34124949] - uek-rpm: configs: enable 9P_FS for x86_64 (Todd Vierling) [Orabug: 34146030] [5.4.17-2136.308.4] - bpf: parse BTF with linkage set for functions (Alan Maguire) [Orabug: 34068157] - selftests/bpf: remove BPF skeleton-based tests that got pulled in via backports (Alan Maguire) [Orabug: 34068157] - uek-rpm: default for COMMON_CLK_MARVELL_OTX2 should be 'n' (Henry Willard) [Orabug: 34138118] [5.4.17-2136.308.3] - xfs: only bother with sync_filesystem during readonly remount (Darrick J. Wong) [Orabug: 34085023] - vfs: make sync_filesystem return errors from ->sync_fs (Darrick J. Wong) [Orabug: 34085023] - xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (Darrick J. Wong) [Orabug: 34085023] - xfs: prevent UAF in xfs_log_item_in_current_chkpt (Darrick J. Wong) [Orabug: 34085023] - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (Dan Carpenter) [Orabug: 34085023] - xfs: check sb_meta_uuid for dabuf buffer recovery (Dave Chinner) [Orabug: 34085023] - xfs: only run COW extent recovery when there are no live extents (Darrick J. Wong) [Orabug: 34085023] - x86/platform/uv: Log gap hole end size (Mike Travis) [Orabug: 34100339] - x86/platform/uv: Update TSC sync state for UV5 (Mike Travis) [Orabug: 34100339] - x86/platform/uv: Update NMI Handler for UV5 (Mike Travis) [Orabug: 34100339] - perf/x86/intel/uncore: Fix the build on !CONFIG_PHYS_ADDR_T_64BIT (Ingo Molnar) [Orabug: 34100339] - perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (Steve Wahl) [Orabug: 34100339] - net/rds: Delayed DR_SOCK_CANCEL (Gerd Rausch) [Orabug: 34105318] - mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin Guay) [Orabug: 34111386] - xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 34111386] - staging: mmal-vchiq: Reset buffers_with_vpu on port_enable (Dave Stevenson) [Orabug: 34125311] - af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (Haimin Zhang) [Orabug: 34135343] {CVE-2022-1353} - clocksource: Avoid accidental unstable marking of clocksources (Waiman Long) [Orabug: 34145210] - clocksource: Reduce clocksource-skew threshold (Paul E. McKenney) [Orabug: 34145210] - Revert 'rds/ib: recover rds connection from stuck tx path' (Nagappan Ramasamy Palaniappan) [Orabug: 34152863] - Revert 'rds/ib: reap tx completions during connection shutdown' (Nagappan Ramasamy Palaniappan) [Orabug: 34152863] - Revert 'rds/ib: handle posted ACK during connection shutdown' (Nagappan Ramasamy Palaniappan) [Orabug: 34152863] [5.4.17-2136.308.2] - KVM: arm64: Check arm64_get_bp_hardening_data() didn't return NULL (James Morse) - LTS tag: v5.4.188 (Sherry Yang) - llc: only change llc->dev when bind() succeeds (Eric Dumazet) - nds32: fix access_ok() checks in get/put_user (Arnd Bergmann) - tpm: use try_get_ops() in tpm-space.c (James Bottomley) - mac80211: fix potential double free on mesh join (Linus Lussing) - rcu: Don't deboost before reporting expedited quiescent state (Paul E. McKenney) - crypto: qat - disable registration of algorithms (Giovanni Cabiddu) - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (Werner Sembach) - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (Maximilian Luz) - ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (Mark Cilissen) - ALSA: hda/realtek: Add quirk for ASUS GA402 (Jason Zheng) - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (huangwenhui) - ALSA: oss: Fix PCM OSS buffer allocation overflow (Takashi Iwai) - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (Takashi Iwai) - drivers: net: xgene: Fix regression in CRC stripping (Stephane Graber) - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (Giacomo Guiduzzi) - ALSA: cmipci: Restore aux vol on suspend/resume (Jonathan Teh) - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (Lars-Peter Clausen) - ALSA: pcm: Add stream lock during PCM reset ioctl operations (Takashi Iwai) - llc: fix netdevice reference leaks in llc_ui_bind() (Eric Dumazet) - thermal: int340x: fix memory leak in int3400_notify() (Chuansheng Liu) - staging: fbtft: fb_st7789v: reset display before initialization (Oliver Graute) - tpm: Fix error handling in async work (Tadeusz Struk) - net: ipv6: fix skb_over_panic in __ip6_append_data (Tadeusz Struk) - nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION (Jordy Zomer) - nfsd: Containerise filecache laundrette (Trond Myklebust) - nfsd: cleanup nfsd_file_lru_dispose() (Trond Myklebust) - LTS tag: v5.4.187 (Sherry Yang) - Revert 'selftests/bpf: Add test for bpf_timer overwriting crash' (Greg Kroah-Hartman) - perf symbols: Fix symbol size calculation condition (Michael Petlan) - Input: aiptek - properly check endpoint type (Pavel Skripkin) - usb: usbtmc: Fix bug in pipe direction for control transfers (Alan Stern) - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (Alan Stern) - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (Dan Carpenter) - arm64: fix clang warning about TRAMP_VALIAS (Arnd Bergmann) - net: dsa: Add missing of_node_put() in dsa_port_parse_of (Miaoqian Lin) - net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() (Nicolas Dichtel) - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (Marek Vasut) - hv_netvsc: Add check for kvmalloc_array (Jiasheng Jiang) - atm: eni: Add check for dma_map_single (Jiasheng Jiang) - net/packet: fix slab-out-of-bounds access in packet_recvmsg() (Eric Dumazet) - net: phy: marvell: Fix invalid comparison in the resume and suspend functions (Kurt Cancemi) - efi: fix return value of __setup handlers (Randy Dunlap) - ocfs2: fix crash when initialize filecheck kobj fails (Joseph Qi) - crypto: qcom-rng - ensure buffer for generate is completely filled (Brian Masney) - LTS tag: v5.4.186 (Sherry Yang) - fixup for 'arm64 entry: Add macro for reading symbol address from the trampoline' (James Morse) - kselftest/vm: fix tests build with old libc (Chengming Zhou) - sfc: extend the locking on mcdi->seqno (Niels Dossche) - tcp: make tcp_read_sock() more robust (Eric Dumazet) - nl80211: Update bss channel on channel switch for P2P_CLIENT (Sreeramya Soratkal) - drm/vrr: Set VRR capable prop only if it is attached to connector (Manasi Navare) - iwlwifi: don't advertise TWT support (Golan Ben Ami) - atm: firestream: check the return value of ioremap() in fs_init() (Jia-Ju Bai) - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (Lad Prabhakar) - ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE (Julian Braha) - MIPS: smp: fill in sibling and core maps earlier (Alexander Lobakin) - mac80211: refuse aggregations sessions before authorized (Johannes Berg) - ARM: dts: rockchip: fix a typo on rk3288 crypto-controller (Corentin Labbe) - ARM: dts: rockchip: reorder rk322x hmdi clocks (Sascha Hauer) - arm64: dts: agilex: use the compatible 'intel,socfpga-agilex-hsotg' (Dinh Nguyen) - arm64: dts: rockchip: reorder rk3399 hdmi clocks (Sascha Hauer) - arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity (Jakob Unterwurzacher) - xfrm: Fix xfrm migrate issues when address family changes (Yan Yan) - xfrm: Check if_id in xfrm_migrate (Yan Yan) - sctp: fix the processing for INIT chunk (Xin Long) - Revert 'xfrm: state and policy should fail if XFRMA_IF_ID 0' (Kai Lueke) - LTS tag: v5.4.185 (Sherry Yang) - ext4: add check to prevent attempting to resize an fs with sparse_super2 (Josh Triplett) - ARM: fix Thumb2 regression with Spectre BHB (Russell King (Oracle)) - virtio: acknowledge all features before access (Michael S. Tsirkin) - virtio: unexport virtio_finalize_features (Michael S. Tsirkin) - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (Pali Rohar) - riscv: Fix auipc+jalr relocation range checks (Emil Renner Berthing) - mmc: meson: Fix usage of meson_mmc_post_req() (Rong Chen) - net: macb: Fix lost RX packet wakeup race in NAPI receive (Robert Hancock) - staging: gdm724x: fix use after free in gdm_lte_rx() (Dan Carpenter) - fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) - ARM: Spectre-BHB: provide empty stub for non-config (Randy Dunlap) - selftests/memfd: clean up mapping in mfd_fail_write (Mike Kravetz) - selftest/vm: fix map_fixed_noreplace test failure (Aneesh Kumar K.V) - tracing: Ensure trace buffer is at least 4096 bytes large (Sven Schnelle) - ipv6: prevent a possible race condition with lifetimes (Niels Dossche) - Revert 'xen-netback: Check for hotplug-status existence before watching' (Marek Marczykowski-Gorecki) - Revert 'xen-netback: remove 'hotplug-status' once it has served its purpose' (Marek Marczykowski-Gorecki) - net-sysfs: add check for netdevice being present to speed_show (suresh kumar) - selftests/bpf: Add test for bpf_timer overwriting crash (Kumar Kartikeya Dwivedi) - net: bcmgenet: Don't claim WOL when its not available (Jeremy Linton) - sctp: fix kernel-infoleak for SCTP sockets (Eric Dumazet) - net: phy: DP83822: clear MISR2 register to disable interrupts (Clement Leger) - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (Miaoqian Lin) - gpio: ts4900: Do not set DAT and OE together (Mark Featherston) - selftests: pmtu.sh: Kill tcpdump processes launched by subshell. (Guillaume Nault) - NFC: port100: fix use-after-free in port100_send_complete (Pavel Skripkin) - net/mlx5: Fix a race on command flush flow (Moshe Shemesh) - net/mlx5: Fix size field in bufferx_reg struct (Mohammad Kabat) - ax25: Fix NULL pointer dereference in ax25_kill_by_device (Duoming Zhou) - net: ethernet: lpc_eth: Handle error for clk_enable (Jiasheng Jiang) - net: ethernet: ti: cpts: Handle error for clk_enable (Jiasheng Jiang) - ethernet: Fix error handling in xemaclite_of_probe (Miaoqian Lin) - ARM: dts: aspeed: Fix AST2600 quad spi group (Joel Stanley) - drm/sun4i: mixer: Fix P010 and P210 format numbers (Jernej Skrabec) - qed: return status of qed_iov_get_link (Tom Rix) - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (Jia-Ju Bai) - virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (Xie Yongji) - arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias (Pali Rohar) - clk: qcom: gdsc: Add support to update GDSC transition delay (Taniya Das) - LTS tag: v5.4.184 (Sherry Yang) - Revert 'ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE' (Greg Kroah-Hartman) - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (Juergen Gross) {CVE-2022-23042} - xen/gnttab: fix gnttab_end_foreign_access() without page specified (Juergen Gross) {CVE-2022-23041} - xen/pvcalls: use alloc/free_pages_exact() (Juergen Gross) {CVE-2022-23041} - xen/9p: use alloc/free_pages_exact() (Juergen Gross) {CVE-2022-23041} - xen: remove gnttab_query_foreign_access() (Juergen Gross) - xen/gntalloc: don't use gnttab_query_foreign_access() (Juergen Gross) {CVE-2022-23039} - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (Juergen Gross) {CVE-2022-23038} - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (Juergen Gross) {CVE-2022-23037} - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (Juergen Gross) {CVE-2022-23036} - xen/grant-table: add gnttab_try_end_foreign_access() (Juergen Gross) {CVE-2022-23036} {CVE-2022-23038} - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (Juergen Gross) {CVE-2022-23040} - ARM: fix build warning in proc-v7-bugs.c (Russell King (Oracle)) - ARM: Do not use NOCROSSREFS directive with ld.lld (Nathan Chancellor) - ARM: fix co-processor register typo (Russell King (Oracle)) - ARM: fix build error when BPF_SYSCALL is disabled (Emmanuel Gil Peyrot) - ARM: include unprivileged BPF status in Spectre V2 reporting (Russell King (Oracle)) - ARM: Spectre-BHB workaround (Russell King (Oracle)) - ARM: use LOADADDR() to get load address of sections (Russell King (Oracle)) - ARM: early traps initialisation (Russell King (Oracle)) - ARM: report Spectre v2 status through sysfs (Russell King (Oracle)) - arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit() (Mark Rutland) - arm/arm64: Provide a wrapper for SMCCC 1.1 calls (Steven Price) - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (Josh Poimboeuf) - x86/speculation: Warn about Spectre v2 LFENCE mitigation (Josh Poimboeuf) - LTS tag: v5.4.183 (Sherry Yang) - hamradio: fix macro redefine warning (Huang Pei) - net: dcb: disable softirqs in dcbnl_flush_dev() (Vladimir Oltean) - Revert 'xfrm: xfrm_state_mtu should return at least 1280 for ipv6' (Jiri Bohac) - btrfs: add missing run of delayed items after unlink during log replay (Filipe Manana) - btrfs: qgroup: fix deadlock between rescan worker and remove qgroup (Sidong Yang) - btrfs: fix lost prealloc extents beyond eof after full fsync (Filipe Manana) - tracing: Fix return value of __setup handlers (Randy Dunlap) - tracing/histogram: Fix sorting on old 'cpu' value (Steven Rostedt (Google)) - HID: add mapping for KEY_ALL_APPLICATIONS (William Mahon) - HID: add mapping for KEY_DICTATE (William Mahon) - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (Hans de Goede) - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (Hans de Goede) - nl80211: Handle nla_memdup failures in handle_nan_filter (Jiasheng Jiang) - net: chelsio: cxgb3: check the return value of pci_find_capability() (Jia-Ju Bai) - soc: fsl: qe: Check of ioremap return value (Jiasheng Jiang) - memfd: fix F_SEAL_WRITE after shmem huge page allocated (Hugh Dickins) - ibmvnic: free reset-work-item when flushing (Sukadev Bhattiprolu) - igc: igc_write_phy_reg_gpy: drop premature return (Sasha Neftin) - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (Randy Dunlap) - ARM: Fix kgdb breakpoint for Thumb2 (Russell King (Oracle)) - igc: igc_read_phy_reg_gpy: drop premature return (Corinna Vinschen) - arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (Brian Norris) - can: gs_usb: change active_channels's type from atomic_t to u8 (Vincent Mailhol) - ASoC: cs4265: Fix the duplicated control name (Fabio Estevam) - firmware: arm_scmi: Remove space in MODULE_ALIAS name (Alyssa Ross) - efivars: Respect 'block' flag in efivar_entry_set_safe() (Jann Horn) - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (Maciej Fijalkowski) - net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() (Zheyu Ma) - net: sxgbe: fix return value of __setup handler (Randy Dunlap) - iavf: Fix missing check for running netdev (Slawomir Laba) - net: stmmac: fix return value of __setup handler (Randy Dunlap) - mac80211: fix forwarded mesh frames AC & queue selection (Nicolas Escande) - ia64: ensure proper NUMA distance and possible map initialization (Valentin Schneider) - sched/topology: Fix sched_domain_topology_level alloc in sched_init_numa() (Dietmar Eggemann) - sched/topology: Make sched_init_numa() use a set for the deduplicating sort (Valentin Schneider) - xen/netfront: destroy queues before real_num_tx_queues is zeroed (Marek Marczykowski-Gorecki) - block: Fix fsync always failed if once failed (Ye Bin) - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server (D. Wythe) - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client (D. Wythe) - net: dcb: flush lingering app table entries for unregistered devices (Vladimir Oltean) - batman-adv: Don't expect inter-netns unique iflink indices (Sven Eckelmann) - batman-adv: Request iflink once in batadv_get_real_netdevice (Sven Eckelmann) - batman-adv: Request iflink once in batadv-on-batadv check (Sven Eckelmann) - netfilter: nf_queue: fix possible use-after-free (Florian Westphal) - netfilter: nf_queue: don't assume sk is full socket (Florian Westphal) - xfrm: enforce validity of offload input flags (Leon Romanovsky) - xfrm: fix the if_id check in changelink (Antony Antony) - netfilter: fix use-after-free in __nf_register_net_hook() (Eric Dumazet) - xfrm: fix MTU regression (Jiri Bohac) - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (Marek Vasut) - ALSA: intel_hdmi: Fix reference to PCM buffer address (Zhen Ni) - ata: pata_hpt37x: fix PCI clock detection (Sergey Shtylyov) - usb: gadget: clear related members when goto fail (Hangyu Hua) - usb: gadget: don't release an existing dev->buf (Hangyu Hua) - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (Daniele Palmas) - i2c: qup: allow COMPILE_TEST (Wolfram Sang) - i2c: cadence: allow COMPILE_TEST (Wolfram Sang) - dmaengine: shdma: Fix runtime PM imbalance on error (Yongzhi Liu) - cifs: fix double free race when mount fails in cifs_get_root() (Ronnie Sahlberg) - Input: clear BTN_RIGHT/MIDDLE on buttonpads (Jose Exposito) - ASoC: rt5682: do not block workqueue if card is unbound (Kai Vehmanen) - ASoC: rt5668: do not block workqueue if card is unbound (Kai Vehmanen) - i2c: bcm2835: Avoid clock stretching timeouts (Eric Anholt) - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (JaeMan Park) - mac80211_hwsim: report NOACK frames in tx_status (Benjamin Beichler) - LTS tag: v5.4.182 (Sherry Yang) - fget: clarify and improve __fget_files() implementation (Linus Torvalds) - memblock: use kfree() to release kmalloced memblock regions (Miaohe Lin) - Revert 'drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR' (Karol Herbst) - gpio: tegra186: Fix chip_data type confusion (Marc Zyngier) - tty: n_gsm: fix NULL pointer access due to DLCI release (daniel.starke@siemens.com) - tty: n_gsm: fix proper link termination after failed open (daniel.starke@siemens.com) - tty: n_gsm: fix encoding of control signal octet bit DV (daniel.starke@siemens.com) - xhci: Prevent futile URB re-submissions due to incorrect return value. (Hongyu Xie) - xhci: re-initialize the HC during resume if HCE was set (Puma Hsu) - usb: dwc3: gadget: Let the interrupt handler disable bottom halves. (Sebastian Andrzej Siewior) - usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (Hans de Goede) - USB: serial: option: add Telit LE910R1 compositions (Daniele Palmas) - USB: serial: option: add support for DW5829e (Slark Xiao) - tracefs: Set the group ownership in apply_options() not parse_options() (Steven Rostedt (Google)) - USB: gadget: validate endpoint index for xilinx udc (Szymon Heidrich) - usb: gadget: rndis: add spinlock for rndis response list (Daehwan Jung) - Revert 'USB: serial: ch341: add new Product ID for CH341A' (Dmytro Bagrii) - ata: pata_hpt37x: disable primary channel on HPT371 (Sergey Shtylyov) - iio: Fix error handling for PM (Miaoqian Lin) - iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits (Cosmin Tanislav) - iio: adc: men_z188_adc: Fix a resource leak in an error handling path (Christophe JAILLET) - tracing: Have traceon and traceoff trigger honor the instance (Steven Rostedt (Google)) - RDMA/ib_srp: Fix a deadlock (Bart Van Assche) - configfs: fix a race in configfs_{,un}register_subsystem() (ChenXiaoSong) - spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (Zhou Qingyang) - net/mlx5: Fix wrong limitation of metadata match on ecpf (Ariel Levkovich) - net/mlx5: Fix possible deadlock on rule deletion (Maor Gottlieb) - netfilter: nf_tables: fix memory leak during stateful obj update (Florian Westphal) - nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (Christophe JAILLET) - net: Force inlining of checksum functions in net/checksum.h (Christophe Leroy) - net: ll_temac: check the return value of devm_kmalloc() (Xiaoke Wang) - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman) - drm/edid: Always set RGB444 (Maxime Ripard) - openvswitch: Fix setting ipv6 fields causing hw csum failure (Paul Blakey) - gso: do not skip outer ip header in case of ipip and net_failover (Tao Liu) - tipc: Fix end of loop tests for list_for_each_entry() (Dan Carpenter) - net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends (Eric Dumazet) - bpf: Do not try bpf_msg_push_data with len 0 (Felix Maurer) - perf data: Fix double free in perf_session__delete() (Alexey Bayduraev) - ping: remove pr_err from ping_lookup (Xin Long) - lan743x: fix deadlock in lan743x_phy_link_status_change() (Heiner Kallweit) - optee: use driver internal tee_context for some rpc (Jens Wiklander) - tee: export teedev_open() and teedev_close_context() (Jens Wiklander) - x86/fpu: Correct pkru/xstate inconsistency (Brian Geffon) - USB: zaurus: support another broken Zaurus (Oliver Neukum) - drm/amdgpu: disable MMHUB PG for Picasso (Evan Quan) - parisc/unaligned: Fix ldw() and stw() unalignment handlers (Helge Deller) - parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel (Helge Deller) - vhost/vsock: don't check owner in vhost_vsock_stop() while releasing (Stefano Garzarella) - clk: jz4725b: fix mmc0 clock gating (Siarhei Volkau) - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug (Zhang Qiao) - LTS tag: v5.4.181 (Sherry Yang) - kconfig: fix failing to generate auto.conf (Jing Leng) - net: macb: Align the dma and coherent dma masks (Marc St-Amand) - net: usb: qmi_wwan: Add support for Dell DW5829e (Slark Xiao) - tracing: Fix tp_printk option related with tp_printk_stop_on_boot (JaeSang Yoo) - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (Sascha Hauer) - ata: libata-core: Disable TRIM on M88V29 (Zoltan Boszormenyi) - kconfig: let 'shell' return enough output for deep path names (Brenda Streiff) - arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610 (Christian Hewitt) - arm64: dts: meson-g12: add ATF BL32 reserved-memory region (Christian Hewitt) - arm64: dts: meson-gx: add ATF BL32 reserved-memory region (Christian Hewitt) - netfilter: conntrack: don't refresh sctp entries in closed state (Florian Westphal) - irqchip/sifive-plic: Add missing thead,c900-plic match string (Guo Ren) - ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of (Ye Guojin) - ARM: OMAP2+: hwmod: Add of_node_put() before break (Wan Jiabing) - KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW (Jim Mattson) - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (Miaoqian Lin) - i2c: brcmstb: fix support for DSL and CM variants (Rafal Milecki) - copy_process(): Move fd_install() out of sighand->siglock critical section (Waiman Long) - dmaengine: sh: rcar-dmac: Check for error num after setting mask (Jiasheng Jiang) - net: sched: limit TC_ACT_REPEAT loops (Eric Dumazet) - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (Eliav Farber) - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (James Smart) - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (david regan) - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (Bryan O'Donoghue) - NFS: Do not report writeback errors in nfs_getattr() (Trond Myklebust) - NFS: LOOKUP_DIRECTORY is also ok with symlinks (Trond Myklebust) - block/wbt: fix negative inflight counter when remove scsi device (Laibin Qiu) - mtd: rawnand: gpmi: don't leak PM reference in error path (Christian Eggers) - powerpc/lib/sstep: fix 'ptesync' build error (Anders Roxell) - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (Mark Brown) - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (Mark Brown) - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (Takashi Iwai) - ALSA: hda: Fix regression on forced probe mask option (Takashi Iwai) - libsubcmd: Fix use-after-free for realloc(..., 0) (Kees Cook) - bonding: fix data-races around agg_select_timer (Eric Dumazet) - drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit (Eric Dumazet) - bonding: force carrier update when releasing slave (Zhang Changzhong) - ping: fix the dif and sdif check in ping_lookup (Xin Long) - net: ieee802154: ca8210: Fix lifs/sifs periods (Miquel Raynal) - net: dsa: lan9303: fix reset on probe (Mans Rullgard) - netfilter: nft_synproxy: unregister hooks on init error path (Pablo Neira Ayuso) - iwlwifi: pcie: gen2: fix locking when 'HW not ready' (Johannes Berg) - iwlwifi: pcie: fix locking when 'HW not ready' (Johannes Berg) - mmc: block: fix read single on recovery logic (Christian Lohle) - vsock: remove vsock from connected table when connect is interrupted by a signal (Seth Forshee) - dmaengine: at_xdmac: Start transfer for cyclic channels in issue_pending (Tudor Ambarus) - taskstats: Cleanup the use of task->exit_code (Eric W. Biederman) - ext4: prevent partial update of the extent blocks (Zhang Yi) - ext4: check for inconsistent extents between index and leaf block (Zhang Yi) - ext4: check for out-of-order index extents in ext4_valid_extent_entries() (Zhang Yi) - drm/radeon: Fix backlight control on iMac 12,1 (Nicholas Bishop) - iwlwifi: fix use-after-free (Johannes Berg) - arm64: module/ftrace: intialize PLT at load time (Mark Rutland) - arm64: module: rework special section handling (Mark Rutland) - module/ftrace: handle patchable-function-entry (Mark Rutland) - ftrace: add ftrace_init_nop() (Mark Rutland) - Revert 'module, async: async_synchronize_full() on module init iff async is used' (Igor Pylypiv) - drm/amdgpu: fix logic inversion in check (Christian Konig) - nvme-rdma: fix possible use-after-free in transport error_recovery work (Sagi Grimberg) - nvme-tcp: fix possible use-after-free in transport error_recovery work (Sagi Grimberg) - nvme: fix a possible use-after-free in controller reset during load (Sagi Grimberg) - quota: make dquot_quota_sync return errors from ->sync_fs (Darrick J. Wong) - vfs: make freeze_super abort when sync_filesystem returns error (Darrick J. Wong) - ax25: improve the incomplete fix to avoid UAF and NPD bugs (Duoming Zhou) - selftests/zram: Adapt the situation that /dev/zram0 is being used (Yang Xu) - selftests/zram01.sh: Fix compression ratio calculation (Yang Xu) - selftests/zram: Skip max_comp_streams interface on newer kernel (Yang Xu) - net: ieee802154: at86rf230: Stop leaking skb's (Miquel Raynal) - selftests: rtc: Increase test timeout so that all tests run (Nicolas F. R. A. Prado) - platform/x86: ISST: Fix possible circular locking dependency detected (Srinivas Pandruvada) - btrfs: send: in case of IO error log it (Davis Mosans) - parisc: Fix sglist access in ccio-dma.c (John David Anglin) - parisc: Fix data TLB miss in sba_unmap_sg (John David Anglin) - parisc: Drop __init from map_pages declaration (John David Anglin) - serial: parisc: GSC: fix build when IOSAPIC is not set (Randy Dunlap) - Revert 'svm: Add warning message for AVIC IPI invalid target' (Sean Christopherson) - HID:Add support for UGTABLET WP5540 (Sergio Costas) - Makefile.extrawarn: Move -Wunaligned-access to W=1 (Nathan Chancellor) - LTS tag: v5.4.180 (Sherry Yang) - ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE (Rafael J. Wysocki) - perf: Fix list corruption in perf_cgroup_switch() (Song Liu) - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (James Smart) - hwmon: (dell-smm) Speed up setting of fan speed (Armin Wolf) - seccomp: Invalidate seccomp mode to catch death failures (Kees Cook) - USB: serial: cp210x: add CPI Bulk Coin Recycler id (Johan Hovold) - USB: serial: cp210x: add NCR Retail IO box id (Johan Hovold) - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (Stephan Brunner) - USB: serial: option: add ZTE MF286D modem (Pawel Dembicki) - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (Cameron Williams) - usb: gadget: f_uac2: Define specific wTerminalType (Pavel Hofman) - usb: gadget: rndis: check size of RNDIS_MSG_SET command (Greg Kroah-Hartman) - USB: gadget: validate interface OS descriptor requests (Szymon Heidrich) - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (Adam Ford) - usb: dwc3: gadget: Prevent core from processing stale TRBs (Udipto Goswami) - usb: ulpi: Call of_node_put correctly (Sean Anderson) - usb: ulpi: Move of_node_put to ulpi_dev_release (Sean Anderson) - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (Jann Horn) - eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX (Jonas Malaco) - n_tty: wake up poll(POLLRDNORM) on receiving data (TATSUKAWA KOSUKE - vt_ioctl: add array_index_nospec to VT_ACTIVATE (Jakob Koschel) - vt_ioctl: fix array_index_nospec in vt_setactivate (Jakob Koschel) - net: amd-xgbe: disable interrupts during pci removal (Raju Rangoju) - tipc: rate limit warning for received illegal binding update (Jon Maloy) - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (Joel Stanley) - veth: fix races around rq->rx_notify_masked (Eric Dumazet) - net: fix a memleak when uncloning an skb dst and its metadata (Antoine Tenart) - net: do not keep the dst cache when uncloning an skb dst and its metadata (Antoine Tenart) - nfp: flower: fix ida_idx not being released (Louis Peens) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-4197 CVE-2022-23041 CVE-2022-1353 CVE-2022-1048 CVE-2022-23040 CVE-2022-23042 CVE-2022-23037 CVE-2022-23036 CVE-2022-23038 CVE-2022-23039 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.308.9] - x86/speculation/mmio: Fix late microcode loading (Patrick Colp) [Orabug: 34276099] [5.4.17-2136.308.8] - Add debugfs for controlling MMIO state data (Kanth Ghatraju) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - KVM: x86/speculation: Disable Fill buffer clear within guests (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - x86/speculation/srbds: Update SRBDS mitigation selection (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - x86/speculation: Add a common function for MD_CLEAR mitigation update (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - Documentation: Add documentation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21123 CVE-2022-21127 CVE-2022-21166 CVE-2022-21125 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 [4.14.35-2047.514.5.el7] - x86/speculation/mmio: Fix late microcode loading (Patrick Colp) [Orabug: 34275786] [4.14.35-2047.514.4.el7] - Add debugfs for controlling MMIO state data (Kanth Ghatraju) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - KVM: x86/speculation: Disable Fill buffer clear within guests (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/speculation/srbds: Update SRBDS mitigation selection (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/speculation: Add a common function for MD_CLEAR mitigation update (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - Documentation: Add documentation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/speculation: Fix redundant MDS mitigation message (Waiman Long) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 7 [4.14.35-2047.514.5] - x86/speculation/mmio: Fix late microcode loading (Patrick Colp) [Orabug: 34275786] [4.14.35-2047.514.4] - Add debugfs for controlling MMIO state data (Kanth Ghatraju) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - KVM: x86/speculation: Disable Fill buffer clear within guests (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/speculation/srbds: Update SRBDS mitigation selection (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/speculation: Add a common function for MD_CLEAR mitigation update (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - Documentation: Add documentation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/speculation: Fix redundant MDS mitigation message (Waiman Long) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21123 CVE-2022-21166 CVE-2022-21125 CVE-2022-21127 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [4:20220207-1.0.3] - update 06-55-04 to 0x2006d05 - update 06-55-07 to 0x5003302 - update 06-6a-04 to 0xb000280 - update 06-6a-06 to 0xd000375 [4:20220207-1.0.2] - roll back 06-6a-06 to 0xd0002a0 due to PCIe issues on reset [Orabug: 34076995] [4:20220207-1.0.1] - add support for UEK6 and UEK7 kernels - enable early update for 06-4f-01 - remove no longer appropriate caveats for 06-2d-07 and 06-55-04 - enable early and late load on RHCK [4:20220207-1] - Update Intel CPU microcode to microcode-20220207 release: - Fixes in releasenote.md file. [4:20220204-1] - Update Intel CPU microcode to microcode-20220204 release, addresses CVE-2021-0127, CVE-2021-0145, and CVE-2021-33120 (#1971906, #2049543, - Removal of 06-86-04/0x01 (SNR B0) microcode at revision 0xb00000f; - Removal of 06-86-05/0x01 (SNR B1) microcode (in intel-ucode/06-86-04) at revision 0xb00000f; - Removal of 06-86-04/0x01 (SNR B0) microcode (in intel-ucode/06-86-05) at revision 0xb00000f; - Removal of 06-86-05/0x01 (SNR B1) microcode at revision 0xb00000f; - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xea up to 0xec; - Update of 06-4f-01/0xef (BDX-E/EP/EX/ML B0/M0/R0) microcode (in intel-06-4f-01/intel-ucode/06-4f-01) from revision 0xb00003e up to 0xb000040; - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006b06 up to 0x2006c0a; - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xea up to 0xec; - Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in intel-06-8c-01/intel-ucode/06-8c-01) from revision 0x88 up to 0x9a; - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xea up to 0xec; - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xea up to 0xec; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xea up to 0xec; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xea up to 0xec; - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from revision 0xea up to 0xec; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xea up to 0xec; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xea up to 0xec; - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xea up to 0xec; - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xea up to 0xec; - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xea up to 0xec; - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode from revision 0x46 up to 0x49; - Update of 06-3f-04/0x80 (HSX-EX E0) microcode from revision 0x19 up to 0x1a; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x100015b up to 0x100015c; - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4003102 up to 0x400320a; - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x5003102 up to 0x500320a; - Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002302 up to 0x7002402; - Update of 06-56-03/0x10 (BDX-DE V2/V3) microcode from revision 0x700001b up to 0x700001c; - Update of 06-56-04/0x10 (BDX-DE Y0) microcode from revision 0xf000019 up to 0xf00001a; - Update of 06-56-05/0x10 (BDX-NS A0/A1, HWL A1) microcode from revision 0xe000012 up to 0xe000014; - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x44 up to 0x46; - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x20 up to 0x24; - Update of 06-5f-01/0x01 (DNV B0) microcode from revision 0x34 up to 0x36; - Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd0002a0 up to 0xd000331; - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x36 up to 0x38; - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x1a up to 0x1c; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xa6 up to 0xa8; - Update of 06-8a-01/0x10 (LKF B2/B3) microcode from revision 0x2a up to 0x2d; - Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x16 up to 0x22; - Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x2c up to 0x3c; - Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x11 up to 0x15; - Update of 06-9c-00/0x01 (JSL A0/A1) microcode from revision 0x1d up to 0x2400001f; - Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xea up to 0xec; - Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xea up to 0xec; - Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xec up to 0xee; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xe8 up to 0xea; - Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision 0xea up to 0xec; - Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x40 up to 0x50. IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21123 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest Oracle Linux 7 [2:2.1-73.13.0.3] - update 06-55-04 to 0x2006d05 - update 06-55-07 to 0x5003302 - update 06-6a-04 to 0xb000280 - update 06-6a-06 to 0xd000375 [2:2.1-73.13.0.2] - roll back 06-6a-06 to 0xd0002a0 due to PCIe issues on reset [Orabug: 34076312] [2:2.1-73.13.0.1] - for Intel, do not trigger load if on-disk microcode is not an update [Orabug: 30634727] - set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618736] - ensure late loading fixes are present on 4.1.12-* and 4.14.35-* - enable early and late load for 5.4.17-* - enable early loading for 06-4f-01 caveat - remove no longer appropriate caveats for 06-2d-07 and 06-55-04 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21125 CVE-2022-21127 CVE-2022-21123 CVE-2022-21166 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.308.9] - x86/speculation/mmio: Fix late microcode loading (Patrick Colp) [Orabug: 34276099] [5.4.17-2136.308.8] - Add debugfs for controlling MMIO state data (Kanth Ghatraju) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - KVM: x86/speculation: Disable Fill buffer clear within guests (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/speculation/srbds: Update SRBDS mitigation selection (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/speculation: Add a common function for MD_CLEAR mitigation update (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - Documentation: Add documentation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21166 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 [1.5.3-1] - Address qemu CVE-2022-26353, CVE-2021-3748 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-3748 CVE-2022-26353 cpe:/a:oracle:linux:7::olcne15 Oracle Linux 7 [1.4.5-1] - Address qemu CVE-2022-26353, CVE-2021-3748 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-26353 CVE-2021-3748 cpe:/a:oracle:linux:7::olcne14 Oracle Linux 8 [1.5.3-1] - Address qemu CVE-2022-26353, CVE-2021-3748 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-3748 CVE-2022-26353 cpe:/a:oracle:linux:8::olcne15 Oracle Linux 8 [1.4.5-1] - Address qemu CVE-2022-26353, CVE-2021-3748 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-3748 CVE-2022-26353 cpe:/a:oracle:linux:8::olcne14 Oracle Linux 7 [3.10.0-1160.66.1.0.2.el7] - debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21499 cpe:/a:oracle:linux:7::MODRHCK Oracle Linux 8 [4.18.0-372.9.1.0.2.el8.OL8] - debug: lockdown kgdb [Orabug: 34270802] {CVE-2022-21499} [4.18.0-372.9.1.0.1.el8.OL8] - mei: me: disable driver on the ign firmware (Alexander Usyskin) [Orabug: 34176425] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21499 cpe:/a:oracle:linux:8::MODRHCK Oracle Linux 7 [2:2.1-73.13.0.5] - ensure UEK also rebuilds initramfs [Orabug: 34280052] [2:2.1-73.13.0.3] - update 06-55-04 to 0x2006d05 - update 06-55-07 to 0x5003302 - update 06-6a-04 to 0xb000280 - update 06-6a-06 to 0xd000375 [2:2.1-73.13.0.2] - roll back 06-6a-06 to 0xd0002a0 due to PCIe issues on reset [Orabug: 34076312] [2:2.1-73.13.0.1] - for Intel, do not trigger load if on-disk microcode is not an update [Orabug: 30634727] - set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618736] - ensure late loading fixes are present on 4.1.12-* and 4.14.35-* - enable early and late load for 5.4.17-* - enable early loading for 06-4f-01 caveat - remove no longer appropriate caveats for 06-2d-07 and 06-55-04 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21123 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [4:20220207-1.0.4] - ensure UEK also rebuilds initramfs [Orabug: 34280058] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21123 CVE-2022-21127 CVE-2022-21125 CVE-2022-21166 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest Oracle Linux 9 [0.11.1-10.el9_0.1] - Updated bundled rubygems: sinatra, rack-protection - Resolves: rhbz#2081333 [0.11.1-10] - Fixed snmp client - Fixed translating resource roles in colocation constraint - Resolves: rhbz#2048640 [0.11.1-9] - Fixed cluster destroy in web ui - Fixed covscan issue in web ui - Resolves: rhbz#2044409 [0.11.1-8] - Fixed 'pcs resource move' command - Fixed removing of unavailable fence-scsi storage device - Fixed ocf validation of ocf linbit drdb agent - Fixed creating empty cib - Updated pcs-web-ui - Resolves: rhbz#1990787 rhbz#2033248 rhbz#2039883 rhbz#2040420 [0.11.1-7] - Fixed enabling corosync-qdevice - Fixed resource update command when unable to get agent metadata - Fixed revert of disallowing to clone a group with a stonith - Resolves: rhbz#1811072 rhbz#2019836 rhbz#2032473 [0.11.1-6] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs web ui - Resolves: rhbz#1990787 rhbz#1997019 rhbz#2012129 rhbz#2024542 rhbz#2027678 rhbz#2027679 [0.11.1-5] - Rebased to latest upstream sources (see CHANGELOG.md) - Resolves: rhbz#1990787 rhbz#2018969 rhbz#2019836 rhbz#2023752 rhbz#2012129 [0.11.1-4] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs web ui - Enabled wui patching - Resolves: rhbz#1811072 rhbz#1945305 rhbz#1997019 rhbz#2012129 [0.11.1-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Resolves: rhbz#1283805 rhbz#1910644 rhbz#1910645 rhbz#1956703 rhbz#1956706 rhbz#1985981 rhbz#1991957 rhbz#1996062 rhbz#1996067 [0.11.0.alpha.1-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs web ui - Resolves: rhbz#1283805 rhbz#1910644 rhbz#1910645 rhbz#1985981 rhbz#1991957 rhbz#1996067 [0.10.9-2] - Rebuilt for libffi 3.4.2 SONAME transition. Related: rhbz#1891914 [0.10.9-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Resolves: rhbz#1991957 [0.10.8-11] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [0.10.8-10] - Rebased to latest upstream sources (see CHANGELOG.md) - Fixed web-ui build - Fixed tests for pacemaker 2.1 - Resolves: rhbz#1975440 rhbz#1922302 [0.10.8-9] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [0.10.8-8] - Rebuild with fixed gaiting tests - Stopped bundling rubygem-json (use distribution package instead) - Fixed patches - Resolves: rhbz#1881064 [0.10.8-7] - Fixed License tag - Rebuild with fixed dependency for gating tier0 tests - Resolves: rhbz#1881064 [0.10.8-6] - Rebased to latest upstream sources (see CHANGELOG.md) - Removed clufter related commands - Resolves: rhbz#1881064 [0.10.8-5] - Updated pcs web ui node modules - Fixed build issue on low memory build hosts - Resolves: rhbz#1951272 [0.10.8-4] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [0.10.8-3] - Replace pyOpenSSL with python-cryptography - Resolves: rhbz#1927404 [0.10.8-2] - Bundle rubygem depedencies and python3-tornado - Resolves: rhbz#1929710 [0.10.8-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Updated bundled python dependency: dacite - Changed BuildRequires from git to git-core - Added conditional (Build)Requires: rubygem(rexml) - Added conditional Requires: rubygem(webrick) [0.10.7-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [0.10.7-3] - Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_3.0 [0.10.7-2] - Python 3.10 related fix [0.10.7-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Added dependency on python packages pyparsing and dateutil - Fixed virtual bundle provides for ember, handelbars, jquery and jquery-ui - Removed dependency on python3-clufter [0.10.6-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [0.10.6-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Stopped bundling tornado (use distribution package instead) - Stopped bundling rubygem-tilt (use distribution package instead) - Removed rubygem bundling - Removed unneeded BuildRequires: execstack, gcc, gcc-c++ - Excluded some tests for tornado daemon [0.10.5-8] - Use make macros - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro [0.10.5-7] - Use fixed upstream version of dacite with Python 3.9 support - Split upstream tests in gating into tiers [0.10.5-6] - Use patched version of dacite compatible with Python 3.9 - Resolves: rhbz#1838327 [0.10.5-5] - Rebuilt for Python 3.9 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29970 cpe:/a:oracle:linux:9::addons Oracle Linux 8 [5.15.0-0.30.19] - net/mlx4: Increase num_srq in low_mem_profile (Dave Kleikamp) [Orabug: 34052160] [5.15.0-0.30.18] - Revert ocfs2: mount shared volume without ha stack (Junxiao Bi) [Orabug: 33701900] - KVM: x86/speculation: Disable Fill buffer clear within guests (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - x86/speculation/srbds: Update SRBDS mitigation selection (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - x86/speculation: Add a common function for MD_CLEAR mitigation update (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - Documentation: Add documentation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} [5.15.0-0.30.17] - uek-rpm: New shim versions and secureboot certs (Jack Vogel) [Orabug: 34219956] [5.15.0-0.30.16] - perf: Correct the label position in perf_event_open (Jack Vogel) [Orabug: 34172708] [5.15.0-0.30.15] - sched: Fix non-CONFIG_SCHED_CORE build (Boris Ostrovsky) [Orabug: 34228424] [5.15.0-0.30.14] - lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34152698] {CVE-2022-21499} - io_uring: fix race between timeout flush and removal (Jens Axboe) [Orabug: 34115159] {CVE-2022-29582} - kvm/x86: Inherit userspaces core scheduling cookie (Boris Ostrovsky) [Orabug: 34195867] - vhost: Inherit userspaces core scheduling cookie (Boris Ostrovsky) [Orabug: 34195867] - sched: Add interface for copying core scheduling cookie between two tasks (Boris Ostrovsky) [Orabug: 34195867] - KVM: x86: avoid calling x86 emulator without a decoded instruction (Sean Christopherson) [Orabug: 34205798] {CVE-2022-1852} {CVE-2022-1852} - uek-rpm: Added squashfs module to core rpm for kdump (Vijayendra Suman) [Orabug: 34206290] - uek-rpm: Enable CONFIG_SQUASHFS_ZSTD to support zstd compression (Harshit Mogalapalli) [Orabug: 34209438] [5.15.0-0.30.13] - perf: Fix sys_perf_event_open() race against self (Peter Zijlstra) [Orabug: 34172708] {CVE-2022-1729} - uek-rpm: Enable dependencies needed by CONFIG_SND_SOC_INTEL_HDA_DSP_COMMON (Brian Maly) [Orabug: 33711352] [5.15.0-0.30.12] - docs: kdump: Update the crashkernel description for arm64 (Zhen Lei) [Orabug: 34052160] - of: fdt: Add memory for devices by DT property linux,usable-memory-range (Chen Zhou) [Orabug: 34052160] - arm64: kdump: Reimplement crashkernel=X (Chen Zhou) [Orabug: 34052160] - arm64: Use insert_resource() to simplify code (Zhen Lei) [Orabug: 34052160] - kdump: return -ENOENT if required cmdline option does not exist (Zhen Lei) [Orabug: 34052160] - Revert x86: kdump: replace the hard-coded alignment with macro CRASH_ALIGN (Dave Kleikamp) [Orabug: 34052160] - Revert x86: kdump: make the lower bound of crash kernel reservation consistent (Dave Kleikamp) [Orabug: 34052160] - Revert x86: kdump: use macro CRASH_ADDR_LOW_MAX in functions reserve_crashkernel() (Dave Kleikamp) [Orabug: 34052160] - Revert x86: kdump: move xen_pv_domain() check and insert_resource() to setup_arch() (Dave Kleikamp) [Orabug: 34052160] - Revert x86: kdump: move reserve_crashkernel[_low]() into crash_core.c (Dave Kleikamp) [Orabug: 34052160] - Revert x86/elf: Move vmcore_elf_check_arch_cross to arch/x86/include/asm/elf.h (Dave Kleikamp) [Orabug: 34052160] - Revert arm64: kdump: introduce some macroes for crash kernel reservation (Dave Kleikamp) [Orabug: 34052160] - Revert arm64: kdump: reimplement crashkernel=X (Dave Kleikamp) [Orabug: 34052160] - Revert x86, arm64: Add ARCH_WANT_RESERVE_CRASH_KERNEL config (Dave Kleikamp) [Orabug: 34052160] - Revert kdump: update Documentation about crashkernel (Dave Kleikamp) [Orabug: 34052160] - uek-rpm: Add modules required to pass selinux-testsuites to core rpm (Somasundaram Krishnasamy) [Orabug: 34129238] - uek-rpm: configs: enable 9P_FS for x86_64 (Todd Vierling) [Orabug: 34146029] - uek-rpm: Add modules to allow podman tests to run on core kernel. (Somasundaram Krishnasamy) [Orabug: 34123777] [5.15.0-0.30.11] - uek: kabi: Update kABI files and enable the kABI checker (Saeed Mirzamohammadi) [Orabug: 34044324] - Revert rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 34115603] - Revert rds/ib: reap tx completions during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 34115603] - Revert rds/ib: handle posted ACK during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 34115603] [5.15.0-0.30.10] - xfs, iomap: limit individual ioend chain lengths in writeback (Dave Chinner) [Orabug: 34085022] - xfs: only bother with sync_filesystem during readonly remount (Darrick J. Wong) [Orabug: 34085022] - vfs: make sync_filesystem return errors from ->sync_fs (Darrick J. Wong) [Orabug: 34085022] - xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (Darrick J. Wong) [Orabug: 34085022] - xfs: flush inodegc workqueue tasks before cancel (Brian Foster) [Orabug: 34085022] - xfs: prevent UAF in xfs_log_item_in_current_chkpt (Darrick J. Wong) [Orabug: 34085022] - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (Dan Carpenter) [Orabug: 34085022] - xfs: check sb_meta_uuid for dabuf buffer recovery (Dave Chinner) [Orabug: 34085022] - xfs: only run COW extent recovery when there are no live extents (Darrick J. Wong) [Orabug: 34085022] - x86/platform/uv: Log gap hole end size (Mike Travis) [Orabug: 34100359] - x86/platform/uv: Update TSC sync state for UV5 (Mike Travis) [Orabug: 34100359] - x86/platform/uv: Update NMI Handler for UV5 (Mike Travis) [Orabug: 34100359] - perf/x86/intel/uncore: Fix the build on !CONFIG_PHYS_ADDR_T_64BIT (Ingo Molnar) [Orabug: 34100359] - perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (Steve Wahl) [Orabug: 34100359] - net/rds: Delayed DR_SOCK_CANCEL (Gerd Rausch) [Orabug: 34105317] - uek-rpm: Move needed modules to core rpm (Somasundaram Krishnasamy) [Orabug: 34124573] [Orabug: 34130428] [Orabug: 34130346] - af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (Haimin Zhang) [Orabug: 34135342] {CVE-2022-1353} [5.15.0-0.30.9] - uek-rpm: Enable CONFIG_KFENCE (Joe Jin) [Orabug: 34125090] - rds: ib: INFO: trying to register non-static key during rmmod (Freddy Carrillo) [Orabug: 34106050] - uek-rpm: Move few modules to core rpm (Somasundaram Krishnasamy) [Orabug: 34087568] - bpf: Emit bpf_timer in vmlinux BTF (Yonghong Song) [Orabug: 34085523] - selftests/bpf: Define SYS_NANOSLEEP_KPROBE_NAME for aarch64 (Ilya Leoshkevich) [Orabug: 34085523] - KVM: avoid NULL pointer dereference in kvm_dirty_ring_push (Paolo Bonzini) [Orabug: 34048938] {CVE-2022-1263} [5.15.0-0.30.8] - Revert locking/rwsem: Make handoff bit handling more consistent (John Donnelly) [Orabug: 34087272] - Revert locking/rwsem: Always try to wake waiters in out_nolock path (John Donnelly) [Orabug: 34087272] - x86, ctf: fix CTF suppression in the vDSO (Nick Alcock) [Orabug: 34090171] [5.15.0-0.30.7] - uek-rpm: config: Add support for resilient_rdmaip new kernel module (Sudhakar Dindukurti) [Orabug: 27718686] [Orabug: 30777254] [Orabug: 33877197] - resilient_rdmaip: replace inet_ioctl() with devinet_ioctl() (Qing Huang) [Orabug: 33877197] - rdmaip: trace message buffer size too small for rdmaip debug tracepoints (Alan Maguire) [Orabug: 33267573] [Orabug: 33877197] - A/A Bonding: remove use of trace_printk(), replacing with tracepoints (Alan Maguire) [Orabug: 32969529] [Orabug: 33877197] - A/A Bonding: In rdmaip synchronize access to ip_config[].rdmaip_dev (Sharath Srinivasan) [Orabug: 32486193] [Orabug: 33877197] - A/A Bonding: dev_hold/put() the delayed GARP work handlers netdev in rdmaip (Sharath Srinivasan) [Orabug: 33161268] [Orabug: 33877197] - A/A Bonding: Add synchronized bundle failback (Gerd Rausch) [Orabug: 32381881] [Orabug: 33877197] - A/A Bonding: Fix a one-byte-off kmalloc (Hakon Bugge) [Orabug: 32380823] [Orabug: 33877197] - A/A Bonding: Introduce selective interface name inclusion (Hakon Bugge) [Orabug: 32350973] [Orabug: 33877197] - A/A Bonding: Increase number and interval of GARPs sent by rdmaip (Sharath Srinivasan) [Orabug: 32095765] [Orabug: 33877197] - A/A Bonding: No need to call flush rdmaip_wq in rdmaip_cleanup() (Ka-Cheong Poon) [Orabug: 30875610] [Orabug: 33877197] - A/A Bonding: Change debug levels for some debug messages (Sudhakar Dindukurti) [Orabug: 30430839] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: Remove rdmaip_garp_wq work queue (Sudhakar Dindukurti) [Orabug: 30507174] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: rdmaip does not send IPv6 address change notification (Ka-Cheong Poon) [Orabug: 30312121] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: Memory leak in rdmaip_send_gratuitous_arp (Dag Moxnes) [Orabug: 30434319] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: Use correct port when calling ib_query_port (Dag Moxnes) [Orabug: 30433360] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: Validate rdmaip_active_bonding_arps module parameter (Sudhakar Dindukurti) [Orabug: 29822840] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: Flush all the delayed works posted to rdmaip_garps_wq before destroying the workq (Sudhakar Dindukurti) [Orabug: 29822840] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: Rename riif_dlywork to rdmaip_dlywork (Sudhakar Dindukurti) [Orabug: 29822840] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: Rename rdmaip_port_ud_work to rdmaip_dly_work_req (Sudhakar Dindukurti) [Orabug: 29822840] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: Flush all the delayed works posted to rdmaip_wq before destroying the workq (Sudhakar Dindukurti) [Orabug: 29379514] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: Miscellaneous module unload changes (Sudhakar Dindukurti) [Orabug: 29781216] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: Skip sending GARPs when module unload is in progress (Sudhakar Dindukurti) [Orabug: 29781216] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: Port status is not updated correctly for dynamically added netdevs (Sudhakar Dindukurti) [Orabug: 30241187] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: rdmaip_add_new_rdmaip_port() - remove unused port argument (Sudhakar Dindukurti) [Orabug: 30241187] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: rdmaip_inetaddr_unregister() - minor updates (Sudhakar Dindukurti) [Orabug: 30241187] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: Log ip_config details if it fails to find a failover port (Sudhakar Dindukurti) [Orabug: 30213132] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: X8-8 RoCE network re-connect stalls after loss of switch (Sudhakar Dindukurti) [Orabug: 30213132] [Orabug: 30777254] [Orabug: 33877197] - A/A-Bonding: Switch from dma_device to dev.parent (Dag Moxnes) [Orabug: 30149027] [Orabug: 30777254] [Orabug: 33877197] - A/A-Bonding: Increase default net.rdmaip.active_bonding_failback_ms (Sudhakar Dindukurti) [Orabug: 30184200] [Orabug: 30777254] [Orabug: 33877197] - A/A-Bonding: Optimize rdmaip_impl_inetaddr_event() (Sudhakar Dindukurti) [Orabug: 29929934] [Orabug: 30777254] [Orabug: 33877197] - A/A-Bonding: ResilientRDMA does not failback on nodes configured with unused VFs starting in 1902.1.0 (Sudhakar Dindukurti) [Orabug: 29929934] [Orabug: 30777254] [Orabug: 33877197] - Delay IP migration for failback by 10s for NETDEV_CHANGE event (Sudhakar Dindukurti) [Orabug: 29761370] [Orabug: 30777254] [Orabug: 33877197] - RoCE:KVM guest: failover doesnt work if an interface isnt configured (Sudhakar Dindukurti) [Orabug: 29476868] [Orabug: 30777254] [Orabug: 33877197] - Add more debug messages in Resilient RDMAIP (Sudhakar Dindukurti) [Orabug: 29683262] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Fix gratuitous ARP storm (Hakon Bugge) [Orabug: 29629971] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Potential race conditions in the module unload path (Sudhakar Dindukurti) [Orabug: 29301129] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Avoid calling ib_query_gid() by holding the dev_base_lock (Sudhakar Dindukurti) [Orabug: 29350401] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: ib_query_port() sleeping function called in a invalid context (Sudhakar Dindukurti) [Orabug: 29391490] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Sleeping function mutex_lock() called in invalid context (Sudhakar Dindukurti) [Orabug: 29430627] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Name structure fields appropriately (for better readability) (Sudhakar Dindukurti) [Orabug: 29168419] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Add rdmaip_process_async_event() (Sudhakar Dindukurti) [Orabug: 29168346] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Potential race conditions (Sudhakar Dindukurti) [Orabug: 29172556] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: check return value of the rdmaip_init_port (Sudhakar Dindukurti) [Orabug: 29168307] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Optimize rdmaip_event_handler() (Sudhakar Dindukurti) [Orabug: 29168253] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Add new function rdmaip_sched_failover_failback() to sechedule failover/failback (Sudhakar Dindukurti) [Orabug: 29167542] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Skip failover and failback operations during network reconfiguration (Sudhakar Dindukurti) [Orabug: 28946148] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Add new function rdmaip_add_new_rdmaip_port() (Sudhakar Dindukurti) [Orabug: 29167497] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Add rdmaip_update_port_status_all_layers() function (Sudhakar Dindukurti) [Orabug: 29213051] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Add a new function rdmaip_find_port_tstate() to find port transition state (Sudhakar Dindukurti) [Orabug: 29162871] [Orabug: 30777254] [Orabug: 33877197] - Replace alloc_page() with static allocation (Sudhakar Dindukurti) [Orabug: 29162759] [Orabug: 30777254] [Orabug: 33877197] - Log full interface name including label during IPv4 migration (Sudhakar Dindukurti) [Orabug: 29019945] [Orabug: 30777254] [Orabug: 33877197] - A/A : Failover and failback does not work for IP aliases (Sudhakar Dindukurti) [Orabug: 29019964] [Orabug: 30777254] [Orabug: 33877197] - Node crashes when trace buffer is opened (Sudhakar Dindukurti) [Orabug: 28988861] [Orabug: 30777254] [Orabug: 33877197] - module unload: Restore IPs during module unloading (Sudhakar Dindukurti) [Orabug: 27902037] [Orabug: 30777254] [Orabug: 33877197] - Memory leak in rdmaip_device_remove() (Sudhakar Dindukurti) [Orabug: 28496850] [Orabug: 30777254] [Orabug: 33877197] - resilient_rdmaip: Remove unused variable (Sudhakar Dindukurti) [Orabug: 28925778] [Orabug: 30777254] [Orabug: 33877197] - A/A failback does not work in concert with ibacm (Hakon Bugge) [Orabug: 28919144] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: fix returned value not set error (Zhu Yanjun) [Orabug: 28175433] [Orabug: 30777254] [Orabug: 33877197] - IB: RDMAIP: avoid migration to a port that is down (Zhu Yanjun) [Orabug: 28096172] [Orabug: 30777254] [Orabug: 33877197] - IB/rdmaip: Fix bug in failover_group parsing (Hakon Bugge) [Orabug: 28198705] [Orabug: 30777254] [Orabug: 33877197] - GARP Messages should be sent on the same port where IP is bound (Sudhakar Dindukurti) [Orabug: 28085445] [Orabug: 30777254] [Orabug: 33877197] - system panic with active bonding enabled via resilient_rdmaip (Sudhakar Dindukurti) [Orabug: 28073806] [Orabug: 30777254] [Orabug: 33877197] - Resilient RDMAIP should not attempt to failover/failback for the ports in grp 0 (Sudhakar Dindukurti) [Orabug: 28049781] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: ib0 is already part of another failover group (Sudhakar Dindukurti) [Orabug: 27818669] [Orabug: 30777254] [Orabug: 33877197] - Minor typos in resilient_rdmaip parameter description (Sudhakar Dindukurti) [Orabug: 27890256] [Orabug: 30777254] [Orabug: 33877197] - Garbled log messages related to resilient_rdmaip driver (Sudhakar Dindukurti) [Orabug: 27935928] [Orabug: 30777254] [Orabug: 33877197] - Add Resilient RDMAIP module (Sudhakar Dindukurti) [Orabug: 27718676] [Orabug: 30777254] [Orabug: 33877197] - netfilter: conntrack: re-init state for retransmitted syn-ack (Florian Westphal) [Orabug: 34096642] - netfilter: conntrack: move synack init code to helper (Florian Westphal) [Orabug: 34096642] - uek-rpm: Add few more missing modules to core rpm (Somasundaram Krishnasamy) [Orabug: 34095625] - scsi: mpt3sas: Remove scsi_dma_map() error messages (Sreekanth Reddy) [Orabug: 34095621] - IB/cma: Allow XRC INI QPs to set their local ACK timeout (Hakon Bugge) [Orabug: 34094200] - SUNRPC: Do not dereference non-socket transports in sysfs (Trond Myklebust) [Orabug: 34056478] - SUNRPC: lock against ->sock changing during sysfs read (NeilBrown) [Orabug: 34056478] - SUNRPC: Check if the xprt is connected before handling sysfs reads (Anna Schumaker) [Orabug: 34056478] - uek-rpm: Enable CONFIG_FS_VERITY (Victor Erminpour) [Orabug: 34048393] [5.15.0-0.30.6] - uek-rpm: Update kernel-uek-core rpm module list. (Somasundaram Krishnasamy) [Orabug: 34078005] - Revert scsi: core: Register sysfs attributes earlier (John Donnelly) [Orabug: 34087517] - vfio/type1: add ioctl to check for correct pin accounting (Anthony Yznaga) [Orabug: 34049087] - vfio/type1: track pages pinned by vfio across exec (Anthony Yznaga) [Orabug: 34049087] - mm: track driver pinned pages across exec (Anthony Yznaga) [Orabug: 34049087] - mlx5_core: set module param expose_pf_phys_port_name to true (Sharath Srinivasan) [Orabug: 33960521] - uek-rpm: Fix DEFAULTKERNEL for aarch 64k rpms. (Somasundaram Krishnasamy) [Orabug: 33900644] - xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (Dave Chinner) [Orabug: 33705403] [5.15.0-0.30.5] - iov_iter: Introduce nofault flag to disable page faults (Andreas Gruenbacher) [Orabug: 34073754] - gup: Introduce FOLL_NOFAULT flag to disable page faults (Andreas Gruenbacher) [Orabug: 34073754] - scsi: core: Use a structure member to track the SCSI command submitter (Bart Van Assche) [Orabug: 34075214] - uek: kabi: add KABI padding to x86 struct fpu (Eric DeVolder) [Orabug: 34070418] - uek: kabi: add KABI padding to udp and phy sturcts (Qing Huang) [Orabug: 34066357] - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (Dongli Zhang) [Orabug: 34064652] - scsi: core: Register sysfs attributes earlier (Bart Van Assche) [Orabug: 34063798] - uek: kabi: add kABI padding to arch/x86/include/asm/processor.h (Thomas Tai) [Orabug: 34059795] - x86/speculation: Restore speculation related MSRs during S3 resume (Pawan Gupta) [Orabug: 34053699] - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) [Orabug: 34048326] {CVE-2022-28390} - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) [Orabug: 34048287] {CVE-2022-28388} - intel_idle: add core C6 optimization for SPR (Artem Bityutskiy) [Orabug: 34039112] - intel_idle: add preferred_cstates module argument (Artem Bityutskiy) [Orabug: 34039112] - intel_idle: add SPR support (Artem Bityutskiy) [Orabug: 34039112] - uek-rpm: Modify options for CONFIG_VSOCKETS_DIAG=y (Victor Erminpour) [Orabug: 34027701] - uek-rpm: Modify options for CONFIG_TIPC_DIAG=y (Victor Erminpour) [Orabug: 34027701] - uek-rpm: Modify options for CONFIG_INET_SCTP_DIAG=y (Victor Erminpour) [Orabug: 34027701] - uek-rpm: Enable CONFIG_MPTCP (Victor Erminpour) [Orabug: 34027701] - add kernel param to pre-allocate NICs (Brian Maly) [Orabug: 30962711] [Orabug: 34018925] - xfs: punch out data fork delalloc blocks on COW writeback failure (Brian Foster) [Orabug: 33968545] - locking/rwsem: Always try to wake waiters in out_nolock path (Waiman Long) [Orabug: 33698977] [5.15.0-0.30.4] - btrfs: skip reserved bytes warning on unmount after log cleanup failure (Filipe Manana) [Orabug: 33916044] - ALSA: pcm: Fix races among concurrent prealloc proc writes (Takashi Iwai) [Orabug: 34007904] {CVE-2022-1048} - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (Takashi Iwai) [Orabug: 34007904] {CVE-2022-1048} - ALSA: pcm: Fix races among concurrent read/write and buffer changes (Takashi Iwai) [Orabug: 34007904] {CVE-2022-1048} - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (Takashi Iwai) [Orabug: 34007904] {CVE-2022-1048} - mei: me: disable driver on the ign firmware (Alexander Usyskin) [Orabug: 34018911] - uek-rpm: Separate x86_64 kABI checking for OL8/9 (Saeed Mirzamohammadi) [Orabug: 34027988] - rds: ib: Initialize SG table properly (Hakon Bugge) [Orabug: 34031911] - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (Paolo Bonzini) [Orabug: 34034593] {CVE-2022-1158} - Revert rds/ib: recover rds connection from stuck rx path (Rohit Nair) [Orabug: 34039269] [5.15.0-0.30.3] - xfs: dont generate selinux audit messages for capability testing (Darrick J. Wong) [Orabug: 33678769] - rds: Fix incorrect initialization order (Hakon Bugge) [Orabug: 33923371] - turbostat: fix PC6 displaying on some systems (Artem Bityutskiy) [Orabug: 33998324] - exec, elf: ignore invalid note data (Anthony Yznaga) [Orabug: 34003079] - netfilter: nf_tables: validate registers coming from userspace. (Pablo Neira Ayuso) [Orabug: 34012906] {CVE-2022-1015} - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34012923] {CVE-2022-1016} [5.15.0-0.30.2] - net/rds: Fix math on error code (Freddy Carrillo) [Orabug: 33974712] - uek-rpm: aarch64: Reduce core rpms module count (Somasundaram Krishnasamy) [Orabug: 33994642] - uek-rpm: Add few needed modules to core rpm. (Somasundaram Krishnasamy) [Orabug: 33994642] - uek-rpm: Remove duplicate modules from kernel-uek-modules rpm (Somasundaram Krishnasamy) [Orabug: 33994642] - selftests/vm: make MADV_POPULATE_(READ|WRITE) use in-tree headers (David Hildenbrand) [Orabug: 33797463] - net: mana: Add handling of CQE_RX_TRUNCATED (Haiyang Zhang) [Orabug: 33839662] - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (Haiyang Zhang) [Orabug: 33839662] - net/rds: Use unpin_user_page as pin_user_pages counterpart (Gerd Rausch) [Orabug: 33867863] - rds: ib: Fix racy credit tracepoints (Hakon Bugge) [Orabug: 33980854] - mm: fix MADV_DONTEXEC to clear VM_EXEC_KEEP (Anthony Yznaga) [Orabug: 33987398] - uek-rpm: Set CONFIG_*_DIAG options as built-ins to match RHCK9 (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable CONFIG_DEBUG_WX for x86_64 debug kernel (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable CONFIG_TMPFS_INODE64 (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable CONFIG_CXL_MEM (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable CONFIG_CMA_SYSFS (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable Platform related options from RHCK9 (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable DM_VERITY_VERIFY_ROOTHASH_SIG and DM_VERITY_FEC (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable Crypto related options from RHCK9 (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable CONFIG_CAN_* options from RHCK9 (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable CONFIG_NET_SCH_* options from RHCK9 (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable CONFIG_NF_FLOW_TABLE (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable missing Netfilter options from RHCK9 (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable CONFIG_CGROUP_MISC and CONFIG_BLK_CGROUP_FC_APPID (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable CONFIG_INTEL_IDXD_PERFMON (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable CONFIG_RTW88_8723DE and CONFIG_RTW88_8821CE (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Update configuration for v5.15.30.1 (aarch64 make olddefconfig) (Victor Erminpour) [Orabug: 33901403] - uek-rpm: Update configuration for v5.15.30.1 (x86_64 make olddefconfig) (Victor Erminpour) [Orabug: 33901403] [5.15.0-0.30.1] - uek-rpm: config: Enable CONFIG_KEY_NOTIFICATIONS option (Somasundaram Krishnasamy) [Orabug: 33957466] - Revert uek: kabi: Enable kABI checker for ol8 and ol9 (Jack Vogel) - LTS version: v5.15.30 (Jack Vogel) - ice: Fix race condition during interface enslave (Ivan Vecera) - x86/module: Fix the paravirt vs alternative order (Peter Zijlstra) - kselftest/vm: fix tests build with old libc (Chengming Zhou) - bnx2: Fix an error message (Christophe JAILLET) - sfc: extend the locking on mcdi->seqno (Niels Dossche) - tcp: make tcp_read_sock() more robust (Eric Dumazet) - nl80211: Update bss channel on channel switch for P2P_CLIENT (Sreeramya Soratkal) - drm/vrr: Set VRR capable prop only if it is attached to connector (Manasi Navare) - iwlwifi: dont advertise TWT support (Golan Ben Ami) - atm: firestream: check the return value of ioremap() in fs_init() (Jia-Ju Bai) - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (Lad Prabhakar) - Bluetooth: hci_core: Fix leaking sent_cmd skb (Luiz Augusto von Dentz) - ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE (Julian Braha) - MIPS: smp: fill in sibling and core maps earlier (Alexander Lobakin) - mac80211: refuse aggregations sessions before authorized (Johannes Berg) - ARM: dts: rockchip: fix a typo on rk3288 crypto-controller (Corentin Labbe) - ARM: dts: rockchip: reorder rk322x hmdi clocks (Sascha Hauer) - arm64: dts: agilex: use the compatible intel,socfpga-agilex-hsotg (Dinh Nguyen) - arm64: dts: rockchip: reorder rk3399 hdmi clocks (Sascha Hauer) - arm64: dts: rockchip: align pl330 node name with dtschema (Krzysztof Kozlowski) - arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity (Jakob Unterwurzacher) - xfrm: Fix xfrm migrate issues when address family changes (Yan Yan) - xfrm: Check if_id in xfrm_migrate (Yan Yan) - arm64: dts: rockchip: fix rk3399-puma-haikou USB OTG mode (Quentin Schulz) - Revert xfrm: state and policy should fail if XFRMA_IF_ID 0 (Kai Lueke) - LTS version: v5.15.29 (Jack Vogel) - vhost: allow batching hint without size (Jason Wang) - Revert net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN (Vladimir Oltean) (Christoph Hellwig) - riscv: dts: k210: fix broken IRQs on hart1 (Niklas Cassel) - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (Ville Syrjala) - btrfs: make send work with concurrent block group relocation (Filipe Manana) - drm/panel: Select DRM_DP_HELPER for DRM_PANEL_EDP (Thomas Zimmermann) - x86/traps: Mark do_int3() NOKPROBE_SYMBOL (Li Huafei) - x86/sgx: Free backing memory after faulting the enclave page (Jarkko Sakkinen) - x86/boot: Add setup_indirect support in early_memremap_is_setup_data() (Ross Philipson) - x86/boot: Fix memremap of setup_indirect structures (Ross Philipson) - Revert x86/boot: Fix memremap of setup_indirect structures (Jack Vogel) - Revert x86/boot: Add setup_indirect support in early_memremap_is_setup_data (Jack Vogel) - watch_queue: Make comment about setting ->defunct more accurate (David Howells) - watch_queue: Fix lack of barrier/sync/lock between post and read (David Howells) - watch_queue: Free the alloc bitmap when the watch_queue is torn down (David Howells) - watch_queue: Fix the alloc bitmap size to reflect notes allocated (David Howells) - watch_queue: Fix to always request a pow-of-2 pipe ring size (David Howells) - watch_queue: Fix to release page in ->release() (David Howells) - watch_queue, pipe: Free watchqueue state after clearing pipe ring (David Howells) - watch_queue: Fix filter limit check (David Howells) - ARM: fix Thumb2 regression with Spectre BHB (Russell King (Oracle)) - net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE (Dima Chumak) - virtio: acknowledge all features before access (Michael S. Tsirkin) - virtio: unexport virtio_finalize_features (Michael S. Tsirkin) - KVM: x86/mmu: kvm_faultin_pfn has to return false if pfh is returned (Andrei Vagin) - swiotlb: rework fix info leak with DMA_FROM_DEVICE (Halil Pasic) - arm64: kasan: fix include error in MTE functions (Paul Semel) - arm64: Ensure execute-only permissions are not allowed without EPAN (Catalin Marinas) - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (Pali Rohar) - tracing/osnoise: Force quiescent states while tracing (Nicolas Saenz Julienne) - riscv: Fix auipc+jalr relocation range checks (Emil Renner Berthing) - mmc: meson: Fix usage of meson_mmc_post_req() (Rong Chen) - riscv: alternative only works on !XIP_KERNEL (Jisheng Zhang) - net: macb: Fix lost RX packet wakeup race in NAPI receive (Robert Hancock) - staging: gdm724x: fix use after free in gdm_lte_rx() (Dan Carpenter) - staging: rtl8723bs: Fix access-point mode deadlock (Hans de Goede) - fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) - fuse: fix fileattr op failure (Miklos Szeredi) - ARM: Spectre-BHB: provide empty stub for non-config (Randy Dunlap) - selftests/memfd: clean up mapping in mfd_fail_write (Mike Kravetz) - selftest/vm: fix map_fixed_noreplace test failure (Aneesh Kumar K.V) - tracing/osnoise: Make osnoise_main to sleep for microseconds (Daniel Bristot de Oliveira) - tracing: Ensure trace buffer is at least 4096 bytes large (Sven Schnelle) - ipv6: prevent a possible race condition with lifetimes (Niels Dossche) - Revert xen-netback: Check for hotplug-status existence before watching (Marek Marczykowski-Gorecki) - Revert xen-netback: remove hotplug-status once it has served its purpose (Marek Marczykowski-Gorecki) - drm/amdgpu: bypass tiling flag check in virtual display case (v2) (Guchun Chen) - gpio: Return EPROBE_DEFER if gc->to_irq is NULL (Shreeya Patel) - PCI: Mark all AMD Navi10 and Navi14 GPU ATS as broken (Alex Deucher) - hwmon: (pmbus) Clear pmbus fault/warning bits after read (Vikash Chandola) - net-sysfs: add check for netdevice being present to speed_show (suresh kumar) - x86/kvm: Dont use pv tlb/ipi/sched_yield if on 1 vCPU (Wanpeng Li) - drm/vc4: hdmi: Unregister codec device on unbind (Maxime Ripard) - spi: rockchip: terminate dma transmission when slave abort (Jon Lin) - spi: rockchip: Fix error in getting num-cs property (Jon Lin) - kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (Anton Romanov) - KVM: Fix lockdep false negative during host resume (Wanpeng Li) - pinctrl: tigerlake: Revert Add Alder Lake-M ACPI ID (Andy Shevchenko) - usb: dwc3: pci: add support for the Intel Raptor Lake-S (Heikki Krogerus) - swiotlb: fix info leak with DMA_FROM_DEVICE (Halil Pasic) - selftests/bpf: Add test for bpf_timer overwriting crash (Kumar Kartikeya Dwivedi) - net: phy: meson-gxl: improve link-up behavior (Heiner Kallweit) - net: bcmgenet: Dont claim WOL when its not available (Jeremy Linton) - sctp: fix kernel-infoleak for SCTP sockets (Eric Dumazet) - net: phy: DP83822: clear MISR2 register to disable interrupts (Clement Leger) - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (Miaoqian Lin) - gpio: ts4900: Do not set DAT and OE together (Mark Featherston) - selftests: pmtu.sh: Kill nettest processes launched in subshell. (Guillaume Nault) - selftests: pmtu.sh: Kill tcpdump processes launched by subshell. (Guillaume Nault) - NFC: port100: fix use-after-free in port100_send_complete (Pavel Skripkin) - net/mlx5e: Lag, Only handle events from highest priority multipath entry (Roi Dayan) - net/mlx5: Fix a race on command flush flow (Moshe Shemesh) - net/mlx5: Fix size field in bufferx_reg struct (Mohammad Kabat) - ax25: Fix NULL pointer dereference in ax25_kill_by_device (Duoming Zhou) - net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr (Miaoqian Lin) - net: ethernet: lpc_eth: Handle error for clk_enable (Jiasheng Jiang) - net: ethernet: ti: cpts: Handle error for clk_enable (Jiasheng Jiang) - tipc: fix incorrect order of state message data sanity check (Tung Nguyen) - ethernet: Fix error handling in xemaclite_of_probe (Miaoqian Lin) - ice: Fix curr_link_speed advertised speed (Jedrzej Jagielski) - ice: Dont use GFP_KERNEL in atomic context (Christophe JAILLET) - ice: Fix error with handling of bonding MTU (Dave Ertman) - ice: stop disabling VFs due to PF error responses (Jacob Keller) - i40e: stop disabling VFs due to PF error responses (Jacob Keller) - iavf: Fix handling of vlan strip virtual channel messages (Michal Maloszewski) - ARM: dts: aspeed: Fix AST2600 quad spi group (Joel Stanley) - net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate() (Russell King (Oracle)) - drm/sun4i: mixer: Fix P010 and P210 format numbers (Jernej Skrabec) - gpiolib: acpi: Convert ACPI value of debounce to microseconds (Andy Shevchenko) - smsc95xx: Ignore -ENODEV errors when device is unplugged (Fabio Estevam) - qed: return status of qed_iov_get_link (Tom Rix) - esp: Fix BEET mode inter address family tunneling on GSO (Steffen Klassert) - esp: Fix possible buffer overflow in ESP transformation (Steffen Klassert) - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (Jia-Ju Bai) - isdn: hfcpci: check the return value of dma_set_mask() in setup_hw() (Jia-Ju Bai) - vdpa: fix use-after-free on vp_vdpa_remove (Zhang Min) - virtio-blk: Dont use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (Xie Yongji) - vhost: fix hung thread due to erroneous iotlb entries (Anirudh Rayabharam) - mISDN: Fix memory leak in dsp_pipeline_build() (Alexey Khoroshilov) - net: phy: meson-gxl: fix interrupt handling in forced mode (Heiner Kallweit) - vduse: Fix returning wrong type in vduse_domain_alloc_iova() (Xie Yongji) - vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command (Si-Wei Liu) - tipc: fix kernel panic when enabling bearer (Tung Nguyen) - arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias (Pali Rohar) - HID: vivaldi: fix sysfs attributes leak (Dmitry Torokhov) - clk: qcom: dispcc: Update the transition delay for MDSS GDSC (Taniya Das) - clk: qcom: gdsc: Add support to update GDSC transition delay (Taniya Das) - ARM: boot: dts: bcm2711: Fix HVS register range (Maxime Ripard) - HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts (Pavel Skripkin) - HID: elo: Revert USB reference counting (Jiri Kosina) - arm64: dts: qcom: sm8350: Correct UFS symbol clocks (Bjorn Andersson) - arm64: dts: qcom: sm8350: Describe GCC dependency clocks (Konrad Dybcio) - uek-rpm: Add crashkernel.default file (John Donnelly) [Orabug: 33741103] - KVM: SVM: Dont apply SEV+SMAP workaround on code fetch or PT access (Sean Christopherson) [Orabug: 33772526] - KVM: SVM: Inject #UD on attempted emulation for SEV guest w/o insn buffer (Sean Christopherson) [Orabug: 33772526] - KVM: SVM: WARN if KVM attempts emulation on #UD or #GP for SEV guests (Sean Christopherson) [Orabug: 33772526] - KVM: x86: Pass emulation type to can_emulate_instruction() (Sean Christopherson) [Orabug: 33772526] - KVM: SVM: Explicitly require DECODEASSISTS to enable SEV support (Sean Christopherson) [Orabug: 33772526] - rcu: Avoid unneeded function call in rcu_read_unlock() (Waiman Long) [Orabug: 33904637] - rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940518] - uek-rpm: Enable CONFIG_DRM_VMWGFX and CONFIG_DRM_VMWGFX_FBCON for aarch64 (Victor Erminpour) [Orabug: 33947624] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1263 CVE-2021-4095 CVE-2022-29582 CVE-2022-1015 CVE-2022-28390 CVE-2022-28388 cpe:/a:oracle:linux:8::UEKR7 Oracle Linux 8 [5.15.0-0.30.19] - net/mlx4: Increase num_srq in low_mem_profile (Dave Kleikamp) [Orabug: 34052160] [5.15.0-0.30.18] - Revert ocfs2: mount shared volume without ha stack (Junxiao Bi) [Orabug: 33701900] - KVM: x86/speculation: Disable Fill buffer clear within guests (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - x86/speculation/srbds: Update SRBDS mitigation selection (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - x86/speculation: Add a common function for MD_CLEAR mitigation update (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - Documentation: Add documentation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202258] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} [5.15.0-0.30.17] - uek-rpm: New shim versions and secureboot certs (Jack Vogel) [Orabug: 34219956] [5.15.0-0.30.16] - perf: Correct the label position in perf_event_open (Jack Vogel) [Orabug: 34172708] [5.15.0-0.30.15] - sched: Fix non-CONFIG_SCHED_CORE build (Boris Ostrovsky) [Orabug: 34228424] [5.15.0-0.30.14] - lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34152698] {CVE-2022-21499} - io_uring: fix race between timeout flush and removal (Jens Axboe) [Orabug: 34115159] {CVE-2022-29582} - kvm/x86: Inherit userspaces core scheduling cookie (Boris Ostrovsky) [Orabug: 34195867] - vhost: Inherit userspaces core scheduling cookie (Boris Ostrovsky) [Orabug: 34195867] - sched: Add interface for copying core scheduling cookie between two tasks (Boris Ostrovsky) [Orabug: 34195867] - KVM: x86: avoid calling x86 emulator without a decoded instruction (Sean Christopherson) [Orabug: 34205798] {CVE-2022-1852} {CVE-2022-1852} - uek-rpm: Added squashfs module to core rpm for kdump (Vijayendra Suman) [Orabug: 34206290] - uek-rpm: Enable CONFIG_SQUASHFS_ZSTD to support zstd compression (Harshit Mogalapalli) [Orabug: 34209438] [5.15.0-0.30.13] - perf: Fix sys_perf_event_open() race against self (Peter Zijlstra) [Orabug: 34172708] {CVE-2022-1729} - uek-rpm: Enable dependencies needed by CONFIG_SND_SOC_INTEL_HDA_DSP_COMMON (Brian Maly) [Orabug: 33711352] [5.15.0-0.30.12] - docs: kdump: Update the crashkernel description for arm64 (Zhen Lei) [Orabug: 34052160] - of: fdt: Add memory for devices by DT property linux,usable-memory-range (Chen Zhou) [Orabug: 34052160] - arm64: kdump: Reimplement crashkernel=X (Chen Zhou) [Orabug: 34052160] - arm64: Use insert_resource() to simplify code (Zhen Lei) [Orabug: 34052160] - kdump: return -ENOENT if required cmdline option does not exist (Zhen Lei) [Orabug: 34052160] - Revert x86: kdump: replace the hard-coded alignment with macro CRASH_ALIGN (Dave Kleikamp) [Orabug: 34052160] - Revert x86: kdump: make the lower bound of crash kernel reservation consistent (Dave Kleikamp) [Orabug: 34052160] - Revert x86: kdump: use macro CRASH_ADDR_LOW_MAX in functions reserve_crashkernel() (Dave Kleikamp) [Orabug: 34052160] - Revert x86: kdump: move xen_pv_domain() check and insert_resource() to setup_arch() (Dave Kleikamp) [Orabug: 34052160] - Revert x86: kdump: move reserve_crashkernel[_low]() into crash_core.c (Dave Kleikamp) [Orabug: 34052160] - Revert x86/elf: Move vmcore_elf_check_arch_cross to arch/x86/include/asm/elf.h (Dave Kleikamp) [Orabug: 34052160] - Revert arm64: kdump: introduce some macroes for crash kernel reservation (Dave Kleikamp) [Orabug: 34052160] - Revert arm64: kdump: reimplement crashkernel=X (Dave Kleikamp) [Orabug: 34052160] - Revert x86, arm64: Add ARCH_WANT_RESERVE_CRASH_KERNEL config (Dave Kleikamp) [Orabug: 34052160] - Revert kdump: update Documentation about crashkernel (Dave Kleikamp) [Orabug: 34052160] - uek-rpm: Add modules required to pass selinux-testsuites to core rpm (Somasundaram Krishnasamy) [Orabug: 34129238] - uek-rpm: configs: enable 9P_FS for x86_64 (Todd Vierling) [Orabug: 34146029] - uek-rpm: Add modules to allow podman tests to run on core kernel. (Somasundaram Krishnasamy) [Orabug: 34123777] [5.15.0-0.30.11] - uek: kabi: Update kABI files and enable the kABI checker (Saeed Mirzamohammadi) [Orabug: 34044324] - Revert rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 34115603] - Revert rds/ib: reap tx completions during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 34115603] - Revert rds/ib: handle posted ACK during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 34115603] [5.15.0-0.30.10] - xfs, iomap: limit individual ioend chain lengths in writeback (Dave Chinner) [Orabug: 34085022] - xfs: only bother with sync_filesystem during readonly remount (Darrick J. Wong) [Orabug: 34085022] - vfs: make sync_filesystem return errors from ->sync_fs (Darrick J. Wong) [Orabug: 34085022] - xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (Darrick J. Wong) [Orabug: 34085022] - xfs: flush inodegc workqueue tasks before cancel (Brian Foster) [Orabug: 34085022] - xfs: prevent UAF in xfs_log_item_in_current_chkpt (Darrick J. Wong) [Orabug: 34085022] - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (Dan Carpenter) [Orabug: 34085022] - xfs: check sb_meta_uuid for dabuf buffer recovery (Dave Chinner) [Orabug: 34085022] - xfs: only run COW extent recovery when there are no live extents (Darrick J. Wong) [Orabug: 34085022] - x86/platform/uv: Log gap hole end size (Mike Travis) [Orabug: 34100359] - x86/platform/uv: Update TSC sync state for UV5 (Mike Travis) [Orabug: 34100359] - x86/platform/uv: Update NMI Handler for UV5 (Mike Travis) [Orabug: 34100359] - perf/x86/intel/uncore: Fix the build on !CONFIG_PHYS_ADDR_T_64BIT (Ingo Molnar) [Orabug: 34100359] - perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (Steve Wahl) [Orabug: 34100359] - net/rds: Delayed DR_SOCK_CANCEL (Gerd Rausch) [Orabug: 34105317] - uek-rpm: Move needed modules to core rpm (Somasundaram Krishnasamy) [Orabug: 34124573] [Orabug: 34130428] [Orabug: 34130346] - af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (Haimin Zhang) [Orabug: 34135342] {CVE-2022-1353} [5.15.0-0.30.9] - uek-rpm: Enable CONFIG_KFENCE (Joe Jin) [Orabug: 34125090] - rds: ib: INFO: trying to register non-static key during rmmod (Freddy Carrillo) [Orabug: 34106050] - uek-rpm: Move few modules to core rpm (Somasundaram Krishnasamy) [Orabug: 34087568] - bpf: Emit bpf_timer in vmlinux BTF (Yonghong Song) [Orabug: 34085523] - selftests/bpf: Define SYS_NANOSLEEP_KPROBE_NAME for aarch64 (Ilya Leoshkevich) [Orabug: 34085523] - KVM: avoid NULL pointer dereference in kvm_dirty_ring_push (Paolo Bonzini) [Orabug: 34048938] {CVE-2022-1263} [5.15.0-0.30.8] - Revert locking/rwsem: Make handoff bit handling more consistent (John Donnelly) [Orabug: 34087272] - Revert locking/rwsem: Always try to wake waiters in out_nolock path (John Donnelly) [Orabug: 34087272] - x86, ctf: fix CTF suppression in the vDSO (Nick Alcock) [Orabug: 34090171] [5.15.0-0.30.7] - uek-rpm: config: Add support for resilient_rdmaip new kernel module (Sudhakar Dindukurti) [Orabug: 27718686] [Orabug: 30777254] [Orabug: 33877197] - resilient_rdmaip: replace inet_ioctl() with devinet_ioctl() (Qing Huang) [Orabug: 33877197] - rdmaip: trace message buffer size too small for rdmaip debug tracepoints (Alan Maguire) [Orabug: 33267573] [Orabug: 33877197] - A/A Bonding: remove use of trace_printk(), replacing with tracepoints (Alan Maguire) [Orabug: 32969529] [Orabug: 33877197] - A/A Bonding: In rdmaip synchronize access to ip_config[].rdmaip_dev (Sharath Srinivasan) [Orabug: 32486193] [Orabug: 33877197] - A/A Bonding: dev_hold/put() the delayed GARP work handlers netdev in rdmaip (Sharath Srinivasan) [Orabug: 33161268] [Orabug: 33877197] - A/A Bonding: Add synchronized bundle failback (Gerd Rausch) [Orabug: 32381881] [Orabug: 33877197] - A/A Bonding: Fix a one-byte-off kmalloc (Hakon Bugge) [Orabug: 32380823] [Orabug: 33877197] - A/A Bonding: Introduce selective interface name inclusion (Hakon Bugge) [Orabug: 32350973] [Orabug: 33877197] - A/A Bonding: Increase number and interval of GARPs sent by rdmaip (Sharath Srinivasan) [Orabug: 32095765] [Orabug: 33877197] - A/A Bonding: No need to call flush rdmaip_wq in rdmaip_cleanup() (Ka-Cheong Poon) [Orabug: 30875610] [Orabug: 33877197] - A/A Bonding: Change debug levels for some debug messages (Sudhakar Dindukurti) [Orabug: 30430839] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: Remove rdmaip_garp_wq work queue (Sudhakar Dindukurti) [Orabug: 30507174] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: rdmaip does not send IPv6 address change notification (Ka-Cheong Poon) [Orabug: 30312121] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: Memory leak in rdmaip_send_gratuitous_arp (Dag Moxnes) [Orabug: 30434319] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: Use correct port when calling ib_query_port (Dag Moxnes) [Orabug: 30433360] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: Validate rdmaip_active_bonding_arps module parameter (Sudhakar Dindukurti) [Orabug: 29822840] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: Flush all the delayed works posted to rdmaip_garps_wq before destroying the workq (Sudhakar Dindukurti) [Orabug: 29822840] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: Rename riif_dlywork to rdmaip_dlywork (Sudhakar Dindukurti) [Orabug: 29822840] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: Rename rdmaip_port_ud_work to rdmaip_dly_work_req (Sudhakar Dindukurti) [Orabug: 29822840] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: Flush all the delayed works posted to rdmaip_wq before destroying the workq (Sudhakar Dindukurti) [Orabug: 29379514] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: Miscellaneous module unload changes (Sudhakar Dindukurti) [Orabug: 29781216] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: Skip sending GARPs when module unload is in progress (Sudhakar Dindukurti) [Orabug: 29781216] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: Port status is not updated correctly for dynamically added netdevs (Sudhakar Dindukurti) [Orabug: 30241187] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: rdmaip_add_new_rdmaip_port() - remove unused port argument (Sudhakar Dindukurti) [Orabug: 30241187] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: rdmaip_inetaddr_unregister() - minor updates (Sudhakar Dindukurti) [Orabug: 30241187] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: Log ip_config details if it fails to find a failover port (Sudhakar Dindukurti) [Orabug: 30213132] [Orabug: 30777254] [Orabug: 33877197] - A/A Bonding: X8-8 RoCE network re-connect stalls after loss of switch (Sudhakar Dindukurti) [Orabug: 30213132] [Orabug: 30777254] [Orabug: 33877197] - A/A-Bonding: Switch from dma_device to dev.parent (Dag Moxnes) [Orabug: 30149027] [Orabug: 30777254] [Orabug: 33877197] - A/A-Bonding: Increase default net.rdmaip.active_bonding_failback_ms (Sudhakar Dindukurti) [Orabug: 30184200] [Orabug: 30777254] [Orabug: 33877197] - A/A-Bonding: Optimize rdmaip_impl_inetaddr_event() (Sudhakar Dindukurti) [Orabug: 29929934] [Orabug: 30777254] [Orabug: 33877197] - A/A-Bonding: ResilientRDMA does not failback on nodes configured with unused VFs starting in 1902.1.0 (Sudhakar Dindukurti) [Orabug: 29929934] [Orabug: 30777254] [Orabug: 33877197] - Delay IP migration for failback by 10s for NETDEV_CHANGE event (Sudhakar Dindukurti) [Orabug: 29761370] [Orabug: 30777254] [Orabug: 33877197] - RoCE:KVM guest: failover doesnt work if an interface isnt configured (Sudhakar Dindukurti) [Orabug: 29476868] [Orabug: 30777254] [Orabug: 33877197] - Add more debug messages in Resilient RDMAIP (Sudhakar Dindukurti) [Orabug: 29683262] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Fix gratuitous ARP storm (Hakon Bugge) [Orabug: 29629971] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Potential race conditions in the module unload path (Sudhakar Dindukurti) [Orabug: 29301129] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Avoid calling ib_query_gid() by holding the dev_base_lock (Sudhakar Dindukurti) [Orabug: 29350401] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: ib_query_port() sleeping function called in a invalid context (Sudhakar Dindukurti) [Orabug: 29391490] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Sleeping function mutex_lock() called in invalid context (Sudhakar Dindukurti) [Orabug: 29430627] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Name structure fields appropriately (for better readability) (Sudhakar Dindukurti) [Orabug: 29168419] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Add rdmaip_process_async_event() (Sudhakar Dindukurti) [Orabug: 29168346] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Potential race conditions (Sudhakar Dindukurti) [Orabug: 29172556] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: check return value of the rdmaip_init_port (Sudhakar Dindukurti) [Orabug: 29168307] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Optimize rdmaip_event_handler() (Sudhakar Dindukurti) [Orabug: 29168253] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Add new function rdmaip_sched_failover_failback() to sechedule failover/failback (Sudhakar Dindukurti) [Orabug: 29167542] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Skip failover and failback operations during network reconfiguration (Sudhakar Dindukurti) [Orabug: 28946148] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Add new function rdmaip_add_new_rdmaip_port() (Sudhakar Dindukurti) [Orabug: 29167497] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Add rdmaip_update_port_status_all_layers() function (Sudhakar Dindukurti) [Orabug: 29213051] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: Add a new function rdmaip_find_port_tstate() to find port transition state (Sudhakar Dindukurti) [Orabug: 29162871] [Orabug: 30777254] [Orabug: 33877197] - Replace alloc_page() with static allocation (Sudhakar Dindukurti) [Orabug: 29162759] [Orabug: 30777254] [Orabug: 33877197] - Log full interface name including label during IPv4 migration (Sudhakar Dindukurti) [Orabug: 29019945] [Orabug: 30777254] [Orabug: 33877197] - A/A : Failover and failback does not work for IP aliases (Sudhakar Dindukurti) [Orabug: 29019964] [Orabug: 30777254] [Orabug: 33877197] - Node crashes when trace buffer is opened (Sudhakar Dindukurti) [Orabug: 28988861] [Orabug: 30777254] [Orabug: 33877197] - module unload: Restore IPs during module unloading (Sudhakar Dindukurti) [Orabug: 27902037] [Orabug: 30777254] [Orabug: 33877197] - Memory leak in rdmaip_device_remove() (Sudhakar Dindukurti) [Orabug: 28496850] [Orabug: 30777254] [Orabug: 33877197] - resilient_rdmaip: Remove unused variable (Sudhakar Dindukurti) [Orabug: 28925778] [Orabug: 30777254] [Orabug: 33877197] - A/A failback does not work in concert with ibacm (Hakon Bugge) [Orabug: 28919144] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: fix returned value not set error (Zhu Yanjun) [Orabug: 28175433] [Orabug: 30777254] [Orabug: 33877197] - IB: RDMAIP: avoid migration to a port that is down (Zhu Yanjun) [Orabug: 28096172] [Orabug: 30777254] [Orabug: 33877197] - IB/rdmaip: Fix bug in failover_group parsing (Hakon Bugge) [Orabug: 28198705] [Orabug: 30777254] [Orabug: 33877197] - GARP Messages should be sent on the same port where IP is bound (Sudhakar Dindukurti) [Orabug: 28085445] [Orabug: 30777254] [Orabug: 33877197] - system panic with active bonding enabled via resilient_rdmaip (Sudhakar Dindukurti) [Orabug: 28073806] [Orabug: 30777254] [Orabug: 33877197] - Resilient RDMAIP should not attempt to failover/failback for the ports in grp 0 (Sudhakar Dindukurti) [Orabug: 28049781] [Orabug: 30777254] [Orabug: 33877197] - rdmaip: ib0 is already part of another failover group (Sudhakar Dindukurti) [Orabug: 27818669] [Orabug: 30777254] [Orabug: 33877197] - Minor typos in resilient_rdmaip parameter description (Sudhakar Dindukurti) [Orabug: 27890256] [Orabug: 30777254] [Orabug: 33877197] - Garbled log messages related to resilient_rdmaip driver (Sudhakar Dindukurti) [Orabug: 27935928] [Orabug: 30777254] [Orabug: 33877197] - Add Resilient RDMAIP module (Sudhakar Dindukurti) [Orabug: 27718676] [Orabug: 30777254] [Orabug: 33877197] - netfilter: conntrack: re-init state for retransmitted syn-ack (Florian Westphal) [Orabug: 34096642] - netfilter: conntrack: move synack init code to helper (Florian Westphal) [Orabug: 34096642] - uek-rpm: Add few more missing modules to core rpm (Somasundaram Krishnasamy) [Orabug: 34095625] - scsi: mpt3sas: Remove scsi_dma_map() error messages (Sreekanth Reddy) [Orabug: 34095621] - IB/cma: Allow XRC INI QPs to set their local ACK timeout (Hakon Bugge) [Orabug: 34094200] - SUNRPC: Do not dereference non-socket transports in sysfs (Trond Myklebust) [Orabug: 34056478] - SUNRPC: lock against ->sock changing during sysfs read (NeilBrown) [Orabug: 34056478] - SUNRPC: Check if the xprt is connected before handling sysfs reads (Anna Schumaker) [Orabug: 34056478] - uek-rpm: Enable CONFIG_FS_VERITY (Victor Erminpour) [Orabug: 34048393] [5.15.0-0.30.6] - uek-rpm: Update kernel-uek-core rpm module list. (Somasundaram Krishnasamy) [Orabug: 34078005] - Revert scsi: core: Register sysfs attributes earlier (John Donnelly) [Orabug: 34087517] - vfio/type1: add ioctl to check for correct pin accounting (Anthony Yznaga) [Orabug: 34049087] - vfio/type1: track pages pinned by vfio across exec (Anthony Yznaga) [Orabug: 34049087] - mm: track driver pinned pages across exec (Anthony Yznaga) [Orabug: 34049087] - mlx5_core: set module param expose_pf_phys_port_name to true (Sharath Srinivasan) [Orabug: 33960521] - uek-rpm: Fix DEFAULTKERNEL for aarch 64k rpms. (Somasundaram Krishnasamy) [Orabug: 33900644] - xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (Dave Chinner) [Orabug: 33705403] [5.15.0-0.30.5] - iov_iter: Introduce nofault flag to disable page faults (Andreas Gruenbacher) [Orabug: 34073754] - gup: Introduce FOLL_NOFAULT flag to disable page faults (Andreas Gruenbacher) [Orabug: 34073754] - scsi: core: Use a structure member to track the SCSI command submitter (Bart Van Assche) [Orabug: 34075214] - uek: kabi: add KABI padding to x86 struct fpu (Eric DeVolder) [Orabug: 34070418] - uek: kabi: add KABI padding to udp and phy sturcts (Qing Huang) [Orabug: 34066357] - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (Dongli Zhang) [Orabug: 34064652] - scsi: core: Register sysfs attributes earlier (Bart Van Assche) [Orabug: 34063798] - uek: kabi: add kABI padding to arch/x86/include/asm/processor.h (Thomas Tai) [Orabug: 34059795] - x86/speculation: Restore speculation related MSRs during S3 resume (Pawan Gupta) [Orabug: 34053699] - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) [Orabug: 34048326] {CVE-2022-28390} - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) [Orabug: 34048287] {CVE-2022-28388} - intel_idle: add core C6 optimization for SPR (Artem Bityutskiy) [Orabug: 34039112] - intel_idle: add preferred_cstates module argument (Artem Bityutskiy) [Orabug: 34039112] - intel_idle: add SPR support (Artem Bityutskiy) [Orabug: 34039112] - uek-rpm: Modify options for CONFIG_VSOCKETS_DIAG=y (Victor Erminpour) [Orabug: 34027701] - uek-rpm: Modify options for CONFIG_TIPC_DIAG=y (Victor Erminpour) [Orabug: 34027701] - uek-rpm: Modify options for CONFIG_INET_SCTP_DIAG=y (Victor Erminpour) [Orabug: 34027701] - uek-rpm: Enable CONFIG_MPTCP (Victor Erminpour) [Orabug: 34027701] - add kernel param to pre-allocate NICs (Brian Maly) [Orabug: 30962711] [Orabug: 34018925] - xfs: punch out data fork delalloc blocks on COW writeback failure (Brian Foster) [Orabug: 33968545] - locking/rwsem: Always try to wake waiters in out_nolock path (Waiman Long) [Orabug: 33698977] [5.15.0-0.30.4] - btrfs: skip reserved bytes warning on unmount after log cleanup failure (Filipe Manana) [Orabug: 33916044] - ALSA: pcm: Fix races among concurrent prealloc proc writes (Takashi Iwai) [Orabug: 34007904] {CVE-2022-1048} - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (Takashi Iwai) [Orabug: 34007904] {CVE-2022-1048} - ALSA: pcm: Fix races among concurrent read/write and buffer changes (Takashi Iwai) [Orabug: 34007904] {CVE-2022-1048} - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (Takashi Iwai) [Orabug: 34007904] {CVE-2022-1048} - mei: me: disable driver on the ign firmware (Alexander Usyskin) [Orabug: 34018911] - uek-rpm: Separate x86_64 kABI checking for OL8/9 (Saeed Mirzamohammadi) [Orabug: 34027988] - rds: ib: Initialize SG table properly (Hakon Bugge) [Orabug: 34031911] - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (Paolo Bonzini) [Orabug: 34034593] {CVE-2022-1158} - Revert rds/ib: recover rds connection from stuck rx path (Rohit Nair) [Orabug: 34039269] [5.15.0-0.30.3] - xfs: dont generate selinux audit messages for capability testing (Darrick J. Wong) [Orabug: 33678769] - rds: Fix incorrect initialization order (Hakon Bugge) [Orabug: 33923371] - turbostat: fix PC6 displaying on some systems (Artem Bityutskiy) [Orabug: 33998324] - exec, elf: ignore invalid note data (Anthony Yznaga) [Orabug: 34003079] - netfilter: nf_tables: validate registers coming from userspace. (Pablo Neira Ayuso) [Orabug: 34012906] {CVE-2022-1015} - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34012923] {CVE-2022-1016} [5.15.0-0.30.2] - net/rds: Fix math on error code (Freddy Carrillo) [Orabug: 33974712] - uek-rpm: aarch64: Reduce core rpms module count (Somasundaram Krishnasamy) [Orabug: 33994642] - uek-rpm: Add few needed modules to core rpm. (Somasundaram Krishnasamy) [Orabug: 33994642] - uek-rpm: Remove duplicate modules from kernel-uek-modules rpm (Somasundaram Krishnasamy) [Orabug: 33994642] - selftests/vm: make MADV_POPULATE_(READ|WRITE) use in-tree headers (David Hildenbrand) [Orabug: 33797463] - net: mana: Add handling of CQE_RX_TRUNCATED (Haiyang Zhang) [Orabug: 33839662] - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (Haiyang Zhang) [Orabug: 33839662] - net/rds: Use unpin_user_page as pin_user_pages counterpart (Gerd Rausch) [Orabug: 33867863] - rds: ib: Fix racy credit tracepoints (Hakon Bugge) [Orabug: 33980854] - mm: fix MADV_DONTEXEC to clear VM_EXEC_KEEP (Anthony Yznaga) [Orabug: 33987398] - uek-rpm: Set CONFIG_*_DIAG options as built-ins to match RHCK9 (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable CONFIG_DEBUG_WX for x86_64 debug kernel (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable CONFIG_TMPFS_INODE64 (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable CONFIG_CXL_MEM (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable CONFIG_CMA_SYSFS (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable Platform related options from RHCK9 (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable DM_VERITY_VERIFY_ROOTHASH_SIG and DM_VERITY_FEC (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable Crypto related options from RHCK9 (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable CONFIG_CAN_* options from RHCK9 (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable CONFIG_NET_SCH_* options from RHCK9 (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable CONFIG_NF_FLOW_TABLE (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable missing Netfilter options from RHCK9 (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable CONFIG_CGROUP_MISC and CONFIG_BLK_CGROUP_FC_APPID (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable CONFIG_INTEL_IDXD_PERFMON (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Enable CONFIG_RTW88_8723DE and CONFIG_RTW88_8821CE (Victor Erminpour) [Orabug: 33904712] - uek-rpm: Update configuration for v5.15.30.1 (aarch64 make olddefconfig) (Victor Erminpour) [Orabug: 33901403] - uek-rpm: Update configuration for v5.15.30.1 (x86_64 make olddefconfig) (Victor Erminpour) [Orabug: 33901403] [5.15.0-0.30.1] - uek-rpm: config: Enable CONFIG_KEY_NOTIFICATIONS option (Somasundaram Krishnasamy) [Orabug: 33957466] - Revert uek: kabi: Enable kABI checker for ol8 and ol9 (Jack Vogel) - LTS version: v5.15.30 (Jack Vogel) - ice: Fix race condition during interface enslave (Ivan Vecera) - x86/module: Fix the paravirt vs alternative order (Peter Zijlstra) - kselftest/vm: fix tests build with old libc (Chengming Zhou) - bnx2: Fix an error message (Christophe JAILLET) - sfc: extend the locking on mcdi->seqno (Niels Dossche) - tcp: make tcp_read_sock() more robust (Eric Dumazet) - nl80211: Update bss channel on channel switch for P2P_CLIENT (Sreeramya Soratkal) - drm/vrr: Set VRR capable prop only if it is attached to connector (Manasi Navare) - iwlwifi: dont advertise TWT support (Golan Ben Ami) - atm: firestream: check the return value of ioremap() in fs_init() (Jia-Ju Bai) - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (Lad Prabhakar) - Bluetooth: hci_core: Fix leaking sent_cmd skb (Luiz Augusto von Dentz) - ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE (Julian Braha) - MIPS: smp: fill in sibling and core maps earlier (Alexander Lobakin) - mac80211: refuse aggregations sessions before authorized (Johannes Berg) - ARM: dts: rockchip: fix a typo on rk3288 crypto-controller (Corentin Labbe) - ARM: dts: rockchip: reorder rk322x hmdi clocks (Sascha Hauer) - arm64: dts: agilex: use the compatible intel,socfpga-agilex-hsotg (Dinh Nguyen) - arm64: dts: rockchip: reorder rk3399 hdmi clocks (Sascha Hauer) - arm64: dts: rockchip: align pl330 node name with dtschema (Krzysztof Kozlowski) - arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity (Jakob Unterwurzacher) - xfrm: Fix xfrm migrate issues when address family changes (Yan Yan) - xfrm: Check if_id in xfrm_migrate (Yan Yan) - arm64: dts: rockchip: fix rk3399-puma-haikou USB OTG mode (Quentin Schulz) - Revert xfrm: state and policy should fail if XFRMA_IF_ID 0 (Kai Lueke) - LTS version: v5.15.29 (Jack Vogel) - vhost: allow batching hint without size (Jason Wang) - Revert net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN (Vladimir Oltean) (Christoph Hellwig) - riscv: dts: k210: fix broken IRQs on hart1 (Niklas Cassel) - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (Ville Syrjala) - btrfs: make send work with concurrent block group relocation (Filipe Manana) - drm/panel: Select DRM_DP_HELPER for DRM_PANEL_EDP (Thomas Zimmermann) - x86/traps: Mark do_int3() NOKPROBE_SYMBOL (Li Huafei) - x86/sgx: Free backing memory after faulting the enclave page (Jarkko Sakkinen) - x86/boot: Add setup_indirect support in early_memremap_is_setup_data() (Ross Philipson) - x86/boot: Fix memremap of setup_indirect structures (Ross Philipson) - Revert x86/boot: Fix memremap of setup_indirect structures (Jack Vogel) - Revert x86/boot: Add setup_indirect support in early_memremap_is_setup_data (Jack Vogel) - watch_queue: Make comment about setting ->defunct more accurate (David Howells) - watch_queue: Fix lack of barrier/sync/lock between post and read (David Howells) - watch_queue: Free the alloc bitmap when the watch_queue is torn down (David Howells) - watch_queue: Fix the alloc bitmap size to reflect notes allocated (David Howells) - watch_queue: Fix to always request a pow-of-2 pipe ring size (David Howells) - watch_queue: Fix to release page in ->release() (David Howells) - watch_queue, pipe: Free watchqueue state after clearing pipe ring (David Howells) - watch_queue: Fix filter limit check (David Howells) - ARM: fix Thumb2 regression with Spectre BHB (Russell King (Oracle)) - net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE (Dima Chumak) - virtio: acknowledge all features before access (Michael S. Tsirkin) - virtio: unexport virtio_finalize_features (Michael S. Tsirkin) - KVM: x86/mmu: kvm_faultin_pfn has to return false if pfh is returned (Andrei Vagin) - swiotlb: rework fix info leak with DMA_FROM_DEVICE (Halil Pasic) - arm64: kasan: fix include error in MTE functions (Paul Semel) - arm64: Ensure execute-only permissions are not allowed without EPAN (Catalin Marinas) - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (Pali Rohar) - tracing/osnoise: Force quiescent states while tracing (Nicolas Saenz Julienne) - riscv: Fix auipc+jalr relocation range checks (Emil Renner Berthing) - mmc: meson: Fix usage of meson_mmc_post_req() (Rong Chen) - riscv: alternative only works on !XIP_KERNEL (Jisheng Zhang) - net: macb: Fix lost RX packet wakeup race in NAPI receive (Robert Hancock) - staging: gdm724x: fix use after free in gdm_lte_rx() (Dan Carpenter) - staging: rtl8723bs: Fix access-point mode deadlock (Hans de Goede) - fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) - fuse: fix fileattr op failure (Miklos Szeredi) - ARM: Spectre-BHB: provide empty stub for non-config (Randy Dunlap) - selftests/memfd: clean up mapping in mfd_fail_write (Mike Kravetz) - selftest/vm: fix map_fixed_noreplace test failure (Aneesh Kumar K.V) - tracing/osnoise: Make osnoise_main to sleep for microseconds (Daniel Bristot de Oliveira) - tracing: Ensure trace buffer is at least 4096 bytes large (Sven Schnelle) - ipv6: prevent a possible race condition with lifetimes (Niels Dossche) - Revert xen-netback: Check for hotplug-status existence before watching (Marek Marczykowski-Gorecki) - Revert xen-netback: remove hotplug-status once it has served its purpose (Marek Marczykowski-Gorecki) - drm/amdgpu: bypass tiling flag check in virtual display case (v2) (Guchun Chen) - gpio: Return EPROBE_DEFER if gc->to_irq is NULL (Shreeya Patel) - PCI: Mark all AMD Navi10 and Navi14 GPU ATS as broken (Alex Deucher) - hwmon: (pmbus) Clear pmbus fault/warning bits after read (Vikash Chandola) - net-sysfs: add check for netdevice being present to speed_show (suresh kumar) - x86/kvm: Dont use pv tlb/ipi/sched_yield if on 1 vCPU (Wanpeng Li) - drm/vc4: hdmi: Unregister codec device on unbind (Maxime Ripard) - spi: rockchip: terminate dma transmission when slave abort (Jon Lin) - spi: rockchip: Fix error in getting num-cs property (Jon Lin) - kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (Anton Romanov) - KVM: Fix lockdep false negative during host resume (Wanpeng Li) - pinctrl: tigerlake: Revert Add Alder Lake-M ACPI ID (Andy Shevchenko) - usb: dwc3: pci: add support for the Intel Raptor Lake-S (Heikki Krogerus) - swiotlb: fix info leak with DMA_FROM_DEVICE (Halil Pasic) - selftests/bpf: Add test for bpf_timer overwriting crash (Kumar Kartikeya Dwivedi) - net: phy: meson-gxl: improve link-up behavior (Heiner Kallweit) - net: bcmgenet: Dont claim WOL when its not available (Jeremy Linton) - sctp: fix kernel-infoleak for SCTP sockets (Eric Dumazet) - net: phy: DP83822: clear MISR2 register to disable interrupts (Clement Leger) - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (Miaoqian Lin) - gpio: ts4900: Do not set DAT and OE together (Mark Featherston) - selftests: pmtu.sh: Kill nettest processes launched in subshell. (Guillaume Nault) - selftests: pmtu.sh: Kill tcpdump processes launched by subshell. (Guillaume Nault) - NFC: port100: fix use-after-free in port100_send_complete (Pavel Skripkin) - net/mlx5e: Lag, Only handle events from highest priority multipath entry (Roi Dayan) - net/mlx5: Fix a race on command flush flow (Moshe Shemesh) - net/mlx5: Fix size field in bufferx_reg struct (Mohammad Kabat) - ax25: Fix NULL pointer dereference in ax25_kill_by_device (Duoming Zhou) - net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr (Miaoqian Lin) - net: ethernet: lpc_eth: Handle error for clk_enable (Jiasheng Jiang) - net: ethernet: ti: cpts: Handle error for clk_enable (Jiasheng Jiang) - tipc: fix incorrect order of state message data sanity check (Tung Nguyen) - ethernet: Fix error handling in xemaclite_of_probe (Miaoqian Lin) - ice: Fix curr_link_speed advertised speed (Jedrzej Jagielski) - ice: Dont use GFP_KERNEL in atomic context (Christophe JAILLET) - ice: Fix error with handling of bonding MTU (Dave Ertman) - ice: stop disabling VFs due to PF error responses (Jacob Keller) - i40e: stop disabling VFs due to PF error responses (Jacob Keller) - iavf: Fix handling of vlan strip virtual channel messages (Michal Maloszewski) - ARM: dts: aspeed: Fix AST2600 quad spi group (Joel Stanley) - net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate() (Russell King (Oracle)) - drm/sun4i: mixer: Fix P010 and P210 format numbers (Jernej Skrabec) - gpiolib: acpi: Convert ACPI value of debounce to microseconds (Andy Shevchenko) - smsc95xx: Ignore -ENODEV errors when device is unplugged (Fabio Estevam) - qed: return status of qed_iov_get_link (Tom Rix) - esp: Fix BEET mode inter address family tunneling on GSO (Steffen Klassert) - esp: Fix possible buffer overflow in ESP transformation (Steffen Klassert) - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (Jia-Ju Bai) - isdn: hfcpci: check the return value of dma_set_mask() in setup_hw() (Jia-Ju Bai) - vdpa: fix use-after-free on vp_vdpa_remove (Zhang Min) - virtio-blk: Dont use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (Xie Yongji) - vhost: fix hung thread due to erroneous iotlb entries (Anirudh Rayabharam) - mISDN: Fix memory leak in dsp_pipeline_build() (Alexey Khoroshilov) - net: phy: meson-gxl: fix interrupt handling in forced mode (Heiner Kallweit) - vduse: Fix returning wrong type in vduse_domain_alloc_iova() (Xie Yongji) - vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command (Si-Wei Liu) - tipc: fix kernel panic when enabling bearer (Tung Nguyen) - arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias (Pali Rohar) - HID: vivaldi: fix sysfs attributes leak (Dmitry Torokhov) - clk: qcom: dispcc: Update the transition delay for MDSS GDSC (Taniya Das) - clk: qcom: gdsc: Add support to update GDSC transition delay (Taniya Das) - ARM: boot: dts: bcm2711: Fix HVS register range (Maxime Ripard) - HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts (Pavel Skripkin) - HID: elo: Revert USB reference counting (Jiri Kosina) - arm64: dts: qcom: sm8350: Correct UFS symbol clocks (Bjorn Andersson) - arm64: dts: qcom: sm8350: Describe GCC dependency clocks (Konrad Dybcio) - uek-rpm: Add crashkernel.default file (John Donnelly) [Orabug: 33741103] - KVM: SVM: Dont apply SEV+SMAP workaround on code fetch or PT access (Sean Christopherson) [Orabug: 33772526] - KVM: SVM: Inject #UD on attempted emulation for SEV guest w/o insn buffer (Sean Christopherson) [Orabug: 33772526] - KVM: SVM: WARN if KVM attempts emulation on #UD or #GP for SEV guests (Sean Christopherson) [Orabug: 33772526] - KVM: x86: Pass emulation type to can_emulate_instruction() (Sean Christopherson) [Orabug: 33772526] - KVM: SVM: Explicitly require DECODEASSISTS to enable SEV support (Sean Christopherson) [Orabug: 33772526] - rcu: Avoid unneeded function call in rcu_read_unlock() (Waiman Long) [Orabug: 33904637] - rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940518] - uek-rpm: Enable CONFIG_DRM_VMWGFX and CONFIG_DRM_VMWGFX_FBCON for aarch64 (Victor Erminpour) [Orabug: 33947624] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1263 CVE-2022-28390 CVE-2022-1015 CVE-2022-28388 CVE-2021-4095 CVE-2022-29582 cpe:/a:oracle:linux:8::UEKR7 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.64.1] - iscsi-target: Fix the issue with shutdown_session removal (Gulam Mohamed) [Orabug: 29661566] - scsi: target: fix hang when multiple threads try to destroy the same iscsi session (Gulam Mohamed) [Orabug: 29661566] - scsi: target: remove boilerplate code (Gulam Mohamed) [Orabug: 29661566] - iscsi-target: remove usage of ->shutdown_session (Gulam Mohamed) [Orabug: 29661566] - Drop the left-over iscsi-target hack (Gulam Mohamed) [Orabug: 29661566] - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) [Orabug: 34048290] {CVE-2022-28388} - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) [Orabug: 34048329] {CVE-2022-28390} - floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218641] {CVE-2022-1652} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1652 CVE-2022-28388 CVE-2022-28390 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 8 [ 1.8.5-7_fips] - Add API to provide hash calculation in RSA/DSA/ECDSA signature operations [Orabug: 33081130] - Change Epoch from 1 to 10 [1.8.5-7] - Fix CVE-2021-33560 (#2018525) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-40528 cpe:/a:oracle:linux:8::u4_security_validation Oracle Linux 6 [1.2.3-29.0.1] - Fix a bug that can crash deflate when using Z_FIXED [CVE-2018-25032][Orabug: 34161396] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2018-25032 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:ELS cpe:/a:oracle:linux:6::unsupported Oracle Linux 7 [4.14.35-2047.515.3.el7] - uek-rpm: Enable Pensando EMMC reset controller (Thomas Tai) [Orabug: 34325721] - mfd: pensando_elbasr: Add Pensando Elba System Resource Chip (Brad Larson) [Orabug: 34325721] - dsc-drivers: update drivers for 1.15.9-C-65 (Shannon Nelson) [Orabug: 34325721] [4.14.35-2047.515.2.el7] - net/rds: Delayed DR_SOCK_CANCEL (Gerd Rausch) [Orabug: 34105319] [4.14.35-2047.515.1.el7] - sched/rt: Disable RT_RUNTIME_SHARE by default (Daniel Bristot de Oliveira) [Orabug: 34193333] - mstflint_access: Update driver code to v4.20.1-1 from Github (Qing Huang) [Orabug: 34286148] [4.14.35-2047.515.0.el7] - net: ip: avoid OOM kills with large UDP sends over loopback (Venkat Venkatsubra) [Orabug: 34066209] - rdmaip: Flush ARP cache after address has been cleared (Gerd Rausch) [Orabug: 34285241] - rds: Include congested flag in rds_sock struct. (Rohit Nair) [Orabug: 34261492] - cpu/hotplug: Allow the CPU in CPU_UP_PREPARE state to be brought up again. (Longpeng(Mike)) [Orabug: 34234771] - x86/xen: Allow to retry if cpu_initialize_context() failed. (Boris Ostrovsky) [Orabug: 34234771] - floppy: use a statically allocated error counter (Willy Tarreau) {CVE-2022-1652} - assoc_array: Fix BUG_ON during garbage collect (Stephen Brennan) [Orabug: 34162064] - exec, elf: fix reserve_va_range() sanity check (Anthony Yznaga) [Orabug: 32387887] - exec, elf: use already allocated notes data in reserve_va_range() (Anthony Yznaga) [Orabug: 32387887] - mm: madv_doexec_flag sysctl (Anthony Yznaga) [Orabug: 32387887] - mm: introduce MADV_DOEXEC (Anthony Yznaga) [Orabug: 32387887] - exec, elf: require opt-in for accepting preserved mem (Anthony Yznaga) [Orabug: 32387887] - mm: introduce VM_EXEC_KEEP (Anthony Yznaga) [Orabug: 32387887] - mm: fail exec if stack expansion will overlap another vma (Anthony Yznaga) [Orabug: 32387887] - mm: do not assume only the stack vma exists in setup_arg_pages() (Anthony Yznaga) [Orabug: 32387887] - ELF: when loading PIE binaries check for overlap with existing mappings (Anthony Yznaga) [Orabug: 32387887] - Linux 4.14.280 (Greg Kroah-Hartman) - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (Yang Yingliang) - ping: fix address binding wrt vrf (Nicolas Dichtel) - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (Zack Rusin) - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) - USB: serial: option: add Fibocom MA510 modem (Sven Schwermer) - USB: serial: option: add Fibocom L610 modem (Sven Schwermer) - USB: serial: qcserial: add support for Sierra Wireless EM7590 (Ethan Yang) - USB: serial: pl2303: add device id for HP LM930 Display (Scott Chen) - usb: cdc-wdm: fix reading stuck on device close (Sergey Ryazanov) - tcp: resalt the secret every 10 seconds (Eric Dumazet) - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (Mark Brown) - ASoC: max98090: Generate notifications on changes for custom control (Mark Brown) - ASoC: max98090: Reject invalid values in custom control put() (Mark Brown) - hwmon: (f71882fg) Fix negative temperature (Ji-Ze Hong (Peter Hong)) - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (Taehee Yoo) - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (Guangguan Wang) - s390/lcs: fix variable dereferenced before check (Alexandra Winter) - s390/ctcm: fix potential memory leak (Alexandra Winter) - s390/ctcm: fix variable dereferenced before check (Alexandra Winter) - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (Randy Dunlap) - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) - netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet) - ipv4: drop dst in multicast routing path (Lokesh Dhoundiyal) - net: Fix features skip in for_each_netdev_feature() (Tariq Toukan) - batman-adv: Don't skb_split skbuffs with frag_list (Sven Eckelmann) - Linux 4.14.279 (Greg Kroah-Hartman) - VFS: Fix memory leak caused by concurrently mounting fs with subtype (ChenXiaoSong) - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (Takashi Iwai) - mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (Muchun Song) - mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (Muchun Song) - mmc: rtsx: add 74 Clocks in power on flow (Ricky WU) - Bluetooth: Fix the creation of hdev->name (Itay Iellin) - can: grcan: only use the NAPI poll budget for RX (Andreas Larsson) - can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (Andreas Larsson) - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit (Lee Jones) - MIPS: Use address-of operator on section symbols (Nathan Chancellor) - Linux 4.14.278 (Greg Kroah-Hartman) - PCI: aardvark: Fix reading MSI interrupt number (Pali Rohar) - PCI: aardvark: Clear all MSIs at setup (Pali Rohar) - dm: interlock pending dm_io and dm_wait_for_bios_completion (Mike Snitzer) - dm: fix mempool NULL pointer race when completing IO (Jiazi Li) - net: ipv6: ensure we call ipv6_mc_down() at most once (j.nixdorf@avm.de) - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (Sandipan Das) - net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet) - btrfs: always log symlinks in full mode (Filipe Manana) - smsc911x: allow using IRQ0 (Sergey Shtylyov) - net: emaclite: Add error handling for of_address_to_resource() (Shravya Kumbham) - hwmon: (adt7470) Fix warning on module removal (Armin Wolf) - NFC: netlink: fix sleep in atomic bug when firmware download timeout (Duoming Zhou) - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (Duoming Zhou) - nfc: replace improper check device_is_registered() in netlink related functions (Duoming Zhou) - can: grcan: use ofdev->dev when allocating DMA memory (Daniel Hellstrom) - can: grcan: grcan_close(): fix deadlock (Duoming Zhou) - ASoC: wm8958: Fix change notifications for DSP controls (Mark Brown) - firewire: core: extend card->lock in fw_core_handle_bus_reset (Niels Dossche) - firewire: remove check of list iterator against head past the loop body (Jakob Koschel) - firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) - Revert 'SUNRPC: attempt AF_LOCAL connect on setup' (Trond Myklebust) - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (Takashi Sakamoto) - parisc: Merge model and model name into one line in /proc/cpuinfo (Helge Deller) - MIPS: Fix CP0 counter erratum detection for R4k CPUs (Maciej W. Rozycki) - tty: n_gsm: fix incorrect UA handling (Daniel Starke) - tty: n_gsm: fix wrong command frame length field encoding (Daniel Starke) - tty: n_gsm: fix wrong command retry handling (Daniel Starke) - tty: n_gsm: fix missing explicit ldisc flush (Daniel Starke) - tty: n_gsm: fix insufficient txframe size (Daniel Starke) - tty: n_gsm: fix malformed counter for out of frame data (Daniel Starke) - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Daniel Starke) - drivers: net: hippi: Fix deadlock in rr_close() (Duoming Zhou) - cifs: destage any unwritten data to the server before calling copychunk_write (Ronnie Sahlberg) - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (Mikulas Patocka) - ASoC: wm8731: Disable the regulator when probing fails (Zheyu Ma) - bnx2x: fix napi API usage sequence (Manish Chopra) - net: bcmgenet: hide status block before TX timestamping (Jonathan Lemon) - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (Yang Yingliang) - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (Christophe JAILLET) - tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (Eric Dumazet) - ip_gre: Make o_seqno start from 0 in native mode (Peilin Ye) - pinctrl: pistachio: fix use of irq_of_parse_and_map() (Lv Ruyi) - sctp: check asoc strreset_chunk in sctp_generate_reconf_event (Xin Long) - mtd: rawnand: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) - ipvs: correctly print the memory size of ip_vs_conn_tab (Pengcheng Yang) - ARM: dts: Fix mmc order for omap3-gta04 (H. Nikolaus Schaller) - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (Miaoqian Lin) - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (Krzysztof Kozlowski) - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (Miaoqian Lin) - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (Fabio Estevam) - USB: Fix xhci event ring dequeue pointer ERDP update issue (Weitao Wang) - hex2bin: fix access beyond string end (Mikulas Patocka) - hex2bin: make the function hex_to_bin constant-time (Mikulas Patocka) - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (Maciej W. Rozycki) - serial: 8250: Also set sticky MCR bits in console restoration (Maciej W. Rozycki) - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (Vijayavardhan Vennapusa) - usb: gadget: uvc: Fix crash when encoding data for usb request (Dan Vacura) - usb: misc: fix improper handling of refcount in uss720_probe() (Hangyu Hua) - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (Zheyu Ma) - iio: dac: ad5446: Fix read_raw not returning set value (Michael Hennerich) - iio: dac: ad5592r: Fix the missing return value. (Zizhuang Deng) - xhci: stop polling roothubs after shutdown (Henry Lin) - USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (Daniele Palmas) - USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (Slark Xiao) - USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (Bruno Thomsen) - USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (Kees Cook) - USB: quirks: add STRING quirk for VCOM device (Oliver Neukum) - USB: quirks: add a Realtek card reader (Oliver Neukum) - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (Macpaul Lin) - lightnvm: disable the subsystem (Greg Kroah-Hartman) - net/sched: cls_u32: fix netns refcount changes in u32_change() (Eric Dumazet) - hamradio: remove needs_free_netdev to avoid UAF (Lin Ma) - hamradio: defer 6pack kfree after unregister_netdev (Lin Ma) - floppy: disable FDRAWCMD by default (Willy Tarreau) - Linux 4.14.277 (Greg Kroah-Hartman) - ax25: Fix UAF bugs in ax25 timers (Duoming Zhou) - ax25: Fix NULL pointer dereferences in ax25 timers (Duoming Zhou) - ax25: fix NPD bug in ax25_disconnect (Duoming Zhou) - ax25: fix UAF bug in ax25_send_control() (Duoming Zhou) - ax25: Fix refcount leaks caused by ax25_cb_del() (Duoming Zhou) - ax25: fix UAF bugs of net_device caused by rebinding operation (Duoming Zhou) - ax25: fix reference count leaks of ax25_dev (Duoming Zhou) - ax25: add refcount in ax25_dev to avoid UAF bugs (Duoming Zhou) - block/compat_ioctl: fix range check in BLKGETSIZE (Khazhismel Kumykov) - staging: ion: Prevent incorrect reference counting behavour (Lee Jones) - ext4: force overhead calculation if the s_overhead_cluster makes no sense (Theodore Ts'o) - ext4: fix overhead calculation to account for the reserved gdt blocks (Theodore Ts'o) - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (Tadeusz Struk) - ext4: fix symlink file size not match to file content (Ye Bin) - ARC: entry: fix syscall_trace_exit argument (Sergey Matyukevich) - e1000e: Fix possible overflow in LTR decoding (Sasha Neftin) - ASoC: soc-dapm: fix two incorrect uses of list iterator (Xiaomeng Tong) - openvswitch: fix OOB access in reserve_sfa_size() (Paolo Valerio) - powerpc/perf: Fix power9 event alternatives (Athira Rajeev) - dma: at_xdmac: fix a missing check on list iterator (Xiaomeng Tong) - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (Zheyu Ma) - stat: fix inconsistency between struct stat and struct compat_stat (Mikulas Patocka) - net: macb: Restart tx only if queue pointer is lagging (Tomas Melin) - drm/msm/mdp5: check the return of kzalloc() (Xiaoke Wang) - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (David Howells) - vxlan: fix error return code in vxlan_fdb_append (Hongbin Wang) - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (Jiapeng Chong) - ARM: vexpress/spc: Avoid negative array index when !SMP (Kees Cook) - netlink: reset network and mac headers in netlink_dump() (Eric Dumazet) - net/packet: fix packet_sock xmit return value checking (Hangbin Liu) - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (Miaoqian Lin) - tcp: Fix potential use-after-free due to double kfree() (Kuniyuki Iwashima) - tcp: fix race condition when creating child sockets from syncookies (Ricardo Dias) - ALSA: usb-audio: Clear MIDI port active flag after draining (Takashi Iwai) - gfs2: assign rgrp glock before compute_bitstructs (Bob Peterson) - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) - tracing: Dump stacktrace trigger to the corresponding instance (Daniel Bristot de Oliveira) - tracing: Have traceon and traceoff trigger honor the instance (Steven Rostedt (Google)) - mm: page_alloc: fix building error on -Werror=array-compare (Xiongwei Song) - etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead (Kees Cook) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1652 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 7 [4.14.35-2047.515.3] - uek-rpm: Enable Pensando EMMC reset controller (Thomas Tai) [Orabug: 34325721] - mfd: pensando_elbasr: Add Pensando Elba System Resource Chip (Brad Larson) [Orabug: 34325721] - dsc-drivers: update drivers for 1.15.9-C-65 (Shannon Nelson) [Orabug: 34325721] [4.14.35-2047.515.2] - net/rds: Delayed DR_SOCK_CANCEL (Gerd Rausch) [Orabug: 34105319] [4.14.35-2047.515.1] - sched/rt: Disable RT_RUNTIME_SHARE by default (Daniel Bristot de Oliveira) [Orabug: 34193333] - mstflint_access: Update driver code to v4.20.1-1 from Github (Qing Huang) [Orabug: 34286148] [4.14.35-2047.515.0] - net: ip: avoid OOM kills with large UDP sends over loopback (Venkat Venkatsubra) [Orabug: 34066209] - rdmaip: Flush ARP cache after address has been cleared (Gerd Rausch) [Orabug: 34285241] - rds: Include congested flag in rds_sock struct. (Rohit Nair) [Orabug: 34261492] - cpu/hotplug: Allow the CPU in CPU_UP_PREPARE state to be brought up again. (Longpeng(Mike)) [Orabug: 34234771] - x86/xen: Allow to retry if cpu_initialize_context() failed. (Boris Ostrovsky) [Orabug: 34234771] - floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218640] {CVE-2022-1652} - assoc_array: Fix BUG_ON during garbage collect (Stephen Brennan) [Orabug: 34162064] - exec, elf: fix reserve_va_range() sanity check (Anthony Yznaga) [Orabug: 32387887] - exec, elf: use already allocated notes data in reserve_va_range() (Anthony Yznaga) [Orabug: 32387887] - mm: madv_doexec_flag sysctl (Anthony Yznaga) [Orabug: 32387887] - mm: introduce MADV_DOEXEC (Anthony Yznaga) [Orabug: 32387887] - exec, elf: require opt-in for accepting preserved mem (Anthony Yznaga) [Orabug: 32387887] - mm: introduce VM_EXEC_KEEP (Anthony Yznaga) [Orabug: 32387887] - mm: fail exec if stack expansion will overlap another vma (Anthony Yznaga) [Orabug: 32387887] - mm: do not assume only the stack vma exists in setup_arg_pages() (Anthony Yznaga) [Orabug: 32387887] - ELF: when loading PIE binaries check for overlap with existing mappings (Anthony Yznaga) [Orabug: 32387887] - Linux 4.14.280 (Greg Kroah-Hartman) - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (Yang Yingliang) - ping: fix address binding wrt vrf (Nicolas Dichtel) - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (Zack Rusin) - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) - USB: serial: option: add Fibocom MA510 modem (Sven Schwermer) - USB: serial: option: add Fibocom L610 modem (Sven Schwermer) - USB: serial: qcserial: add support for Sierra Wireless EM7590 (Ethan Yang) - USB: serial: pl2303: add device id for HP LM930 Display (Scott Chen) - usb: cdc-wdm: fix reading stuck on device close (Sergey Ryazanov) - tcp: resalt the secret every 10 seconds (Eric Dumazet) - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (Mark Brown) - ASoC: max98090: Generate notifications on changes for custom control (Mark Brown) - ASoC: max98090: Reject invalid values in custom control put() (Mark Brown) - hwmon: (f71882fg) Fix negative temperature (Ji-Ze Hong (Peter Hong)) - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (Taehee Yoo) - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (Guangguan Wang) - s390/lcs: fix variable dereferenced before check (Alexandra Winter) - s390/ctcm: fix potential memory leak (Alexandra Winter) - s390/ctcm: fix variable dereferenced before check (Alexandra Winter) - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (Randy Dunlap) - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) - netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet) - ipv4: drop dst in multicast routing path (Lokesh Dhoundiyal) - net: Fix features skip in for_each_netdev_feature() (Tariq Toukan) - batman-adv: Don't skb_split skbuffs with frag_list (Sven Eckelmann) - Linux 4.14.279 (Greg Kroah-Hartman) - VFS: Fix memory leak caused by concurrently mounting fs with subtype (ChenXiaoSong) - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (Takashi Iwai) - mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (Muchun Song) - mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (Muchun Song) - mmc: rtsx: add 74 Clocks in power on flow (Ricky WU) - Bluetooth: Fix the creation of hdev->name (Itay Iellin) - can: grcan: only use the NAPI poll budget for RX (Andreas Larsson) - can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (Andreas Larsson) - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit (Lee Jones) - MIPS: Use address-of operator on section symbols (Nathan Chancellor) - Linux 4.14.278 (Greg Kroah-Hartman) - PCI: aardvark: Fix reading MSI interrupt number (Pali Rohar) - PCI: aardvark: Clear all MSIs at setup (Pali Rohar) - dm: interlock pending dm_io and dm_wait_for_bios_completion (Mike Snitzer) - dm: fix mempool NULL pointer race when completing IO (Jiazi Li) - net: ipv6: ensure we call ipv6_mc_down() at most once (j.nixdorf@avm.de) - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (Sandipan Das) - net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet) - btrfs: always log symlinks in full mode (Filipe Manana) - smsc911x: allow using IRQ0 (Sergey Shtylyov) - net: emaclite: Add error handling for of_address_to_resource() (Shravya Kumbham) - hwmon: (adt7470) Fix warning on module removal (Armin Wolf) - NFC: netlink: fix sleep in atomic bug when firmware download timeout (Duoming Zhou) - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (Duoming Zhou) - nfc: replace improper check device_is_registered() in netlink related functions (Duoming Zhou) - can: grcan: use ofdev->dev when allocating DMA memory (Daniel Hellstrom) - can: grcan: grcan_close(): fix deadlock (Duoming Zhou) - ASoC: wm8958: Fix change notifications for DSP controls (Mark Brown) - firewire: core: extend card->lock in fw_core_handle_bus_reset (Niels Dossche) - firewire: remove check of list iterator against head past the loop body (Jakob Koschel) - firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) - Revert 'SUNRPC: attempt AF_LOCAL connect on setup' (Trond Myklebust) - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (Takashi Sakamoto) - parisc: Merge model and model name into one line in /proc/cpuinfo (Helge Deller) - MIPS: Fix CP0 counter erratum detection for R4k CPUs (Maciej W. Rozycki) - tty: n_gsm: fix incorrect UA handling (Daniel Starke) - tty: n_gsm: fix wrong command frame length field encoding (Daniel Starke) - tty: n_gsm: fix wrong command retry handling (Daniel Starke) - tty: n_gsm: fix missing explicit ldisc flush (Daniel Starke) - tty: n_gsm: fix insufficient txframe size (Daniel Starke) - tty: n_gsm: fix malformed counter for out of frame data (Daniel Starke) - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Daniel Starke) - drivers: net: hippi: Fix deadlock in rr_close() (Duoming Zhou) - cifs: destage any unwritten data to the server before calling copychunk_write (Ronnie Sahlberg) - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (Mikulas Patocka) - ASoC: wm8731: Disable the regulator when probing fails (Zheyu Ma) - bnx2x: fix napi API usage sequence (Manish Chopra) - net: bcmgenet: hide status block before TX timestamping (Jonathan Lemon) - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (Yang Yingliang) - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (Christophe JAILLET) - tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (Eric Dumazet) - ip_gre: Make o_seqno start from 0 in native mode (Peilin Ye) - pinctrl: pistachio: fix use of irq_of_parse_and_map() (Lv Ruyi) - sctp: check asoc strreset_chunk in sctp_generate_reconf_event (Xin Long) - mtd: rawnand: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) - ipvs: correctly print the memory size of ip_vs_conn_tab (Pengcheng Yang) - ARM: dts: Fix mmc order for omap3-gta04 (H. Nikolaus Schaller) - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (Miaoqian Lin) - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (Krzysztof Kozlowski) - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (Miaoqian Lin) - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (Fabio Estevam) - USB: Fix xhci event ring dequeue pointer ERDP update issue (Weitao Wang) - hex2bin: fix access beyond string end (Mikulas Patocka) - hex2bin: make the function hex_to_bin constant-time (Mikulas Patocka) - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (Maciej W. Rozycki) - serial: 8250: Also set sticky MCR bits in console restoration (Maciej W. Rozycki) - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (Vijayavardhan Vennapusa) - usb: gadget: uvc: Fix crash when encoding data for usb request (Dan Vacura) - usb: misc: fix improper handling of refcount in uss720_probe() (Hangyu Hua) - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (Zheyu Ma) - iio: dac: ad5446: Fix read_raw not returning set value (Michael Hennerich) - iio: dac: ad5592r: Fix the missing return value. (Zizhuang Deng) - xhci: stop polling roothubs after shutdown (Henry Lin) - USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (Daniele Palmas) - USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (Slark Xiao) - USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (Bruno Thomsen) - USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (Kees Cook) - USB: quirks: add STRING quirk for VCOM device (Oliver Neukum) - USB: quirks: add a Realtek card reader (Oliver Neukum) - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (Macpaul Lin) - lightnvm: disable the subsystem (Greg Kroah-Hartman) - net/sched: cls_u32: fix netns refcount changes in u32_change() (Eric Dumazet) - hamradio: remove needs_free_netdev to avoid UAF (Lin Ma) - hamradio: defer 6pack kfree after unregister_netdev (Lin Ma) - floppy: disable FDRAWCMD by default (Willy Tarreau) - Linux 4.14.277 (Greg Kroah-Hartman) - ax25: Fix UAF bugs in ax25 timers (Duoming Zhou) - ax25: Fix NULL pointer dereferences in ax25 timers (Duoming Zhou) - ax25: fix NPD bug in ax25_disconnect (Duoming Zhou) - ax25: fix UAF bug in ax25_send_control() (Duoming Zhou) - ax25: Fix refcount leaks caused by ax25_cb_del() (Duoming Zhou) - ax25: fix UAF bugs of net_device caused by rebinding operation (Duoming Zhou) - ax25: fix reference count leaks of ax25_dev (Duoming Zhou) - ax25: add refcount in ax25_dev to avoid UAF bugs (Duoming Zhou) - block/compat_ioctl: fix range check in BLKGETSIZE (Khazhismel Kumykov) - staging: ion: Prevent incorrect reference counting behavour (Lee Jones) - ext4: force overhead calculation if the s_overhead_cluster makes no sense (Theodore Ts'o) - ext4: fix overhead calculation to account for the reserved gdt blocks (Theodore Ts'o) - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (Tadeusz Struk) - ext4: fix symlink file size not match to file content (Ye Bin) - ARC: entry: fix syscall_trace_exit argument (Sergey Matyukevich) - e1000e: Fix possible overflow in LTR decoding (Sasha Neftin) - ASoC: soc-dapm: fix two incorrect uses of list iterator (Xiaomeng Tong) - openvswitch: fix OOB access in reserve_sfa_size() (Paolo Valerio) - powerpc/perf: Fix power9 event alternatives (Athira Rajeev) - dma: at_xdmac: fix a missing check on list iterator (Xiaomeng Tong) - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (Zheyu Ma) - stat: fix inconsistency between struct stat and struct compat_stat (Mikulas Patocka) - net: macb: Restart tx only if queue pointer is lagging (Tomas Melin) - drm/msm/mdp5: check the return of kzalloc() (Xiaoke Wang) - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (David Howells) - vxlan: fix error return code in vxlan_fdb_append (Hongbin Wang) - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (Jiapeng Chong) - ARM: vexpress/spc: Avoid negative array index when !SMP (Kees Cook) - netlink: reset network and mac headers in netlink_dump() (Eric Dumazet) - net/packet: fix packet_sock xmit return value checking (Hangbin Liu) - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (Miaoqian Lin) - tcp: Fix potential use-after-free due to double kfree() (Kuniyuki Iwashima) - tcp: fix race condition when creating child sockets from syncookies (Ricardo Dias) - ALSA: usb-audio: Clear MIDI port active flag after draining (Takashi Iwai) - gfs2: assign rgrp glock before compute_bitstructs (Bob Peterson) - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) - tracing: Dump stacktrace trigger to the corresponding instance (Daniel Bristot de Oliveira) - tracing: Have traceon and traceoff trigger honor the instance (Steven Rostedt (Google)) - mm: page_alloc: fix building error on -Werror=array-compare (Xiongwei Song) - etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead (Kees Cook) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1652 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 olcne [1.4.6-2] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over - Update gen-certs-helper script to skip printing olcne_transfer_script execution - Cleanup grpc connection when node not found and use substr method in case fqdn used for hostname [1.4.6-1] - Adress Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227 [1.4.5-1] - Address qemu CVE-2022-26353, CVE-2021-3748 [1.4.4-1] - Excluded unnecessary directories from k8s backup files [1.4.3-1] - Update Istio to 1.13.2 [1.4.2-1] - Added 1.4 extra images to registry-image-helper.sh script [1.4.1-4] - Ensure that the order of items in an upgraded config file is stable with respect to the original file - Ensure that old olcnectl config files are upgraded [1.4.1-3] - Fixed a bug where specifying a port in the container-registry argument to the Kubernetes module would result in pods not being able to start. [1.4.1-2] - Allow loadbalancer to be configured regardless of security list mode [1.4.1-1] - Fix bug in initialising certs manager when environment name not mentioned [1.4.0-3] - Fix bug in fetching report for multi-environment [1.4.0-2] - Pause image is 3.4.1 [1.4.0-1] - CSI plugin - Reports feature - Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade - Istio-1.9.4 to Istio-1.11.4 upgrade - Component upgrades - Config file feature [1.3.0-13] - Fix iptables issue when running on OL7 host using OL8 image [1.3.0-12] - Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007 [1.3.0-11] - Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282] [1.3.0-10] - Fixed missing double semicolon in registry image helper [1.3.0-9] istio [1.13.5-1] - Added Oracle specific files for 1.13.5-1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29224 CVE-2022-29225 CVE-2022-31045 CVE-2022-29226 CVE-2022-29227 CVE-2022-29228 cpe:/a:oracle:linux:8::olcne14 cpe:/a:oracle:linux:8::olcne15 Oracle Linux 7 olcne [1.4.6-2] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over - Update gen-certs-helper script to skip printing olcne_transfer_script execution - Cleanup grpc connection when node not found and use substr method in case fqdn used for hostname [1.4.6-1] - Adress Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227 [1.4.5-1] - Address qemu CVE-2022-26353, CVE-2021-3748 [1.4.4-1] - Excluded unnecessary directories from k8s backup files [1.4.3-1] - Update Istio to 1.13.2 [1.4.2-1] - Added 1.4 extra images to registry-image-helper.sh script [1.4.1-4] - Ensure that the order of items in an upgraded config file is stable with respect to the original file - Ensure that old olcnectl config files are upgraded [1.4.1-3] - Fixed a bug where specifying a port in the container-registry argument to the Kubernetes module would result in pods not being able to start. [1.4.1-2] - Allow loadbalancer to be configured regardless of security list mode [1.4.1-1] - Fix bug in initialising certs manager when environment name not mentioned [1.4.0-3] - Fix bug in fetching report for multi-environment [1.4.0-2] - Pause image is 3.4.1 [1.4.0-1] - CSI plugin - Reports feature - Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade - Istio-1.9.4 to Istio-1.11.4 upgrade - Component upgrades - Config file feature [1.3.0-13] - Fix iptables issue when running on OL7 host using OL8 image [1.3.0-12] - Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007 [1.3.0-11] - Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282] [1.3.0-10] - Fixed missing double semicolon in registry image helper [1.3.0-9] istio [1.13.5-1] - Added Oracle specific files for 1.13.5-1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29226 CVE-2022-29227 CVE-2022-31045 CVE-2022-29224 CVE-2022-29228 CVE-2022-29225 cpe:/a:oracle:linux:7::olcne15 cpe:/a:oracle:linux:7::olcne14 Oracle Linux 8 olcne [1.5.4-3] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over [1.5.4-2] - Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227 [1.5.4-1] - Upgrade Kubernetes to 1.23.7 [1.5.3-1] - Address qemu CVE-2022-26353, CVE-2021-3748 [1.5.2-1] - Excluded unnecessary directories from k8s backup files [1.5.1-1] - Fixed the bug in fetching node metadata for non-cloud nodes [1.5.0-2] - Upgrade Helm to 3.7.1-2 [1.5.0-2] - fix null pointer exception in systemd service state validation [1.5.0-1] - Introduce support for compact Kubernetes clusters - Introduce MetalLB - Introduce Oracle Cloud Infrastructure Cloud Controller Manager - Improved log messages in Platform API Server and Platform Agent - Upgrade Kubernetes to 1.22.8 - Upgrade Istio to 1.13.2 - Renamed the oci-csi module to oci-ccm [1.5.0-20.alpha] - Update istio-1.13.2 grafana to 7.5.15 [1.5.0-14.alpha] - Metallb fix [1.5.0-11.alpha] - Remove module directories when olcne rpm is uninstalled [1.5.0-10.alpha] - OCI CCM 0.13.0 [1.5.0-9.alpha] - Reworked log messages [1.5.0-8.alpha] - Update Istio to 1.13.2(prometheus-2.31.1, grafana-8.4.6) [1.5.0-7.alpha] - Update Istio to 1.12.6(prometheus-2.30.1, grafana-7.5.15) [1.5.0-6.alpha] - Update to k8s 1.22 with golang 1.17 [1.5.0-5.alpha] - Update internal docs for oci-ccm module [1.5.0-4.alpha] - Extend oci-ccm module to support load balancer [1.5.0-3.alpha] - Firewall pre-req [1.5.0-2.alpha] - Ensure that config map settings needed by metallb is preserved during k8s upgrade [1.5.0-1.alpha] - Metallb module [1.4.1-14] - Added 1.4 extra images to registry-image-helper.sh script [1.4.1-13] - Update sudoers file and changed its permissions to '0440' [1.4.1-12] - Update olcne-kubernetes.md file for 'compact' flag [1.4.1-11] - Ensure that the order of items in an upgraded config file is stable with respect to the original file [1.4.1-10] - Ensure that old olcnectl config files are upgraded [1.4.1-9] - Rename oci-csi module to oci-ccm and add support for oci-ccm loadbalancer creation [1.4.1-8] - Make 'compact' flag updatable [1.4.1-7] - Introduce 'compact' that enables control-plane nodes to run any workloads [1.4.1-6] - Ability to label 1 or more kubernetes nodes [1.4.1-5] - Fixed a bug where specifying a port in the container-registry argument to the Kubernetes module would result in pods not being able to start. [1.4.1-4] - Update helm to 3.7.1 [1.4.1-3] - Update versions to Istio-1.12.2, prometheus-2.31.1 and grafana-7.5.11 [1.4.1-2] - Allow loadbalancer to be configured regardless of security list mode [1.4.0-4] - Fix bug in initialising certs manager when environment name not mentioned [1.4.0-3] - Fix bug in fetching report for multi-environment [1.4.0-2] - Pause image is 3.4.1 [1.4.0-1] - CSI plugin - Reports feature - Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade - Istio-1.9.4 to Istio-1.11.4 upgrade - Component upgrades - Config file feature [1.3.0-13] - Fix iptables issue when running on OL7 host using OL8 image [1.3.0-12] - Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007 [1.3.0-11] - Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282] [1.3.0-10] - Fixed missing double semicolon in registry image helper [1.3.0-9] istio [1.13.5-1] - Added Oracle specific files for 1.13.5-1 kubernetes [1.23.7-1] - Added Oracle specific build files for Kubernetes cri-tools [1.23.0-1] - Added Oracle Specific Build Files for cri-tools cri-o [1.23.3-1] - Added Oracle Specifile Files for cri-o kata [1.12.1-5] - updated cri-o and cri-tools versions to support kubernetes-1.23 [1.12.1-4] - update kata-image versions - update kernel-uek-container version to kernel-uek-container-5.4.17-2136.306.1.3 [1.21.1-3] - Support k8s 1.21.6 - updated kernel-uek-container version - updated kata-image versions - added buildhost variable [1.12.1-2] - Golang 1.15.9 [1.12.1-1] - Updated to kata 1.12.1 - Updated guest kernel (kernel-uek-container) minimum version to UEK6U2 (5.4.17-2102.200.7) etcd [3.5.1-2] - Updated THIRD_PARTY_LICENSES.txt file [3.5.1-1] - Added Oracle specific build files IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29228 CVE-2022-29224 CVE-2022-29226 CVE-2022-29227 CVE-2022-31045 CVE-2022-29225 cpe:/a:oracle:linux:8::olcne14 cpe:/a:oracle:linux:8::olcne15 Oracle Linux 7 olcne [1.5.4-3] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over [1.5.4-2] - Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227 [1.5.4-1] - Upgrade Kubernetes to 1.23.7 [1.5.3-1] - Address qemu CVE-2022-26353, CVE-2021-3748 [1.5.2-1] - Excluded unnecessary directories from k8s backup files [1.5.1-1] - Fixed the bug in fetching node metadata for non-cloud nodes [1.5.0-2] - Upgrade Helm to 3.7.1-2 [1.5.0-2] - fix null pointer exception in systemd service state validation [1.5.0-1] - Introduce support for compact Kubernetes clusters - Introduce MetalLB - Introduce Oracle Cloud Infrastructure Cloud Controller Manager - Improved log messages in Platform API Server and Platform Agent - Upgrade Kubernetes to 1.22.8 - Upgrade Istio to 1.13.2 - Renamed the oci-csi module to oci-ccm [1.5.0-20.alpha] - Update istio-1.13.2 grafana to 7.5.15 [1.5.0-14.alpha] - Metallb fix [1.5.0-11.alpha] - Remove module directories when olcne rpm is uninstalled [1.5.0-10.alpha] - OCI CCM 0.13.0 [1.5.0-9.alpha] - Reworked log messages [1.5.0-8.alpha] - Update Istio to 1.13.2(prometheus-2.31.1, grafana-8.4.6) [1.5.0-7.alpha] - Update Istio to 1.12.6(prometheus-2.30.1, grafana-7.5.15) [1.5.0-6.alpha] - Update to k8s 1.22 with golang 1.17 [1.5.0-5.alpha] - Update internal docs for oci-ccm module [1.5.0-4.alpha] - Extend oci-ccm module to support load balancer [1.5.0-3.alpha] - Firewall pre-req [1.5.0-2.alpha] - Ensure that config map settings needed by metallb is preserved during k8s upgrade [1.5.0-1.alpha] - Metallb module [1.4.1-14] - Added 1.4 extra images to registry-image-helper.sh script [1.4.1-13] - Update sudoers file and changed its permissions to '0440' [1.4.1-12] - Update olcne-kubernetes.md file for 'compact' flag [1.4.1-11] - Ensure that the order of items in an upgraded config file is stable with respect to the original file [1.4.1-10] - Ensure that old olcnectl config files are upgraded [1.4.1-9] - Rename oci-csi module to oci-ccm and add support for oci-ccm loadbalancer creation [1.4.1-8] - Make 'compact' flag updatable [1.4.1-7] - Introduce 'compact' that enables control-plane nodes to run any workloads [1.4.1-6] - Ability to label 1 or more kubernetes nodes [1.4.1-5] - Fixed a bug where specifying a port in the container-registry argument to the Kubernetes module would result in pods not being able to start. [1.4.1-4] - Update helm to 3.7.1 [1.4.1-3] - Update versions to Istio-1.12.2, prometheus-2.31.1 and grafana-7.5.11 [1.4.1-2] - Allow loadbalancer to be configured regardless of security list mode [1.4.0-4] - Fix bug in initialising certs manager when environment name not mentioned [1.4.0-3] - Fix bug in fetching report for multi-environment [1.4.0-2] - Pause image is 3.4.1 [1.4.0-1] - CSI plugin - Reports feature - Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade - Istio-1.9.4 to Istio-1.11.4 upgrade - Component upgrades - Config file feature [1.3.0-13] - Fix iptables issue when running on OL7 host using OL8 image [1.3.0-12] - Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007 [1.3.0-11] - Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282] [1.3.0-10] - Fixed missing double semicolon in registry image helper [1.3.0-9] istio [1.13.5-1] - Added Oracle specific files for 1.13.5-1 kubernetes [1.23.7-1] - Added Oracle specific build files for Kubernetes cri-tools [1.23.0-1] - Added Oracle Specific Build Files for cri-tools cri-o [1.23.3-1] - Added Oracle Specifile Files for cri-o kata [1.12.1-5] - updated cri-o and cri-tools versions to support kubernetes-1.23 [1.12.1-4] - update kata-image versions - update kernel-uek-container version to kernel-uek-container-5.4.17-2136.306.1.3 [1.21.1-3] - Support k8s 1.21.6 - updated kernel-uek-container version - updated kata-image versions - added buildhost variable [1.12.1-2] - Golang 1.15.9 [1.12.1-1] - Updated to kata 1.12.1 - Updated guest kernel (kernel-uek-container) minimum version to UEK6U2 (5.4.17-2102.200.7) etcd [3.5.1-2] - Updated THIRD_PARTY_LICENSES.txt file [3.5.1-1] - Added Oracle specific build files IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29228 CVE-2022-29225 CVE-2022-29224 CVE-2022-29227 CVE-2022-29226 CVE-2022-31045 cpe:/a:oracle:linux:7::olcne15 cpe:/a:oracle:linux:7::olcne14 Oracle Linux 8 Oracle Linux 9 [5.15.0-0.30.20] - floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218638] {CVE-2022-1652} - x86: Disable RET on kexec (Konrad Rzeszutek Wilk) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/common: Stamp out the stepping madness (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - objtool: Add entry UNRET validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Add retbleed=ibpb (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/xen: Rename SYS* entry points (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - objtool: Update Retpoline validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - intel_idle: Disable IBRS during long idle (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/entry: Add kernel IBRS implementation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Report AMD retbleed vulnerability (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86: Add magic AMD return-thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - objtool: Treat .text.__x86.* as noinstr (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86: Use return-thunk in asm code (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/sev: Avoid using __x86_return_thunk (Kim Phillips) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bpf: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/ftrace: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86,static_call: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86,objtool: Create .return_sites (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86: Undo return-thunk damage (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/retpoline: Use -mfunction-return (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/cpufeatures: Move RETPOLINE flags to word 11 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/kvm/vmx: Make noinstr clean (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/entry: Remove skip_r11rcx (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/entry: Fix register corruption in compat syscall (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/entry: Use PUSH_AND_CLEAR_REGS for compat (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/entry: Simplify entry_INT80_compat() (Linus Torvalds) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/mm: Simplify RESERVE_BRK() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86,static_call: Fix __static_call_return0 for i386 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - objtool: Default ignore INT3 for unreachable (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86: Add straight-line-speculation mitigation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - objtool: Add straight-line-speculation validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86: Prepare asm files for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/lib/atomic64_386_32: Rename things (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/alternative: Relax text_poke_bp() constraint (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - static_call,x86: Robustify trampoline patching (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/xen: Move hypercall_page to top of the file (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29901 CVE-2022-23816 CVE-2022-1652 cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 [5.15.0-0.30.20] - floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218638] {CVE-2022-1652} - x86: Disable RET on kexec (Konrad Rzeszutek Wilk) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/common: Stamp out the stepping madness (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - objtool: Add entry UNRET validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Add retbleed=ibpb (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/xen: Rename SYS* entry points (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - objtool: Update Retpoline validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - intel_idle: Disable IBRS during long idle (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/entry: Add kernel IBRS implementation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Report AMD retbleed vulnerability (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86: Add magic AMD return-thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - objtool: Treat .text.__x86.* as noinstr (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86: Use return-thunk in asm code (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/sev: Avoid using __x86_return_thunk (Kim Phillips) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/bpf: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/ftrace: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86,static_call: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86,objtool: Create .return_sites (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86: Undo return-thunk damage (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/retpoline: Use -mfunction-return (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/cpufeatures: Move RETPOLINE flags to word 11 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/kvm/vmx: Make noinstr clean (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/entry: Remove skip_r11rcx (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/entry: Fix register corruption in compat syscall (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/entry: Use PUSH_AND_CLEAR_REGS for compat (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/entry: Simplify entry_INT80_compat() (Linus Torvalds) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/mm: Simplify RESERVE_BRK() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86,static_call: Fix __static_call_return0 for i386 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - objtool: Default ignore INT3 for unreachable (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86: Add straight-line-speculation mitigation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - objtool: Add straight-line-speculation validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86: Prepare asm files for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/lib/atomic64_386_32: Rename things (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/alternative: Relax text_poke_bp() constraint (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - static_call,x86: Robustify trampoline patching (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/xen: Move hypercall_page to top of the file (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-23816 CVE-2022-1652 CVE-2022-29901 cpe:/a:oracle:linux:8::UEKR7 Oracle Linux 8 [2.02-123.0.7.el8_6.8] - Enable back btrfs module by default [Orabug: 34377188] [2.02-123.0.6.el8_6.8] - Backport upstream SNP protocol fixes [Orabug: 34195100] [2.02-123.0.5.el8_6.8] - Rebase Fix EFI loader kernel image allocation patch, adapt it to new NX code [Orabug: 34352232] [2.02-123.0.4.el8_6.8] - enable multiboot2 [Orabug: 34285558] - backport arm64: Fix EFI loader kernel image allocation [Orabug: 33702462] - backport Arm: check for the PE magic for the compiled arch [Orabug: 33702462] - Backport some better script logic for BTRFS support [Orabug: 32448171] - Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033] - Update Oracle SBAT data [Orabug: 32670033] - Use new signing certificate [Orabug: 32670033] - Fix various coverity issues [Orabug: 32530657] - Set proper blsdir if /boot is on btrfs rootfs [Orabug: 32063327] - Add CVE-2020-15706, CVE-2020-15707 to the list [Orabug: 31225072] - honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497] - set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597] - Update upstream references [Orabug: 26388226] - Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955] - fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481] - Fix comparison in patch for 18504756 - Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481] - Put 'with' in menuentry instead of 'using' [Orabug: 18504756] - Use different titles for UEK and RHCK kernels [Orabug: 18504756] [2.06-123.el8_6.8] - CVE fixes for 2022-06-07 - CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 - CVE-2021-3697 CVE-2021-3696 CVE-2021-3695 - Resolves: #2031899 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-3696 CVE-2022-28737 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 CVE-2021-3697 CVE-2022-28733 CVE-2021-3695 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest Oracle Linux 9 [2.06-27.0.6.el9_0.7] - Enable back btrfs grub module for EFI pre-built image [Orabug: 34360986] [2.06-27.0.5.el9_0.7] - Replaced bugzilla.oracle.com references [Orabug: 34202300] - Update provided certificate version to 202204 [JIRA: OLDIS-16371] - Various coverity fixes [JIRA: OLDIS-16371] - bump SBAT generation - Update bug url [Orabug: 34202300] - Revert provided certificate version back to 202102 [JIRA: OLDIS-16371] - Update signing certificate [JIRA: OLDIS-16371] - fix SBAT data [JIRA: OLDIS-16371] - Update requires [JIRA: OLDIS-16371] - Rebuild for SecureBoot signatures [Orabug: 33801813] - Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033] - Update Oracle SBAT data [Orabug: 32670033] - Use new signing certificate [Orabug: 32670033] - honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497] - set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597] - Update upstream references [Orabug: 26388226] - Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955] - Put 'with' in menuentry instead of 'using' [Orabug: 18504756] - Use different titles for UEK and RHCK kernels [Orabug: 18504756] [2.06-27.el9_0.7] - CVE fixes for 2022-06-07 - CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 - CVE-2021-3697 CVE-2021-3696 CVE-2021-3695 - Resolves: #2089810 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-3695 CVE-2022-28735 CVE-2021-3696 CVE-2022-28734 CVE-2021-3697 CVE-2022-28736 CVE-2022-28737 CVE-2022-28733 cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 Oracle Linux 9 [5.15.0-0.30.20.1] - lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34386636] {CVE-2022-21505} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21505 cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 [5.15.0-0.30.20.1] - lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34386636] {CVE-2022-21505} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21505 cpe:/a:oracle:linux:8::UEKR7 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.309.5] - lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34386637] {CVE-2022-21505} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21505 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.309.5] - lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34386637] {CVE-2022-21505} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21505 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21549 CVE-2022-34169 CVE-2022-21540 CVE-2022-21541 CVE-2022-25647 cpe:/a:oracle:linux:7::graalvm_community Oracle Linux 7 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21549 CVE-2022-34169 CVE-2022-25647 CVE-2022-21540 CVE-2022-21541 cpe:/a:oracle:linux:7::graalvm_community Oracle Linux 7 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-34169 CVE-2022-25647 CVE-2022-21540 CVE-2022-21549 CVE-2022-21541 cpe:/a:oracle:linux:7::graalvm_community Oracle Linux 7 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21541 CVE-2022-21540 CVE-2022-34169 CVE-2022-25647 CVE-2022-21549 cpe:/a:oracle:linux:7::graalvm_community Oracle Linux 7 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 CVE-2022-21549 CVE-2022-25647 cpe:/a:oracle:linux:7::graalvm_community Oracle Linux 7 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-25647 CVE-2022-21540 CVE-2022-34169 CVE-2022-21549 CVE-2022-21541 cpe:/a:oracle:linux:7::graalvm_community Oracle Linux 7 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-34169 CVE-2022-21540 CVE-2022-25647 CVE-2022-21549 CVE-2022-21541 cpe:/a:oracle:linux:7::graalvm_community Oracle Linux 7 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-25647 CVE-2022-21540 CVE-2022-21549 CVE-2022-34169 CVE-2022-21541 cpe:/a:oracle:linux:7::graalvm_community Oracle Linux 8 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-34169 CVE-2022-21549 CVE-2022-21541 CVE-2022-25647 CVE-2022-21540 cpe:/a:oracle:linux:8::graalvm_community Oracle Linux 8 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-25647 CVE-2022-21540 CVE-2022-34169 CVE-2022-21541 CVE-2022-21549 cpe:/a:oracle:linux:8::graalvm_community Oracle Linux 8 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21549 CVE-2022-34169 CVE-2022-21541 CVE-2022-25647 CVE-2022-21540 cpe:/a:oracle:linux:8::graalvm_community Oracle Linux 8 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-25647 CVE-2022-21541 CVE-2022-21549 CVE-2022-34169 CVE-2022-21540 cpe:/a:oracle:linux:8::graalvm_community Oracle Linux 8 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-34169 CVE-2022-21541 CVE-2022-25647 CVE-2022-21549 CVE-2022-21540 cpe:/a:oracle:linux:8::graalvm_community Oracle Linux 8 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-25647 CVE-2022-21541 CVE-2022-21540 CVE-2022-34169 CVE-2022-21549 cpe:/a:oracle:linux:8::graalvm_community Oracle Linux 8 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-25647 CVE-2022-21549 CVE-2022-21541 CVE-2022-34169 CVE-2022-21540 cpe:/a:oracle:linux:8::graalvm_community Oracle Linux 8 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21540 CVE-2022-21549 CVE-2022-34169 CVE-2022-25647 CVE-2022-21541 cpe:/a:oracle:linux:8::graalvm_community Oracle Linux 6 Oracle Linux 7 [4.1.12-124.65.1] - cgroup-v1: Require capabilities to set release_agent (Eric W. Biederman) [Orabug: 33825689] {CVE-2022-0492} - ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34091904] - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) [Orabug: 34091904] - ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34091904] - uek: kabi: new kABI symbols by USM and fix kABI files (Saeed Mirzamohammadi) [Orabug: 34233929] - netfilter: nf_tables: disallow non-stateful expression in sets earlier (Pablo Neira Ayuso) [Orabug: 34247343] {CVE-2022-32250} - netfilter: nf_tables: fix memory leak if expr init fails (Liping Zhang) [Orabug: 34247343] - floppy: disable FDRAWCMD by default (Willy Tarreau) [Orabug: 34308428] {CVE-2022-33981} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-33981 CVE-2022-32250 CVE-2022-0492 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 7 libvirt [5.7.0-34.el7] - qemu: blockcopy: Allow late opening of the backing chain of a shallow copy (Peter Krempa) [Orabug: 33091019] - qemu: capabilities: Introduce QEMU_CAPS_BLOCKDEV_SNAPSHOT_ALLOW_WRITE_ONLY (Peter Krempa) [Orabug: 33091019] - qemuDomainBlockCopyCommon: Record updated flags to block job (Peter Krempa) [Orabug: 33091019] - qemuDomainBlockPivot: Move check prior to executing the pivot steps (Peter Krempa) [Orabug: 33091019] - qemuDomainBlockPivot: Copy bitmaps backing checkpoints for virDomainBlockCopy (Peter Krempa) [Orabug: 33091019] - qemu: block: Introduce function to calculate bitmap handling for block-copy (Peter Krempa) [Orabug: 33091019] - qemu: block: Add validator for bitmap chains accross backing chains (Peter Krempa) [Orabug: 33091019] - qemu: blockjob: Store 'flags' for all the block job types (Peter Krempa) [Orabug: 33091019] - qemu: blockjob: Store 'jobflags' with block job data (Peter Krempa) [Orabug: 33091019] - util: json: Introduce virJSONValueArrayConcat (Peter Krempa) [Orabug: 33091019] - qemu: block: Extract calls of qemuBlockGetNamedNodeData into a helper function (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Track and relabel images for bitmap merging (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Introduce support for deleting checkpoints accross snapshots (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Extract calculation of bitmap merging for checkpoint deletion (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Introduce helper to find checkpoint disk definition in parents (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: tolerate missing disks on checkpoint deletion (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Use disk definition directly when creating checkpoint (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: rename disk->chkdisk in qemuCheckpointAddActions (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: rename disk->chkdisk in qemuCheckpointDiscardBitmaps (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: split out checkpoint deletion bitmaps (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Store whether deleted checkpoint is current in a variable (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Extract and export rollback of checkpoint metadata storing (Peter Krempa) [Orabug: 33091019] - qemu: block: Introduce qemuBlockNamedNodeDataGetBitmapByName (Peter Krempa) [Orabug: 33091019] - qemu: snapshot: Propagate active bitmaps through external snapshots (Peter Krempa) [Orabug: 33091019] - qemu: monitor: Add 'granularity' parameter for block-dirty-bitmap-add (Peter Krempa) [Orabug: 33091019] - qemu: snapshot: Fold formatting of snapshot transaction into prepare func (Peter Krempa) [Orabug: 33091019] - qemu: Check for explicit failure of qemuBlockSnapshotAddBlockdev (Peter Krempa) [Orabug: 33091019] - qemu: monitor: Extract internals of qemuMonitorJSONBlockGetNamedNodeData (Peter Krempa) [Orabug: 33091019] - qemu: monitor: Extract data about dirty-bimaps in qemuMonitorBlockGetNamedNodeData (Peter Krempa) [Orabug: 33091019] - qemu: block: enable the snapshot image deletion feature (Pavel Mores) [Orabug: 33091019] - qemu: block: propagate the delete flag to where it can actually be used (Pavel Mores) [Orabug: 33091019] - qemu: checkpoint: fix NULL dereference at create time (Cole Robinson) [Orabug: 33091019] - qemu: snapshot: Mark file becoming backingStore as read-only (Peter Krempa) [Orabug: 33091019] - util: consolidate on one free callback for hash data (Daniel P. Berrange) [Orabug: 33091019] - conf: stop using hash key when free'ing hash entries (Daniel P. Berrange) [Orabug: 33091019] - qemu: checkpoint: Use qemuMonitorTransactionBitmapMergeSourceAddBitmap (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Fix rollback and access to unlocked 'vm' when deleting checkpoints (Peter Krempa) [Orabug: 33091019] - qemu: snapshot: split out preparation of a snapshot with blockdev (Peter Krempa) [Orabug: 33091019] - qemu: monitor: Add helper for generating data for block bitmap merging (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Extract finalizing steps of checkpoint creation (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Split out checkpoint creation code (Peter Krempa) [Orabug: 33091019] - qemu: block: Don't query monitor in qemuBlockStorageSourceCreateDetectSize (Peter Krempa) [Orabug: 33091019] - qemu: monitor: Introduce new interface to query-named-block-nodes (Peter Krempa) [Orabug: 33091019] - util: hash: Introduce virHashHasEntry (Peter Krempa) [Orabug: 33091019] - util: hash: Add new constructor 'virHashNew' (Peter Krempa) [Orabug: 33091019] - util: hash: Add possibility to use simpler data free function in virHash (Peter Krempa) [Orabug: 33091019] - conf: Introduce virDomainDiskByTarget (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Don't update current checkpoint until we are done (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Replace open-coded transaction action generators (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Refactor cleanup in qemuCheckpointCreateXML (Peter Krempa) [Orabug: 33091019] - qemu: domain: Move checkpoint related code to qemu_checkpoint.c (Peter Krempa) [Orabug: 33091019] - qemu: driver: Move checkpoint-related code to qemu_checkpoint.c (Peter Krempa) [Orabug: 33091019] - qemu: Move, rename and export qemuDomObjFromDomain (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Don't forbid checkpoint when VM is marked for autodestroy (Peter Krempa) [Orabug: 33091019] - Prepare to hotplug vNUMA targets for non-X86_64 guests (Wim ten Have) [Orabug: 34256070] - qemu: Add missing lock in qemuProcessHandleMonitorEOF (Peng Liang) [Orabug: 34210159] {CVE-2021-3975} - libvirt: Fix Auto host partitioning threads under single-socket hosts (Wim ten Have) [Orabug: 34153152] libvirt-python [5.7.0-34.el7] - libvirt-python.spec: Bump 'Obsoletes' version number for libvirt-python (Karl Heubaum) [Orabug: 34185868] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-3975 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::kvm_utils cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [15:4.2.1-18.el7] - block: introduce max_hw_iov for use in scsi-generic (Paolo Bonzini) [Orabug: 33785156] - file-posix: try BLKSECTGET on block devices too, do not round to power of 2 (Paolo Bonzini) [Orabug: 33785156] - block: add max_hw_transfer to BlockLimits (Paolo Bonzini) [Orabug: 33785156] - block-backend: align max_transfer to request alignment (Paolo Bonzini) [Orabug: 33785156] - osdep: provide ROUND_DOWN macro (Paolo Bonzini) [Orabug: 33785156] - scsi-generic: pass max_segments via max_iov field in BlockLimits (Paolo Bonzini) [Orabug: 33785156] - file-posix: fix max_iov for /dev/sg devices (Paolo Bonzini) [Orabug: 33785156] - display/qxl-render: fix race condition in qxl_cursor (CVE-2021-4207) (Mauro Matteo Cascella) [Orabug: 34049511] {CVE-2021-4207} - ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206) (Mauro Matteo Cascella) [Orabug: 34049509] {CVE-2021-4206} - hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507) (Philippe Mathieu-Daude) [Orabug: 32860387] {CVE-2021-3507} - pc: q35: Bump max_cpus to 512 (Suravee Suthikulpanit) [Orabug: 34314249] - tests/qtest: fix pvpanic-pci-test (Mark Kanda) [Orabug: 34284763] - libqos: pci-pc: use 32-bit write for EJ register (Paolo Bonzini) [Orabug: 34284758] - libqos: usb-hcd-ehci: use 32-bit write for config register (Paolo Bonzini) [Orabug: 34284768] - target/i386/kvm: Fix disabling MPX on '-cpu host' with MPX-capable host (Maciej S. Szmigiero) [Orabug: 33528615] - i386: Mask SVM features if nested SVM is disabled (Eduardo Habkost) [Orabug: 33860224] - ide: Cap LBA28 capacity announcement to 2^28-1 (Samuel Thibault) [Orabug: 25327652] - tests/acpi: update expected arm/virt tables (Mark Kanda) [Orabug: 34132842] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-3507 CVE-2021-4206 CVE-2021-4207 cpe:/a:oracle:linux:7::developer_kvm_utils cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:linux:7::kvm_utils cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 6 [3:1.17-33.31.0.3] - update 06-55-04 to 0x2006d05 - update 06-55-07 to 0x5003302 - update 06-6a-04 to 0xb000280 - update 06-6a-06 to 0xd000375 [3:1.17-33.31.0.2] - update Intel microcode bundle to 20210608 [3:1.17-33.31.0.1] - recognize the 'force-intel' file path available on EL7+ [orabug 31655792] - disable live load during %post due to UEK4 rendezvous timeouts [orabug 31655792] - merge Oracle changes for early load via dracut - remove no longer appropriate caveats for 06-2d-07 and 06-55-04 - remove other caveat support to be compatible with early load logic - enable late load on install for UEK4 kernels marked safe (except BDW-79) - set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618737] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21127 CVE-2022-21166 CVE-2022-21125 CVE-2022-21123 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:linux:6:10:ELS cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 Oracle Linux 7 [2.4.6-97.0.7.5] - mod_proxy: ap_proxy_http_request() to clear hop-by-hop first and fixup last [CVE-2022-31813][Orabug: 34381850] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31813 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 6 [2.2.15-69.0.4] - mod_proxy: ap_proxy_http_request() to clear hop-by-hop first and fixup last [CVE-2022-31813][Orabug: 34317859] [2.2.15-69.0.3] - core: Simpler connection close logic [CVE-2022-22720][Orabug: 33991577] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31813 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 9 [2.4.51-7.0.2] - mod_proxy: ap_proxy_http_request() to clear hop-by-hop first and fixup last [CVE-2022-31813][Orabug: 34381949] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31813 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 httpd [2.4.37-47.0.2.2] - mod_proxy: ap_proxy_http_request() to clear hop-by-hop first and IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31813 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [1:1.1.1k-7] - Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 - Update expired certificates used in the testsuite Resolves: rhbz#2100554 - Fix CVE-2022-1292: openssl: c_rehash script allows command injection Resolves: rhbz#2090371 - Fix CVE-2022-2068: the c_rehash script allows command injection Resolves: rhbz#2098278 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2097 CVE-2022-2068 CVE-2022-1292 cpe:/a:oracle:linux:8::userspace_ksplice Oracle Linux 8 Oracle Linux 9 [5.15.0-1.43.4.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460936] {CVE-2022-2588} [5.15.0-1.43.4] - Revert selftests/bpf: add tests verifying unprivileged bpf behaviour (Alan Maguire) [Orabug: 34399286] - Revert selftests/bpf: Add test for reg2btf_ids out of bounds access (Alan Maguire) [Orabug: 34399286] [5.15.0-1.43.3] - x86/alternative: The retpoline alternative is not applied (Alexandre Chartre) [Orabug: 34395937] - x86/ftrace: Do not copy ftrace_stub() in ftrace trampoline (Alexandre Chartre) [Orabug: 34395937] [5.15.0-100.43.0] - ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364336] - ocfs2: dlmfs: dont clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364336] - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) [Orabug: 34364336] - net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34366723] - lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34393053] {CVE-2022-21505} [5.15.0-1.43.1] - LTS version: v5.15.43 (Jack Vogel) - mptcp: Do TCP fallback on early DSS checksum failure (Mat Martineau) - LTS version: v5.15.42 (Jack Vogel) - afs: Fix afs_getattr() to refetch file status if callback break occurred (David Howells) - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (Yang Yingliang) - mt76: mt7921e: fix possible probe failure after reboot (Sean Wang) - dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group (Jae Hyun Yoo) - Input: ili210x - fix reset timing (Marek Vasut) - arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs (Shreyas K K) - net: atlantic: verify hw_head_ lies within TX buffer ring (Grant Grundler) - net: atlantic: add check for MAX_SKB_FRAGS (Grant Grundler) - net: atlantic: reduce scope of is_rsc_complete (Grant Grundler) - net: atlantic: fix frag[0] not initialized (Grant Grundler) - net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() (Yang Yingliang) - ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() (Yang Yingliang) - nl80211: fix locking in nl80211_set_tx_bitrate_mask() (Johannes Berg) - net: fix wrong network header length (Lina Wang) - fbdev: Prevent possible use-after-free in fb_release() (Daniel Vetter) - Revert fbdev: Make fb_release() return -ENODEV if fbdev was unregistered (Javier Martinez Canillas) - selftests: add ping test with ping_group_range tuned (Nicolas Dichtel) - nl80211: validate S1G channel width (Kieran Frewen) - mac80211: fix rx reordering with non explicit / psmp ack policy (Felix Fietkau) - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (Gleb Chesnokov) - scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (Brian Bunker) - perf bench numa: Address compiler error on s390 (Thomas Richter) - perf regs x86: Fix arch__intr_reg_mask() for the hybrid platform (Kan Liang) - gpio: mvebu/pwm: Refuse requests with inverted polarity (Uwe Kleine-Konig) - gpio: gpio-vf610: do not touch other bits when set the target bit (Haibo Chen) - perf build: Fix check for btf__load_from_kernel_by_id() in libbpf (Arnaldo Carvalho de Melo) - scsi: ufs: core: Fix referencing invalid rsp field (Daejun Park) - riscv: dts: sifive: fu540-c000: align dma node name with dtschema (Krzysztof Kozlowski) - net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. (Andrew Lunn) - netfilter: flowtable: move dst_check to packet path (Ritaro Takenaka) - netfilter: flowtable: pass flowtable to nf_flow_table_iterate() (Pablo Neira Ayuso) - netfilter: flowtable: fix TCP flow teardown (Pablo Neira Ayuso) - igb: skip phy status check where unavailable (Kevin Mitchell) - mptcp: fix checksum byte order (Paolo Abeni) - mptcp: reuse __mptcp_make_csum in validate_data_csum (Geliang Tang) - mptcp: change the parameter of __mptcp_make_csum (Geliang Tang) - ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (Ard Biesheuvel) - ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (Ard Biesheuvel) - net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang) - net/mlx5e: Properly block LRO when XDP is enabled (Maxim Mikityanskiy) - net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (Maor Dickman) - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (Duoming Zhou) - net/qla3xxx: Fix a test in ql_reset_work() (Christophe JAILLET) - clk: at91: generated: consider range when calculating best rate (Codrin Ciubotariu) - ice: Fix interrupt moderation settings getting cleared (Michal Wilczynski) - ice: move ice_container_type onto ice_ring_container (Maciej Fijalkowski) - ice: fix possible under reporting of ethtool Tx and Rx statistics (Paul Greenwalt) - ice: fix crash when writing timestamp on RX rings (Arkadiusz Kubalewski) - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) - net: systemport: Fix an error handling path in bcm_sysport_probe() (Christophe JAILLET) - Revert PCI: aardvark: Rewrite IRQ code to chained IRQ handler (Pali Rohar) - netfilter: nft_flow_offload: fix offload with pppoe + vlan (Felix Fietkau) - net: fix dev_fill_forward_path with pppoe + bridge (Felix Fietkau) - netfilter: nft_flow_offload: skip dst neigh lookup for ppp devices (Felix Fietkau) - netfilter: flowtable: fix excessive hw offload attempts after failure (Felix Fietkau) - net/sched: act_pedit: sanitize shift argument before usage (Paolo Abeni) - xfrm: fix disable_policy flag use when arriving from different devices (Eyal Birger) - xfrm: rework default policy structure (Nicolas Dichtel) - net: macb: Increment rx bd head after allocating skb and buffer (Harini Katakam) - net: ipa: record proper RX transaction count (Alex Elder) - ALSA: hda - fix unused Realtek function when PM is not enabled (Randy Dunlap) - pinctrl: mediatek: mt8365: fix IES control pins (Mattijs Korpershoek) - ARM: dts: aspeed: Add video engine to g6 (Howard Chiu) - ARM: dts: aspeed: Add secure boot controller node (Joel Stanley) - ARM: dts: aspeed: Add ADC for AST2600 and enable for Rainier and Everest (Eddie James) - ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group (Jae Hyun Yoo) - pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl (Jae Hyun Yoo) - ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi (Jae Hyun Yoo) - dma-buf: ensure unique directory name for dmabuf stats (Charan Teja Kalla) - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (Jerome Pouiller) - drm/dp/mst: fix a possible memory leak in fetch_monitor_name() (Hangyu Hua) - drm/i915/dmc: Add MMIO range restrictions (Anusha Srivatsa) - drm/amd: Dont reset dGPUs if the system is going to s2idle (Mario Limonciello) - libceph: fix potential use-after-free on linger ping and resends (Ilya Dryomov) - crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ (Ondrej Mosnacek) - arm64: mte: Ensure the cleared tags are visible before setting the PTE (Catalin Marinas) - arm64: paravirt: Use RCU read locks to guard stolen_time (Prakruthi Deepak Heragu) - KVM: x86/mmu: Update number of zapped pages even if page list is stable (Sean Christopherson) - Revert can: m_can: pci: use custom bit timings for Elkhart Lake (Jarkko Nikula) - PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold (Rafael J. Wysocki) - Fix double fget() in vhost_net_set_backend() (Al Viro) - selinux: fix bad cleanup on error in hashtab_duplicate() (Ondrej Mosnacek) - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (Werner Sembach) - ALSA: wavefront: Proper check of get_user() error (Takashi Iwai) - ALSA: usb-audio: Restore Rane SL-1 quirk (Takashi Iwai) - nilfs2: fix lockdep warnings during disk space reclamation (Ryusuke Konishi) - nilfs2: fix lockdep warnings in page operations for btree nodes (Ryusuke Konishi) - ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (linyujun) - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (Tzung-Bi Shih) - drbd: remove usage of list iterator variable after loop (Jakob Koschel) - MIPS: lantiq: check the return value of kzalloc() (Xiaoke Wang) - fs: fix an infinite loop in iomap_fiemap (Guo Xuenan) - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (Mario Limonciello) - nvme-multipath: fix hang when disk goes live over reconnect (Anton Eidelman) - nvmet: use a private workqueue instead of the system workqueue (Sagi Grimberg) - tools/virtio: compile with -pthread (Michael S. Tsirkin) - vhost_vdpa: dont setup irq offloading when irq_num < 0 (Zhu Lingshan) - s390/pci: improve zpci_dev reference counting (Niklas Schnelle) - s390/traps: improve panic message for translation-specification exception (Heiko Carstens) - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (Kai-Heng Feng) - crypto: x86/chacha20 - Avoid spurious jumps to other functions (Peter Zijlstra) - crypto: stm32 - fix reference leak in stm32_crc_remove (Zheng Yongjun) - rtc: sun6i: Fix time overflow handling (Andre Przywara) - gfs2: Disable page faults during lockless buffered reads (Andreas Gruenbacher) - nvme-pci: add quirks for Samsung X5 SSDs (Monish Kumar R) - Input: stmfts - fix reference leak in stmfts_input_open (Zheng Yongjun) - Input: add bounds checking to input_set_capability() (Jeff LaBundy) - um: Cleanup syscall_handler_t definition/cast, fix warning (David Gow) - rtc: pcf2127: fix bug when reading alarm registers (Hugo Villeneuve) - rtc: fix use-after-free on device removal (Vincent Whitchurch) - Revert drm/i915/opregion: check port number bounds for SWSCI display power state (Greg Thelen) - mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (Hyeonggon Yoo) - Watchdog: sp5100_tco: Enable Family 17h+ CPUs (Terry Bowman) - Watchdog: sp5100_tco: Add initialization using EFCH MMIO (Terry Bowman) - Watchdog: sp5100_tco: Refactor MMIO base address initialization (Terry Bowman) - Watchdog: sp5100_tco: Move timer initialization into function (Terry Bowman) - i2c: piix4: Enable EFCH MMIO for Family 17h+ (Terry Bowman) - i2c: piix4: Add EFCH MMIO support for SMBus port select (Terry Bowman) - i2c: piix4: Add EFCH MMIO support to SMBus base address detect (Terry Bowman) - i2c: piix4: Add EFCH MMIO support to region request and release (Terry Bowman) - i2c: piix4: Move SMBus port selection into function (Terry Bowman) - i2c: piix4: Move SMBus controller base address detect into function (Terry Bowman) - i2c: piix4: Move port I/O region request/release code into functions (Terry Bowman) - i2c: piix4: Replace hardcoded memory map size with a #define (Terry Bowman) - kernel/resource: Introduce request_mem_region_muxed() (Terry Bowman) - io_uring: arm poll for non-nowait files (Pavel Begunkov) - usb: gadget: fix race when gadget driver register via ioctl (Schspa Shi) - LTS version: v5.15.41 (Jack Vogel) - usb: gadget: uvc: allow for application to cleanly shutdown (Dan Vacura) - usb: gadget: uvc: rename function to be more consistent (Michael Tretter) - ping: fix address binding wrt vrf (Nicolas Dichtel) - mm/hwpoison: use pr_err() instead of dump_page() in get_any_page() (Naoya Horiguchi) - dma-buf: call dma_buf_stats_setup after dmabuf is in valid list (Charan Teja Reddy) - Revert drm/amd/pm: keep the BACO feature enabled for suspend (Alex Deucher) - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (Zack Rusin) - SUNRPC: Ensure that the gssproxy client can start in a connected state (Trond Myklebust) - net: phy: micrel: Pass .probe for KS8737 (Fabio Estevam) - net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (Fabio Estevam) - arm[64]/memremap: dont abuse pfn_valid() to ensure presence of linear map (Mike Rapoport) - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) - writeback: Avoid skipping inode writeback (Jing Xia) - net: phy: Fix race condition on link status change (Francesco Dolcini) - net: atlantic: always deep reset on pm op, fixing up my null deref regression (Manuel Ullmann) - i40e: i40e_main: fix a missing check on list iterator (Xiaomeng Tong) - drm/nouveau/tegra: Stop using iommu_present() (Robin Murphy) - drm/vmwgfx: Disable command buffers on svga3 without gbobjects (Zack Rusin) - mm/huge_memory: do not overkill when splitting huge_zero_page (Xu Yu) - Revert mm/memory-failure.c: skip huge_zero_page in memory_failure() (Xu Yu) - ceph: fix setting of xattrs on async created inodes (Jeff Layton) - serial: 8250_mtk: Fix register address for XON/XOFF character (AngeloGioacchino Del Regno) - serial: 8250_mtk: Fix UART_EFR register address (AngeloGioacchino Del Regno) - fsl_lpuart: Dont enable interrupts too early (Indan Zupancic) - slimbus: qcom: Fix IRQ check in qcom_slim_probe (Miaoqian Lin) - USB: serial: option: add Fibocom MA510 modem (Sven Schwermer) - USB: serial: option: add Fibocom L610 modem (Sven Schwermer) - USB: serial: qcserial: add support for Sierra Wireless EM7590 (Ethan Yang) - USB: serial: pl2303: add device id for HP LM930 Display (Scott Chen) - usb: typec: tcpci_mt6360: Update for BMC PHY setting (ChiYuan Huang) - usb: typec: tcpci: Dont skip cleanup in .remove() on error (Uwe Kleine-Konig) - usb: cdc-wdm: fix reading stuck on device close (Sergey Ryazanov) - tty: n_gsm: fix mux activation issues in gsm_config() (Daniel Starke) - tty: n_gsm: fix buffer over-read in gsm_dlci_data() (Daniel Starke) - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (Yang Yingliang) - x86/mm: Fix marking of unused sub-pmd ranges (Adrian-Ken Rueegsegger) - usb: xhci-mtk: fix fs isocs transfer error (Chunfeng Yun) - KVM: PPC: Book3S PR: Enable MSR_DR for switch_mmu_context() (Alexander Graf) - firmware_loader: use kernel credentials when reading firmware (Thiebaud Weksteen) - interconnect: Restore sync state by ignoring ipa-virt in provider count (Stephen Boyd) - tcp: drop the hash_32() part from the index calculation (Willy Tarreau) - tcp: increase source port perturb table to 2^16 (Willy Tarreau) - tcp: dynamically allocate the perturb table used by source ports (Willy Tarreau) - tcp: add small random increments to the source port (Willy Tarreau) - tcp: resalt the secret every 10 seconds (Eric Dumazet) - tcp: use different parts of the port_offset for index and offset (Willy Tarreau) - secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) - net: sfp: Add tx-fault workaround for Huawei MA5671A SFP ONT (Matthew Hagan) - net: emaclite: Dont advertise 1000BASE-T and do auto negotiation (Shravya Kumbham) - ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (Ajit Kumar Pandey) - s390: disable -Warray-bounds (Sven Schnelle) - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (Mark Brown) - ASoC: max98090: Generate notifications on changes for custom control (Mark Brown) - ASoC: max98090: Reject invalid values in custom control put() (Mark Brown) - iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (Ashish Mhetre) - RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (Duoming Zhou) - hwmon: (f71882fg) Fix negative temperature (Ji-Ze Hong (Peter Hong)) - gfs2: Fix filesystem block deallocation for short writes (Andreas Gruenbacher) - drm/vmwgfx: Fix fencing on SVGAv3 (Zack Rusin) - tls: Fix context leak on tls_device_down (Maxim Mikityanskiy) - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (Taehee Yoo) - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (Guangguan Wang) - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (Florian Fainelli) - drm/vc4: hdmi: Fix build error for implicit function declaration (Hui Tang) - net: bcmgenet: Check for Wake-on-LAN interrupt probe deferral (Florian Fainelli) - net: ethernet: mediatek: ppe: fix wrong size passed to memset() (Yang Yingliang) - net/sched: act_pedit: really ensure the skb is writable (Paolo Abeni) - s390/lcs: fix variable dereferenced before check (Alexandra Winter) - s390/ctcm: fix potential memory leak (Alexandra Winter) - s390/ctcm: fix variable dereferenced before check (Alexandra Winter) - virtio: fix virtio transitional ids (Shunsuke Mie) - arm64: vdso: fix makefile dependency on vdso.so (Joey Gouly) - selftests: vm: Makefile: rename TARGETS to VMTARGETS (Joel Savitz) - procfs: prevent unprivileged processes accessing fdinfo dir (Kalesh Singh) - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (Randy Dunlap) - dim: initialize all struct fields (Jesse Brandeburg) - ionic: fix missing pci_release_regions() on error in ionic_probe() (Yang Yingliang) - nfs: fix broken handling of the softreval mount option (Dan Aloni) - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) - net: sfc: fix memory leak due to ptp channel (Taehee Yoo) - sfc: Use swap() instead of open coding it (Jiapeng Chong) - fbdev: efifb: Fix a use-after-free due early fb_info cleanup (Javier Martinez Canillas) - net: chelsio: cxgb4: Avoid potential negative array offset (Kees Cook) - netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet) - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (Christophe JAILLET) - ipv4: drop dst in multicast routing path (Lokesh Dhoundiyal) - ice: fix PTP stale Tx timestamps cleanup (Michal Michalik) - ice: Fix race during aux device (un)plugging (Ivan Vecera) - platform/surface: aggregator: Fix initialization order when compiling as builtin module (Maximilian Luz) - fbdev: vesafb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) - fbdev: efifb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) - fbdev: simplefb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (Vladimir Oltean) - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (Vladimir Oltean) - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (Vladimir Oltean) - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (Vladimir Oltean) - net: Fix features skip in for_each_netdev_feature() (Tariq Toukan) - mac80211: Reset MBSSID parameters upon connection (Manikanta Pubbisetty) - hwmon: (tmp401) Add OF device ID table (Camel Guo) - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (Guenter Roeck) - batman-adv: Dont skb_split skbuffs with frag_list (Sven Eckelmann) - LTS version: v5.15.40 (Jack Vogel) - mm: fix invalid page pointer returned with FOLL_PIN gups (Peter Xu) - mm/mlock: fix potential imbalanced rlimit ucounts adjustment (Miaohe Lin) - mm/hwpoison: fix error page recovered but reported not recovered (Naoya Horiguchi) - mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (Muchun Song) - mm: shmem: fix missing cache flush in shmem_mfill_atomic_pte() (Muchun Song) - mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (Muchun Song) - mm: fix missing cache flush for all tail pages of compound page (Muchun Song) - udf: Avoid using stale lengthOfImpUse (Jan Kara) - rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (Gleb Fotengauer-Malinovskiy) - Bluetooth: Fix the creation of hdev->name (Itay Iellin) - tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in perf bench mem memcpy (Arnaldo Carvalho de Melo) - kbuild: move objtool_args back to scripts/Makefile.build (Masahiro Yamada) - LTS version: v5.15.39 (Jack Vogel) - PCI: aardvark: Update comment about link going down after link-up (Marek Behun) - PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (Marek Behun) - PCI: aardvark: Dont mask irq when mapping (Pali Rohar) - PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (Pali Rohar) - PCI: aardvark: Use separate INTA interrupt for emulated root bridge (Pali Rohar) - PCI: aardvark: Fix support for PME requester on emulated bridge (Pali Rohar) - PCI: aardvark: Add support for PME interrupts (Pali Rohar) - PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (Pali Rohar) - PCI: aardvark: Add support for ERR interrupt on emulated bridge (Pali Rohar) - PCI: aardvark: Enable MSI-X support (Pali Rohar) - PCI: aardvark: Fix setting MSI address (Pali Rohar) - PCI: aardvark: Add support for masking MSI interrupts (Pali Rohar) - PCI: aardvark: Refactor unmasking summary MSI interrupt (Pali Rohar) - PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (Marek Behun) - PCI: aardvark: Make msi_domain_info structure a static driver structure (Marek Behun) - PCI: aardvark: Make MSI irq_chip structures static driver structures (Marek Behun) - PCI: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (Pali Rohar) - PCI: aardvark: Rewrite IRQ code to chained IRQ handler (Pali Rohar) - PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (Pali Rohar) - PCI: aardvark: Disable common PHY when unbinding driver (Pali Rohar) - PCI: aardvark: Disable link training when unbinding driver (Pali Rohar) - PCI: aardvark: Assert PERST# when unbinding driver (Pali Rohar) - PCI: aardvark: Fix memory leak in driver unbind (Pali Rohar) - PCI: aardvark: Mask all interrupts when unbinding driver (Pali Rohar) - PCI: aardvark: Disable bus mastering when unbinding driver (Pali Rohar) - PCI: aardvark: Comment actions in driver remove method (Pali Rohar) - PCI: aardvark: Clear all MSIs at setup (Pali Rohar) - PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge (Pali Rohar) - PCI: pci-bridge-emul: Add definitions for missing capabilities registers (Pali Rohar) - PCI: pci-bridge-emul: Add description for class_revision field (Pali Rohar) - rcu: Apply callbacks processing time limit only on softirq (Frederic Weisbecker) - rcu: Fix callbacks processing time limit retaining cond_resched() (Frederic Weisbecker) - Revert parisc: Mark sched_clock unstable only if clocks are not syncronized (Helge Deller) - mmc: rtsx: add 74 Clocks in power on flow (Ricky WU) - selftest/vm: verify remap destination address in mremap_test (Sidhartha Kumar) - selftest/vm: verify mmap addr in mremap_test (Sidhartha Kumar) - KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (Wanpeng Li) - KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (Paolo Bonzini) - KVM: x86: Do not change ICR on write to APIC_SELF_IPI (Paolo Bonzini) - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (Wanpeng Li) - KVM: selftests: Silence compiler warning in the kvm_page_table_test (Thomas Huth) - kvm: selftests: do not use bitfields larger than 32-bits for PTEs (Paolo Bonzini) - iommu/dart: Add missing module owner to ops structure (Hector Martin) - net/mlx5e: Lag, Dont skip fib events on current dst (Vlad Buslov) - net/mlx5e: Lag, Fix fib_info pointer assignment (Vlad Buslov) - net/mlx5e: Lag, Fix use-after-free in fib event handler (Vlad Buslov) - net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (Aya Levin) - fbdev: Make fb_release() return -ENODEV if fbdev was unregistered (Javier Martinez Canillas) - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (Sandipan Das) - gpio: mvebu: drop pwm base assignment (Baruch Siach) - drm/amdgpu: Ensure HDA function is suspended before ASIC reset (Kai-Heng Feng) - drm/amdgpu: dont set s3 and s0ix at the same time (Mario Limonciello) - drm/amdgpu: explicitly check for s0ix when evicting resources (Mario Limonciello) - drm/amdgpu: unify BO evicting method in amdgpu_ttm (Nirmoy Das) - btrfs: always log symlinks in full mode (Filipe Manana) - btrfs: force v2 space cache usage for subpage mount (Qu Wenruo) - smsc911x: allow using IRQ0 (Sergey Shtylyov) - selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (Vladimir Oltean) - bnxt_en: Fix unnecessary dropping of RX packets (Michael Chan) - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (Somnath Kotur) - selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (Ido Schimmel) - rxrpc: Enable IPv6 checksums on transport socket (David Howells) - mld: respect RCU rules in ip6_mc_source() and ip6_mc_msfilter() (Eric Dumazet) - hinic: fix bug of wq out of bound access (Qiao Ma) - btrfs: do not BUG_ON() on failure to update inode when setting xattr (Filipe Manana) - drm/msm/dp: remove fail safe mode related code (Kuogee Hsieh) - selftests/net: so_txtime: usage(): fix documentation of default clock (Marc Kleine-Budde) - selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (Marc Kleine-Budde) - net: emaclite: Add error handling for of_address_to_resource() (Shravya Kumbham) - net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet) - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (Yang Yingliang) - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (Niels Dossche) - net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (Yang Yingliang) - net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (Yang Yingliang) - net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (Yang Yingliang) - NFSv4: Dont invalidate inode attributes on delegation return (Trond Myklebust) - RDMA/irdma: Fix possible crash due to NULL netdev in notifier (Mustafa Ismail) - RDMA/irdma: Reduce iWARP QP destroy time (Shiraz Saleem) - RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (Tatyana Nikolova) - RDMA/siw: Fix a condition race issue in MPA request processing (Cheng Xu) - SUNRPC release the transport of a relocated task with an assigned transport (Olga Kornievskaia) - selftests/seccomp: Dont call read() on TTY from background pgrp (Jann Horn) - net/mlx5: Fix deadlock in sync reset flow (Moshe Shemesh) - net/mlx5: Avoid double clear or set of sync reset requested (Moshe Shemesh) - net/mlx5e: Fix the calling of update_buffer_lossy() API (Mark Zhang) - net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (Paul Blakey) - net/mlx5e: Dont match double-vlan packets if cvlan is not set (Vlad Buslov) - net/mlx5e: Fix trust state reset in reload (Moshe Tal) - iommu/dart: check return value after calling platform_get_resource() (Yang Yingliang) - iommu/vt-d: Drop stop marker messages (Lu Baolu) - ASoC: soc-ops: fix error handling (Pierre-Louis Bossart) - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (Codrin Ciubotariu) - hwmon: (pmbus) disable PEC if not enabled (Adam Wujek) - hwmon: (adt7470) Fix warning on module removal (Armin Wolf) - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (Puyou Lu) - gpio: visconti: Fix fwnode of GPIO IRQ (Nobuhiro Iwamatsu) - NFC: netlink: fix sleep in atomic bug when firmware download timeout (Duoming Zhou) - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (Duoming Zhou) - nfc: replace improper check device_is_registered() in netlink related functions (Duoming Zhou) - can: grcan: only use the NAPI poll budget for RX (Andreas Larsson) - can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (Andreas Larsson) - can: grcan: use ofdev->dev when allocating DMA memory (Daniel Hellstrom) - can: isotp: remove re-binding of bound socket (Oliver Hartkopp) - can: grcan: grcan_close(): fix deadlock (Duoming Zhou) - s390/dasd: Fix read inconsistency for ESE DASD devices (Jan Hoppner) - s390/dasd: Fix read for ESE with blksize < 4k (Jan Hoppner) - s390/dasd: prevent double format of tracks for ESE devices (Stefan Haberland) - s390/dasd: fix data corruption for ESE devices (Stefan Haberland) - ASoC: meson: Fix event generation for AUI CODEC mux (Mark Brown) - ASoC: meson: Fix event generation for G12A tohdmi mux (Mark Brown) - ASoC: meson: Fix event generation for AUI ACODEC mux (Mark Brown) - ASoC: wm8958: Fix change notifications for DSP controls (Mark Brown) - ASoC: da7219: Fix change notifications for tone generator frequency (Mark Brown) - genirq: Synchronize interrupt thread startup (Thomas Pfaff) - net: stmmac: disable Split Header (SPH) for Intel platforms (Tan Tee Min) - firewire: core: extend card->lock in fw_core_handle_bus_reset (Niels Dossche) - firewire: remove check of list iterator against head past the loop body (Jakob Koschel) - firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) - timekeeping: Mark NMI safe time accessors as notrace (Kurt Kanzenbach) - Revert SUNRPC: attempt AF_LOCAL connect on setup (Trond Myklebust) - RISC-V: relocate DTB if its outside memory region (Nick Kossifidis) - drm/amdgpu: do not use passthrough mode in Xen dom0 (Marek Marczykowski-Gorecki) - drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (Harry Wentland) - iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (Nicolin Chen) - iommu/vt-d: Calculate mask for non-aligned flushes (David Stevens) - KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (Kyle Huey) - x86/fpu: Prevent FPU state corruption (Thomas Gleixner) - gpiolib: of: fix bounds check for gpio-reserved-ranges (Andrei Lalaev) - mmc: core: Set HS clock speed before sending HS CMD13 (Brian Norris) - mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (Samuel Holland) - mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (Shaik Sajida Bhanu) - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (Takashi Sakamoto) - ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (Zihao Wang) - parisc: Merge model and model name into one line in /proc/cpuinfo (Helge Deller) - MIPS: Fix CP0 counter erratum detection for R4k CPUs (Maciej W. Rozycki) - LTS version: v5.15.38 (Jack Vogel) - powerpc/64: Add UADDR64 relocation support (Alexey Kardashevskiy) - objtool: Fix type of reloc::addend (Peter Zijlstra) - objtool: Fix code relocs vs weak symbols (Peter Zijlstra) - eeprom: at25: Use DMA safe buffers (Christophe Leroy) - perf symbol: Remove arch__symbols__fixup_end() (Namhyung Kim) - tty: n_gsm: fix software flow control handling (Daniel Starke) - tty: n_gsm: fix incorrect UA handling (Daniel Starke) - tty: n_gsm: fix reset fifo race condition (Daniel Starke) - tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (Daniel Starke) - tty: n_gsm: fix wrong signal octets encoding in MSC (Daniel Starke) - tty: n_gsm: fix wrong command frame length field encoding (Daniel Starke) - tty: n_gsm: fix wrong command retry handling (Daniel Starke) - tty: n_gsm: fix missing explicit ldisc flush (Daniel Starke) - tty: n_gsm: fix wrong DLCI release order (Daniel Starke) - tty: n_gsm: fix insufficient txframe size (Daniel Starke) - netfilter: nft_socket: only do sk lookups when indev is available (Florian Westphal) - tty: n_gsm: fix malformed counter for out of frame data (Daniel Starke) - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Daniel Starke) - tty: n_gsm: fix mux cleanup after unregister tty device (Daniel Starke) - tty: n_gsm: fix decoupled mux resource (Daniel Starke) - tty: n_gsm: fix restart handling via CLD command (Daniel Starke) - perf symbol: Update symbols__fixup_end() (Namhyung Kim) - perf symbol: Pass is_kallsyms to symbols__fixup_end() (Namhyung Kim) - x86/cpu: Load microcode during restore_processor_state() (Borislav Petkov) - ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC mode (Tim Harvey) - ARM: dts: at91: sama7g5ek: enable pull-up on flexcom3 console lines (Eugen Hristev) - btrfs: fix leaked plug after failure syncing log on zoned filesystems (Filipe Manana) - thermal: int340x: Fix attr.show callback prototype (Kees Cook) - ACPI: processor: idle: Avoid falling back to C3 type C-states (Ville Syrjala) - net: ethernet: stmmac: fix write to sgmii_adapter_base (Dinh Nguyen) - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (Imre Deak) - drm/i915: Check EDID for HDR static metadata when choosing blc (Jouni Hogander) - netfilter: Update ip6_route_me_harder to consider L3 domain (Martin Willi) - mtd: rawnand: qcom: fix memory corruption that causes panic (Md Sadre Alam) - kasan: prevent cpu_quarantine corruption when CPU offline and cache shrink occur at same time (Zqiang) - zonefs: Clear inode information flags on inode creation (Damien Le Moal) - zonefs: Fix management of open zones (Damien Le Moal) - Revert ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40 (Ville Syrjala) - selftest/vm: verify remap destination address in mremap_test (Sidhartha Kumar) - selftest/vm: verify mmap addr in mremap_test (Sidhartha Kumar) - powerpc/perf: Fix 32bit compile (Alexey Kardashevskiy) - drivers: net: hippi: Fix deadlock in rr_close() (Duoming Zhou) - cifs: destage any unwritten data to the server before calling copychunk_write (Ronnie Sahlberg) - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (Mikulas Patocka) - bonding: do not discard lowest hash bit for non layer3+4 hashing (suresh kumar) - ksmbd: set fixed sector size to FS_SECTOR_SIZE_INFORMATION (Namjae Jeon) - ksmbd: increment reference count of parent fp (Namjae Jeon) - arch: xtensa: platforms: Fix deadlock in rs_close() (Duoming Zhou) - ext4: fix bug_on in start_this_handle during umount filesystem (Ye Bin) - ASoC: wm8731: Disable the regulator when probing fails (Zheyu Ma) - ASoC: Intel: soc-acpi: correct device endpoints for max98373 (Chao Song) - tcp: fix F-RTO may not work correctly when receiving DSACK (Pengcheng Yang) - Revert ibmvnic: Add ethtool private flag for driver-defined queue limits (Dany Madden) - ixgbe: ensure IPsec VF<->PF compatibility (Leon Romanovsky) - perf arm-spe: Fix addresses of synthesized SPE events (Timothy Hayes) - gfs2: No short reads or writes upon glock contention (Andreas Gruenbacher) - gfs2: Make sure not to return short direct writes (Andreas Gruenbacher) - gfs2: Minor retry logic cleanup (Andreas Gruenbacher) - gfs2: Prevent endless loops in gfs2_file_buffered_write (Andreas Gruenbacher) - net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (Yang Yingliang) - bnx2x: fix napi API usage sequence (Manish Chopra) - tls: Skip tls_append_frag on zero copy size (Maxim Mikityanskiy) - drm/amd/display: Fix memory leak in dcn21_clock_source_create (Miaoqian Lin) - drm/amdkfd: Fix GWS queue count (David Yat Sin) - netfilter: conntrack: fix udp offload timeout sysctl (Volodymyr Mytnyk) - io_uring: check reserved fields for recv/recvmsg (Jens Axboe) - io_uring: check reserved fields for send/sendmsg (Jens Axboe) - net: dsa: lantiq_gswip: Dont set GSWIP_MII_CFG_RMII_CLK (Martin Blumenstingl) - drm/sun4i: Remove obsolete references to PHYS_OFFSET (Samuel Holland) - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (Nathan Rossi) - net: phy: marvell10g: fix return value on error (Baruch Siach) - net: bcmgenet: hide status block before TX timestamping (Jonathan Lemon) - cpufreq: qcom-cpufreq-hw: Clear dcvs interrupts (Vladimir Zapolskiy) - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (Yang Yingliang) - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (Christophe JAILLET) - tcp: make sure treq->af_specific is initialized (Eric Dumazet) - tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (Eric Dumazet) - ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode (Peilin Ye) - ip6_gre: Make o_seqno start from 0 in native mode (Peilin Ye) - ip_gre: Make o_seqno start from 0 in native mode (Peilin Ye) - net/smc: sync err code when tcp connection was refused (liuyacan) - net: hns3: add return value for mailbox handling in PF (Jian Shen) - net: hns3: add validity check for message data length (Jian Shen) - net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (Jie Wang) - net: hns3: clear inited state and stop client after failed to register netdev (Jian Shen) - cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe (Xiaobing Luo) - pinctrl: pistachio: fix use of irq_of_parse_and_map() (Lv Ruyi) - arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (Fabio Estevam) - ARM: dts: imx6ull-colibri: fix vqmmc regulator (Max Krummenacher) - sctp: check asoc strreset_chunk in sctp_generate_reconf_event (Xin Long) - wireguard: device: check for metadata_dst with skb_valid_dst() (Nikolay Aleksandrov) - tcp: ensure to use the most recently sent skb when filling the rate sample (Pengcheng Yang) - pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (Marek Vasut) - tcp: md5: incorrect tcp_header_len for incoming connections (Francesco Ruggeri) - pinctrl: rockchip: fix RK3308 pinmux bits (Luca Ceresoli) - bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook (Eyal Birger) - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (Pablo Neira Ayuso) - net: dsa: Add missing of_node_put() in dsa_port_link_register_of (Miaoqian Lin) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2588 cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 [5.15.0-1.43.4.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460936] {CVE-2022-2588} [5.15.0-1.43.4] - Revert selftests/bpf: add tests verifying unprivileged bpf behaviour (Alan Maguire) [Orabug: 34399286] - Revert selftests/bpf: Add test for reg2btf_ids out of bounds access (Alan Maguire) [Orabug: 34399286] [5.15.0-1.43.3] - x86/alternative: The retpoline alternative is not applied (Alexandre Chartre) [Orabug: 34395937] - x86/ftrace: Do not copy ftrace_stub() in ftrace trampoline (Alexandre Chartre) [Orabug: 34395937] [5.15.0-100.43.0] - ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364336] - ocfs2: dlmfs: dont clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364336] - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) [Orabug: 34364336] - net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34366723] - lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34393053] {CVE-2022-21505} [5.15.0-1.43.1] - LTS version: v5.15.43 (Jack Vogel) - mptcp: Do TCP fallback on early DSS checksum failure (Mat Martineau) - LTS version: v5.15.42 (Jack Vogel) - afs: Fix afs_getattr() to refetch file status if callback break occurred (David Howells) - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (Yang Yingliang) - mt76: mt7921e: fix possible probe failure after reboot (Sean Wang) - dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group (Jae Hyun Yoo) - Input: ili210x - fix reset timing (Marek Vasut) - arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs (Shreyas K K) - net: atlantic: verify hw_head_ lies within TX buffer ring (Grant Grundler) - net: atlantic: add check for MAX_SKB_FRAGS (Grant Grundler) - net: atlantic: reduce scope of is_rsc_complete (Grant Grundler) - net: atlantic: fix frag[0] not initialized (Grant Grundler) - net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() (Yang Yingliang) - ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() (Yang Yingliang) - nl80211: fix locking in nl80211_set_tx_bitrate_mask() (Johannes Berg) - net: fix wrong network header length (Lina Wang) - fbdev: Prevent possible use-after-free in fb_release() (Daniel Vetter) - Revert fbdev: Make fb_release() return -ENODEV if fbdev was unregistered (Javier Martinez Canillas) - selftests: add ping test with ping_group_range tuned (Nicolas Dichtel) - nl80211: validate S1G channel width (Kieran Frewen) - mac80211: fix rx reordering with non explicit / psmp ack policy (Felix Fietkau) - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (Gleb Chesnokov) - scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (Brian Bunker) - perf bench numa: Address compiler error on s390 (Thomas Richter) - perf regs x86: Fix arch__intr_reg_mask() for the hybrid platform (Kan Liang) - gpio: mvebu/pwm: Refuse requests with inverted polarity (Uwe Kleine-Konig) - gpio: gpio-vf610: do not touch other bits when set the target bit (Haibo Chen) - perf build: Fix check for btf__load_from_kernel_by_id() in libbpf (Arnaldo Carvalho de Melo) - scsi: ufs: core: Fix referencing invalid rsp field (Daejun Park) - riscv: dts: sifive: fu540-c000: align dma node name with dtschema (Krzysztof Kozlowski) - net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. (Andrew Lunn) - netfilter: flowtable: move dst_check to packet path (Ritaro Takenaka) - netfilter: flowtable: pass flowtable to nf_flow_table_iterate() (Pablo Neira Ayuso) - netfilter: flowtable: fix TCP flow teardown (Pablo Neira Ayuso) - igb: skip phy status check where unavailable (Kevin Mitchell) - mptcp: fix checksum byte order (Paolo Abeni) - mptcp: reuse __mptcp_make_csum in validate_data_csum (Geliang Tang) - mptcp: change the parameter of __mptcp_make_csum (Geliang Tang) - ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (Ard Biesheuvel) - ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (Ard Biesheuvel) - net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang) - net/mlx5e: Properly block LRO when XDP is enabled (Maxim Mikityanskiy) - net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (Maor Dickman) - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (Duoming Zhou) - net/qla3xxx: Fix a test in ql_reset_work() (Christophe JAILLET) - clk: at91: generated: consider range when calculating best rate (Codrin Ciubotariu) - ice: Fix interrupt moderation settings getting cleared (Michal Wilczynski) - ice: move ice_container_type onto ice_ring_container (Maciej Fijalkowski) - ice: fix possible under reporting of ethtool Tx and Rx statistics (Paul Greenwalt) - ice: fix crash when writing timestamp on RX rings (Arkadiusz Kubalewski) - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) - net: systemport: Fix an error handling path in bcm_sysport_probe() (Christophe JAILLET) - Revert PCI: aardvark: Rewrite IRQ code to chained IRQ handler (Pali Rohar) - netfilter: nft_flow_offload: fix offload with pppoe + vlan (Felix Fietkau) - net: fix dev_fill_forward_path with pppoe + bridge (Felix Fietkau) - netfilter: nft_flow_offload: skip dst neigh lookup for ppp devices (Felix Fietkau) - netfilter: flowtable: fix excessive hw offload attempts after failure (Felix Fietkau) - net/sched: act_pedit: sanitize shift argument before usage (Paolo Abeni) - xfrm: fix disable_policy flag use when arriving from different devices (Eyal Birger) - xfrm: rework default policy structure (Nicolas Dichtel) - net: macb: Increment rx bd head after allocating skb and buffer (Harini Katakam) - net: ipa: record proper RX transaction count (Alex Elder) - ALSA: hda - fix unused Realtek function when PM is not enabled (Randy Dunlap) - pinctrl: mediatek: mt8365: fix IES control pins (Mattijs Korpershoek) - ARM: dts: aspeed: Add video engine to g6 (Howard Chiu) - ARM: dts: aspeed: Add secure boot controller node (Joel Stanley) - ARM: dts: aspeed: Add ADC for AST2600 and enable for Rainier and Everest (Eddie James) - ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group (Jae Hyun Yoo) - pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl (Jae Hyun Yoo) - ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi (Jae Hyun Yoo) - dma-buf: ensure unique directory name for dmabuf stats (Charan Teja Kalla) - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (Jerome Pouiller) - drm/dp/mst: fix a possible memory leak in fetch_monitor_name() (Hangyu Hua) - drm/i915/dmc: Add MMIO range restrictions (Anusha Srivatsa) - drm/amd: Dont reset dGPUs if the system is going to s2idle (Mario Limonciello) - libceph: fix potential use-after-free on linger ping and resends (Ilya Dryomov) - crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ (Ondrej Mosnacek) - arm64: mte: Ensure the cleared tags are visible before setting the PTE (Catalin Marinas) - arm64: paravirt: Use RCU read locks to guard stolen_time (Prakruthi Deepak Heragu) - KVM: x86/mmu: Update number of zapped pages even if page list is stable (Sean Christopherson) - Revert can: m_can: pci: use custom bit timings for Elkhart Lake (Jarkko Nikula) - PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold (Rafael J. Wysocki) - Fix double fget() in vhost_net_set_backend() (Al Viro) - selinux: fix bad cleanup on error in hashtab_duplicate() (Ondrej Mosnacek) - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (Werner Sembach) - ALSA: wavefront: Proper check of get_user() error (Takashi Iwai) - ALSA: usb-audio: Restore Rane SL-1 quirk (Takashi Iwai) - nilfs2: fix lockdep warnings during disk space reclamation (Ryusuke Konishi) - nilfs2: fix lockdep warnings in page operations for btree nodes (Ryusuke Konishi) - ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (linyujun) - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (Tzung-Bi Shih) - drbd: remove usage of list iterator variable after loop (Jakob Koschel) - MIPS: lantiq: check the return value of kzalloc() (Xiaoke Wang) - fs: fix an infinite loop in iomap_fiemap (Guo Xuenan) - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (Mario Limonciello) - nvme-multipath: fix hang when disk goes live over reconnect (Anton Eidelman) - nvmet: use a private workqueue instead of the system workqueue (Sagi Grimberg) - tools/virtio: compile with -pthread (Michael S. Tsirkin) - vhost_vdpa: dont setup irq offloading when irq_num < 0 (Zhu Lingshan) - s390/pci: improve zpci_dev reference counting (Niklas Schnelle) - s390/traps: improve panic message for translation-specification exception (Heiko Carstens) - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (Kai-Heng Feng) - crypto: x86/chacha20 - Avoid spurious jumps to other functions (Peter Zijlstra) - crypto: stm32 - fix reference leak in stm32_crc_remove (Zheng Yongjun) - rtc: sun6i: Fix time overflow handling (Andre Przywara) - gfs2: Disable page faults during lockless buffered reads (Andreas Gruenbacher) - nvme-pci: add quirks for Samsung X5 SSDs (Monish Kumar R) - Input: stmfts - fix reference leak in stmfts_input_open (Zheng Yongjun) - Input: add bounds checking to input_set_capability() (Jeff LaBundy) - um: Cleanup syscall_handler_t definition/cast, fix warning (David Gow) - rtc: pcf2127: fix bug when reading alarm registers (Hugo Villeneuve) - rtc: fix use-after-free on device removal (Vincent Whitchurch) - Revert drm/i915/opregion: check port number bounds for SWSCI display power state (Greg Thelen) - mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (Hyeonggon Yoo) - Watchdog: sp5100_tco: Enable Family 17h+ CPUs (Terry Bowman) - Watchdog: sp5100_tco: Add initialization using EFCH MMIO (Terry Bowman) - Watchdog: sp5100_tco: Refactor MMIO base address initialization (Terry Bowman) - Watchdog: sp5100_tco: Move timer initialization into function (Terry Bowman) - i2c: piix4: Enable EFCH MMIO for Family 17h+ (Terry Bowman) - i2c: piix4: Add EFCH MMIO support for SMBus port select (Terry Bowman) - i2c: piix4: Add EFCH MMIO support to SMBus base address detect (Terry Bowman) - i2c: piix4: Add EFCH MMIO support to region request and release (Terry Bowman) - i2c: piix4: Move SMBus port selection into function (Terry Bowman) - i2c: piix4: Move SMBus controller base address detect into function (Terry Bowman) - i2c: piix4: Move port I/O region request/release code into functions (Terry Bowman) - i2c: piix4: Replace hardcoded memory map size with a #define (Terry Bowman) - kernel/resource: Introduce request_mem_region_muxed() (Terry Bowman) - io_uring: arm poll for non-nowait files (Pavel Begunkov) - usb: gadget: fix race when gadget driver register via ioctl (Schspa Shi) - LTS version: v5.15.41 (Jack Vogel) - usb: gadget: uvc: allow for application to cleanly shutdown (Dan Vacura) - usb: gadget: uvc: rename function to be more consistent (Michael Tretter) - ping: fix address binding wrt vrf (Nicolas Dichtel) - mm/hwpoison: use pr_err() instead of dump_page() in get_any_page() (Naoya Horiguchi) - dma-buf: call dma_buf_stats_setup after dmabuf is in valid list (Charan Teja Reddy) - Revert drm/amd/pm: keep the BACO feature enabled for suspend (Alex Deucher) - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (Zack Rusin) - SUNRPC: Ensure that the gssproxy client can start in a connected state (Trond Myklebust) - net: phy: micrel: Pass .probe for KS8737 (Fabio Estevam) - net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (Fabio Estevam) - arm[64]/memremap: dont abuse pfn_valid() to ensure presence of linear map (Mike Rapoport) - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) - writeback: Avoid skipping inode writeback (Jing Xia) - net: phy: Fix race condition on link status change (Francesco Dolcini) - net: atlantic: always deep reset on pm op, fixing up my null deref regression (Manuel Ullmann) - i40e: i40e_main: fix a missing check on list iterator (Xiaomeng Tong) - drm/nouveau/tegra: Stop using iommu_present() (Robin Murphy) - drm/vmwgfx: Disable command buffers on svga3 without gbobjects (Zack Rusin) - mm/huge_memory: do not overkill when splitting huge_zero_page (Xu Yu) - Revert mm/memory-failure.c: skip huge_zero_page in memory_failure() (Xu Yu) - ceph: fix setting of xattrs on async created inodes (Jeff Layton) - serial: 8250_mtk: Fix register address for XON/XOFF character (AngeloGioacchino Del Regno) - serial: 8250_mtk: Fix UART_EFR register address (AngeloGioacchino Del Regno) - fsl_lpuart: Dont enable interrupts too early (Indan Zupancic) - slimbus: qcom: Fix IRQ check in qcom_slim_probe (Miaoqian Lin) - USB: serial: option: add Fibocom MA510 modem (Sven Schwermer) - USB: serial: option: add Fibocom L610 modem (Sven Schwermer) - USB: serial: qcserial: add support for Sierra Wireless EM7590 (Ethan Yang) - USB: serial: pl2303: add device id for HP LM930 Display (Scott Chen) - usb: typec: tcpci_mt6360: Update for BMC PHY setting (ChiYuan Huang) - usb: typec: tcpci: Dont skip cleanup in .remove() on error (Uwe Kleine-Konig) - usb: cdc-wdm: fix reading stuck on device close (Sergey Ryazanov) - tty: n_gsm: fix mux activation issues in gsm_config() (Daniel Starke) - tty: n_gsm: fix buffer over-read in gsm_dlci_data() (Daniel Starke) - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (Yang Yingliang) - x86/mm: Fix marking of unused sub-pmd ranges (Adrian-Ken Rueegsegger) - usb: xhci-mtk: fix fs isocs transfer error (Chunfeng Yun) - KVM: PPC: Book3S PR: Enable MSR_DR for switch_mmu_context() (Alexander Graf) - firmware_loader: use kernel credentials when reading firmware (Thiebaud Weksteen) - interconnect: Restore sync state by ignoring ipa-virt in provider count (Stephen Boyd) - tcp: drop the hash_32() part from the index calculation (Willy Tarreau) - tcp: increase source port perturb table to 2^16 (Willy Tarreau) - tcp: dynamically allocate the perturb table used by source ports (Willy Tarreau) - tcp: add small random increments to the source port (Willy Tarreau) - tcp: resalt the secret every 10 seconds (Eric Dumazet) - tcp: use different parts of the port_offset for index and offset (Willy Tarreau) - secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) - net: sfp: Add tx-fault workaround for Huawei MA5671A SFP ONT (Matthew Hagan) - net: emaclite: Dont advertise 1000BASE-T and do auto negotiation (Shravya Kumbham) - ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (Ajit Kumar Pandey) - s390: disable -Warray-bounds (Sven Schnelle) - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (Mark Brown) - ASoC: max98090: Generate notifications on changes for custom control (Mark Brown) - ASoC: max98090: Reject invalid values in custom control put() (Mark Brown) - iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (Ashish Mhetre) - RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (Duoming Zhou) - hwmon: (f71882fg) Fix negative temperature (Ji-Ze Hong (Peter Hong)) - gfs2: Fix filesystem block deallocation for short writes (Andreas Gruenbacher) - drm/vmwgfx: Fix fencing on SVGAv3 (Zack Rusin) - tls: Fix context leak on tls_device_down (Maxim Mikityanskiy) - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (Taehee Yoo) - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (Guangguan Wang) - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (Florian Fainelli) - drm/vc4: hdmi: Fix build error for implicit function declaration (Hui Tang) - net: bcmgenet: Check for Wake-on-LAN interrupt probe deferral (Florian Fainelli) - net: ethernet: mediatek: ppe: fix wrong size passed to memset() (Yang Yingliang) - net/sched: act_pedit: really ensure the skb is writable (Paolo Abeni) - s390/lcs: fix variable dereferenced before check (Alexandra Winter) - s390/ctcm: fix potential memory leak (Alexandra Winter) - s390/ctcm: fix variable dereferenced before check (Alexandra Winter) - virtio: fix virtio transitional ids (Shunsuke Mie) - arm64: vdso: fix makefile dependency on vdso.so (Joey Gouly) - selftests: vm: Makefile: rename TARGETS to VMTARGETS (Joel Savitz) - procfs: prevent unprivileged processes accessing fdinfo dir (Kalesh Singh) - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (Randy Dunlap) - dim: initialize all struct fields (Jesse Brandeburg) - ionic: fix missing pci_release_regions() on error in ionic_probe() (Yang Yingliang) - nfs: fix broken handling of the softreval mount option (Dan Aloni) - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) - net: sfc: fix memory leak due to ptp channel (Taehee Yoo) - sfc: Use swap() instead of open coding it (Jiapeng Chong) - fbdev: efifb: Fix a use-after-free due early fb_info cleanup (Javier Martinez Canillas) - net: chelsio: cxgb4: Avoid potential negative array offset (Kees Cook) - netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet) - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (Christophe JAILLET) - ipv4: drop dst in multicast routing path (Lokesh Dhoundiyal) - ice: fix PTP stale Tx timestamps cleanup (Michal Michalik) - ice: Fix race during aux device (un)plugging (Ivan Vecera) - platform/surface: aggregator: Fix initialization order when compiling as builtin module (Maximilian Luz) - fbdev: vesafb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) - fbdev: efifb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) - fbdev: simplefb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (Vladimir Oltean) - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (Vladimir Oltean) - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (Vladimir Oltean) - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (Vladimir Oltean) - net: Fix features skip in for_each_netdev_feature() (Tariq Toukan) - mac80211: Reset MBSSID parameters upon connection (Manikanta Pubbisetty) - hwmon: (tmp401) Add OF device ID table (Camel Guo) - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (Guenter Roeck) - batman-adv: Dont skb_split skbuffs with frag_list (Sven Eckelmann) - LTS version: v5.15.40 (Jack Vogel) - mm: fix invalid page pointer returned with FOLL_PIN gups (Peter Xu) - mm/mlock: fix potential imbalanced rlimit ucounts adjustment (Miaohe Lin) - mm/hwpoison: fix error page recovered but reported not recovered (Naoya Horiguchi) - mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (Muchun Song) - mm: shmem: fix missing cache flush in shmem_mfill_atomic_pte() (Muchun Song) - mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (Muchun Song) - mm: fix missing cache flush for all tail pages of compound page (Muchun Song) - udf: Avoid using stale lengthOfImpUse (Jan Kara) - rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (Gleb Fotengauer-Malinovskiy) - Bluetooth: Fix the creation of hdev->name (Itay Iellin) - tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in perf bench mem memcpy (Arnaldo Carvalho de Melo) - kbuild: move objtool_args back to scripts/Makefile.build (Masahiro Yamada) - LTS version: v5.15.39 (Jack Vogel) - PCI: aardvark: Update comment about link going down after link-up (Marek Behun) - PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (Marek Behun) - PCI: aardvark: Dont mask irq when mapping (Pali Rohar) - PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (Pali Rohar) - PCI: aardvark: Use separate INTA interrupt for emulated root bridge (Pali Rohar) - PCI: aardvark: Fix support for PME requester on emulated bridge (Pali Rohar) - PCI: aardvark: Add support for PME interrupts (Pali Rohar) - PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (Pali Rohar) - PCI: aardvark: Add support for ERR interrupt on emulated bridge (Pali Rohar) - PCI: aardvark: Enable MSI-X support (Pali Rohar) - PCI: aardvark: Fix setting MSI address (Pali Rohar) - PCI: aardvark: Add support for masking MSI interrupts (Pali Rohar) - PCI: aardvark: Refactor unmasking summary MSI interrupt (Pali Rohar) - PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (Marek Behun) - PCI: aardvark: Make msi_domain_info structure a static driver structure (Marek Behun) - PCI: aardvark: Make MSI irq_chip structures static driver structures (Marek Behun) - PCI: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (Pali Rohar) - PCI: aardvark: Rewrite IRQ code to chained IRQ handler (Pali Rohar) - PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (Pali Rohar) - PCI: aardvark: Disable common PHY when unbinding driver (Pali Rohar) - PCI: aardvark: Disable link training when unbinding driver (Pali Rohar) - PCI: aardvark: Assert PERST# when unbinding driver (Pali Rohar) - PCI: aardvark: Fix memory leak in driver unbind (Pali Rohar) - PCI: aardvark: Mask all interrupts when unbinding driver (Pali Rohar) - PCI: aardvark: Disable bus mastering when unbinding driver (Pali Rohar) - PCI: aardvark: Comment actions in driver remove method (Pali Rohar) - PCI: aardvark: Clear all MSIs at setup (Pali Rohar) - PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge (Pali Rohar) - PCI: pci-bridge-emul: Add definitions for missing capabilities registers (Pali Rohar) - PCI: pci-bridge-emul: Add description for class_revision field (Pali Rohar) - rcu: Apply callbacks processing time limit only on softirq (Frederic Weisbecker) - rcu: Fix callbacks processing time limit retaining cond_resched() (Frederic Weisbecker) - Revert parisc: Mark sched_clock unstable only if clocks are not syncronized (Helge Deller) - mmc: rtsx: add 74 Clocks in power on flow (Ricky WU) - selftest/vm: verify remap destination address in mremap_test (Sidhartha Kumar) - selftest/vm: verify mmap addr in mremap_test (Sidhartha Kumar) - KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (Wanpeng Li) - KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (Paolo Bonzini) - KVM: x86: Do not change ICR on write to APIC_SELF_IPI (Paolo Bonzini) - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (Wanpeng Li) - KVM: selftests: Silence compiler warning in the kvm_page_table_test (Thomas Huth) - kvm: selftests: do not use bitfields larger than 32-bits for PTEs (Paolo Bonzini) - iommu/dart: Add missing module owner to ops structure (Hector Martin) - net/mlx5e: Lag, Dont skip fib events on current dst (Vlad Buslov) - net/mlx5e: Lag, Fix fib_info pointer assignment (Vlad Buslov) - net/mlx5e: Lag, Fix use-after-free in fib event handler (Vlad Buslov) - net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (Aya Levin) - fbdev: Make fb_release() return -ENODEV if fbdev was unregistered (Javier Martinez Canillas) - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (Sandipan Das) - gpio: mvebu: drop pwm base assignment (Baruch Siach) - drm/amdgpu: Ensure HDA function is suspended before ASIC reset (Kai-Heng Feng) - drm/amdgpu: dont set s3 and s0ix at the same time (Mario Limonciello) - drm/amdgpu: explicitly check for s0ix when evicting resources (Mario Limonciello) - drm/amdgpu: unify BO evicting method in amdgpu_ttm (Nirmoy Das) - btrfs: always log symlinks in full mode (Filipe Manana) - btrfs: force v2 space cache usage for subpage mount (Qu Wenruo) - smsc911x: allow using IRQ0 (Sergey Shtylyov) - selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (Vladimir Oltean) - bnxt_en: Fix unnecessary dropping of RX packets (Michael Chan) - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (Somnath Kotur) - selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (Ido Schimmel) - rxrpc: Enable IPv6 checksums on transport socket (David Howells) - mld: respect RCU rules in ip6_mc_source() and ip6_mc_msfilter() (Eric Dumazet) - hinic: fix bug of wq out of bound access (Qiao Ma) - btrfs: do not BUG_ON() on failure to update inode when setting xattr (Filipe Manana) - drm/msm/dp: remove fail safe mode related code (Kuogee Hsieh) - selftests/net: so_txtime: usage(): fix documentation of default clock (Marc Kleine-Budde) - selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (Marc Kleine-Budde) - net: emaclite: Add error handling for of_address_to_resource() (Shravya Kumbham) - net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet) - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (Yang Yingliang) - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (Niels Dossche) - net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (Yang Yingliang) - net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (Yang Yingliang) - net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (Yang Yingliang) - NFSv4: Dont invalidate inode attributes on delegation return (Trond Myklebust) - RDMA/irdma: Fix possible crash due to NULL netdev in notifier (Mustafa Ismail) - RDMA/irdma: Reduce iWARP QP destroy time (Shiraz Saleem) - RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (Tatyana Nikolova) - RDMA/siw: Fix a condition race issue in MPA request processing (Cheng Xu) - SUNRPC release the transport of a relocated task with an assigned transport (Olga Kornievskaia) - selftests/seccomp: Dont call read() on TTY from background pgrp (Jann Horn) - net/mlx5: Fix deadlock in sync reset flow (Moshe Shemesh) - net/mlx5: Avoid double clear or set of sync reset requested (Moshe Shemesh) - net/mlx5e: Fix the calling of update_buffer_lossy() API (Mark Zhang) - net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (Paul Blakey) - net/mlx5e: Dont match double-vlan packets if cvlan is not set (Vlad Buslov) - net/mlx5e: Fix trust state reset in reload (Moshe Tal) - iommu/dart: check return value after calling platform_get_resource() (Yang Yingliang) - iommu/vt-d: Drop stop marker messages (Lu Baolu) - ASoC: soc-ops: fix error handling (Pierre-Louis Bossart) - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (Codrin Ciubotariu) - hwmon: (pmbus) disable PEC if not enabled (Adam Wujek) - hwmon: (adt7470) Fix warning on module removal (Armin Wolf) - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (Puyou Lu) - gpio: visconti: Fix fwnode of GPIO IRQ (Nobuhiro Iwamatsu) - NFC: netlink: fix sleep in atomic bug when firmware download timeout (Duoming Zhou) - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (Duoming Zhou) - nfc: replace improper check device_is_registered() in netlink related functions (Duoming Zhou) - can: grcan: only use the NAPI poll budget for RX (Andreas Larsson) - can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (Andreas Larsson) - can: grcan: use ofdev->dev when allocating DMA memory (Daniel Hellstrom) - can: isotp: remove re-binding of bound socket (Oliver Hartkopp) - can: grcan: grcan_close(): fix deadlock (Duoming Zhou) - s390/dasd: Fix read inconsistency for ESE DASD devices (Jan Hoppner) - s390/dasd: Fix read for ESE with blksize < 4k (Jan Hoppner) - s390/dasd: prevent double format of tracks for ESE devices (Stefan Haberland) - s390/dasd: fix data corruption for ESE devices (Stefan Haberland) - ASoC: meson: Fix event generation for AUI CODEC mux (Mark Brown) - ASoC: meson: Fix event generation for G12A tohdmi mux (Mark Brown) - ASoC: meson: Fix event generation for AUI ACODEC mux (Mark Brown) - ASoC: wm8958: Fix change notifications for DSP controls (Mark Brown) - ASoC: da7219: Fix change notifications for tone generator frequency (Mark Brown) - genirq: Synchronize interrupt thread startup (Thomas Pfaff) - net: stmmac: disable Split Header (SPH) for Intel platforms (Tan Tee Min) - firewire: core: extend card->lock in fw_core_handle_bus_reset (Niels Dossche) - firewire: remove check of list iterator against head past the loop body (Jakob Koschel) - firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) - timekeeping: Mark NMI safe time accessors as notrace (Kurt Kanzenbach) - Revert SUNRPC: attempt AF_LOCAL connect on setup (Trond Myklebust) - RISC-V: relocate DTB if its outside memory region (Nick Kossifidis) - drm/amdgpu: do not use passthrough mode in Xen dom0 (Marek Marczykowski-Gorecki) - drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (Harry Wentland) - iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (Nicolin Chen) - iommu/vt-d: Calculate mask for non-aligned flushes (David Stevens) - KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (Kyle Huey) - x86/fpu: Prevent FPU state corruption (Thomas Gleixner) - gpiolib: of: fix bounds check for gpio-reserved-ranges (Andrei Lalaev) - mmc: core: Set HS clock speed before sending HS CMD13 (Brian Norris) - mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (Samuel Holland) - mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (Shaik Sajida Bhanu) - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (Takashi Sakamoto) - ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (Zihao Wang) - parisc: Merge model and model name into one line in /proc/cpuinfo (Helge Deller) - MIPS: Fix CP0 counter erratum detection for R4k CPUs (Maciej W. Rozycki) - LTS version: v5.15.38 (Jack Vogel) - powerpc/64: Add UADDR64 relocation support (Alexey Kardashevskiy) - objtool: Fix type of reloc::addend (Peter Zijlstra) - objtool: Fix code relocs vs weak symbols (Peter Zijlstra) - eeprom: at25: Use DMA safe buffers (Christophe Leroy) - perf symbol: Remove arch__symbols__fixup_end() (Namhyung Kim) - tty: n_gsm: fix software flow control handling (Daniel Starke) - tty: n_gsm: fix incorrect UA handling (Daniel Starke) - tty: n_gsm: fix reset fifo race condition (Daniel Starke) - tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (Daniel Starke) - tty: n_gsm: fix wrong signal octets encoding in MSC (Daniel Starke) - tty: n_gsm: fix wrong command frame length field encoding (Daniel Starke) - tty: n_gsm: fix wrong command retry handling (Daniel Starke) - tty: n_gsm: fix missing explicit ldisc flush (Daniel Starke) - tty: n_gsm: fix wrong DLCI release order (Daniel Starke) - tty: n_gsm: fix insufficient txframe size (Daniel Starke) - netfilter: nft_socket: only do sk lookups when indev is available (Florian Westphal) - tty: n_gsm: fix malformed counter for out of frame data (Daniel Starke) - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Daniel Starke) - tty: n_gsm: fix mux cleanup after unregister tty device (Daniel Starke) - tty: n_gsm: fix decoupled mux resource (Daniel Starke) - tty: n_gsm: fix restart handling via CLD command (Daniel Starke) - perf symbol: Update symbols__fixup_end() (Namhyung Kim) - perf symbol: Pass is_kallsyms to symbols__fixup_end() (Namhyung Kim) - x86/cpu: Load microcode during restore_processor_state() (Borislav Petkov) - ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC mode (Tim Harvey) - ARM: dts: at91: sama7g5ek: enable pull-up on flexcom3 console lines (Eugen Hristev) - btrfs: fix leaked plug after failure syncing log on zoned filesystems (Filipe Manana) - thermal: int340x: Fix attr.show callback prototype (Kees Cook) - ACPI: processor: idle: Avoid falling back to C3 type C-states (Ville Syrjala) - net: ethernet: stmmac: fix write to sgmii_adapter_base (Dinh Nguyen) - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (Imre Deak) - drm/i915: Check EDID for HDR static metadata when choosing blc (Jouni Hogander) - netfilter: Update ip6_route_me_harder to consider L3 domain (Martin Willi) - mtd: rawnand: qcom: fix memory corruption that causes panic (Md Sadre Alam) - kasan: prevent cpu_quarantine corruption when CPU offline and cache shrink occur at same time (Zqiang) - zonefs: Clear inode information flags on inode creation (Damien Le Moal) - zonefs: Fix management of open zones (Damien Le Moal) - Revert ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40 (Ville Syrjala) - selftest/vm: verify remap destination address in mremap_test (Sidhartha Kumar) - selftest/vm: verify mmap addr in mremap_test (Sidhartha Kumar) - powerpc/perf: Fix 32bit compile (Alexey Kardashevskiy) - drivers: net: hippi: Fix deadlock in rr_close() (Duoming Zhou) - cifs: destage any unwritten data to the server before calling copychunk_write (Ronnie Sahlberg) - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (Mikulas Patocka) - bonding: do not discard lowest hash bit for non layer3+4 hashing (suresh kumar) - ksmbd: set fixed sector size to FS_SECTOR_SIZE_INFORMATION (Namjae Jeon) - ksmbd: increment reference count of parent fp (Namjae Jeon) - arch: xtensa: platforms: Fix deadlock in rs_close() (Duoming Zhou) - ext4: fix bug_on in start_this_handle during umount filesystem (Ye Bin) - ASoC: wm8731: Disable the regulator when probing fails (Zheyu Ma) - ASoC: Intel: soc-acpi: correct device endpoints for max98373 (Chao Song) - tcp: fix F-RTO may not work correctly when receiving DSACK (Pengcheng Yang) - Revert ibmvnic: Add ethtool private flag for driver-defined queue limits (Dany Madden) - ixgbe: ensure IPsec VF<->PF compatibility (Leon Romanovsky) - perf arm-spe: Fix addresses of synthesized SPE events (Timothy Hayes) - gfs2: No short reads or writes upon glock contention (Andreas Gruenbacher) - gfs2: Make sure not to return short direct writes (Andreas Gruenbacher) - gfs2: Minor retry logic cleanup (Andreas Gruenbacher) - gfs2: Prevent endless loops in gfs2_file_buffered_write (Andreas Gruenbacher) - net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (Yang Yingliang) - bnx2x: fix napi API usage sequence (Manish Chopra) - tls: Skip tls_append_frag on zero copy size (Maxim Mikityanskiy) - drm/amd/display: Fix memory leak in dcn21_clock_source_create (Miaoqian Lin) - drm/amdkfd: Fix GWS queue count (David Yat Sin) - netfilter: conntrack: fix udp offload timeout sysctl (Volodymyr Mytnyk) - io_uring: check reserved fields for recv/recvmsg (Jens Axboe) - io_uring: check reserved fields for send/sendmsg (Jens Axboe) - net: dsa: lantiq_gswip: Dont set GSWIP_MII_CFG_RMII_CLK (Martin Blumenstingl) - drm/sun4i: Remove obsolete references to PHYS_OFFSET (Samuel Holland) - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (Nathan Rossi) - net: phy: marvell10g: fix return value on error (Baruch Siach) - net: bcmgenet: hide status block before TX timestamping (Jonathan Lemon) - cpufreq: qcom-cpufreq-hw: Clear dcvs interrupts (Vladimir Zapolskiy) - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (Yang Yingliang) - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (Christophe JAILLET) - tcp: make sure treq->af_specific is initialized (Eric Dumazet) - tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (Eric Dumazet) - ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode (Peilin Ye) - ip6_gre: Make o_seqno start from 0 in native mode (Peilin Ye) - ip_gre: Make o_seqno start from 0 in native mode (Peilin Ye) - net/smc: sync err code when tcp connection was refused (liuyacan) - net: hns3: add return value for mailbox handling in PF (Jian Shen) - net: hns3: add validity check for message data length (Jian Shen) - net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (Jie Wang) - net: hns3: clear inited state and stop client after failed to register netdev (Jian Shen) - cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe (Xiaobing Luo) - pinctrl: pistachio: fix use of irq_of_parse_and_map() (Lv Ruyi) - arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (Fabio Estevam) - ARM: dts: imx6ull-colibri: fix vqmmc regulator (Max Krummenacher) - sctp: check asoc strreset_chunk in sctp_generate_reconf_event (Xin Long) - wireguard: device: check for metadata_dst with skb_valid_dst() (Nikolay Aleksandrov) - tcp: ensure to use the most recently sent skb when filling the rate sample (Pengcheng Yang) - pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (Marek Vasut) - tcp: md5: incorrect tcp_header_len for incoming connections (Francesco Ruggeri) - pinctrl: rockchip: fix RK3308 pinmux bits (Luca Ceresoli) - bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook (Eyal Birger) - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (Pablo Neira Ayuso) - net: dsa: Add missing of_node_put() in dsa_port_link_register_of (Miaoqian Lin) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2588 cpe:/a:oracle:linux:8::UEKR7 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.309.5.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460937] {CVE-2022-2588} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2588 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.309.5.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460937] {CVE-2022-2588} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2588 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 [4.14.35-2047.516.1.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460938] {CVE-2022-2588} [4.14.35-2047.516.1] - KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug: 34323860] {CVE-2022-2153} - KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (Vitaly Kuznetsov) [Orabug: 34323860] {CVE-2022-2153} - KVM: Add infrastructure and macro to mark VM as bugged (Sean Christopherson) [Orabug: 34323860] {CVE-2022-2153} - xfs: dont use delalloc extents for COW on files with extsize hints (Christoph Hellwig) [Orabug: 34180868] [4.14.35-2047.516.0] - scsi: mpt3sas: Remove scsi_dma_map() error messages (Sreekanth Reddy) [Orabug: 34328903] - uek: kabi: new protected symbols for USM in OL7 (Saeed Mirzamohammadi) [Orabug: 34233902] - vfio/type1: add ioctl to check for correct pin accounting (Anthony Yznaga) [Orabug: 32967885] - vfio/type1: track pages pinned by vfio across exec (Anthony Yznaga) [Orabug: 32967885] - mm: track driver pinned pages across exec (Anthony Yznaga) [Orabug: 32967885] - vfio/type1: Fix vfio_find_dma_valid return (Anthony Yznaga) [Orabug: 32967885] - vfio/type1: fix unmap all on ILP32 (Steve Sistare) [Orabug: 32967885] - vfio/type1: block on invalid vaddr (Steve Sistare) [Orabug: 32967885] - vfio/type1: implement notify callback (Steve Sistare) [Orabug: 32967885] - vfio: iommu driver notify callback (Steve Sistare) [Orabug: 32967885] - vfio/type1: implement interfaces to update vaddr (Steve Sistare) [Orabug: 32967885] - vfio/type1: massage unmap iteration (Steve Sistare) [Orabug: 32967885] - vfio: interfaces to update vaddr (Steve Sistare) [Orabug: 32967885] - vfio/type1: implement unmap all (Steve Sistare) [Orabug: 32967885] - vfio/type1: unmap cleanup (Steve Sistare) [Orabug: 32967885] - vfio: option to unmap all (Steve Sistare) [Orabug: 32967885] - Linux 4.14.284 (Greg Kroah-Hartman) - x86/speculation/mmio: Print SMT warning (Josh Poimboeuf) - x86/cpu: Add another Alder Lake CPU to the Intel family (Gayatri Kammela) - x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family (Tony Luck) - x86/cpu: Add Comet Lake to the Intel CPU models header (Kan Liang) - x86/cpu: Add Cannonlake to Intel family (Rajneesh Bhardwaj) - x86/cpu: Add Jasper Lake to Intel family (Zhang Rui) - cpu/speculation: Add prototype for cpu_show_srbds() (Guenter Roeck) - x86/cpu: Add Elkhart Lake to Intel family (Gayatri Kammela) - Linux 4.14.283 (Greg Kroah-Hartman) - tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (Eric Dumazet) - PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) - mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) - mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) - md/raid0: Ignore RAID0 layout if the second zone has only one device (Pascal Hambourg) - powerpc/32: Fix overread/overwrite of thread_struct via ptrace (Michael Ellerman) - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (Mathias Nyman) - ixgbe: fix unexpected VLAN Rx in promisc mode on VF (Olivier Matz) - ixgbe: fix bcast packets Rx on VF after promisc removal (Olivier Matz) - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (Martin Faltesek) - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (Sergey Shtylyov) - cifs: return errors during session setup during reconnects (Shyam Prasad N) - ALSA: hda/conexant - Fix loopback issue with CX20632 (huangwenhui) - vringh: Fix loop descriptors check in the indirect cases (Xie Yongji) - nodemask: Fix return values to be unsigned (Kees Cook) - nbd: fix io hung while disconnecting device (Yu Kuai) - nbd: fix race between nbd_alloc_config() and module removal (Yu Kuai) - nbd: call genl_unregister_family() first in nbd_cleanup() (Yu Kuai) - modpost: fix undefined behavior of is_arm_mapping_symbol() (Masahiro Yamada) - drm/radeon: fix a possible null pointer dereference (Gong Yuanjun) - Revert net: af_key: add check for pfkey_broadcast in function pfkey_process (Michal Kubecek) - md: protect md_unregister_thread from reentrancy (Guoqing Jiang) - kernfs: Separate kernfs_pr_cont_buf and rename_lock. (Hao Luo) - serial: msm_serial: disable interrupts in __msm_console_write() (John Ogness) - staging: rtl8712: fix uninit-value in r871xu_drv_init() (Wang Cheng) - clocksource/drivers/sp804: Avoid error on multiple instances (Andre Przywara) - extcon: Modify extcon device to be created after driver data is set (bumwoo lee) - misc: rtsx: set NULL intfdata when probe fails (Shuah Khan) - usb: dwc2: gadget: dont reset gadgets driver->bus (Marek Szyprowski) - USB: hcd-pci: Fully suspend across freeze/thaw cycle (Evan Green) - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (Duoming Zhou) - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (Duoming Zhou) - USB: host: isp116x: check return value after calling platform_get_resource() (Zhen Ni) - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (Duoming Zhou) - tty: Fix a possible resource leak in icom_probe (Huang Guobin) - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (Zheyu Ma) - lkdtm/usercopy: Expand size of out of frame object (Kees Cook) - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (Xiaoke Wang) - drm: imx: fix compiler warning with gcc-12 (Linus Torvalds) - net: altera: Fix refcount leak in altera_tse_mdio_create (Miaoqian Lin) - net: ipv6: unexport __init-annotated seg6_hmac_init() (Masahiro Yamada) - net: xfrm: unexport __init-annotated xfrm4_protocol_init() (Masahiro Yamada) - net: mdio: unexport __init-annotated mdio_bus_init() (Masahiro Yamada) - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (Chuck Lever) - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman) - ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (Miaoqian Lin) - xprtrdma: treat all calls not a bcall when bc_serv is NULL (Kinglong Mee) - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (Yang Yingliang) - m68knommu: fix undefined reference to _init_sp (Greg Ungerer) - m68knommu: set ZERO_PAGE() to the allocated zeroed page (Greg Ungerer) - i2c: cadence: Increase timeout per message if necessary (Lucas Tanure) - tracing: Avoid adding tracer option before update_tracer_options (Mark-PK Tsai) - tracing: Fix sleeping function called from invalid context on RT kernel (Jun Miao) - mips: cpc: Fix refcount leak in mips_cpc_default_phys_base (Gong Yuanjun) - perf c2c: Fix sorting in percent_rmt_hitm_cmp() (Leo Yan) - tcp: tcp_rtx_synack() can be called from process context (Eric Dumazet) - ubi: ubi_create_volume: Fix use-after-free when volume creation failed (Zhihao Cheng) - jffs2: fix memory leak in jffs2_do_fill_super (Baokun Li) - modpost: fix removing numeric suffixes (Alexander Lobakin) - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (Miaoqian Lin) - net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (Dan Carpenter) - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (Miaoqian Lin) - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (Ilpo Jarvinen) - serial: sh-sci: Dont allow CS5-6 (Ilpo Jarvinen) - serial: txx9: Dont allow CS5-6 (Ilpo Jarvinen) - serial: digicolor-usart: Dont allow CS5-6 (Ilpo Jarvinen) - serial: meson: acquire port->lock in startup() (John Ogness) - rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) - soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) - coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) - rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) - USB: storage: karma: fix rio_karma_init return (Lin Ma) - usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) - usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) - tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) - staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) - netfilter: nf_tables: disallow non-stateful expression in sets earlier (Pablo Neira Ayuso) - MIPS: IP27: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) - phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) - dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) - docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) - phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) - arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) - gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) - ASoC: rt5514: Fix event generation for DSP Voice Wake Up control (Mark Brown) - rtl818x: Prevent using not initialized queues (Alexander Wetzel) - hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) - nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) - iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) - um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) - um: chan_user: Fix winch_tramp() return value (Johannes Berg) - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) - irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) - RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) - md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) - md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) - scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) - dlm: fix missing lkb refcount handling (Alexander Aring) - dlm: fix plock invalid read (Alexander Aring) - ext4: avoid cycles in directory h-tree (Jan Kara) - ext4: verify dir block before splitting it (Jan Kara) - ext4: fix bug_on in ext4_writepages (Ye Bin) - ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) - fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages (Zhihao Cheng) - iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) - wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) - perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) - perf c2c: Use stdio interface if slang is not supported (Leo Yan) - iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) - iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) - mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) - powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) - powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) - Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) - tty: fix deadlock caused by calling printk() under tty_port->lock (Qi Zheng) - powerpc/4xx/cpm: Fix return value of __setup() handler (Randy Dunlap) - powerpc/idle: Fix return value of __setup() handler (Randy Dunlap) - powerpc/8xx: export cpm_setbrg for modules (Randy Dunlap) - drivers/base/node.c: fix compaction sysfs file leak (Miaohe Lin) - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() (Gustavo A. R. Silva) - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (Lv Ruyi) - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (Stefan Wahren) - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (Phil Elwell) - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (Miaoqian Lin) - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (Miaoqian Lin) - rxrpc: Dont try to resend the request if were receiving the reply (David Howells) - rxrpc: Fix listen() setting the bar too high for the prealloc rings (David Howells) - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (Yang Yingliang) - sctp: read sk->sk_bound_dev_if once in sctp_rcv() (Eric Dumazet) - m68k: math-emu: Fix dependencies of math emulation support (Geert Uytterhoeven) - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (Ying Hsu) - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (Pavel Skripkin) - media: exynos4-is: Change clk_disable to clk_disable_unprepare (Miaoqian Lin) - media: st-delta: Fix PM disable depth imbalance in delta_probe (Miaoqian Lin) - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (Miaoqian Lin) - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (Miaoqian Lin) - media: uvcvideo: Fix missing check to determine if element is found in list (Xiaomeng Tong) - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (Dan Carpenter) - x86/mm: Cleanup the control_va_addr_alignment() __setup handler (Randy Dunlap) - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - x86: Fix return value of __setup handlers (Randy Dunlap) - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (Yang Yingliang) - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (Yang Yingliang) - drm/msm/dsi: fix error checks and return values for DSI xmit functions (Dmitry Baryshkov) - x86/pm: Fix false positive kmemleak report in msr_build_context() (Matthieu Baerts) - fsnotify: fix wrong lockdep annotations (Amir Goldstein) - inotify: show inotify mask flags in proc fdinfo (Amir Goldstein) - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (Dan Carpenter) - spi: img-spfi: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) - HID: hid-led: fix maximum brightness for Dream Cheeky (Jonathan Teh) - efi: Add missing prototype for efi_capsule_setup_info (Jan Kiszka) - NFC: NULL out the dev->rfkill to prevent UAF (Lin Ma) - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (Miaoqian Lin) - drm/mediatek: Fix mtk_cec_mask() (Miles Chen) - x86/delay: Fix the wrong asm constraint in delay_loop() (Ammar Faizi) - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (Miaoqian Lin) - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (Miaoqian Lin) - ath9k: fix ar9003_get_eepmisc (Wenli Looi) - drm: fix EDID struct for old ARM OABI format (Saeed Mirzamohammadi) - RDMA/hfi1: Prevent panic when SDMA is disabled (Douglas Miller) - macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled (Finn Thain) - powerpc/xics: fix refcount leak in icp_opal_init() (Lv Ruyi) - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Vasily Averin) - PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (Yicong Yang) - ARM: hisi: Add missing of_node_put after of_find_compatible_node (Peng Wu) - ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (Krzysztof Kozlowski) - ARM: versatile: Add missing of_node_put in dcscb_init (Peng Wu) - fat: add ratelimit to fat*_ent_bread() (OGAWA Hirofumi) - ARM: OMAP1: clock: Fix UART rate reporting algorithm (Janusz Krzysztofik) - fs: jfs: fix possible NULL pointer dereference in dbFree() (Zixuan Fu) - ARM: dts: ox820: align interrupt controller node name with dtschema (Krzysztof Kozlowski) - eth: tg3: silence the GCC 12 array-bounds warning (Jakub Kicinski) - rxrpc: Return an error to sendmsg if call failed (David Howells) - media: exynos4-is: Fix compile warning (Kwanghoon Son) - net: phy: micrel: Allow probing without .driver_data (Fabio Estevam) - ASoC: rt5645: Fix errorenous cleanup order (Lin Ma) - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (Smith, Kyle Miller (Nimble Kernel)) - openrisc: start CPU timer early in boot (Jason A. Donenfeld) - rtlwifi: Use pr_warn instead of WARN_ONCE (Dongliang Mu) - ipmi:ssif: Check for NULL msg when handling events and messages (Corey Minyard) - dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (Mikulas Patocka) - s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES (Heiko Carstens) - ASoC: dapm: Dont fold register value changes into notifications (Mark Brown) - ipv6: Dont send rs packets to the interface of ARPHRD_TUNNEL (jianghaoran) - drm/amd/pm: fix the compile warning (Evan Quan) - scsi: megaraid: Fix error check return value of register_chrdev() (Lv Ruyi) - media: cx25821: Fix the warning when removing the module (Zheyu Ma) - media: pci: cx23885: Fix the error handling in cx23885_initdev() (Zheyu Ma) - media: venus: hfi: avoid null dereference in deinit (Luca Weiss) - ath9k: fix QCA9561 PA bias level (Thibaut VARENE) - drm/amd/pm: fix double free in si_parse_power_table() (Keita Suzuki) - ALSA: jack: Access input_dev under mutex (Amadeusz Slawinski) - ACPICA: Avoid cache flush inside virtual machines (Kirill A. Shutemov) - ipw2x00: Fix potential NULL dereference in libipw_xmit() (Haowen Bai) - b43: Fix assigning negative value to unsigned variable (Haowen Bai) - b43legacy: Fix assigning negative value to unsigned variable (Haowen Bai) - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (Niels Dossche) - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (Liu Zixian) - btrfs: repair super block num_devices automatically (Qu Wenruo) - btrfs: add 0x prefix for unsupported optional features (Qu Wenruo) - ptrace: Reimplement PTRACE_KILL by always sending SIGKILL (Eric W. Biederman) - ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP (Eric W. Biederman) - USB: new quirk for Dell Gen 2 devices (Monish Kumar R) - USB: serial: option: add Quectel BG95 modem (Carl Yin) - binfmt_flat: do not stop relocating GOT entries prematurely on riscv (Niklas Cassel) - Linux 4.14.282 (Greg Kroah-Hartman) - bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes (Liu Jian) - NFSD: Fix possible sleep during nfsd4_release_lockowner() (Chuck Lever) - docs: submitting-patches: Fix crossref to The canonical patch format (Akira Yokosawa) - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (Xiu Jianfeng) - dm verity: set DM_TARGET_IMMUTABLE feature flag (Sarthak Kukreti) - dm stats: add cond_resched when looping over entries (Mikulas Patocka) - dm crypt: make printing of the key constant-time (Mikulas Patocka) - dm integrity: fix error code in dm_integrity_ctr() (Dan Carpenter) - zsmalloc: fix races between asynchronous zspage free and page migration (Sultan Alsawaf) - netfilter: conntrack: re-fetch conntrack after insertion (Florian Westphal) - exec: Force single empty string when argv is empty (Kees Cook) - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (Haimin Zhang) - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (Gustavo A. R. Silva) - drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (Piyush Malgujar) - net: ftgmac100: Disable hardware checksum on AST2600 (Joel Stanley) - net: af_key: check encryption module availability consistency (Thomas Bartschies) - ACPI: sysfs: Fix BERT error region memory mapping (Lorenzo Pieralisi) - ACPI: sysfs: Make sparse happy about address space in use (Andy Shevchenko) - secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) - tcp: change source port randomizarion at connect() time (Eric Dumazet) - staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov (Oracle)) - x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (Thomas Gleixner) - Linux 4.14.281 (Greg Kroah-Hartman) - Reinstate some of swiotlb: rework fix info leak with DMA_FROM_DEVICE (Linus Torvalds) - swiotlb: fix info leak with DMA_FROM_DEVICE (Halil Pasic) - net: atlantic: verify hw_head_ lies within TX buffer ring (Grant Grundler) - net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() (Yang Yingliang) - ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() (Yang Yingliang) - mac80211: fix rx reordering with non explicit / psmp ack policy (Felix Fietkau) - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (Gleb Chesnokov) - perf bench numa: Address compiler error on s390 (Thomas Richter) - gpio: mvebu/pwm: Refuse requests with inverted polarity (Uwe Kleine-Konig) - gpio: gpio-vf610: do not touch other bits when set the target bit (Haibo Chen) - net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. (Andrew Lunn) - igb: skip phy status check where unavailable (Kevin Mitchell) - ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (Ard Biesheuvel) - ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (Ard Biesheuvel) - net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang) - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (Duoming Zhou) - net/qla3xxx: Fix a test in ql_reset_work() (Christophe JAILLET) - clk: at91: generated: consider range when calculating best rate (Codrin Ciubotariu) - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) - mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch() (Ulf Hansson) - mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (Ulf Hansson) - mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (Ulf Hansson) - drm/dp/mst: fix a possible memory leak in fetch_monitor_name() (Hangyu Hua) - ALSA: wavefront: Proper check of get_user() error (Takashi Iwai) - ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (linyujun) - drbd: remove usage of list iterator variable after loop (Jakob Koschel) - MIPS: lantiq: check the return value of kzalloc() (Xiaoke Wang) - Input: stmfts - fix reference leak in stmfts_input_open (Zheng Yongjun) - Input: add bounds checking to input_set_capability() (Jeff LaBundy) - um: Cleanup syscall_handler_t definition/cast, fix warning (David Gow) [4.14.35-2047.515.3] - uek-rpm: Enable Pensando EMMC reset controller (Thomas Tai) [Orabug: 34325721] - mfd: pensando_elbasr: Add Pensando Elba System Resource Chip (Brad Larson) [Orabug: 34325721] - dsc-drivers: update drivers for 1.15.9-C-65 (Shannon Nelson) [Orabug: 34325721] [4.14.35-2047.515.2] - net/rds: Delayed DR_SOCK_CANCEL (Gerd Rausch) [Orabug: 34105319] [4.14.35-2047.515.1] - sched/rt: Disable RT_RUNTIME_SHARE by default (Daniel Bristot de Oliveira) [Orabug: 34193333] - mstflint_access: Update driver code to v4.20.1-1 from Github (Qing Huang) [Orabug: 34286148] [4.14.35-2047.515.0] - net: ip: avoid OOM kills with large UDP sends over loopback (Venkat Venkatsubra) [Orabug: 34066209] - rdmaip: Flush ARP cache after address has been cleared (Gerd Rausch) [Orabug: 34285241] - rds: Include congested flag in rds_sock struct. (Rohit Nair) [Orabug: 34261492] - cpu/hotplug: Allow the CPU in CPU_UP_PREPARE state to be brought up again. (Longpeng(Mike)) [Orabug: 34234771] - x86/xen: Allow to retry if cpu_initialize_context() failed. (Boris Ostrovsky) [Orabug: 34234771] - floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218640] {CVE-2022-1652} - assoc_array: Fix BUG_ON during garbage collect (Stephen Brennan) [Orabug: 34162064] - exec, elf: fix reserve_va_range() sanity check (Anthony Yznaga) [Orabug: 32387887] - exec, elf: use already allocated notes data in reserve_va_range() (Anthony Yznaga) [Orabug: 32387887] - mm: madv_doexec_flag sysctl (Anthony Yznaga) [Orabug: 32387887] - mm: introduce MADV_DOEXEC (Anthony Yznaga) [Orabug: 32387887] - exec, elf: require opt-in for accepting preserved mem (Anthony Yznaga) [Orabug: 32387887] - mm: introduce VM_EXEC_KEEP (Anthony Yznaga) [Orabug: 32387887] - mm: fail exec if stack expansion will overlap another vma (Anthony Yznaga) [Orabug: 32387887] - mm: do not assume only the stack vma exists in setup_arg_pages() (Anthony Yznaga) [Orabug: 32387887] - ELF: when loading PIE binaries check for overlap with existing mappings (Anthony Yznaga) [Orabug: 32387887] - Linux 4.14.280 (Greg Kroah-Hartman) - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (Yang Yingliang) - ping: fix address binding wrt vrf (Nicolas Dichtel) - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (Zack Rusin) - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) - USB: serial: option: add Fibocom MA510 modem (Sven Schwermer) - USB: serial: option: add Fibocom L610 modem (Sven Schwermer) - USB: serial: qcserial: add support for Sierra Wireless EM7590 (Ethan Yang) - USB: serial: pl2303: add device id for HP LM930 Display (Scott Chen) - usb: cdc-wdm: fix reading stuck on device close (Sergey Ryazanov) - tcp: resalt the secret every 10 seconds (Eric Dumazet) - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (Mark Brown) - ASoC: max98090: Generate notifications on changes for custom control (Mark Brown) - ASoC: max98090: Reject invalid values in custom control put() (Mark Brown) - hwmon: (f71882fg) Fix negative temperature (Ji-Ze Hong (Peter Hong)) - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (Taehee Yoo) - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (Guangguan Wang) - s390/lcs: fix variable dereferenced before check (Alexandra Winter) - s390/ctcm: fix potential memory leak (Alexandra Winter) - s390/ctcm: fix variable dereferenced before check (Alexandra Winter) - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (Randy Dunlap) - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) - netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet) - ipv4: drop dst in multicast routing path (Lokesh Dhoundiyal) - net: Fix features skip in for_each_netdev_feature() (Tariq Toukan) - batman-adv: Dont skb_split skbuffs with frag_list (Sven Eckelmann) - Linux 4.14.279 (Greg Kroah-Hartman) - VFS: Fix memory leak caused by concurrently mounting fs with subtype (ChenXiaoSong) - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (Takashi Iwai) - mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (Muchun Song) - mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (Muchun Song) - mmc: rtsx: add 74 Clocks in power on flow (Ricky WU) - Bluetooth: Fix the creation of hdev->name (Itay Iellin) - can: grcan: only use the NAPI poll budget for RX (Andreas Larsson) - can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (Andreas Larsson) - block: drbd: drbd_nl: Make conversion to enum drbd_ret_code explicit (Lee Jones) - MIPS: Use address-of operator on section symbols (Nathan Chancellor) - Linux 4.14.278 (Greg Kroah-Hartman) - PCI: aardvark: Fix reading MSI interrupt number (Pali Rohar) - PCI: aardvark: Clear all MSIs at setup (Pali Rohar) - dm: interlock pending dm_io and dm_wait_for_bios_completion (Mike Snitzer) - dm: fix mempool NULL pointer race when completing IO (Jiazi Li) - net: ipv6: ensure we call ipv6_mc_down() at most once (j.nixdorf@avm.de) - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (Sandipan Das) - net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet) - btrfs: always log symlinks in full mode (Filipe Manana) - smsc911x: allow using IRQ0 (Sergey Shtylyov) - net: emaclite: Add error handling for of_address_to_resource() (Shravya Kumbham) - hwmon: (adt7470) Fix warning on module removal (Armin Wolf) - NFC: netlink: fix sleep in atomic bug when firmware download timeout (Duoming Zhou) - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (Duoming Zhou) - nfc: replace improper check device_is_registered() in netlink related functions (Duoming Zhou) - can: grcan: use ofdev->dev when allocating DMA memory (Daniel Hellstrom) - can: grcan: grcan_close(): fix deadlock (Duoming Zhou) - ASoC: wm8958: Fix change notifications for DSP controls (Mark Brown) - firewire: core: extend card->lock in fw_core_handle_bus_reset (Niels Dossche) - firewire: remove check of list iterator against head past the loop body (Jakob Koschel) - firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) - Revert SUNRPC: attempt AF_LOCAL connect on setup (Trond Myklebust) - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (Takashi Sakamoto) - parisc: Merge model and model name into one line in /proc/cpuinfo (Helge Deller) - MIPS: Fix CP0 counter erratum detection for R4k CPUs (Maciej W. Rozycki) - tty: n_gsm: fix incorrect UA handling (Daniel Starke) - tty: n_gsm: fix wrong command frame length field encoding (Daniel Starke) - tty: n_gsm: fix wrong command retry handling (Daniel Starke) - tty: n_gsm: fix missing explicit ldisc flush (Daniel Starke) - tty: n_gsm: fix insufficient txframe size (Daniel Starke) - tty: n_gsm: fix malformed counter for out of frame data (Daniel Starke) - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Daniel Starke) - drivers: net: hippi: Fix deadlock in rr_close() (Duoming Zhou) - cifs: destage any unwritten data to the server before calling copychunk_write (Ronnie Sahlberg) - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (Mikulas Patocka) - ASoC: wm8731: Disable the regulator when probing fails (Zheyu Ma) - bnx2x: fix napi API usage sequence (Manish Chopra) - net: bcmgenet: hide status block before TX timestamping (Jonathan Lemon) - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (Yang Yingliang) - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (Christophe JAILLET) - tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (Eric Dumazet) - ip_gre: Make o_seqno start from 0 in native mode (Peilin Ye) - pinctrl: pistachio: fix use of irq_of_parse_and_map() (Lv Ruyi) - sctp: check asoc strreset_chunk in sctp_generate_reconf_event (Xin Long) - mtd: rawnand: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) - ipvs: correctly print the memory size of ip_vs_conn_tab (Pengcheng Yang) - ARM: dts: Fix mmc order for omap3-gta04 (H. Nikolaus Schaller) - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (Miaoqian Lin) - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (Krzysztof Kozlowski) - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (Miaoqian Lin) - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (Fabio Estevam) - USB: Fix xhci event ring dequeue pointer ERDP update issue (Weitao Wang) - hex2bin: fix access beyond string end (Mikulas Patocka) - hex2bin: make the function hex_to_bin constant-time (Mikulas Patocka) - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (Maciej W. Rozycki) - serial: 8250: Also set sticky MCR bits in console restoration (Maciej W. Rozycki) - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (Vijayavardhan Vennapusa) - usb: gadget: uvc: Fix crash when encoding data for usb request (Dan Vacura) - usb: misc: fix improper handling of refcount in uss720_probe() (Hangyu Hua) - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (Zheyu Ma) - iio: dac: ad5446: Fix read_raw not returning set value (Michael Hennerich) - iio: dac: ad5592r: Fix the missing return value. (Zizhuang Deng) - xhci: stop polling roothubs after shutdown (Henry Lin) - USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (Daniele Palmas) - USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (Slark Xiao) - USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (Bruno Thomsen) - USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (Kees Cook) - USB: quirks: add STRING quirk for VCOM device (Oliver Neukum) - USB: quirks: add a Realtek card reader (Oliver Neukum) - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (Macpaul Lin) - lightnvm: disable the subsystem (Greg Kroah-Hartman) - net/sched: cls_u32: fix netns refcount changes in u32_change() (Eric Dumazet) - hamradio: remove needs_free_netdev to avoid UAF (Lin Ma) - hamradio: defer 6pack kfree after unregister_netdev (Lin Ma) - floppy: disable FDRAWCMD by default (Willy Tarreau) - Linux 4.14.277 (Greg Kroah-Hartman) - ax25: Fix UAF bugs in ax25 timers (Duoming Zhou) - ax25: Fix NULL pointer dereferences in ax25 timers (Duoming Zhou) - ax25: fix NPD bug in ax25_disconnect (Duoming Zhou) - ax25: fix UAF bug in ax25_send_control() (Duoming Zhou) - ax25: Fix refcount leaks caused by ax25_cb_del() (Duoming Zhou) - ax25: fix UAF bugs of net_device caused by rebinding operation (Duoming Zhou) - ax25: fix reference count leaks of ax25_dev (Duoming Zhou) - ax25: add refcount in ax25_dev to avoid UAF bugs (Duoming Zhou) - block/compat_ioctl: fix range check in BLKGETSIZE (Khazhismel Kumykov) - staging: ion: Prevent incorrect reference counting behavour (Lee Jones) - ext4: force overhead calculation if the s_overhead_cluster makes no sense (Theodore Tso) - ext4: fix overhead calculation to account for the reserved gdt blocks (Theodore Tso) - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (Tadeusz Struk) - ext4: fix symlink file size not match to file content (Ye Bin) - ARC: entry: fix syscall_trace_exit argument (Sergey Matyukevich) - e1000e: Fix possible overflow in LTR decoding (Sasha Neftin) - ASoC: soc-dapm: fix two incorrect uses of list iterator (Xiaomeng Tong) - openvswitch: fix OOB access in reserve_sfa_size() (Paolo Valerio) - powerpc/perf: Fix power9 event alternatives (Athira Rajeev) - dma: at_xdmac: fix a missing check on list iterator (Xiaomeng Tong) - ata: pata_marvell: Check the bmdma_addr beforing reading (Zheyu Ma) - stat: fix inconsistency between struct stat and struct compat_stat (Mikulas Patocka) - net: macb: Restart tx only if queue pointer is lagging (Tomas Melin) - drm/msm/mdp5: check the return of kzalloc() (Xiaoke Wang) - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (David Howells) - vxlan: fix error return code in vxlan_fdb_append (Hongbin Wang) - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (Jiapeng Chong) - ARM: vexpress/spc: Avoid negative array index when !SMP (Kees Cook) - netlink: reset network and mac headers in netlink_dump() (Eric Dumazet) - net/packet: fix packet_sock xmit return value checking (Hangbin Liu) - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (Miaoqian Lin) - tcp: Fix potential use-after-free due to double kfree() (Kuniyuki Iwashima) - tcp: fix race condition when creating child sockets from syncookies (Ricardo Dias) - ALSA: usb-audio: Clear MIDI port active flag after draining (Takashi Iwai) - gfs2: assign rgrp glock before compute_bitstructs (Bob Peterson) - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) - tracing: Dump stacktrace trigger to the corresponding instance (Daniel Bristot de Oliveira) - tracing: Have traceon and traceoff trigger honor the instance (Steven Rostedt (Google)) - mm: page_alloc: fix building error on -Werror=array-compare (Xiongwei Song) - etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead (Kees Cook) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2588 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 6 Oracle Linux 7 [4.1.12-124.65.1.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460939] {CVE-2022-2588} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2588 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 7 [4.14.35-2047.516.1.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460938] {CVE-2022-2588} [4.14.35-2047.516.1] - KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug: 34323860] {CVE-2022-2153} - KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (Vitaly Kuznetsov) [Orabug: 34323860] {CVE-2022-2153} - KVM: Add infrastructure and macro to mark VM as bugged (Sean Christopherson) [Orabug: 34323860] {CVE-2022-2153} - xfs: dont use delalloc extents for COW on files with extsize hints (Christoph Hellwig) [Orabug: 34180868] [4.14.35-2047.516.0] - scsi: mpt3sas: Remove scsi_dma_map() error messages (Sreekanth Reddy) [Orabug: 34328903] - uek: kabi: new protected symbols for USM in OL7 (Saeed Mirzamohammadi) [Orabug: 34233902] - vfio/type1: add ioctl to check for correct pin accounting (Anthony Yznaga) [Orabug: 32967885] - vfio/type1: track pages pinned by vfio across exec (Anthony Yznaga) [Orabug: 32967885] - mm: track driver pinned pages across exec (Anthony Yznaga) [Orabug: 32967885] - vfio/type1: Fix vfio_find_dma_valid return (Anthony Yznaga) [Orabug: 32967885] - vfio/type1: fix unmap all on ILP32 (Steve Sistare) [Orabug: 32967885] - vfio/type1: block on invalid vaddr (Steve Sistare) [Orabug: 32967885] - vfio/type1: implement notify callback (Steve Sistare) [Orabug: 32967885] - vfio: iommu driver notify callback (Steve Sistare) [Orabug: 32967885] - vfio/type1: implement interfaces to update vaddr (Steve Sistare) [Orabug: 32967885] - vfio/type1: massage unmap iteration (Steve Sistare) [Orabug: 32967885] - vfio: interfaces to update vaddr (Steve Sistare) [Orabug: 32967885] - vfio/type1: implement unmap all (Steve Sistare) [Orabug: 32967885] - vfio/type1: unmap cleanup (Steve Sistare) [Orabug: 32967885] - vfio: option to unmap all (Steve Sistare) [Orabug: 32967885] - Linux 4.14.284 (Greg Kroah-Hartman) - x86/speculation/mmio: Print SMT warning (Josh Poimboeuf) - x86/cpu: Add another Alder Lake CPU to the Intel family (Gayatri Kammela) - x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family (Tony Luck) - x86/cpu: Add Comet Lake to the Intel CPU models header (Kan Liang) - x86/cpu: Add Cannonlake to Intel family (Rajneesh Bhardwaj) - x86/cpu: Add Jasper Lake to Intel family (Zhang Rui) - cpu/speculation: Add prototype for cpu_show_srbds() (Guenter Roeck) - x86/cpu: Add Elkhart Lake to Intel family (Gayatri Kammela) - Linux 4.14.283 (Greg Kroah-Hartman) - tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (Eric Dumazet) - PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) - mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) - mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) - md/raid0: Ignore RAID0 layout if the second zone has only one device (Pascal Hambourg) - powerpc/32: Fix overread/overwrite of thread_struct via ptrace (Michael Ellerman) - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (Mathias Nyman) - ixgbe: fix unexpected VLAN Rx in promisc mode on VF (Olivier Matz) - ixgbe: fix bcast packets Rx on VF after promisc removal (Olivier Matz) - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (Martin Faltesek) - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (Sergey Shtylyov) - cifs: return errors during session setup during reconnects (Shyam Prasad N) - ALSA: hda/conexant - Fix loopback issue with CX20632 (huangwenhui) - vringh: Fix loop descriptors check in the indirect cases (Xie Yongji) - nodemask: Fix return values to be unsigned (Kees Cook) - nbd: fix io hung while disconnecting device (Yu Kuai) - nbd: fix race between nbd_alloc_config() and module removal (Yu Kuai) - nbd: call genl_unregister_family() first in nbd_cleanup() (Yu Kuai) - modpost: fix undefined behavior of is_arm_mapping_symbol() (Masahiro Yamada) - drm/radeon: fix a possible null pointer dereference (Gong Yuanjun) - Revert net: af_key: add check for pfkey_broadcast in function pfkey_process (Michal Kubecek) - md: protect md_unregister_thread from reentrancy (Guoqing Jiang) - kernfs: Separate kernfs_pr_cont_buf and rename_lock. (Hao Luo) - serial: msm_serial: disable interrupts in __msm_console_write() (John Ogness) - staging: rtl8712: fix uninit-value in r871xu_drv_init() (Wang Cheng) - clocksource/drivers/sp804: Avoid error on multiple instances (Andre Przywara) - extcon: Modify extcon device to be created after driver data is set (bumwoo lee) - misc: rtsx: set NULL intfdata when probe fails (Shuah Khan) - usb: dwc2: gadget: dont reset gadgets driver->bus (Marek Szyprowski) - USB: hcd-pci: Fully suspend across freeze/thaw cycle (Evan Green) - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (Duoming Zhou) - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (Duoming Zhou) - USB: host: isp116x: check return value after calling platform_get_resource() (Zhen Ni) - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (Duoming Zhou) - tty: Fix a possible resource leak in icom_probe (Huang Guobin) - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (Zheyu Ma) - lkdtm/usercopy: Expand size of out of frame object (Kees Cook) - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (Xiaoke Wang) - drm: imx: fix compiler warning with gcc-12 (Linus Torvalds) - net: altera: Fix refcount leak in altera_tse_mdio_create (Miaoqian Lin) - net: ipv6: unexport __init-annotated seg6_hmac_init() (Masahiro Yamada) - net: xfrm: unexport __init-annotated xfrm4_protocol_init() (Masahiro Yamada) - net: mdio: unexport __init-annotated mdio_bus_init() (Masahiro Yamada) - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (Chuck Lever) - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman) - ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (Miaoqian Lin) - xprtrdma: treat all calls not a bcall when bc_serv is NULL (Kinglong Mee) - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (Yang Yingliang) - m68knommu: fix undefined reference to _init_sp (Greg Ungerer) - m68knommu: set ZERO_PAGE() to the allocated zeroed page (Greg Ungerer) - i2c: cadence: Increase timeout per message if necessary (Lucas Tanure) - tracing: Avoid adding tracer option before update_tracer_options (Mark-PK Tsai) - tracing: Fix sleeping function called from invalid context on RT kernel (Jun Miao) - mips: cpc: Fix refcount leak in mips_cpc_default_phys_base (Gong Yuanjun) - perf c2c: Fix sorting in percent_rmt_hitm_cmp() (Leo Yan) - tcp: tcp_rtx_synack() can be called from process context (Eric Dumazet) - ubi: ubi_create_volume: Fix use-after-free when volume creation failed (Zhihao Cheng) - jffs2: fix memory leak in jffs2_do_fill_super (Baokun Li) - modpost: fix removing numeric suffixes (Alexander Lobakin) - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (Miaoqian Lin) - net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (Dan Carpenter) - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (Miaoqian Lin) - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (Ilpo Jarvinen) - serial: sh-sci: Dont allow CS5-6 (Ilpo Jarvinen) - serial: txx9: Dont allow CS5-6 (Ilpo Jarvinen) - serial: digicolor-usart: Dont allow CS5-6 (Ilpo Jarvinen) - serial: meson: acquire port->lock in startup() (John Ogness) - rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) - soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) - coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) - rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) - USB: storage: karma: fix rio_karma_init return (Lin Ma) - usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) - usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) - tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) - staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) - netfilter: nf_tables: disallow non-stateful expression in sets earlier (Pablo Neira Ayuso) - MIPS: IP27: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) - phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) - dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) - docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) - phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) - arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) - gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) - ASoC: rt5514: Fix event generation for DSP Voice Wake Up control (Mark Brown) - rtl818x: Prevent using not initialized queues (Alexander Wetzel) - hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) - nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) - iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) - um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) - um: chan_user: Fix winch_tramp() return value (Johannes Berg) - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) - irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) - RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) - md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) - md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) - scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) - dlm: fix missing lkb refcount handling (Alexander Aring) - dlm: fix plock invalid read (Alexander Aring) - ext4: avoid cycles in directory h-tree (Jan Kara) - ext4: verify dir block before splitting it (Jan Kara) - ext4: fix bug_on in ext4_writepages (Ye Bin) - ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) - fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages (Zhihao Cheng) - iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) - wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) - perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) - perf c2c: Use stdio interface if slang is not supported (Leo Yan) - iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) - iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) - mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) - powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) - powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) - Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) - tty: fix deadlock caused by calling printk() under tty_port->lock (Qi Zheng) - powerpc/4xx/cpm: Fix return value of __setup() handler (Randy Dunlap) - powerpc/idle: Fix return value of __setup() handler (Randy Dunlap) - powerpc/8xx: export cpm_setbrg for modules (Randy Dunlap) - drivers/base/node.c: fix compaction sysfs file leak (Miaohe Lin) - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() (Gustavo A. R. Silva) - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (Lv Ruyi) - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (Stefan Wahren) - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (Phil Elwell) - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (Miaoqian Lin) - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (Miaoqian Lin) - rxrpc: Dont try to resend the request if were receiving the reply (David Howells) - rxrpc: Fix listen() setting the bar too high for the prealloc rings (David Howells) - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (Yang Yingliang) - sctp: read sk->sk_bound_dev_if once in sctp_rcv() (Eric Dumazet) - m68k: math-emu: Fix dependencies of math emulation support (Geert Uytterhoeven) - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (Ying Hsu) - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (Pavel Skripkin) - media: exynos4-is: Change clk_disable to clk_disable_unprepare (Miaoqian Lin) - media: st-delta: Fix PM disable depth imbalance in delta_probe (Miaoqian Lin) - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (Miaoqian Lin) - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (Miaoqian Lin) - media: uvcvideo: Fix missing check to determine if element is found in list (Xiaomeng Tong) - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (Dan Carpenter) - x86/mm: Cleanup the control_va_addr_alignment() __setup handler (Randy Dunlap) - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - x86: Fix return value of __setup handlers (Randy Dunlap) - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (Yang Yingliang) - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (Yang Yingliang) - drm/msm/dsi: fix error checks and return values for DSI xmit functions (Dmitry Baryshkov) - x86/pm: Fix false positive kmemleak report in msr_build_context() (Matthieu Baerts) - fsnotify: fix wrong lockdep annotations (Amir Goldstein) - inotify: show inotify mask flags in proc fdinfo (Amir Goldstein) - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (Dan Carpenter) - spi: img-spfi: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) - HID: hid-led: fix maximum brightness for Dream Cheeky (Jonathan Teh) - efi: Add missing prototype for efi_capsule_setup_info (Jan Kiszka) - NFC: NULL out the dev->rfkill to prevent UAF (Lin Ma) - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (Miaoqian Lin) - drm/mediatek: Fix mtk_cec_mask() (Miles Chen) - x86/delay: Fix the wrong asm constraint in delay_loop() (Ammar Faizi) - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (Miaoqian Lin) - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (Miaoqian Lin) - ath9k: fix ar9003_get_eepmisc (Wenli Looi) - drm: fix EDID struct for old ARM OABI format (Saeed Mirzamohammadi) - RDMA/hfi1: Prevent panic when SDMA is disabled (Douglas Miller) - macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled (Finn Thain) - powerpc/xics: fix refcount leak in icp_opal_init() (Lv Ruyi) - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Vasily Averin) - PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (Yicong Yang) - ARM: hisi: Add missing of_node_put after of_find_compatible_node (Peng Wu) - ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (Krzysztof Kozlowski) - ARM: versatile: Add missing of_node_put in dcscb_init (Peng Wu) - fat: add ratelimit to fat*_ent_bread() (OGAWA Hirofumi) - ARM: OMAP1: clock: Fix UART rate reporting algorithm (Janusz Krzysztofik) - fs: jfs: fix possible NULL pointer dereference in dbFree() (Zixuan Fu) - ARM: dts: ox820: align interrupt controller node name with dtschema (Krzysztof Kozlowski) - eth: tg3: silence the GCC 12 array-bounds warning (Jakub Kicinski) - rxrpc: Return an error to sendmsg if call failed (David Howells) - media: exynos4-is: Fix compile warning (Kwanghoon Son) - net: phy: micrel: Allow probing without .driver_data (Fabio Estevam) - ASoC: rt5645: Fix errorenous cleanup order (Lin Ma) - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (Smith, Kyle Miller (Nimble Kernel)) - openrisc: start CPU timer early in boot (Jason A. Donenfeld) - rtlwifi: Use pr_warn instead of WARN_ONCE (Dongliang Mu) - ipmi:ssif: Check for NULL msg when handling events and messages (Corey Minyard) - dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (Mikulas Patocka) - s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES (Heiko Carstens) - ASoC: dapm: Dont fold register value changes into notifications (Mark Brown) - ipv6: Dont send rs packets to the interface of ARPHRD_TUNNEL (jianghaoran) - drm/amd/pm: fix the compile warning (Evan Quan) - scsi: megaraid: Fix error check return value of register_chrdev() (Lv Ruyi) - media: cx25821: Fix the warning when removing the module (Zheyu Ma) - media: pci: cx23885: Fix the error handling in cx23885_initdev() (Zheyu Ma) - media: venus: hfi: avoid null dereference in deinit (Luca Weiss) - ath9k: fix QCA9561 PA bias level (Thibaut VARENE) - drm/amd/pm: fix double free in si_parse_power_table() (Keita Suzuki) - ALSA: jack: Access input_dev under mutex (Amadeusz Slawinski) - ACPICA: Avoid cache flush inside virtual machines (Kirill A. Shutemov) - ipw2x00: Fix potential NULL dereference in libipw_xmit() (Haowen Bai) - b43: Fix assigning negative value to unsigned variable (Haowen Bai) - b43legacy: Fix assigning negative value to unsigned variable (Haowen Bai) - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (Niels Dossche) - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (Liu Zixian) - btrfs: repair super block num_devices automatically (Qu Wenruo) - btrfs: add 0x prefix for unsupported optional features (Qu Wenruo) - ptrace: Reimplement PTRACE_KILL by always sending SIGKILL (Eric W. Biederman) - ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP (Eric W. Biederman) - USB: new quirk for Dell Gen 2 devices (Monish Kumar R) - USB: serial: option: add Quectel BG95 modem (Carl Yin) - binfmt_flat: do not stop relocating GOT entries prematurely on riscv (Niklas Cassel) - Linux 4.14.282 (Greg Kroah-Hartman) - bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes (Liu Jian) - NFSD: Fix possible sleep during nfsd4_release_lockowner() (Chuck Lever) - docs: submitting-patches: Fix crossref to The canonical patch format (Akira Yokosawa) - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (Xiu Jianfeng) - dm verity: set DM_TARGET_IMMUTABLE feature flag (Sarthak Kukreti) - dm stats: add cond_resched when looping over entries (Mikulas Patocka) - dm crypt: make printing of the key constant-time (Mikulas Patocka) - dm integrity: fix error code in dm_integrity_ctr() (Dan Carpenter) - zsmalloc: fix races between asynchronous zspage free and page migration (Sultan Alsawaf) - netfilter: conntrack: re-fetch conntrack after insertion (Florian Westphal) - exec: Force single empty string when argv is empty (Kees Cook) - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (Haimin Zhang) - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (Gustavo A. R. Silva) - drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (Piyush Malgujar) - net: ftgmac100: Disable hardware checksum on AST2600 (Joel Stanley) - net: af_key: check encryption module availability consistency (Thomas Bartschies) - ACPI: sysfs: Fix BERT error region memory mapping (Lorenzo Pieralisi) - ACPI: sysfs: Make sparse happy about address space in use (Andy Shevchenko) - secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) - tcp: change source port randomizarion at connect() time (Eric Dumazet) - staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov (Oracle)) - x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (Thomas Gleixner) - Linux 4.14.281 (Greg Kroah-Hartman) - Reinstate some of swiotlb: rework fix info leak with DMA_FROM_DEVICE (Linus Torvalds) - swiotlb: fix info leak with DMA_FROM_DEVICE (Halil Pasic) - net: atlantic: verify hw_head_ lies within TX buffer ring (Grant Grundler) - net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() (Yang Yingliang) - ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() (Yang Yingliang) - mac80211: fix rx reordering with non explicit / psmp ack policy (Felix Fietkau) - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (Gleb Chesnokov) - perf bench numa: Address compiler error on s390 (Thomas Richter) - gpio: mvebu/pwm: Refuse requests with inverted polarity (Uwe Kleine-Konig) - gpio: gpio-vf610: do not touch other bits when set the target bit (Haibo Chen) - net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. (Andrew Lunn) - igb: skip phy status check where unavailable (Kevin Mitchell) - ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (Ard Biesheuvel) - ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (Ard Biesheuvel) - net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang) - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (Duoming Zhou) - net/qla3xxx: Fix a test in ql_reset_work() (Christophe JAILLET) - clk: at91: generated: consider range when calculating best rate (Codrin Ciubotariu) - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) - mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch() (Ulf Hansson) - mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (Ulf Hansson) - mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (Ulf Hansson) - drm/dp/mst: fix a possible memory leak in fetch_monitor_name() (Hangyu Hua) - ALSA: wavefront: Proper check of get_user() error (Takashi Iwai) - ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (linyujun) - drbd: remove usage of list iterator variable after loop (Jakob Koschel) - MIPS: lantiq: check the return value of kzalloc() (Xiaoke Wang) - Input: stmfts - fix reference leak in stmfts_input_open (Zheng Yongjun) - Input: add bounds checking to input_set_capability() (Jeff LaBundy) - um: Cleanup syscall_handler_t definition/cast, fix warning (David Gow) [4.14.35-2047.515.3] - uek-rpm: Enable Pensando EMMC reset controller (Thomas Tai) [Orabug: 34325721] - mfd: pensando_elbasr: Add Pensando Elba System Resource Chip (Brad Larson) [Orabug: 34325721] - dsc-drivers: update drivers for 1.15.9-C-65 (Shannon Nelson) [Orabug: 34325721] [4.14.35-2047.515.2] - net/rds: Delayed DR_SOCK_CANCEL (Gerd Rausch) [Orabug: 34105319] [4.14.35-2047.515.1] - sched/rt: Disable RT_RUNTIME_SHARE by default (Daniel Bristot de Oliveira) [Orabug: 34193333] - mstflint_access: Update driver code to v4.20.1-1 from Github (Qing Huang) [Orabug: 34286148] [4.14.35-2047.515.0] - net: ip: avoid OOM kills with large UDP sends over loopback (Venkat Venkatsubra) [Orabug: 34066209] - rdmaip: Flush ARP cache after address has been cleared (Gerd Rausch) [Orabug: 34285241] - rds: Include congested flag in rds_sock struct. (Rohit Nair) [Orabug: 34261492] - cpu/hotplug: Allow the CPU in CPU_UP_PREPARE state to be brought up again. (Longpeng(Mike)) [Orabug: 34234771] - x86/xen: Allow to retry if cpu_initialize_context() failed. (Boris Ostrovsky) [Orabug: 34234771] - floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218640] {CVE-2022-1652} - assoc_array: Fix BUG_ON during garbage collect (Stephen Brennan) [Orabug: 34162064] - exec, elf: fix reserve_va_range() sanity check (Anthony Yznaga) [Orabug: 32387887] - exec, elf: use already allocated notes data in reserve_va_range() (Anthony Yznaga) [Orabug: 32387887] - mm: madv_doexec_flag sysctl (Anthony Yznaga) [Orabug: 32387887] - mm: introduce MADV_DOEXEC (Anthony Yznaga) [Orabug: 32387887] - exec, elf: require opt-in for accepting preserved mem (Anthony Yznaga) [Orabug: 32387887] - mm: introduce VM_EXEC_KEEP (Anthony Yznaga) [Orabug: 32387887] - mm: fail exec if stack expansion will overlap another vma (Anthony Yznaga) [Orabug: 32387887] - mm: do not assume only the stack vma exists in setup_arg_pages() (Anthony Yznaga) [Orabug: 32387887] - ELF: when loading PIE binaries check for overlap with existing mappings (Anthony Yznaga) [Orabug: 32387887] - Linux 4.14.280 (Greg Kroah-Hartman) - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (Yang Yingliang) - ping: fix address binding wrt vrf (Nicolas Dichtel) - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (Zack Rusin) - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) - USB: serial: option: add Fibocom MA510 modem (Sven Schwermer) - USB: serial: option: add Fibocom L610 modem (Sven Schwermer) - USB: serial: qcserial: add support for Sierra Wireless EM7590 (Ethan Yang) - USB: serial: pl2303: add device id for HP LM930 Display (Scott Chen) - usb: cdc-wdm: fix reading stuck on device close (Sergey Ryazanov) - tcp: resalt the secret every 10 seconds (Eric Dumazet) - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (Mark Brown) - ASoC: max98090: Generate notifications on changes for custom control (Mark Brown) - ASoC: max98090: Reject invalid values in custom control put() (Mark Brown) - hwmon: (f71882fg) Fix negative temperature (Ji-Ze Hong (Peter Hong)) - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (Taehee Yoo) - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (Guangguan Wang) - s390/lcs: fix variable dereferenced before check (Alexandra Winter) - s390/ctcm: fix potential memory leak (Alexandra Winter) - s390/ctcm: fix variable dereferenced before check (Alexandra Winter) - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (Randy Dunlap) - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) - netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet) - ipv4: drop dst in multicast routing path (Lokesh Dhoundiyal) - net: Fix features skip in for_each_netdev_feature() (Tariq Toukan) - batman-adv: Dont skb_split skbuffs with frag_list (Sven Eckelmann) - Linux 4.14.279 (Greg Kroah-Hartman) - VFS: Fix memory leak caused by concurrently mounting fs with subtype (ChenXiaoSong) - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (Takashi Iwai) - mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (Muchun Song) - mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (Muchun Song) - mmc: rtsx: add 74 Clocks in power on flow (Ricky WU) - Bluetooth: Fix the creation of hdev->name (Itay Iellin) - can: grcan: only use the NAPI poll budget for RX (Andreas Larsson) - can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (Andreas Larsson) - block: drbd: drbd_nl: Make conversion to enum drbd_ret_code explicit (Lee Jones) - MIPS: Use address-of operator on section symbols (Nathan Chancellor) - Linux 4.14.278 (Greg Kroah-Hartman) - PCI: aardvark: Fix reading MSI interrupt number (Pali Rohar) - PCI: aardvark: Clear all MSIs at setup (Pali Rohar) - dm: interlock pending dm_io and dm_wait_for_bios_completion (Mike Snitzer) - dm: fix mempool NULL pointer race when completing IO (Jiazi Li) - net: ipv6: ensure we call ipv6_mc_down() at most once (j.nixdorf@avm.de) - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (Sandipan Das) - net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet) - btrfs: always log symlinks in full mode (Filipe Manana) - smsc911x: allow using IRQ0 (Sergey Shtylyov) - net: emaclite: Add error handling for of_address_to_resource() (Shravya Kumbham) - hwmon: (adt7470) Fix warning on module removal (Armin Wolf) - NFC: netlink: fix sleep in atomic bug when firmware download timeout (Duoming Zhou) - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (Duoming Zhou) - nfc: replace improper check device_is_registered() in netlink related functions (Duoming Zhou) - can: grcan: use ofdev->dev when allocating DMA memory (Daniel Hellstrom) - can: grcan: grcan_close(): fix deadlock (Duoming Zhou) - ASoC: wm8958: Fix change notifications for DSP controls (Mark Brown) - firewire: core: extend card->lock in fw_core_handle_bus_reset (Niels Dossche) - firewire: remove check of list iterator against head past the loop body (Jakob Koschel) - firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) - Revert SUNRPC: attempt AF_LOCAL connect on setup (Trond Myklebust) - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (Takashi Sakamoto) - parisc: Merge model and model name into one line in /proc/cpuinfo (Helge Deller) - MIPS: Fix CP0 counter erratum detection for R4k CPUs (Maciej W. Rozycki) - tty: n_gsm: fix incorrect UA handling (Daniel Starke) - tty: n_gsm: fix wrong command frame length field encoding (Daniel Starke) - tty: n_gsm: fix wrong command retry handling (Daniel Starke) - tty: n_gsm: fix missing explicit ldisc flush (Daniel Starke) - tty: n_gsm: fix insufficient txframe size (Daniel Starke) - tty: n_gsm: fix malformed counter for out of frame data (Daniel Starke) - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Daniel Starke) - drivers: net: hippi: Fix deadlock in rr_close() (Duoming Zhou) - cifs: destage any unwritten data to the server before calling copychunk_write (Ronnie Sahlberg) - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (Mikulas Patocka) - ASoC: wm8731: Disable the regulator when probing fails (Zheyu Ma) - bnx2x: fix napi API usage sequence (Manish Chopra) - net: bcmgenet: hide status block before TX timestamping (Jonathan Lemon) - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (Yang Yingliang) - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (Christophe JAILLET) - tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (Eric Dumazet) - ip_gre: Make o_seqno start from 0 in native mode (Peilin Ye) - pinctrl: pistachio: fix use of irq_of_parse_and_map() (Lv Ruyi) - sctp: check asoc strreset_chunk in sctp_generate_reconf_event (Xin Long) - mtd: rawnand: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) - ipvs: correctly print the memory size of ip_vs_conn_tab (Pengcheng Yang) - ARM: dts: Fix mmc order for omap3-gta04 (H. Nikolaus Schaller) - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (Miaoqian Lin) - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (Krzysztof Kozlowski) - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (Miaoqian Lin) - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (Fabio Estevam) - USB: Fix xhci event ring dequeue pointer ERDP update issue (Weitao Wang) - hex2bin: fix access beyond string end (Mikulas Patocka) - hex2bin: make the function hex_to_bin constant-time (Mikulas Patocka) - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (Maciej W. Rozycki) - serial: 8250: Also set sticky MCR bits in console restoration (Maciej W. Rozycki) - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (Vijayavardhan Vennapusa) - usb: gadget: uvc: Fix crash when encoding data for usb request (Dan Vacura) - usb: misc: fix improper handling of refcount in uss720_probe() (Hangyu Hua) - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (Zheyu Ma) - iio: dac: ad5446: Fix read_raw not returning set value (Michael Hennerich) - iio: dac: ad5592r: Fix the missing return value. (Zizhuang Deng) - xhci: stop polling roothubs after shutdown (Henry Lin) - USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (Daniele Palmas) - USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (Slark Xiao) - USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (Bruno Thomsen) - USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (Kees Cook) - USB: quirks: add STRING quirk for VCOM device (Oliver Neukum) - USB: quirks: add a Realtek card reader (Oliver Neukum) - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (Macpaul Lin) - lightnvm: disable the subsystem (Greg Kroah-Hartman) - net/sched: cls_u32: fix netns refcount changes in u32_change() (Eric Dumazet) - hamradio: remove needs_free_netdev to avoid UAF (Lin Ma) - hamradio: defer 6pack kfree after unregister_netdev (Lin Ma) - floppy: disable FDRAWCMD by default (Willy Tarreau) - Linux 4.14.277 (Greg Kroah-Hartman) - ax25: Fix UAF bugs in ax25 timers (Duoming Zhou) - ax25: Fix NULL pointer dereferences in ax25 timers (Duoming Zhou) - ax25: fix NPD bug in ax25_disconnect (Duoming Zhou) - ax25: fix UAF bug in ax25_send_control() (Duoming Zhou) - ax25: Fix refcount leaks caused by ax25_cb_del() (Duoming Zhou) - ax25: fix UAF bugs of net_device caused by rebinding operation (Duoming Zhou) - ax25: fix reference count leaks of ax25_dev (Duoming Zhou) - ax25: add refcount in ax25_dev to avoid UAF bugs (Duoming Zhou) - block/compat_ioctl: fix range check in BLKGETSIZE (Khazhismel Kumykov) - staging: ion: Prevent incorrect reference counting behavour (Lee Jones) - ext4: force overhead calculation if the s_overhead_cluster makes no sense (Theodore Tso) - ext4: fix overhead calculation to account for the reserved gdt blocks (Theodore Tso) - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (Tadeusz Struk) - ext4: fix symlink file size not match to file content (Ye Bin) - ARC: entry: fix syscall_trace_exit argument (Sergey Matyukevich) - e1000e: Fix possible overflow in LTR decoding (Sasha Neftin) - ASoC: soc-dapm: fix two incorrect uses of list iterator (Xiaomeng Tong) - openvswitch: fix OOB access in reserve_sfa_size() (Paolo Valerio) - powerpc/perf: Fix power9 event alternatives (Athira Rajeev) - dma: at_xdmac: fix a missing check on list iterator (Xiaomeng Tong) - ata: pata_marvell: Check the bmdma_addr beforing reading (Zheyu Ma) - stat: fix inconsistency between struct stat and struct compat_stat (Mikulas Patocka) - net: macb: Restart tx only if queue pointer is lagging (Tomas Melin) - drm/msm/mdp5: check the return of kzalloc() (Xiaoke Wang) - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (David Howells) - vxlan: fix error return code in vxlan_fdb_append (Hongbin Wang) - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (Jiapeng Chong) - ARM: vexpress/spc: Avoid negative array index when !SMP (Kees Cook) - netlink: reset network and mac headers in netlink_dump() (Eric Dumazet) - net/packet: fix packet_sock xmit return value checking (Hangbin Liu) - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (Miaoqian Lin) - tcp: Fix potential use-after-free due to double kfree() (Kuniyuki Iwashima) - tcp: fix race condition when creating child sockets from syncookies (Ricardo Dias) - ALSA: usb-audio: Clear MIDI port active flag after draining (Takashi Iwai) - gfs2: assign rgrp glock before compute_bitstructs (Bob Peterson) - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) - tracing: Dump stacktrace trigger to the corresponding instance (Daniel Bristot de Oliveira) - tracing: Have traceon and traceoff trigger honor the instance (Steven Rostedt (Google)) - mm: page_alloc: fix building error on -Werror=array-compare (Xiongwei Song) - etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead (Kees Cook) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2588 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 8 libvirt [5.7.0-34.el8] - qemu: blockcopy: Allow late opening of the backing chain of a shallow copy (Peter Krempa) [Orabug: 33091019] - qemu: capabilities: Introduce QEMU_CAPS_BLOCKDEV_SNAPSHOT_ALLOW_WRITE_ONLY (Peter Krempa) [Orabug: 33091019] - qemuDomainBlockCopyCommon: Record updated flags to block job (Peter Krempa) [Orabug: 33091019] - qemuDomainBlockPivot: Move check prior to executing the pivot steps (Peter Krempa) [Orabug: 33091019] - qemu: Tell secdrivers which images are top parent (Michal Privoznik) [Orabug: 33091019] - qemuDomainBlockPivot: Copy bitmaps backing checkpoints for virDomainBlockCopy (Peter Krempa) [Orabug: 33091019] - qemu: block: Introduce function to calculate bitmap handling for block-copy (Peter Krempa) [Orabug: 33091019] - qemu: block: Add validator for bitmap chains accross backing chains (Peter Krempa) [Orabug: 33091019] - qemu: blockjob: Store flags for all the block job types (Peter Krempa) [Orabug: 33091019] - qemu: blockjob: Store jobflags with block job data (Peter Krempa) [Orabug: 33091019] - util: json: Introduce virJSONValueArrayConcat (Peter Krempa) [Orabug: 33091019] - qemu: block: Extract calls of qemuBlockGetNamedNodeData into a helper function (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Track and relabel images for bitmap merging (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Introduce support for deleting checkpoints accross snapshots (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Extract calculation of bitmap merging for checkpoint deletion (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Introduce helper to find checkpoint disk definition in parents (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: tolerate missing disks on checkpoint deletion (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Use disk definition directly when creating checkpoint (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: rename disk->chkdisk in qemuCheckpointAddActions (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: rename disk->chkdisk in qemuCheckpointDiscardBitmaps (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: split out checkpoint deletion bitmaps (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Store whether deleted checkpoint is current in a variable (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Extract and export rollback of checkpoint metadata storing (Peter Krempa) [Orabug: 33091019] - qemu: block: Introduce qemuBlockNamedNodeDataGetBitmapByName (Peter Krempa) [Orabug: 33091019] - qemu: snapshot: Propagate active bitmaps through external snapshots (Peter Krempa) [Orabug: 33091019] - qemu: monitor: Add granularity parameter for block-dirty-bitmap-add (Peter Krempa) [Orabug: 33091019] - qemu: snapshot: Fold formatting of snapshot transaction into prepare func (Peter Krempa) [Orabug: 33091019] - qemu: Check for explicit failure of qemuBlockSnapshotAddBlockdev (Peter Krempa) [Orabug: 33091019] - qemu: monitor: Extract internals of qemuMonitorJSONBlockGetNamedNodeData (Peter Krempa) [Orabug: 33091019] - qemu: monitor: Extract data about dirty-bimaps in qemuMonitorBlockGetNamedNodeData (Peter Krempa) [Orabug: 33091019] - qemu: block: enable the snapshot image deletion feature (Pavel Mores) [Orabug: 33091019] - qemu: block: propagate the delete flag to where it can actually be used (Pavel Mores) [Orabug: 33091019] - qemu: checkpoint: fix NULL dereference at create time (Cole Robinson) [Orabug: 33091019] - qemu: snapshot: Mark file becoming backingStore as read-only (Peter Krempa) [Orabug: 33091019] - util: consolidate on one free callback for hash data (Daniel P. Berrange) [Orabug: 33091019] - conf: stop using hash key when freeing hash entries (Daniel P. Berrange) [Orabug: 33091019] - qemu: checkpoint: Use qemuMonitorTransactionBitmapMergeSourceAddBitmap (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Fix rollback and access to unlocked vm when deleting checkpoints (Peter Krempa) [Orabug: 33091019] - qemu: snapshot: split out preparation of a snapshot with blockdev (Peter Krempa) [Orabug: 33091019] - qemu: monitor: Add helper for generating data for block bitmap merging (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Extract finalizing steps of checkpoint creation (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Split out checkpoint creation code (Peter Krempa) [Orabug: 33091019] - qemu: block: Dont query monitor in qemuBlockStorageSourceCreateDetectSize (Peter Krempa) [Orabug: 33091019] - qemu: monitor: Introduce new interface to query-named-block-nodes (Peter Krempa) [Orabug: 33091019] - util: hash: Introduce virHashHasEntry (Peter Krempa) [Orabug: 33091019] - util: hash: Add new constructor virHashNew (Peter Krempa) [Orabug: 33091019] - util: hash: Add possibility to use simpler data free function in virHash (Peter Krempa) [Orabug: 33091019] - conf: Introduce virDomainDiskByTarget (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Dont update current checkpoint until we are done (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Replace open-coded transaction action generators (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Refactor cleanup in qemuCheckpointCreateXML (Peter Krempa) [Orabug: 33091019] - qemu: domain: Move checkpoint related code to qemu_checkpoint.c (Peter Krempa) [Orabug: 33091019] - qemu: driver: Move checkpoint-related code to qemu_checkpoint.c (Peter Krempa) [Orabug: 33091019] - qemu: Move, rename and export qemuDomObjFromDomain (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Dont forbid checkpoint when VM is marked for autodestroy (Peter Krempa) [Orabug: 33091019] - Prepare to hotplug vNUMA targets for non-X86_64 guests (Wim ten Have) [Orabug: 34256070] - qemu: Add missing lock in qemuProcessHandleMonitorEOF (Peng Liang) [Orabug: 34210159] {CVE-2021-3975} libvirt-python [5.7.0-34.el8] - libvirt-python.spec: Bump Obsoletes version number for libvirt-python (Karl Heubaum) [Orabug: 34185868] qemu-kvm [4.2.1-18.el8] - block: introduce max_hw_iov for use in scsi-generic (Paolo Bonzini) [Orabug: 33785156] - file-posix: try BLKSECTGET on block devices too, do not round to power of 2 (Paolo Bonzini) [Orabug: 33785156] - block: add max_hw_transfer to BlockLimits (Paolo Bonzini) [Orabug: 33785156] - block-backend: align max_transfer to request alignment (Paolo Bonzini) [Orabug: 33785156] - osdep: provide ROUND_DOWN macro (Paolo Bonzini) [Orabug: 33785156] - scsi-generic: pass max_segments via max_iov field in BlockLimits (Paolo Bonzini) [Orabug: 33785156] - file-posix: fix max_iov for /dev/sg devices (Paolo Bonzini) [Orabug: 33785156] - display/qxl-render: fix race condition in qxl_cursor (CVE-2021-4207) (Mauro Matteo Cascella) [Orabug: 34049511] {CVE-2021-4207} - ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206) (Mauro Matteo Cascella) [Orabug: 34049509] {CVE-2021-4206} - hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507) (Philippe Mathieu-Daude) [Orabug: 32860387] {CVE-2021-3507} - pc: q35: Bump max_cpus to 512 (Suravee Suthikulpanit) [Orabug: 34314249] - tests/qtest: fix pvpanic-pci-test (Mark Kanda) [Orabug: 34284763] - libqos: pci-pc: use 32-bit write for EJ register (Paolo Bonzini) [Orabug: 34284758] - libqos: usb-hcd-ehci: use 32-bit write for config register (Paolo Bonzini) [Orabug: 34284768] - target/i386/kvm: Fix disabling MPX on -cpu host with MPX-capable host (Maciej S. Szmigiero) [Orabug: 33528615] - i386: Mask SVM features if nested SVM is disabled (Eduardo Habkost) [Orabug: 33860224] - ide: Cap LBA28 capacity announcement to 2^28-1 (Samuel Thibault) [Orabug: 25327652] - tests/acpi: update expected arm/virt tables (Mark Kanda) [Orabug: 34132842] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-3507 CVE-2021-4206 CVE-2021-3975 CVE-2021-4207 cpe:/a:oracle:linux:8::kvm_appstream Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.310.7] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480880] {CVE-2022-2588} - x86/spec_ctrl: limit IBRS_FW to retpoline only (Ankur Arora) [Orabug: 34450896] - x86/bugs: display dynamic retbleed state (Ankur Arora) [Orabug: 34450896] - x86/bugs: remove incorrect __init/__ro_after_init annotations (Ankur Arora) [Orabug: 34455621] [5.4.17-2136.310.6] - SUNRPC: Fix READ_PLUS crasher (Chuck Lever) - Revert 'hwmon: Make chip parameter for with_info API mandatory' (Greg Kroah-Hartman) [Orabug: 34423806] - ext4: make variable 'count' signed (Ding Xiang) - faddr2line: Fix overlapping text section failures, the sequel (Josh Poimboeuf) [5.4.17-2136.310.5] - arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - KVM: emulate: do not adjust size of fastop and setcc subroutines (Paolo Bonzini) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Thadeu Lima de Souza Cascardo) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt (Alexandre Chartre) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Disable RRSBA behavior (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/exec: Disable RET on kexec (Konrad Rzeszutek Wilk) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Add Cannon lake to RETBleed affected CPU list (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/common: Stamp out the stepping madness (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - KVM/VMX: Use TEST %REG,%REG instead of CMP /u03/ksharma/errata_processing/work/el7uek6/db_7uek6.ELSA-2022-9709,%REG in vmenter.S (Uros Bizjak) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw (Uros Bizjak) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Add entry UNRET validation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - kbuild/objtool: Add objtool-vmlinux.o pass (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Add retbleed=ibpb (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/xen: Rename SYS* entry points (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Update Retpoline validation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - intel_idle: Disable IBRS during long idle (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/entry: Add kernel IBRS implementation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Report AMD retbleed vulnerability (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86: Add magic AMD return-thunk (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/vmlinux: Use INT3 instead of NOP for linker fill bytes (Kees Cook) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/realmode: build with __DISABLE_EXPORTS (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86: Use return-thunk in asm code (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/sev: Avoid using __x86_return_thunk (Kim Phillips) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/bpf: Alternative RET encoding (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/ftrace: Alternative RET encoding (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86,objtool: Create .return_sites (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/mm: elide references to .discard.* from .return_sites (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86: Undo return-thunk damage (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/retpoline: Use -mfunction-return (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/alternative: Support not-feature (Juergen Gross) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/features: Move RETPOLINE flags to word 11 (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86: Add straight-line-speculation mitigation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86: Prepare asm files for straight-line-speculation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/lib/atomic64_386_32: Rename things (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Add straight-line-speculation validation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Classify symbols (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Create reloc sections implicitly (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Add elf_create_reloc() helper (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Rework the elf_rebuild_reloc_section() logic (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Handle per arch retpoline naming (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Correctly handle retpoline thunk calls (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Support retpoline jump detection for vmlinux.o (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Add 'alt_group' struct (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Clean up elf_write() condition (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Add support for relocations without addends (Matt Helsley) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Rename rela to reloc (Matt Helsley) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: optimize add_dead_ends for split sections (Sami Tolvanen) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Move the IRET hack into the arch decoder (Miroslav Benes) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Rename elf_read() to elf_open_read() (Ingo Molnar) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Constify 'struct elf *' parameters (Ingo Molnar) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Optimize !vmlinux.o again (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Better handle IRET (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/unwind_hints: define unwind_hint_save, unwind_hint_restore (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Add abstraction for destination offsets (Raphael Gault) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Fix off-by-one in symbol_by_offset() (Julien Thierry) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Optimize find_rela_by_dest_range() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Optimize read_sections() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Optimize find_symbol_by_name() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Rename find_containing_func() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Optimize find_symbol_*() and read_symbols() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Optimize find_section_by_name() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Optimize find_section_by_index() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Add a statistics mode (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Optimize find_symbol_by_index() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Rename func_for_each_insn_all() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Rename func_for_each_insn() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Introduce validate_return() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Improve call destination function detection (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Fix clang switch table edge case (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Add relocation check for alternative sections (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Add is_static_jump() helper (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} [5.4.17-2136.310.4] - lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34400675] {CVE-2022-21505} - bnxt_en: Use page frag RX buffers for better software GRO performance (Jakub Kicinski) [Orabug: 34083551] - bnxt_en: enable interrupt sampling on 5750X for DIM (Andy Gospodarek) [Orabug: 34083551] - bnxt_en: Add event handler for PAUSE Storm event (Somnath Kotur) [Orabug: 34083551] - bnxt_en: reject indirect blk offload when hw-tc-offload is off (Sriharsha Basavapatna) [Orabug: 34083551] - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (Edwin Peer) [Orabug: 34083551] - bnxt_en: Fix error recovery regression (Michael Chan) [Orabug: 34083551] - bnxt_en: Fix possible unintended driver initiated error recovery (Michael Chan) [Orabug: 34083551] - bnxt: count discards due to memory allocation errors (Jakub Kicinski) [Orabug: 34083551] - bnxt: count packets discarded because of netpoll (Jakub Kicinski) [Orabug: 34083551] - ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364337] - ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364337] - net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34371884] [5.4.17-2136.310.3] - RDS/IB: Fix RDS IB SRQ implementation and tune it (Hans Westgaard Ry) [Orabug: 31899472] - RDS/IB: Introduce bit_flag routines with memory-barrier for bit flags (Hans Westgaard Ry) [Orabug: 31899472] - xfs: don't fail unwritten extent conversion on writeback due to edquot (Darrick J. Wong) [Orabug: 33786167] - mm/page_alloc: reuse tail struct pages for compound devmaps (Joao Martins) [Orabug: 34314763] - mm/sparse-vmemmap: improve memory savings for compound devmaps (Joao Martins) [Orabug: 34314763] - mm/sparse-vmemmap: refactor core of vmemmap_populate_basepages() to helper (Joao Martins) [Orabug: 34314763] - mm/sparse-vmemmap: add a pgmap argument to section activation (Joao Martins) [Orabug: 34314763] - memory-failure: fetch compound_head after pgmap_pfn_valid() (Joao Martins) [Orabug: 34314763] - device-dax: compound devmap support (Joao Martins) [Orabug: 34314763] - device-dax: factor out page mapping initialization (Joao Martins) [Orabug: 34314763] - device-dax: ensure dev_dax->pgmap is valid for dynamic devices (Joao Martins) [Orabug: 34314763] - device-dax: use struct_size() (Joao Martins) [Orabug: 34314763] - device-dax: use ALIGN() for determining pgoff (Joao Martins) [Orabug: 34314763] - mm/memremap: add ZONE_DEVICE support for compound pages (Joao Martins) [Orabug: 34314763] - mm/page_alloc: refactor memmap_init_zone_device() page init (Joao Martins) [Orabug: 34314763] - mm/page_alloc: split prep_compound_page into head and tail subparts (Joao Martins) [Orabug: 34314763] - RDMA/umem: batch page unpin in __ib_umem_release() (Joao Martins) [Orabug: 34314763] - mm/gup: add a range variant of unpin_user_pages_dirty_lock() (Joao Martins) [Orabug: 34314763] - KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug: 34323859] {CVE-2022-2153} - KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (Vitaly Kuznetsov) [Orabug: 34323859] {CVE-2022-2153} - KVM: Add infrastructure and macro to mark VM as bugged (Sean Christopherson) [Orabug: 34323859] {CVE-2022-2153} - rds: ib: Qualify RNR Retry Timer check with firmware version (Freddy Carrillo) [Orabug: 34330922] - x86/boot/compressed/64: Disable 5-level page tables on AMD (Boris Ostrovsky) [Orabug: 34366382] [5.4.17-2136.310.2] - LTS tag: v5.4.199 (Sherry Yang) - x86/speculation/mmio: Print SMT warning (Josh Poimboeuf) - x86/cpu: Add another Alder Lake CPU to the Intel family (Gayatri Kammela) - cpu/speculation: Add prototype for cpu_show_srbds() (Guenter Roeck) - LTS tag: v5.4.198 (Sherry Yang) - tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (Eric Dumazet) - mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) - md/raid0: Ignore RAID0 layout if the second zone has only one device (Pascal Hambourg) - powerpc/32: Fix overread/overwrite of thread_struct via ptrace (Michael Ellerman) - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (Mathias Nyman) - ixgbe: fix unexpected VLAN Rx in promisc mode on VF (Olivier Matz) - ixgbe: fix bcast packets Rx on VF after promisc removal (Olivier Matz) - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (Martin Faltesek) - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) - mmc: block: Fix CQE recovery reset success (Adrian Hunter) - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (Sergey Shtylyov) - cifs: return errors during session setup during reconnects (Shyam Prasad N) - ALSA: hda/conexant - Fix loopback issue with CX20632 (huangwenhui) - scripts/gdb: change kernel config dumping method (Kuan-Ying Lee) - vringh: Fix loop descriptors check in the indirect cases (Xie Yongji) - nodemask: Fix return values to be unsigned (Kees Cook) - cifs: version operations for smb20 unneeded when legacy support disabled (Steve French) - s390/gmap: voluntarily schedule during key setting (Christian Borntraeger) - nbd: fix io hung while disconnecting device (Yu Kuai) - nbd: fix race between nbd_alloc_config() and module removal (Yu Kuai) - nbd: call genl_unregister_family() first in nbd_cleanup() (Yu Kuai) - x86/cpu: Elide KCSAN for cpu_has() and friends (Peter Zijlstra) - modpost: fix undefined behavior of is_arm_mapping_symbol() (Masahiro Yamada) - drm/radeon: fix a possible null pointer dereference (Gong Yuanjun) - ceph: allow ceph.dir.rctime xattr to be updatable (Venky Shankar) - Revert 'net: af_key: add check for pfkey_broadcast in function pfkey_process' (Michal Kubecek) - scsi: myrb: Fix up null pointer access on myrb_cleanup() (Hannes Reinecke) - md: protect md_unregister_thread from reentrancy (Guoqing Jiang) - watchdog: wdat_wdt: Stop watchdog when rebooting the system (Liu Xinpeng) - kernfs: Separate kernfs_pr_cont_buf and rename_lock. (Hao Luo) - serial: msm_serial: disable interrupts in __msm_console_write() (John Ogness) - staging: rtl8712: fix uninit-value in r871xu_drv_init() (Wang Cheng) - staging: rtl8712: fix uninit-value in usb_read8() and friends (Wang Cheng) - clocksource/drivers/sp804: Avoid error on multiple instances (Andre Przywara) - extcon: Modify extcon device to be created after driver data is set (bumwoo lee) - misc: rtsx: set NULL intfdata when probe fails (Shuah Khan) - usb: dwc2: gadget: don't reset gadget's driver->bus (Marek Szyprowski) - USB: hcd-pci: Fully suspend across freeze/thaw cycle (Evan Green) - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (Duoming Zhou) - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (Duoming Zhou) - USB: host: isp116x: check return value after calling platform_get_resource() (Zhen Ni) - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (Duoming Zhou) - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (Duoming Zhou) - tty: Fix a possible resource leak in icom_probe (Huang Guobin) - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (Zheyu Ma) - lkdtm/usercopy: Expand size of 'out of frame' object (Kees Cook) - iio: st_sensors: Add a local lock for protecting odr (Miquel Raynal) - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (Xiaoke Wang) - drm: imx: fix compiler warning with gcc-12 (Linus Torvalds) - net: altera: Fix refcount leak in altera_tse_mdio_create (Miaoqian Lin) - ip_gre: test csum_start instead of transport header (Willem de Bruijn) - net/mlx5: fs, fail conflicting actions (Mark Bloch) - net/mlx5: Rearm the FW tracer after each tracer event (Feras Daoud) - net: ipv6: unexport __init-annotated seg6_hmac_init() (Masahiro Yamada) - net: xfrm: unexport __init-annotated xfrm4_protocol_init() (Masahiro Yamada) - net: mdio: unexport __init-annotated mdio_bus_init() (Masahiro Yamada) - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (Chuck Lever) - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman) - net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (Miaoqian Lin) - bpf, arm64: Clear prog->jited_len along prog->jited (Eric Dumazet) - af_unix: Fix a data-race in unix_dgram_peer_wake_me(). (Kuniyuki Iwashima) - xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (Masahiro Yamada) - netfilter: nf_tables: memleak flow rule from commit path (Pablo Neira Ayuso) - ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (Miaoqian Lin) - netfilter: nat: really support inet nat without l3 address (Florian Westphal) - xprtrdma: treat all calls not a bcall when bc_serv is NULL (Kinglong Mee) - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (Yang Yingliang) - NFSv4: Don't hold the layoutget locks across multiple RPC calls (Trond Myklebust) - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (Radhey Shyam Pandey) - m68knommu: fix undefined reference to _init_sp' (Greg Ungerer) - m68knommu: set ZERO_PAGE() to the allocated zeroed page (Greg Ungerer) - i2c: cadence: Increase timeout per message if necessary (Lucas Tanure) - f2fs: remove WARN_ON in f2fs_is_valid_blkaddr (Dongliang Mu) - tracing: Avoid adding tracer option before update_tracer_options (Mark-PK Tsai) - tracing: Fix sleeping function called from invalid context on RT kernel (Jun Miao) - mips: cpc: Fix refcount leak in mips_cpc_default_phys_base (Gong Yuanjun) - perf c2c: Fix sorting in percent_rmt_hitm_cmp() (Leo Yan) - tipc: check attribute length for bearer name (Hoang Le) - afs: Fix infinite loop found by xfstest generic/676 (David Howells) - tcp: tcp_rtx_synack() can be called from process context (Eric Dumazet) - net: sched: add barrier to fix packet stuck problem for lockless qdisc (Guoju Fang) - net/mlx5e: Update netdev features after changing XDP state (Maxim Mikityanskiy) - net/mlx5: Don't use already freed action pointer (Leon Romanovsky) - nfp: only report pause frame configuration for physical device (Yu Xiao) - ubi: ubi_create_volume: Fix use-after-free when volume creation failed (Zhihao Cheng) - jffs2: fix memory leak in jffs2_do_fill_super (Baokun Li) - modpost: fix removing numeric suffixes (Alexander Lobakin) - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (Miaoqian Lin) - net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (Dan Carpenter) - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (Vincent Ray) - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (Jann Horn) - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (Shengjiu Wang) - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (Miaoqian Lin) - driver core: fix deadlock in __device_attach (Zhang Wensheng) - driver: base: fix UAF when driver_attach failed (Schspa Shi) - bus: ti-sysc: Fix warnings for unbind for serial (Tony Lindgren) - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (Miaoqian Lin) - serial: stm32-usart: Correct CSIZE, bits, and parity (Ilpo Jarvinen) - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (Ilpo Jarvinen) - serial: sifive: Sanitize CSIZE and c_iflag (Ilpo Jarvinen) - serial: sh-sci: Don't allow CS5-6 (Ilpo Jarvinen) - serial: txx9: Don't allow CS5-6 (Ilpo Jarvinen) - serial: rda-uart: Don't allow CS5-6 (Ilpo Jarvinen) - serial: digicolor-usart: Don't allow CS5-6 (Ilpo Jarvinen) - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (Ilpo Jarvinen) - serial: meson: acquire port->lock in startup() (John Ogness) - rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) - clocksource/drivers/riscv: Events are stopped during CPU suspend (Samuel Holland) - soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) - coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) - serial: sifive: Report actual baud base rather than fixed 115200 (Maciej W. Rozycki) - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (Johan Hovold) - rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (Krzysztof Kozlowski) - iio: adc: sc27xx: Fine tune the scale calibration values (Cixi Geng) - iio: adc: sc27xx: fix read big scale voltage not right (Cixi Geng) - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (Miaoqian Lin) - firmware: stratix10-svc: fix a missing check on list iterator (Xiaomeng Tong) - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) - rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (Christophe JAILLET) - usb: musb: Fix missing of_node_put() in omap2430_probe (Miaoqian Lin) - USB: storage: karma: fix rio_karma_init return (Lin Ma) - usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) - usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (Sherry Sun) - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (Miaoqian Lin) - tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) - iio: adc: ad7124: Remove shift from scan_type (Alexandru Tachici) - staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (Jia-Ju Bai) - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (Jan Kara) - bfq: Make sure bfqg for which we are queueing requests is online (Jan Kara) - bfq: Get rid of __bio_blkcg() usage (Jan Kara) - bfq: Remove pointless bfq_init_rq() calls (Jan Kara) - bfq: Drop pointless unlock-lock pair (Jan Kara) - bfq: Avoid merging queues with different parents (Jan Kara) - MIPS: IP27: Remove incorrect cpu_has_fpu' override (Maciej W. Rozycki) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) - Kconfig: add config option for asm goto w/ outputs (Nick Desaulniers) - phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (Tejun Heo) - dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) - docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) - ARM: pxa: maybe fix gpio lookup tables (Arnd Bergmann) - phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) - arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) - gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - serial: pch: don't overwrite xmit->buf[0] by x_char (Jiri Slaby) - carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) - ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (Mark Brown) - rtl818x: Prevent using not initialized queues (Alexander Wetzel) - hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) - nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) - iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) - um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) - um: chan_user: Fix winch_tramp() return value (Johannes Berg) - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) - irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) - RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) - Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (Sean Christopherson) - media: coda: Add more H264 levels for CODA960 (Nicolas Dufresne) - media: coda: Fix reported H264 profile (Nicolas Dufresne) - mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) - md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) - md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) - drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (Lucas Stach) - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) - scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) - dlm: fix missing lkb refcount handling (Alexander Aring) - dlm: fix plock invalid read (Alexander Aring) - mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rei Yamamoto) - PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) - PCI: qcom: Fix runtime PM imbalance on probe errors (Johan Hovold) - PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (Bjorn Helgaas) - tracing: Fix potential double free in create_var_ref() (Keita Suzuki) - ACPI: property: Release subnode properties with data nodes (Sakari Ailus) - ext4: avoid cycles in directory h-tree (Jan Kara) - ext4: verify dir block before splitting it (Jan Kara) - ext4: fix bug_on in ext4_writepages (Ye Bin) - ext4: fix warning in ext4_handle_inode_extension (Ye Bin) - ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) - netfilter: nf_tables: disallow non-stateful expression in sets earlier (Pablo Neira Ayuso) - bfq: Track whether bfq_group is still online (Jan Kara) - bfq: Update cgroup information before merging bio (Jan Kara) - bfq: Split shared queues on move between cgroups (Jan Kara) - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (Aditya Garg) - fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages (Zhihao Cheng) - iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) - wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) - f2fs: fix fallocate to use file_modified to update permissions consistently (Chao Yu) - f2fs: don't need inode lock for system hidden quota (Jaegeuk Kim) - f2fs: fix deadloop in foreground GC (Chao Yu) - f2fs: fix to clear dirty inode in f2fs_evict_inode() (Chao Yu) - f2fs: fix to do sanity check on block address in f2fs_do_zero_range() (Chao Yu) - f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (Chao Yu) - perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) - perf c2c: Use stdio interface if slang is not supported (Leo Yan) - iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) - dmaengine: stm32-mdma: remove GISR1 register (Amelie Delaunay) - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (Trond Myklebust) - NFS: Don't report errors from nfs_pageio_complete() more than once (Trond Myklebust) - NFS: Do not report flush errors in nfs_write_end() (Trond Myklebust) - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Trond Myklebust) - i2c: at91: Initialize dma_buf in at91_twi_xfer() (Nathan Chancellor) - i2c: at91: use dma safe buffers (Michael Walle) - iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) - f2fs: fix dereference of stale list iterator after loop body (Jakob Koschel) - Input: stmfts - do not leave device disabled in stmfts_input_open (Dmitry Torokhov) - RDMA/hfi1: Prevent use of lock before it is initialized (Douglas Miller) - mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) - mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (Yang Yingliang) - powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) - macintosh: via-pmu and via-cuda need RTC_LIB (Randy Dunlap) - powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) - powerpc/64: Only WARN if __pa()/__va() called with bad addresses (Michael Ellerman) - Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) - crypto: cryptd - Protect per-CPU resource by disabling BH. (Sebastian Andrzej Siewior) - tty: fix deadlock caused by calling printk() under tty_port->lock (Qi Zheng) - PCI: imx6: Fix PERST# start-up sequence (Francesco Dolcini) - ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() (Waiman Long) - proc: fix dentry/inode overinstantiating under /proc//net (Alexey Dobriyan) - powerpc/4xx/cpm: Fix return value of __setup() handler (Randy Dunlap) - powerpc/idle: Fix return value of __setup() handler (Randy Dunlap) - powerpc/8xx: export 'cpm_setbrg' for modules (Randy Dunlap) - dax: fix cache flush on PMD-mapped pages (Muchun Song) - drivers/base/node.c: fix compaction sysfs file leak (Miaohe Lin) - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - nvdimm: Allow overwrite in the presence of disabled dimms (Dan Williams) - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (Cristian Marussi) - scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() (Gustavo A. R. Silva) - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (Lv Ruyi) - powerpc/fadump: fix PT_LOAD segment for boot memory area (Hari Bathini) - arm: mediatek: select arch timer for mt7629 (Chuanhong Guo) - crypto: marvell/cesa - ECB does not IV (Corentin Labbe) - misc: ocxl: fix possible double free in ocxl_file_register_afu (Hangyu Hua) - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (Stefan Wahren) - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (Phil Elwell) - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (Phil Elwell) - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (Phil Elwell) - can: xilinx_can: mark bit timing constants as const (Marc Kleine-Budde) - KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (Sean Christopherson) - PCI: rockchip: Fix find_first_zero_bit() limit (Dan Carpenter) - PCI: cadence: Fix find_first_zero_bit() limit (Dan Carpenter) - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (Miaoqian Lin) - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (Miaoqian Lin) - ARM: dts: suniv: F1C100: fix watchdog compatible (Andre Przywara) - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (Shawn Lin) - net/smc: postpone sk_refcnt increment in connect() (liuyacan) - rxrpc: Fix decision on when to generate an IDLE ACK (David Howells) - rxrpc: Don't let ack.previousPacket regress (David Howells) - rxrpc: Fix overlapping ACK accounting (David Howells) - rxrpc: Don't try to resend the request if we're receiving the reply (David Howells) - rxrpc: Fix listen() setting the bar too high for the prealloc rings (David Howells) - NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (Duoming Zhou) - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (Yang Yingliang) - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (Zheng Yongjun) - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (Hangyu Hua) - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (Miaoqian Lin) - ext4: reject the 'commit' option on ext2 filesystems (Eric Biggers) - media: ov7670: remove ov7670_power_off from ov7670_remove (Dongliang Mu) - sctp: read sk->sk_bound_dev_if once in sctp_rcv() (Eric Dumazet) - m68k: math-emu: Fix dependencies of math emulation support (Geert Uytterhoeven) - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (Ying Hsu) - media: vsp1: Fix offset calculation for plane cropping (Michael Rodin) - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (Pavel Skripkin) - media: exynos4-is: Change clk_disable to clk_disable_unprepare (Miaoqian Lin) - media: st-delta: Fix PM disable depth imbalance in delta_probe (Miaoqian Lin) - media: aspeed: Fix an error handling path in aspeed_video_probe() (Christophe JAILLET) - scripts/faddr2line: Fix overlapping text section failures (Josh Poimboeuf) - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (Miaoqian Lin) - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (Miaoqian Lin) - ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (Miaoqian Lin) - perf/amd/ibs: Use interrupt regs ip for stack unwinding (Ravi Bangoria) - Revert 'cpufreq: Fix possible race in cpufreq online error path' (Viresh Kumar) - iomap: iomap_write_failed fix (Andreas Gruenbacher) - media: uvcvideo: Fix missing check to determine if element is found in list (Xiaomeng Tong) - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (Dan Carpenter) - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (Jessica Zhang) - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (Jessica Zhang) - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (Zev Weiss) - x86/mm: Cleanup the control_va_addr_alignment() __setup handler (Randy Dunlap) - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (Daniel Thompson) - x86: Fix return value of __setup handlers (Randy Dunlap) - virtio_blk: fix the discard_granularity and discard_alignment queue limits (Christoph Hellwig) - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (Yang Yingliang) - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (Lv Ruyi) - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (Yang Yingliang) - drm/msm/dsi: fix error checks and return values for DSI xmit functions (Dmitry Baryshkov) - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (Vinod Polimera) - perf tools: Add missing headers needed by util/data.h (Yang Jihong) - ASoC: rk3328: fix disabling mclk on pclk probe failure (Nicolas Frattaroli) - x86/speculation: Add missing prototype for unpriv_ebpf_notify() (Josh Poimboeuf) - x86/pm: Fix false positive kmemleak report in msr_build_context() (Matthieu Baerts) - scsi: ufs: core: Exclude UECxx from SFR dump list (Kiwoong Kim) - of: overlay: do not break notify on NOTIFY_{OK|STOP} (Nuno Sa) - fsnotify: fix wrong lockdep annotations (Amir Goldstein) - inotify: show inotify mask flags in proc fdinfo (Amir Goldstein) - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (Dan Carpenter) - cpufreq: Fix possible race in cpufreq online error path (Schspa Shi) - spi: img-spfi: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) - sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (Chengming Zhou) - drm/bridge: Fix error handling in analogix_dp_probe (Miaoqian Lin) - HID: elan: Fix potential double free in elan_input_configured (Miaoqian Lin) - HID: hid-led: fix maximum brightness for Dream Cheeky (Jonathan Teh) - drbd: fix duplicate array initializer (Arnd Bergmann) - efi: Add missing prototype for efi_capsule_setup_info (Jan Kiszka) - NFC: NULL out the dev->rfkill to prevent UAF (Lin Ma) - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (Miaoqian Lin) - drm: mali-dp: potential dereference of null pointer (Jiasheng Jiang) - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (Zhou Qingyang) - nl80211: show SSID for P2P_GO interfaces (Johannes Berg) - bpf: Fix excessive memory allocation in stack_map_alloc() (Yuntao Wang) - drm/vc4: txp: Force alpha to be 0xff if it's disabled (Maxime Ripard) - drm/vc4: txp: Don't set TXP_VSTART_AT_EOF (Maxime Ripard) - drm/mediatek: Fix mtk_cec_mask() (Miles Chen) - x86/delay: Fix the wrong asm constraint in delay_loop() (Ammar Faizi) - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (Miaoqian Lin) - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (Miaoqian Lin) - drm/bridge: adv7511: clean up CEC adapter when probe fails (Lucas Stach) - drm/edid: fix invalid EDID extension block filtering (Jani Nikula) - ath9k: fix ar9003_get_eepmisc (Wenli Looi) - drm: fix EDID struct for old ARM OABI format (Linus Torvalds) - RDMA/hfi1: Prevent panic when SDMA is disabled (Douglas Miller) - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (Peng Wu) - macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled (Finn Thain) - powerpc/powernv: fix missing of_node_put in uv_init() (Lv Ruyi) - powerpc/xics: fix refcount leak in icp_opal_init() (Lv Ruyi) - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Vasily Averin) - PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (Yicong Yang) - ARM: hisi: Add missing of_node_put after of_find_compatible_node (Peng Wu) - ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (Krzysztof Kozlowski) - ARM: versatile: Add missing of_node_put in dcscb_init (Peng Wu) - fat: add ratelimit to fat*_ent_bread() (OGAWA Hirofumi) - powerpc/fadump: Fix fadump to work with a different endian capture kernel (Hari Bathini) - ARM: OMAP1: clock: Fix UART rate reporting algorithm (Janusz Krzysztofik) - fs: jfs: fix possible NULL pointer dereference in dbFree() (Zixuan Fu) - PM / devfreq: rk3399_dmc: Disable edev on remove() (Brian Norris) - ARM: dts: ox820: align interrupt controller node name with dtschema (Krzysztof Kozlowski) - IB/rdmavt: add missing locks in rvt_ruc_loopback (Niels Dossche) - selftests/bpf: fix btf_dump/btf_dump due to recent clang change (Yonghong Song) - eth: tg3: silence the GCC 12 array-bounds warning (Jakub Kicinski) - rxrpc: Return an error to sendmsg if call failed (David Howells) - hwmon: Make chip parameter for with_info API mandatory (Guenter Roeck) - ASoC: max98357a: remove dependency on GPIOLIB (Pierre-Louis Bossart) - media: exynos4-is: Fix compile warning (Kwanghoon Son) - net: phy: micrel: Allow probing without .driver_data (Fabio Estevam) - nbd: Fix hung on disconnect request if socket is closed before (Xie Yongji) - ASoC: rt5645: Fix errorenous cleanup order (Lin Ma) - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (Smith, Kyle Miller (Nimble Kernel)) - openrisc: start CPU timer early in boot (Jason A. Donenfeld) - media: cec-adap.c: fix is_configuring state (Hans Verkuil) - media: coda: limit frame interval enumeration to supported encoder frame sizes (Philipp Zabel) - rtlwifi: Use pr_warn instead of WARN_ONCE (Dongliang Mu) - ipmi: Fix pr_fmt to avoid compilation issues (Corey Minyard) - ipmi:ssif: Check for NULL msg when handling events and messages (Corey Minyard) - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (Mario Limonciello) - dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (Mikulas Patocka) - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (Patrice Chotard) - s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES (Heiko Carstens) - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (Charles Keepax) - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (Dongliang Mu) - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (Alice Wong) - mlxsw: spectrum_dcb: Do not warn about priority changes (Petr Machata) - ASoC: dapm: Don't fold register value changes into notifications (Mark Brown) - net/mlx5: fs, delete the FTE when there are no rules attached to it (Mark Bloch) - ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL (jianghaoran) - drm: msm: fix error check return value of irq_of_parse_and_map() (Lv Ruyi) - arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (Alexandru Elisei) - drm/amd/pm: fix the compile warning (Evan Quan) - drm/plane: Move range check for format_count earlier (Steven Price) - scsi: megaraid: Fix error check return value of register_chrdev() (Lv Ruyi) - mmc: jz4740: Apply DMA engine limits to maximum segment size (Aidan MacDonald) - md/bitmap: don't set sb values if can't pass sanity check (Heming Zhao) - media: cx25821: Fix the warning when removing the module (Zheyu Ma) - media: pci: cx23885: Fix the error handling in cx23885_initdev() (Zheyu Ma) - media: venus: hfi: avoid null dereference in deinit (Luca Weiss) - ath9k: fix QCA9561 PA bias level (Thibaut VAReNE) - drm/amd/pm: fix double free in si_parse_power_table() (Keita Suzuki) - tools/power turbostat: fix ICX DRAM power numbers (Len Brown) - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (Biju Das) - ALSA: jack: Access input_dev under mutex (Amadeusz Siawinski) - drm/komeda: return early if drm_universal_plane_init() fails. (Liviu Dudau) - ACPICA: Avoid cache flush inside virtual machines (Kirill A. Shutemov) - fbcon: Consistently protect deferred_takeover with console_lock() (Daniel Vetter) - ipv6: fix locking issues with loops over idev->addr_list (Niels Dossche) - ipw2x00: Fix potential NULL dereference in libipw_xmit() (Haowen Bai) - b43: Fix assigning negative value to unsigned variable (Haowen Bai) - b43legacy: Fix assigning negative value to unsigned variable (Haowen Bai) - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (Niels Dossche) - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (Liu Zixian) - btrfs: repair super block num_devices automatically (Qu Wenruo) - btrfs: add '0x' prefix for unsupported optional features (Qu Wenruo) - ptrace: Reimplement PTRACE_KILL by always sending SIGKILL (Eric W. Biederman) - ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP (Eric W. Biederman) - ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP (Eric W. Biederman) - perf/x86/intel: Fix event constraints for ICL (Kan Liang) - usb: core: hcd: Add support for deferring roothub registration (Kishon Vijay Abraham I) - USB: new quirk for Dell Gen 2 devices (Monish Kumar R) - USB: serial: option: add Quectel BG95 modem (Carl Yin) - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (Marios Levogiannis) - binfmt_flat: do not stop relocating GOT entries prematurely on riscv (Niklas Cassel) - LTS tag: v5.4.197 (Sherry Yang) - bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes (Liu Jian) - NFSD: Fix possible sleep during nfsd4_release_lockowner() (Chuck Lever) - NFS: Memory allocation failures are not server fatal errors (Trond Myklebust) - docs: submitting-patches: Fix crossref to 'The canonical patch format' (Akira Yokosawa) - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (Xiu Jianfeng) - tpm: Fix buffer access in tpm2_get_tpm_pt() (Stefan Mahnke-Hartmann) - HID: multitouch: Add support for Google Whiskers Touchpad (Marek Maslanka) - raid5: introduce MD_BROKEN (Mariusz Tkaczyk) - dm verity: set DM_TARGET_IMMUTABLE feature flag (Sarthak Kukreti) - dm stats: add cond_resched when looping over entries (Mikulas Patocka) - dm crypt: make printing of the key constant-time (Mikulas Patocka) - dm integrity: fix error code in dm_integrity_ctr() (Dan Carpenter) - zsmalloc: fix races between asynchronous zspage free and page migration (Sultan Alsawaf) - crypto: ecrdsa - Fix incorrect use of vli_cmp (Vitaly Chikunov) - netfilter: conntrack: re-fetch conntrack after insertion (Florian Westphal) - exec: Force single empty string when argv is empty (Kees Cook) - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (Gustavo A. R. Silva) - cfg80211: set custom regdomain after wiphy registration (Miri Korenblit) - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (Mika Westerberg) - net: ftgmac100: Disable hardware checksum on AST2600 (Joel Stanley) - net: af_key: check encryption module availability consistency (Thomas Bartschies) - pinctrl: sunxi: fix f1c100s uart2 function (IotaHydrae) - ACPI: sysfs: Fix BERT error region memory mapping (Lorenzo Pieralisi) - ACPI: sysfs: Make sparse happy about address space in use (Andy Shevchenko) - media: vim2m: initialize the media device earlier (Hans Verkuil) - media: vim2m: Register video device after setting up internals (Sakari Ailus) - secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) - tcp: change source port randomizarion at connect() time (Eric Dumazet) - Input: goodix - fix spurious key release events (Dmitry Mastykin) - staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov (Oracle)) - x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (Thomas Gleixner) [5.4.17-2136.310.1] - intel_idle: Fix max_cstate for processor models without C-state tables (Chen Yu) [Orabug: 34081688] - intel_idle: add core C6 optimization for SPR (Artem Bityutskiy) [Orabug: 34081688] - intel_idle: add 'preferred_cstates' module argument (Artem Bityutskiy) [Orabug: 34081688] - intel_idle: add SPR support (Artem Bityutskiy) [Orabug: 34081688] - intel_idle: Adjust the SKX C6 parameters if PC6 is disabled (Chen Yu) [Orabug: 34081688] - intel_idle: Clean up kerneldoc comments for multiple functions (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Add __initdata annotations to init time variables (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Relocate definitions of cpuidle callbacks (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Clean up definitions of cpuidle callbacks (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Simplify LAPIC timer reliability checks (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Introduce 'states_off' module parameter (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Introduce 'use_acpi' module parameter (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Clean up irtl_2_usec() (Rafael J. Wysocki) [Orabug: 34081688] - Documentation: admin-guide: PM: Add intel_idle document (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Move 3 functions closer to their callers (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Annotate initialization code and data structures (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Move and clean up intel_idle_cpuidle_devices_uninit() (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Rearrange intel_idle_cpuidle_driver_init() (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Fold intel_idle_probe() into intel_idle_init() (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Eliminate __setup_broadcast_timer() (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Add module parameter to prevent ACPI _CST from being used (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Allow ACPI _CST to be used for selected known processors (Rafael J. Wysocki) [Orabug: 34081688] - cpuidle: Allow idle states to be disabled by default (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Use ACPI _CST for processor models without C-state tables (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Refactor intel_idle_cpuidle_driver_init() (Rafael J. Wysocki) [Orabug: 34081688] - cpuidle: Drop disabled field from struct cpuidle_state (Thomas Tai) [Orabug: 34081688] - cpuidle: Consolidate disabled state checks (Rafael J. Wysocki) [Orabug: 34081688] - Revert 'intel_idle: Use ACPI _CST for processor models without C-state tables' (Thomas Tai) [Orabug: 34081688] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21505 CVE-2022-23816 CVE-2022-2153 CVE-2022-2588 CVE-2022-29901 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 Oracle Linux 8 r[ 5.4.17-2136.310.7] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480880] {CVE-2022-2588} - x86/spec_ctrl: limit IBRS_FW to retpoline only (Ankur Arora) [Orabug: 34450896] - x86/bugs: display dynamic retbleed state (Ankur Arora) [Orabug: 34450896] - x86/bugs: remove incorrect __init/__ro_after_init annotations (Ankur Arora) [Orabug: 34455621] [5.4.17-2136.310.6] - SUNRPC: Fix READ_PLUS crasher (Chuck Lever) - Revert 'hwmon: Make chip parameter for with_info API mandatory' (Greg Kroah-Hartman) [Orabug: 34423806] - ext4: make variable 'count' signed (Ding Xiang) - faddr2line: Fix overlapping text section failures, the sequel (Josh Poimboeuf) [5.4.17-2136.310.5] - arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - KVM: emulate: do not adjust size of fastop and setcc subroutines (Paolo Bonzini) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Thadeu Lima de Souza Cascardo) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt (Alexandre Chartre) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Disable RRSBA behavior (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/exec: Disable RET on kexec (Konrad Rzeszutek Wilk) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Add Cannon lake to RETBleed affected CPU list (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/common: Stamp out the stepping madness (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - KVM/VMX: Use TEST %REG,%REG instead of CMP /u03/ksharma/errata_processing/work/el7uek6/db_7uek6.ELSA-2022-9710,%REG in vmenter.S (Uros Bizjak) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw (Uros Bizjak) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Add entry UNRET validation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - kbuild/objtool: Add objtool-vmlinux.o pass (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Add retbleed=ibpb (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/xen: Rename SYS* entry points (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Update Retpoline validation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - intel_idle: Disable IBRS during long idle (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/entry: Add kernel IBRS implementation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Report AMD retbleed vulnerability (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86: Add magic AMD return-thunk (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/vmlinux: Use INT3 instead of NOP for linker fill bytes (Kees Cook) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/realmode: build with __DISABLE_EXPORTS (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86: Use return-thunk in asm code (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/sev: Avoid using __x86_return_thunk (Kim Phillips) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/bpf: Alternative RET encoding (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/ftrace: Alternative RET encoding (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86,objtool: Create .return_sites (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/mm: elide references to .discard.* from .return_sites (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86: Undo return-thunk damage (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/retpoline: Use -mfunction-return (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/alternative: Support not-feature (Juergen Gross) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/features: Move RETPOLINE flags to word 11 (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86: Add straight-line-speculation mitigation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86: Prepare asm files for straight-line-speculation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/lib/atomic64_386_32: Rename things (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Add straight-line-speculation validation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Classify symbols (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Create reloc sections implicitly (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Add elf_create_reloc() helper (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Rework the elf_rebuild_reloc_section() logic (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Handle per arch retpoline naming (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Correctly handle retpoline thunk calls (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Support retpoline jump detection for vmlinux.o (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Add 'alt_group' struct (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Clean up elf_write() condition (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Add support for relocations without addends (Matt Helsley) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Rename rela to reloc (Matt Helsley) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: optimize add_dead_ends for split sections (Sami Tolvanen) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Move the IRET hack into the arch decoder (Miroslav Benes) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Rename elf_read() to elf_open_read() (Ingo Molnar) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Constify 'struct elf *' parameters (Ingo Molnar) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Optimize !vmlinux.o again (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Better handle IRET (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - x86/unwind_hints: define unwind_hint_save, unwind_hint_restore (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Add abstraction for destination offsets (Raphael Gault) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Fix off-by-one in symbol_by_offset() (Julien Thierry) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Optimize find_rela_by_dest_range() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Optimize read_sections() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Optimize find_symbol_by_name() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Rename find_containing_func() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Optimize find_symbol_*() and read_symbols() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Optimize find_section_by_name() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Optimize find_section_by_index() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Add a statistics mode (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Optimize find_symbol_by_index() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Rename func_for_each_insn_all() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Rename func_for_each_insn() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Introduce validate_return() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Improve call destination function detection (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Fix clang switch table edge case (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Add relocation check for alternative sections (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} - objtool: Add is_static_jump() helper (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816} [5.4.17-2136.310.4] - lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34400675] {CVE-2022-21505} - bnxt_en: Use page frag RX buffers for better software GRO performance (Jakub Kicinski) [Orabug: 34083551] - bnxt_en: enable interrupt sampling on 5750X for DIM (Andy Gospodarek) [Orabug: 34083551] - bnxt_en: Add event handler for PAUSE Storm event (Somnath Kotur) [Orabug: 34083551] - bnxt_en: reject indirect blk offload when hw-tc-offload is off (Sriharsha Basavapatna) [Orabug: 34083551] - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (Edwin Peer) [Orabug: 34083551] - bnxt_en: Fix error recovery regression (Michael Chan) [Orabug: 34083551] - bnxt_en: Fix possible unintended driver initiated error recovery (Michael Chan) [Orabug: 34083551] - bnxt: count discards due to memory allocation errors (Jakub Kicinski) [Orabug: 34083551] - bnxt: count packets discarded because of netpoll (Jakub Kicinski) [Orabug: 34083551] - ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364337] - ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364337] - net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34371884] [5.4.17-2136.310.3] - RDS/IB: Fix RDS IB SRQ implementation and tune it (Hans Westgaard Ry) [Orabug: 31899472] - RDS/IB: Introduce bit_flag routines with memory-barrier for bit flags (Hans Westgaard Ry) [Orabug: 31899472] - xfs: don't fail unwritten extent conversion on writeback due to edquot (Darrick J. Wong) [Orabug: 33786167] - mm/page_alloc: reuse tail struct pages for compound devmaps (Joao Martins) [Orabug: 34314763] - mm/sparse-vmemmap: improve memory savings for compound devmaps (Joao Martins) [Orabug: 34314763] - mm/sparse-vmemmap: refactor core of vmemmap_populate_basepages() to helper (Joao Martins) [Orabug: 34314763] - mm/sparse-vmemmap: add a pgmap argument to section activation (Joao Martins) [Orabug: 34314763] - memory-failure: fetch compound_head after pgmap_pfn_valid() (Joao Martins) [Orabug: 34314763] - device-dax: compound devmap support (Joao Martins) [Orabug: 34314763] - device-dax: factor out page mapping initialization (Joao Martins) [Orabug: 34314763] - device-dax: ensure dev_dax->pgmap is valid for dynamic devices (Joao Martins) [Orabug: 34314763] - device-dax: use struct_size() (Joao Martins) [Orabug: 34314763] - device-dax: use ALIGN() for determining pgoff (Joao Martins) [Orabug: 34314763] - mm/memremap: add ZONE_DEVICE support for compound pages (Joao Martins) [Orabug: 34314763] - mm/page_alloc: refactor memmap_init_zone_device() page init (Joao Martins) [Orabug: 34314763] - mm/page_alloc: split prep_compound_page into head and tail subparts (Joao Martins) [Orabug: 34314763] - RDMA/umem: batch page unpin in __ib_umem_release() (Joao Martins) [Orabug: 34314763] - mm/gup: add a range variant of unpin_user_pages_dirty_lock() (Joao Martins) [Orabug: 34314763] - KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug: 34323859] {CVE-2022-2153} - KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (Vitaly Kuznetsov) [Orabug: 34323859] {CVE-2022-2153} - KVM: Add infrastructure and macro to mark VM as bugged (Sean Christopherson) [Orabug: 34323859] {CVE-2022-2153} - rds: ib: Qualify RNR Retry Timer check with firmware version (Freddy Carrillo) [Orabug: 34330922] - x86/boot/compressed/64: Disable 5-level page tables on AMD (Boris Ostrovsky) [Orabug: 34366382] [5.4.17-2136.310.2] - LTS tag: v5.4.199 (Sherry Yang) - x86/speculation/mmio: Print SMT warning (Josh Poimboeuf) - x86/cpu: Add another Alder Lake CPU to the Intel family (Gayatri Kammela) - cpu/speculation: Add prototype for cpu_show_srbds() (Guenter Roeck) - LTS tag: v5.4.198 (Sherry Yang) - tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (Eric Dumazet) - mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) - md/raid0: Ignore RAID0 layout if the second zone has only one device (Pascal Hambourg) - powerpc/32: Fix overread/overwrite of thread_struct via ptrace (Michael Ellerman) - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (Mathias Nyman) - ixgbe: fix unexpected VLAN Rx in promisc mode on VF (Olivier Matz) - ixgbe: fix bcast packets Rx on VF after promisc removal (Olivier Matz) - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (Martin Faltesek) - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) - mmc: block: Fix CQE recovery reset success (Adrian Hunter) - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (Sergey Shtylyov) - cifs: return errors during session setup during reconnects (Shyam Prasad N) - ALSA: hda/conexant - Fix loopback issue with CX20632 (huangwenhui) - scripts/gdb: change kernel config dumping method (Kuan-Ying Lee) - vringh: Fix loop descriptors check in the indirect cases (Xie Yongji) - nodemask: Fix return values to be unsigned (Kees Cook) - cifs: version operations for smb20 unneeded when legacy support disabled (Steve French) - s390/gmap: voluntarily schedule during key setting (Christian Borntraeger) - nbd: fix io hung while disconnecting device (Yu Kuai) - nbd: fix race between nbd_alloc_config() and module removal (Yu Kuai) - nbd: call genl_unregister_family() first in nbd_cleanup() (Yu Kuai) - x86/cpu: Elide KCSAN for cpu_has() and friends (Peter Zijlstra) - modpost: fix undefined behavior of is_arm_mapping_symbol() (Masahiro Yamada) - drm/radeon: fix a possible null pointer dereference (Gong Yuanjun) - ceph: allow ceph.dir.rctime xattr to be updatable (Venky Shankar) - Revert 'net: af_key: add check for pfkey_broadcast in function pfkey_process' (Michal Kubecek) - scsi: myrb: Fix up null pointer access on myrb_cleanup() (Hannes Reinecke) - md: protect md_unregister_thread from reentrancy (Guoqing Jiang) - watchdog: wdat_wdt: Stop watchdog when rebooting the system (Liu Xinpeng) - kernfs: Separate kernfs_pr_cont_buf and rename_lock. (Hao Luo) - serial: msm_serial: disable interrupts in __msm_console_write() (John Ogness) - staging: rtl8712: fix uninit-value in r871xu_drv_init() (Wang Cheng) - staging: rtl8712: fix uninit-value in usb_read8() and friends (Wang Cheng) - clocksource/drivers/sp804: Avoid error on multiple instances (Andre Przywara) - extcon: Modify extcon device to be created after driver data is set (bumwoo lee) - misc: rtsx: set NULL intfdata when probe fails (Shuah Khan) - usb: dwc2: gadget: don't reset gadget's driver->bus (Marek Szyprowski) - USB: hcd-pci: Fully suspend across freeze/thaw cycle (Evan Green) - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (Duoming Zhou) - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (Duoming Zhou) - USB: host: isp116x: check return value after calling platform_get_resource() (Zhen Ni) - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (Duoming Zhou) - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (Duoming Zhou) - tty: Fix a possible resource leak in icom_probe (Huang Guobin) - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (Zheyu Ma) - lkdtm/usercopy: Expand size of 'out of frame' object (Kees Cook) - iio: st_sensors: Add a local lock for protecting odr (Miquel Raynal) - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (Xiaoke Wang) - drm: imx: fix compiler warning with gcc-12 (Linus Torvalds) - net: altera: Fix refcount leak in altera_tse_mdio_create (Miaoqian Lin) - ip_gre: test csum_start instead of transport header (Willem de Bruijn) - net/mlx5: fs, fail conflicting actions (Mark Bloch) - net/mlx5: Rearm the FW tracer after each tracer event (Feras Daoud) - net: ipv6: unexport __init-annotated seg6_hmac_init() (Masahiro Yamada) - net: xfrm: unexport __init-annotated xfrm4_protocol_init() (Masahiro Yamada) - net: mdio: unexport __init-annotated mdio_bus_init() (Masahiro Yamada) - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (Chuck Lever) - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman) - net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (Miaoqian Lin) - bpf, arm64: Clear prog->jited_len along prog->jited (Eric Dumazet) - af_unix: Fix a data-race in unix_dgram_peer_wake_me(). (Kuniyuki Iwashima) - xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (Masahiro Yamada) - netfilter: nf_tables: memleak flow rule from commit path (Pablo Neira Ayuso) - ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (Miaoqian Lin) - netfilter: nat: really support inet nat without l3 address (Florian Westphal) - xprtrdma: treat all calls not a bcall when bc_serv is NULL (Kinglong Mee) - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (Yang Yingliang) - NFSv4: Don't hold the layoutget locks across multiple RPC calls (Trond Myklebust) - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (Radhey Shyam Pandey) - m68knommu: fix undefined reference to _init_sp' (Greg Ungerer) - m68knommu: set ZERO_PAGE() to the allocated zeroed page (Greg Ungerer) - i2c: cadence: Increase timeout per message if necessary (Lucas Tanure) - f2fs: remove WARN_ON in f2fs_is_valid_blkaddr (Dongliang Mu) - tracing: Avoid adding tracer option before update_tracer_options (Mark-PK Tsai) - tracing: Fix sleeping function called from invalid context on RT kernel (Jun Miao) - mips: cpc: Fix refcount leak in mips_cpc_default_phys_base (Gong Yuanjun) - perf c2c: Fix sorting in percent_rmt_hitm_cmp() (Leo Yan) - tipc: check attribute length for bearer name (Hoang Le) - afs: Fix infinite loop found by xfstest generic/676 (David Howells) - tcp: tcp_rtx_synack() can be called from process context (Eric Dumazet) - net: sched: add barrier to fix packet stuck problem for lockless qdisc (Guoju Fang) - net/mlx5e: Update netdev features after changing XDP state (Maxim Mikityanskiy) - net/mlx5: Don't use already freed action pointer (Leon Romanovsky) - nfp: only report pause frame configuration for physical device (Yu Xiao) - ubi: ubi_create_volume: Fix use-after-free when volume creation failed (Zhihao Cheng) - jffs2: fix memory leak in jffs2_do_fill_super (Baokun Li) - modpost: fix removing numeric suffixes (Alexander Lobakin) - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (Miaoqian Lin) - net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (Dan Carpenter) - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (Vincent Ray) - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (Jann Horn) - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (Shengjiu Wang) - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (Miaoqian Lin) - driver core: fix deadlock in __device_attach (Zhang Wensheng) - driver: base: fix UAF when driver_attach failed (Schspa Shi) - bus: ti-sysc: Fix warnings for unbind for serial (Tony Lindgren) - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (Miaoqian Lin) - serial: stm32-usart: Correct CSIZE, bits, and parity (Ilpo Jarvinen) - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (Ilpo Jarvinen) - serial: sifive: Sanitize CSIZE and c_iflag (Ilpo Jarvinen) - serial: sh-sci: Don't allow CS5-6 (Ilpo Jarvinen) - serial: txx9: Don't allow CS5-6 (Ilpo Jarvinen) - serial: rda-uart: Don't allow CS5-6 (Ilpo Jarvinen) - serial: digicolor-usart: Don't allow CS5-6 (Ilpo Jarvinen) - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (Ilpo Jarvinen) - serial: meson: acquire port->lock in startup() (John Ogness) - rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) - clocksource/drivers/riscv: Events are stopped during CPU suspend (Samuel Holland) - soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) - coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) - serial: sifive: Report actual baud base rather than fixed 115200 (Maciej W. Rozycki) - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (Johan Hovold) - rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (Krzysztof Kozlowski) - iio: adc: sc27xx: Fine tune the scale calibration values (Cixi Geng) - iio: adc: sc27xx: fix read big scale voltage not right (Cixi Geng) - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (Miaoqian Lin) - firmware: stratix10-svc: fix a missing check on list iterator (Xiaomeng Tong) - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) - rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (Christophe JAILLET) - usb: musb: Fix missing of_node_put() in omap2430_probe (Miaoqian Lin) - USB: storage: karma: fix rio_karma_init return (Lin Ma) - usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) - usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (Sherry Sun) - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (Miaoqian Lin) - tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) - iio: adc: ad7124: Remove shift from scan_type (Alexandru Tachici) - staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (Jia-Ju Bai) - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (Jan Kara) - bfq: Make sure bfqg for which we are queueing requests is online (Jan Kara) - bfq: Get rid of __bio_blkcg() usage (Jan Kara) - bfq: Remove pointless bfq_init_rq() calls (Jan Kara) - bfq: Drop pointless unlock-lock pair (Jan Kara) - bfq: Avoid merging queues with different parents (Jan Kara) - MIPS: IP27: Remove incorrect cpu_has_fpu' override (Maciej W. Rozycki) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) - Kconfig: add config option for asm goto w/ outputs (Nick Desaulniers) - phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (Tejun Heo) - dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) - docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) - ARM: pxa: maybe fix gpio lookup tables (Arnd Bergmann) - phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) - arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) - gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - serial: pch: don't overwrite xmit->buf[0] by x_char (Jiri Slaby) - carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) - ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (Mark Brown) - rtl818x: Prevent using not initialized queues (Alexander Wetzel) - hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) - nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) - iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) - um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) - um: chan_user: Fix winch_tramp() return value (Johannes Berg) - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) - irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) - RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) - Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (Sean Christopherson) - media: coda: Add more H264 levels for CODA960 (Nicolas Dufresne) - media: coda: Fix reported H264 profile (Nicolas Dufresne) - mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) - md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) - md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) - drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (Lucas Stach) - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) - scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) - dlm: fix missing lkb refcount handling (Alexander Aring) - dlm: fix plock invalid read (Alexander Aring) - mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rei Yamamoto) - PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) - PCI: qcom: Fix runtime PM imbalance on probe errors (Johan Hovold) - PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (Bjorn Helgaas) - tracing: Fix potential double free in create_var_ref() (Keita Suzuki) - ACPI: property: Release subnode properties with data nodes (Sakari Ailus) - ext4: avoid cycles in directory h-tree (Jan Kara) - ext4: verify dir block before splitting it (Jan Kara) - ext4: fix bug_on in ext4_writepages (Ye Bin) - ext4: fix warning in ext4_handle_inode_extension (Ye Bin) - ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) - netfilter: nf_tables: disallow non-stateful expression in sets earlier (Pablo Neira Ayuso) - bfq: Track whether bfq_group is still online (Jan Kara) - bfq: Update cgroup information before merging bio (Jan Kara) - bfq: Split shared queues on move between cgroups (Jan Kara) - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (Aditya Garg) - fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages (Zhihao Cheng) - iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) - wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) - f2fs: fix fallocate to use file_modified to update permissions consistently (Chao Yu) - f2fs: don't need inode lock for system hidden quota (Jaegeuk Kim) - f2fs: fix deadloop in foreground GC (Chao Yu) - f2fs: fix to clear dirty inode in f2fs_evict_inode() (Chao Yu) - f2fs: fix to do sanity check on block address in f2fs_do_zero_range() (Chao Yu) - f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (Chao Yu) - perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) - perf c2c: Use stdio interface if slang is not supported (Leo Yan) - iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) - dmaengine: stm32-mdma: remove GISR1 register (Amelie Delaunay) - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (Trond Myklebust) - NFS: Don't report errors from nfs_pageio_complete() more than once (Trond Myklebust) - NFS: Do not report flush errors in nfs_write_end() (Trond Myklebust) - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Trond Myklebust) - i2c: at91: Initialize dma_buf in at91_twi_xfer() (Nathan Chancellor) - i2c: at91: use dma safe buffers (Michael Walle) - iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) - f2fs: fix dereference of stale list iterator after loop body (Jakob Koschel) - Input: stmfts - do not leave device disabled in stmfts_input_open (Dmitry Torokhov) - RDMA/hfi1: Prevent use of lock before it is initialized (Douglas Miller) - mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) - mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (Yang Yingliang) - powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) - macintosh: via-pmu and via-cuda need RTC_LIB (Randy Dunlap) - powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) - powerpc/64: Only WARN if __pa()/__va() called with bad addresses (Michael Ellerman) - Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) - crypto: cryptd - Protect per-CPU resource by disabling BH. (Sebastian Andrzej Siewior) - tty: fix deadlock caused by calling printk() under tty_port->lock (Qi Zheng) - PCI: imx6: Fix PERST# start-up sequence (Francesco Dolcini) - ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() (Waiman Long) - proc: fix dentry/inode overinstantiating under /proc//net (Alexey Dobriyan) - powerpc/4xx/cpm: Fix return value of __setup() handler (Randy Dunlap) - powerpc/idle: Fix return value of __setup() handler (Randy Dunlap) - powerpc/8xx: export 'cpm_setbrg' for modules (Randy Dunlap) - dax: fix cache flush on PMD-mapped pages (Muchun Song) - drivers/base/node.c: fix compaction sysfs file leak (Miaohe Lin) - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - nvdimm: Allow overwrite in the presence of disabled dimms (Dan Williams) - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (Cristian Marussi) - scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() (Gustavo A. R. Silva) - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (Lv Ruyi) - powerpc/fadump: fix PT_LOAD segment for boot memory area (Hari Bathini) - arm: mediatek: select arch timer for mt7629 (Chuanhong Guo) - crypto: marvell/cesa - ECB does not IV (Corentin Labbe) - misc: ocxl: fix possible double free in ocxl_file_register_afu (Hangyu Hua) - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (Stefan Wahren) - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (Phil Elwell) - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (Phil Elwell) - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (Phil Elwell) - can: xilinx_can: mark bit timing constants as const (Marc Kleine-Budde) - KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (Sean Christopherson) - PCI: rockchip: Fix find_first_zero_bit() limit (Dan Carpenter) - PCI: cadence: Fix find_first_zero_bit() limit (Dan Carpenter) - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (Miaoqian Lin) - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (Miaoqian Lin) - ARM: dts: suniv: F1C100: fix watchdog compatible (Andre Przywara) - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (Shawn Lin) - net/smc: postpone sk_refcnt increment in connect() (liuyacan) - rxrpc: Fix decision on when to generate an IDLE ACK (David Howells) - rxrpc: Don't let ack.previousPacket regress (David Howells) - rxrpc: Fix overlapping ACK accounting (David Howells) - rxrpc: Don't try to resend the request if we're receiving the reply (David Howells) - rxrpc: Fix listen() setting the bar too high for the prealloc rings (David Howells) - NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (Duoming Zhou) - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (Yang Yingliang) - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (Zheng Yongjun) - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (Hangyu Hua) - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (Miaoqian Lin) - ext4: reject the 'commit' option on ext2 filesystems (Eric Biggers) - media: ov7670: remove ov7670_power_off from ov7670_remove (Dongliang Mu) - sctp: read sk->sk_bound_dev_if once in sctp_rcv() (Eric Dumazet) - m68k: math-emu: Fix dependencies of math emulation support (Geert Uytterhoeven) - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (Ying Hsu) - media: vsp1: Fix offset calculation for plane cropping (Michael Rodin) - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (Pavel Skripkin) - media: exynos4-is: Change clk_disable to clk_disable_unprepare (Miaoqian Lin) - media: st-delta: Fix PM disable depth imbalance in delta_probe (Miaoqian Lin) - media: aspeed: Fix an error handling path in aspeed_video_probe() (Christophe JAILLET) - scripts/faddr2line: Fix overlapping text section failures (Josh Poimboeuf) - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (Miaoqian Lin) - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (Miaoqian Lin) - ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (Miaoqian Lin) - perf/amd/ibs: Use interrupt regs ip for stack unwinding (Ravi Bangoria) - Revert 'cpufreq: Fix possible race in cpufreq online error path' (Viresh Kumar) - iomap: iomap_write_failed fix (Andreas Gruenbacher) - media: uvcvideo: Fix missing check to determine if element is found in list (Xiaomeng Tong) - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (Dan Carpenter) - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (Jessica Zhang) - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (Jessica Zhang) - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (Zev Weiss) - x86/mm: Cleanup the control_va_addr_alignment() __setup handler (Randy Dunlap) - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (Daniel Thompson) - x86: Fix return value of __setup handlers (Randy Dunlap) - virtio_blk: fix the discard_granularity and discard_alignment queue limits (Christoph Hellwig) - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (Yang Yingliang) - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (Lv Ruyi) - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (Yang Yingliang) - drm/msm/dsi: fix error checks and return values for DSI xmit functions (Dmitry Baryshkov) - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (Vinod Polimera) - perf tools: Add missing headers needed by util/data.h (Yang Jihong) - ASoC: rk3328: fix disabling mclk on pclk probe failure (Nicolas Frattaroli) - x86/speculation: Add missing prototype for unpriv_ebpf_notify() (Josh Poimboeuf) - x86/pm: Fix false positive kmemleak report in msr_build_context() (Matthieu Baerts) - scsi: ufs: core: Exclude UECxx from SFR dump list (Kiwoong Kim) - of: overlay: do not break notify on NOTIFY_{OK|STOP} (Nuno Sa) - fsnotify: fix wrong lockdep annotations (Amir Goldstein) - inotify: show inotify mask flags in proc fdinfo (Amir Goldstein) - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (Dan Carpenter) - cpufreq: Fix possible race in cpufreq online error path (Schspa Shi) - spi: img-spfi: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) - sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (Chengming Zhou) - drm/bridge: Fix error handling in analogix_dp_probe (Miaoqian Lin) - HID: elan: Fix potential double free in elan_input_configured (Miaoqian Lin) - HID: hid-led: fix maximum brightness for Dream Cheeky (Jonathan Teh) - drbd: fix duplicate array initializer (Arnd Bergmann) - efi: Add missing prototype for efi_capsule_setup_info (Jan Kiszka) - NFC: NULL out the dev->rfkill to prevent UAF (Lin Ma) - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (Miaoqian Lin) - drm: mali-dp: potential dereference of null pointer (Jiasheng Jiang) - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (Zhou Qingyang) - nl80211: show SSID for P2P_GO interfaces (Johannes Berg) - bpf: Fix excessive memory allocation in stack_map_alloc() (Yuntao Wang) - drm/vc4: txp: Force alpha to be 0xff if it's disabled (Maxime Ripard) - drm/vc4: txp: Don't set TXP_VSTART_AT_EOF (Maxime Ripard) - drm/mediatek: Fix mtk_cec_mask() (Miles Chen) - x86/delay: Fix the wrong asm constraint in delay_loop() (Ammar Faizi) - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (Miaoqian Lin) - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (Miaoqian Lin) - drm/bridge: adv7511: clean up CEC adapter when probe fails (Lucas Stach) - drm/edid: fix invalid EDID extension block filtering (Jani Nikula) - ath9k: fix ar9003_get_eepmisc (Wenli Looi) - drm: fix EDID struct for old ARM OABI format (Linus Torvalds) - RDMA/hfi1: Prevent panic when SDMA is disabled (Douglas Miller) - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (Peng Wu) - macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled (Finn Thain) - powerpc/powernv: fix missing of_node_put in uv_init() (Lv Ruyi) - powerpc/xics: fix refcount leak in icp_opal_init() (Lv Ruyi) - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Vasily Averin) - PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (Yicong Yang) - ARM: hisi: Add missing of_node_put after of_find_compatible_node (Peng Wu) - ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (Krzysztof Kozlowski) - ARM: versatile: Add missing of_node_put in dcscb_init (Peng Wu) - fat: add ratelimit to fat*_ent_bread() (OGAWA Hirofumi) - powerpc/fadump: Fix fadump to work with a different endian capture kernel (Hari Bathini) - ARM: OMAP1: clock: Fix UART rate reporting algorithm (Janusz Krzysztofik) - fs: jfs: fix possible NULL pointer dereference in dbFree() (Zixuan Fu) - PM / devfreq: rk3399_dmc: Disable edev on remove() (Brian Norris) - ARM: dts: ox820: align interrupt controller node name with dtschema (Krzysztof Kozlowski) - IB/rdmavt: add missing locks in rvt_ruc_loopback (Niels Dossche) - selftests/bpf: fix btf_dump/btf_dump due to recent clang change (Yonghong Song) - eth: tg3: silence the GCC 12 array-bounds warning (Jakub Kicinski) - rxrpc: Return an error to sendmsg if call failed (David Howells) - hwmon: Make chip parameter for with_info API mandatory (Guenter Roeck) - ASoC: max98357a: remove dependency on GPIOLIB (Pierre-Louis Bossart) - media: exynos4-is: Fix compile warning (Kwanghoon Son) - net: phy: micrel: Allow probing without .driver_data (Fabio Estevam) - nbd: Fix hung on disconnect request if socket is closed before (Xie Yongji) - ASoC: rt5645: Fix errorenous cleanup order (Lin Ma) - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (Smith, Kyle Miller (Nimble Kernel)) - openrisc: start CPU timer early in boot (Jason A. Donenfeld) - media: cec-adap.c: fix is_configuring state (Hans Verkuil) - media: coda: limit frame interval enumeration to supported encoder frame sizes (Philipp Zabel) - rtlwifi: Use pr_warn instead of WARN_ONCE (Dongliang Mu) - ipmi: Fix pr_fmt to avoid compilation issues (Corey Minyard) - ipmi:ssif: Check for NULL msg when handling events and messages (Corey Minyard) - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (Mario Limonciello) - dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (Mikulas Patocka) - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (Patrice Chotard) - s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES (Heiko Carstens) - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (Charles Keepax) - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (Dongliang Mu) - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (Alice Wong) - mlxsw: spectrum_dcb: Do not warn about priority changes (Petr Machata) - ASoC: dapm: Don't fold register value changes into notifications (Mark Brown) - net/mlx5: fs, delete the FTE when there are no rules attached to it (Mark Bloch) - ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL (jianghaoran) - drm: msm: fix error check return value of irq_of_parse_and_map() (Lv Ruyi) - arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (Alexandru Elisei) - drm/amd/pm: fix the compile warning (Evan Quan) - drm/plane: Move range check for format_count earlier (Steven Price) - scsi: megaraid: Fix error check return value of register_chrdev() (Lv Ruyi) - mmc: jz4740: Apply DMA engine limits to maximum segment size (Aidan MacDonald) - md/bitmap: don't set sb values if can't pass sanity check (Heming Zhao) - media: cx25821: Fix the warning when removing the module (Zheyu Ma) - media: pci: cx23885: Fix the error handling in cx23885_initdev() (Zheyu Ma) - media: venus: hfi: avoid null dereference in deinit (Luca Weiss) - ath9k: fix QCA9561 PA bias level (Thibaut VAReNE) - drm/amd/pm: fix double free in si_parse_power_table() (Keita Suzuki) - tools/power turbostat: fix ICX DRAM power numbers (Len Brown) - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (Biju Das) - ALSA: jack: Access input_dev under mutex (Amadeusz Siawinski) - drm/komeda: return early if drm_universal_plane_init() fails. (Liviu Dudau) - ACPICA: Avoid cache flush inside virtual machines (Kirill A. Shutemov) - fbcon: Consistently protect deferred_takeover with console_lock() (Daniel Vetter) - ipv6: fix locking issues with loops over idev->addr_list (Niels Dossche) - ipw2x00: Fix potential NULL dereference in libipw_xmit() (Haowen Bai) - b43: Fix assigning negative value to unsigned variable (Haowen Bai) - b43legacy: Fix assigning negative value to unsigned variable (Haowen Bai) - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (Niels Dossche) - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (Liu Zixian) - btrfs: repair super block num_devices automatically (Qu Wenruo) - btrfs: add '0x' prefix for unsupported optional features (Qu Wenruo) - ptrace: Reimplement PTRACE_KILL by always sending SIGKILL (Eric W. Biederman) - ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP (Eric W. Biederman) - ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP (Eric W. Biederman) - perf/x86/intel: Fix event constraints for ICL (Kan Liang) - usb: core: hcd: Add support for deferring roothub registration (Kishon Vijay Abraham I) - USB: new quirk for Dell Gen 2 devices (Monish Kumar R) - USB: serial: option: add Quectel BG95 modem (Carl Yin) - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (Marios Levogiannis) - binfmt_flat: do not stop relocating GOT entries prematurely on riscv (Niklas Cassel) - LTS tag: v5.4.197 (Sherry Yang) - bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes (Liu Jian) - NFSD: Fix possible sleep during nfsd4_release_lockowner() (Chuck Lever) - NFS: Memory allocation failures are not server fatal errors (Trond Myklebust) - docs: submitting-patches: Fix crossref to 'The canonical patch format' (Akira Yokosawa) - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (Xiu Jianfeng) - tpm: Fix buffer access in tpm2_get_tpm_pt() (Stefan Mahnke-Hartmann) - HID: multitouch: Add support for Google Whiskers Touchpad (Marek Maslanka) - raid5: introduce MD_BROKEN (Mariusz Tkaczyk) - dm verity: set DM_TARGET_IMMUTABLE feature flag (Sarthak Kukreti) - dm stats: add cond_resched when looping over entries (Mikulas Patocka) - dm crypt: make printing of the key constant-time (Mikulas Patocka) - dm integrity: fix error code in dm_integrity_ctr() (Dan Carpenter) - zsmalloc: fix races between asynchronous zspage free and page migration (Sultan Alsawaf) - crypto: ecrdsa - Fix incorrect use of vli_cmp (Vitaly Chikunov) - netfilter: conntrack: re-fetch conntrack after insertion (Florian Westphal) - exec: Force single empty string when argv is empty (Kees Cook) - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (Gustavo A. R. Silva) - cfg80211: set custom regdomain after wiphy registration (Miri Korenblit) - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (Mika Westerberg) - net: ftgmac100: Disable hardware checksum on AST2600 (Joel Stanley) - net: af_key: check encryption module availability consistency (Thomas Bartschies) - pinctrl: sunxi: fix f1c100s uart2 function (IotaHydrae) - ACPI: sysfs: Fix BERT error region memory mapping (Lorenzo Pieralisi) - ACPI: sysfs: Make sparse happy about address space in use (Andy Shevchenko) - media: vim2m: initialize the media device earlier (Hans Verkuil) - media: vim2m: Register video device after setting up internals (Sakari Ailus) - secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) - tcp: change source port randomizarion at connect() time (Eric Dumazet) - Input: goodix - fix spurious key release events (Dmitry Mastykin) - staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov (Oracle)) - x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (Thomas Gleixner) [5.4.17-2136.310.1] - intel_idle: Fix max_cstate for processor models without C-state tables (Chen Yu) [Orabug: 34081688] - intel_idle: add core C6 optimization for SPR (Artem Bityutskiy) [Orabug: 34081688] - intel_idle: add 'preferred_cstates' module argument (Artem Bityutskiy) [Orabug: 34081688] - intel_idle: add SPR support (Artem Bityutskiy) [Orabug: 34081688] - intel_idle: Adjust the SKX C6 parameters if PC6 is disabled (Chen Yu) [Orabug: 34081688] - intel_idle: Clean up kerneldoc comments for multiple functions (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Add __initdata annotations to init time variables (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Relocate definitions of cpuidle callbacks (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Clean up definitions of cpuidle callbacks (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Simplify LAPIC timer reliability checks (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Introduce 'states_off' module parameter (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Introduce 'use_acpi' module parameter (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Clean up irtl_2_usec() (Rafael J. Wysocki) [Orabug: 34081688] - Documentation: admin-guide: PM: Add intel_idle document (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Move 3 functions closer to their callers (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Annotate initialization code and data structures (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Move and clean up intel_idle_cpuidle_devices_uninit() (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Rearrange intel_idle_cpuidle_driver_init() (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Fold intel_idle_probe() into intel_idle_init() (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Eliminate __setup_broadcast_timer() (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Add module parameter to prevent ACPI _CST from being used (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Allow ACPI _CST to be used for selected known processors (Rafael J. Wysocki) [Orabug: 34081688] - cpuidle: Allow idle states to be disabled by default (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Use ACPI _CST for processor models without C-state tables (Rafael J. Wysocki) [Orabug: 34081688] - intel_idle: Refactor intel_idle_cpuidle_driver_init() (Rafael J. Wysocki) [Orabug: 34081688] - cpuidle: Drop disabled field from struct cpuidle_state (Thomas Tai) [Orabug: 34081688] - cpuidle: Consolidate disabled state checks (Rafael J. Wysocki) [Orabug: 34081688] - Revert 'intel_idle: Use ACPI _CST for processor models without C-state tables' (Thomas Tai) [Orabug: 34081688] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2588 CVE-2022-2153 CVE-2022-29901 CVE-2022-21505 CVE-2022-23816 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 6 [2.2.15-69.0.5] - handle large writes in ap_rputs [CVE-2022-28614][Orabug: 34317854] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-28614 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 7 [1.21.7-2] - Addresses CVE-2022-1708 [1.21.7-1] - Added Oracle Specifile Files for cri-o IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1708 cpe:/a:oracle:linux:7::olcne14 Oracle Linux 8 [1.21.7-2] - Addresses CVE-2022-1708 [1.21.7-1] - Added Oracle Specifile Files for cri-o IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1708 cpe:/a:oracle:linux:8::olcne14 Oracle Linux 7 [1.22.5-1] - Addresses CVE-2022-1708 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1708 cpe:/a:oracle:linux:7::olcne15 Oracle Linux 8 [1.22.5-1] - Addresses CVE-2022-1708 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1708 cpe:/a:oracle:linux:8::olcne15 Oracle Linux 8 Oracle Linux 9 [5.15.0-1.43.4.2] - rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 33981854] {CVE-2022-21385} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21385 cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.310.7.1] - rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 33981855] {CVE-2022-21385} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21385 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 [4.14.35-2047.516.2.1] - rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 33981856] {CVE-2022-21385} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21385 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [5.15.0-1.43.4.2] - rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 33981854] {CVE-2022-21385} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21385 cpe:/a:oracle:linux:8::UEKR7 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.310.7.1] - rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 33981855] {CVE-2022-21385} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21385 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 [4.14.35-2047.516.2.1] - rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 33981856] {CVE-2022-21385} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21385 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 9 [3.0.1-41.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-41] - Zeroize public keys as required by FIPS 140-3 Resolves: rhbz#2115861 - Add FIPS indicator for HKDF Resolves: rhbz#2118388 [1:3.0.1-40] - Deal with DH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2115856 - Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2115857 - Use signature for RSA pairwise test according FIPS-140-3 requirements Related: rhbz#2115858 - Reseed all the parent DRBGs in chain on reseeding a DRBG Related: rhbz#2115859 - Zeroization according to FIPS-140-3 requirements Related: rhbz#2115861 [1:3.0.1-39] - Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test - Use Use digest_sign & digest_verify in FIPS signature self test - Use FFDHE2048 in Diffie-Hellman FIPS self-test Resolves: rhbz#2112978 [1:3.0.1-38] - Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously initialized. Resolves: rhbz#2107530 - Improve AES-GCM performance on Power9 and Power10 ppc64le Resolves: rhbz#2103044 - Improve ChaCha20 performance on Power10 ppc64le Resolves: rhbz#2103044 [1:3.0.1-37] - CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 [1:3.0.1-36] - Ciphersuites with RSAPSK KX should be filterd in FIPS mode - Related: rhbz#2091994 - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available if key length is enough - Related: rhbz#2091977 - Improve diagnostics when passing unsupported groups in TLS - Related: rhbz#2086554 - Fix PPC64 Montgomery multiplication bug - Related: rhbz#2101346 - Strict certificates validation shouldn't allow explicit EC parameters - Related: rhbz#2085521 - CVE-2022-2068: the c_rehash script allows command injection - Related: rhbz#2098276 [1:3.0.1-35] - Add explicit indicators for signatures in FIPS mode and mark signature primitives as unapproved. Resolves: rhbz#2087234 [1:3.0.1-34] - Some OpenSSL test certificates are expired, updating - Resolves: rhbz#2095696 [1:3.0.1-33] - CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory - Resolves: rhbz#2089443 - CVE-2022-1343 openssl: Signer certificate verification returned inaccurate response when using OCSP_NOCHECKS - Resolves: rhbz#2089439 - CVE-2022-1292 openssl: c_rehash script allows command injection - Resolves: rhbz#2090361 - Revert 'Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode' Related: rhbz#2087234 - Use KAT for ECDSA signature tests, s390 arch - Resolves: rhbz#2086866 [1:3.0.1-32] - openssl ecparam -list_curves lists only FIPS-approved curves in FIPS mode - Resolves: rhbz#2091929 - Ciphersuites with RSA KX should be filterd in FIPS mode - Related: rhbz#2091994 - In FIPS mode, signature verification works with keys of arbitrary size above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys below 2048 bits - Resolves: rhbz#2091938 [1:3.0.1-31] - Disable SHA-1 signature verification in FIPS mode - Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode Resolves: rhbz#2087234 [1:3.0.1-30] - Use KAT for ECDSA signature tests - Resolves: rhbz#2086866 [1:3.0.1-29] - -config argument of openssl app should work properly in FIPS mode - Resolves: rhbz#2085500 - openssl req defaults on PKCS#8 encryption changed to AES-256-CBC - Resolves: rhbz#2085499 [1:3.0.1-28] - OpenSSL should not accept custom elliptic curve parameters - Resolves rhbz#2085508 - OpenSSL should not accept explicit curve parameters in FIPS mode - Resolves rhbz#2085521 [1:3.0.1-27] - Change FIPS module version to include hash of specfile, patches and sources Resolves: rhbz#2082585 [1:3.0.1-26] - OpenSSL FIPS module should not build in non-approved algorithms Resolves: rhbz#2082584 [1:3.0.1-25] - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available - Resolves: rhbz#2053289 [1:3.0.1-24] - Fix occasional internal error in TLS when DHE is used Resolves: rhbz#2080323 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2068 CVE-2022-2097 CVE-2022-1473 CVE-2022-1292 CVE-2022-1343 cpe:/a:oracle:linux:9::userspace_ksplice Oracle Linux 9 [0.11.1-10.el9_0.2] - Fixed ruby socket permissions - Resolves: rhbz#2116839 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2735 cpe:/a:oracle:linux:9::addons Oracle Linux 8 [0.10.12-6.0.1.el8_6.2] - Replace HAM-logo.png with a generic one [0.10.12-6.el8_6.2] - Fixed ruby socket permissions - Resolves: rhbz#2116837 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2735 cpe:/a:oracle:linux:8::addons Oracle Linux 6 Oracle Linux 7 [4.1.12-124.66.3] - fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) [Orabug: 33981149] {CVE-2022-1011} - vt: drop old FONT ioctls (Jiri Slaby) [Orabug: 34408794] {CVE-2021-33656} - video: of_display_timing.h: include errno.h (Hsin-Yi Wang) [Orabug: 34408910] {CVE-2021-33655} - fbcon: Disallow setting font bigger than screen size (Helge Deller) [Orabug: 34408910] {CVE-2021-33655} - scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419974] {CVE-2022-21546} - scsi/eh: fix hang adding ehandler wakeups after decrementing host_busy (Gulam Mohamed) [Orabug: 33349684] [Orabug: 34492498] [4.1.12-124.66.2] - mm: enforce min addr even if capable() in expand_downwards() (Jann Horn) [Orabug: 29501997] {CVE-2019-9213} - ACPICA: Reference Counts: increase max to 0x4000 for large servers (Erik Schmauss) - ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516} - ipv4: Cache net in ip_build_and_send_pkt and ip_queue_xmit (Eric W. Biederman) [Orabug: 33917058] {CVE-2020-36516} - ipv4: igmp: guard against silly MTU values (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516} - inet: constify ip_dont_fragment() arguments (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516} - ip: constify ip_build_and_send_pkt() socket argument (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516} - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (Eric Biggers) [Orabug: 34433461] {CVE-2020-36557} - vt: vt_ioctl: fix race in VT_RESIZEX (Eric Dumazet) [Orabug: 34433476] {CVE-2020-36558} - VT_RESIZEX: get rid of field-by-field copyin (Al Viro) [Orabug: 34433476] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460939] [Orabug: 34484730] {CVE-2022-2588} [4.1.12-124.66.1] - net: fix uninit-value in __hw_addr_add_ex() (Eric Dumazet) [Orabug: 34395887] - mac80211: silence an uninitialized variable warning (Dan Carpenter) [Orabug: 34396283] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1011 CVE-2020-36558 CVE-2020-36516 CVE-2022-2588 CVE-2021-33655 CVE-2021-33656 CVE-2022-21546 CVE-2020-36557 CVE-2019-9213 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 8 istio [1.13.7-1] - Added Oracle specific files for 1.13.7-1 olcne [1.5.5-1] - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 [1.5.4-3] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over [1.5.4-2] - Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227 [1.5.4-1] - Upgrade Kubernetes to 1.23.7 [1.5.3-1] - Address qemu CVE-2022-26353, CVE-2021-3748 [1.5.2-1] - Excluded unnecessary directories from k8s backup files [1.5.1-1] - Fixed the bug in fetching node metadata for non-cloud nodes [1.5.0-2] - Upgrade Helm to 3.7.1-2 [1.5.0-2] - fix null pointer exception in systemd service state validation [1.5.0-1] - Introduce support for compact Kubernetes clusters - Introduce MetalLB - Introduce Oracle Cloud Infrastructure Cloud Controller Manager - Improved log messages in Platform API Server and Platform Agent - Upgrade Kubernetes to 1.22.8 - Upgrade Istio to 1.13.2 - Renamed the oci-csi module to oci-ccm [1.5.0-20.alpha] - Update istio-1.13.2 grafana to 7.5.15 [1.5.0-14.alpha] - Metallb fix [1.5.0-11.alpha] - Remove module directories when olcne rpm is uninstalled [1.5.0-10.alpha] - OCI CCM 0.13.0 [1.5.0-9.alpha] - Reworked log messages [1.5.0-8.alpha] - Update Istio to 1.13.2(prometheus-2.31.1, grafana-8.4.6) [1.5.0-7.alpha] - Update Istio to 1.12.6(prometheus-2.30.1, grafana-7.5.15) [1.5.0-6.alpha] - Update to k8s 1.22 with golang 1.17 [1.5.0-5.alpha] - Update internal docs for oci-ccm module [1.5.0-4.alpha] - Extend oci-ccm module to support load balancer [1.5.0-3.alpha] - Firewall pre-req [1.5.0-2.alpha] - Ensure that config map settings needed by metallb is preserved during k8s upgrade [1.5.0-1.alpha] - Metallb module [1.4.1-14] - Added 1.4 extra images to registry-image-helper.sh script [1.4.1-13] - Update sudoers file and changed its permissions to '0440' [1.4.1-12] - Update olcne-kubernetes.md file for 'compact' flag [1.4.1-11] - Ensure that the order of items in an upgraded config file is stable with respect to the original file [1.4.1-10] - Ensure that old olcnectl config files are upgraded [1.4.1-9] - Rename oci-csi module to oci-ccm and add support for oci-ccm loadbalancer creation [1.4.1-8] - Make 'compact' flag updatable [1.4.1-7] - Introduce 'compact' that enables control-plane nodes to run any workloads [1.4.1-6] - Ability to label 1 or more kubernetes nodes [1.4.1-5] - Fixed a bug where specifying a port in the container-registry argument to the Kubernetes module would result in pods not being able to start. [1.4.1-4] - Update helm to 3.7.1 [1.4.1-3] - Update versions to Istio-1.12.2, prometheus-2.31.1 and grafana-7.5.11 [1.4.1-2] - Allow loadbalancer to be configured regardless of security list mode [1.4.0-4] - Fix bug in initialising certs manager when environment name not mentioned [1.4.0-3] - Fix bug in fetching report for multi-environment [1.4.0-2] - Pause image is 3.4.1 [1.4.0-1] - CSI plugin - Reports feature - Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade - Istio-1.9.4 to Istio-1.11.4 upgrade - Component upgrades - Config file feature [1.3.0-13] - Fix iptables issue when running on OL7 host using OL8 image [1.3.0-12] - Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007 [1.3.0-11] - Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282] [1.3.0-10] - Fixed missing double semicolon in registry image helper [1.3.0-9] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31045 cpe:/a:oracle:linux:8::olcne14 cpe:/a:oracle:linux:8::olcne15 Oracle Linux 7 istio [1.13.7-1] - Added Oracle specific files for 1.13.7-1 olcne [1.5.5-1] - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 [1.5.4-3] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over [1.5.4-2] - Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227 [1.5.4-1] - Upgrade Kubernetes to 1.23.7 [1.5.3-1] - Address qemu CVE-2022-26353, CVE-2021-3748 [1.5.2-1] - Excluded unnecessary directories from k8s backup files [1.5.1-1] - Fixed the bug in fetching node metadata for non-cloud nodes [1.5.0-2] - Upgrade Helm to 3.7.1-2 [1.5.0-2] - fix null pointer exception in systemd service state validation [1.5.0-1] - Introduce support for compact Kubernetes clusters - Introduce MetalLB - Introduce Oracle Cloud Infrastructure Cloud Controller Manager - Improved log messages in Platform API Server and Platform Agent - Upgrade Kubernetes to 1.22.8 - Upgrade Istio to 1.13.2 - Renamed the oci-csi module to oci-ccm [1.5.0-20.alpha] - Update istio-1.13.2 grafana to 7.5.15 [1.5.0-14.alpha] - Metallb fix [1.5.0-11.alpha] - Remove module directories when olcne rpm is uninstalled [1.5.0-10.alpha] - OCI CCM 0.13.0 [1.5.0-9.alpha] - Reworked log messages [1.5.0-8.alpha] - Update Istio to 1.13.2(prometheus-2.31.1, grafana-8.4.6) [1.5.0-7.alpha] - Update Istio to 1.12.6(prometheus-2.30.1, grafana-7.5.15) [1.5.0-6.alpha] - Update to k8s 1.22 with golang 1.17 [1.5.0-5.alpha] - Update internal docs for oci-ccm module [1.5.0-4.alpha] - Extend oci-ccm module to support load balancer [1.5.0-3.alpha] - Firewall pre-req [1.5.0-2.alpha] - Ensure that config map settings needed by metallb is preserved during k8s upgrade [1.5.0-1.alpha] - Metallb module [1.4.1-14] - Added 1.4 extra images to registry-image-helper.sh script [1.4.1-13] - Update sudoers file and changed its permissions to '0440' [1.4.1-12] - Update olcne-kubernetes.md file for 'compact' flag [1.4.1-11] - Ensure that the order of items in an upgraded config file is stable with respect to the original file [1.4.1-10] - Ensure that old olcnectl config files are upgraded [1.4.1-9] - Rename oci-csi module to oci-ccm and add support for oci-ccm loadbalancer creation [1.4.1-8] - Make 'compact' flag updatable [1.4.1-7] - Introduce 'compact' that enables control-plane nodes to run any workloads [1.4.1-6] - Ability to label 1 or more kubernetes nodes [1.4.1-5] - Fixed a bug where specifying a port in the container-registry argument to the Kubernetes module would result in pods not being able to start. [1.4.1-4] - Update helm to 3.7.1 [1.4.1-3] - Update versions to Istio-1.12.2, prometheus-2.31.1 and grafana-7.5.11 [1.4.1-2] - Allow loadbalancer to be configured regardless of security list mode [1.4.0-4] - Fix bug in initialising certs manager when environment name not mentioned [1.4.0-3] - Fix bug in fetching report for multi-environment [1.4.0-2] - Pause image is 3.4.1 [1.4.0-1] - CSI plugin - Reports feature - Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade - Istio-1.9.4 to Istio-1.11.4 upgrade - Component upgrades - Config file feature [1.3.0-13] - Fix iptables issue when running on OL7 host using OL8 image [1.3.0-12] - Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007 [1.3.0-11] - Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282] [1.3.0-10] - Fixed missing double semicolon in registry image helper [1.3.0-9] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31045 cpe:/a:oracle:linux:7::olcne15 cpe:/a:oracle:linux:7::olcne14 Oracle Linux 8 istio [1.13.7-1] - Added Oracle specific files for 1.13.7-1 olcne [1.4.7-1] - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 [1.4.6-2] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over - Update gen-certs-helper script to skip printing olcne_transfer_script execution - Cleanup grpc connection when node not found and use substr method in case fqdn used for hostname [1.4.6-1] - Adress Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227 [1.4.5-1] - Address qemu CVE-2022-26353, CVE-2021-3748 [1.4.4-1] - Excluded unnecessary directories from k8s backup files [1.4.3-1] - Update Istio to 1.13.2 [1.4.2-1] - Added 1.4 extra images to registry-image-helper.sh script [1.4.1-4] - Ensure that the order of items in an upgraded config file is stable with respect to the original file - Ensure that old olcnectl config files are upgraded [1.4.1-3] - Fixed a bug where specifying a port in the container-registry argument to the Kubernetes module would result in pods not being able to start. [1.4.1-2] - Allow loadbalancer to be configured regardless of security list mode [1.4.1-1] - Fix bug in initialising certs manager when environment name not mentioned [1.4.0-3] - Fix bug in fetching report for multi-environment [1.4.0-2] - Pause image is 3.4.1 [1.4.0-1] - CSI plugin - Reports feature - Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade - Istio-1.9.4 to Istio-1.11.4 upgrade - Component upgrades - Config file feature [1.3.0-13] - Fix iptables issue when running on OL7 host using OL8 image [1.3.0-12] - Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007 [1.3.0-11] - Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282] [1.3.0-10] - Fixed missing double semicolon in registry image helper [1.3.0-9] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31045 cpe:/a:oracle:linux:8::olcne14 cpe:/a:oracle:linux:8::olcne15 Oracle Linux 7 istio [1.13.7-1] - Added Oracle specific files for 1.13.7-1 olcne [1.4.7-1] - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 [1.4.6-2] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over - Update gen-certs-helper script to skip printing olcne_transfer_script execution - Cleanup grpc connection when node not found and use substr method in case fqdn used for hostname [1.4.6-1] - Adress Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227 [1.4.5-1] - Address qemu CVE-2022-26353, CVE-2021-3748 [1.4.4-1] - Excluded unnecessary directories from k8s backup files [1.4.3-1] - Update Istio to 1.13.2 [1.4.2-1] - Added 1.4 extra images to registry-image-helper.sh script [1.4.1-4] - Ensure that the order of items in an upgraded config file is stable with respect to the original file - Ensure that old olcnectl config files are upgraded [1.4.1-3] - Fixed a bug where specifying a port in the container-registry argument to the Kubernetes module would result in pods not being able to start. [1.4.1-2] - Allow loadbalancer to be configured regardless of security list mode [1.4.1-1] - Fix bug in initialising certs manager when environment name not mentioned [1.4.0-3] - Fix bug in fetching report for multi-environment [1.4.0-2] - Pause image is 3.4.1 [1.4.0-1] - CSI plugin - Reports feature - Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade - Istio-1.9.4 to Istio-1.11.4 upgrade - Component upgrades - Config file feature [1.3.0-13] - Fix iptables issue when running on OL7 host using OL8 image [1.3.0-12] - Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007 [1.3.0-11] - Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282] [1.3.0-10] - Fixed missing double semicolon in registry image helper [1.3.0-9] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31045 cpe:/a:oracle:linux:7::olcne15 cpe:/a:oracle:linux:7::olcne14 Oracle Linux 6 [2.6.32-754.35.1.0.6.OL6] [[:digit]o_epoll_ctl(): clean the failure exits up a bit (Marc Zyngier) {CVE-2020-0466} [Orabug: 34086960] - epoll: Keep a reference on files added to the check list (Al Viro) {CVE-2020-0466} [Orabug: 34086960] - fix regression in 'epoll: Keep a reference on files added to the check list (Al Viro) {CVE-2021-1048} [Orabug: 34086960] - net: split out functions related to registering inflight socket files (Jens Axboe) [Orabug: 34086960] - af_unix: fix garbage collect vs MSG_PEEK (Miklos Szeredi) {CVE-2021-0920} [Orabug: 34086960] - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) {CVE-2021-4155} [Orabug: 34086960] - cgroup-v1: Require capabilities to set release_agent (Waiman Long) {CVE-2022-0492} [Orabug: 34086960] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0492 CVE-2020-0466 CVE-2021-0920 CVE-2021-4155 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 rsyslog [5.8.10-12.0.2] - Back port fix for heap-based overflow in TCP syslog server - Resolves CVE-2022-24903 [Orabug: 34226447] rsyslog7 [7.4.10-7.0.1] - Back port fix for heap-based overflow in TCP syslog server - Resolves CVE-2022-24903 [Orabug: 34226447] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-24903 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:linux:6:10:ELS cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 Oracle Linux 7 [4.14.35-2047.517.3] - KVM: x86: use raw clock values consistently (Paolo Bonzini) [Orabug: 34575637] - KVM: x86: reorganize pvclock_gtod_data members (Paolo Bonzini) [Orabug: 34575637] - KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [Orabug: 34575637] [4.14.35-2047.517.2] - kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476942] - kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476942] - kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476942] - kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476942] - kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476942] - rds/ib: handle posted ACK during connection shutdown (Rohit Nair) [Orabug: 34465810] - rds/ib: reap tx completions during connection shutdown (Rohit Nair) [Orabug: 34465810] - scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419972] {CVE-2022-21546} - rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414240] - rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34510858] {CVE-2022-21385} [4.14.35-2047.517.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480752] {CVE-2022-2588} - Restore 'module, async: async_synchronize_full() on module init iff async is used' (Mridula Shastry) [Orabug: 34469834] - net/rds: Replace #ifdef DEBUG with CONFIG_SLUB_DEBUG (Freddy Carrillo) [Orabug: 34405766] - ext4: Move to shared i_rwsem even without dioread_nolock mount opt (Ritesh Harjani) [Orabug: 34295843] - ext4: Start with shared i_rwsem in case of DIO instead of exclusive (Ritesh Harjani) [Orabug: 34295843] - ext4: further refactoring bufferio and dio helper (Junxiao Bi) [Orabug: 34295843] - ext4: refactor ext4_file_write_iter (Junxiao Bi) [Orabug: 34295843] - xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34211118] - xen/manage: revert 'xen/manage: enable C_A_D to force reboot' (Dongli Zhang) [Orabug: 34211118] - Linux 4.14.288 (Greg Kroah-Hartman) - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (Miaoqian Lin) - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (Miaoqian Lin) - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (Michael Walle) - ida: don't use BUG_ON() for debugging (Linus Torvalds) - i2c: cadence: Unregister the clk notifier in error path (Satish Nagireddy) - pinctrl: sunxi: a83t: Fix NAND function name for some pins (Samuel Holland) - xfs: remove incorrect ASSERT in xfs_rename (Eric Sandeen) - powerpc/powernv: delay rng platform device creation until later in boot (Jason A. Donenfeld) - video: of_display_timing.h: include errno.h (Hsin-Yi Wang) - fbcon: Disallow setting font bigger than screen size (Helge Deller) - iommu/vt-d: Fix PCI bus rescan device hot add (Yian Chen) - net: rose: fix UAF bug caused by rose_t0timer_expiry (Duoming Zhou) - usbnet: fix memory leak in error case (Oliver Neukum) - can: gs_usb: gs_usb_open/close(): fix memory leak (Rhett Aultman) - can: grcan: grcan_probe(): remove extra of_node_get() (Liang He) - mm/slub: add missing TID updates on slab deactivation (Jann Horn) - esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) - Linux 4.14.287 (Greg Kroah-Hartman) - xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) - net: usb: qmi_wwan: add Telit 0x1070 composition (Daniele Palmas) - net: usb: qmi_wwan: add Telit 0x1060 composition (Carlo Lobrano) - xen/arm: Fix race in RB-tree based P2M accounting (Oleksandr Tyshchenko) - net: Rename and export copy_skb_header (Ilya Lesokhin) - ipv6/sit: fix ipip6_tunnel_get_prl return value (katrinzhou) - sit: use min (kernel test robot) - hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (Yang Yingliang) - NFC: nxp-nci: Don't issue a zero length i2c_master_read() (Michael Walle) - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - net: bonding: fix use-after-free after 802.3ad slave unbind (Yevhen Orlov) - net: bonding: fix possible NULL deref in rlb code (Eric Dumazet) - netfilter: nft_dynset: restore set element counter when failing to update (Pablo Neira Ayuso) - caif_virtio: fix race between virtio_device_ready() and ndo_open() (Jason Wang) - net: ipv6: unexport __init-annotated seg6_hmac_net_init() (YueHaibing) - usbnet: fix memory allocation in helpers (Oliver Neukum) - RDMA/qedr: Fix reporting QP timeout attribute (Kamal Heib) - net: usb: ax88179_178a: Fix packet receiving (Jose Alonso) - net: rose: fix UAF bugs caused by timer handler (Duoming Zhou) - SUNRPC: Fix READ_PLUS crasher (Chuck Lever) - s390/archrandom: simplify back to earlier design and initialize earlier (Jason A. Donenfeld) - dm raid: fix KASAN warning in raid5_add_disks (Mikulas Patocka) - dm raid: fix accesses beyond end of raid member array (Heinz Mauelshagen) - nvdimm: Fix badblocks clear off-by-one error (Chris Ye) - Linux 4.14.286 (Greg Kroah-Hartman) - swiotlb: skip swiotlb_bounce when orig_addr is zero (Liu Shixin) - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) - fdt: Update CRC check for rng-seed (Hsin-Yi Wang) - xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (Masahiro Yamada) - drm: remove drm_fb_helper_modinit (Christoph Hellwig) - powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) - modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) - ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) - ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) - ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) - ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) - powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) - powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) - xtensa: Fix refcount leak bug in time.c (Liang He) - xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) - iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) - iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) - iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) - iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) - usb: chipidea: udc: check request status before setting device address (Xu Yang) - iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) - igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) - MIPS: Remove repetitive increase irq_err_count (huhai) - x86/xen: Remove undefined behavior in setup_features() (Julien Grall) - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) - USB: serial: option: add Quectel RM500K module support (Macpaul Lin) - USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) - USB: serial: option: add Telit LE910Cx 0x1250 composition (Carlo Lobrano) - random: quiet urandom warning ratelimit suppression message (Jason A. Donenfeld) - dm era: commit metadata in postsuspend after worker stops (Nikos Tsironis) - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (Edward Wu) - random: schedule mix_interrupt_randomness() less often (Jason A. Donenfeld) - vt: drop old FONT ioctls (Jiri Slaby) - Linux 4.14.285 (Greg Kroah-Hartman) - tcp: drop the hash_32() part from the index calculation (Willy Tarreau) - tcp: increase source port perturb table to 2^16 (Willy Tarreau) - tcp: dynamically allocate the perturb table used by source ports (Willy Tarreau) - tcp: add small random increments to the source port (Willy Tarreau) - tcp: use different parts of the port_offset for index and offset (Willy Tarreau) - tcp: add some entropy in __inet_hash_connect() (Eric Dumazet) - xprtrdma: fix incorrect header size calculations (Colin Ian King) - usb: gadget: u_ether: fix regression in setting fixed MAC address (Marian Postevca) - s390/mm: use non-quiescing sske for KVM switch to keyed guest (Christian Borntraeger) - virtio-pci: Remove wrong address verification in vp_del_vqs() (Murilo Opsfelder Araujo) - ext4: add reserved GDT blocks check (Zhang Yi) - ext4: make variable 'count' signed (Ding Xiang) - ext4: fix bug_on ext4_mb_use_inode_pa (Baokun Li) - serial: 8250: Store to lsr_save_flags after lsr read (Ilpo Jarvinen) - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (Miaoqian Lin) - usb: dwc2: Fix memory leak in dwc2_hcd_init (Miaoqian Lin) - USB: serial: io_ti: add Agilent E5805A support (Robert Eckelmann) - USB: serial: option: add support for Cinterion MV31 with new baseline (Slark Xiao) - comedi: vmk80xx: fix expression for tx buffer size (Ian Abbott) - irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (Miaoqian Lin) - certs/blacklist_hashes.c: fix const confusion in certs blacklist (Masahiro Yamada) - arm64: ftrace: fix branch range checks (Mark Rutland) - net: bgmac: Fix an erroneous kfree() in bgmac_remove() (Christophe JAILLET) - misc: atmel-ssc: Fix IRQ check in ssc_probe (Miaoqian Lin) - tty: goldfish: Fix free_irq() on remove (Vincent Whitchurch) - i40e: Fix call trace in setup_tx_descriptors (Aleksandr Loktionov) - pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (Trond Myklebust) - random: credit cpu and bootloader seeds by default (Jason A. Donenfeld) - net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (Chen Lin) - ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg (Wang Yufen) - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (Xiaohui Zhang) - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (chengkaitao) - scsi: pmcraid: Fix missing resource cleanup in error case (Chengguang Xu) - scsi: ipr: Fix missing/incorrect resource cleanup in error case (Chengguang Xu) - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (James Smart) - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (Wentao Wang) - ASoC: wm8962: Fix suspend while playing music (Adam Ford) - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (Sergey Shtylyov) - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (Charles Keepax) - ASoC: cs42l52: Correct TLV for Bypass Volume (Charles Keepax) - ASoC: cs53l30: Correct number of volume levels on SX controls (Charles Keepax) - ASoC: cs42l52: Fix TLV scales for mixer controls (Charles Keepax) - random: account for arch randomness in bits (Jason A. Donenfeld) - random: mark bootloader randomness code as __init (Jason A. Donenfeld) - random: avoid checking crng_ready() twice in random_init() (Jason A. Donenfeld) - crypto: drbg - make reseeding from get_random_bytes() synchronous (Nicolai Stange) - crypto: drbg - always try to free Jitter RNG instance (Stephan Muller) - crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed() (Nicolai Stange) - crypto: drbg - track whether DRBG was seeded with !rng_is_initialized() (Nicolai Stange) - crypto: drbg - prepare for more fine-grained tracking of seeding state (Nicolai Stange) - crypto: drbg - always seeded with SP800-90B compliant noise source (Stephan Muller) - crypto: drbg - add FIPS 140-2 CTRNG for noise source (Stephan Mueller) - Revert 'random: use static branch for crng_ready()' (Jason A. Donenfeld) - random: check for signals after page of pool writes (Jason A. Donenfeld) - random: wire up fops->splice_{read,write}_iter() (Jens Axboe) - random: convert to using fops->write_iter() (Jens Axboe) - random: move randomize_page() into mm where it belongs (Jason A. Donenfeld) - random: move initialization functions out of hot pages (Jason A. Donenfeld) - random: use proper jiffies comparison macro (Jason A. Donenfeld) - random: use symbolic constants for crng_init states (Jason A. Donenfeld) - siphash: use one source of truth for siphash permutations (Jason A. Donenfeld) - random: help compiler out with fast_mix() by using simpler arguments (Jason A. Donenfeld) - random: do not use input pool from hard IRQs (Saeed Mirzamohammadi) - random: order timer entropy functions below interrupt functions (Jason A. Donenfeld) - random: do not pretend to handle premature next security model (Jason A. Donenfeld) - random: do not use batches when !crng_ready() (Jason A. Donenfeld) - random: insist on random_get_entropy() existing in order to simplify (Jason A. Donenfeld) - xtensa: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) - sparc: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) - um: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) - x86/tsc: Use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) - nios2: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) - arm: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) - mips: use fallback for random_get_entropy() instead of just c0 random (Jason A. Donenfeld) - m68k: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) - timekeeping: Add raw clock fallback for random_get_entropy() (Jason A. Donenfeld) - powerpc: define get_cycles macro for arch-override (Jason A. Donenfeld) - alpha: define get_cycles macro for arch-override (Jason A. Donenfeld) - parisc: define get_cycles macro for arch-override (Jason A. Donenfeld) - s390: define get_cycles macro for arch-override (Jason A. Donenfeld) - ia64: define get_cycles macro for arch-override (Jason A. Donenfeld) - init: call time_init() before rand_initialize() (Jason A. Donenfeld) - random: fix sysctl documentation nits (Jason A. Donenfeld) - random: document crng_fast_key_erasure() destination possibility (Jason A. Donenfeld) - random: make random_get_entropy() return an unsigned long (Jason A. Donenfeld) - random: check for signals every PAGE_SIZE chunk of /dev/[u]random (Jason A. Donenfeld) - random: check for signal_pending() outside of need_resched() check (Jann Horn) - random: do not allow user to keep crng key around on stack (Jason A. Donenfeld) - random: do not split fast init input in add_hwgenerator_randomness() (Jan Varho) - random: mix build-time latent entropy into pool at init (Jason A. Donenfeld) - random: re-add removed comment about get_random_{u32,u64} reseeding (Jason A. Donenfeld) - random: treat bootloader trust toggle the same way as cpu trust toggle (Jason A. Donenfeld) - random: skip fast_init if hwrng provides large chunk of entropy (Jason A. Donenfeld) - random: check for signal and try earlier when generating entropy (Jason A. Donenfeld) - random: reseed more often immediately after booting (Jason A. Donenfeld) - random: make consistent usage of crng_ready() (Jason A. Donenfeld) - random: use SipHash as interrupt entropy accumulator (Jason A. Donenfeld) - random: replace custom notifier chain with standard one (Jason A. Donenfeld) - random: don't let 644 read-only sysctls be written to (Jason A. Donenfeld) - random: give sysctl_random_min_urandom_seed a more sensible value (Jason A. Donenfeld) - random: do crng pre-init loading in worker rather than irq (Jason A. Donenfeld) - random: unify cycles_t and jiffies usage and types (Jason A. Donenfeld) - random: cleanup UUID handling (Jason A. Donenfeld) - random: only wake up writers after zap if threshold was passed (Jason A. Donenfeld) - random: round-robin registers as ulong, not u32 (Jason A. Donenfeld) - random: pull add_hwgenerator_randomness() declaration into random.h (Jason A. Donenfeld) - random: check for crng_init == 0 in add_device_randomness() (Jason A. Donenfeld) - random: unify early init crng load accounting (Jason A. Donenfeld) - random: do not take pool spinlock at boot (Jason A. Donenfeld) - random: defer fast pool mixing to worker (Jason A. Donenfeld) - random: rewrite header introductory comment (Jason A. Donenfeld) - random: group sysctl functions (Jason A. Donenfeld) - random: group userspace read/write functions (Jason A. Donenfeld) - random: group entropy collection functions (Jason A. Donenfeld) - random: group entropy extraction functions (Jason A. Donenfeld) - random: remove useless header comment (Jason A. Donenfeld) - random: introduce drain_entropy() helper to declutter crng_reseed() (Jason A. Donenfeld) - random: deobfuscate irq u32/u64 contributions (Jason A. Donenfeld) - random: add proper SPDX header (Jason A. Donenfeld) - random: remove unused tracepoints (Jason A. Donenfeld) - random: remove ifdef'd out interrupt bench (Jason A. Donenfeld) - random: tie batched entropy generation to base_crng generation (Jason A. Donenfeld) - random: zero buffer after reading entropy from userspace (Jason A. Donenfeld) - random: remove outdated INT_MAX >> 6 check in urandom_read() (Jason A. Donenfeld) - random: use hash function for crng_slow_load() (Jason A. Donenfeld) - random: absorb fast pool into input pool after fast load (Jason A. Donenfeld) - random: do not xor RDRAND when writing into /dev/random (Jason A. Donenfeld) - random: ensure early RDSEED goes through mixer on init (Jason A. Donenfeld) - random: inline leaves of rand_initialize() (Jason A. Donenfeld) - random: use RDSEED instead of RDRAND in entropy extraction (Jason A. Donenfeld) - random: fix locking in crng_fast_load() (Dominik Brodowski) - random: remove batched entropy locking (Jason A. Donenfeld) - random: remove use_input_pool parameter from crng_reseed() (Eric Biggers) - random: make credit_entropy_bits() always safe (Jason A. Donenfeld) - random: always wake up entropy writers after extraction (Jason A. Donenfeld) - random: use linear min-entropy accumulation crediting (Jason A. Donenfeld) - random: simplify entropy debiting (Jason A. Donenfeld) - random: use computational hash for entropy extraction (Jason A. Donenfeld) - random: only call crng_finalize_init() for primary_crng (Dominik Brodowski) - random: access primary_pool directly rather than through pointer (Dominik Brodowski) - random: continually use hwgenerator randomness (Dominik Brodowski) - random: simplify arithmetic function flow in account() (Jason A. Donenfeld) - random: access input_pool_data directly rather than through pointer (Jason A. Donenfeld) - random: cleanup fractional entropy shift constants (Jason A. Donenfeld) - random: prepend remaining pool constants with POOL_ (Jason A. Donenfeld) - random: de-duplicate INPUT_POOL constants (Jason A. Donenfeld) - random: remove unused OUTPUT_POOL constants (Jason A. Donenfeld) - random: rather than entropy_store abstraction, use global (Jason A. Donenfeld) - random: try to actively add entropy rather than passively wait for it (Linus Torvalds) - random: remove unused extract_entropy() reserved argument (Jason A. Donenfeld) - random: remove incomplete last_data logic (Jason A. Donenfeld) - random: cleanup integer types (Jason A. Donenfeld) - crypto: chacha20 - Fix chacha20_block() keystream alignment (again) (Eric Biggers) - random: cleanup poolinfo abstraction (Jason A. Donenfeld) - random: fix typo in comments (Schspa Shi) - random: don't reset crng_init_cnt on urandom_read() (Jann Horn) - random: avoid superfluous call to RDRAND in CRNG extraction (Jason A. Donenfeld) - random: early initialization of ChaCha constants (Dominik Brodowski) - random: initialize ChaCha20 constants with correct endianness (Eric Biggers) - random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs (Jason A. Donenfeld) - random: harmonize 'crng init done' messages (Dominik Brodowski) - random: mix bootloader randomness into pool (Jason A. Donenfeld) - random: do not re-init if crng_reseed completes before primary init (Jason A. Donenfeld) - random: do not sign extend bytes for rotation when mixing (Jason A. Donenfeld) - random: use BLAKE2s instead of SHA1 in extraction (Jason A. Donenfeld) - random: remove unused irq_flags argument from add_interrupt_randomness() (Saeed Mirzamohammadi) - random: document add_hwgenerator_randomness() with other input functions (Mark Brown) - crypto: blake2s - adjust include guard naming (Eric Biggers) (Eric Biggers) - MAINTAINERS: co-maintain random.c (Jason A. Donenfeld) - random: remove dead code left over from blocking pool (Eric Biggers) - random: avoid arch_get_random_seed_long() when collecting IRQ randomness (Ard Biesheuvel) - random: add arch_get_random_*long_early() (Mark Rutland) - powerpc: Use bool in archrandom.h (Richard Henderson) - linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (Richard Henderson) - linux/random.h: Use false with bool (Richard Henderson) - linux/random.h: Remove arch_has_random, arch_has_random_seed (Richard Henderson) - s390: Remove arch_has_random, arch_has_random_seed (Richard Henderson) - powerpc: Remove arch_has_random, arch_has_random_seed (Richard Henderson) - x86: Remove arch_has_random, arch_has_random_seed (Richard Henderson) - random: avoid warnings for !CONFIG_NUMA builds (Mark Rutland) - random: split primary/secondary crng init paths (Mark Rutland) - random: remove some dead code of poolinfo (Yangtao Li) - random: fix typo in add_timer_randomness() (Yangtao Li) - random: Add and use pr_fmt() (Yangtao Li) - random: convert to ENTROPY_BITS for better code readability (Yangtao Li) - random: remove unnecessary unlikely() (Yangtao Li) - random: remove kernel.random.read_wakeup_threshold (Andy Lutomirski) - random: delete code to pull data into pools (Andy Lutomirski) - random: remove the blocking pool (Andy Lutomirski) - random: fix crash on multiple early calls to add_bootloader_randomness() (Dominik Brodowski) - char/random: silence a lockdep splat with printk() (Sergey Senozhatsky) - random: make /dev/random be almost like /dev/urandom (Andy Lutomirski) - random: ignore GRND_RANDOM in getentropy(2) (Andy Lutomirski) - random: add GRND_INSECURE to return best-effort non-cryptographic bytes (Andy Lutomirski) - random: Add a urandom_read_nowait() for random APIs that don't warn (Andy Lutomirski) - random: Don't wake crng_init_wait when crng_init == 1 (Andy Lutomirski) - lib/crypto: sha1: re-roll loops to reduce code size (Jason A. Donenfeld) - lib/crypto: blake2s: move hmac construction into wireguard (Jason A. Donenfeld) - crypto: blake2s - generic C library implementation and selftest (Jason A. Donenfeld) - crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array() (Andy Shevchenko) - Revert 'hwrng: core - Freeze khwrng thread during suspend' (Herbert Xu) - char/random: Add a newline at the end of the file (Borislav Petkov) - random: Use wait_event_freezable() in add_hwgenerator_randomness() (Stephen Boyd) - fdt: add support for rng-seed (Hsin-Yi Wang) - random: Support freezable kthreads in add_hwgenerator_randomness() (Stephen Boyd) - random: fix soft lockup when trying to read from an uninitialized blocking pool (Theodore Ts'o) - latent_entropy: avoid build error when plugin cflags are not set (Vasily Gorbik) - random: document get_random_int() family (George Spelvin) - random: move rand_initialize() earlier (Kees Cook) - random: only read from /dev/random after its pool has received 128 bits (Theodore Ts'o) - drivers/char/random.c: make primary_crng static (Rasmus Villemoes) - drivers/char/random.c: remove unused stuct poolinfo::poolbits (Rasmus Villemoes) - drivers/char/random.c: constify poolinfo_table (Rasmus Villemoes) - random: make CPU trust a boot parameter (Kees Cook) - random: Make crng state queryable (Jason A. Donenfeld) - random: remove preempt disabled region (Ingo Molnar) - random: add a config option to trust the CPU's hwrng (Theodore Ts'o) - random: Return nbytes filled from hw RNG (Tobin C. Harding) - random: Fix whitespace pre random-bytes work (Tobin C. Harding) - drivers/char/random.c: remove unused dont_count_entropy (Rasmus Villemoes) - random: optimize add_interrupt_randomness (Andi Kleen) - random: always fill buffer in get_random_bytes_wait (Jason A. Donenfeld) - crypto: chacha20 - Fix keystream alignment for chacha20_block() (Eric Biggers) - 9p: missing chunk of 'fs/9p: Don't update file type when updating file attributes' (Al Viro) [4.14.35-2047.517.0] - mpt3sas: Fix panic observed while accessing the hw ctx queue (Gulam Mohamed) [Orabug: 34446738] - driver: marvell: mmc: Add new bus modes overrides from DT (Wojciech Bartczak) [Orabug: 34440004] - octeontx2: mmc: Adds mechanism to modify all MMC bus modes timings (Wojciech Bartczak) [Orabug: 34440004] - rds/rdma: correctly assign the dest qp num in rds ib connection (Rohit Nair) [Orabug: 34429478] - Revert 'uek-rpm: Enable config CONFIG_SCSI_MQ_DEFAULT' (Gulam Mohamed) [Orabug: 34419153] - net/rds : Adding support to print SCQ and RCQ completion vectors in rds-info. (Anand Khoje) [Orabug: 34398210] - IB/mlx5: Disable BME for unbound devices too (Hakon Bugge) [Orabug: 34395378] - net/mlx5: Rearm the FW tracer after each tracer event (Feras Daoud) [Orabug: 34387281] - net/mlx5: FW tracer, Add debug prints (Saeed Mahameed) [Orabug: 34387281] - perf script: Fix crash because of missing evsel->priv (Ravi Bangoria) [Orabug: 34382257] - net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34371946] - ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364338] - ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364338] - rds: ib: Qualify RNR Retry Timer check with firmware version (Freddy Carrillo) [Orabug: 33665743] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21385 CVE-2022-2588 CVE-2022-21546 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [4.14.35-2047.517.3.el7] - KVM: x86: use raw clock values consistently (Paolo Bonzini) [Orabug: 34575637] - KVM: x86: reorganize pvclock_gtod_data members (Paolo Bonzini) [Orabug: 34575637] - KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [Orabug: 34575637] [4.14.35-2047.517.2.el7] - kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476942] - kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476942] - kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476942] - kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476942] - kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476942] - scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419972] {CVE-2022-21546} - rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414240] - rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34510858] {CVE-2022-21385} [4.14.35-2047.517.1.el7] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480752] {CVE-2022-2588} - Restore 'module, async: async_synchronize_full() on module init iff async is used' (Mridula Shastry) [Orabug: 34469834] - net/rds: Replace #ifdef DEBUG with CONFIG_SLUB_DEBUG (Freddy Carrillo) [Orabug: 34405766] - ext4: Move to shared i_rwsem even without dioread_nolock mount opt (Ritesh Harjani) [Orabug: 34295843] - ext4: Start with shared i_rwsem in case of DIO instead of exclusive (Ritesh Harjani) [Orabug: 34295843] - ext4: further refactoring bufferio and dio helper (Junxiao Bi) [Orabug: 34295843] - ext4: refactor ext4_file_write_iter (Junxiao Bi) [Orabug: 34295843] - xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34211118] - xen/manage: revert 'xen/manage: enable C_A_D to force reboot' (Dongli Zhang) [Orabug: 34211118] - Linux 4.14.288 (Greg Kroah-Hartman) - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (Miaoqian Lin) - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (Miaoqian Lin) - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (Michael Walle) - ida: don't use BUG_ON() for debugging (Linus Torvalds) - i2c: cadence: Unregister the clk notifier in error path (Satish Nagireddy) - pinctrl: sunxi: a83t: Fix NAND function name for some pins (Samuel Holland) - xfs: remove incorrect ASSERT in xfs_rename (Eric Sandeen) - powerpc/powernv: delay rng platform device creation until later in boot (Jason A. Donenfeld) - video: of_display_timing.h: include errno.h (Hsin-Yi Wang) - fbcon: Disallow setting font bigger than screen size (Helge Deller) - iommu/vt-d: Fix PCI bus rescan device hot add (Yian Chen) - net: rose: fix UAF bug caused by rose_t0timer_expiry (Duoming Zhou) - usbnet: fix memory leak in error case (Oliver Neukum) - can: gs_usb: gs_usb_open/close(): fix memory leak (Rhett Aultman) - can: grcan: grcan_probe(): remove extra of_node_get() (Liang He) - mm/slub: add missing TID updates on slab deactivation (Jann Horn) - esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) - Linux 4.14.287 (Greg Kroah-Hartman) - xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) - net: usb: qmi_wwan: add Telit 0x1070 composition (Daniele Palmas) - net: usb: qmi_wwan: add Telit 0x1060 composition (Carlo Lobrano) - xen/arm: Fix race in RB-tree based P2M accounting (Oleksandr Tyshchenko) {CVE-2022-33744} - net: Rename and export copy_skb_header (Ilya Lesokhin) - ipv6/sit: fix ipip6_tunnel_get_prl return value (katrinzhou) - sit: use min (kernel test robot) - hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (Yang Yingliang) - NFC: nxp-nci: Don't issue a zero length i2c_master_read() (Michael Walle) - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - net: bonding: fix use-after-free after 802.3ad slave unbind (Yevhen Orlov) - net: bonding: fix possible NULL deref in rlb code (Eric Dumazet) - netfilter: nft_dynset: restore set element counter when failing to update (Pablo Neira Ayuso) - caif_virtio: fix race between virtio_device_ready() and ndo_open() (Jason Wang) - net: ipv6: unexport __init-annotated seg6_hmac_net_init() (YueHaibing) - usbnet: fix memory allocation in helpers (Oliver Neukum) - RDMA/qedr: Fix reporting QP timeout attribute (Kamal Heib) - net: usb: ax88179_178a: Fix packet receiving (Jose Alonso) - net: rose: fix UAF bugs caused by timer handler (Duoming Zhou) - SUNRPC: Fix READ_PLUS crasher (Chuck Lever) - s390/archrandom: simplify back to earlier design and initialize earlier (Jason A. Donenfeld) - dm raid: fix KASAN warning in raid5_add_disks (Mikulas Patocka) - dm raid: fix accesses beyond end of raid member array (Heinz Mauelshagen) - nvdimm: Fix badblocks clear off-by-one error (Chris Ye) - Linux 4.14.286 (Greg Kroah-Hartman) - swiotlb: skip swiotlb_bounce when orig_addr is zero (Liu Shixin) - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) - fdt: Update CRC check for rng-seed (Hsin-Yi Wang) - xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (Masahiro Yamada) - drm: remove drm_fb_helper_modinit (Christoph Hellwig) - powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) - modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) - ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) - ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) - ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) - ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) - powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) - powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) - xtensa: Fix refcount leak bug in time.c (Liang He) - xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) - iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) - iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) - iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) - iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) - usb: chipidea: udc: check request status before setting device address (Xu Yang) - iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) - igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) - MIPS: Remove repetitive increase irq_err_count (huhai) - x86/xen: Remove undefined behavior in setup_features() (Julien Grall) - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) - USB: serial: option: add Quectel RM500K module support (Macpaul Lin) - USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) - USB: serial: option: add Telit LE910Cx 0x1250 composition (Carlo Lobrano) - random: quiet urandom warning ratelimit suppression message (Jason A. Donenfeld) - dm era: commit metadata in postsuspend after worker stops (Nikos Tsironis) - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (Edward Wu) - random: schedule mix_interrupt_randomness() less often (Jason A. Donenfeld) - vt: drop old FONT ioctls (Jiri Slaby) - Linux 4.14.285 (Greg Kroah-Hartman) - tcp: drop the hash_32() part from the index calculation (Willy Tarreau) - tcp: increase source port perturb table to 2^16 (Willy Tarreau) - tcp: dynamically allocate the perturb table used by source ports (Willy Tarreau) - tcp: add small random increments to the source port (Willy Tarreau) - tcp: use different parts of the port_offset for index and offset (Willy Tarreau) - tcp: add some entropy in __inet_hash_connect() (Eric Dumazet) - xprtrdma: fix incorrect header size calculations (Colin Ian King) - usb: gadget: u_ether: fix regression in setting fixed MAC address (Marian Postevca) - s390/mm: use non-quiescing sske for KVM switch to keyed guest (Christian Borntraeger) - virtio-pci: Remove wrong address verification in vp_del_vqs() (Murilo Opsfelder Araujo) - ext4: add reserved GDT blocks check (Zhang Yi) - ext4: make variable 'count' signed (Ding Xiang) - ext4: fix bug_on ext4_mb_use_inode_pa (Baokun Li) - serial: 8250: Store to lsr_save_flags after lsr read (Ilpo Jarvinen) - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (Miaoqian Lin) - usb: dwc2: Fix memory leak in dwc2_hcd_init (Miaoqian Lin) - USB: serial: io_ti: add Agilent E5805A support (Robert Eckelmann) - USB: serial: option: add support for Cinterion MV31 with new baseline (Slark Xiao) - comedi: vmk80xx: fix expression for tx buffer size (Ian Abbott) - irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (Miaoqian Lin) - certs/blacklist_hashes.c: fix const confusion in certs blacklist (Masahiro Yamada) - arm64: ftrace: fix branch range checks (Mark Rutland) - net: bgmac: Fix an erroneous kfree() in bgmac_remove() (Christophe JAILLET) - misc: atmel-ssc: Fix IRQ check in ssc_probe (Miaoqian Lin) - tty: goldfish: Fix free_irq() on remove (Vincent Whitchurch) - i40e: Fix call trace in setup_tx_descriptors (Aleksandr Loktionov) - pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (Trond Myklebust) - random: credit cpu and bootloader seeds by default (Jason A. Donenfeld) - net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (Chen Lin) - ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg (Wang Yufen) - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (Xiaohui Zhang) - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (chengkaitao) - scsi: pmcraid: Fix missing resource cleanup in error case (Chengguang Xu) - scsi: ipr: Fix missing/incorrect resource cleanup in error case (Chengguang Xu) - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (James Smart) - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (Wentao Wang) - ASoC: wm8962: Fix suspend while playing music (Adam Ford) - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (Sergey Shtylyov) - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (Charles Keepax) - ASoC: cs42l52: Correct TLV for Bypass Volume (Charles Keepax) - ASoC: cs53l30: Correct number of volume levels on SX controls (Charles Keepax) - ASoC: cs42l52: Fix TLV scales for mixer controls (Charles Keepax) - random: account for arch randomness in bits (Jason A. Donenfeld) - random: mark bootloader randomness code as __init (Jason A. Donenfeld) - random: avoid checking crng_ready() twice in random_init() (Jason A. Donenfeld) - crypto: drbg - make reseeding from get_random_bytes() synchronous (Nicolai Stange) - crypto: drbg - always try to free Jitter RNG instance (Stephan Muller) - crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed() (Nicolai Stange) - crypto: drbg - track whether DRBG was seeded with !rng_is_initialized() (Nicolai Stange) - crypto: drbg - prepare for more fine-grained tracking of seeding state (Nicolai Stange) - crypto: drbg - always seeded with SP800-90B compliant noise source (Stephan Muller) - crypto: drbg - add FIPS 140-2 CTRNG for noise source (Stephan Mueller) - Revert 'random: use static branch for crng_ready()' (Jason A. Donenfeld) - random: check for signals after page of pool writes (Jason A. Donenfeld) - random: wire up fops->splice_{read,write}_iter() (Jens Axboe) - random: convert to using fops->write_iter() (Jens Axboe) - random: move randomize_page() into mm where it belongs (Jason A. Donenfeld) - random: move initialization functions out of hot pages (Jason A. Donenfeld) - random: use proper jiffies comparison macro (Jason A. Donenfeld) - random: use symbolic constants for crng_init states (Jason A. Donenfeld) - siphash: use one source of truth for siphash permutations (Jason A. Donenfeld) - random: help compiler out with fast_mix() by using simpler arguments (Jason A. Donenfeld) - random: do not use input pool from hard IRQs (Saeed Mirzamohammadi) - random: order timer entropy functions below interrupt functions (Jason A. Donenfeld) - random: do not pretend to handle premature next security model (Jason A. Donenfeld) - random: do not use batches when !crng_ready() (Jason A. Donenfeld) - random: insist on random_get_entropy() existing in order to simplify (Jason A. Donenfeld) - xtensa: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) - sparc: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) - um: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) - x86/tsc: Use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) - nios2: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) - arm: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) - mips: use fallback for random_get_entropy() instead of just c0 random (Jason A. Donenfeld) - m68k: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) - timekeeping: Add raw clock fallback for random_get_entropy() (Jason A. Donenfeld) - powerpc: define get_cycles macro for arch-override (Jason A. Donenfeld) - alpha: define get_cycles macro for arch-override (Jason A. Donenfeld) - parisc: define get_cycles macro for arch-override (Jason A. Donenfeld) - s390: define get_cycles macro for arch-override (Jason A. Donenfeld) - ia64: define get_cycles macro for arch-override (Jason A. Donenfeld) - init: call time_init() before rand_initialize() (Jason A. Donenfeld) - random: fix sysctl documentation nits (Jason A. Donenfeld) - random: document crng_fast_key_erasure() destination possibility (Jason A. Donenfeld) - random: make random_get_entropy() return an unsigned long (Jason A. Donenfeld) - random: check for signals every PAGE_SIZE chunk of /dev/[u]random (Jason A. Donenfeld) - random: check for signal_pending() outside of need_resched() check (Jann Horn) - random: do not allow user to keep crng key around on stack (Jason A. Donenfeld) - random: do not split fast init input in add_hwgenerator_randomness() (Jan Varho) - random: mix build-time latent entropy into pool at init (Jason A. Donenfeld) - random: re-add removed comment about get_random_{u32,u64} reseeding (Jason A. Donenfeld) - random: treat bootloader trust toggle the same way as cpu trust toggle (Jason A. Donenfeld) - random: skip fast_init if hwrng provides large chunk of entropy (Jason A. Donenfeld) - random: check for signal and try earlier when generating entropy (Jason A. Donenfeld) - random: reseed more often immediately after booting (Jason A. Donenfeld) - random: make consistent usage of crng_ready() (Jason A. Donenfeld) - random: use SipHash as interrupt entropy accumulator (Jason A. Donenfeld) - random: replace custom notifier chain with standard one (Jason A. Donenfeld) - random: don't let 644 read-only sysctls be written to (Jason A. Donenfeld) - random: give sysctl_random_min_urandom_seed a more sensible value (Jason A. Donenfeld) - random: do crng pre-init loading in worker rather than irq (Jason A. Donenfeld) - random: unify cycles_t and jiffies usage and types (Jason A. Donenfeld) - random: cleanup UUID handling (Jason A. Donenfeld) - random: only wake up writers after zap if threshold was passed (Jason A. Donenfeld) - random: round-robin registers as ulong, not u32 (Jason A. Donenfeld) - random: pull add_hwgenerator_randomness() declaration into random.h (Jason A. Donenfeld) - random: check for crng_init == 0 in add_device_randomness() (Jason A. Donenfeld) - random: unify early init crng load accounting (Jason A. Donenfeld) - random: do not take pool spinlock at boot (Jason A. Donenfeld) - random: defer fast pool mixing to worker (Jason A. Donenfeld) - random: rewrite header introductory comment (Jason A. Donenfeld) - random: group sysctl functions (Jason A. Donenfeld) - random: group userspace read/write functions (Jason A. Donenfeld) - random: group entropy collection functions (Jason A. Donenfeld) - random: group entropy extraction functions (Jason A. Donenfeld) - random: remove useless header comment (Jason A. Donenfeld) - random: introduce drain_entropy() helper to declutter crng_reseed() (Jason A. Donenfeld) - random: deobfuscate irq u32/u64 contributions (Jason A. Donenfeld) - random: add proper SPDX header (Jason A. Donenfeld) - random: remove unused tracepoints (Jason A. Donenfeld) - random: remove ifdef'd out interrupt bench (Jason A. Donenfeld) - random: tie batched entropy generation to base_crng generation (Jason A. Donenfeld) - random: zero buffer after reading entropy from userspace (Jason A. Donenfeld) - random: remove outdated INT_MAX >> 6 check in urandom_read() (Jason A. Donenfeld) - random: use hash function for crng_slow_load() (Jason A. Donenfeld) - random: absorb fast pool into input pool after fast load (Jason A. Donenfeld) - random: do not xor RDRAND when writing into /dev/random (Jason A. Donenfeld) - random: ensure early RDSEED goes through mixer on init (Jason A. Donenfeld) - random: inline leaves of rand_initialize() (Jason A. Donenfeld) - random: use RDSEED instead of RDRAND in entropy extraction (Jason A. Donenfeld) - random: fix locking in crng_fast_load() (Dominik Brodowski) - random: remove batched entropy locking (Jason A. Donenfeld) - random: remove use_input_pool parameter from crng_reseed() (Eric Biggers) - random: make credit_entropy_bits() always safe (Jason A. Donenfeld) - random: always wake up entropy writers after extraction (Jason A. Donenfeld) - random: use linear min-entropy accumulation crediting (Jason A. Donenfeld) - random: simplify entropy debiting (Jason A. Donenfeld) - random: use computational hash for entropy extraction (Jason A. Donenfeld) - random: only call crng_finalize_init() for primary_crng (Dominik Brodowski) - random: access primary_pool directly rather than through pointer (Dominik Brodowski) - random: continually use hwgenerator randomness (Dominik Brodowski) - random: simplify arithmetic function flow in account() (Jason A. Donenfeld) - random: access input_pool_data directly rather than through pointer (Jason A. Donenfeld) - random: cleanup fractional entropy shift constants (Jason A. Donenfeld) - random: prepend remaining pool constants with POOL_ (Jason A. Donenfeld) - random: de-duplicate INPUT_POOL constants (Jason A. Donenfeld) - random: remove unused OUTPUT_POOL constants (Jason A. Donenfeld) - random: rather than entropy_store abstraction, use global (Jason A. Donenfeld) - random: try to actively add entropy rather than passively wait for it (Linus Torvalds) - random: remove unused extract_entropy() reserved argument (Jason A. Donenfeld) - random: remove incomplete last_data logic (Jason A. Donenfeld) - random: cleanup integer types (Jason A. Donenfeld) - crypto: chacha20 - Fix chacha20_block() keystream alignment (again) (Eric Biggers) - random: cleanup poolinfo abstraction (Jason A. Donenfeld) - random: fix typo in comments (Schspa Shi) - random: don't reset crng_init_cnt on urandom_read() (Jann Horn) - random: avoid superfluous call to RDRAND in CRNG extraction (Jason A. Donenfeld) - random: early initialization of ChaCha constants (Dominik Brodowski) - random: initialize ChaCha20 constants with correct endianness (Eric Biggers) - random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs (Jason A. Donenfeld) - random: harmonize 'crng init done' messages (Dominik Brodowski) - random: mix bootloader randomness into pool (Jason A. Donenfeld) - random: do not re-init if crng_reseed completes before primary init (Jason A. Donenfeld) - random: do not sign extend bytes for rotation when mixing (Jason A. Donenfeld) - random: use BLAKE2s instead of SHA1 in extraction (Jason A. Donenfeld) - random: remove unused irq_flags argument from add_interrupt_randomness() (Saeed Mirzamohammadi) - random: document add_hwgenerator_randomness() with other input functions (Mark Brown) - crypto: blake2s - adjust include guard naming (Eric Biggers) - crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h> (Eric Biggers) - MAINTAINERS: co-maintain random.c (Jason A. Donenfeld) - random: remove dead code left over from blocking pool (Eric Biggers) - random: avoid arch_get_random_seed_long() when collecting IRQ randomness (Ard Biesheuvel) - random: add arch_get_random_*long_early() (Mark Rutland) - powerpc: Use bool in archrandom.h (Richard Henderson) - linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (Richard Henderson) - linux/random.h: Use false with bool (Richard Henderson) - linux/random.h: Remove arch_has_random, arch_has_random_seed (Richard Henderson) - s390: Remove arch_has_random, arch_has_random_seed (Richard Henderson) - powerpc: Remove arch_has_random, arch_has_random_seed (Richard Henderson) - x86: Remove arch_has_random, arch_has_random_seed (Richard Henderson) - random: avoid warnings for !CONFIG_NUMA builds (Mark Rutland) - random: split primary/secondary crng init paths (Mark Rutland) - random: remove some dead code of poolinfo (Yangtao Li) - random: fix typo in add_timer_randomness() (Yangtao Li) - random: Add and use pr_fmt() (Yangtao Li) - random: convert to ENTROPY_BITS for better code readability (Yangtao Li) - random: remove unnecessary unlikely() (Yangtao Li) - random: remove kernel.random.read_wakeup_threshold (Andy Lutomirski) - random: delete code to pull data into pools (Andy Lutomirski) - random: remove the blocking pool (Andy Lutomirski) - random: fix crash on multiple early calls to add_bootloader_randomness() (Dominik Brodowski) - char/random: silence a lockdep splat with printk() (Sergey Senozhatsky) - random: make /dev/random be almost like /dev/urandom (Andy Lutomirski) - random: ignore GRND_RANDOM in getentropy(2) (Andy Lutomirski) - random: add GRND_INSECURE to return best-effort non-cryptographic bytes (Andy Lutomirski) - random: Add a urandom_read_nowait() for random APIs that don't warn (Andy Lutomirski) - random: Don't wake crng_init_wait when crng_init == 1 (Andy Lutomirski) - lib/crypto: sha1: re-roll loops to reduce code size (Jason A. Donenfeld) - lib/crypto: blake2s: move hmac construction into wireguard (Jason A. Donenfeld) - crypto: blake2s - generic C library implementation and selftest (Jason A. Donenfeld) - crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array() (Andy Shevchenko) - Revert 'hwrng: core - Freeze khwrng thread during suspend' (Herbert Xu) - char/random: Add a newline at the end of the file (Borislav Petkov) - random: Use wait_event_freezable() in add_hwgenerator_randomness() (Stephen Boyd) - fdt: add support for rng-seed (Hsin-Yi Wang) - random: Support freezable kthreads in add_hwgenerator_randomness() (Stephen Boyd) - random: fix soft lockup when trying to read from an uninitialized blocking pool (Theodore Ts'o) - latent_entropy: avoid build error when plugin cflags are not set (Vasily Gorbik) - random: document get_random_int() family (George Spelvin) - random: move rand_initialize() earlier (Kees Cook) - random: only read from /dev/random after its pool has received 128 bits (Theodore Ts'o) - drivers/char/random.c: make primary_crng static (Rasmus Villemoes) - drivers/char/random.c: remove unused stuct poolinfo::poolbits (Rasmus Villemoes) - drivers/char/random.c: constify poolinfo_table (Rasmus Villemoes) - random: make CPU trust a boot parameter (Kees Cook) - random: Make crng state queryable (Jason A. Donenfeld) - random: remove preempt disabled region (Ingo Molnar) - random: add a config option to trust the CPU's hwrng (Theodore Ts'o) - random: Return nbytes filled from hw RNG (Tobin C. Harding) - random: Fix whitespace pre random-bytes work (Tobin C. Harding) - drivers/char/random.c: remove unused dont_count_entropy (Rasmus Villemoes) - random: optimize add_interrupt_randomness (Andi Kleen) - random: always fill buffer in get_random_bytes_wait (Jason A. Donenfeld) - crypto: chacha20 - Fix keystream alignment for chacha20_block() (Eric Biggers) - 9p: missing chunk of 'fs/9p: Don't update file type when updating file attributes' (Al Viro) [4.14.35-2047.517.0.el7] - mpt3sas: Fix panic observed while accessing the hw ctx queue (Gulam Mohamed) [Orabug: 34446738] - driver: marvell: mmc: Add new bus modes overrides from DT (Wojciech Bartczak) [Orabug: 34440004] - octeontx2: mmc: Adds mechanism to modify all MMC bus modes timings (Wojciech Bartczak) [Orabug: 34440004] - rds/rdma: correctly assign the dest qp num in rds ib connection (Rohit Nair) [Orabug: 34429478] - Revert 'uek-rpm: Enable config CONFIG_SCSI_MQ_DEFAULT' (Gulam Mohamed) [Orabug: 34419153] - net/rds : Adding support to print SCQ and RCQ completion vectors in rds-info. (Anand Khoje) [Orabug: 34398210] - IB/mlx5: Disable BME for unbound devices too (Hakon Bugge) [Orabug: 34395378] - net/mlx5: Rearm the FW tracer after each tracer event (Feras Daoud) [Orabug: 34387281] - net/mlx5: FW tracer, Add debug prints (Saeed Mahameed) [Orabug: 34387281] - perf script: Fix crash because of missing evsel->priv (Ravi Bangoria) [Orabug: 34382257] - net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34371946] - ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364338] - ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364338] - rds: ib: Qualify RNR Retry Timer check with firmware version (Freddy Carrillo) [Orabug: 33665743] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21385 CVE-2022-2588 CVE-2022-21546 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 6 [2.6.32-754.35.1.0.7.OL6] - bluetooth: eliminate the potential race condition when removing the HCI controller (Lin Ma) {CVE-2021-32399} [Orabug: 33763116] - RDMA/ucma: Put a lock around every call to the rdma_cm layer (Jason Gunthorpe) [Orabug: 33763116] - RDMA/cma: Add missing locking to rdma_accept() (Leon Romanovsky) [Orabug: 33763116] - RDMA/ucma: Fix the locking of ctx->file (Leon Romanovsky) [Orabug: 33763116] - RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy (Jason Gunthorpe) {CVE-2020-36385} [Orabug: 33763116] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-32399 CVE-2020-36385 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 8 Oracle Linux 9 [5.15.0-2.52.3] - posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Thadeu Lima de Souza Cascardo) [Orabug: 34495548] {CVE-2022-2585} - fix race between exit_itimers() and /proc/pid/timers (Oleg Nesterov) [Orabug: 34495548] - rds: ib: Add preemption control when using per-cpu variables (Hakon Bugge) [Orabug: 34505120] - ocfs2: fix handle refcount leak in two exception handling paths (Chenyuan Mi) [Orabug: 34436530] - netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586} - netfilter: nf_tables: do not allow CHAIN_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586} - netfilter: nf_tables: do not allow SET_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586} - rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34510687] {CVE-2022-21385} - kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476940] - kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476940] - kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476940] - kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476940] - kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476940] - Revert net/rds: Connect TCP backends deterministically (Gerd Rausch) [Orabug: 34476561] - rds/ib: handle posted ACK during connection shutdown (Rohit Nair) [Orabug: 34465808] - rds/ib: reap tx completions during connection shutdown (Rohit Nair) [Orabug: 34465808] - uek-rpm: Set CONFIG_VSOCKETS=m and CONFIG_VSOCKETS_DIAG=m (Victor Erminpour) [Orabug: 34461322] - scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419970] {CVE-2022-21546} - rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414238] [5.15.0-2.52.2] - PCI: pciehp: Add quirk to handle spurious DLLSC on a x4x4 SSD (Thomas Tai) [Orabug: 34358322] - net/mlx5: E-Switch, change VFs default admin state to auto in switchdev (Maor Dickman) [Orabug: 34477072] - xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34480751] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34484536] {CVE-2022-2588} [5.15.0-2.52.1] - LTS version: v5.15.52 (Jack Vogel) - io_uring: fix not locked access to fixed buf table (Pavel Begunkov) - net: mscc: ocelot: allow unregistered IP multicast flooding to CPU (Vladimir Oltean) - rtw88: rtw8821c: enable rfe 6 devices (Ping-Ke Shih) - rtw88: 8821c: support RFE type4 wifi NIC (Guo-Feng Fan) - fs: account for group membership (Christian Brauner) - fs: fix acl translation (Christian Brauner) - fs: support mapped mounts of mapped filesystems (Christian Brauner) - fs: add i_user_ns() helper (Christian Brauner) - fs: port higher-level mapping helpers (Christian Brauner) - fs: remove unused low-level mapping helpers (Christian Brauner) - fs: use low-level mapping helpers (Christian Brauner) - docs: update mapping documentation (Christian Brauner) - fs: account for filesystem mappings (Christian Brauner) - fs: tweak fsuidgid_has_mapping() (Christian Brauner) - fs: move mapping helpers (Christian Brauner) - fs: add is_idmapped_mnt() helper (Christian Brauner) - powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (Naveen N. Rao) - xfs: Fix the free logic of state in xfs_attr_node_hasname (Yang Xu) - xfs: use kmem_cache_free() for kmem_cache objects (Rustam Kovhaev) - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (Coly Li) - tick/nohz: unexport __init-annotated tick_nohz_full_setup() (Masahiro Yamada) - LTS version: v5.15.51 (Jack Vogel) - powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) - kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (Masahiro Yamada) - dma-direct: use the correct size for dma_set_encrypted() (Dexuan Cui) - perf build-id: Fix caching files with a wrong build ID (Adrian Hunter) - random: update comment from copy_to_user() -> copy_to_iter() (Jason A. Donenfeld) - ARM: dts: bcm2711-rpi-400: Fix GPIO line names (Stefan Wahren) - modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) - ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) - memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (Miaoqian Lin) - ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (Miaoqian Lin) - ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) - arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (Aswath Govindraju) - ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) - ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (Alexander Stein) - drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (Kuogee Hsieh) - powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) - powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) - powerpc/microwatt: wire up rng during setup_arch() (Jason A. Donenfeld) - parisc: Enable ARCH_HAS_STRICT_MODULE_RWX (Helge Deller) - parisc/stifb: Fix fb_is_primary_device() only available with CONFIG_FB_STI (Helge Deller) - xtensa: Fix refcount leak bug in time.c (Liang He) - xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) - iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (Jialin Zhang) - iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (Miaoqian Lin) - iio: adc: rzg2l_adc: add missing fwnode_handle_put() in rzg2l_adc_parse_properties() (Jialin Zhang) - iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) - iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (Yannick Brosseau) - iio: adc: stm32: Fix ADCs iteration in irq handler (Yannick Brosseau) - iio: afe: rescale: Fix boolean logic bug (Linus Walleij) - iio: imu: inv_icm42600: Fix broken icm42600 (chip id 0 value) (Jean-Baptiste Maneyrol) - iio: adc: stm32: fix maximum clock rate for stm32mp15x (Olivier Moysan) - iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) - iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) - iio:accel:mxc4005: rearrange iio trigger get and register (Dmitry Rokosov) - iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) - iio:accel:kxcjk-1013: rearrange iio trigger get and register (Dmitry Rokosov) - iio:chemical:ccs811: rearrange iio trigger get and register (Dmitry Rokosov) - iio:humidity:hts221: rearrange iio trigger get and register (Dmitry Rokosov) - f2fs: attach inline_data after setting compression (Jaegeuk Kim) - btrfs: fix deadlock with fsync+fiemap+transaction commit (Josef Bacik) - btrfs: dont set lock_owner when locking extent buffer for reading (Zygo Blaxell) - dt-bindings: usb: ehci: Increase the number of PHYs (Geert Uytterhoeven) - dt-bindings: usb: ohci: Increase the number of PHYs (Geert Uytterhoeven) - usb: chipidea: udc: check request status before setting device address (Xu Yang) - USB: gadget: Fix double-free bug in raw_gadget driver (Alan Stern) - usb: gadget: Fix non-unique driver names in raw-gadget driver (Alan Stern) - xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (Utkarsh Patel) - xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (Tanveer Alam) - xhci: turn off port power in shutdown (Mathias Nyman) - usb: typec: wcove: Drop wrong dependency to INTEL_SOC_PMIC (Andy Shevchenko) - iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) - iio: magnetometer: yas530: Fix memchr_inv() misuse (Linus Walleij) - iio: mma8452: fix probe fail when device tree compatible is used. (Haibo Chen) - s390/cpumf: Handle events cycles and instructions identical (Thomas Richter) - gpio: winbond: Fix error code in winbond_gpio_get() (Dan Carpenter) - nvme: move the Samsung X5 quirk entry to the core quirks (Christoph Hellwig) - nvme-pci: add NO APST quirk for Kioxia device (Enzo Matsumiya) - sock: redo the psock vs ULP protection check (Jakub Kicinski) - Revert net/tls: fix tls_sk_proto_close executed repeatedly (Jakub Kicinski) - virtio_net: fix xdp_rxq_info bug after suspend/resume (Stephan Gerhold) - igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) - regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (Aidan MacDonald) - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (Aidan MacDonald) - ice: ethtool: advertise 1000M speeds properly (Anatolii Gerasymenko) - afs: Fix dynamic root getattr (David Howells) - MIPS: Remove repetitive increase irq_err_count (huhai) - x86/xen: Remove undefined behavior in setup_features() (Julien Grall) - xen-blkfront: Handle NULL gendisk (Jason Andryuk) - selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (Jie2x Zhou) - udmabuf: add back sanity check (Gerd Hoffmann) - net/tls: fix tls_sk_proto_close executed repeatedly (Ziyang Xuan) - erspan: do not assume transport header is always set (Eric Dumazet) - perf arm-spe: Dont set data source if its not a memory operation (Leo Yan) - drm/msm/dp: force link training for display resolution change (Kuogee Hsieh) - drm/msm/dp: do not initialize phy until plugin interrupt received (Kuogee Hsieh) - drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read failed (Kuogee Hsieh) - drm/msm/dp: Drop now unused hpd_high member (Bjorn Andersson) - drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (Kuogee Hsieh) - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (Miaoqian Lin) - net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (Peilin Ye) - ethtool: Fix get module eeprom fallback (Ivan Vecera) - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) - igb: fix a use-after-free issue in igb_clean_tx_ring (Lorenzo Bianconi) - tipc: fix use-after-free Read in tipc_named_reinit (Hoang Le) - net: fix data-race in dev_isalive() (Eric Dumazet) - net: Write lock dev_base_lock without disabling bottom halves. (Sebastian Andrzej Siewior) - KVM: arm64: Prevent kmemleak from accessing pKVM memory (Quentin Perret) - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (Claudiu Manoil) - scsi: storvsc: Correct reporting of Hyper-V I/O size limits (Saurabh Sengar) - bpf, x86: Fix tail call count offset calculation on bpf2bpf call (Jakub Sitnicki) - drm/sun4i: Fix crash during suspend after component bind failure (Samuel Holland) - bpf: Fix request_sock leak in sk lookup helpers (Jon Maxwell) - drm/msm: use for_each_sgtable_sg to iterate over scatterlist (Jonathan Marek) - xsk: Fix generic transmit when completion queue reservation fails (Ciara Loftus) - scsi: iscsi: Exclude zero from the endpoint ID range (Sergey Gorenko) - drm/msm: Switch ordering of runpm put vs devfreq_idle (Rob Clark) - scsi: scsi_debug: Fix zone transition to full condition (Damien Le Moal) - netfilter: use get_random_u32 instead of prandom (Florian Westphal) - drm/msm: Fix double pm_runtime_disable() call (Maximilian Luz) - drm/msm: Ensure mmap offset is initialized (Rob Clark) - USB: serial: option: add Quectel RM500K module support (Macpaul Lin) - USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) - USB: serial: option: add Telit LE910Cx 0x1250 composition (Carlo Lobrano) - USB: serial: pl2303: add support for more HXN (G) types (Johan Hovold) - drm/i915: Implement w/a 22010492432 for adl-s (Ville Syrjala) - tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (Masami Hiramatsu (Google)) - dm mirror log: clear log bits up to BITS_PER_LONG boundary (Mikulas Patocka) - dm era: commit metadata in postsuspend after worker stops (Nikos Tsironis) - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (Edward Wu) - mtd: rawnand: gpmi: Fix setting busy timeout setting (Sascha Hauer) - MAINTAINERS: Add new IOMMU development mailing list (Joerg Roedel) - xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) - mmc: mediatek: wait dma stop bit reset to 0 (Mengqi Zhang) - mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (Chevron Li) - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (Tyrel Datwyler) - scsi: ibmvfc: Store vhost pointer during subcrq allocation (Tyrel Datwyler) - btrfs: add error messages to all unrecognized mount options (David Sterba) - btrfs: prevent remounting to v1 space cache for subpage mount (Qu Wenruo) - btrfs: fix hang during unmount when block group reclaim task is running (Filipe Manana) - 9p: fix fid refcount leak in v9fs_vfs_get_link (Dominique Martinet) - 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (Dominique Martinet) - 9p: Fix refcounting during full path walks for fid lookups (Tyler Hicks) - net: openvswitch: fix parsing of nw_proto for IPv6 fragments (Rosemarie ORiorden) - ALSA: hda/realtek: Add quirk for Clevo NS50PU (Tim Crawford) - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (Tim Crawford) - ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (Takashi Iwai) - ALSA: hda/realtek - ALC897 headset MIC no sound (Kailang Yang) - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (Soham Sen) - ALSA: hda/conexant: Fix missing beep setup (Takashi Iwai) - ALSA: hda/via: Fix missing beep setup (Takashi Iwai) - random: quiet urandom warning ratelimit suppression message (Jason A. Donenfeld) - random: schedule mix_interrupt_randomness() less often (Jason A. Donenfeld) - LTS version: v5.15.50 (Jack Vogel) - arm64: mm: Dont invalidate FROM_DEVICE buffers at start of DMA transfer (Will Deacon) - serial: core: Initialize rs485 RTS polarity already on probe (Lukas Wunner) - selftests/bpf: Add selftest for calling global functions from freplace (Toke Hoiland-Jorgensen) - bpf: Fix calling global functions from BPF_PROG_TYPE_EXT programs (Toke Hoiland-Jorgensen) - usb: gadget: u_ether: fix regression in setting fixed MAC address (Marian Postevca) - zonefs: fix zonefs_iomap_begin() for reads (Damien Le Moal) - drm/amd/display: Dont reinitialize DMCUB on s0ix resume (Nicholas Kazlauskas) - s390/mm: use non-quiescing sske for KVM switch to keyed guest (Christian Borntraeger) - LTS version: v5.15.49 (Jack Vogel) - clk: imx8mp: fix usb_root_clk parent (Peng Fan) (Masahiro Yamada) - virtio-pci: Remove wrong address verification in vp_del_vqs() (Murilo Opsfelder Araujo) - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (Andy Chi) - KVM: arm64: Dont read a HW interrupt pending state in user context (Marc Zyngier) - ext4: add reserved GDT blocks check (Zhang Yi) - ext4: make variable count signed (Ding Xiang) - ext4: fix bug_on ext4_mb_use_inode_pa (Baokun Li) - ext4: fix super block checksum incorrect after mount (Ye Bin) - cfi: Fix __cfi_slowpath_diag RCU usage with cpuidle (Sami Tolvanen) - drm/amd/display: Cap OLED brightness per max frame-average luminance (Roman Li) - dm mirror log: round up region bitmap size to BITS_PER_LONG (Mikulas Patocka) - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (Shinichiro Kawasaki) - serial: 8250: Store to lsr_save_flags after lsr read (Ilpo Jarvinen) - tty: n_gsm: Debug output allocation must use GFP_ATOMIC (Tony Lindgren) - usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (Linyu Yuan) - usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (Linyu Yuan) - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (Miaoqian Lin) - usb: cdnsp: Fixed setting last_trb incorrectly (Jing Leng) - usb: dwc2: Fix memory leak in dwc2_hcd_init (Miaoqian Lin) - USB: serial: io_ti: add Agilent E5805A support (Robert Eckelmann) - USB: serial: option: add support for Cinterion MV31 with new baseline (Slark Xiao) - crypto: memneq - move into lib/ (Jason A. Donenfeld) - comedi: vmk80xx: fix expression for tx buffer size (Ian Abbott) - mei: me: add raptor lake point S DID (Alexander Usyskin) - mei: hbm: drop capability response on early shutdown (Alexander Usyskin) - i2c: designware: Use standard optional ref clock implementation (Serge Semin) - sched: Fix balance_push() vs __sched_setscheduler() (Peter Zijlstra) - irqchip/realtek-rtl: Fix refcount leak in map_interrupts (Miaoqian Lin) - irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (Miaoqian Lin) - irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (Miaoqian Lin) - irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (Miaoqian Lin) - i2c: npcm7xx: Add check for platform_driver_register (Jiasheng Jiang) - faddr2line: Fix overlapping text section failures, the sequel (Josh Poimboeuf) - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (Bart Van Assche) - init: Initialize noop_backing_dev_info early (Jan Kara) - certs/blacklist_hashes.c: fix const confusion in certs blacklist (Masahiro Yamada) - arm64: ftrace: consistently handle PLTs. (Mark Rutland) - arm64: ftrace: fix branch range checks (Mark Rutland) - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (Duoming Zhou) - net: bgmac: Fix an erroneous kfree() in bgmac_remove() (Christophe JAILLET) - mlxsw: spectrum_cnt: Reorder counter pools (Petr Machata) - nvme: add device name to warning in uuid_show() (Thomas WeiBschuh) - rtc: ftrtc010: Use platform_get_irq() to get the interrupt (Lad Prabhakar) - rtc: ftrtc010: Use platform_get_irq() to get the interrupt (Lad Prabhakar) - rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) - ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (Howard Chiu) - clocksource/drivers/riscv: Events are stopped during CPU suspend (Samuel Holland) - soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) - extcon: ptn5150: Add queue work sync before driver release (Li Jun) - ksmbd: fix reference count leak in smb_check_perm_dacl() (Xin Xiong) - coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) - soundwire: intel: prevent pm_runtime resume prior to system suspend (Pierre-Louis Bossart) - export: fix string handling of namespace in EXPORT_SYMBOL_NS (Greg Kroah-Hartman) - serial: sifive: Report actual baud base rather than fixed 115200 (Maciej W. Rozycki) - power: supply: axp288_fuel_gauge: Drop BIOS version check from T3 MRD DMI quirk (Hans de Goede) - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (Johan Hovold) - misc/pvpanic: Convert regular spinlock into trylock on panic path (Guilherme G. Piccoli) - pvpanic: Fix typos in the comments (Andy Shevchenko) - rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (Krzysztof Kozlowski) - iio: adc: sc27xx: Fine tune the scale calibration values (Cixi Geng) - iio: adc: sc27xx: fix read big scale voltage not right (Cixi Geng) - iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (Miaoqian Lin) - rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (Arnaud Pouliquen) - rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (Hangyu Hua) - rpmsg: virtio: Fix possible double free in rpmsg_probe() (Hangyu Hua) - usb: typec: mux: Check dev_set_name() return value (Bjorn Andersson) - firmware: stratix10-svc: fix a missing check on list iterator (Xiaomeng Tong) - misc: fastrpc: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (Wesley Cheng) - rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - pwm: raspberrypi-poe: Fix endianness in firmware struct (Uwe Kleine-Konig) - pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (Christophe JAILLET) - usb: musb: Fix missing of_node_put() in omap2430_probe (Miaoqian Lin) - USB: storage: karma: fix rio_karma_init return (Lin Ma) - usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) - usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) - remoteproc: imx_rproc: Ignore create mem entry for resource table (Peng Fan) - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (Sherry Sun) - serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (Miaoqian Lin) - tty: n_tty: Restore EOF push handling behavior (Daniel Gibson) - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (Miaoqian Lin) - tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) - lkdtm/bugs: Dont expect thread termination without CONFIG_UBSAN_TRAP (Christophe Leroy) - lkdtm/bugs: Check for the NULL pointer after calling kmalloc (Jiasheng Jiang) - iio: adc: ad7124: Remove shift from scan_type (Alexandru Tachici) - staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) - LTS version: v5.15.46 (Jack Vogel) - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (Jan Kara) - pinctrl/rockchip: support setting input-enable param (Caleb Connolly) - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (Jia-Ju Bai) - md: fix double free of io_acct_set bioset (Xiao Ni) - md: Dont set mddev private to NULL in raid0 pers->free (Xiao Ni) - fs/ntfs3: Fix invalid free in log_replay (Namjae Jeon) - exportfs: support idmapped mounts (Christian Brauner) - fs: add two trivial lookup helpers (Christian Brauner) - interconnect: qcom: icc-rpmh: Add BCMs to commit list in pre_aggregate (Mike Tipton) - interconnect: qcom: sc7180: Drop IP0 interconnects (Stephen Boyd) - ext4: only allow test_dummy_encryption when supported (Eric Biggers) - MIPS: IP30: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) - MIPS: IP27: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) - RDMA/hns: Remove the num_cqc_timer variable (Yixing Liu) - staging: r8188eu: delete rtw_wx_read/write32() (Dan Carpenter) - Revert random: use static branch for crng_ready() (Jason A. Donenfeld) - list: test: Add a test for list_is_head() (David Gow) - kseltest/cgroup: Make test_stress.sh work if run interactively (Waiman Long) - net: ipa: fix page free in ipa_endpoint_replenish_one() (Alex Elder) - net: ipa: fix page free in ipa_endpoint_trans_release() (Alex Elder) - phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) - coresight: core: Fix coresight device probe failure issue (Mao Jinlong) - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (Tejun Heo) - vdpasim: allow to enable a vq repeatedly (Eugenio Perez) - dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) - docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (Steve French) - ARM: pxa: maybe fix gpio lookup tables (Arnd Bergmann) - ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (Jonathan Bakker) - phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) - clk: tegra: Add missing reset deassertion (Diogo Ivo) - arm64: tegra: Add missing DFLL reset on Tegra210 (Diogo Ivo) - arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) - gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - serial: pch: dont overwrite xmit->buf[0] by x_char (Jiri Slaby) - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (Coly Li) - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (Coly Li) - bcache: improve multithreaded bch_sectors_dirty_init() (Coly Li) - bcache: improve multithreaded bch_btree_check() (Coly Li) - stm: ltdc: fix two incorrect NULL checks on list iterator (Xiaomeng Tong) - carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) - ASoC: rt5514: Fix event generation for DSP Voice Wake Up control (Mark Brown) - rtl818x: Prevent using not initialized queues (Alexander Wetzel) - xtensa/simdisk: fix proc_read_simdisk() (Yi Yang) - mm/memremap: fix missing call to untrack_pfn() in pagemap_range() (Miaohe Lin) - hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) - nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) - mm/page_alloc: always attempt to allocate at least one page during bulk allocation (Mel Gorman) - Revert mm/cma.c: remove redundant cma_mutex lock (Dong Aisheng) - iommu/dma: Fix iova map result check bug (Yunfei Wang) - iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) - ksmbd: fix outstanding credits related bugs (Hyunchul Lee) - ftrace: Clean up hash direct_functions on register failures (Song Liu) - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) - um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) - um: chan_user: Fix winch_tramp() return value (Johannes Berg) - um: Use asm-generic/dma-mapping.h (Johannes Berg) - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) - cfg80211: declare MODULE_FIRMWARE for regulatory.db (Dimitri John Ledkov) - thermal: devfreq_cooling: use local ops instead of global ops (Kant Fan) - irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) - csky: patch_text: Fixup last cpu should be master (Guo Ren) - mmc: core: Allows to override the timeout value for ioctl() path (Bean Huo) - RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) - Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (Sean Christopherson) - ima: remove the IMA_TEMPLATE Kconfig option (GUO Zihua) - media: coda: Add more H264 levels for CODA960 (Nicolas Dufresne) - media: coda: Fix reported H264 profile (Nicolas Dufresne) - mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) - mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) - md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) - md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) - drm/i915/dsi: fix VBT send packet port selection for ICL+ (Jani Nikula) - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) - drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (Lucas Stach) - drm/nouveau/subdev/bus: Ratelimit logging for fault errors (Lyude Paul) - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) - landlock: Fix same-layer rule unions (Mickael Salaun) - landlock: Create find_rule() from unmask_layers() (Mickael Salaun) - landlock: Reduce the maximum number of layers to 16 (Mickael Salaun) - landlock: Define access_mask_t to enforce a consistent access mask size (Mickael Salaun) - selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (Mickael Salaun) - landlock: Change landlock_restrict_self(2) check ordering (Mickael Salaun) - landlock: Change landlock_add_rule(2) argument check ordering (Mickael Salaun) - selftests/landlock: Add tests for O_PATH (Mickael Salaun) - selftests/landlock: Fully test file rename with remove access (Mickael Salaun) - selftests/landlock: Extend access right tests to directories (Mickael Salaun) - selftests/landlock: Add tests for unknown access rights (Mickael Salaun) - selftests/landlock: Extend tests for minimal valid attribute size (Mickael Salaun) - selftests/landlock: Make tests build with old libc (Mickael Salaun) - landlock: Fix landlock_add_rule(2) documentation (Mickael Salaun) - samples/landlock: Format with clang-format (Mickael Salaun) - samples/landlock: Add clang-format exceptions (Mickael Salaun) - selftests/landlock: Format with clang-format (Mickael Salaun) - selftests/landlock: Normalize array assignment (Mickael Salaun) - selftests/landlock: Add clang-format exceptions (Mickael Salaun) - landlock: Format with clang-format (Mickael Salaun) - landlock: Add clang-format exceptions (Mickael Salaun) - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) - scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) - dlm: fix missing lkb refcount handling (Alexander Aring) - dlm: uninitialized variable on error in dlm_listen_for_all() (Dan Carpenter) - dlm: fix plock invalid read (Alexander Aring) - s390/stp: clock_delta should be signed (Sven Schnelle) - s390/perf: obtain sie_block from the right address (Nico Boehr) - mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rei Yamamoto) - staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov) - PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) - PCI: qcom: Fix runtime PM imbalance on probe errors (Johan Hovold) - PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (Bjorn Helgaas) - drm/amdgpu: add beige goby PCI ID (Alex Deucher) - tracing: Initialize integer variable to prevent garbage return value (Gautam Menghani) - tracing: Fix potential double free in create_var_ref() (Keita Suzuki) - tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (Laurent Vivier) - ACPI: property: Release subnode properties with data nodes (Sakari Ailus) - ext4: avoid cycles in directory h-tree (Jan Kara) - ext4: verify dir block before splitting it (Jan Kara) - ext4: fix bug_on in __es_tree_search (Baokun Li) - ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (Theodore Tso) - ext4: fix bug_on in ext4_writepages (Ye Bin) - ext4: fix warning in ext4_handle_inode_extension (Ye Bin) - ext4: fix race condition between ext4_write and ext4_convert_inline_data (Baokun Li) - ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) - ext4: mark group as trimmed only if it was fully scanned (Dmitry Monakhov) - bfq: Make sure bfqg for which we are queueing requests is online (Jan Kara) - bfq: Get rid of __bio_blkcg() usage (Jan Kara) - bfq: Track whether bfq_group is still online (Jan Kara) - bfq: Remove pointless bfq_init_rq() calls (Jan Kara) - bfq: Drop pointless unlock-lock pair (Jan Kara) - bfq: Update cgroup information before merging bio (Jan Kara) - bfq: Split shared queues on move between cgroups (Jan Kara) - bfq: Avoid merging queues with different parents (Jan Kara) - bfq: Avoid false marking of bic as stably merged (Jan Kara) - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (Aditya Garg) - fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages (Zhihao Cheng) - iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) - wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) - objtool: Fix symbol creation (Peter Zijlstra) - objtool: Fix objtool regression on x32 systems (Mikulas Patocka) - f2fs: fix to do sanity check for inline inode (Chao Yu) - f2fs: fix fallocate to use file_modified to update permissions consistently (Chao Yu) - f2fs: dont use casefolded comparison for . and .. (Eric Biggers) - f2fs: fix to do sanity check on total_data_blocks (Chao Yu) - f2fs: dont need inode lock for system hidden quota (Jaegeuk Kim) - f2fs: fix deadloop in foreground GC (Chao Yu) - f2fs: fix to clear dirty inode in f2fs_evict_inode() (Chao Yu) - f2fs: fix to do sanity check on block address in f2fs_do_zero_range() (Chao Yu) - f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (Chao Yu) - NFSv4.1 mark qualified async operations as MOVEABLE tasks (Olga Kornievskaia) - NFS: Convert GFP_NOFS to GFP_KERNEL (Trond Myklebust) - NFS: Create a new nfs_alloc_fattr_with_label() function (Anna Schumaker) - NFS: Always initialise fattr->label in nfs_fattr_alloc() (Trond Myklebust) - video: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup (Javier Martinez Canillas) - perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) - perf c2c: Use stdio interface if slang is not supported (Leo Yan) - perf build: Fix btf__load_from_kernel_by_id() feature check (Jiri Olsa) - i2c: rcar: fix PM ref counts in probe error paths (Kuninori Morimoto) - i2c: npcm: Handle spurious interrupts (Tali Perry) - i2c: npcm: Correct register access width (Tyrone Ting) - i2c: npcm: Fix timeout calculation (Tali Perry) - iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) - dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (Amelie Delaunay) - dmaengine: stm32-mdma: remove GISR1 register (Amelie Delaunay) - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) - NFS: Further fixes to the writeback error handling (Trond Myklebust) - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (Trond Myklebust) - NFS: Dont report errors from nfs_pageio_complete() more than once (Trond Myklebust) - NFS: Do not report flush errors in nfs_write_end() (Trond Myklebust) - NFS: Dont report ENOSPC write errors twice (Trond Myklebust) - NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (Trond Myklebust) - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Trond Myklebust) - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (Christophe JAILLET) - i2c: at91: Initialize dma_buf in at91_twi_xfer() (Nathan Chancellor) - iommu/mediatek: Fix NULL pointer dereference when printing dev_name (Miles Chen) - MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (Guenter Roeck) - iommu/arm-smmu-v3-sva: Fix mm use-after-free (Jean-Philippe Brucker) - cpufreq: mediatek: Unregister platform device on exit (Rex-BC Chen) - cpufreq: mediatek: Use module_init and add module_exit (Jia-Wei Chang) - i2c: at91: use dma safe buffers (Michael Walle) - iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (Yong Wu) - iommu/mediatek: Remove clk_disable in mtk_iommu_remove (Yong Wu) - iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) - iommu/mediatek: Fix 2 HW sharing pgtable issue (Yong Wu) - iommu/amd: Enable swiotlb in all cases (Mario Limonciello) - f2fs: fix dereference of stale list iterator after loop body (Jakob Koschel) - f2fs: fix to do sanity check on inline_dots inode (Chao Yu) - f2fs: support fault injection for dquot_initialize() (Chao Yu) - OPP: call of_node_put() on error path in _bandwidth_supported() (Dan Carpenter) - Input: stmfts - do not leave device disabled in stmfts_input_open (Dmitry Torokhov) - KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (Wanpeng Li) - RDMA/hfi1: Prevent use of lock before it is initialized (Douglas Miller) - mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) - nfsd: destroy percpu stats counters after reply cache shutdown (Julian Schroeder) - mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (Yang Yingliang) - powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) - powerpc/xive: Fix refcount leak in xive_spapr_init (Miaoqian Lin) - powerpc/xive: Add some error handling code to xive_spapr_init() (Christophe JAILLET) - macintosh: via-pmu and via-cuda need RTC_LIB (Randy Dunlap) - powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) - powerpc/perf: Fix the threshold compare group constraint for power10 (Kajol Jain) - powerpc/64: Only WARN if __pa()/__va() called with bad addresses (Michael Ellerman) - hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (Yang Yingliang) - PCI: microchip: Fix potential race in interrupt handling (Daire McNamara) - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (Kuppuswamy Sathyanarayanan) - Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) - hugetlbfs: fix hugetlbfs_statfs() locking (Mina Almasry) - ARM: dts: at91: sama7g5: remove interrupt-parent from gic node (Eugen Hristev) - crypto: cryptd - Protect per-CPU resource by disabling BH. (Sebastian Andrzej Siewior) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2586 CVE-2022-21385 CVE-2022-2588 CVE-2022-34918 CVE-2022-2585 CVE-2022-21546 cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.311.6] - Revert 'KVM: x86: Print error code in exception injection tracepoint iff valid' (Sherry Yang) [Orabug: 34535896] [5.4.17-2136.311.5] - netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Thadeu Lima de Souza Cascardo) [Orabug: 34495567] {CVE-2022-2586} - netfilter: nf_tables: do not allow SET_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495567] {CVE-2022-2586} [5.4.17-2136.311.4] - rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34514570] {CVE-2022-21385} - rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414239] - scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419971] {CVE-2022-21546} - rds/ib: handle posted ACK during connection shutdown (Rohit Nair) [Orabug: 34465809] - rds/ib: reap tx completions during connection shutdown (Rohit Nair) [Orabug: 34465809] - Revert 'net/rds: Connect TCP backends deterministically' (Gerd Rausch) [Orabug: 34476562] - kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476941] - kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476941] - kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476941] - kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476941] - kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476941] - arm64: mm: Fix case where !CONFIG_NUMA=y (Henry Willard) [Orabug: 34504995] - drm: protect drm_master pointers in drm_lease.c (Desmond Cheong Zhi Xi) [Orabug: 34115076] {CVE-2022-1280} - drm: serialize drm_file.master with a new spinlock (Desmond Cheong Zhi Xi) [Orabug: 34115076] {CVE-2022-1280} - drm: add a locked version of drm_is_current_master (Desmond Cheong Zhi Xi) [Orabug: 34115076] {CVE-2022-1280} - i2c: thunderx: missing struct pci_dev definition in mips build (Dave Kleikamp) [Orabug: 34483890] - mips: mm: define MADV_DOEXEC and MADV_DONTEXEC (Dave Kleikamp) [Orabug: 34483890] - mips64: Fix X.509 certificates parsing (Eric Saint-Etienne) [Orabug: 34483890] - thermal: support for Marvell Octeon TX SoC temperature sensors (Eric Saint-Etienne) [Orabug: 34483890] - netdev, octeon3-ethernet: move timecounter init to network driver probe() (Dave Aldridge) [Orabug: 34483890] - mips64/octeon: Initialize netdevice in octeon_pow struct (Vijay Kumar) [Orabug: 34483890] - MIPS: Add syscall auditing support (Ralf Baechle) [Orabug: 34483890] - net/ethernet/octeon: Add ptp_dbg_group module param in octeon-pow-ethernet (Vijay Kumar) [Orabug: 34483890] - net/ethernet/octeon: Set max/min mtu of pow equivalent to Octeon eth device (Vijay Kumar) [Orabug: 34483890] - arch/mips: Discard the contents of the PCI console if the buffer is full for more than 10 milliseconds (Victor Michel) [Orabug: 34483890] - vdso: prevent ld from aligning PT_LOAD segments to 64k (Rob Gardner) [Orabug: 34483890] - MIPS: Octeon: cache info: Delete cavium-octeon/cacheinfo.c (Henry Willard) [Orabug: 34483890] - uek-rpm: build embedded kernels for t73 (Dave Kleikamp) [Orabug: 34483890] - mips: define pmd_special & pmd_mkspecial (Dave Kleikamp) [Orabug: 34483890] - kbuild: linker should be called with KBUILD_LDFLAGS (Dave Kleikamp) [Orabug: 34483890] - MIPS: octeon: Suppress early_init_dt_scan_memory damage. (Henry Willard) [Orabug: 34483890] - mips: Fails to create /sys/firmware/fdt during bootup (Vijay Kumar) [Orabug: 34483890] - MIPS: probe_kernel_read() should not panic (Rob Gardner) [Orabug: 34483890] - mips/cavium-octeon: Change access permission for /proc/pcie_reset to write (Vijay Kumar) [Orabug: 34483890] - mips64: Build for Octeon and generic boards only (Vijay Kumar) [Orabug: 34483890] - mips: define pmd_pfn and pud_pfn (Dave Kleikamp) [Orabug: 34483890] - MIPS: OCTEON: silence 'virt' assembler warnings (Dave Kleikamp) [Orabug: 34483890] - MIPS: OCTEON: OCTEON III build and configuration option (Dave Kleikamp) [Orabug: 34483890] - KSPLICE for MIPS also would like function-sections (Rob Gardner) [Orabug: 34483890] - Provide thread_info flags for KSPLICE freezer support (Rob Gardner) [Orabug: 34483890] - mips: add user_addr_max() and PROT_RESERVED (Dave Kleikamp) [Orabug: 34483890] - mips: add clear_page_uncached() (Dave Kleikamp) [Orabug: 34483890] - net: octeon-ethernet: Fix to reset the device stats in init (Anushka Singh) [Orabug: 34483890] - net: phy: Kconfig: fix double definition of ICPLUS_PHY PHYs (Ivan Khoronzhuk) [Orabug: 34483890] - drivers: of_mdio.c : fix of_mdiobus_register_phy return code (Serhii Tyshchenko) [Orabug: 34483890] - mips/pci/pci-legacy.c: fix for mixed declarations and code (Serhii Tyshchenko) [Orabug: 34483890] - mips: octeon: remove unused pcie_17400_set_affinity (Serhii Tyshchenko) [Orabug: 34483890] - asm/octeon/cvmx-lmcx-defs.h: fix for platform selection build warnings (Serhii Tyshchenko) [Orabug: 34483890] - fix for cvmx-ila build issue (santhosh D) [Orabug: 34483890] - fix for cvmx-helper-rgmii build issue (santhosh D) [Orabug: 34483890] - fix for cvmx-l2c build issue (santhosh D) [Orabug: 34483890] - MIPS: reserve the memblock right after the kernel (Alex Sverdlin) [Orabug: 34483890] - MIPS: Octeon: Update mach_bootmem_init for NUMA support to enable CONFIG_NUMA (Anushka Singh) [Orabug: 34483890] - Octeon: net: ethernet: Port from 4.14 to 5.4 octeon-2 ethernet driver changes (Anushka Singh) [Orabug: 34483890] - MIPS: OCTEON: Add support for pci hot plugged endpoints (Carlos Munoz) [Orabug: 34483890] - arch: mips: cavium-octeon: cvmx-pcie: fix config read 32 (Ivan Khoronzhuk) [Orabug: 34483890] - MIPS: ftrace: fix init functions tracing (Ivan Khoronzhuk) [Orabug: 34483890] - net: octeon: mgmt: Repair filling of RX ring (Alex Sverdlin) [Orabug: 34483890] - Octeon: net: octeon_mgmt: Add MTU size (Anushka Singh) [Orabug: 34483890] - Octeon: net: octeon_mgmt: Add phy_start and phy_stop (Anushka Singh) [Orabug: 34483890] - Octeon: Add working CISCO kernel config for Octeon (Anushka Singh) [Orabug: 34483890] - MIPS: Octeon: MIPS: Update default config for kernel v5.4.30 (Anushka Singh) [Orabug: 34483890] - Octeon: net: octeon3-ethernet: Port 4.14 to 5.4 octeon3-ethernet driver (Anushka Singh) [Orabug: 34483890] - Octeon: octeon3_ethernet: Port 4.14 to 5.4 fixes incompatible-pointer-types (Anushka Singh) [Orabug: 34483890] - Octeon: Fix build error in cvmx-qlm.c (Anushka Singh) [Orabug: 34483890] - MIPS: Octeon: add some missing fall through annotations (Anushka Singh) [Orabug: 34483890] - OCTEON: octeon_edac-lmc : Temp drop use of VLA (Anushka Singh) [Orabug: 34483890] - Octeon: Port 4.14 to 5.4 fixes in PCI/MSI (Anushka Singh) [Orabug: 34483890] - MIPS: Octeon: Add updated default config for kernel v5.4.30 (Anushka Singh) [Orabug: 34483890] - Octeon: Octeon3 Ethernet driver port 4.14 to 5.4 fixes. (Anushka Singh) [Orabug: 34483890] - Octeon: (Temporary) Port 4.14 to 5.4 workaround for VLA in cvmx-dma-engine.c (Anushka Singh) [Orabug: 34483890] - net: phy: Port 4.14 to 5.4 fixes in Qualcomm/Atheros qca8334/8337 PHYs (Anushka Singh) [Orabug: 34483890] - MIPS: Port 4.14 to 5.4 temporary patch for mach_bootmem_init (Anushka Singh) [Orabug: 34483890] - MIPS: Octeon: Port 4.14 to 5.4 fixes for VLA (Anushka Singh) [Orabug: 34483890] - net: phy: Port 4.14 to 5.4 fixes in TI tlk10232 and Marvell 88X3120 dual-10G PHY drivers (Anushka Singh) [Orabug: 34483890] - MIPS: net: phy: Port 4.14 to 5.4 fixes in bcm87xx phy driver (Anushka Singh) [Orabug: 34483890] - MIPS: Octeon: gpio: Port 4.14 to 5.4 fixes (Anushka Singh) [Orabug: 34483890] - MIPS: Octeon: Setup file Port 4.14 to 5.4 fixes (Anushka Singh) [Orabug: 34483890] - MIPS: octeon-irq: Port 4.14 to 5.4 fixes. (Anushka Singh) [Orabug: 34483890] - MIPS: Add default config for kernel v5.4.30 (Anushka Singh) [Orabug: 34483890] - MIPS: Octeon PCI Console: Port 4.14 to 5.4 fixes. (Anushka Singh) [Orabug: 34483890] - MIPS: OCTEON: Port 4.14 to 5.4 fixes for e->base (Anushka Singh) [Orabug: 34483890] - MIPS: OCTEON: octeon-usb: Port 4.14 to 5.4 fixes. (Anushka Singh) [Orabug: 34483890] - MIPS: Port 4.14 to 5.4 fixes for access_ok(). (Anushka Singh) [Orabug: 34483890] - MIPS: Port 4.14 to 5.4 compile-time error resolution for atomic.h functions. (Anushka Singh) [Orabug: 34483890] - MIPS: Octeon: kexec (Lukasz Majczak) [Orabug: 34483890] - MIPS: Octeon: Take all memory into use by default. (Lukasz Majczak) [Orabug: 34483890] - MIPS: octeon: shared_cpu_map cacheinfo (Lukasz Majczak) [Orabug: 34483890] - netdev: octeon-ethernet: Register devices in the ptp class. (Lukasz Majczak) [Orabug: 34483890] - mtd: spi-nor: Add Micron (MT25Q*) SPI flash devices. (Lukasz Majczak) [Orabug: 34483890] - netdev: octeon-ethernet: Add packet hardware timestamp support. (Carlos Munoz) [Orabug: 34483890] - Add default kernel config for Octeon3 (Lukasz Majczak) [Orabug: 34483890] - MIPS: Octeon: Fix node calculation (Lukasz Majczak) [Orabug: 34483890] - MIPS: OCTEON: Sync-up SE to r173908 (Chandrakala Chavva) [Orabug: 34483890] - MIPS: Octeon: Read BGXX_SPUX_FEC_CONTROL before using it. (Chandrakala Chavva) [Orabug: 34483890] - net: octeon: Fix ndo_get_stats64 return value. (Chandrakala Chavva) [Orabug: 34483890] - Fix build issues (Lukasz Majczak) [Orabug: 34483890] - MIPS: Octeon: Fix setting MTU (Lukasz Majczak) [Orabug: 34483890] - Revert 'MIPS: kexec: remove SMP_DUMP' (Lukasz Majczak) [Orabug: 34483890] - MIPS: Octeon: cache info (Lukasz Majczak) [Orabug: 34483890] - MIPS: OCTEON: HOTPLUG_CPU changes. (Lukasz Majczak) [Orabug: 34483890] - net: phy: Port 4.9 to 4.14 fixes (Lukasz Majczak) [Orabug: 34483890] - Octeon: MTD: NAND: Port 4.9 to 4.14 fixes (Lukasz Majczak) [Orabug: 34483890] - EDAC:Octeon: Fix LMC CSRs access on OcteonII (Chandrakala Chavva) [Orabug: 34483890] - EDAC:Octeon: undeclared variable when CONFIG_EDAC_DEBUG=y (Peter Swain) [Orabug: 34483890] - net: octeon: NAPI waits once for next packet (Peter Swain) [Orabug: 34483890] - MIPS:OCTEON: Sync-up SE files (r172329) (Chandrakala Chavva) [Orabug: 34483890] - MIPS:OCTEON: Sync-up SE files (r172318). (Chandrakala Chavva) [Orabug: 34483890] - MIPS:OCTEON: Sync-up SE files (r172313) (Chandrakala Chavva) [Orabug: 34483890] - edac:octeon: Check if device is present before removing. (Chandrakala Chavva) [Orabug: 34483890] - EDAC:Octeon: Fixed EDAC support for OcteonII and OcteonIII. (Chandrakala Chavva) [Orabug: 34483890] - MIPS/EDAC: Call edac handle for bigrd/bigwd cases. (Chandrakala Chavva) [Orabug: 34483890] - MIPS: Octeon: Sync-up SE files (-r172055) (Chandrakala Chavva) [Orabug: 34483890] - MIPS: OCTEON: Backports some bit extract functions from SDK. (Chandrakala Chavva) [Orabug: 34483890] - netdev: octeon-ethernet: Fix MTU settings for AGL interface. (Chandrakala Chavva) [Orabug: 34483890] - MIPS: OCTEON: Added disable_sbe module parameter (Chandrakala Chavva) [Orabug: 34483890] - MIPS: OCTEON: Call panic when co-processor DBE error happens. (Chandrakala Chavva) [Orabug: 34483890] - MIPS: OCTEON: Sync-up CIU3 Error data files. (Chandrakala Chavva) [Orabug: 34483890] - MIPS/octeon: Add /proc/pcie_reset file. (Peter Swain) [Orabug: 34483890] - net: xfrm: Added ipsec kame offload support. (Chandrakala Chavva) [Orabug: 34483890] - of_mdio: Add 'cortina,cs4318' to the whitelist. (Steven J. Hill) [Orabug: 34483890] - ATA: Disable soft reset for ASM1092 sata port multiplier (Chandrakala Chavva) [Orabug: 34483890] - MIPS:Octeon: Sync-up SE files to 170716. (Chandrakala Chavva) [Orabug: 34483890] - MIPS: pcie-octeon: reset PCIe on reboot (Peter Swain) [Orabug: 34483890] - octeon3: ethernet: driver: Added vlan header size to max mtu. (Abhijit Ayarekar) [Orabug: 34483890] - net: octeon: Add IFF_LIVE_ADDR_CHANGE to change mac address live. (Chandrakala Chavva) [Orabug: 34483890] - Octeon: MTD: NAND: Do not call is_vmalloc_or_module_addr() (Aaron Williams) [Orabug: 34483890] - Cavium: MTD: NAND Ported 3.10 NAND driver to 4.9 (Aaron Williams) [Orabug: 34483890] - octeon: mtd: nand: Merged in latest changes from Octeon SDK (Aaron Williams) [Orabug: 34483890] - rtc: isl12026: Select CONFIG_NVMEM to ensure it builds. (David Daney) [Orabug: 34483890] - MIPS:OCTEON: Sync-up SE files to -r170052 (Chandrakala Chavva) [Orabug: 34483890] - MIPS/tlbex: Save and restore ASID around TLBR (David Daney) [Orabug: 34483890] - rtc: isl12026: Fix build failure when CONFIG_NVMEM not enabled. (David Daney) [Orabug: 34483890] - rtc: isl12026: Add driver. (David Daney) [Orabug: 34483890] - i2c: octeon: Emit stop condition if bootloader didn't end last transaction. (David Daney) [Orabug: 34483890] - MIPS/PCI/OCTEON: Map irqs after PCI bus rescan. (David Daney) [Orabug: 34483890] - EDAC: octeon_edac-lmc: Fix module removal when ECC unsupported. (Steven J. Hill) [Orabug: 34483890] - netdev: octeon-ethernet: Check packet backlog periodically to wake up other cpus if needed. (Carlos Munoz) [Orabug: 34483890] - Set SDK_VERSION to 5.1.0. (Chandrakala Chavva) [Orabug: 34483890] - mtd: nand: octeon: Add NAND flash driver. (Carlos Munoz) [Orabug: 34483890] - netdev: octeon-ethernet: use IFF_NO_QUEUE (Peter Swain) [Orabug: 34483890] - MIPS: Pass -fno-asynchronous-unwind-tables to compiler. (David Daney) [Orabug: 34483890] - MIPS: Add ELF_CORE_COPY_REGS definition. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Correctly calculate totalram_pages (David Daney) [Orabug: 34483890] - netdev: octeon-pow: Add napi support. (Carlos Munoz) [Orabug: 34483890] - MIPS: OCTEON: Restore 512MB default memory size. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Always try to allocate 1024 MB of 32-bit memory. (David Daney) [Orabug: 34483890] - MIPS: pcie-octeon: Use level semantics for int-A interrupts. (David Daney) [Orabug: 34483890] - MIPS, pci: Expose Cavium OCTEON PCIe bridges to the PCIe core (David Daney) [Orabug: 34483890] - netdev: octeon3-ethernet: Enable srio port and remove srio header on ingress packets. (Carlos Munoz) [Orabug: 34483890] - MIPS: OCTEON: Set DIDTO to approx. 250mS. (David Daney) [Orabug: 34483890] - MIPS,ftrace: Fix dynamic ftrace patching of MAPPED_KERNEL modules. (David Daney) [Orabug: 34483890] - MIPS: oct_ilm: Add OCTEON III support. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Don't translate underlying GPIO irq bits. (Corey Minyard) [Orabug: 34483890] - gpio: gpio-octeon: Fix to_irq() support. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Initialize the mport structure correctly. (Carlos Munoz) [Orabug: 34483890] - MIPS: Move VMALLOC_START to avoid OCTEON III Core-31034 (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Don't allow interrupts or scheduling from CacheErr handler. (David Daney) [Orabug: 34483890] - netdev: octeon-pow: Save aura before freeing the wqe. (Carlos Munoz) [Orabug: 34483890] - MIPS: OCTEON: Platform support for OCTEON III USB controller (Steven J. Hill) [Orabug: 34483890] - MIPS: OCTEON: Change SDK release string to 5.1.0-prerelease (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Always try to allocate 512 MB of 32-bit memory. (David Daney) [Orabug: 34483890] - netdev, octeon3-ethernet: Don't bloat RX buffer pool. (David Daney) [Orabug: 34483890] - watchdog: octeon-wdt: Implement G-30204 workaround. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add missing CONFIG_KEXEC support. (David Daney) [Orabug: 34483890] - staging: octeon: Call SET_NETDEV_DEV() (Florian Fainelli) [Orabug: 34483890] - mmc: cavium: Fix broken sign extensions in block write code. (David Daney) [Orabug: 34483890] - mmc: core: Export API to allow hosts to get the card address (Ulf Hansson) [Orabug: 34483890] - MAINTAINERS: Add entry for Cavium MMC driver (Jan Glauber) [Orabug: 34483890] - mips/gpio: Fix OCTEON GPIO interrupt support. (David Daney) [Orabug: 34483890] - MIPS:OCTEON: Sync up SE files as of r154518. (Carlos Munoz) [Orabug: 34483890] - mips: edac: octeon: Use preemptive safe methods. (Carlos Munoz) [Orabug: 34483890] - net: phy: Force the link state to be checked during initialization. (Carlos Munoz) [Orabug: 34483890] - crypto: octeon: Use proper function to check for features. (Carlos Munoz) [Orabug: 34483890] - netdev: octeon3-ethernet: Disable transmit queues. (Carlos Munoz) [Orabug: 34483890] - netdev: octeon-ethernet: Handle when octeon_hw_status_add_source() fails. (Carlos Munoz) [Orabug: 34483890] - MIPS: OCTEON: Fix build breakage when CONFIG_SMP disabled (David Daney) [Orabug: 34483890] - ata: Use WARN instead of BUG in pata_octeon_cf. (David Daney) [Orabug: 34483890] - netdev/phy: Initial support for Vitesse vsc8490 phy. (Carlos Munoz) [Orabug: 34483890] - netdev: Add driver for Marvell 88X3120 dual 10GBase-T Ethernet phy (David Daney) [Orabug: 34483890] - phy/marvell: Add did_interrupt() method for Marvell 88E1240 (David Daney) [Orabug: 34483890] - net: phy: add qca833x phy-headed-switch (Peter Swain) [Orabug: 34483890] - netdev/phy: Add driver for TI tlk10232 dual-10G PHY. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Enable Micrel 9031 PHY for OCTEON. (Chandrakala Chavva) [Orabug: 34483890] - netdev/phy/of: Handle nexus Ethernet PHY devices (Aaron Williams) [Orabug: 34483890] - netdev/phy: Add driver for Cortina cs4321 quad 10G PHY. (David Daney) [Orabug: 34483890] - perf: context-sensitive keywords: for uncore_foo/miss/ (Peter Swain) [Orabug: 34483890] - MIPS: Fix arch in assembly for saa instruction. (Andrew Pinski) [Orabug: 34483890] - MIPS: OCTEON: Fix simulator compile error. (Carlos Munoz) [Orabug: 34483890] - MIPS: OCTEON: Use IRQF_NO_THREAD when chaining MSIs (David Daney) [Orabug: 34483890] - OCTEON: OCLA driver to support blocking IO. (Carlos Munoz) [Orabug: 34483890] - RapidIO: Driver for CN6XXX (Chad Reese) [Orabug: 34483890] - RapidIO: Add interface to memory map rapidio device memory. (Chad Reese) [Orabug: 34483890] - MIPS: OCTEON: Add driver Serial Rapid I/O (sRIO) hardware. (Carlos Munoz) [Orabug: 34483890] - netdev: octeon_mgmt: Update with latest changes. (David Daney) [Orabug: 34483890] - Revert 'net: octeon: mgmt: Repair filling of RX ring' (Dave Kleikamp) [Orabug: 34483890] - Revert 'net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop' (Dave Kleikamp) [Orabug: 34483890] - netdev: octeon3-ethernet: Driver for octeon III SOCs. (Carlos Munoz) [Orabug: 34483890] - MIPS: OCTEON: Create fpa3 standalone driver. (Carlos Munoz) [Orabug: 34483890] - netdev: octeon: Move and update octeon network driver from staging. (Carlos Munoz) [Orabug: 34483890] - Revert 'staging/octeon: fix up merge error' (Dave Kleikamp) [Orabug: 34483890] - Revert 'staging: octeon: repair 'fixed-link' support' (Dave Kleikamp) [Orabug: 34483890] - Revert 'staging: octeon: Drop on uncorrectable alignment or FCS error' (Dave Kleikamp) [Orabug: 34483890] - MIPS: Add core-16419 errata workaround (Andrew Pinski) [Orabug: 34483890] - mips: octeon: add TDM feature & IRQ (Peter Swain) [Orabug: 34483890] - MIPS: traps: call crash_kexec() before panic() when dying (Taras Kondratiuk) [Orabug: 34483890] - MIPS:OCTEON: Increase the load address (Chandrakala Chavva) [Orabug: 34483890] - MIPS: OCTEON: Add syscall to add timer events. (Carlos Munoz) [Orabug: 34483890] - MIPS: kexec: Set memory limits to HIGHMEM_START. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Fix Cache error detection for OCTEON III. (David Daney) [Orabug: 34483890] - watchdog: octeon-wdt: Fix timer rate for all OCTEON III parts. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Update octeon-error-injector for OCTEON III. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Fix saving of CVMSEG per-task state. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Handle MSI on multiple nodes. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Increase NR_IRQS for CONFIG_NUMA. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add csrc-fpa-clk. (David Daney) [Orabug: 34483890] - watchdog: octeon-wdt: Fix to work on multi-node systems. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Fix Automatic provisioning CVMSEG space. (David Daney) [Orabug: 34483890] - MIPS:OCTEON: Disable error tree handling on shutdown (Corey Minyard) [Orabug: 34483890] - MIPS: OCTEON: Fix IPI mechanism used by KEXEC. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Try to allocate at least 256MB of DMA32 memory. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add NUMA support for cn78XX (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Print warning message if OCTEON II kernel run on earlier chips. (David Daney) [Orabug: 34483890] - MIPS: Make setting of MAX_PHYSMEM_BITS settable per sub-architecture. (David Daney) [Orabug: 34483890] - MIPS: Make XPHYSADDR() work for all addresses. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: cpu_state not just for _HOTPLUG (Peter Swain) [Orabug: 34483890] - MIPS: OCTEON: Add sysfs hooks to add and remove CPUs. (David Daney) [Orabug: 34483890] - MIPS: Octeon: Revise memory allocation from bootloader (Leonid Rosenboim) [Orabug: 34483890] - MIPS: OCTEON: Automatically provision CVMSEG space. (David Daney) [Orabug: 34483890] - MIPS: Octeon: Get first 256MB from 32-bit addresable memory (Leonid Rosenboim) [Orabug: 34483890] - MIPS/OCTEON: Add multiple msi support. (Carlos Munoz) [Orabug: 34483890] - MIPS: OCTEON: Inhibit CP0_Compare interrupts when not needed. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add preliminary GPIO interrupt support for cn78XX. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Reorganize PCIe controller code. (Venkat Subbiah) [Orabug: 34483890] - MIPS: OCTEON: MSI-X interrupts for cn78XX. (Chandrakala Chavva) [Orabug: 34483890] - MIPS/OCTEON: CIU/CIU2 use random msi irqs. (Carlos Munoz) [Orabug: 34483890] - MIPS: OCTEON: Add initial error bit detection for cn78XX. (David Daney) [Orabug: 34483890] - MIPS: Fix demand activation of OCTEON CVMSEG region. (David Daney) [Orabug: 34483890] - MIPS:OCTEON: Enable access to CVMSEG for user space (Chandrakala Chavva) [Orabug: 34483890] - watchdog: Octeon: Add 78xx support. (Carlos Munoz) [Orabug: 34483890] - MIPS: oct_ilm: Fix debugfs file permissions. (David Daney) [Orabug: 34483890] - MIPS: KDUMP: Fix to access non-sectioned memory (Prem Mallappa) [Orabug: 34483890] - MIPS: OCTEON: Fix plat_swiotlb_setup() for OCTEON3 (David Daney) [Orabug: 34483890] - MIPS: Handle CPU_CAVIUM_OCTEON3 like CPU_CAVIUM_OCTEON2 in clear_page. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Allow CONFIG_CAVIUM_CN63XXP1 to be disabled. (David Daney) [Orabug: 34483890] - MIPS/EDAC: Use correct fields for printing error message for O3 model (Chandrakala Chavva) [Orabug: 34483890] - edac/octeon_edac-lmc: Fix kernel panic when 1 DDR present (Prem Mallappa) [Orabug: 34483890] - MIPS/EDAC: Cavium: Updated L2C error checking for OCTEON3. (Chandrakala Chavva) [Orabug: 34483890] - MIPS: Only flush local ICache in get_new_asid(). (David Daney) [Orabug: 34483890] - MIPS: Add new function local_flush_icache_all() (David Daney) [Orabug: 34483890] - MIPS: Handle indexed load instructions in emulate_load_store_insn(). (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Increase the number of irqs for !PCI case (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Restore printing of L2 Cache information. (David Daney) [Orabug: 34483890] - MIPS: Octeon: Add /sys/devices/system/cpu/cpuX/cache (Venkat Subbiah) [Orabug: 34483890] - MIPS perf: Rework the mipspmu notifiers. (David Daney) [Orabug: 34483890] - MIPS perf: OCTEON: Handle PMU pmu_enable/pmu_diable notifications. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Sync up HOTPLUG_CPU changes. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Per process XKPHYS (Chandrakala Chavva) [Orabug: 34483890] - MIPS: move arch/mips/cavium-octeon/cpu.c to arch/mips/kernel/ (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Set the extended bits of DIDTTO too. (David Daney) [Orabug: 34483890] - MIPS: Add support for OCTEON III perf events. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Keep reset value for COP0_ERRCTL (Chandrakala Chavva) [Orabug: 34483890] - MIPS: OCTEON: Enable tlb parity error for O3 (Chandrakala Chavva) [Orabug: 34483890] - MIPS: OCTEON: Use correct L2C CSR for cache locking. (Chandrakala Chavva) [Orabug: 34483890] - MIPS: OCTEON: Move L2 Cache probing code to setup.c (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Move xkphys_usermem_{read,write} to octeon-cpu.c (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Fix L1 dacache parity for OCTEON3 (Chandrakala Chavva) [Orabug: 34483890] - MIPS: OCTEON: Use current_cpu_type() for CPU model check. (Chandrakala Chavva) [Orabug: 34483890] - MIPS: Octeon: Initialize proper CVMX_SSO_NW_TIM register. (David Daney) [Orabug: 34483890] - MIPS: Octeon: Merge and cleanup. (Leonid Rosenboim) [Orabug: 34483890] - MIPS: OCTEON: Save/Restore wider multiply registers in OCTEON III CPUs (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add support for CONFIG_CAVIUM_GDB (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add Cavium OCTEON serial driver. (Carlos Munoz) [Orabug: 34483890] - MIPS: Octeon: Rearrange L2 cache locking code (David Daney) [Orabug: 34483890] - MIPS/OCTEON: Initialize QLM JTAG. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Import new S.E. and adjust things to match. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add /proc/octeon_perf support. (David Daney) [Orabug: 34483890] - MIPS: Allow sub-architecture 'machines' to override bootmem initialization. (David Daney) [Orabug: 34483890] - MIPS: Fix warning spew on CONFIG_PREEMPT_DEBUG and ptrace watch register use. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Fix compile/run time errors from synced cvmx files. (Carlos Munoz) [Orabug: 34483890] - Sync-up SE files (latest) (Lukasz Majczak) [Orabug: 34483890] - MIPS: OCTEON: octeon-lmc bug fixes (Chandrakala Chavva) [Orabug: 34483890] - MIPS: OCTEON: Add module to inject hardware error conditions. (David Daney) [Orabug: 34483890] - MIPS: Add accessor functions for OCTEON ERRCTL CP0 register. (David Daney) [Orabug: 34483890] - MIPS/OCTEON: Add OCTEON II TLB parity error handling (David Daney) [Orabug: 34483890] - MIPS: Add board_mcheck_handler, show process state on machine check exception. (David Daney) [Orabug: 34483890] - MIPS: Octeon: Cleanup obsolete CrashKernel memory init in octeon/setup.c (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add support for running kernel in mapped address space. (David Daney) [Orabug: 34483890] - MIPS/edac/OCTEON: Hook up Write Buffer parity errors to EDAC. (David Daney) [Orabug: 34483890] - MIPS: Octeon: Add /proc/octeon_info support. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Define cpu_has_local_ebase to 0. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Use virt_to_phys() and phys_to_virt() in octeon/setup.c (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add framework for managing and reporting hardware status bit assertions. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Populate kernel memory from cvmx_bootmem named blocks. (David Daney) [Orabug: 34483890] - MIPS: Octeon: Disable probing MDIO for Landbird NIC 10g cards. (David Daney) [Orabug: 34483890] - MIPS: Octeon: Add config option to disable ELF NOTE segments (David Daney) [Orabug: 34483890] - MIPS: Octeon: Add simple Octeon IPI infrastructure (David Daney) [Orabug: 34483890] - MIPS: Octeon: Quit using all the mailbox bits. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Handle userspace access to CVMSEG (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add driver for OCTEON PCI console. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Make PCIe work with Little Endian kernel. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Rearrange CVMSEG slots. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add ability to used an initrd from a named memory block. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Change load address to waste less memory. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add parameter to disable PCI on command line. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Print address of passed device tree. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Introduce xkphys_read, xkphys_write sysmips(2) calls (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add sysfs support for CPU power throttling. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add PTP clocksource. (David Daney) [Orabug: 34483890] - MIPS: msi-octeon: Add MSI-X support for OCTEON III. (Lukasz Majczak) [Orabug: 34483890] - MIPS: OCTEON: Add support for SRIO interrupt sources. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add utility helper function octeon_read_ptp_csr() (David Daney) [Orabug: 34483890] - gpio: gpio-octeon: Add cn78XX support. (David Daney) [Orabug: 34483890] - MIPS: Add Octeon2 optimizations to clear_page. (David Daney) [Orabug: 34483890] - MIPS: Add ZCB and ZCBT instructions to uasm. (David Daney) [Orabug: 34483890] - MIPS: Use Octeon2 atomic instructions when cpu_has_octeon2_isa. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add OCTEON II build and configuration option (David Daney) [Orabug: 34483890] - MIPS: Octeon: Fast access to the thread pointer (David Daney) [Orabug: 34483890] [5.4.17-2136.311.3] - arm64: pensando: Kernel PCIe manager for Pensando SmartNIC (Rob Gardner) [Orabug: 33480595] - PCI: pciehp: Add quirk to handle spurious DLLSC on a x4x4 SSD (Thomas Tai) [Orabug: 34358323] - ext4: Move to shared i_rwsem even without dioread_nolock mount opt (Ritesh Harjani) [Orabug: 34405736] - ext4: Start with shared i_rwsem in case of DIO instead of exclusive (Ritesh Harjani) [Orabug: 34405736] - ext4: further refactoring bufferio and dio helper (Junxiao Bi) [Orabug: 34405736] - ext4: refactor ext4_file_write_iter (Junxiao Bi) [Orabug: 34405736] - net/mlx5: E-Switch, change VFs default admin state to auto in switchdev (Maor Dickman) [Orabug: 34477073] - xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34480732] - xen/manage: revert 'xen/manage: enable C_A_D to force reboot' (Dongli Zhang) [Orabug: 34480732] [5.4.17-2136.311.2] - s390/archrandom: prevent CPACF trng invocations in interrupt context (Harald Freudenberger) - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (Demi Marie Obenour) - LTS tag: v5.4.206 (Sherry Yang) - Revert 'mtd: rawnand: gpmi: Fix setting busy timeout setting' (Greg Kroah-Hartman) - LTS tag: v5.4.205 (Sherry Yang) - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (Miaoqian Lin) - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (Miaoqian Lin) - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (Michael Walle) - dmaengine: pl330: Fix lockdep warning about non-static key (Dmitry Osipenko) - ida: don't use BUG_ON() for debugging (Linus Torvalds) - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (Samuel Holland) - misc: rtsx_usb: set return value in rsp_buf alloc err path (Shuah Khan) - misc: rtsx_usb: use separate command and response buffers (Shuah Khan) - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (Shuah Khan) - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (Peter Robinson) - i2c: cadence: Unregister the clk notifier in error path (Satish Nagireddy) - selftests: forwarding: fix error message in learning_test (Vladimir Oltean) - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (Vladimir Oltean) - selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (Vladimir Oltean) - ibmvnic: Properly dispose of all skbs during a failover. (Rick Lindsley) - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (Claudiu Beznea) - ARM: at91: pm: use proper compatible for sama5d2's rtc (Claudiu Beznea) - pinctrl: sunxi: sunxi_pconf_set: use correct offset (Andrei Lalaev) - pinctrl: sunxi: a83t: Fix NAND function name for some pins (Samuel Holland) - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (Miaoqian Lin) - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (Jimmy Assarsson) - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (Jimmy Assarsson) - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (Jimmy Assarsson) - powerpc/powernv: delay rng platform device creation until later in boot (Jason A. Donenfeld) - video: of_display_timing.h: include errno.h (Hsin-Yi Wang) - fbcon: Prevent that screen size is smaller than font size (Helge Deller) - fbcon: Disallow setting font bigger than screen size (Helge Deller) - fbmem: Check virtual screen sizes in fb_set_var() (Helge Deller) - fbdev: fbmem: Fix logo center image dx issue (Guiling Deng) - iommu/vt-d: Fix PCI bus rescan device hot add (Yian Chen) - net: rose: fix UAF bug caused by rose_t0timer_expiry (Duoming Zhou) - usbnet: fix memory leak in error case (Oliver Neukum) - can: gs_usb: gs_usb_open/close(): fix memory leak (Rhett Aultman) - can: grcan: grcan_probe(): remove extra of_node_get() (Liang He) - can: bcm: use call_rcu() instead of costly synchronize_rcu() (Oliver Hartkopp) - mm/slub: add missing TID updates on slab deactivation (Jann Horn) - esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) - LTS tag: v5.4.204 (Sherry Yang) - clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from ixp4xx_timer_setup() (Greg Kroah-Hartman) - net: usb: qmi_wwan: add Telit 0x1070 composition (Daniele Palmas) - net: usb: qmi_wwan: add Telit 0x1060 composition (Carlo Lobrano) - xen/arm: Fix race in RB-tree based P2M accounting (Oleksandr Tyshchenko) - xen/blkfront: force data bouncing when backend is untrusted (Roger Pau Monne) - xen/netfront: force data bouncing when backend is untrusted (Roger Pau Monne) - xen/netfront: fix leaking data in shared pages (Roger Pau Monne) - xen/blkfront: fix leaking data in shared pages (Roger Pau Monne) - selftests/rseq: Change type of rseq_offset to ptrdiff_t (Mathieu Desnoyers) - selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (Mathieu Desnoyers) - selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (Mathieu Desnoyers) - selftests/rseq: Fix: work-around asm goto compiler bugs (Mathieu Desnoyers) - selftests/rseq: Remove arm/mips asm goto compiler work-around (Mathieu Desnoyers) - selftests/rseq: Fix warnings about #if checks of undefined tokens (Mathieu Desnoyers) - selftests/rseq: Fix ppc32 offsets by using long rather than off_t (Mathieu Desnoyers) - selftests/rseq: Fix ppc32 missing instruction selection 'u' and 'x' for load/store (Mathieu Desnoyers) - selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (Mathieu Desnoyers) - selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (Mathieu Desnoyers) - selftests/rseq: Introduce thread pointer getters (Mathieu Desnoyers) - selftests/rseq: Introduce rseq_get_abi() helper (Mathieu Desnoyers) - selftests/rseq: Remove volatile from __rseq_abi (Mathieu Desnoyers) - selftests/rseq: Remove useless assignment to cpu variable (Mathieu Desnoyers) - selftests/rseq: introduce own copy of rseq uapi header (Mathieu Desnoyers) - selftests/rseq: remove ARRAY_SIZE define from individual tests (Shuah Khan) - rseq/selftests,x86_64: Add rseq_offset_deref_addv() (Peter Oskolkov) - ipv6/sit: fix ipip6_tunnel_get_prl return value (katrinzhou) - sit: use min (kernel test robot) - net: dsa: bcm_sf2: force pause link settings (Doug Berger) - hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (Yang Yingliang) - xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) - net: tun: avoid disabling NAPI twice (Jakub Kicinski) - NFC: nxp-nci: Don't issue a zero length i2c_master_read() (Michael Walle) - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - net: bonding: fix use-after-free after 802.3ad slave unbind (Yevhen Orlov) - net: bonding: fix possible NULL deref in rlb code (Eric Dumazet) - net/sched: act_api: Notify user space if any actions were flushed before error (Victor Nogueira) - netfilter: nft_dynset: restore set element counter when failing to update (Pablo Neira Ayuso) - s390: remove unneeded 'select BUILD_BIN2C' (Masahiro Yamada) - PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (Miaoqian Lin) - caif_virtio: fix race between virtio_device_ready() and ndo_open() (Jason Wang) - net: ipv6: unexport __init-annotated seg6_hmac_net_init() (YueHaibing) - usbnet: fix memory allocation in helpers (Oliver Neukum) - linux/dim: Fix divide by 0 in RDMA DIM (Tao Liu) - RDMA/qedr: Fix reporting QP timeout attribute (Kamal Heib) - net: tun: stop NAPI when detaching queues (Jakub Kicinski) - net: tun: unlink NAPI from device on destruction (Jakub Kicinski) - selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (Dimitris Michailidis) - virtio-net: fix race between ndo_open() and virtio_device_ready() (Jason Wang) - net: usb: ax88179_178a: Fix packet receiving (Jose Alonso) - net: rose: fix UAF bugs caused by timer handler (Duoming Zhou) - s390/archrandom: simplify back to earlier design and initialize earlier (Jason A. Donenfeld) - dm raid: fix KASAN warning in raid5_add_disks (Mikulas Patocka) - dm raid: fix accesses beyond end of raid member array (Heinz Mauelshagen) - powerpc/bpf: Fix use of user_pt_regs in uapi (Naveen N. Rao) - powerpc/prom_init: Fix kernel config grep (Liam Howlett) - nvdimm: Fix badblocks clear off-by-one error (Chris Ye) - ipv6: take care of disable_policy when restoring routes (Nicolas Dichtel) - LTS tag: v5.4.203 (Sherry Yang) - crypto: arm/ghash-ce - define fpu before fpu registers are referenced (Stefan Agner) - crypto: arm - use Kconfig based compiler checks for crypto opcodes (Ard Biesheuvel) - ARM: 9029/1: Make iwmmxt.S support Clang's integrated assembler (Jian Cai) - ARM: OMAP2+: drop unnecessary adrl (Stefan Agner) - ARM: 8929/1: use APSR_nzcv instead of r15 as mrc operand (Stefan Agner) - ARM: 8933/1: replace Sun/Solaris style flag on section directive (Nick Desaulniers) - crypto: arm/sha512-neon - avoid ADRL pseudo instruction (Ard Biesheuvel) - crypto: arm/sha256-neon - avoid ADRL pseudo instruction (Ard Biesheuvel) - ARM: 8971/1: replace the sole use of a symbol with its definition (Jian Cai) - ARM: 8990/1: use VFP assembler mnemonics in register load/store macros (Stefan Agner) - ARM: 8989/1: use .fpu assembler directives instead of assembler arguments (Stefan Agner) - net: mscc: ocelot: allow unregistered IP multicast flooding (Vladimir Oltean) - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) - powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (Naveen N. Rao) - drm: remove drm_fb_helper_modinit (Christoph Hellwig) - LTS tag: v5.4.202 (Sherry Yang) - powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) - kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (Masahiro Yamada) - random: update comment from copy_to_user() -> copy_to_iter() (Jason A. Donenfeld) - modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) - ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) - ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (Miaoqian Lin) - ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) - ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) - powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) - powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) - parisc: Enable ARCH_HAS_STRICT_MODULE_RWX (Helge Deller) - xtensa: Fix refcount leak bug in time.c (Liang He) - xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) - iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) - iio: adc: stm32: fix maximum clock rate for stm32mp15x (Olivier Moysan) - iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) - iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) - iio:accel:mxc4005: rearrange iio trigger get and register (Dmitry Rokosov) - iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) - iio:chemical:ccs811: rearrange iio trigger get and register (Dmitry Rokosov) - usb: chipidea: udc: check request status before setting device address (Xu Yang) - xhci: turn off port power in shutdown (Mathias Nyman) - iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) - s390/cpumf: Handle events cycles and instructions identical (Thomas Richter) - gpio: winbond: Fix error code in winbond_gpio_get() (Dan Carpenter) - Revert 'net/tls: fix tls_sk_proto_close executed repeatedly' (Jakub Kicinski) - virtio_net: fix xdp_rxq_info bug after suspend/resume (Stephan Gerhold) - igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (Aidan MacDonald) - ice: ethtool: advertise 1000M speeds properly (Anatolii Gerasymenko) - afs: Fix dynamic root getattr (David Howells) - MIPS: Remove repetitive increase irq_err_count (huhai) - x86/xen: Remove undefined behavior in setup_features() (Julien Grall) - udmabuf: add back sanity check (Gerd Hoffmann) - net/tls: fix tls_sk_proto_close executed repeatedly (Ziyang Xuan) - erspan: do not assume transport header is always set (Eric Dumazet) - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (Miaoqian Lin) - net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (Peilin Ye) - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (Claudiu Manoil) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2586 CVE-2021-3669 CVE-2022-21385 CVE-2022-21546 CVE-2022-1280 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.311.6] - Revert 'KVM: x86: Print error code in exception injection tracepoint iff valid' (Sherry Yang) [Orabug: 34535896] [5.4.17-2136.311.5] - netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Thadeu Lima de Souza Cascardo) [Orabug: 34495567] {CVE-2022-2586} - netfilter: nf_tables: do not allow SET_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495567] {CVE-2022-2586} [5.4.17-2136.311.4] - rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34514570] {CVE-2022-21385} - rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414239] - scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419971] {CVE-2022-21546} - Revert 'net/rds: Connect TCP backends deterministically' (Gerd Rausch) [Orabug: 34476562] - kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476941] - kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476941] - kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476941] - kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476941] - kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476941] - arm64: mm: Fix case where !CONFIG_NUMA=y (Henry Willard) [Orabug: 34504995] - drm: protect drm_master pointers in drm_lease.c (Desmond Cheong Zhi Xi) [Orabug: 34115076] {CVE-2022-1280} - drm: serialize drm_file.master with a new spinlock (Desmond Cheong Zhi Xi) [Orabug: 34115076] {CVE-2022-1280} - drm: add a locked version of drm_is_current_master (Desmond Cheong Zhi Xi) [Orabug: 34115076] {CVE-2022-1280} - i2c: thunderx: missing struct pci_dev definition in mips build (Dave Kleikamp) [Orabug: 34483890] - mips: mm: define MADV_DOEXEC and MADV_DONTEXEC (Dave Kleikamp) [Orabug: 34483890] - mips64: Fix X.509 certificates parsing (Eric Saint-Etienne) [Orabug: 34483890] - thermal: support for Marvell Octeon TX SoC temperature sensors (Eric Saint-Etienne) [Orabug: 34483890] - netdev, octeon3-ethernet: move timecounter init to network driver probe() (Dave Aldridge) [Orabug: 34483890] - mips64/octeon: Initialize netdevice in octeon_pow struct (Vijay Kumar) [Orabug: 34483890] - MIPS: Add syscall auditing support (Ralf Baechle) [Orabug: 34483890] - net/ethernet/octeon: Add ptp_dbg_group module param in octeon-pow-ethernet (Vijay Kumar) [Orabug: 34483890] - net/ethernet/octeon: Set max/min mtu of pow equivalent to Octeon eth device (Vijay Kumar) [Orabug: 34483890] - arch/mips: Discard the contents of the PCI console if the buffer is full for more than 10 milliseconds (Victor Michel) [Orabug: 34483890] - vdso: prevent ld from aligning PT_LOAD segments to 64k (Rob Gardner) [Orabug: 34483890] - MIPS: Octeon: cache info: Delete cavium-octeon/cacheinfo.c (Henry Willard) [Orabug: 34483890] - uek-rpm: build embedded kernels for t73 (Dave Kleikamp) [Orabug: 34483890] - mips: define pmd_special & pmd_mkspecial (Dave Kleikamp) [Orabug: 34483890] - kbuild: linker should be called with KBUILD_LDFLAGS (Dave Kleikamp) [Orabug: 34483890] - MIPS: octeon: Suppress early_init_dt_scan_memory damage. (Henry Willard) [Orabug: 34483890] - mips: Fails to create /sys/firmware/fdt during bootup (Vijay Kumar) [Orabug: 34483890] - MIPS: probe_kernel_read() should not panic (Rob Gardner) [Orabug: 34483890] - mips/cavium-octeon: Change access permission for /proc/pcie_reset to write (Vijay Kumar) [Orabug: 34483890] - mips64: Build for Octeon and generic boards only (Vijay Kumar) [Orabug: 34483890] - mips: define pmd_pfn and pud_pfn (Dave Kleikamp) [Orabug: 34483890] - MIPS: OCTEON: silence 'virt' assembler warnings (Dave Kleikamp) [Orabug: 34483890] - MIPS: OCTEON: OCTEON III build and configuration option (Dave Kleikamp) [Orabug: 34483890] - KSPLICE for MIPS also would like function-sections (Rob Gardner) [Orabug: 34483890] - Provide thread_info flags for KSPLICE freezer support (Rob Gardner) [Orabug: 34483890] - mips: add user_addr_max() and PROT_RESERVED (Dave Kleikamp) [Orabug: 34483890] - mips: add clear_page_uncached() (Dave Kleikamp) [Orabug: 34483890] - net: octeon-ethernet: Fix to reset the device stats in init (Anushka Singh) [Orabug: 34483890] - net: phy: Kconfig: fix double definition of ICPLUS_PHY PHYs (Ivan Khoronzhuk) [Orabug: 34483890] - drivers: of_mdio.c : fix of_mdiobus_register_phy return code (Serhii Tyshchenko) [Orabug: 34483890] - mips/pci/pci-legacy.c: fix for mixed declarations and code (Serhii Tyshchenko) [Orabug: 34483890] - mips: octeon: remove unused pcie_17400_set_affinity (Serhii Tyshchenko) [Orabug: 34483890] - asm/octeon/cvmx-lmcx-defs.h: fix for platform selection build warnings (Serhii Tyshchenko) [Orabug: 34483890] - fix for cvmx-ila build issue (santhosh D) [Orabug: 34483890] - fix for cvmx-helper-rgmii build issue (santhosh D) [Orabug: 34483890] - fix for cvmx-l2c build issue (santhosh D) [Orabug: 34483890] - MIPS: reserve the memblock right after the kernel (Alex Sverdlin) [Orabug: 34483890] - MIPS: Octeon: Update mach_bootmem_init for NUMA support to enable CONFIG_NUMA (Anushka Singh) [Orabug: 34483890] - Octeon: net: ethernet: Port from 4.14 to 5.4 octeon-2 ethernet driver changes (Anushka Singh) [Orabug: 34483890] - MIPS: OCTEON: Add support for pci hot plugged endpoints (Carlos Munoz) [Orabug: 34483890] - arch: mips: cavium-octeon: cvmx-pcie: fix config read 32 (Ivan Khoronzhuk) [Orabug: 34483890] - MIPS: ftrace: fix init functions tracing (Ivan Khoronzhuk) [Orabug: 34483890] - net: octeon: mgmt: Repair filling of RX ring (Alex Sverdlin) [Orabug: 34483890] - Octeon: net: octeon_mgmt: Add MTU size (Anushka Singh) [Orabug: 34483890] - Octeon: net: octeon_mgmt: Add phy_start and phy_stop (Anushka Singh) [Orabug: 34483890] - Octeon: Add working CISCO kernel config for Octeon (Anushka Singh) [Orabug: 34483890] - MIPS: Octeon: MIPS: Update default config for kernel v5.4.30 (Anushka Singh) [Orabug: 34483890] - Octeon: net: octeon3-ethernet: Port 4.14 to 5.4 octeon3-ethernet driver (Anushka Singh) [Orabug: 34483890] - Octeon: octeon3_ethernet: Port 4.14 to 5.4 fixes incompatible-pointer-types (Anushka Singh) [Orabug: 34483890] - Octeon: Fix build error in cvmx-qlm.c (Anushka Singh) [Orabug: 34483890] - MIPS: Octeon: add some missing fall through annotations (Anushka Singh) [Orabug: 34483890] - OCTEON: octeon_edac-lmc : Temp drop use of VLA (Anushka Singh) [Orabug: 34483890] - Octeon: Port 4.14 to 5.4 fixes in PCI/MSI (Anushka Singh) [Orabug: 34483890] - MIPS: Octeon: Add updated default config for kernel v5.4.30 (Anushka Singh) [Orabug: 34483890] - Octeon: Octeon3 Ethernet driver port 4.14 to 5.4 fixes. (Anushka Singh) [Orabug: 34483890] - Octeon: (Temporary) Port 4.14 to 5.4 workaround for VLA in cvmx-dma-engine.c (Anushka Singh) [Orabug: 34483890] - net: phy: Port 4.14 to 5.4 fixes in Qualcomm/Atheros qca8334/8337 PHYs (Anushka Singh) [Orabug: 34483890] - MIPS: Port 4.14 to 5.4 temporary patch for mach_bootmem_init (Anushka Singh) [Orabug: 34483890] - MIPS: Octeon: Port 4.14 to 5.4 fixes for VLA (Anushka Singh) [Orabug: 34483890] - net: phy: Port 4.14 to 5.4 fixes in TI tlk10232 and Marvell 88X3120 dual-10G PHY drivers (Anushka Singh) [Orabug: 34483890] - MIPS: net: phy: Port 4.14 to 5.4 fixes in bcm87xx phy driver (Anushka Singh) [Orabug: 34483890] - MIPS: Octeon: gpio: Port 4.14 to 5.4 fixes (Anushka Singh) [Orabug: 34483890] - MIPS: Octeon: Setup file Port 4.14 to 5.4 fixes (Anushka Singh) [Orabug: 34483890] - MIPS: octeon-irq: Port 4.14 to 5.4 fixes. (Anushka Singh) [Orabug: 34483890] - MIPS: Add default config for kernel v5.4.30 (Anushka Singh) [Orabug: 34483890] - MIPS: Octeon PCI Console: Port 4.14 to 5.4 fixes. (Anushka Singh) [Orabug: 34483890] - MIPS: OCTEON: Port 4.14 to 5.4 fixes for e->base (Anushka Singh) [Orabug: 34483890] - MIPS: OCTEON: octeon-usb: Port 4.14 to 5.4 fixes. (Anushka Singh) [Orabug: 34483890] - MIPS: Port 4.14 to 5.4 fixes for access_ok(). (Anushka Singh) [Orabug: 34483890] - MIPS: Port 4.14 to 5.4 compile-time error resolution for atomic.h functions. (Anushka Singh) [Orabug: 34483890] - MIPS: Octeon: kexec (Lukasz Majczak) [Orabug: 34483890] - MIPS: Octeon: Take all memory into use by default. (Lukasz Majczak) [Orabug: 34483890] - MIPS: octeon: shared_cpu_map cacheinfo (Lukasz Majczak) [Orabug: 34483890] - netdev: octeon-ethernet: Register devices in the ptp class. (Lukasz Majczak) [Orabug: 34483890] - mtd: spi-nor: Add Micron (MT25Q*) SPI flash devices. (Lukasz Majczak) [Orabug: 34483890] - netdev: octeon-ethernet: Add packet hardware timestamp support. (Carlos Munoz) [Orabug: 34483890] - Add default kernel config for Octeon3 (Lukasz Majczak) [Orabug: 34483890] - MIPS: Octeon: Fix node calculation (Lukasz Majczak) [Orabug: 34483890] - MIPS: OCTEON: Sync-up SE to r173908 (Chandrakala Chavva) [Orabug: 34483890] - MIPS: Octeon: Read BGXX_SPUX_FEC_CONTROL before using it. (Chandrakala Chavva) [Orabug: 34483890] - net: octeon: Fix ndo_get_stats64 return value. (Chandrakala Chavva) [Orabug: 34483890] - Fix build issues (Lukasz Majczak) [Orabug: 34483890] - MIPS: Octeon: Fix setting MTU (Lukasz Majczak) [Orabug: 34483890] - Revert 'MIPS: kexec: remove SMP_DUMP' (Lukasz Majczak) [Orabug: 34483890] - MIPS: OCTEON: HOTPLUG_CPU changes. (Lukasz Majczak) [Orabug: 34483890] - net: phy: Port 4.9 to 4.14 fixes (Lukasz Majczak) [Orabug: 34483890] - Octeon: MTD: NAND: Port 4.9 to 4.14 fixes (Lukasz Majczak) [Orabug: 34483890] - EDAC:Octeon: Fix LMC CSRs access on OcteonII (Chandrakala Chavva) [Orabug: 34483890] - EDAC:Octeon: undeclared variable when CONFIG_EDAC_DEBUG=y (Peter Swain) [Orabug: 34483890] - net: octeon: NAPI waits once for next packet (Peter Swain) [Orabug: 34483890] - MIPS:OCTEON: Sync-up SE files (r172329) (Chandrakala Chavva) [Orabug: 34483890] - MIPS:OCTEON: Sync-up SE files (r172318). (Chandrakala Chavva) [Orabug: 34483890] - MIPS:OCTEON: Sync-up SE files (r172313) (Chandrakala Chavva) [Orabug: 34483890] - edac:octeon: Check if device is present before removing. (Chandrakala Chavva) [Orabug: 34483890] - EDAC:Octeon: Fixed EDAC support for OcteonII and OcteonIII. (Chandrakala Chavva) [Orabug: 34483890] - MIPS/EDAC: Call edac handle for bigrd/bigwd cases. (Chandrakala Chavva) [Orabug: 34483890] - MIPS: Octeon: Sync-up SE files (-r172055) (Chandrakala Chavva) [Orabug: 34483890] - MIPS: OCTEON: Backports some bit extract functions from SDK. (Chandrakala Chavva) [Orabug: 34483890] - netdev: octeon-ethernet: Fix MTU settings for AGL interface. (Chandrakala Chavva) [Orabug: 34483890] - MIPS: OCTEON: Added disable_sbe module parameter (Chandrakala Chavva) [Orabug: 34483890] - MIPS: OCTEON: Call panic when co-processor DBE error happens. (Chandrakala Chavva) [Orabug: 34483890] - MIPS: OCTEON: Sync-up CIU3 Error data files. (Chandrakala Chavva) [Orabug: 34483890] - MIPS/octeon: Add /proc/pcie_reset file. (Peter Swain) [Orabug: 34483890] - net: xfrm: Added ipsec kame offload support. (Chandrakala Chavva) [Orabug: 34483890] - of_mdio: Add 'cortina,cs4318' to the whitelist. (Steven J. Hill) [Orabug: 34483890] - ATA: Disable soft reset for ASM1092 sata port multiplier (Chandrakala Chavva) [Orabug: 34483890] - MIPS:Octeon: Sync-up SE files to 170716. (Chandrakala Chavva) [Orabug: 34483890] - MIPS: pcie-octeon: reset PCIe on reboot (Peter Swain) [Orabug: 34483890] - octeon3: ethernet: driver: Added vlan header size to max mtu. (Abhijit Ayarekar) [Orabug: 34483890] - net: octeon: Add IFF_LIVE_ADDR_CHANGE to change mac address live. (Chandrakala Chavva) [Orabug: 34483890] - Octeon: MTD: NAND: Do not call is_vmalloc_or_module_addr() (Aaron Williams) [Orabug: 34483890] - Cavium: MTD: NAND Ported 3.10 NAND driver to 4.9 (Aaron Williams) [Orabug: 34483890] - octeon: mtd: nand: Merged in latest changes from Octeon SDK (Aaron Williams) [Orabug: 34483890] - rtc: isl12026: Select CONFIG_NVMEM to ensure it builds. (David Daney) [Orabug: 34483890] - MIPS:OCTEON: Sync-up SE files to -r170052 (Chandrakala Chavva) [Orabug: 34483890] - MIPS/tlbex: Save and restore ASID around TLBR (David Daney) [Orabug: 34483890] - rtc: isl12026: Fix build failure when CONFIG_NVMEM not enabled. (David Daney) [Orabug: 34483890] - rtc: isl12026: Add driver. (David Daney) [Orabug: 34483890] - i2c: octeon: Emit stop condition if bootloader didn't end last transaction. (David Daney) [Orabug: 34483890] - MIPS/PCI/OCTEON: Map irqs after PCI bus rescan. (David Daney) [Orabug: 34483890] - EDAC: octeon_edac-lmc: Fix module removal when ECC unsupported. (Steven J. Hill) [Orabug: 34483890] - netdev: octeon-ethernet: Check packet backlog periodically to wake up other cpus if needed. (Carlos Munoz) [Orabug: 34483890] - Set SDK_VERSION to 5.1.0. (Chandrakala Chavva) [Orabug: 34483890] - mtd: nand: octeon: Add NAND flash driver. (Carlos Munoz) [Orabug: 34483890] - netdev: octeon-ethernet: use IFF_NO_QUEUE (Peter Swain) [Orabug: 34483890] - MIPS: Pass -fno-asynchronous-unwind-tables to compiler. (David Daney) [Orabug: 34483890] - MIPS: Add ELF_CORE_COPY_REGS definition. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Correctly calculate totalram_pages (David Daney) [Orabug: 34483890] - netdev: octeon-pow: Add napi support. (Carlos Munoz) [Orabug: 34483890] - MIPS: OCTEON: Restore 512MB default memory size. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Always try to allocate 1024 MB of 32-bit memory. (David Daney) [Orabug: 34483890] - MIPS: pcie-octeon: Use level semantics for int-A interrupts. (David Daney) [Orabug: 34483890] - MIPS, pci: Expose Cavium OCTEON PCIe bridges to the PCIe core (David Daney) [Orabug: 34483890] - netdev: octeon3-ethernet: Enable srio port and remove srio header on ingress packets. (Carlos Munoz) [Orabug: 34483890] - MIPS: OCTEON: Set DIDTO to approx. 250mS. (David Daney) [Orabug: 34483890] - MIPS,ftrace: Fix dynamic ftrace patching of MAPPED_KERNEL modules. (David Daney) [Orabug: 34483890] - MIPS: oct_ilm: Add OCTEON III support. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Don't translate underlying GPIO irq bits. (Corey Minyard) [Orabug: 34483890] - gpio: gpio-octeon: Fix to_irq() support. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Initialize the mport structure correctly. (Carlos Munoz) [Orabug: 34483890] - MIPS: Move VMALLOC_START to avoid OCTEON III Core-31034 (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Don't allow interrupts or scheduling from CacheErr handler. (David Daney) [Orabug: 34483890] - netdev: octeon-pow: Save aura before freeing the wqe. (Carlos Munoz) [Orabug: 34483890] - MIPS: OCTEON: Platform support for OCTEON III USB controller (Steven J. Hill) [Orabug: 34483890] - MIPS: OCTEON: Change SDK release string to 5.1.0-prerelease (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Always try to allocate 512 MB of 32-bit memory. (David Daney) [Orabug: 34483890] - netdev, octeon3-ethernet: Don't bloat RX buffer pool. (David Daney) [Orabug: 34483890] - watchdog: octeon-wdt: Implement G-30204 workaround. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add missing CONFIG_KEXEC support. (David Daney) [Orabug: 34483890] - staging: octeon: Call SET_NETDEV_DEV() (Florian Fainelli) [Orabug: 34483890] - mmc: cavium: Fix broken sign extensions in block write code. (David Daney) [Orabug: 34483890] - mmc: core: Export API to allow hosts to get the card address (Ulf Hansson) [Orabug: 34483890] - MAINTAINERS: Add entry for Cavium MMC driver (Jan Glauber) [Orabug: 34483890] - mips/gpio: Fix OCTEON GPIO interrupt support. (David Daney) [Orabug: 34483890] - MIPS:OCTEON: Sync up SE files as of r154518. (Carlos Munoz) [Orabug: 34483890] - mips: edac: octeon: Use preemptive safe methods. (Carlos Munoz) [Orabug: 34483890] - net: phy: Force the link state to be checked during initialization. (Carlos Munoz) [Orabug: 34483890] - crypto: octeon: Use proper function to check for features. (Carlos Munoz) [Orabug: 34483890] - netdev: octeon3-ethernet: Disable transmit queues. (Carlos Munoz) [Orabug: 34483890] - netdev: octeon-ethernet: Handle when octeon_hw_status_add_source() fails. (Carlos Munoz) [Orabug: 34483890] - MIPS: OCTEON: Fix build breakage when CONFIG_SMP disabled (David Daney) [Orabug: 34483890] - ata: Use WARN instead of BUG in pata_octeon_cf. (David Daney) [Orabug: 34483890] - netdev/phy: Initial support for Vitesse vsc8490 phy. (Carlos Munoz) [Orabug: 34483890] - netdev: Add driver for Marvell 88X3120 dual 10GBase-T Ethernet phy (David Daney) [Orabug: 34483890] - phy/marvell: Add did_interrupt() method for Marvell 88E1240 (David Daney) [Orabug: 34483890] - net: phy: add qca833x phy-headed-switch (Peter Swain) [Orabug: 34483890] - netdev/phy: Add driver for TI tlk10232 dual-10G PHY. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Enable Micrel 9031 PHY for OCTEON. (Chandrakala Chavva) [Orabug: 34483890] - netdev/phy/of: Handle nexus Ethernet PHY devices (Aaron Williams) [Orabug: 34483890] - netdev/phy: Add driver for Cortina cs4321 quad 10G PHY. (David Daney) [Orabug: 34483890] - perf: context-sensitive keywords: for uncore_foo/miss/ (Peter Swain) [Orabug: 34483890] - MIPS: Fix arch in assembly for saa instruction. (Andrew Pinski) [Orabug: 34483890] - MIPS: OCTEON: Fix simulator compile error. (Carlos Munoz) [Orabug: 34483890] - MIPS: OCTEON: Use IRQF_NO_THREAD when chaining MSIs (David Daney) [Orabug: 34483890] - OCTEON: OCLA driver to support blocking IO. (Carlos Munoz) [Orabug: 34483890] - RapidIO: Driver for CN6XXX (Chad Reese) [Orabug: 34483890] - RapidIO: Add interface to memory map rapidio device memory. (Chad Reese) [Orabug: 34483890] - MIPS: OCTEON: Add driver Serial Rapid I/O (sRIO) hardware. (Carlos Munoz) [Orabug: 34483890] - netdev: octeon_mgmt: Update with latest changes. (David Daney) [Orabug: 34483890] - Revert 'net: octeon: mgmt: Repair filling of RX ring' (Dave Kleikamp) [Orabug: 34483890] - Revert 'net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop' (Dave Kleikamp) [Orabug: 34483890] - netdev: octeon3-ethernet: Driver for octeon III SOCs. (Carlos Munoz) [Orabug: 34483890] - MIPS: OCTEON: Create fpa3 standalone driver. (Carlos Munoz) [Orabug: 34483890] - netdev: octeon: Move and update octeon network driver from staging. (Carlos Munoz) [Orabug: 34483890] - Revert 'staging/octeon: fix up merge error' (Dave Kleikamp) [Orabug: 34483890] - Revert 'staging: octeon: repair 'fixed-link' support' (Dave Kleikamp) [Orabug: 34483890] - Revert 'staging: octeon: Drop on uncorrectable alignment or FCS error' (Dave Kleikamp) [Orabug: 34483890] - MIPS: Add core-16419 errata workaround (Andrew Pinski) [Orabug: 34483890] - mips: octeon: add TDM feature & IRQ (Peter Swain) [Orabug: 34483890] - MIPS: traps: call crash_kexec() before panic() when dying (Taras Kondratiuk) [Orabug: 34483890] - MIPS:OCTEON: Increase the load address (Chandrakala Chavva) [Orabug: 34483890] - MIPS: OCTEON: Add syscall to add timer events. (Carlos Munoz) [Orabug: 34483890] - MIPS: kexec: Set memory limits to HIGHMEM_START. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Fix Cache error detection for OCTEON III. (David Daney) [Orabug: 34483890] - watchdog: octeon-wdt: Fix timer rate for all OCTEON III parts. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Update octeon-error-injector for OCTEON III. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Fix saving of CVMSEG per-task state. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Handle MSI on multiple nodes. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Increase NR_IRQS for CONFIG_NUMA. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add csrc-fpa-clk. (David Daney) [Orabug: 34483890] - watchdog: octeon-wdt: Fix to work on multi-node systems. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Fix Automatic provisioning CVMSEG space. (David Daney) [Orabug: 34483890] - MIPS:OCTEON: Disable error tree handling on shutdown (Corey Minyard) [Orabug: 34483890] - MIPS: OCTEON: Fix IPI mechanism used by KEXEC. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Try to allocate at least 256MB of DMA32 memory. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add NUMA support for cn78XX (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Print warning message if OCTEON II kernel run on earlier chips. (David Daney) [Orabug: 34483890] - MIPS: Make setting of MAX_PHYSMEM_BITS settable per sub-architecture. (David Daney) [Orabug: 34483890] - MIPS: Make XPHYSADDR() work for all addresses. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: cpu_state not just for _HOTPLUG (Peter Swain) [Orabug: 34483890] - MIPS: OCTEON: Add sysfs hooks to add and remove CPUs. (David Daney) [Orabug: 34483890] - MIPS: Octeon: Revise memory allocation from bootloader (Leonid Rosenboim) [Orabug: 34483890] - MIPS: OCTEON: Automatically provision CVMSEG space. (David Daney) [Orabug: 34483890] - MIPS: Octeon: Get first 256MB from 32-bit addresable memory (Leonid Rosenboim) [Orabug: 34483890] - MIPS/OCTEON: Add multiple msi support. (Carlos Munoz) [Orabug: 34483890] - MIPS: OCTEON: Inhibit CP0_Compare interrupts when not needed. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add preliminary GPIO interrupt support for cn78XX. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Reorganize PCIe controller code. (Venkat Subbiah) [Orabug: 34483890] - MIPS: OCTEON: MSI-X interrupts for cn78XX. (Chandrakala Chavva) [Orabug: 34483890] - MIPS/OCTEON: CIU/CIU2 use random msi irqs. (Carlos Munoz) [Orabug: 34483890] - MIPS: OCTEON: Add initial error bit detection for cn78XX. (David Daney) [Orabug: 34483890] - MIPS: Fix demand activation of OCTEON CVMSEG region. (David Daney) [Orabug: 34483890] - MIPS:OCTEON: Enable access to CVMSEG for user space (Chandrakala Chavva) [Orabug: 34483890] - watchdog: Octeon: Add 78xx support. (Carlos Munoz) [Orabug: 34483890] - MIPS: oct_ilm: Fix debugfs file permissions. (David Daney) [Orabug: 34483890] - MIPS: KDUMP: Fix to access non-sectioned memory (Prem Mallappa) [Orabug: 34483890] - MIPS: OCTEON: Fix plat_swiotlb_setup() for OCTEON3 (David Daney) [Orabug: 34483890] - MIPS: Handle CPU_CAVIUM_OCTEON3 like CPU_CAVIUM_OCTEON2 in clear_page. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Allow CONFIG_CAVIUM_CN63XXP1 to be disabled. (David Daney) [Orabug: 34483890] - MIPS/EDAC: Use correct fields for printing error message for O3 model (Chandrakala Chavva) [Orabug: 34483890] - edac/octeon_edac-lmc: Fix kernel panic when 1 DDR present (Prem Mallappa) [Orabug: 34483890] - MIPS/EDAC: Cavium: Updated L2C error checking for OCTEON3. (Chandrakala Chavva) [Orabug: 34483890] - MIPS: Only flush local ICache in get_new_asid(). (David Daney) [Orabug: 34483890] - MIPS: Add new function local_flush_icache_all() (David Daney) [Orabug: 34483890] - MIPS: Handle indexed load instructions in emulate_load_store_insn(). (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Increase the number of irqs for !PCI case (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Restore printing of L2 Cache information. (David Daney) [Orabug: 34483890] - MIPS: Octeon: Add /sys/devices/system/cpu/cpuX/cache (Venkat Subbiah) [Orabug: 34483890] - MIPS perf: Rework the mipspmu notifiers. (David Daney) [Orabug: 34483890] - MIPS perf: OCTEON: Handle PMU pmu_enable/pmu_diable notifications. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Sync up HOTPLUG_CPU changes. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Per process XKPHYS (Chandrakala Chavva) [Orabug: 34483890] - MIPS: move arch/mips/cavium-octeon/cpu.c to arch/mips/kernel/ (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Set the extended bits of DIDTTO too. (David Daney) [Orabug: 34483890] - MIPS: Add support for OCTEON III perf events. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Keep reset value for COP0_ERRCTL (Chandrakala Chavva) [Orabug: 34483890] - MIPS: OCTEON: Enable tlb parity error for O3 (Chandrakala Chavva) [Orabug: 34483890] - MIPS: OCTEON: Use correct L2C CSR for cache locking. (Chandrakala Chavva) [Orabug: 34483890] - MIPS: OCTEON: Move L2 Cache probing code to setup.c (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Move xkphys_usermem_{read,write} to octeon-cpu.c (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Fix L1 dacache parity for OCTEON3 (Chandrakala Chavva) [Orabug: 34483890] - MIPS: OCTEON: Use current_cpu_type() for CPU model check. (Chandrakala Chavva) [Orabug: 34483890] - MIPS: Octeon: Initialize proper CVMX_SSO_NW_TIM register. (David Daney) [Orabug: 34483890] - MIPS: Octeon: Merge and cleanup. (Leonid Rosenboim) [Orabug: 34483890] - MIPS: OCTEON: Save/Restore wider multiply registers in OCTEON III CPUs (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add support for CONFIG_CAVIUM_GDB (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add Cavium OCTEON serial driver. (Carlos Munoz) [Orabug: 34483890] - MIPS: Octeon: Rearrange L2 cache locking code (David Daney) [Orabug: 34483890] - MIPS/OCTEON: Initialize QLM JTAG. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Import new S.E. and adjust things to match. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add /proc/octeon_perf support. (David Daney) [Orabug: 34483890] - MIPS: Allow sub-architecture 'machines' to override bootmem initialization. (David Daney) [Orabug: 34483890] - MIPS: Fix warning spew on CONFIG_PREEMPT_DEBUG and ptrace watch register use. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Fix compile/run time errors from synced cvmx files. (Carlos Munoz) [Orabug: 34483890] - Sync-up SE files (latest) (Lukasz Majczak) [Orabug: 34483890] - MIPS: OCTEON: octeon-lmc bug fixes (Chandrakala Chavva) [Orabug: 34483890] - MIPS: OCTEON: Add module to inject hardware error conditions. (David Daney) [Orabug: 34483890] - MIPS: Add accessor functions for OCTEON ERRCTL CP0 register. (David Daney) [Orabug: 34483890] - MIPS/OCTEON: Add OCTEON II TLB parity error handling (David Daney) [Orabug: 34483890] - MIPS: Add board_mcheck_handler, show process state on machine check exception. (David Daney) [Orabug: 34483890] - MIPS: Octeon: Cleanup obsolete CrashKernel memory init in octeon/setup.c (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add support for running kernel in mapped address space. (David Daney) [Orabug: 34483890] - MIPS/edac/OCTEON: Hook up Write Buffer parity errors to EDAC. (David Daney) [Orabug: 34483890] - MIPS: Octeon: Add /proc/octeon_info support. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Define cpu_has_local_ebase to 0. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Use virt_to_phys() and phys_to_virt() in octeon/setup.c (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add framework for managing and reporting hardware status bit assertions. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Populate kernel memory from cvmx_bootmem named blocks. (David Daney) [Orabug: 34483890] - MIPS: Octeon: Disable probing MDIO for Landbird NIC 10g cards. (David Daney) [Orabug: 34483890] - MIPS: Octeon: Add config option to disable ELF NOTE segments (David Daney) [Orabug: 34483890] - MIPS: Octeon: Add simple Octeon IPI infrastructure (David Daney) [Orabug: 34483890] - MIPS: Octeon: Quit using all the mailbox bits. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Handle userspace access to CVMSEG (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add driver for OCTEON PCI console. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Make PCIe work with Little Endian kernel. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Rearrange CVMSEG slots. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add ability to used an initrd from a named memory block. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Change load address to waste less memory. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add parameter to disable PCI on command line. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Print address of passed device tree. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Introduce xkphys_read, xkphys_write sysmips(2) calls (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add sysfs support for CPU power throttling. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add PTP clocksource. (David Daney) [Orabug: 34483890] - MIPS: msi-octeon: Add MSI-X support for OCTEON III. (Lukasz Majczak) [Orabug: 34483890] - MIPS: OCTEON: Add support for SRIO interrupt sources. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add utility helper function octeon_read_ptp_csr() (David Daney) [Orabug: 34483890] - gpio: gpio-octeon: Add cn78XX support. (David Daney) [Orabug: 34483890] - MIPS: Add Octeon2 optimizations to clear_page. (David Daney) [Orabug: 34483890] - MIPS: Add ZCB and ZCBT instructions to uasm. (David Daney) [Orabug: 34483890] - MIPS: Use Octeon2 atomic instructions when cpu_has_octeon2_isa. (David Daney) [Orabug: 34483890] - MIPS: OCTEON: Add OCTEON II build and configuration option (David Daney) [Orabug: 34483890] - MIPS: Octeon: Fast access to the thread pointer (David Daney) [Orabug: 34483890] [5.4.17-2136.311.3] - arm64: pensando: Kernel PCIe manager for Pensando SmartNIC (Rob Gardner) [Orabug: 33480595] - PCI: pciehp: Add quirk to handle spurious DLLSC on a x4x4 SSD (Thomas Tai) [Orabug: 34358323] - ext4: Move to shared i_rwsem even without dioread_nolock mount opt (Ritesh Harjani) [Orabug: 34405736] - ext4: Start with shared i_rwsem in case of DIO instead of exclusive (Ritesh Harjani) [Orabug: 34405736] - ext4: further refactoring bufferio and dio helper (Junxiao Bi) [Orabug: 34405736] - ext4: refactor ext4_file_write_iter (Junxiao Bi) [Orabug: 34405736] - net/mlx5: E-Switch, change VFs default admin state to auto in switchdev (Maor Dickman) [Orabug: 34477073] - xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34480732] - xen/manage: revert 'xen/manage: enable C_A_D to force reboot' (Dongli Zhang) [Orabug: 34480732] [5.4.17-2136.311.2] - s390/archrandom: prevent CPACF trng invocations in interrupt context (Harald Freudenberger) - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (Demi Marie Obenour) - LTS tag: v5.4.206 (Sherry Yang) - Revert 'mtd: rawnand: gpmi: Fix setting busy timeout setting' (Greg Kroah-Hartman) - LTS tag: v5.4.205 (Sherry Yang) - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (Miaoqian Lin) - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (Miaoqian Lin) - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (Michael Walle) - dmaengine: pl330: Fix lockdep warning about non-static key (Dmitry Osipenko) - ida: don't use BUG_ON() for debugging (Linus Torvalds) - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (Samuel Holland) - misc: rtsx_usb: set return value in rsp_buf alloc err path (Shuah Khan) - misc: rtsx_usb: use separate command and response buffers (Shuah Khan) - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (Shuah Khan) - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (Peter Robinson) - i2c: cadence: Unregister the clk notifier in error path (Satish Nagireddy) - selftests: forwarding: fix error message in learning_test (Vladimir Oltean) - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (Vladimir Oltean) - selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (Vladimir Oltean) - ibmvnic: Properly dispose of all skbs during a failover. (Rick Lindsley) - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (Claudiu Beznea) - ARM: at91: pm: use proper compatible for sama5d2's rtc (Claudiu Beznea) - pinctrl: sunxi: sunxi_pconf_set: use correct offset (Andrei Lalaev) - pinctrl: sunxi: a83t: Fix NAND function name for some pins (Samuel Holland) - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (Miaoqian Lin) - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (Jimmy Assarsson) - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (Jimmy Assarsson) - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (Jimmy Assarsson) - powerpc/powernv: delay rng platform device creation until later in boot (Jason A. Donenfeld) - video: of_display_timing.h: include errno.h (Hsin-Yi Wang) - fbcon: Prevent that screen size is smaller than font size (Helge Deller) - fbcon: Disallow setting font bigger than screen size (Helge Deller) - fbmem: Check virtual screen sizes in fb_set_var() (Helge Deller) - fbdev: fbmem: Fix logo center image dx issue (Guiling Deng) - iommu/vt-d: Fix PCI bus rescan device hot add (Yian Chen) - net: rose: fix UAF bug caused by rose_t0timer_expiry (Duoming Zhou) - usbnet: fix memory leak in error case (Oliver Neukum) - can: gs_usb: gs_usb_open/close(): fix memory leak (Rhett Aultman) - can: grcan: grcan_probe(): remove extra of_node_get() (Liang He) - can: bcm: use call_rcu() instead of costly synchronize_rcu() (Oliver Hartkopp) - mm/slub: add missing TID updates on slab deactivation (Jann Horn) - esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) - LTS tag: v5.4.204 (Sherry Yang) - clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from ixp4xx_timer_setup() (Greg Kroah-Hartman) - net: usb: qmi_wwan: add Telit 0x1070 composition (Daniele Palmas) - net: usb: qmi_wwan: add Telit 0x1060 composition (Carlo Lobrano) - xen/arm: Fix race in RB-tree based P2M accounting (Oleksandr Tyshchenko) {CVE-2022-33744} - xen/blkfront: force data bouncing when backend is untrusted (Roger Pau Monne) {CVE-2022-33742} - xen/netfront: force data bouncing when backend is untrusted (Roger Pau Monne) {CVE-2022-33741} - xen/netfront: fix leaking data in shared pages (Roger Pau Monne) {CVE-2022-33740} - xen/blkfront: fix leaking data in shared pages (Roger Pau Monne) {CVE-2022-26365} - selftests/rseq: Change type of rseq_offset to ptrdiff_t (Mathieu Desnoyers) - selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (Mathieu Desnoyers) - selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (Mathieu Desnoyers) - selftests/rseq: Fix: work-around asm goto compiler bugs (Mathieu Desnoyers) - selftests/rseq: Remove arm/mips asm goto compiler work-around (Mathieu Desnoyers) - selftests/rseq: Fix warnings about #if checks of undefined tokens (Mathieu Desnoyers) - selftests/rseq: Fix ppc32 offsets by using long rather than off_t (Mathieu Desnoyers) - selftests/rseq: Fix ppc32 missing instruction selection 'u' and 'x' for load/store (Mathieu Desnoyers) - selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (Mathieu Desnoyers) - selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (Mathieu Desnoyers) - selftests/rseq: Introduce thread pointer getters (Mathieu Desnoyers) - selftests/rseq: Introduce rseq_get_abi() helper (Mathieu Desnoyers) - selftests/rseq: Remove volatile from __rseq_abi (Mathieu Desnoyers) - selftests/rseq: Remove useless assignment to cpu variable (Mathieu Desnoyers) - selftests/rseq: introduce own copy of rseq uapi header (Mathieu Desnoyers) - selftests/rseq: remove ARRAY_SIZE define from individual tests (Shuah Khan) - rseq/selftests,x86_64: Add rseq_offset_deref_addv() (Peter Oskolkov) - ipv6/sit: fix ipip6_tunnel_get_prl return value (katrinzhou) - sit: use min (kernel test robot) - net: dsa: bcm_sf2: force pause link settings (Doug Berger) - hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (Yang Yingliang) - xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) - net: tun: avoid disabling NAPI twice (Jakub Kicinski) - NFC: nxp-nci: Don't issue a zero length i2c_master_read() (Michael Walle) - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - net: bonding: fix use-after-free after 802.3ad slave unbind (Yevhen Orlov) - net: bonding: fix possible NULL deref in rlb code (Eric Dumazet) - net/sched: act_api: Notify user space if any actions were flushed before error (Victor Nogueira) - netfilter: nft_dynset: restore set element counter when failing to update (Pablo Neira Ayuso) - s390: remove unneeded 'select BUILD_BIN2C' (Masahiro Yamada) - PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (Miaoqian Lin) - caif_virtio: fix race between virtio_device_ready() and ndo_open() (Jason Wang) - net: ipv6: unexport __init-annotated seg6_hmac_net_init() (YueHaibing) - usbnet: fix memory allocation in helpers (Oliver Neukum) - linux/dim: Fix divide by 0 in RDMA DIM (Tao Liu) - RDMA/qedr: Fix reporting QP timeout attribute (Kamal Heib) - net: tun: stop NAPI when detaching queues (Jakub Kicinski) - net: tun: unlink NAPI from device on destruction (Jakub Kicinski) - selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (Dimitris Michailidis) - virtio-net: fix race between ndo_open() and virtio_device_ready() (Jason Wang) - net: usb: ax88179_178a: Fix packet receiving (Jose Alonso) - net: rose: fix UAF bugs caused by timer handler (Duoming Zhou) - s390/archrandom: simplify back to earlier design and initialize earlier (Jason A. Donenfeld) - dm raid: fix KASAN warning in raid5_add_disks (Mikulas Patocka) - dm raid: fix accesses beyond end of raid member array (Heinz Mauelshagen) - powerpc/bpf: Fix use of user_pt_regs in uapi (Naveen N. Rao) - powerpc/prom_init: Fix kernel config grep (Liam Howlett) - nvdimm: Fix badblocks clear off-by-one error (Chris Ye) - ipv6: take care of disable_policy when restoring routes (Nicolas Dichtel) - LTS tag: v5.4.203 (Sherry Yang) - crypto: arm/ghash-ce - define fpu before fpu registers are referenced (Stefan Agner) - crypto: arm - use Kconfig based compiler checks for crypto opcodes (Ard Biesheuvel) - ARM: 9029/1: Make iwmmxt.S support Clang's integrated assembler (Jian Cai) - ARM: OMAP2+: drop unnecessary adrl (Stefan Agner) - ARM: 8929/1: use APSR_nzcv instead of r15 as mrc operand (Stefan Agner) - ARM: 8933/1: replace Sun/Solaris style flag on section directive (Nick Desaulniers) - crypto: arm/sha512-neon - avoid ADRL pseudo instruction (Ard Biesheuvel) - crypto: arm/sha256-neon - avoid ADRL pseudo instruction (Ard Biesheuvel) - ARM: 8971/1: replace the sole use of a symbol with its definition (Jian Cai) - ARM: 8990/1: use VFP assembler mnemonics in register load/store macros (Stefan Agner) - ARM: 8989/1: use .fpu assembler directives instead of assembler arguments (Stefan Agner) - net: mscc: ocelot: allow unregistered IP multicast flooding (Vladimir Oltean) - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) - powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (Naveen N. Rao) - drm: remove drm_fb_helper_modinit (Christoph Hellwig) - LTS tag: v5.4.202 (Sherry Yang) - powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) - kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (Masahiro Yamada) - random: update comment from copy_to_user() -> copy_to_iter() (Jason A. Donenfeld) - modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) - ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) - ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (Miaoqian Lin) - ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) - ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) - powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) - powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) - parisc: Enable ARCH_HAS_STRICT_MODULE_RWX (Helge Deller) - xtensa: Fix refcount leak bug in time.c (Liang He) - xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) - iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) - iio: adc: stm32: fix maximum clock rate for stm32mp15x (Olivier Moysan) - iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) - iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) - iio:accel:mxc4005: rearrange iio trigger get and register (Dmitry Rokosov) - iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) - iio:chemical:ccs811: rearrange iio trigger get and register (Dmitry Rokosov) - usb: chipidea: udc: check request status before setting device address (Xu Yang) - xhci: turn off port power in shutdown (Mathias Nyman) - iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) - s390/cpumf: Handle events cycles and instructions identical (Thomas Richter) - gpio: winbond: Fix error code in winbond_gpio_get() (Dan Carpenter) - Revert 'net/tls: fix tls_sk_proto_close executed repeatedly' (Jakub Kicinski) - virtio_net: fix xdp_rxq_info bug after suspend/resume (Stephan Gerhold) - igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (Aidan MacDonald) - ice: ethtool: advertise 1000M speeds properly (Anatolii Gerasymenko) - afs: Fix dynamic root getattr (David Howells) - MIPS: Remove repetitive increase irq_err_count (huhai) - x86/xen: Remove undefined behavior in setup_features() (Julien Grall) - udmabuf: add back sanity check (Gerd Hoffmann) - erspan: do not assume transport header is always set (Eric Dumazet) - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (Miaoqian Lin) - net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (Peilin Ye) - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (Claudiu Manoil) - bpf: Fix request_sock leak in sk lookup helpers (Jon Maxwell) - USB: serial: option: add Quectel RM500K module support (Macpaul Lin) - USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21546 CVE-2022-1280 CVE-2021-3669 CVE-2022-2586 CVE-2022-21385 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 8 [5.15.0-2.52.3.el8] - posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Thadeu Lima de Souza Cascardo) [Orabug: 34495548] {CVE-2022-2585} - fix race between exit_itimers() and /proc/pid/timers (Oleg Nesterov) [Orabug: 34495548] - rds: ib: Add preemption control when using per-cpu variables (Hakon Bugge) [Orabug: 34505120] - ocfs2: fix handle refcount leak in two exception handling paths (Chenyuan Mi) [Orabug: 34436530] - netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586} - netfilter: nf_tables: do not allow CHAIN_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586} - netfilter: nf_tables: do not allow SET_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586} - rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34510687] {CVE-2022-21385} - kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476940] - kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476940] - kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476940] - kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476940] - kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476940] - Revert net/rds: Connect TCP backends deterministically (Gerd Rausch) [Orabug: 34476561] - rds/ib: handle posted ACK during connection shutdown (Rohit Nair) [Orabug: 34465808] - rds/ib: reap tx completions during connection shutdown (Rohit Nair) [Orabug: 34465808] - uek-rpm: Set CONFIG_VSOCKETS=m and CONFIG_VSOCKETS_DIAG=m (Victor Erminpour) [Orabug: 34461322] - scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419970] {CVE-2022-21546} - rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414238] [5.15.0-2.52.2] - PCI: pciehp: Add quirk to handle spurious DLLSC on a x4x4 SSD (Thomas Tai) [Orabug: 34358322] - net/mlx5: E-Switch, change VFs default admin state to auto in switchdev (Maor Dickman) [Orabug: 34477072] - xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34480751] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34484536] {CVE-2022-2588} [5.15.0-2.52.1] - LTS version: v5.15.52 (Jack Vogel) - io_uring: fix not locked access to fixed buf table (Pavel Begunkov) - net: mscc: ocelot: allow unregistered IP multicast flooding to CPU (Vladimir Oltean) - rtw88: rtw8821c: enable rfe 6 devices (Ping-Ke Shih) - rtw88: 8821c: support RFE type4 wifi NIC (Guo-Feng Fan) - fs: account for group membership (Christian Brauner) - fs: fix acl translation (Christian Brauner) - fs: support mapped mounts of mapped filesystems (Christian Brauner) - fs: add i_user_ns() helper (Christian Brauner) - fs: port higher-level mapping helpers (Christian Brauner) - fs: remove unused low-level mapping helpers (Christian Brauner) - fs: use low-level mapping helpers (Christian Brauner) - docs: update mapping documentation (Christian Brauner) - fs: account for filesystem mappings (Christian Brauner) - fs: tweak fsuidgid_has_mapping() (Christian Brauner) - fs: move mapping helpers (Christian Brauner) - fs: add is_idmapped_mnt() helper (Christian Brauner) - powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (Naveen N. Rao) - xfs: Fix the free logic of state in xfs_attr_node_hasname (Yang Xu) - xfs: use kmem_cache_free() for kmem_cache objects (Rustam Kovhaev) - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (Coly Li) - tick/nohz: unexport __init-annotated tick_nohz_full_setup() (Masahiro Yamada) - LTS version: v5.15.51 (Jack Vogel) - powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) - kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (Masahiro Yamada) - dma-direct: use the correct size for dma_set_encrypted() (Dexuan Cui) - perf build-id: Fix caching files with a wrong build ID (Adrian Hunter) - random: update comment from copy_to_user() -> copy_to_iter() (Jason A. Donenfeld) - ARM: dts: bcm2711-rpi-400: Fix GPIO line names (Stefan Wahren) - modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) - ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) - memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (Miaoqian Lin) - ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (Miaoqian Lin) - ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) - arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (Aswath Govindraju) - ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) - ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (Alexander Stein) - drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (Kuogee Hsieh) - powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) - powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) - powerpc/microwatt: wire up rng during setup_arch() (Jason A. Donenfeld) - parisc: Enable ARCH_HAS_STRICT_MODULE_RWX (Helge Deller) - parisc/stifb: Fix fb_is_primary_device() only available with CONFIG_FB_STI (Helge Deller) - xtensa: Fix refcount leak bug in time.c (Liang He) - xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) - iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (Jialin Zhang) - iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (Miaoqian Lin) - iio: adc: rzg2l_adc: add missing fwnode_handle_put() in rzg2l_adc_parse_properties() (Jialin Zhang) - iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) - iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (Yannick Brosseau) - iio: adc: stm32: Fix ADCs iteration in irq handler (Yannick Brosseau) - iio: afe: rescale: Fix boolean logic bug (Linus Walleij) - iio: imu: inv_icm42600: Fix broken icm42600 (chip id 0 value) (Jean-Baptiste Maneyrol) - iio: adc: stm32: fix maximum clock rate for stm32mp15x (Olivier Moysan) - iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) - iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) - iio:accel:mxc4005: rearrange iio trigger get and register (Dmitry Rokosov) - iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) - iio:accel:kxcjk-1013: rearrange iio trigger get and register (Dmitry Rokosov) - iio:chemical:ccs811: rearrange iio trigger get and register (Dmitry Rokosov) - iio:humidity:hts221: rearrange iio trigger get and register (Dmitry Rokosov) - f2fs: attach inline_data after setting compression (Jaegeuk Kim) - btrfs: fix deadlock with fsync+fiemap+transaction commit (Josef Bacik) - btrfs: dont set lock_owner when locking extent buffer for reading (Zygo Blaxell) - dt-bindings: usb: ehci: Increase the number of PHYs (Geert Uytterhoeven) - dt-bindings: usb: ohci: Increase the number of PHYs (Geert Uytterhoeven) - usb: chipidea: udc: check request status before setting device address (Xu Yang) - USB: gadget: Fix double-free bug in raw_gadget driver (Alan Stern) - usb: gadget: Fix non-unique driver names in raw-gadget driver (Alan Stern) - xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (Utkarsh Patel) - xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (Tanveer Alam) - xhci: turn off port power in shutdown (Mathias Nyman) - usb: typec: wcove: Drop wrong dependency to INTEL_SOC_PMIC (Andy Shevchenko) - iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) - iio: magnetometer: yas530: Fix memchr_inv() misuse (Linus Walleij) - iio: mma8452: fix probe fail when device tree compatible is used. (Haibo Chen) - s390/cpumf: Handle events cycles and instructions identical (Thomas Richter) - gpio: winbond: Fix error code in winbond_gpio_get() (Dan Carpenter) - nvme: move the Samsung X5 quirk entry to the core quirks (Christoph Hellwig) - nvme-pci: add NO APST quirk for Kioxia device (Enzo Matsumiya) - sock: redo the psock vs ULP protection check (Jakub Kicinski) - Revert net/tls: fix tls_sk_proto_close executed repeatedly (Jakub Kicinski) - virtio_net: fix xdp_rxq_info bug after suspend/resume (Stephan Gerhold) - igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) - regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (Aidan MacDonald) - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (Aidan MacDonald) - ice: ethtool: advertise 1000M speeds properly (Anatolii Gerasymenko) - afs: Fix dynamic root getattr (David Howells) - MIPS: Remove repetitive increase irq_err_count (huhai) - x86/xen: Remove undefined behavior in setup_features() (Julien Grall) - xen-blkfront: Handle NULL gendisk (Jason Andryuk) - selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (Jie2x Zhou) - udmabuf: add back sanity check (Gerd Hoffmann) - net/tls: fix tls_sk_proto_close executed repeatedly (Ziyang Xuan) - erspan: do not assume transport header is always set (Eric Dumazet) - perf arm-spe: Dont set data source if its not a memory operation (Leo Yan) - drm/msm/dp: force link training for display resolution change (Kuogee Hsieh) - drm/msm/dp: do not initialize phy until plugin interrupt received (Kuogee Hsieh) - drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read failed (Kuogee Hsieh) - drm/msm/dp: Drop now unused hpd_high member (Bjorn Andersson) - drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (Kuogee Hsieh) - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (Miaoqian Lin) - net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (Peilin Ye) - ethtool: Fix get module eeprom fallback (Ivan Vecera) - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) - igb: fix a use-after-free issue in igb_clean_tx_ring (Lorenzo Bianconi) - tipc: fix use-after-free Read in tipc_named_reinit (Hoang Le) - net: fix data-race in dev_isalive() (Eric Dumazet) - net: Write lock dev_base_lock without disabling bottom halves. (Sebastian Andrzej Siewior) - KVM: arm64: Prevent kmemleak from accessing pKVM memory (Quentin Perret) - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (Claudiu Manoil) - scsi: storvsc: Correct reporting of Hyper-V I/O size limits (Saurabh Sengar) - bpf, x86: Fix tail call count offset calculation on bpf2bpf call (Jakub Sitnicki) - drm/sun4i: Fix crash during suspend after component bind failure (Samuel Holland) - bpf: Fix request_sock leak in sk lookup helpers (Jon Maxwell) - drm/msm: use for_each_sgtable_sg to iterate over scatterlist (Jonathan Marek) - xsk: Fix generic transmit when completion queue reservation fails (Ciara Loftus) - scsi: iscsi: Exclude zero from the endpoint ID range (Sergey Gorenko) - drm/msm: Switch ordering of runpm put vs devfreq_idle (Rob Clark) - scsi: scsi_debug: Fix zone transition to full condition (Damien Le Moal) - netfilter: use get_random_u32 instead of prandom (Florian Westphal) - drm/msm: Fix double pm_runtime_disable() call (Maximilian Luz) - drm/msm: Ensure mmap offset is initialized (Rob Clark) - USB: serial: option: add Quectel RM500K module support (Macpaul Lin) - USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) - USB: serial: option: add Telit LE910Cx 0x1250 composition (Carlo Lobrano) - USB: serial: pl2303: add support for more HXN (G) types (Johan Hovold) - drm/i915: Implement w/a 22010492432 for adl-s (Ville Syrjala) - tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (Masami Hiramatsu (Google)) - dm mirror log: clear log bits up to BITS_PER_LONG boundary (Mikulas Patocka) - dm era: commit metadata in postsuspend after worker stops (Nikos Tsironis) - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (Edward Wu) - mtd: rawnand: gpmi: Fix setting busy timeout setting (Sascha Hauer) - MAINTAINERS: Add new IOMMU development mailing list (Joerg Roedel) - xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) - mmc: mediatek: wait dma stop bit reset to 0 (Mengqi Zhang) - mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (Chevron Li) - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (Tyrel Datwyler) - scsi: ibmvfc: Store vhost pointer during subcrq allocation (Tyrel Datwyler) - btrfs: add error messages to all unrecognized mount options (David Sterba) - btrfs: prevent remounting to v1 space cache for subpage mount (Qu Wenruo) - btrfs: fix hang during unmount when block group reclaim task is running (Filipe Manana) - 9p: fix fid refcount leak in v9fs_vfs_get_link (Dominique Martinet) - 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (Dominique Martinet) - 9p: Fix refcounting during full path walks for fid lookups (Tyler Hicks) - net: openvswitch: fix parsing of nw_proto for IPv6 fragments (Rosemarie ORiorden) - ALSA: hda/realtek: Add quirk for Clevo NS50PU (Tim Crawford) - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (Tim Crawford) - ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (Takashi Iwai) - ALSA: hda/realtek - ALC897 headset MIC no sound (Kailang Yang) - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (Soham Sen) - ALSA: hda/conexant: Fix missing beep setup (Takashi Iwai) - ALSA: hda/via: Fix missing beep setup (Takashi Iwai) - random: quiet urandom warning ratelimit suppression message (Jason A. Donenfeld) - random: schedule mix_interrupt_randomness() less often (Jason A. Donenfeld) - LTS version: v5.15.50 (Jack Vogel) - arm64: mm: Dont invalidate FROM_DEVICE buffers at start of DMA transfer (Will Deacon) - serial: core: Initialize rs485 RTS polarity already on probe (Lukas Wunner) - selftests/bpf: Add selftest for calling global functions from freplace (Toke Hoiland-Jorgensen) - bpf: Fix calling global functions from BPF_PROG_TYPE_EXT programs (Toke Hoiland-Jorgensen) - usb: gadget: u_ether: fix regression in setting fixed MAC address (Marian Postevca) - zonefs: fix zonefs_iomap_begin() for reads (Damien Le Moal) - drm/amd/display: Dont reinitialize DMCUB on s0ix resume (Nicholas Kazlauskas) - s390/mm: use non-quiescing sske for KVM switch to keyed guest (Christian Borntraeger) - LTS version: v5.15.49 (Jack Vogel) - clk: imx8mp: fix usb_root_clk parent (Peng Fan) (Masahiro Yamada) - virtio-pci: Remove wrong address verification in vp_del_vqs() (Murilo Opsfelder Araujo) - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (Andy Chi) - KVM: arm64: Dont read a HW interrupt pending state in user context (Marc Zyngier) - ext4: add reserved GDT blocks check (Zhang Yi) - ext4: make variable count signed (Ding Xiang) - ext4: fix bug_on ext4_mb_use_inode_pa (Baokun Li) - ext4: fix super block checksum incorrect after mount (Ye Bin) - cfi: Fix __cfi_slowpath_diag RCU usage with cpuidle (Sami Tolvanen) - drm/amd/display: Cap OLED brightness per max frame-average luminance (Roman Li) - dm mirror log: round up region bitmap size to BITS_PER_LONG (Mikulas Patocka) - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (Shinichiro Kawasaki) - serial: 8250: Store to lsr_save_flags after lsr read (Ilpo Jarvinen) - tty: n_gsm: Debug output allocation must use GFP_ATOMIC (Tony Lindgren) - usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (Linyu Yuan) - usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (Linyu Yuan) - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (Miaoqian Lin) - usb: cdnsp: Fixed setting last_trb incorrectly (Jing Leng) - usb: dwc2: Fix memory leak in dwc2_hcd_init (Miaoqian Lin) - USB: serial: io_ti: add Agilent E5805A support (Robert Eckelmann) - USB: serial: option: add support for Cinterion MV31 with new baseline (Slark Xiao) - crypto: memneq - move into lib/ (Jason A. Donenfeld) - comedi: vmk80xx: fix expression for tx buffer size (Ian Abbott) - mei: me: add raptor lake point S DID (Alexander Usyskin) - mei: hbm: drop capability response on early shutdown (Alexander Usyskin) - i2c: designware: Use standard optional ref clock implementation (Serge Semin) - sched: Fix balance_push() vs __sched_setscheduler() (Peter Zijlstra) - irqchip/realtek-rtl: Fix refcount leak in map_interrupts (Miaoqian Lin) - irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (Miaoqian Lin) - irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (Miaoqian Lin) - irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (Miaoqian Lin) - i2c: npcm7xx: Add check for platform_driver_register (Jiasheng Jiang) - faddr2line: Fix overlapping text section failures, the sequel (Josh Poimboeuf) - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (Bart Van Assche) - init: Initialize noop_backing_dev_info early (Jan Kara) - certs/blacklist_hashes.c: fix const confusion in certs blacklist (Masahiro Yamada) - arm64: ftrace: consistently handle PLTs. (Mark Rutland) - arm64: ftrace: fix branch range checks (Mark Rutland) - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (Duoming Zhou) - net: bgmac: Fix an erroneous kfree() in bgmac_remove() (Christophe JAILLET) - mlxsw: spectrum_cnt: Reorder counter pools (Petr Machata) - nvme: add device name to warning in uuid_show() (Thomas WeiBschuh) - rtc: ftrtc010: Use platform_get_irq() to get the interrupt (Lad Prabhakar) - rtc: ftrtc010: Use platform_get_irq() to get the interrupt (Lad Prabhakar) - rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) - ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (Howard Chiu) - clocksource/drivers/riscv: Events are stopped during CPU suspend (Samuel Holland) - soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) - extcon: ptn5150: Add queue work sync before driver release (Li Jun) - ksmbd: fix reference count leak in smb_check_perm_dacl() (Xin Xiong) - coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) - soundwire: intel: prevent pm_runtime resume prior to system suspend (Pierre-Louis Bossart) - export: fix string handling of namespace in EXPORT_SYMBOL_NS (Greg Kroah-Hartman) - serial: sifive: Report actual baud base rather than fixed 115200 (Maciej W. Rozycki) - power: supply: axp288_fuel_gauge: Drop BIOS version check from T3 MRD DMI quirk (Hans de Goede) - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (Johan Hovold) - misc/pvpanic: Convert regular spinlock into trylock on panic path (Guilherme G. Piccoli) - pvpanic: Fix typos in the comments (Andy Shevchenko) - rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (Krzysztof Kozlowski) - iio: adc: sc27xx: Fine tune the scale calibration values (Cixi Geng) - iio: adc: sc27xx: fix read big scale voltage not right (Cixi Geng) - iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (Miaoqian Lin) - rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (Arnaud Pouliquen) - rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (Hangyu Hua) - rpmsg: virtio: Fix possible double free in rpmsg_probe() (Hangyu Hua) - usb: typec: mux: Check dev_set_name() return value (Bjorn Andersson) - firmware: stratix10-svc: fix a missing check on list iterator (Xiaomeng Tong) - misc: fastrpc: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (Wesley Cheng) - rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - pwm: raspberrypi-poe: Fix endianness in firmware struct (Uwe Kleine-Konig) - pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (Christophe JAILLET) - usb: musb: Fix missing of_node_put() in omap2430_probe (Miaoqian Lin) - USB: storage: karma: fix rio_karma_init return (Lin Ma) - usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) - usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) - remoteproc: imx_rproc: Ignore create mem entry for resource table (Peng Fan) - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (Sherry Sun) - serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (Miaoqian Lin) - tty: n_tty: Restore EOF push handling behavior (Daniel Gibson) - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (Miaoqian Lin) - tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) - lkdtm/bugs: Dont expect thread termination without CONFIG_UBSAN_TRAP (Christophe Leroy) - lkdtm/bugs: Check for the NULL pointer after calling kmalloc (Jiasheng Jiang) - iio: adc: ad7124: Remove shift from scan_type (Alexandru Tachici) - staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) - LTS version: v5.15.46 (Jack Vogel) - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (Jan Kara) - pinctrl/rockchip: support setting input-enable param (Caleb Connolly) - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (Jia-Ju Bai) - md: fix double free of io_acct_set bioset (Xiao Ni) - md: Dont set mddev private to NULL in raid0 pers->free (Xiao Ni) - fs/ntfs3: Fix invalid free in log_replay (Namjae Jeon) - exportfs: support idmapped mounts (Christian Brauner) - fs: add two trivial lookup helpers (Christian Brauner) - interconnect: qcom: icc-rpmh: Add BCMs to commit list in pre_aggregate (Mike Tipton) - interconnect: qcom: sc7180: Drop IP0 interconnects (Stephen Boyd) - ext4: only allow test_dummy_encryption when supported (Eric Biggers) - MIPS: IP30: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) - MIPS: IP27: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) - RDMA/hns: Remove the num_cqc_timer variable (Yixing Liu) - staging: r8188eu: delete rtw_wx_read/write32() (Dan Carpenter) - Revert random: use static branch for crng_ready() (Jason A. Donenfeld) - list: test: Add a test for list_is_head() (David Gow) - kseltest/cgroup: Make test_stress.sh work if run interactively (Waiman Long) - net: ipa: fix page free in ipa_endpoint_replenish_one() (Alex Elder) - net: ipa: fix page free in ipa_endpoint_trans_release() (Alex Elder) - phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) - coresight: core: Fix coresight device probe failure issue (Mao Jinlong) - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (Tejun Heo) - vdpasim: allow to enable a vq repeatedly (Eugenio Perez) - dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) - docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (Steve French) - ARM: pxa: maybe fix gpio lookup tables (Arnd Bergmann) - ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (Jonathan Bakker) - phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) - clk: tegra: Add missing reset deassertion (Diogo Ivo) - arm64: tegra: Add missing DFLL reset on Tegra210 (Diogo Ivo) - arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) - gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - serial: pch: dont overwrite xmit->buf[0] by x_char (Jiri Slaby) - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (Coly Li) - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (Coly Li) - bcache: improve multithreaded bch_sectors_dirty_init() (Coly Li) - bcache: improve multithreaded bch_btree_check() (Coly Li) - stm: ltdc: fix two incorrect NULL checks on list iterator (Xiaomeng Tong) - carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) - ASoC: rt5514: Fix event generation for DSP Voice Wake Up control (Mark Brown) - rtl818x: Prevent using not initialized queues (Alexander Wetzel) - xtensa/simdisk: fix proc_read_simdisk() (Yi Yang) - mm/memremap: fix missing call to untrack_pfn() in pagemap_range() (Miaohe Lin) - hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) - nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) - mm/page_alloc: always attempt to allocate at least one page during bulk allocation (Mel Gorman) - Revert mm/cma.c: remove redundant cma_mutex lock (Dong Aisheng) - iommu/dma: Fix iova map result check bug (Yunfei Wang) - iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) - ksmbd: fix outstanding credits related bugs (Hyunchul Lee) - ftrace: Clean up hash direct_functions on register failures (Song Liu) - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) - um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) - um: chan_user: Fix winch_tramp() return value (Johannes Berg) - um: Use asm-generic/dma-mapping.h (Johannes Berg) - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) - cfg80211: declare MODULE_FIRMWARE for regulatory.db (Dimitri John Ledkov) - thermal: devfreq_cooling: use local ops instead of global ops (Kant Fan) - irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) - csky: patch_text: Fixup last cpu should be master (Guo Ren) - mmc: core: Allows to override the timeout value for ioctl() path (Bean Huo) - RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) - Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (Sean Christopherson) - ima: remove the IMA_TEMPLATE Kconfig option (GUO Zihua) - media: coda: Add more H264 levels for CODA960 (Nicolas Dufresne) - media: coda: Fix reported H264 profile (Nicolas Dufresne) - mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) - mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) - md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) - md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) - drm/i915/dsi: fix VBT send packet port selection for ICL+ (Jani Nikula) - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) - drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (Lucas Stach) - drm/nouveau/subdev/bus: Ratelimit logging for fault errors (Lyude Paul) - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) - landlock: Fix same-layer rule unions (Mickael Salaun) - landlock: Create find_rule() from unmask_layers() (Mickael Salaun) - landlock: Reduce the maximum number of layers to 16 (Mickael Salaun) - landlock: Define access_mask_t to enforce a consistent access mask size (Mickael Salaun) - selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (Mickael Salaun) - landlock: Change landlock_restrict_self(2) check ordering (Mickael Salaun) - landlock: Change landlock_add_rule(2) argument check ordering (Mickael Salaun) - selftests/landlock: Add tests for O_PATH (Mickael Salaun) - selftests/landlock: Fully test file rename with remove access (Mickael Salaun) - selftests/landlock: Extend access right tests to directories (Mickael Salaun) - selftests/landlock: Add tests for unknown access rights (Mickael Salaun) - selftests/landlock: Extend tests for minimal valid attribute size (Mickael Salaun) - selftests/landlock: Make tests build with old libc (Mickael Salaun) - landlock: Fix landlock_add_rule(2) documentation (Mickael Salaun) - samples/landlock: Format with clang-format (Mickael Salaun) - samples/landlock: Add clang-format exceptions (Mickael Salaun) - selftests/landlock: Format with clang-format (Mickael Salaun) - selftests/landlock: Normalize array assignment (Mickael Salaun) - selftests/landlock: Add clang-format exceptions (Mickael Salaun) - landlock: Format with clang-format (Mickael Salaun) - landlock: Add clang-format exceptions (Mickael Salaun) - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) - scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) - dlm: fix missing lkb refcount handling (Alexander Aring) - dlm: uninitialized variable on error in dlm_listen_for_all() (Dan Carpenter) - dlm: fix plock invalid read (Alexander Aring) - s390/stp: clock_delta should be signed (Sven Schnelle) - s390/perf: obtain sie_block from the right address (Nico Boehr) - mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rei Yamamoto) - staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov) - PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) - PCI: qcom: Fix runtime PM imbalance on probe errors (Johan Hovold) - PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (Bjorn Helgaas) - drm/amdgpu: add beige goby PCI ID (Alex Deucher) - tracing: Initialize integer variable to prevent garbage return value (Gautam Menghani) - tracing: Fix potential double free in create_var_ref() (Keita Suzuki) - tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (Laurent Vivier) - ACPI: property: Release subnode properties with data nodes (Sakari Ailus) - ext4: avoid cycles in directory h-tree (Jan Kara) - ext4: verify dir block before splitting it (Jan Kara) - ext4: fix bug_on in __es_tree_search (Baokun Li) - ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (Theodore Tso) - ext4: fix bug_on in ext4_writepages (Ye Bin) - ext4: fix warning in ext4_handle_inode_extension (Ye Bin) - ext4: fix race condition between ext4_write and ext4_convert_inline_data (Baokun Li) - ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) - ext4: mark group as trimmed only if it was fully scanned (Dmitry Monakhov) - bfq: Make sure bfqg for which we are queueing requests is online (Jan Kara) - bfq: Get rid of __bio_blkcg() usage (Jan Kara) - bfq: Track whether bfq_group is still online (Jan Kara) - bfq: Remove pointless bfq_init_rq() calls (Jan Kara) - bfq: Drop pointless unlock-lock pair (Jan Kara) - bfq: Update cgroup information before merging bio (Jan Kara) - bfq: Split shared queues on move between cgroups (Jan Kara) - bfq: Avoid merging queues with different parents (Jan Kara) - bfq: Avoid false marking of bic as stably merged (Jan Kara) - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (Aditya Garg) - fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages (Zhihao Cheng) - iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) - wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) - objtool: Fix symbol creation (Peter Zijlstra) - objtool: Fix objtool regression on x32 systems (Mikulas Patocka) - f2fs: fix to do sanity check for inline inode (Chao Yu) - f2fs: fix fallocate to use file_modified to update permissions consistently (Chao Yu) - f2fs: dont use casefolded comparison for . and .. (Eric Biggers) - f2fs: fix to do sanity check on total_data_blocks (Chao Yu) - f2fs: dont need inode lock for system hidden quota (Jaegeuk Kim) - f2fs: fix deadloop in foreground GC (Chao Yu) - f2fs: fix to clear dirty inode in f2fs_evict_inode() (Chao Yu) - f2fs: fix to do sanity check on block address in f2fs_do_zero_range() (Chao Yu) - f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (Chao Yu) - NFSv4.1 mark qualified async operations as MOVEABLE tasks (Olga Kornievskaia) - NFS: Convert GFP_NOFS to GFP_KERNEL (Trond Myklebust) - NFS: Create a new nfs_alloc_fattr_with_label() function (Anna Schumaker) - NFS: Always initialise fattr->label in nfs_fattr_alloc() (Trond Myklebust) - video: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup (Javier Martinez Canillas) - perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) - perf c2c: Use stdio interface if slang is not supported (Leo Yan) - perf build: Fix btf__load_from_kernel_by_id() feature check (Jiri Olsa) - i2c: rcar: fix PM ref counts in probe error paths (Kuninori Morimoto) - i2c: npcm: Handle spurious interrupts (Tali Perry) - i2c: npcm: Correct register access width (Tyrone Ting) - i2c: npcm: Fix timeout calculation (Tali Perry) - iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) - dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (Amelie Delaunay) - dmaengine: stm32-mdma: remove GISR1 register (Amelie Delaunay) - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) - NFS: Further fixes to the writeback error handling (Trond Myklebust) - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (Trond Myklebust) - NFS: Dont report errors from nfs_pageio_complete() more than once (Trond Myklebust) - NFS: Do not report flush errors in nfs_write_end() (Trond Myklebust) - NFS: Dont report ENOSPC write errors twice (Trond Myklebust) - NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (Trond Myklebust) - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Trond Myklebust) - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (Christophe JAILLET) - i2c: at91: Initialize dma_buf in at91_twi_xfer() (Nathan Chancellor) - iommu/mediatek: Fix NULL pointer dereference when printing dev_name (Miles Chen) - MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (Guenter Roeck) - iommu/arm-smmu-v3-sva: Fix mm use-after-free (Jean-Philippe Brucker) - cpufreq: mediatek: Unregister platform device on exit (Rex-BC Chen) - cpufreq: mediatek: Use module_init and add module_exit (Jia-Wei Chang) - i2c: at91: use dma safe buffers (Michael Walle) - iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (Yong Wu) - iommu/mediatek: Remove clk_disable in mtk_iommu_remove (Yong Wu) - iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) - iommu/mediatek: Fix 2 HW sharing pgtable issue (Yong Wu) - iommu/amd: Enable swiotlb in all cases (Mario Limonciello) - f2fs: fix dereference of stale list iterator after loop body (Jakob Koschel) - f2fs: fix to do sanity check on inline_dots inode (Chao Yu) - f2fs: support fault injection for dquot_initialize() (Chao Yu) - OPP: call of_node_put() on error path in _bandwidth_supported() (Dan Carpenter) - Input: stmfts - do not leave device disabled in stmfts_input_open (Dmitry Torokhov) - KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (Wanpeng Li) - RDMA/hfi1: Prevent use of lock before it is initialized (Douglas Miller) - mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) - nfsd: destroy percpu stats counters after reply cache shutdown (Julian Schroeder) - mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (Yang Yingliang) - powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) - powerpc/xive: Fix refcount leak in xive_spapr_init (Miaoqian Lin) - powerpc/xive: Add some error handling code to xive_spapr_init() (Christophe JAILLET) - macintosh: via-pmu and via-cuda need RTC_LIB (Randy Dunlap) - powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) - powerpc/perf: Fix the threshold compare group constraint for power10 (Kajol Jain) - powerpc/64: Only WARN if __pa()/__va() called with bad addresses (Michael Ellerman) - hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (Yang Yingliang) - PCI: microchip: Fix potential race in interrupt handling (Daire McNamara) - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (Kuppuswamy Sathyanarayanan) - Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) - hugetlbfs: fix hugetlbfs_statfs() locking (Mina Almasry) - ARM: dts: at91: sama7g5: remove interrupt-parent from gic node (Eugen Hristev) - crypto: cryptd - Protect per-CPU resource by disabling BH. (Sebastian Andrzej Siewior) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2585 CVE-2022-2586 CVE-2022-34918 CVE-2022-2588 CVE-2022-21385 CVE-2022-21546 cpe:/a:oracle:linux:8::UEKR7 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.67.3] - media: imon: Fix null-ptr-deref in imon_probe (Arvind Yadav) [Orabug: 31225377] {CVE-2017-16537} - fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914703] {CVE-2020-14390} - inet: use bigger hash table for IP ID generation (Eric Dumazet) [Orabug: 33778986] {CVE-2021-45486} - ipv4: speedup ip_idents_reserve() (Eric Dumazet) [Orabug: 33778986] [4.1.12-124.67.2] - media: v4l: ioctl: Fix memory leak in video_usercopy (Sakari Ailus) [Orabug: 32759975] {CVE-2021-30002} - usbnet: silence an unnecessary warning (Oliver Neukum) [Orabug: 23589045] - futex: Remove requirement for lock_page() in get_futex_key() (Mel Gorman) [Orabug: 29048998] {CVE-2018-9422} - mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (Zekun Shen) [Orabug: 33784271] {CVE-2021-43976} - af_key: Do not call xfrm_probe_algs in parallel (Herbert Xu) [Orabug: 34566754] {CVE-2022-3028} - ext4: fix kernel infoleak via ext4_extent_header (Anirudh Rayabharam) [Orabug: 34579226] {CVE-2022-0850} - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (Jann Horn) [Orabug: 34594265] {CVE-2022-2964} - net: usb: ax88179_178a: initialize local variables before use (Phillip Potter) [Orabug: 34594265] - net: usb: ax88179_178a: fix packet alignment padding (Jeremy Kerr) [Orabug: 34594265] - ax88179_178a: Check for supported Wake-on-LAN modes (Florian Fainelli) [Orabug: 34594265] - Net Driver: Add Cypress GX3 VID=04b4 PID=3610. (Allan Chou) [Orabug: 34594265] [4.1.12-124.67.1] - KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings (Eric Biggers) [Orabug: 27902747] {CVE-2017-7472} - KEYS: prevent creating a different user's keyrings (Eric Biggers) [Orabug: 29013653] {CVE-2017-18270} - scsi: sg: add sg_remove_request in sg_write (Wu Bo) [Orabug: 31350699] {CVE-2020-12770} - xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() (Hangyu Hua) [Orabug: 34503626] {CVE-2022-36879} - ext4: verify dir block before splitting it (Jan Kara) [Orabug: 34555416] {CVE-2022-1184} - dm verity: set DM_TARGET_IMMUTABLE feature flag (Sarthak Kukreti) [Orabug: 34555434] {CVE-2022-2503} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2020-12770 CVE-2017-7472 CVE-2021-45486 CVE-2017-16537 CVE-2022-3028 CVE-2022-0850 CVE-2022-2503 CVE-2021-43976 CVE-2022-2964 CVE-2017-18270 CVE-2018-9422 CVE-2020-14390 CVE-2021-30002 CVE-2022-1184 CVE-2022-36879 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 7 kubernetes [1.21.14-2] - Fixed kubernetes-cni version. [1.21.14-1] - Addresses CVE-2022-3172 olcne [1.4.8-2] - Updated Kubernetes package release version to 1.21.6-2 [1.4.8-1] - Upgraded kubernetes-1.21.6 to 1.21.14 - Resolve Kubernetes CVE-2022-3172 for version 1.21 [1.4.7-1] - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 [1.4.6-2] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over - Update gen-certs-helper script to skip printing olcne_transfer_script execution - Cleanup grpc connection when node not found and use substr method in case fqdn used for hostname [1.4.6-1] - Adress Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227 [1.4.5-1] - Address qemu CVE-2022-26353, CVE-2021-3748 [1.4.4-1] - Excluded unnecessary directories from k8s backup files [1.4.3-1] - Update Istio to 1.13.2 [1.4.2-1] - Added 1.4 extra images to registry-image-helper.sh script [1.4.1-4] - Ensure that the order of items in an upgraded config file is stable with respect to the original file - Ensure that old olcnectl config files are upgraded [1.4.1-3] - Fixed a bug where specifying a port in the container-registry argument to the Kubernetes module would result in pods not being able to start. [1.4.1-2] - Allow loadbalancer to be configured regardless of security list mode [1.4.1-1] - Fix bug in initialising certs manager when environment name not mentioned [1.4.0-3] - Fix bug in fetching report for multi-environment [1.4.0-2] - Pause image is 3.4.1 [1.4.0-1] - CSI plugin - Reports feature - Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade - Istio-1.9.4 to Istio-1.11.4 upgrade - Component upgrades - Config file feature [1.3.0-13] - Fix iptables issue when running on OL7 host using OL8 image [1.3.0-12] - Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007 [1.3.0-11] - Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282] [1.3.0-10] - Fixed missing double semicolon in registry image helper [1.3.0-9] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3172 cpe:/a:oracle:linux:7::olcne14 Oracle Linux 8 kubernetes [1.21.14-2] - Fixed kubernetes-cni version. [1.21.14-1] - Addresses CVE-2022-3172 olcne [1.4.8-2] - Updated Kubernetes package release version to 1.21.6-2 [1.4.8-1] - Upgraded kubernetes-1.21.6 to 1.21.14 - Resolve Kubernetes CVE-2022-3172 for version 1.21 [1.4.7-1] - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 [1.4.6-2] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over - Update gen-certs-helper script to skip printing olcne_transfer_script execution - Cleanup grpc connection when node not found and use substr method in case fqdn used for hostname [1.4.6-1] - Adress Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227 [1.4.5-1] - Address qemu CVE-2022-26353, CVE-2021-3748 [1.4.4-1] - Excluded unnecessary directories from k8s backup files [1.4.3-1] - Update Istio to 1.13.2 [1.4.2-1] - Added 1.4 extra images to registry-image-helper.sh script [1.4.1-4] - Ensure that the order of items in an upgraded config file is stable with respect to the original file - Ensure that old olcnectl config files are upgraded [1.4.1-3] - Fixed a bug where specifying a port in the container-registry argument to the Kubernetes module would result in pods not being able to start. [1.4.1-2] - Allow loadbalancer to be configured regardless of security list mode [1.4.1-1] - Fix bug in initialising certs manager when environment name not mentioned [1.4.0-3] - Fix bug in fetching report for multi-environment [1.4.0-2] - Pause image is 3.4.1 [1.4.0-1] - CSI plugin - Reports feature - Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade - Istio-1.9.4 to Istio-1.11.4 upgrade - Component upgrades - Config file feature [1.3.0-13] - Fix iptables issue when running on OL7 host using OL8 image [1.3.0-12] - Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007 [1.3.0-11] - Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282] [1.3.0-10] - Fixed missing double semicolon in registry image helper [1.3.0-9] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3172 cpe:/a:oracle:linux:8::olcne14 Oracle Linux 7 kubernetes [1.22.14-1] - Added Oracle specific build files for Kubernetes kubernetes [1.23.11-1] - Added Oracle specific build files for Kubernetes olcne [1.5.6-1] - Upgraded kubernetes-1.23.7 to 1.23.11, 1.22.8 to 1.22.14 and 1.21.6 to 1.21.14 - Resolve Kubernetes CVE-2022-3172 for version 1.21 - Resolve Kubernetes CVE-2022-3172 for version 1.22 - Resolve Kubernetes CVE-2022-3172 for version 1.23 [1.5.5-1] - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 [1.5.4-3] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over [1.5.4-2] - Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227 [1.5.4-1] - Upgrade Kubernetes to 1.23.7 [1.5.3-1] - Address qemu CVE-2022-26353, CVE-2021-3748 [1.5.2-1] - Excluded unnecessary directories from k8s backup files [1.5.1-1] - Fixed the bug in fetching node metadata for non-cloud nodes [1.5.0-2] - Upgrade Helm to 3.7.1-2 [1.5.0-2] - fix null pointer exception in systemd service state validation [1.5.0-1] - Introduce support for compact Kubernetes clusters - Introduce MetalLB - Introduce Oracle Cloud Infrastructure Cloud Controller Manager - Improved log messages in Platform API Server and Platform Agent - Upgrade Kubernetes to 1.22.8 - Upgrade Istio to 1.13.2 - Renamed the oci-csi module to oci-ccm [1.5.0-20.alpha] - Update istio-1.13.2 grafana to 7.5.15 [1.5.0-14.alpha] - Metallb fix [1.5.0-11.alpha] - Remove module directories when olcne rpm is uninstalled [1.5.0-10.alpha] - OCI CCM 0.13.0 [1.5.0-9.alpha] - Reworked log messages [1.5.0-8.alpha] - Update Istio to 1.13.2(prometheus-2.31.1, grafana-8.4.6) [1.5.0-7.alpha] - Update Istio to 1.12.6(prometheus-2.30.1, grafana-7.5.15) [1.5.0-6.alpha] - Update to k8s 1.22 with golang 1.17 [1.5.0-5.alpha] - Update internal docs for oci-ccm module [1.5.0-4.alpha] - Extend oci-ccm module to support load balancer [1.5.0-3.alpha] - Firewall pre-req [1.5.0-2.alpha] - Ensure that config map settings needed by metallb is preserved during k8s upgrade [1.5.0-1.alpha] - Metallb module [1.4.1-14] - Added 1.4 extra images to registry-image-helper.sh script [1.4.1-13] - Update sudoers file and changed its permissions to '0440' [1.4.1-12] - Update olcne-kubernetes.md file for 'compact' flag [1.4.1-11] - Ensure that the order of items in an upgraded config file is stable with respect to the original file [1.4.1-10] - Ensure that old olcnectl config files are upgraded [1.4.1-9] - Rename oci-csi module to oci-ccm and add support for oci-ccm loadbalancer creation [1.4.1-8] - Make 'compact' flag updatable [1.4.1-7] - Introduce 'compact' that enables control-plane nodes to run any workloads [1.4.1-6] - Ability to label 1 or more kubernetes nodes [1.4.1-5] - Fixed a bug where specifying a port in the container-registry argument to the Kubernetes module would result in pods not being able to start. [1.4.1-4] - Update helm to 3.7.1 [1.4.1-3] - Update versions to Istio-1.12.2, prometheus-2.31.1 and grafana-7.5.11 [1.4.1-2] - Allow loadbalancer to be configured regardless of security list mode [1.4.0-4] - Fix bug in initialising certs manager when environment name not mentioned [1.4.0-3] - Fix bug in fetching report for multi-environment [1.4.0-2] - Pause image is 3.4.1 [1.4.0-1] - CSI plugin - Reports feature - Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade - Istio-1.9.4 to Istio-1.11.4 upgrade - Component upgrades - Config file feature [1.3.0-13] - Fix iptables issue when running on OL7 host using OL8 image [1.3.0-12] - Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007 [1.3.0-11] - Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282] [1.3.0-10] - Fixed missing double semicolon in registry image helper [1.3.0-9] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3172 cpe:/a:oracle:linux:7::olcne15 Oracle Linux 8 kubernetes [1.22.14-1] - Added Oracle specific build files for Kubernetes kubernetes [1.23.11-1] - Added Oracle specific build files for Kubernetes olcne [1.5.6-1] - Upgraded kubernetes-1.23.7 to 1.23.11, 1.22.8 to 1.22.14 and 1.21.6 to 1.21.14 - Resolve Kubernetes CVE-2022-3172 for version 1.21 - Resolve Kubernetes CVE-2022-3172 for version 1.22 - Resolve Kubernetes CVE-2022-3172 for version 1.23 [1.5.5-1] - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 [1.5.4-3] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over [1.5.4-2] - Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227 [1.5.4-1] - Upgrade Kubernetes to 1.23.7 [1.5.3-1] - Address qemu CVE-2022-26353, CVE-2021-3748 [1.5.2-1] - Excluded unnecessary directories from k8s backup files [1.5.1-1] - Fixed the bug in fetching node metadata for non-cloud nodes [1.5.0-2] - Upgrade Helm to 3.7.1-2 [1.5.0-2] - fix null pointer exception in systemd service state validation [1.5.0-1] - Introduce support for compact Kubernetes clusters - Introduce MetalLB - Introduce Oracle Cloud Infrastructure Cloud Controller Manager - Improved log messages in Platform API Server and Platform Agent - Upgrade Kubernetes to 1.22.8 - Upgrade Istio to 1.13.2 - Renamed the oci-csi module to oci-ccm [1.5.0-20.alpha] - Update istio-1.13.2 grafana to 7.5.15 [1.5.0-14.alpha] - Metallb fix [1.5.0-11.alpha] - Remove module directories when olcne rpm is uninstalled [1.5.0-10.alpha] - OCI CCM 0.13.0 [1.5.0-9.alpha] - Reworked log messages [1.5.0-8.alpha] - Update Istio to 1.13.2(prometheus-2.31.1, grafana-8.4.6) [1.5.0-7.alpha] - Update Istio to 1.12.6(prometheus-2.30.1, grafana-7.5.15) [1.5.0-6.alpha] - Update to k8s 1.22 with golang 1.17 [1.5.0-5.alpha] - Update internal docs for oci-ccm module [1.5.0-4.alpha] - Extend oci-ccm module to support load balancer [1.5.0-3.alpha] - Firewall pre-req [1.5.0-2.alpha] - Ensure that config map settings needed by metallb is preserved during k8s upgrade [1.5.0-1.alpha] - Metallb module [1.4.1-14] - Added 1.4 extra images to registry-image-helper.sh script [1.4.1-13] - Update sudoers file and changed its permissions to '0440' [1.4.1-12] - Update olcne-kubernetes.md file for 'compact' flag [1.4.1-11] - Ensure that the order of items in an upgraded config file is stable with respect to the original file [1.4.1-10] - Ensure that old olcnectl config files are upgraded [1.4.1-9] - Rename oci-csi module to oci-ccm and add support for oci-ccm loadbalancer creation [1.4.1-8] - Make 'compact' flag updatable [1.4.1-7] - Introduce 'compact' that enables control-plane nodes to run any workloads [1.4.1-6] - Ability to label 1 or more kubernetes nodes [1.4.1-5] - Fixed a bug where specifying a port in the container-registry argument to the Kubernetes module would result in pods not being able to start. [1.4.1-4] - Update helm to 3.7.1 [1.4.1-3] - Update versions to Istio-1.12.2, prometheus-2.31.1 and grafana-7.5.11 [1.4.1-2] - Allow loadbalancer to be configured regardless of security list mode [1.4.0-4] - Fix bug in initialising certs manager when environment name not mentioned [1.4.0-3] - Fix bug in fetching report for multi-environment [1.4.0-2] - Pause image is 3.4.1 [1.4.0-1] - CSI plugin - Reports feature - Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade - Istio-1.9.4 to Istio-1.11.4 upgrade - Component upgrades - Config file feature [1.3.0-13] - Fix iptables issue when running on OL7 host using OL8 image [1.3.0-12] - Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007 [1.3.0-11] - Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282] [1.3.0-10] - Fixed missing double semicolon in registry image helper [1.3.0-9] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3172 cpe:/a:oracle:linux:8::olcne15 Oracle Linux 8 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0216 CVE-2022-26353 CVE-2021-4206 CVE-2021-4207 cpe:/a:oracle:linux:8::kvm_appstream Oracle Linux 9 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-4206 CVE-2022-26353 CVE-2022-0216 CVE-2021-4207 cpe:/a:oracle:linux:9::kvm_utils Oracle Linux 7 [4.14.35-2047.518.4] - xfs: avoid race between writeback and data/cow fork changes (Wengang Wang) [Orabug: 34508036] [4.14.35-2047.518.3] - KVM: SVM: Clear the CR4 register on reset (Babu Moger) [Orabug: 34617675] [4.14.35-2047.518.2] - af_key: Do not call xfrm_probe_algs in parallel (Herbert Xu) [Orabug: 34566753] {CVE-2022-3028} - l2tp: fix tunnel lookup use-after-free race (James Chapman) [Orabug: 32504113] [4.14.35-2047.518.1] - xfs: fix out of bound access (Junxiao Bi) [Orabug: 33089469] [Orabug: 34535011] - KVM: x86: use raw clock values consistently (Paolo Bonzini) [Orabug: 34362737] - KVM: x86: reorganize pvclock_gtod_data members (Paolo Bonzini) [Orabug: 34362737] - KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [Orabug: 34362737] - netfilter: ebtables: reject blobs that don't provide all entry points (Florian Westphal) [Orabug: 32176166] - sysfs: turn WARN() into pr_warn() (Greg Kroah-Hartman) [Orabug: 32176118] [4.14.35-2047.518.0] - lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34543517] {CVE-2022-21499} - Revert 'debug: Lock down kgdb' (Alok Tiwari) [Orabug: 34543517] - vmcoreinfo: add kallsyms_num_syms symbol (Stephen Brennan) [Orabug: 34475880] - vmcoreinfo: include kallsyms symbols (Stephen Brennan) [Orabug: 34475880] - kallsyms: move declarations to internal header (Stephen Brennan) [Orabug: 34475880] - mpt3sas: avoid SOFT_RESET on shutdown (John Donnelly) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Update driver version to 39.100.00.00 (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Use firmware recommended queue depth (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Transition IOC to Ready state during shutdown (Sreekanth Reddy) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix fall-through warnings for Clang (Gustavo A. R. Silva) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Handle firmware faults during first half of IOC init (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix deadlock while cancelling the running firmware event (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Documentation cleanup (Randy Dunlap) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (Sreekanth Reddy) [Orabug: 34408138] - scsi: mpt3sas: Fix two kernel-doc headers (Bart Van Assche) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix out-of-bounds warnings in _ctl_addnl_diag_query (Gustavo A. R. Silva) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix endianness for ActiveCablePowerRequirement (Sreekanth Reddy) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Only one vSES is present even when IOC has multi vSES (Sreekanth Reddy) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix a typo (Bhaskar Chowdhury) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix a few kernel-doc issues (Lee Jones) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Force reply post buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Force reply buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Force sense buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Force chain buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Force PCIe scatterlist allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Replace unnecessary dynamic allocation with a static one (Gustavo A. R. Silva) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Do not use GFP_KERNEL in atomic context (Christophe JAILLET) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix some kernel-doc misnaming issues (Lee Jones) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix a couple of misdocumented functions/params (Lee Jones) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix a bunch of potential naming doc-rot (Lee Jones) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Move a little data from the stack onto the heap (Lee Jones) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix misspelling of _base_put_smid_default_atomic() (Lee Jones) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Additional diagnostic buffer query interface (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix ReplyPostFree pool allocation (Sreekanth Reddy) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Simplify bool comparison (YANG LI) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix spelling mistake in Kconfig 'compatiblity' -> 'compatibility' (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Signedness bug in _base_get_diag_triggers() (Dan Carpenter) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Block PCI config access from userspace during reset (Sreekanth Reddy) [Orabug: 34408138] - Linux 4.14.290 (Greg Kroah-Hartman) - PCI: hv: Fix interrupt mapping for multi-MSI (Jeffrey Hugo) - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (Jeffrey Hugo) - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (Jeffrey Hugo) - PCI: hv: Fix multi-MSI to allow more than one MSI vector (Jeffrey Hugo) - net: usb: ax88179_178a needs FLAG_SEND_ZLP (Jose Alonso) - tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() (Jiri Slaby) - tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() (Jiri Slaby) - tty: drop tty_schedule_flip() (Jiri Slaby) - tty: the rest, stop using tty_schedule_flip() (Jiri Slaby) - tty: drivers/tty/, stop using tty_schedule_flip() (Jiri Slaby) - Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (Luiz Augusto von Dentz) - Bluetooth: SCO: Fix sco_send_frame returning skb->len (Luiz Augusto von Dentz) - Bluetooth: Fix passing NULL to PTR_ERR (Luiz Augusto von Dentz) - Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (Luiz Augusto von Dentz) - Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (Luiz Augusto von Dentz) - Bluetooth: Add bt_skb_sendmmsg helper (Luiz Augusto von Dentz) - Bluetooth: Add bt_skb_sendmsg helper (Luiz Augusto von Dentz) - ALSA: memalloc: Align buffer allocations in page size (Takashi Iwai) - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - drm/tilcdc: Remove obsolete crtc_mode_valid() hack (Jyri Sarha) - bpf: Make sure mac_header was set before using it (Eric Dumazet) - mm/mempolicy: fix uninit-value in mpol_rebind_policy() (Wang Cheng) - Revert 'Revert 'char/random: silence a lockdep splat with printk()'' (Jason A. Donenfeld) - be2net: Fix buffer overflow in be_get_module_eeprom (Hristo Venev) - tcp: Fix a data-race around sysctl_tcp_notsent_lowat. (Kuniyuki Iwashima) - igmp: Fix a data-race around sysctl_igmp_max_memberships. (Kuniyuki Iwashima) - igmp: Fix data-races around sysctl_igmp_llm_reports. (Kuniyuki Iwashima) - net: stmmac: fix dma queue left shift overflow issue (Junxiao Chang) - i2c: cadence: Change large transfer count reset logic to be unconditional (Robert Hancock) - tcp: Fix a data-race around sysctl_tcp_probe_interval. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_probe_threshold. (Kuniyuki Iwashima) - tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. (Kuniyuki Iwashima) - ip: Fix a data-race around sysctl_fwmark_reflect. (Kuniyuki Iwashima) - perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (Peter Zijlstra) - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (Miaoqian Lin) - xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() (Hangyu Hua) - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (Demi Marie Obenour) - Linux 4.14.289 (Greg Kroah-Hartman) - can: m_can: m_can_tx_handler(): fix use after free of skb (Marc Kleine-Budde) - mm: invalidate hwpoison page cache page in fault path (Rik van Riel) - serial: 8250: fix return error code in serial8250_request_std_resource() (Yi Yang) - tty: serial: samsung_tty: set dma burst_size to 1 (Chanho Park) - usb: dwc3: gadget: Fix event pending check (Thinh Nguyen) - USB: serial: ftdi_sio: add Belimo device ids (Lucien Buchmann) - signal handling: don't use BUG_ON() for debugging (Linus Torvalds) - x86: Clear .brk area at early boot (Juergen Gross) - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (Stafford Horne) - ASoC: wm5110: Fix DRE control (Charles Keepax) - ASoC: ops: Fix off by one in range control validation (Mark Brown) - net: sfp: fix memory leak in sfp_probe() (Jianglei Nie) - NFC: nxp-nci: don't print header length mismatch on i2c error (Michael Walle) - net: tipc: fix possible refcount leak in tipc_sk_create() (Hangyu Hua) - platform/x86: hp-wmi: Ignore Sanitization Mode event (Kai-Heng Feng) - cpufreq: pmac32-cpufreq: Fix refcount leak bug (Liang He) - netfilter: br_netfilter: do not skip all hooks with 0 priority (Florian Westphal) - virtio_mmio: Restore guest page size on resume (Stephan Gerhold) - virtio_mmio: Add missing PM calls to freeze/restore (Stephan Gerhold) - sfc: fix kernel panic when creating VF (Inigo Huguet) - seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors (Andrea Mayer) - seg6: fix skb checksum evaluation in SRH encapsulation/insertion (Andrea Mayer) - sfc: fix use after free when disabling sriov (Inigo Huguet) - ipv4: Fix data-races around sysctl_ip_dynaddr. (Kuniyuki Iwashima) - icmp: Fix a data-race around sysctl_icmp_ratemask. (Kuniyuki Iwashima) - icmp: Fix a data-race around sysctl_icmp_ratelimit. (Kuniyuki Iwashima) - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (Michal Suchanek) - icmp: Fix data-races around sysctl. (Kuniyuki Iwashima) - cipso: Fix data-races around sysctl. (Kuniyuki Iwashima) - net: Fix data-races around sysctl_mem. (Kuniyuki Iwashima) - inetpeer: Fix data-races around sysctl. (Kuniyuki Iwashima) - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (Ard Biesheuvel) - xhci: make xhci_handshake timeout for xhci_reset() adjustable (Mathias Nyman) - xhci: bail out early if driver can't accress host in resume (Mathias Nyman) - net: dsa: bcm_sf2: force pause link settings (Doug Berger) - nilfs2: fix incorrect masking of permission flags for symlinks (Ryusuke Konishi) - cgroup: Use separate src/dst nodes when preloading css_sets for migration (Tejun Heo) - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (Ard Biesheuvel) - ARM: 9213/1: Print message about disabled Spectre workarounds only once (Dmitry Osipenko) - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (Steven Rostedt (Google)) - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (Juergen Gross) - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (Meng Tang) - ALSA: hda - Add fixup for Dell Latitidue E5430 (Meng Tang) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3028 CVE-2022-21499 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::developer_UEKR5 cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [4.14.35-2047.518.4.el7] - xfs: avoid race between writeback and data/cow fork changes (Wengang Wang) [Orabug: 34508036] [4.14.35-2047.518.3.el7] - KVM: SVM: Clear the CR4 register on reset (Babu Moger) [Orabug: 34617675] [4.14.35-2047.518.2.el7] - af_key: Do not call xfrm_probe_algs in parallel (Herbert Xu) [Orabug: 34566753] {CVE-2022-3028} - l2tp: fix tunnel lookup use-after-free race (James Chapman) [Orabug: 32504113] [4.14.35-2047.518.1.el7] - xfs: fix out of bound access (Junxiao Bi) [Orabug: 33089469] [Orabug: 34535011] - KVM: x86: use raw clock values consistently (Paolo Bonzini) [Orabug: 34362737] - KVM: x86: reorganize pvclock_gtod_data members (Paolo Bonzini) [Orabug: 34362737] - KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [Orabug: 34362737] - netfilter: ebtables: reject blobs that don't provide all entry points (Florian Westphal) [Orabug: 32176166] - sysfs: turn WARN() into pr_warn() (Greg Kroah-Hartman) [Orabug: 32176118] [4.14.35-2047.518.0.el7] - lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34543517] {CVE-2022-21499} - Revert 'debug: Lock down kgdb' (Alok Tiwari) [Orabug: 34543517] {CVE-2022-21499} - vmcoreinfo: add kallsyms_num_syms symbol (Stephen Brennan) [Orabug: 34475880] - vmcoreinfo: include kallsyms symbols (Stephen Brennan) [Orabug: 34475880] - kallsyms: move declarations to internal header (Stephen Brennan) [Orabug: 34475880] - mpt3sas: avoid SOFT_RESET on shutdown (John Donnelly) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Update driver version to 39.100.00.00 (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Use firmware recommended queue depth (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Transition IOC to Ready state during shutdown (Sreekanth Reddy) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix fall-through warnings for Clang (Gustavo A. R. Silva) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Handle firmware faults during first half of IOC init (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix deadlock while cancelling the running firmware event (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Documentation cleanup (Randy Dunlap) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (Sreekanth Reddy) [Orabug: 34408138] - scsi: mpt3sas: Fix two kernel-doc headers (Bart Van Assche) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix out-of-bounds warnings in _ctl_addnl_diag_query (Gustavo A. R. Silva) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix endianness for ActiveCablePowerRequirement (Sreekanth Reddy) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Only one vSES is present even when IOC has multi vSES (Sreekanth Reddy) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix a typo (Bhaskar Chowdhury) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix a few kernel-doc issues (Lee Jones) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Force reply post buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Force reply buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Force sense buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Force chain buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Force PCIe scatterlist allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Replace unnecessary dynamic allocation with a static one (Gustavo A. R. Silva) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Do not use GFP_KERNEL in atomic context (Christophe JAILLET) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix some kernel-doc misnaming issues (Lee Jones) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix a couple of misdocumented functions/params (Lee Jones) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix a bunch of potential naming doc-rot (Lee Jones) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Move a little data from the stack onto the heap (Lee Jones) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix misspelling of _base_put_smid_default_atomic() (Lee Jones) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Additional diagnostic buffer query interface (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix ReplyPostFree pool allocation (Sreekanth Reddy) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Simplify bool comparison (YANG LI) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Fix spelling mistake in Kconfig 'compatiblity' -> 'compatibility' (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Signedness bug in _base_get_diag_triggers() (Dan Carpenter) [Orabug: 33666018] [Orabug: 34408138] - scsi: mpt3sas: Block PCI config access from userspace during reset (Sreekanth Reddy) [Orabug: 34408138] - Linux 4.14.290 (Greg Kroah-Hartman) - PCI: hv: Fix interrupt mapping for multi-MSI (Jeffrey Hugo) - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (Jeffrey Hugo) - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (Jeffrey Hugo) - PCI: hv: Fix multi-MSI to allow more than one MSI vector (Jeffrey Hugo) - net: usb: ax88179_178a needs FLAG_SEND_ZLP (Jose Alonso) - tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() (Jiri Slaby) - tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() (Jiri Slaby) - tty: drop tty_schedule_flip() (Jiri Slaby) - tty: the rest, stop using tty_schedule_flip() (Jiri Slaby) - tty: drivers/tty/, stop using tty_schedule_flip() (Jiri Slaby) - Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (Luiz Augusto von Dentz) - Bluetooth: SCO: Fix sco_send_frame returning skb->len (Luiz Augusto von Dentz) - Bluetooth: Fix passing NULL to PTR_ERR (Luiz Augusto von Dentz) - Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (Luiz Augusto von Dentz) - Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (Luiz Augusto von Dentz) - Bluetooth: Add bt_skb_sendmmsg helper (Luiz Augusto von Dentz) - Bluetooth: Add bt_skb_sendmsg helper (Luiz Augusto von Dentz) - ALSA: memalloc: Align buffer allocations in page size (Takashi Iwai) - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - drm/tilcdc: Remove obsolete crtc_mode_valid() hack (Jyri Sarha) - bpf: Make sure mac_header was set before using it (Eric Dumazet) - mm/mempolicy: fix uninit-value in mpol_rebind_policy() (Wang Cheng) - Revert 'Revert 'char/random: silence a lockdep splat with printk()'' (Jason A. Donenfeld) - be2net: Fix buffer overflow in be_get_module_eeprom (Hristo Venev) - tcp: Fix a data-race around sysctl_tcp_notsent_lowat. (Kuniyuki Iwashima) - igmp: Fix a data-race around sysctl_igmp_max_memberships. (Kuniyuki Iwashima) - igmp: Fix data-races around sysctl_igmp_llm_reports. (Kuniyuki Iwashima) - net: stmmac: fix dma queue left shift overflow issue (Junxiao Chang) - i2c: cadence: Change large transfer count reset logic to be unconditional (Robert Hancock) - tcp: Fix a data-race around sysctl_tcp_probe_interval. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_probe_threshold. (Kuniyuki Iwashima) - tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. (Kuniyuki Iwashima) - ip: Fix a data-race around sysctl_fwmark_reflect. (Kuniyuki Iwashima) - perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (Peter Zijlstra) - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (Miaoqian Lin) - xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() (Hangyu Hua) - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (Demi Marie Obenour) - Linux 4.14.289 (Greg Kroah-Hartman) - can: m_can: m_can_tx_handler(): fix use after free of skb (Marc Kleine-Budde) - mm: invalidate hwpoison page cache page in fault path (Rik van Riel) - serial: 8250: fix return error code in serial8250_request_std_resource() (Yi Yang) - tty: serial: samsung_tty: set dma burst_size to 1 (Chanho Park) - usb: dwc3: gadget: Fix event pending check (Thinh Nguyen) - USB: serial: ftdi_sio: add Belimo device ids (Lucien Buchmann) - signal handling: don't use BUG_ON() for debugging (Linus Torvalds) - x86: Clear .brk area at early boot (Juergen Gross) - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (Stafford Horne) - ASoC: wm5110: Fix DRE control (Charles Keepax) - ASoC: ops: Fix off by one in range control validation (Mark Brown) - net: sfp: fix memory leak in sfp_probe() (Jianglei Nie) - NFC: nxp-nci: don't print header length mismatch on i2c error (Michael Walle) - net: tipc: fix possible refcount leak in tipc_sk_create() (Hangyu Hua) - platform/x86: hp-wmi: Ignore Sanitization Mode event (Kai-Heng Feng) - cpufreq: pmac32-cpufreq: Fix refcount leak bug (Liang He) - netfilter: br_netfilter: do not skip all hooks with 0 priority (Florian Westphal) - virtio_mmio: Restore guest page size on resume (Stephan Gerhold) - virtio_mmio: Add missing PM calls to freeze/restore (Stephan Gerhold) - sfc: fix kernel panic when creating VF (Inigo Huguet) - seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors (Andrea Mayer) - seg6: fix skb checksum evaluation in SRH encapsulation/insertion (Andrea Mayer) - sfc: fix use after free when disabling sriov (Inigo Huguet) - ipv4: Fix data-races around sysctl_ip_dynaddr. (Kuniyuki Iwashima) - icmp: Fix a data-race around sysctl_icmp_ratemask. (Kuniyuki Iwashima) - icmp: Fix a data-race around sysctl_icmp_ratelimit. (Kuniyuki Iwashima) - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (Michal Suchanek) - icmp: Fix data-races around sysctl. (Kuniyuki Iwashima) - cipso: Fix data-races around sysctl. (Kuniyuki Iwashima) - net: Fix data-races around sysctl_mem. (Kuniyuki Iwashima) - inetpeer: Fix data-races around sysctl. (Kuniyuki Iwashima) - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (Ard Biesheuvel) - xhci: make xhci_handshake timeout for xhci_reset() adjustable (Mathias Nyman) - xhci: bail out early if driver can't accress host in resume (Mathias Nyman) - net: dsa: bcm_sf2: force pause link settings (Doug Berger) - nilfs2: fix incorrect masking of permission flags for symlinks (Ryusuke Konishi) - cgroup: Use separate src/dst nodes when preloading css_sets for migration (Tejun Heo) - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (Ard Biesheuvel) - ARM: 9213/1: Print message about disabled Spectre workarounds only once (Dmitry Osipenko) - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (Steven Rostedt (Google)) - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (Juergen Gross) - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (Meng Tang) - ALSA: hda - Add fixup for Dell Latitidue E5430 (Meng Tang) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21499 CVE-2022-3028 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.312.3.4] - Revert 'fs: check FMODE_LSEEK to control internal pipe splicing' (Saeed Mirzamohammadi) [Orabug: 34666845] [5.4.17-2136.312.3.3] cpus_read_lock() deadlock (Tejun Heo) [Orabug: 34607590] - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree (Tejun Heo) [Orabug: 34607590] - cgroup: Optimize single thread migration (Michal Koutny) [Orabug: 34607590] - Revert 'cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()' (Imran Khan) [Orabug: 34607590] cpus_read_lock() deadlock' (Imran Khan) [Orabug: 34607590] - x86/MCE/AMD, EDAC/mce_amd: Support non-uniform MCA bank type enumeration (Yazen Ghannam) [Orabug: 34120320] - x86/MCE/AMD, EDAC/mce_amd: Add new SMCA bank types (Yazen Ghannam) [Orabug: 34120320] - x86/MCE/AMD, EDAC/mce_amd: Add new SMCA bank types (Muralidhara M K) [Orabug: 34120320] - x86/mce: Increase maximum number of banks to 64 (Akshay Gupta) [Orabug: 34120320] - x86/MCE/AMD, EDAC/amd64: Move address translation to AMD64 EDAC (Yazen Ghannam) [Orabug: 34120320] - x86/MCE/AMD: Export smca_get_bank_type symbol (Mukul Joshi) [Orabug: 34120320] - EDAC/amd64: Add support for AMD Family 19h Models 10h-1Fh and A0h-AFh (Yazen Ghannam) [Orabug: 34120320] - EDAC/amd64: Set proper family type for Family 19h Models 20h-2Fh (Yazen Ghannam) [Orabug: 34120320] - EDAC: Add RDDR5 and LRDDR5 memory types (Yazen Ghannam) [Orabug: 34120320] - hwmon: (k10temp) Support up to 12 CCDs on AMD Family of processors (Babu Moger) [Orabug: 34120320] - hwmon: (k10temp) Add support for AMD Family 19h Models 10h-1Fh and A0h-AFh (Babu Moger) [Orabug: 34120320] - x86/amd_nb: Add AMD Family 19h Models (10h-1Fh) and (A0h-AFh) PCI IDs (Yazen Ghannam) [Orabug: 34120320] - hwmon: (k10temp) Remove unused definitions (Babu Moger) [Orabug: 34120320] - hwmon: (k10temp) Remove residues of current and voltage (suma hegde) [Orabug: 34120320] - hwmon: (k10temp) Add support for yellow carp (Mario Limonciello) [Orabug: 34120320] - hwmon: (k10temp) Rework the temperature offset calculation (Mario Limonciello) [Orabug: 34120320] - hwmon: (k10temp) Don't show Tdie for all Zen/Zen2/Zen3 CPU/APU (Mario Limonciello) [Orabug: 34120320] - hwmon: (k10temp) Add additional missing Zen2 and Zen3 APUs (Mario Limonciello) [Orabug: 34120320] - hwmon: (k10temp) support Zen3 APUs (David Bartley) [Orabug: 34120320] - x86/amd_nb: Add AMD family 19h model 50h PCI ids (David Bartley) [Orabug: 34120320] - hwmon: (k10temp) Zen3 Ryzen Desktop CPUs support (Gabriel Craciunescu) [Orabug: 34120320] - hwmon: (k10temp) Remove support for displaying voltage and current on Zen CPUs (Guenter Roeck) [Orabug: 34120320] - hwmon: (k10temp) Add support for Zen3 CPUs (Wei Huang) [Orabug: 34120320] - hwmon: (k10temp) Take out debugfs code (Guenter Roeck) [Orabug: 34120320] - hwmon: (k10temp) Define SVI telemetry and current factors for Zen2 CPUs (Wei Huang) [Orabug: 34120320] - hwmon: (k10temp) Create common functions and macros for Zen CPU families (Wei Huang) [Orabug: 34120320] - hwmon: (k10temp) make some symbols static (Jason Yan) [Orabug: 34120320] - hwmon: (k10temp) Reorganize and simplify temperature support detection (Guenter Roeck) [Orabug: 34120320] - Revert 'hwmon: (k10temp) Add support for Zen3 CPUs' (Dave Kleikamp) [Orabug: 34120320] - uek-rpm: add missing nft_chain_nat.ko module (Venkat Venkatsubra) [Orabug: 34553255] - random: Fix incorrect type for 'rc' variable (Harshit Mogalapalli) [Orabug: 34601349] - hwmon: (opbmc) Add support for AST2600 based Pilot (Jan Zdarek) [Orabug: 34605428] - KVM: SVM: Clear the CR4 register on reset (Babu Moger) [Orabug: 34610277] - x86,swiotlb: Adjust SWIOTLB bounce buffer size for SEV guests (Ashish Kalra) [Orabug: 34626337] [5.4.17-2136.312.3.2] - netfilter: ebtables: reject blobs that don't provide all entry points (Florian Westphal) [Orabug: 34513978] - uek-rpm: Disable CONFIG_CRYPTO_STREEBOG (Victor Erminpour) [Orabug: 34557344] - uek-rpm: Disable CONFIG_CRYPTO_SM3 (Victor Erminpour) [Orabug: 34557344] - uek-rpm: Disable CONFIG_CRYPTO_SM4 (Victor Erminpour) [Orabug: 34557344] - uek-rpm: Add nftables support T93 and Ortano (Henry Willard) [Orabug: 34561703] - af_key: Do not call xfrm_probe_algs in parallel (Herbert Xu) [Orabug: 34566752] {CVE-2022-3028} - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (Tetsuo Handa) [Orabug: 34567777] cpus_read_lock() deadlock (Tejun Heo) [Orabug: 34567777] [5.4.17-2136.312.3.1] - audit: use extern storage class for audit_filter_syscall() (Ankur Arora) [Orabug: 33697500] - audit: annotate branch direction for audit_in_mask() (Ankur Arora) [Orabug: 33697500] - audit: cache ctx->major in audit_filter_syscall() (Ankur Arora) [Orabug: 33697500] - video: vga16fb: Only probe for EGA and VGA 16 color graphic cards (Javier Martinez Canillas) [Orabug: 34580817] - KVM: arm: vgic: Only use the virtual state when userspace accesses enable bits (Marc Zyngier) [Orabug: 34580807] - uek-rpm: mips: enable CRYTPTO_USER config options (Dave Kleikamp) [Orabug: 34580802] [5.4.17-2136.312.3] - LTS tag: v5.4.211 (Sherry Yang) - btrfs: raid56: don't trust any cached sector in __raid56_parity_recover() (Qu Wenruo) - btrfs: only write the sectors in the vertical stripe which has data stripes (Qu Wenruo) - can: j1939: j1939_session_destroy(): fix memory leak of skbs (Fedor Pchelkin) - can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() (Fedor Pchelkin) - tracing/probes: Have kprobes and uprobes use too (Steven Rostedt (Google)) - MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 (Nathan Chancellor) - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (Zheyu Ma) - powerpc/64: Init jump labels before parse_early_param() (Zhouyi Zhou) - smb3: check xattr value length earlier (Steve French) - f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() (Chao Yu) - ALSA: timer: Use deferred fasync helper (Takashi Iwai) - ALSA: core: Add async signal helpers (Takashi Iwai) - powerpc/32: Don't always pass -mcpu=powerpc to the compiler (Christophe Leroy) - watchdog: export lockup_detector_reconfigure (Laurent Dufour) - RISC-V: Add fast call path of crash_kexec() (Xianting Tian) - riscv: mmap with PROT_WRITE but no PROT_READ is invalid (Celeste Liu) - mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start (Liang He) - vfio: Clear the caps->buf to NULL after free (Schspa Shi) - tty: serial: Fix refcount leak bug in ucc_uart.c (Liang He) - lib/list_debug.c: Detect uninitialized lists (Guenter Roeck) - ext4: avoid resizing to a partial cluster size (Kiselev, Oleg) - ext4: avoid remove directory when directory is corrupted (Ye Bin) - drivers:md:fix a potential use-after-free bug (Wentao_Liang) - nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (Sagi Grimberg) - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (Uwe Kleine-Konig) - selftests/kprobe: Do not test for GRP/ without event failures (Steven Rostedt (Google)) - um: add 'noreboot' command line option for PANIC_TIMEOUT=-1 setups (Jason A. Donenfeld) - PCI/ACPI: Guard ARM64-specific mcfg_quirks (Huacai Chen) - cxl: Fix a memory leak in an error handling path (Christophe JAILLET) - gadgetfs: ep_io - wait until IRQ finishes (Jozef Martiniak) - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (James Smart) - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (Robert Marko) - vboxguest: Do not use devm for irq (Pascal Terjan) - usb: renesas: Fix refcount leak bug (Liang He) - usb: host: ohci-ppc-of: Fix refcount leak bug (Liang He) - drm/meson: Fix overflow implicit truncation warnings (Sai Prakash Ranjan) - irqchip/tegra: Fix overflow implicit truncation warnings (Sai Prakash Ranjan) - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (Michael Grzeschik) - usb: cdns3 fix use-after-free at workaround 2 (Frank Li) - PCI: Add ACS quirk for Broadcom BCM5750x NICs (Pavan Chebbi) - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (Liang He) - locking/atomic: Make test_and_*_bit() ordered on failure (Hector Martin) - gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file (Andrew Donnellan) - igb: Add lock to avoid data race (Lin Ma) - fec: Fix timer capture timing in fec_ptp_enable_pps() (Csokas Bence) - i40e: Fix to stop tx_timeout recovery if GLOBR fails (Alan Brady) - ice: Ignore EEXIST when setting promisc mode (Grzegorz Siwik) - net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry (Arun Ramadoss) - net: moxa: pass pdev instead of ndev to DMA functions (Sergei Antonov) - net: dsa: mv88e6060: prevent crash on an unused port (Sergei Antonov) - powerpc/pci: Fix get_phb_number() locking (Michael Ellerman) - netfilter: nf_tables: really skip inactive sets when allocating name (Pablo Neira Ayuso) - clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (Alex Bee) - iavf: Fix adminq error handling (Przemyslaw Patynowski) - nios2: add force_successful_syscall_return() (Al Viro) - nios2: restarts apply only to the first sigframe we build... (Al Viro) - nios2: fix syscall restart checks (Al Viro) - nios2: traced syscall does need to check the syscall number (Al Viro) - nios2: don't leave NULLs in sys_call_table[] (Al Viro) - nios2: page fault et.al. are *not* restartable syscalls... (Al Viro) - tee: add overflow check in register_shm_helper() (Jens Wiklander) - dpaa2-eth: trace the allocated address instead of page struct (Chen Lin) - atm: idt77252: fix use-after-free bugs caused by tst_timer (Duoming Zhou) - xen/xenbus: fix return type in xenbus_file_read() (Dan Carpenter) - nfp: ethtool: fix the display error of ethtool -m DEVNAME (Yu Xiao) - NTB: ntb_tool: uninitialized heap data in tool_fn_write() (Dan Carpenter) - tools build: Switch to new openssl API for test-libcrypto (Roberto Sassu) - tools/vm/slabinfo: use alphabetic order when two values are equal (Yuanzheng Song) - dt-bindings: arm: qcom: fix MSM8916 MTP compatibles (Krzysztof Kozlowski) - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (Peilin Ye) - vsock: Fix memory leak in vsock_connect() (Peilin Ye) - plip: avoid rcu debug splat (Florian Westphal) - geneve: do not use RT_TOS for IPv6 flowlabel (Matthias May) - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (Sakari Ailus) - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (Samuel Holland) - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (Nikita Travkin) - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (Miaoqian Lin) - net: bgmac: Fix a BUG triggered by wrong bytes_compl (Sandor Bodo-Merle) - devlink: Fix use-after-free after a failed reload (Ido Schimmel) - SUNRPC: Reinitialise the backchannel request buffers before reuse (Trond Myklebust) - sunrpc: fix expiry of auth creds (Dan Aloni) - can: mcp251x: Fix race condition on receive interrupt (Sebastian Wurl) - NFSv4/pnfs: Fix a use-after-free bug in open (Trond Myklebust) - NFSv4.1: RECLAIM_COMPLETE must handle EACCES (Zhang Xianwei) - NFSv4: Fix races in the legacy idmapper upcall (Trond Myklebust) - NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (Trond Myklebust) - NFSv4.1: Don't decrease the value of seq_nr_highest_sent (Trond Myklebust) - Documentation: ACPI: EINJ: Fix obsolete example (Qifu Zhang) - apparmor: Fix memleak in aa_simple_write_to_buffer() (Xiu Jianfeng) - apparmor: fix reference count leak in aa_pivotroot() (Xin Xiong) - apparmor: fix overlapping attachment computation (John Johansen) - apparmor: fix aa_label_asxprint return check (Tom Rix) - apparmor: Fix failed mount permission check error message (John Johansen) - apparmor: fix absroot causing audited secids to begin with = (John Johansen) - apparmor: fix quiet_denied for file rules (John Johansen) - can: ems_usb: fix clang's -Wunaligned-access warning (Marc Kleine-Budde) - tracing: Have filter accept 'common_cpu' to be consistent (Steven Rostedt (Google)) - btrfs: fix lost error handling when looking up extended ref on log replay (Filipe Manana) - mmc: pxamci: Fix an error handling path in pxamci_probe() (Christophe JAILLET) - mmc: pxamci: Fix another error handling path in pxamci_probe() (Christophe JAILLET) - ata: libata-eh: Add missing command name (Damien Le Moal) - ALSA: info: Fix llseek return value when using callback (Amadeusz Slawinski) - net_sched: cls_route: disallow handle of 0 (Jamal Hadi Salim) - net/9p: Initialize the iounit field during fid creation (Tyler Hicks) - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (Luiz Augusto von Dentz) - Revert 'net: usb: ax88179_178a needs FLAG_SEND_ZLP' (Jose Alonso) - scsi: sg: Allow waiting for commands to complete on removed device (Tony Battersby) - tcp: fix over estimation in sk_forced_mem_schedule() (Eric Dumazet) - btrfs: reject log replay if there is unsupported RO compat flag (Qu Wenruo) - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (Alexander Lobakin) - firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (Sudeep Holla) - timekeeping: contribute wall clock to rng on time change (Jason A. Donenfeld) - ACPI: CPPC: Do not prevent CPPC from working in the future (Rafael J. Wysocki) - dm writecache: set a default MAX_WRITEBACK_JOBS (Mikulas Patocka) - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (Luo Meng) - dm raid: fix address sanitizer warning in raid_status (Mikulas Patocka) - dm raid: fix address sanitizer warning in raid_resume (Mikulas Patocka) - intel_th: pci: Add Meteor Lake-P support (Alexander Shishkin) - intel_th: pci: Add Raptor Lake-S PCH support (Alexander Shishkin) - intel_th: pci: Add Raptor Lake-S CPU support (Alexander Shishkin) - ext4: correct the misjudgment in ext4_iget_extra_inode (Baokun Li) - ext4: correct max_inline_xattr_value_size computing (Baokun Li) - ext4: fix extent status tree race in writeback error recovery path (Eric Whitney) - ext4: update s_overhead_clusters in the superblock during an on-line resize (Theodore Ts'o) - ext4: fix use-after-free in ext4_xattr_set_entry (Baokun Li) - ext4: make sure ext4_append() always allocates new block (Lukas Czerner) - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (Baokun Li) - btrfs: reset block group chunk force if we have to wait (Josef Bacik) - tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH (Huacai Chen) - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (Michal Suchanek) - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (David Collins) - x86/olpc: fix 'logical not is only applied to the left hand side' (Alexander Lobakin) - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (Quinn Tran) - scsi: qla2xxx: Turn off multi-queue for 8G adapters (Quinn Tran) - scsi: qla2xxx: Fix discovery issues in FC-AL topology (Arun Easi) - scsi: zfcp: Fix missing auto port scan and thus missing target ports (Steffen Maier) - video: fbdev: s3fb: Check the size of screen before memset_io() (Zheyu Ma) - video: fbdev: arkfb: Check the size of screen before memset_io() (Zheyu Ma) - video: fbdev: vt8623fb: Check the size of screen before memset_io() (Zheyu Ma) - tools/thermal: Fix possible path truncations (Florian Fainelli) - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (Zheyu Ma) - x86/numa: Use cpumask_available instead of hardcoded NULL check (Siddh Raman Pant) - scripts/faddr2line: Fix vmlinux detection on arm64 (Josh Poimboeuf) - genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO (Arnaldo Carvalho de Melo) - powerpc/pci: Fix PHB numbering when using opal-phbid (Michael Ellerman) - kprobes: Forbid probing on trampoline and BPF code areas (Chen Zhongjin) - perf symbol: Fail to read phdr workaround (Ian Rogers) - powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address (Miaoqian Lin) - powerpc/xive: Fix refcount leak in xive_get_max_prio (Miaoqian Lin) - powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader (Miaoqian Lin) - powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias (Pali Rohar) - powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32 (Christophe Leroy) - video: fbdev: sis: fix typos in SiS_GetModeID() (Rustam Subkhankulov) - video: fbdev: amba-clcd: Fix refcount leak bugs (Liang He) - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (William Dean) - ASoC: audio-graph-card: Add of_node_put() in fail path (Liang He) - fuse: Remove the control interface for virtio-fs (Xie Yongji) - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (Christophe JAILLET) - s390/zcore: fix race when reading from hardware system area (Alexander Gordeev) - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (Liang He) - mfd: max77620: Fix refcount leak in max77620_initialise_fps (Miaoqian Lin) - mfd: t7l66xb: Drop platform disable callback (Uwe Kleine-Konig) - kfifo: fix kfifo_to_user() return type (Dan Carpenter) - rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge (Miaoqian Lin) - iommu/exynos: Handle failed IOMMU device registration properly (Sam Protsenko) - tty: n_gsm: fix missing corner cases in gsmld_poll() (Daniel Starke) - tty: n_gsm: fix DM command (Daniel Starke) - tty: n_gsm: fix wrong T1 retry count handling (Daniel Starke) - vfio/ccw: Do not change FSM state in subchannel event (Eric Farman) - remoteproc: qcom: wcnss: Fix handling of IRQs (Sireesh Kodali) - tty: n_gsm: fix race condition in gsmld_write() (Daniel Starke) - tty: n_gsm: fix packet re-transmission without open control channel (Daniel Starke) - tty: n_gsm: fix non flow control frames during mux flow off (Daniel Starke) - profiling: fix shift too large makes kernel panic (Chen Zhongjin) - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (Srinivas Kandagatla) - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (Srinivas Kandagatla) - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (Ilpo Jarvinen) - ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe (Miaoqian Lin) - ASoC: codecs: da7210: add check for i2c_add_driver (Jiasheng Jiang) - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (Miaoqian Lin) - ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe (Miaoqian Lin) - opp: Fix error check in dev_pm_opp_attach_genpd() (Tang Bin) - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (Zhihao Cheng) - ext4: recover csum seed of tmp_inode after migrating to extents (Li Lingfeng) - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (Zhang Yi) - null_blk: fix ida error handling in null_add_dev() (Dan Carpenter) - RDMA/rxe: Fix error unwind in rxe_create_qp() (Zhu Yanjun) - mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region (Miaohe Lin) - platform/olpc: Fix uninitialized data in debugfs write (Dan Carpenter) - USB: serial: fix tty-port initialized comments (Johan Hovold) - PCI: tegra194: Fix link up retry sequence (Vidya Sagar) - PCI: tegra194: Fix Root Port interrupt handling (Vidya Sagar) - HID: alps: Declare U1_UNICORN_LEGACY support (Artem Borisov) - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (Liang He) - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (Liang He) - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (Liang He) - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (Jianglei Nie) - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (Cheng Xu) - RDMA/hns: Fix incorrect clearing of interrupt status register (Haoyue Xu) - usb: gadget: udc: amd5536 depends on HAS_DMA (Randy Dunlap) - scsi: smartpqi: Fix DMA direction for RAID requests (Mahesh Rajashekhara) - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (Eugen Hristev) - memstick/ms_block: Fix a memory leak (Christophe JAILLET) - memstick/ms_block: Fix some incorrect memory allocation (Christophe JAILLET) - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (Miaoqian Lin) - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (Duoming Zhou) - intel_th: msu: Fix vmalloced buffers (Alexander Shishkin) - intel_th: msu-sink: Potential dereference of null pointer (Jiasheng Jiang) - intel_th: Fix a resource leak in an error handling path (Christophe JAILLET) - soundwire: bus_type: fix remove and shutdown support (Pierre-Louis Bossart) - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (Vladimir Zapolskiy) - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (Robert Marko) - clk: qcom: ipq8074: fix NSS port frequency tables (Robert Marko) - usb: host: xhci: use snprintf() in xhci_decode_trb() (Sergey Shtylyov) - clk: qcom: clk-krait: unlock spin after mux completion (Ansuel Smith) - driver core: fix potential deadlock in __driver_attach (Zhang Wensheng) - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (Christophe JAILLET) - clk: mediatek: reset: Fix written reset bit offset (Rex-BC Chen) - usb: xhci: tegra: Fix error check (Tang Bin) - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (Miaoqian Lin) - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (Miaoqian Lin) - fpga: altera-pr-ip: fix unsigned comparison with less than zero (Marco Pagani) - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (Uwe Kleine-Konig) - mtd: partitions: Fix refcount leak in parse_redboot_of (Miaoqian Lin) - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (Duoming Zhou) - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (Harshit Mogalapalli) - mtd: rawnand: meson: Fix a potential double free issue (Christophe JAILLET) - mtd: maps: Fix refcount leak in ap_flash_init (Miaoqian Lin) - mtd: maps: Fix refcount leak in of_flash_probe_versatile (Miaoqian Lin) - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (Ralph Siemsen) - dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock (Hangyu Hua) - net: rose: fix netdev reference changes (Eric Dumazet) - netdevsim: Avoid allocation warnings triggered from user space (Jakub Kicinski) - iavf: Fix max_rate limiting (Przemyslaw Patynowski) - crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of (Pali Rohar) - net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (Maxim Mikityanskiy) - wifi: libertas: Fix possible refcount leak in if_usb_probe() (Hangyu Hua) - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (Jose Ignacio Tornos Martinez) - wifi: wil6210: debugfs: fix uninitialized variable use in wil_write_file_wmi() (Ammar Faizi) - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (Liang He) - i2c: cadence: Support PEC for SMBus block read (Lars-Peter Clausen) - Bluetooth: hci_intel: Add check for platform_driver_register (Jiasheng Jiang) - can: pch_can: pch_can_error(): initialize errc before using it (Vincent Mailhol) - can: error: specify the values of data[5..7] of CAN error frames (Vincent Mailhol) - can: usb_8dev: do not report txerr and rxerr during bus-off (Vincent Mailhol) - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (Vincent Mailhol) - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (Vincent Mailhol) - can: sun4i_can: do not report txerr and rxerr during bus-off (Vincent Mailhol) - can: hi311x: do not report txerr and rxerr during bus-off (Vincent Mailhol) - can: sja1000: do not report txerr and rxerr during bus-off (Vincent Mailhol) - can: rcar_can: do not report txerr and rxerr during bus-off (Vincent Mailhol) - can: pch_can: do not report txerr and rxerr during bus-off (Vincent Mailhol) - selftests/bpf: fix a test for snprintf() overflow (Dan Carpenter) - wifi: p54: add missing parentheses in p54_flush() (Rustam Subkhankulov) - wifi: p54: Fix an error handling path in p54spi_probe() (Christophe JAILLET) - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (Dan Carpenter) - fs: check FMODE_LSEEK to control internal pipe splicing (Jason A. Donenfeld) - selftests: timers: clocksource-switch: fix passing errors from child (Wolfram Sang) - selftests: timers: valid-adjtimex: build fix for newer toolchains (Wolfram Sang) - libbpf: Fix the name of a reused map (Anquan Wu) - tcp: make retransmitted SKB fit into the send window (Yonglong Li) - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed. (Jian Zhang) - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (Liang He) - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment (AngeloGioacchino Del Regno) - crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq (Zhengchao Shao) - drm/msm/mdp5: Fix global state lock backoff (Rob Clark) - drm: bridge: sii8620: fix possible off-by-one (Hangyu Hua) - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (Guillaume Ranquet) - drm/mediatek: dpi: Remove output format of YUV (Bo-Chen Chen) - drm/rockchip: Fix an error handling path rockchip_dp_probe() (Christophe JAILLET) - drm/rockchip: vop: Don't crash for invalid duplicate_state() (Brian Norris) - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (Qian Cai) - drm/vc4: dsi: Correct DSI divider calculations (Dave Stevenson) - drm/vc4: plane: Fix margin calculations for the right/bottom edges (Dave Stevenson) - drm/vc4: plane: Remove subpixel positioning check (Dom Cobley) - media: hdpvr: fix error value returns in hdpvr_read (Niels Dossche) - drm/mcde: Fix refcount leak in mcde_dsi_bind (Miaoqian Lin) - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (Jiasheng Jiang) - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (Alexey Kodanev) - ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (Pavel Skripkin) - media: tw686x: Register the irq at the end of probe (Zheyu Ma) - i2c: Fix a potential use after free (Xu Wang) - drm: adv7511: override i2c address of cec before accessing it (Antonio Borneo) - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (Xinlei Lee) - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (Alexey Kodanev) - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (Yunhao Tian) - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (Dan Carpenter) - ath10k: do not enforce interrupt trigger type (Krzysztof Kozlowski) - dm: return early from dm_pr_call() if DM device is suspended (Mike Snitzer) - thermal/tools/tmon: Include pthread and time headers in tmon.h (Markus Mayer) - nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() (Nicolas Saenz Julienne) - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (Liang He) - blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created (Ming Lei) - erofs: avoid consecutive detection for Highmem memory (Gao Xiang) - arm64: dts: mt7622: fix BPI-R64 WPS button (Nick Hainke) - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (Yang Yingliang) - ARM: dts: qcom: pm8841: add required thermal-sensor-cells (Krzysztof Kozlowski) - soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register (Miaoqian Lin) - cpufreq: zynq: Fix refcount leak in zynq_get_revision (Miaoqian Lin) - ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init (Miaoqian Lin) - ARM: OMAP2+: Fix refcount leak in omapdss_init_of (Miaoqian Lin) - ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg (Krzysztof Kozlowski) - soc: fsl: guts: machine variable might be unset (Michael Walle) - ARM: dts: ast2600-evb: fix board compatible (Krzysztof Kozlowski) - ARM: dts: ast2500-evb: fix board compatible (Krzysztof Kozlowski) - x86/pmem: Fix platform-device leak in error path (Johan Hovold) - ARM: bcm: Fix refcount leak in bcm_kona_smc_init (Miaoqian Lin) - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (Miaoqian Lin) - ARM: findbit: fix overflowing offset (Russell King (Oracle)) - spi: spi-rspi: Fix PIO fallback on RZ platforms (Biju Das) - selinux: Add boundary check in put_entry() (Xiu Jianfeng) - PM: hibernate: defer device probing when resuming from hibernation (Tetsuo Handa) - ARM: shmobile: rcar-gen2: Increase refcount for new reference (Liang He) - arm64: dts: allwinner: a64: orangepi-win: Fix LED node name (Samuel Holland) - arm64: dts: qcom: ipq8074: fix NAND node name (Robert Marko) - ACPI: LPSS: Fix missing check in register_device_clock() (huhai) - ACPI: PM: save NVS memory for Lenovo G40-45 (Manyi Li) - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (Hans de Goede) - ARM: OMAP2+: display: Fix refcount leak bug (Liang He) - spi: synquacer: Add missing clk_disable_unprepare() (Guo Mengqi) - ARM: dts: imx6ul: fix qspi node compatible (Alexander Stein) - ARM: dts: imx6ul: fix lcdif node compatible (Alexander Stein) - ARM: dts: imx6ul: fix csi node compatible (Alexander Stein) - ARM: dts: imx6ul: change operating-points to uint32-matrix (Alexander Stein) - ARM: dts: imx6ul: add missing properties for sram (Alexander Stein) - wait: Fix __wait_event_hrtimeout for RT/DL tasks (Juri Lelli) - genirq: Don't return error on missing optional irq_request_resources() (Antonio Borneo) - ext2: Add more validity checks for inode counts (Jan Kara) - arm64: fix oops in concurrently setting insn_emulation sysctls (haibinzhang () - arm64: Do not forget syscall when starting a new thread. (Francis Laniel) - x86: Handle idle=nomwait cmdline properly for x86_idle (Wyes Karny) - epoll: autoremove wakers even more aggressively (Benjamin Segall) - netfilter: nf_tables: fix null deref due to zeroed list head (Florian Westphal) - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (Kunihiko Hayashi) - ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC (Kunihiko Hayashi) - USB: HCD: Fix URB giveback issue in tasklet function (Weitao Wang) - coresight: Clear the connection field properly (Suzuki K Poulose) - MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK (Huacai Chen) - powerpc/powernv: Avoid crashing if rng is NULL (Michael Ellerman) - powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E (Christophe Leroy) - powerpc/fsl-pci: Fix Class Code of PCIe Root Port (Pali Rohar) - PCI: Add defines for normal and subtractive PCI bridges (Pali Rohar) - ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr() (Alexander Lobakin) - md-raid10: fix KASAN warning (Mikulas Patocka) - serial: mvebu-uart: uart2 error bits clearing (Narendra Hadke) - fuse: limit nsec (Miklos Szeredi) - iio: light: isl29028: Fix the warning in isl29028_remove() (Zheyu Ma) - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (Leo Li) - drm/nouveau: fix another off-by-one in nvbios_addr (Timur Tabi) - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (Dmitry Osipenko) - parisc: io_pgetevents_time64() needs compat syscall in 32-bit compat mode (Helge Deller) - parisc: Fix device names in /proc/iomem (Helge Deller) - ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh() (Jiachen Zhang) - usbnet: Fix linkwatch use-after-free on disconnect (Lukas Wunner) - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (Helge Deller) - thermal: sysfs: Fix cooling_device_stats_setup() error code path (Rafael J. Wysocki) - fs: Add missing umask strip in vfs_tmpfile (Yang Xu) - vfs: Check the truncate maximum size in inode_newsize_ok() (David Howells) - tty: vt: initialize unicode screen buffer (Tetsuo Handa) - ALSA: hda/realtek: Add quirk for another Asus K42JZ model (Meng Tang) - ALSA: hda/cirrus - support for iMac 12,1 model (Allen Ballway) - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (Meng Tang) - mm/mremap: hold the rmap lock in write mode when moving page table entries. (Aneesh Kumar K.V) - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (Sean Christopherson) - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (Sean Christopherson) - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (Sean Christopherson) - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (Sean Christopherson) - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (Sean Christopherson) - HID: wacom: Don't register pad_input for touch switch (Ping Cheng) - HID: wacom: Only report rotation for art pen (Ping Cheng) - add barriers to buffer_uptodate and set_buffer_uptodate (Mikulas Patocka) - wifi: mac80211_hwsim: use 32-bit skb cookie (Johannes Berg) - wifi: mac80211_hwsim: add back erroneously removed cast (Johannes Berg) - wifi: mac80211_hwsim: fix race condition in pending packet (Jeongik Cha) - igc: Remove _I_PHY_ID checking (Sasha Neftin) - ALSA: bcd2000: Fix a UAF bug on the error path of probing (Zheyu Ma) - scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (Nilesh Javali) - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (Nick Desaulniers) - Makefile: link with -z noexecstack --no-warn-rwx-segments (Nick Desaulniers) - LTS tag: v5.4.210 (Sherry Yang) - macintosh/adb: fix oob read in do_adb_query() function (Ning Qiang) - media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls (Chen-Yu Tsai) - selftests: KVM: Handle compiler optimizations in ucall (Raghavendra Rao Ananta) - KVM: Don't null dereference ops->destroy (Alexey Kardashevskiy) - selftests/bpf: Fix 'dubious pointer arithmetic' test (Jean-Philippe Brucker) - selftests/bpf: Fix test_align verifier log patterns (Stanislav Fomichev) - bpf: Test_verifier, #70 error message updates for 32-bit right shift (John Fastabend) - selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads (Jakub Sitnicki) - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (John Fastabend) - ACPI: APEI: Better fix to avoid spamming the console with old error logs (Tony Luck) - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (Werner Sembach) - ACPI: video: Force backlight native for some TongFang devices (Werner Sembach) - thermal: Fix NULL pointer dereferences in of_thermal_ functions (Subbaraman Narayanamurthy) - LTS tag: v5.4.209 (Sherry Yang) - scsi: core: Fix race between handling STS_RESOURCE and completion (Ming Lei) - mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle. (Wei Mingzhi) - ARM: crypto: comment out gcc warning that breaks clang builds (Greg Kroah-Hartman) - sctp: leave the err path free in sctp_stream_init to sctp_stream_free (Xin Long) - sfc: disable softirqs for ptp TX (Alejandro Lucero) - perf symbol: Correct address for bss symbols (Leo Yan) - virtio-net: fix the race between refill work and close (Jason Wang) - netfilter: nf_queue: do not allow packet truncation below transport header offset (Florian Westphal) - sctp: fix sleep in atomic context bug in timer handlers (Duoming Zhou) - i40e: Fix interface init with MSI interrupts (no MSI-X) (Michal Maloszewski) - tcp: Fix a data-race around sysctl_tcp_comp_sack_nr. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns. (Kuniyuki Iwashima) - Documentation: fix sctp_wmem in ip-sysctl.rst (Xin Long) - tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_autocorking. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_min_tso_segs. (Kuniyuki Iwashima) - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (Liang He) - igmp: Fix data-races around sysctl_igmp_qrv. (Kuniyuki Iwashima) - ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr (Ziyang Xuan) - net: ping6: Fix memleak in ipv6_renew_options(). (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_limit_output_bytes. (Kuniyuki Iwashima) - scsi: ufs: host: Hold reference returned by of_parse_phandle() (Liang He) - ice: do not setup vlan for loopback VSI (Maciej Fijalkowski) - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (Maciej Fijalkowski) - tcp: Fix a data-race around sysctl_tcp_nometrics_save. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_frto. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_adv_win_scale. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_app_win. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_dsack. (Kuniyuki Iwashima) - ntfs: fix use-after-free in ntfs_ucsncmp() (ChenXiaoSong) - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (Luiz Augusto von Dentz) - LTS tag: v5.4.208 (Sherry Yang) - x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (Jan Beulich) - net: usb: ax88179_178a needs FLAG_SEND_ZLP (Jose Alonso) - tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() (Jiri Slaby) - tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() (Jiri Slaby) - tty: drop tty_schedule_flip() (Jiri Slaby) - tty: the rest, stop using tty_schedule_flip() (Jiri Slaby) - tty: drivers/tty/, stop using tty_schedule_flip() (Jiri Slaby) - Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (Luiz Augusto von Dentz) - Bluetooth: SCO: Fix sco_send_frame returning skb->len (Luiz Augusto von Dentz) - Bluetooth: Fix passing NULL to PTR_ERR (Luiz Augusto von Dentz) - Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (Luiz Augusto von Dentz) - Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (Luiz Augusto von Dentz) - Bluetooth: Add bt_skb_sendmmsg helper (Luiz Augusto von Dentz) - Bluetooth: Add bt_skb_sendmsg helper (Luiz Augusto von Dentz) - ALSA: memalloc: Align buffer allocations in page size (Takashi Iwai) - bitfield.h: Fix 'type of reg too small for mask' test (Peter Zijlstra) - x86/mce: Deduplicate exception handling (Thomas Gleixner) - x86/uaccess: Implement macros for CMPXCHG on user addresses (Peter Zijlstra) - x86: get rid of small constant size cases in raw_copy_{to,from}_user() (Al Viro) - locking/refcount: Consolidate implementations of refcount_t (Will Deacon) - locking/refcount: Consolidate REFCOUNT_{MAX,SATURATED} definitions (Will Deacon) - locking/refcount: Move saturation warnings out of line (Will Deacon) - locking/refcount: Improve performance of generic REFCOUNT_FULL code (Will Deacon) header (Will Deacon) - locking/refcount: Remove unused refcount_*_checked() variants (Will Deacon) - locking/refcount: Ensure integer operands are treated as signed (Will Deacon) - locking/refcount: Define constants for saturation and max refcount values (Will Deacon) - ima: remove the IMA_TEMPLATE Kconfig option (GUO Zihua) - dlm: fix pending remove if msg allocation fails (Alexander Aring) - bpf: Make sure mac_header was set before using it (Eric Dumazet) - mm/mempolicy: fix uninit-value in mpol_rebind_policy() (Wang Cheng) - spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers (Marc Kleine-Budde) - tcp: Fix data-races around sysctl_tcp_max_reordering. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_rfc1337. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_stdurg. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_retrans_collapse. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_slow_start_after_idle. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_recovery. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_early_retrans. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl knobs related to SYN option. (Kuniyuki Iwashima) - udp: Fix a data-race around sysctl_udp_l3mdev_accept. (Kuniyuki Iwashima) - ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh. (Kuniyuki Iwashima) - be2net: Fix buffer overflow in be_get_module_eeprom (Hristo Venev) - gpio: pca953x: only use single read/write for No AI mode (Haibo Chen) - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (Piotr Skajewski) - i40e: Fix erroneous adapter reinitialization during recovery process (Dawid Lukwinski) - iavf: Fix handling of dummy receive descriptors (Przemyslaw Patynowski) - tcp: Fix data-races around sysctl_tcp_fastopen. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_max_syn_backlog. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_tw_reuse. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_notsent_lowat. (Kuniyuki Iwashima) - tcp: Fix data-races around some timeout sysctl knobs. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_reordering. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_syncookies. (Kuniyuki Iwashima) - igmp: Fix a data-race around sysctl_igmp_max_memberships. (Kuniyuki Iwashima) - igmp: Fix data-races around sysctl_igmp_llm_reports. (Kuniyuki Iwashima) - net/tls: Fix race in TLS device down flow (Tariq Toukan) - net: stmmac: fix dma queue left shift overflow issue (Junxiao Chang) - i2c: cadence: Change large transfer count reset logic to be unconditional (Robert Hancock) - tcp: Fix a data-race around sysctl_tcp_probe_interval. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_probe_threshold. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_min_snd_mss. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_base_mss. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_mtu_probing. (Kuniyuki Iwashima) - tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. (Kuniyuki Iwashima) - ip: Fix a data-race around sysctl_fwmark_reflect. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_nonlocal_bind. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_fwd_use_pmtu. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_no_pmtu_disc. (Kuniyuki Iwashima) - igc: Reinstate IGC_REMOVED logic and implement it properly (Lennert Buytenhek) - perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (Peter Zijlstra) - pinctrl: ralink: Check for null return of devm_kcalloc (William Dean) - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (Miaoqian Lin) - xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() (Hangyu Hua) - serial: mvebu-uart: correctly report configured baudrate value (Pali Rohar) - PCI: hv: Fix interrupt mapping for multi-MSI (Jeffrey Hugo) - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (Jeffrey Hugo) - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (Jeffrey Hugo) - PCI: hv: Fix multi-MSI to allow more than one MSI vector (Jeffrey Hugo) - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (Ido Schimmel) - riscv: add as-options for modules with assembly compontents (Ben Dooks) - pinctrl: stm32: fix optional IRQ support to gpios (Fabien Dessenne) - LTS tag: v5.4.207 (Sherry Yang) - can: m_can: m_can_tx_handler(): fix use after free of skb (Marc Kleine-Budde) - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (Ilpo Jarvinen) - serial: stm32: Clear prev values before setting RTS delays (Ilpo Jarvinen) - serial: 8250: fix return error code in serial8250_request_std_resource() (Yi Yang) - tty: serial: samsung_tty: set dma burst_size to 1 (Chanho Park) - usb: dwc3: gadget: Fix event pending check (Thinh Nguyen) - usb: typec: add missing uevent when partner support PD (Linyu Yuan) - USB: serial: ftdi_sio: add Belimo device ids (Lucien Buchmann) - signal handling: don't use BUG_ON() for debugging (Linus Torvalds) - ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 (Gabriel Fernandez) - soc: ixp4xx/npe: Fix unused match warning (Linus Walleij) - x86: Clear .brk area at early boot (Juergen Gross) - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (Stafford Horne) - ASoC: madera: Fix event generation for rate controls (Charles Keepax) - ASoC: madera: Fix event generation for OUT1 demux (Charles Keepax) - ASoC: cs47l15: Fix event generation for low power mux control (Charles Keepax) - ASoC: wm5110: Fix DRE control (Charles Keepax) - ASoC: ops: Fix off by one in range control validation (Mark Brown) - net: sfp: fix memory leak in sfp_probe() (Jianglei Nie) - nvme: fix regression when disconnect a recovering ctrl (Ruozhu Li) - NFC: nxp-nci: don't print header length mismatch on i2c error (Michael Walle) - net: tipc: fix possible refcount leak in tipc_sk_create() (Hangyu Hua) - platform/x86: hp-wmi: Ignore Sanitization Mode event (Kai-Heng Feng) - cpufreq: pmac32-cpufreq: Fix refcount leak bug (Liang He) - netfilter: br_netfilter: do not skip all hooks with 0 priority (Florian Westphal) - virtio_mmio: Restore guest page size on resume (Stephan Gerhold) - virtio_mmio: Add missing PM calls to freeze/restore (Stephan Gerhold) - mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE (Muchun Song) - sfc: fix kernel panic when creating VF (Inigo Huguet) - seg6: bpf: fix skb checksum in bpf_push_seg6_encap() (Andrea Mayer) - seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors (Andrea Mayer) - seg6: fix skb checksum evaluation in SRH encapsulation/insertion (Andrea Mayer) - sfc: fix use after free when disabling sriov (Inigo Huguet) - net: ftgmac100: Hold reference returned by of_get_child_by_name() (Liang He) - ipv4: Fix data-races around sysctl_ip_dynaddr. (Kuniyuki Iwashima) - raw: Fix a data-race around sysctl_raw_l3mdev_accept. (Kuniyuki Iwashima) - icmp: Fix a data-race around sysctl_icmp_ratemask. (Kuniyuki Iwashima) - icmp: Fix a data-race around sysctl_icmp_ratelimit. (Kuniyuki Iwashima) - drm/i915/gt: Serialize TLB invalidates with GT resets (Chris Wilson) - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (Michal Suchanek) - ARM: dts: at91: sama5d2: Fix typo in i2s1 node (Ryan Wanner) - ipv4: Fix a data-race around sysctl_fib_sync_mem. (Kuniyuki Iwashima) - icmp: Fix data-races around sysctl. (Kuniyuki Iwashima) - cipso: Fix data-races around sysctl. (Kuniyuki Iwashima) - net: Fix data-races around sysctl_mem. (Kuniyuki Iwashima) - inetpeer: Fix data-races around sysctl. (Kuniyuki Iwashima) - net: stmmac: dwc-qos: Disable split header for Tegra194 (Jon Hunter) - ASoC: sgtl5000: Fix noise on shutdown/remove (Francesco Dolcini) - ima: Fix a potential integer overflow in ima_appraise_measurement (Huaxin Lu) - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (Hangyu Hua) - ARM: 9210/1: Mark the FDT_FIXED sections as shareable (Zhen Lei) - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (Ard Biesheuvel) - ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (Kris Bahnsen) - ext4: fix race condition between ext4_write and ext4_convert_inline_data (Baokun Li) - Revert 'evm: Fix memleak in init_desc' (Xiu Jianfeng) - nilfs2: fix incorrect masking of permission flags for symlinks (Ryusuke Konishi) - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (Dmitry Osipenko) - cgroup: Use separate src/dst nodes when preloading css_sets for migration (Tejun Heo) - wifi: mac80211: fix queue selection for mesh/OCB interfaces (Felix Fietkau) - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (Ard Biesheuvel) - ARM: 9213/1: Print message about disabled Spectre workarounds only once (Dmitry Osipenko) - ip: fix dflt addr selection for connected nexthop (Nicolas Dichtel) - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (Steven Rostedt (Google)) - tracing/histograms: Fix memory leak problem (Zheng Yejian) - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (Juergen Gross) - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (Meng Tang) - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (Meng Tang) - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (Meng Tang) - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (Meng Tang) - ALSA: hda - Add fixup for Dell Latitidue E5430 (Meng Tang) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3028 CVE-2022-21499 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.312.3.4] - Revert 'fs: check FMODE_LSEEK to control internal pipe splicing' (Saeed Mirzamohammadi) [Orabug: 34666845] [5.4.17-2136.312.3.3] cpus_read_lock() deadlock (Tejun Heo) [Orabug: 34607590] - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree (Tejun Heo) [Orabug: 34607590] - cgroup: Optimize single thread migration (Michal Koutny) [Orabug: 34607590] - Revert 'cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()' (Imran Khan) [Orabug: 34607590] cpus_read_lock() deadlock' (Imran Khan) [Orabug: 34607590] - x86/MCE/AMD, EDAC/mce_amd: Support non-uniform MCA bank type enumeration (Yazen Ghannam) [Orabug: 34120320] - x86/MCE/AMD, EDAC/mce_amd: Add new SMCA bank types (Yazen Ghannam) [Orabug: 34120320] - x86/MCE/AMD, EDAC/mce_amd: Add new SMCA bank types (Muralidhara M K) [Orabug: 34120320] - x86/mce: Increase maximum number of banks to 64 (Akshay Gupta) [Orabug: 34120320] - x86/MCE/AMD, EDAC/amd64: Move address translation to AMD64 EDAC (Yazen Ghannam) [Orabug: 34120320] - x86/MCE/AMD: Export smca_get_bank_type symbol (Mukul Joshi) [Orabug: 34120320] - EDAC/amd64: Add support for AMD Family 19h Models 10h-1Fh and A0h-AFh (Yazen Ghannam) [Orabug: 34120320] - EDAC/amd64: Set proper family type for Family 19h Models 20h-2Fh (Yazen Ghannam) [Orabug: 34120320] - EDAC: Add RDDR5 and LRDDR5 memory types (Yazen Ghannam) [Orabug: 34120320] - hwmon: (k10temp) Support up to 12 CCDs on AMD Family of processors (Babu Moger) [Orabug: 34120320] - hwmon: (k10temp) Add support for AMD Family 19h Models 10h-1Fh and A0h-AFh (Babu Moger) [Orabug: 34120320] - x86/amd_nb: Add AMD Family 19h Models (10h-1Fh) and (A0h-AFh) PCI IDs (Yazen Ghannam) [Orabug: 34120320] - hwmon: (k10temp) Remove unused definitions (Babu Moger) [Orabug: 34120320] - hwmon: (k10temp) Remove residues of current and voltage (suma hegde) [Orabug: 34120320] - hwmon: (k10temp) Add support for yellow carp (Mario Limonciello) [Orabug: 34120320] - hwmon: (k10temp) Rework the temperature offset calculation (Mario Limonciello) [Orabug: 34120320] - hwmon: (k10temp) Don't show Tdie for all Zen/Zen2/Zen3 CPU/APU (Mario Limonciello) [Orabug: 34120320] - hwmon: (k10temp) Add additional missing Zen2 and Zen3 APUs (Mario Limonciello) [Orabug: 34120320] - hwmon: (k10temp) support Zen3 APUs (David Bartley) [Orabug: 34120320] - x86/amd_nb: Add AMD family 19h model 50h PCI ids (David Bartley) [Orabug: 34120320] - hwmon: (k10temp) Zen3 Ryzen Desktop CPUs support (Gabriel Craciunescu) [Orabug: 34120320] - hwmon: (k10temp) Remove support for displaying voltage and current on Zen CPUs (Guenter Roeck) [Orabug: 34120320] - hwmon: (k10temp) Add support for Zen3 CPUs (Wei Huang) [Orabug: 34120320] - hwmon: (k10temp) Take out debugfs code (Guenter Roeck) [Orabug: 34120320] - hwmon: (k10temp) Define SVI telemetry and current factors for Zen2 CPUs (Wei Huang) [Orabug: 34120320] - hwmon: (k10temp) Create common functions and macros for Zen CPU families (Wei Huang) [Orabug: 34120320] - hwmon: (k10temp) make some symbols static (Jason Yan) [Orabug: 34120320] - hwmon: (k10temp) Reorganize and simplify temperature support detection (Guenter Roeck) [Orabug: 34120320] - Revert 'hwmon: (k10temp) Add support for Zen3 CPUs' (Dave Kleikamp) [Orabug: 34120320] - uek-rpm: add missing nft_chain_nat.ko module (Venkat Venkatsubra) [Orabug: 34553255] - random: Fix incorrect type for 'rc' variable (Harshit Mogalapalli) [Orabug: 34601349] - hwmon: (opbmc) Add support for AST2600 based Pilot (Jan Zdarek) [Orabug: 34605428] - KVM: SVM: Clear the CR4 register on reset (Babu Moger) [Orabug: 34610277] - x86,swiotlb: Adjust SWIOTLB bounce buffer size for SEV guests (Ashish Kalra) [Orabug: 34626337] [5.4.17-2136.312.3.2] - netfilter: ebtables: reject blobs that don't provide all entry points (Florian Westphal) [Orabug: 34513978] - uek-rpm: Disable CONFIG_CRYPTO_STREEBOG (Victor Erminpour) [Orabug: 34557344] - uek-rpm: Disable CONFIG_CRYPTO_SM3 (Victor Erminpour) [Orabug: 34557344] - uek-rpm: Disable CONFIG_CRYPTO_SM4 (Victor Erminpour) [Orabug: 34557344] - uek-rpm: Add nftables support T93 and Ortano (Henry Willard) [Orabug: 34561703] - af_key: Do not call xfrm_probe_algs in parallel (Herbert Xu) [Orabug: 34566752] {CVE-2022-3028} - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (Tetsuo Handa) [Orabug: 34567777] cpus_read_lock() deadlock (Tejun Heo) [Orabug: 34567777] [5.4.17-2136.312.3.1] - audit: use extern storage class for audit_filter_syscall() (Ankur Arora) [Orabug: 33697500] - audit: annotate branch direction for audit_in_mask() (Ankur Arora) [Orabug: 33697500] - audit: cache ctx->major in audit_filter_syscall() (Ankur Arora) [Orabug: 33697500] - video: vga16fb: Only probe for EGA and VGA 16 color graphic cards (Javier Martinez Canillas) [Orabug: 34580817] - KVM: arm: vgic: Only use the virtual state when userspace accesses enable bits (Marc Zyngier) [Orabug: 34580807] - uek-rpm: mips: enable CRYTPTO_USER config options (Dave Kleikamp) [Orabug: 34580802] [5.4.17-2136.312.3] - LTS tag: v5.4.211 (Sherry Yang) - btrfs: raid56: don't trust any cached sector in __raid56_parity_recover() (Qu Wenruo) - btrfs: only write the sectors in the vertical stripe which has data stripes (Qu Wenruo) - can: j1939: j1939_session_destroy(): fix memory leak of skbs (Fedor Pchelkin) - can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() (Fedor Pchelkin) - tracing/probes: Have kprobes and uprobes use too (Steven Rostedt (Google)) - MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 (Nathan Chancellor) - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (Zheyu Ma) - powerpc/64: Init jump labels before parse_early_param() (Zhouyi Zhou) - smb3: check xattr value length earlier (Steve French) - f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() (Chao Yu) - ALSA: timer: Use deferred fasync helper (Takashi Iwai) - ALSA: core: Add async signal helpers (Takashi Iwai) - powerpc/32: Don't always pass -mcpu=powerpc to the compiler (Christophe Leroy) - watchdog: export lockup_detector_reconfigure (Laurent Dufour) - RISC-V: Add fast call path of crash_kexec() (Xianting Tian) - riscv: mmap with PROT_WRITE but no PROT_READ is invalid (Celeste Liu) - mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start (Liang He) - vfio: Clear the caps->buf to NULL after free (Schspa Shi) - tty: serial: Fix refcount leak bug in ucc_uart.c (Liang He) - lib/list_debug.c: Detect uninitialized lists (Guenter Roeck) - ext4: avoid resizing to a partial cluster size (Kiselev, Oleg) - ext4: avoid remove directory when directory is corrupted (Ye Bin) - drivers:md:fix a potential use-after-free bug (Wentao_Liang) - nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (Sagi Grimberg) - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (Uwe Kleine-Konig) - selftests/kprobe: Do not test for GRP/ without event failures (Steven Rostedt (Google)) - um: add 'noreboot' command line option for PANIC_TIMEOUT=-1 setups (Jason A. Donenfeld) - PCI/ACPI: Guard ARM64-specific mcfg_quirks (Huacai Chen) - cxl: Fix a memory leak in an error handling path (Christophe JAILLET) - gadgetfs: ep_io - wait until IRQ finishes (Jozef Martiniak) - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (James Smart) - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (Robert Marko) - vboxguest: Do not use devm for irq (Pascal Terjan) - usb: renesas: Fix refcount leak bug (Liang He) - usb: host: ohci-ppc-of: Fix refcount leak bug (Liang He) - drm/meson: Fix overflow implicit truncation warnings (Sai Prakash Ranjan) - irqchip/tegra: Fix overflow implicit truncation warnings (Sai Prakash Ranjan) - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (Michael Grzeschik) - usb: cdns3 fix use-after-free at workaround 2 (Frank Li) - PCI: Add ACS quirk for Broadcom BCM5750x NICs (Pavan Chebbi) - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (Liang He) - locking/atomic: Make test_and_*_bit() ordered on failure (Hector Martin) - gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file (Andrew Donnellan) - igb: Add lock to avoid data race (Lin Ma) - fec: Fix timer capture timing in fec_ptp_enable_pps() (Csokas Bence) - i40e: Fix to stop tx_timeout recovery if GLOBR fails (Alan Brady) - ice: Ignore EEXIST when setting promisc mode (Grzegorz Siwik) - net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry (Arun Ramadoss) - net: moxa: pass pdev instead of ndev to DMA functions (Sergei Antonov) - net: dsa: mv88e6060: prevent crash on an unused port (Sergei Antonov) - powerpc/pci: Fix get_phb_number() locking (Michael Ellerman) - netfilter: nf_tables: really skip inactive sets when allocating name (Pablo Neira Ayuso) - clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (Alex Bee) - iavf: Fix adminq error handling (Przemyslaw Patynowski) - nios2: add force_successful_syscall_return() (Al Viro) - nios2: restarts apply only to the first sigframe we build... (Al Viro) - nios2: fix syscall restart checks (Al Viro) - nios2: traced syscall does need to check the syscall number (Al Viro) - nios2: don't leave NULLs in sys_call_table[] (Al Viro) - nios2: page fault et.al. are *not* restartable syscalls... (Al Viro) - tee: add overflow check in register_shm_helper() (Jens Wiklander) - dpaa2-eth: trace the allocated address instead of page struct (Chen Lin) - atm: idt77252: fix use-after-free bugs caused by tst_timer (Duoming Zhou) - xen/xenbus: fix return type in xenbus_file_read() (Dan Carpenter) - nfp: ethtool: fix the display error of ethtool -m DEVNAME (Yu Xiao) - NTB: ntb_tool: uninitialized heap data in tool_fn_write() (Dan Carpenter) - tools build: Switch to new openssl API for test-libcrypto (Roberto Sassu) - tools/vm/slabinfo: use alphabetic order when two values are equal (Yuanzheng Song) - dt-bindings: arm: qcom: fix MSM8916 MTP compatibles (Krzysztof Kozlowski) - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (Peilin Ye) - vsock: Fix memory leak in vsock_connect() (Peilin Ye) - plip: avoid rcu debug splat (Florian Westphal) - geneve: do not use RT_TOS for IPv6 flowlabel (Matthias May) - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (Sakari Ailus) - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (Samuel Holland) - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (Nikita Travkin) - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (Miaoqian Lin) - net: bgmac: Fix a BUG triggered by wrong bytes_compl (Sandor Bodo-Merle) - devlink: Fix use-after-free after a failed reload (Ido Schimmel) - SUNRPC: Reinitialise the backchannel request buffers before reuse (Trond Myklebust) - sunrpc: fix expiry of auth creds (Dan Aloni) - can: mcp251x: Fix race condition on receive interrupt (Sebastian Wurl) - NFSv4/pnfs: Fix a use-after-free bug in open (Trond Myklebust) - NFSv4.1: RECLAIM_COMPLETE must handle EACCES (Zhang Xianwei) - NFSv4: Fix races in the legacy idmapper upcall (Trond Myklebust) - NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (Trond Myklebust) - NFSv4.1: Don't decrease the value of seq_nr_highest_sent (Trond Myklebust) - Documentation: ACPI: EINJ: Fix obsolete example (Qifu Zhang) - apparmor: Fix memleak in aa_simple_write_to_buffer() (Xiu Jianfeng) - apparmor: fix reference count leak in aa_pivotroot() (Xin Xiong) - apparmor: fix overlapping attachment computation (John Johansen) - apparmor: fix aa_label_asxprint return check (Tom Rix) - apparmor: Fix failed mount permission check error message (John Johansen) - apparmor: fix absroot causing audited secids to begin with = (John Johansen) - apparmor: fix quiet_denied for file rules (John Johansen) - can: ems_usb: fix clang's -Wunaligned-access warning (Marc Kleine-Budde) - tracing: Have filter accept 'common_cpu' to be consistent (Steven Rostedt (Google)) - btrfs: fix lost error handling when looking up extended ref on log replay (Filipe Manana) - mmc: pxamci: Fix an error handling path in pxamci_probe() (Christophe JAILLET) - mmc: pxamci: Fix another error handling path in pxamci_probe() (Christophe JAILLET) - ata: libata-eh: Add missing command name (Damien Le Moal) - ALSA: info: Fix llseek return value when using callback (Amadeusz Slawinski) - net_sched: cls_route: disallow handle of 0 (Jamal Hadi Salim) - net/9p: Initialize the iounit field during fid creation (Tyler Hicks) - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (Luiz Augusto von Dentz) - Revert 'net: usb: ax88179_178a needs FLAG_SEND_ZLP' (Jose Alonso) - scsi: sg: Allow waiting for commands to complete on removed device (Tony Battersby) - tcp: fix over estimation in sk_forced_mem_schedule() (Eric Dumazet) - btrfs: reject log replay if there is unsupported RO compat flag (Qu Wenruo) - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (Alexander Lobakin) - firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (Sudeep Holla) - timekeeping: contribute wall clock to rng on time change (Jason A. Donenfeld) - ACPI: CPPC: Do not prevent CPPC from working in the future (Rafael J. Wysocki) - dm writecache: set a default MAX_WRITEBACK_JOBS (Mikulas Patocka) - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (Luo Meng) - dm raid: fix address sanitizer warning in raid_status (Mikulas Patocka) - dm raid: fix address sanitizer warning in raid_resume (Mikulas Patocka) - intel_th: pci: Add Meteor Lake-P support (Alexander Shishkin) - intel_th: pci: Add Raptor Lake-S PCH support (Alexander Shishkin) - intel_th: pci: Add Raptor Lake-S CPU support (Alexander Shishkin) - ext4: correct the misjudgment in ext4_iget_extra_inode (Baokun Li) - ext4: correct max_inline_xattr_value_size computing (Baokun Li) - ext4: fix extent status tree race in writeback error recovery path (Eric Whitney) - ext4: update s_overhead_clusters in the superblock during an on-line resize (Theodore Ts'o) - ext4: fix use-after-free in ext4_xattr_set_entry (Baokun Li) - ext4: make sure ext4_append() always allocates new block (Lukas Czerner) - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (Baokun Li) - btrfs: reset block group chunk force if we have to wait (Josef Bacik) - tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH (Huacai Chen) - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (Michal Suchanek) - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (David Collins) - x86/olpc: fix 'logical not is only applied to the left hand side' (Alexander Lobakin) - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (Quinn Tran) - scsi: qla2xxx: Turn off multi-queue for 8G adapters (Quinn Tran) - scsi: qla2xxx: Fix discovery issues in FC-AL topology (Arun Easi) - scsi: zfcp: Fix missing auto port scan and thus missing target ports (Steffen Maier) - video: fbdev: s3fb: Check the size of screen before memset_io() (Zheyu Ma) - video: fbdev: arkfb: Check the size of screen before memset_io() (Zheyu Ma) - video: fbdev: vt8623fb: Check the size of screen before memset_io() (Zheyu Ma) - tools/thermal: Fix possible path truncations (Florian Fainelli) - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (Zheyu Ma) - x86/numa: Use cpumask_available instead of hardcoded NULL check (Siddh Raman Pant) - scripts/faddr2line: Fix vmlinux detection on arm64 (Josh Poimboeuf) - genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO (Arnaldo Carvalho de Melo) - powerpc/pci: Fix PHB numbering when using opal-phbid (Michael Ellerman) - kprobes: Forbid probing on trampoline and BPF code areas (Chen Zhongjin) - perf symbol: Fail to read phdr workaround (Ian Rogers) - powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address (Miaoqian Lin) - powerpc/xive: Fix refcount leak in xive_get_max_prio (Miaoqian Lin) - powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader (Miaoqian Lin) - powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias (Pali Rohar) - powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32 (Christophe Leroy) - video: fbdev: sis: fix typos in SiS_GetModeID() (Rustam Subkhankulov) - video: fbdev: amba-clcd: Fix refcount leak bugs (Liang He) - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (William Dean) - ASoC: audio-graph-card: Add of_node_put() in fail path (Liang He) - fuse: Remove the control interface for virtio-fs (Xie Yongji) - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (Christophe JAILLET) - s390/zcore: fix race when reading from hardware system area (Alexander Gordeev) - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (Liang He) - mfd: max77620: Fix refcount leak in max77620_initialise_fps (Miaoqian Lin) - mfd: t7l66xb: Drop platform disable callback (Uwe Kleine-Konig) - kfifo: fix kfifo_to_user() return type (Dan Carpenter) - rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge (Miaoqian Lin) - iommu/exynos: Handle failed IOMMU device registration properly (Sam Protsenko) - tty: n_gsm: fix missing corner cases in gsmld_poll() (Daniel Starke) - tty: n_gsm: fix DM command (Daniel Starke) - tty: n_gsm: fix wrong T1 retry count handling (Daniel Starke) - vfio/ccw: Do not change FSM state in subchannel event (Eric Farman) - remoteproc: qcom: wcnss: Fix handling of IRQs (Sireesh Kodali) - tty: n_gsm: fix race condition in gsmld_write() (Daniel Starke) - tty: n_gsm: fix packet re-transmission without open control channel (Daniel Starke) - tty: n_gsm: fix non flow control frames during mux flow off (Daniel Starke) - profiling: fix shift too large makes kernel panic (Chen Zhongjin) - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (Srinivas Kandagatla) - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (Srinivas Kandagatla) - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (Ilpo Jarvinen) - ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe (Miaoqian Lin) - ASoC: codecs: da7210: add check for i2c_add_driver (Jiasheng Jiang) - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (Miaoqian Lin) - ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe (Miaoqian Lin) - opp: Fix error check in dev_pm_opp_attach_genpd() (Tang Bin) - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (Zhihao Cheng) - ext4: recover csum seed of tmp_inode after migrating to extents (Li Lingfeng) - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (Zhang Yi) - null_blk: fix ida error handling in null_add_dev() (Dan Carpenter) - RDMA/rxe: Fix error unwind in rxe_create_qp() (Zhu Yanjun) - mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region (Miaohe Lin) - platform/olpc: Fix uninitialized data in debugfs write (Dan Carpenter) - USB: serial: fix tty-port initialized comments (Johan Hovold) - PCI: tegra194: Fix link up retry sequence (Vidya Sagar) - PCI: tegra194: Fix Root Port interrupt handling (Vidya Sagar) - HID: alps: Declare U1_UNICORN_LEGACY support (Artem Borisov) - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (Liang He) - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (Liang He) - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (Liang He) - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (Jianglei Nie) - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (Cheng Xu) - RDMA/hns: Fix incorrect clearing of interrupt status register (Haoyue Xu) - usb: gadget: udc: amd5536 depends on HAS_DMA (Randy Dunlap) - scsi: smartpqi: Fix DMA direction for RAID requests (Mahesh Rajashekhara) - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (Eugen Hristev) - memstick/ms_block: Fix a memory leak (Christophe JAILLET) - memstick/ms_block: Fix some incorrect memory allocation (Christophe JAILLET) - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (Miaoqian Lin) - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (Duoming Zhou) - intel_th: msu: Fix vmalloced buffers (Alexander Shishkin) - intel_th: msu-sink: Potential dereference of null pointer (Jiasheng Jiang) - intel_th: Fix a resource leak in an error handling path (Christophe JAILLET) - soundwire: bus_type: fix remove and shutdown support (Pierre-Louis Bossart) - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (Vladimir Zapolskiy) - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (Robert Marko) - clk: qcom: ipq8074: fix NSS port frequency tables (Robert Marko) - usb: host: xhci: use snprintf() in xhci_decode_trb() (Sergey Shtylyov) - clk: qcom: clk-krait: unlock spin after mux completion (Ansuel Smith) - driver core: fix potential deadlock in __driver_attach (Zhang Wensheng) - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (Christophe JAILLET) - clk: mediatek: reset: Fix written reset bit offset (Rex-BC Chen) - usb: xhci: tegra: Fix error check (Tang Bin) - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (Miaoqian Lin) - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (Miaoqian Lin) - fpga: altera-pr-ip: fix unsigned comparison with less than zero (Marco Pagani) - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (Uwe Kleine-Konig) - mtd: partitions: Fix refcount leak in parse_redboot_of (Miaoqian Lin) - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (Duoming Zhou) - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (Harshit Mogalapalli) - mtd: rawnand: meson: Fix a potential double free issue (Christophe JAILLET) - mtd: maps: Fix refcount leak in ap_flash_init (Miaoqian Lin) - mtd: maps: Fix refcount leak in of_flash_probe_versatile (Miaoqian Lin) - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (Ralph Siemsen) - dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock (Hangyu Hua) - net: rose: fix netdev reference changes (Eric Dumazet) - netdevsim: Avoid allocation warnings triggered from user space (Jakub Kicinski) - iavf: Fix max_rate limiting (Przemyslaw Patynowski) - crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of (Pali Rohar) - net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (Maxim Mikityanskiy) - wifi: libertas: Fix possible refcount leak in if_usb_probe() (Hangyu Hua) - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (Jose Ignacio Tornos Martinez) - wifi: wil6210: debugfs: fix uninitialized variable use in wil_write_file_wmi() (Ammar Faizi) - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (Liang He) - i2c: cadence: Support PEC for SMBus block read (Lars-Peter Clausen) - Bluetooth: hci_intel: Add check for platform_driver_register (Jiasheng Jiang) - can: pch_can: pch_can_error(): initialize errc before using it (Vincent Mailhol) - can: error: specify the values of data[5..7] of CAN error frames (Vincent Mailhol) - can: usb_8dev: do not report txerr and rxerr during bus-off (Vincent Mailhol) - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (Vincent Mailhol) - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (Vincent Mailhol) - can: sun4i_can: do not report txerr and rxerr during bus-off (Vincent Mailhol) - can: hi311x: do not report txerr and rxerr during bus-off (Vincent Mailhol) - can: sja1000: do not report txerr and rxerr during bus-off (Vincent Mailhol) - can: rcar_can: do not report txerr and rxerr during bus-off (Vincent Mailhol) - can: pch_can: do not report txerr and rxerr during bus-off (Vincent Mailhol) - selftests/bpf: fix a test for snprintf() overflow (Dan Carpenter) - wifi: p54: add missing parentheses in p54_flush() (Rustam Subkhankulov) - wifi: p54: Fix an error handling path in p54spi_probe() (Christophe JAILLET) - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (Dan Carpenter) - fs: check FMODE_LSEEK to control internal pipe splicing (Jason A. Donenfeld) - selftests: timers: clocksource-switch: fix passing errors from child (Wolfram Sang) - selftests: timers: valid-adjtimex: build fix for newer toolchains (Wolfram Sang) - libbpf: Fix the name of a reused map (Anquan Wu) - tcp: make retransmitted SKB fit into the send window (Yonglong Li) - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed. (Jian Zhang) - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (Liang He) - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment (AngeloGioacchino Del Regno) - crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq (Zhengchao Shao) - drm/msm/mdp5: Fix global state lock backoff (Rob Clark) - drm: bridge: sii8620: fix possible off-by-one (Hangyu Hua) - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (Guillaume Ranquet) - drm/mediatek: dpi: Remove output format of YUV (Bo-Chen Chen) - drm/rockchip: Fix an error handling path rockchip_dp_probe() (Christophe JAILLET) - drm/rockchip: vop: Don't crash for invalid duplicate_state() (Brian Norris) - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (Qian Cai) - drm/vc4: dsi: Correct DSI divider calculations (Dave Stevenson) - drm/vc4: plane: Fix margin calculations for the right/bottom edges (Dave Stevenson) - drm/vc4: plane: Remove subpixel positioning check (Dom Cobley) - media: hdpvr: fix error value returns in hdpvr_read (Niels Dossche) - drm/mcde: Fix refcount leak in mcde_dsi_bind (Miaoqian Lin) - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (Jiasheng Jiang) - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (Alexey Kodanev) - ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (Pavel Skripkin) - media: tw686x: Register the irq at the end of probe (Zheyu Ma) - i2c: Fix a potential use after free (Xu Wang) - drm: adv7511: override i2c address of cec before accessing it (Antonio Borneo) - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (Xinlei Lee) - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (Alexey Kodanev) - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (Yunhao Tian) - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (Dan Carpenter) - ath10k: do not enforce interrupt trigger type (Krzysztof Kozlowski) - dm: return early from dm_pr_call() if DM device is suspended (Mike Snitzer) - thermal/tools/tmon: Include pthread and time headers in tmon.h (Markus Mayer) - nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() (Nicolas Saenz Julienne) - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (Liang He) - blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created (Ming Lei) - erofs: avoid consecutive detection for Highmem memory (Gao Xiang) - arm64: dts: mt7622: fix BPI-R64 WPS button (Nick Hainke) - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (Yang Yingliang) - ARM: dts: qcom: pm8841: add required thermal-sensor-cells (Krzysztof Kozlowski) - soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register (Miaoqian Lin) - cpufreq: zynq: Fix refcount leak in zynq_get_revision (Miaoqian Lin) - ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init (Miaoqian Lin) - ARM: OMAP2+: Fix refcount leak in omapdss_init_of (Miaoqian Lin) - ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg (Krzysztof Kozlowski) - soc: fsl: guts: machine variable might be unset (Michael Walle) - ARM: dts: ast2600-evb: fix board compatible (Krzysztof Kozlowski) - ARM: dts: ast2500-evb: fix board compatible (Krzysztof Kozlowski) - x86/pmem: Fix platform-device leak in error path (Johan Hovold) - ARM: bcm: Fix refcount leak in bcm_kona_smc_init (Miaoqian Lin) - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (Miaoqian Lin) - ARM: findbit: fix overflowing offset (Russell King (Oracle)) - spi: spi-rspi: Fix PIO fallback on RZ platforms (Biju Das) - selinux: Add boundary check in put_entry() (Xiu Jianfeng) - PM: hibernate: defer device probing when resuming from hibernation (Tetsuo Handa) - ARM: shmobile: rcar-gen2: Increase refcount for new reference (Liang He) - arm64: dts: allwinner: a64: orangepi-win: Fix LED node name (Samuel Holland) - arm64: dts: qcom: ipq8074: fix NAND node name (Robert Marko) - ACPI: LPSS: Fix missing check in register_device_clock() (huhai) - ACPI: PM: save NVS memory for Lenovo G40-45 (Manyi Li) - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (Hans de Goede) - ARM: OMAP2+: display: Fix refcount leak bug (Liang He) - spi: synquacer: Add missing clk_disable_unprepare() (Guo Mengqi) - ARM: dts: imx6ul: fix qspi node compatible (Alexander Stein) - ARM: dts: imx6ul: fix lcdif node compatible (Alexander Stein) - ARM: dts: imx6ul: fix csi node compatible (Alexander Stein) - ARM: dts: imx6ul: change operating-points to uint32-matrix (Alexander Stein) - ARM: dts: imx6ul: add missing properties for sram (Alexander Stein) - wait: Fix __wait_event_hrtimeout for RT/DL tasks (Juri Lelli) - genirq: Don't return error on missing optional irq_request_resources() (Antonio Borneo) - ext2: Add more validity checks for inode counts (Jan Kara) - arm64: fix oops in concurrently setting insn_emulation sysctls (haibinzhang () - arm64: Do not forget syscall when starting a new thread. (Francis Laniel) - x86: Handle idle=nomwait cmdline properly for x86_idle (Wyes Karny) - epoll: autoremove wakers even more aggressively (Benjamin Segall) - netfilter: nf_tables: fix null deref due to zeroed list head (Florian Westphal) - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (Kunihiko Hayashi) - ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC (Kunihiko Hayashi) - USB: HCD: Fix URB giveback issue in tasklet function (Weitao Wang) - coresight: Clear the connection field properly (Suzuki K Poulose) - MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK (Huacai Chen) - powerpc/powernv: Avoid crashing if rng is NULL (Michael Ellerman) - powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E (Christophe Leroy) - powerpc/fsl-pci: Fix Class Code of PCIe Root Port (Pali Rohar) - PCI: Add defines for normal and subtractive PCI bridges (Pali Rohar) - ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr() (Alexander Lobakin) - md-raid10: fix KASAN warning (Mikulas Patocka) - serial: mvebu-uart: uart2 error bits clearing (Narendra Hadke) - fuse: limit nsec (Miklos Szeredi) - iio: light: isl29028: Fix the warning in isl29028_remove() (Zheyu Ma) - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (Leo Li) - drm/nouveau: fix another off-by-one in nvbios_addr (Timur Tabi) - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (Dmitry Osipenko) - parisc: io_pgetevents_time64() needs compat syscall in 32-bit compat mode (Helge Deller) - parisc: Fix device names in /proc/iomem (Helge Deller) - ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh() (Jiachen Zhang) - usbnet: Fix linkwatch use-after-free on disconnect (Lukas Wunner) - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (Helge Deller) - thermal: sysfs: Fix cooling_device_stats_setup() error code path (Rafael J. Wysocki) - fs: Add missing umask strip in vfs_tmpfile (Yang Xu) - vfs: Check the truncate maximum size in inode_newsize_ok() (David Howells) - tty: vt: initialize unicode screen buffer (Tetsuo Handa) - ALSA: hda/realtek: Add quirk for another Asus K42JZ model (Meng Tang) - ALSA: hda/cirrus - support for iMac 12,1 model (Allen Ballway) - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (Meng Tang) - mm/mremap: hold the rmap lock in write mode when moving page table entries. (Aneesh Kumar K.V) - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (Sean Christopherson) - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (Sean Christopherson) - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (Sean Christopherson) - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (Sean Christopherson) - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (Sean Christopherson) - HID: wacom: Don't register pad_input for touch switch (Ping Cheng) - HID: wacom: Only report rotation for art pen (Ping Cheng) - add barriers to buffer_uptodate and set_buffer_uptodate (Mikulas Patocka) - wifi: mac80211_hwsim: use 32-bit skb cookie (Johannes Berg) - wifi: mac80211_hwsim: add back erroneously removed cast (Johannes Berg) - wifi: mac80211_hwsim: fix race condition in pending packet (Jeongik Cha) - igc: Remove _I_PHY_ID checking (Sasha Neftin) - ALSA: bcd2000: Fix a UAF bug on the error path of probing (Zheyu Ma) - scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (Nilesh Javali) - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (Nick Desaulniers) - Makefile: link with -z noexecstack --no-warn-rwx-segments (Nick Desaulniers) - LTS tag: v5.4.210 (Sherry Yang) - macintosh/adb: fix oob read in do_adb_query() function (Ning Qiang) - media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls (Chen-Yu Tsai) - selftests: KVM: Handle compiler optimizations in ucall (Raghavendra Rao Ananta) - KVM: Don't null dereference ops->destroy (Alexey Kardashevskiy) - selftests/bpf: Fix 'dubious pointer arithmetic' test (Jean-Philippe Brucker) - selftests/bpf: Fix test_align verifier log patterns (Stanislav Fomichev) - bpf: Test_verifier, #70 error message updates for 32-bit right shift (John Fastabend) - selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads (Jakub Sitnicki) - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (John Fastabend) - ACPI: APEI: Better fix to avoid spamming the console with old error logs (Tony Luck) - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (Werner Sembach) - ACPI: video: Force backlight native for some TongFang devices (Werner Sembach) - thermal: Fix NULL pointer dereferences in of_thermal_ functions (Subbaraman Narayanamurthy) - LTS tag: v5.4.209 (Sherry Yang) - scsi: core: Fix race between handling STS_RESOURCE and completion (Ming Lei) - mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle. (Wei Mingzhi) - ARM: crypto: comment out gcc warning that breaks clang builds (Greg Kroah-Hartman) - sctp: leave the err path free in sctp_stream_init to sctp_stream_free (Xin Long) - sfc: disable softirqs for ptp TX (Alejandro Lucero) - perf symbol: Correct address for bss symbols (Leo Yan) - virtio-net: fix the race between refill work and close (Jason Wang) - netfilter: nf_queue: do not allow packet truncation below transport header offset (Florian Westphal) - sctp: fix sleep in atomic context bug in timer handlers (Duoming Zhou) - i40e: Fix interface init with MSI interrupts (no MSI-X) (Michal Maloszewski) - tcp: Fix a data-race around sysctl_tcp_comp_sack_nr. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns. (Kuniyuki Iwashima) - Documentation: fix sctp_wmem in ip-sysctl.rst (Xin Long) - tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_autocorking. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_min_tso_segs. (Kuniyuki Iwashima) - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (Liang He) - igmp: Fix data-races around sysctl_igmp_qrv. (Kuniyuki Iwashima) - ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr (Ziyang Xuan) - net: ping6: Fix memleak in ipv6_renew_options(). (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_limit_output_bytes. (Kuniyuki Iwashima) - scsi: ufs: host: Hold reference returned by of_parse_phandle() (Liang He) - ice: do not setup vlan for loopback VSI (Maciej Fijalkowski) - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (Maciej Fijalkowski) - tcp: Fix a data-race around sysctl_tcp_nometrics_save. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_frto. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_adv_win_scale. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_app_win. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_dsack. (Kuniyuki Iwashima) - ntfs: fix use-after-free in ntfs_ucsncmp() (ChenXiaoSong) - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (Luiz Augusto von Dentz) - LTS tag: v5.4.208 (Sherry Yang) - x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (Jan Beulich) - net: usb: ax88179_178a needs FLAG_SEND_ZLP (Jose Alonso) - tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() (Jiri Slaby) - tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() (Jiri Slaby) - tty: drop tty_schedule_flip() (Jiri Slaby) - tty: the rest, stop using tty_schedule_flip() (Jiri Slaby) - tty: drivers/tty/, stop using tty_schedule_flip() (Jiri Slaby) - Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (Luiz Augusto von Dentz) - Bluetooth: SCO: Fix sco_send_frame returning skb->len (Luiz Augusto von Dentz) - Bluetooth: Fix passing NULL to PTR_ERR (Luiz Augusto von Dentz) - Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (Luiz Augusto von Dentz) - Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (Luiz Augusto von Dentz) - Bluetooth: Add bt_skb_sendmmsg helper (Luiz Augusto von Dentz) - Bluetooth: Add bt_skb_sendmsg helper (Luiz Augusto von Dentz) - ALSA: memalloc: Align buffer allocations in page size (Takashi Iwai) - bitfield.h: Fix 'type of reg too small for mask' test (Peter Zijlstra) - x86/mce: Deduplicate exception handling (Thomas Gleixner) - x86/uaccess: Implement macros for CMPXCHG on user addresses (Peter Zijlstra) - x86: get rid of small constant size cases in raw_copy_{to,from}_user() (Al Viro) - locking/refcount: Consolidate implementations of refcount_t (Will Deacon) - locking/refcount: Consolidate REFCOUNT_{MAX,SATURATED} definitions (Will Deacon) - locking/refcount: Move saturation warnings out of line (Will Deacon) - locking/refcount: Improve performance of generic REFCOUNT_FULL code (Will Deacon) header (Will Deacon) - locking/refcount: Remove unused refcount_*_checked() variants (Will Deacon) - locking/refcount: Ensure integer operands are treated as signed (Will Deacon) - locking/refcount: Define constants for saturation and max refcount values (Will Deacon) - ima: remove the IMA_TEMPLATE Kconfig option (GUO Zihua) - dlm: fix pending remove if msg allocation fails (Alexander Aring) - bpf: Make sure mac_header was set before using it (Eric Dumazet) - mm/mempolicy: fix uninit-value in mpol_rebind_policy() (Wang Cheng) - spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers (Marc Kleine-Budde) - tcp: Fix data-races around sysctl_tcp_max_reordering. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_rfc1337. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_stdurg. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_retrans_collapse. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_slow_start_after_idle. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_recovery. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_early_retrans. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl knobs related to SYN option. (Kuniyuki Iwashima) - udp: Fix a data-race around sysctl_udp_l3mdev_accept. (Kuniyuki Iwashima) - ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh. (Kuniyuki Iwashima) - be2net: Fix buffer overflow in be_get_module_eeprom (Hristo Venev) - gpio: pca953x: only use single read/write for No AI mode (Haibo Chen) - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (Piotr Skajewski) - i40e: Fix erroneous adapter reinitialization during recovery process (Dawid Lukwinski) - iavf: Fix handling of dummy receive descriptors (Przemyslaw Patynowski) - tcp: Fix data-races around sysctl_tcp_fastopen. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_max_syn_backlog. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_tw_reuse. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_notsent_lowat. (Kuniyuki Iwashima) - tcp: Fix data-races around some timeout sysctl knobs. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_reordering. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_syncookies. (Kuniyuki Iwashima) - igmp: Fix a data-race around sysctl_igmp_max_memberships. (Kuniyuki Iwashima) - igmp: Fix data-races around sysctl_igmp_llm_reports. (Kuniyuki Iwashima) - net/tls: Fix race in TLS device down flow (Tariq Toukan) - net: stmmac: fix dma queue left shift overflow issue (Junxiao Chang) - i2c: cadence: Change large transfer count reset logic to be unconditional (Robert Hancock) - tcp: Fix a data-race around sysctl_tcp_probe_interval. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_probe_threshold. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_min_snd_mss. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_base_mss. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_mtu_probing. (Kuniyuki Iwashima) - tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. (Kuniyuki Iwashima) - ip: Fix a data-race around sysctl_fwmark_reflect. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_nonlocal_bind. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_fwd_use_pmtu. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_no_pmtu_disc. (Kuniyuki Iwashima) - igc: Reinstate IGC_REMOVED logic and implement it properly (Lennert Buytenhek) - perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (Peter Zijlstra) - pinctrl: ralink: Check for null return of devm_kcalloc (William Dean) - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (Miaoqian Lin) - xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() (Hangyu Hua) - serial: mvebu-uart: correctly report configured baudrate value (Pali Rohar) - PCI: hv: Fix interrupt mapping for multi-MSI (Jeffrey Hugo) - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (Jeffrey Hugo) - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (Jeffrey Hugo) - PCI: hv: Fix multi-MSI to allow more than one MSI vector (Jeffrey Hugo) - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (Ido Schimmel) - riscv: add as-options for modules with assembly compontents (Ben Dooks) - pinctrl: stm32: fix optional IRQ support to gpios (Fabien Dessenne) - LTS tag: v5.4.207 (Sherry Yang) - can: m_can: m_can_tx_handler(): fix use after free of skb (Marc Kleine-Budde) - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (Ilpo Jarvinen) - serial: stm32: Clear prev values before setting RTS delays (Ilpo Jarvinen) - serial: 8250: fix return error code in serial8250_request_std_resource() (Yi Yang) - tty: serial: samsung_tty: set dma burst_size to 1 (Chanho Park) - usb: dwc3: gadget: Fix event pending check (Thinh Nguyen) - usb: typec: add missing uevent when partner support PD (Linyu Yuan) - USB: serial: ftdi_sio: add Belimo device ids (Lucien Buchmann) - signal handling: don't use BUG_ON() for debugging (Linus Torvalds) - ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 (Gabriel Fernandez) - soc: ixp4xx/npe: Fix unused match warning (Linus Walleij) - x86: Clear .brk area at early boot (Juergen Gross) - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (Stafford Horne) - ASoC: madera: Fix event generation for rate controls (Charles Keepax) - ASoC: madera: Fix event generation for OUT1 demux (Charles Keepax) - ASoC: cs47l15: Fix event generation for low power mux control (Charles Keepax) - ASoC: wm5110: Fix DRE control (Charles Keepax) - ASoC: ops: Fix off by one in range control validation (Mark Brown) - net: sfp: fix memory leak in sfp_probe() (Jianglei Nie) - nvme: fix regression when disconnect a recovering ctrl (Ruozhu Li) - NFC: nxp-nci: don't print header length mismatch on i2c error (Michael Walle) - net: tipc: fix possible refcount leak in tipc_sk_create() (Hangyu Hua) - platform/x86: hp-wmi: Ignore Sanitization Mode event (Kai-Heng Feng) - cpufreq: pmac32-cpufreq: Fix refcount leak bug (Liang He) - netfilter: br_netfilter: do not skip all hooks with 0 priority (Florian Westphal) - virtio_mmio: Restore guest page size on resume (Stephan Gerhold) - virtio_mmio: Add missing PM calls to freeze/restore (Stephan Gerhold) - mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE (Muchun Song) - sfc: fix kernel panic when creating VF (Inigo Huguet) - seg6: bpf: fix skb checksum in bpf_push_seg6_encap() (Andrea Mayer) - seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors (Andrea Mayer) - seg6: fix skb checksum evaluation in SRH encapsulation/insertion (Andrea Mayer) - sfc: fix use after free when disabling sriov (Inigo Huguet) - net: ftgmac100: Hold reference returned by of_get_child_by_name() (Liang He) - ipv4: Fix data-races around sysctl_ip_dynaddr. (Kuniyuki Iwashima) - raw: Fix a data-race around sysctl_raw_l3mdev_accept. (Kuniyuki Iwashima) - icmp: Fix a data-race around sysctl_icmp_ratemask. (Kuniyuki Iwashima) - icmp: Fix a data-race around sysctl_icmp_ratelimit. (Kuniyuki Iwashima) - drm/i915/gt: Serialize TLB invalidates with GT resets (Chris Wilson) - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (Michal Suchanek) - ARM: dts: at91: sama5d2: Fix typo in i2s1 node (Ryan Wanner) - ipv4: Fix a data-race around sysctl_fib_sync_mem. (Kuniyuki Iwashima) - icmp: Fix data-races around sysctl. (Kuniyuki Iwashima) - cipso: Fix data-races around sysctl. (Kuniyuki Iwashima) - net: Fix data-races around sysctl_mem. (Kuniyuki Iwashima) - inetpeer: Fix data-races around sysctl. (Kuniyuki Iwashima) - net: stmmac: dwc-qos: Disable split header for Tegra194 (Jon Hunter) - ASoC: sgtl5000: Fix noise on shutdown/remove (Francesco Dolcini) - ima: Fix a potential integer overflow in ima_appraise_measurement (Huaxin Lu) - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (Hangyu Hua) - ARM: 9210/1: Mark the FDT_FIXED sections as shareable (Zhen Lei) - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (Ard Biesheuvel) - ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (Kris Bahnsen) - ext4: fix race condition between ext4_write and ext4_convert_inline_data (Baokun Li) - Revert 'evm: Fix memleak in init_desc' (Xiu Jianfeng) - nilfs2: fix incorrect masking of permission flags for symlinks (Ryusuke Konishi) - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (Dmitry Osipenko) - cgroup: Use separate src/dst nodes when preloading css_sets for migration (Tejun Heo) - wifi: mac80211: fix queue selection for mesh/OCB interfaces (Felix Fietkau) - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (Ard Biesheuvel) - ARM: 9213/1: Print message about disabled Spectre workarounds only once (Dmitry Osipenko) - ip: fix dflt addr selection for connected nexthop (Nicolas Dichtel) - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (Steven Rostedt (Google)) - tracing/histograms: Fix memory leak problem (Zheng Yejian) - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (Juergen Gross) - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (Meng Tang) - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (Meng Tang) - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (Meng Tang) - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (Meng Tang) - ALSA: hda - Add fixup for Dell Latitidue E5430 (Meng Tang) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21499 CVE-2022-3028 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 8 Oracle Linux 9 [5.15.0-3.60.5.1] - fs: remove no_llseek (Jason A. Donenfeld) [Orabug: 34721465] - vfio: do not set FMODE_LSEEK flag (Jason A. Donenfeld) [Orabug: 34721465] - dma-buf: remove useless FMODE_LSEEK flag (Jason A. Donenfeld) [Orabug: 34721465] - fs: do not compare against ->llseek (Jason A. Donenfeld) [Orabug: 34721465] - fs: clear or set FMODE_LSEEK based on llseek function (Jason A. Donenfeld) [Orabug: 34721465] [5.15.0-3.60.5] - hwmon: (opbmc) Add support for AST2600 based Pilot (Jan Zdarek) [Orabug: 34605427] - random: Fix incorrect type for 'rc' variable (Harshit Mogalapalli) [Orabug: 34596909] [5.15.0-3.60.4] - netfilter: ebtables: reject blobs that don't provide all entry points (Florian Westphal) [Orabug: 34513977] - uek-rpm: Disable CONFIG_CRYPTO_STREEBOG (Victor Erminpour) [Orabug: 34538054] - uek-rpm: Disable CONFIG_CRYPTO_SM3 (Victor Erminpour) [Orabug: 34538054] - uek-rpm: Disable CONFIG_CRYPTO_SM4 (Victor Erminpour) [Orabug: 34538054] - af_key: Do not call xfrm_probe_algs in parallel (Herbert Xu) [Orabug: 34566751] {CVE-2022-3028} - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (Tetsuo Handa) [Orabug: 34567776] cpus_read_lock() deadlock (Tejun Heo) [Orabug: 34567776] [5.15.0-3.60.3] - audit: annotate branch direction for audit_in_mask() (Ankur Arora) [Orabug: 34544783] - audit: cache ctx->major in audit_filter_syscall() (Ankur Arora) [Orabug: 34544783] [5.15.0-3.60.2] - LTS version: v5.15.60 (Jack Vogel) - x86/speculation: Add LFENCE to RSB fill sequence (Pawan Gupta) - x86/speculation: Add RSB VM Exit protections (Daniel Sneddon) - macintosh/adb: fix oob read in do_adb_query() function (Ning Qiang) - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586 (Hilda Wu) - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587 (Hilda Wu) - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558 (Hilda Wu) - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675 (Hilda Wu) - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007 (Hilda Wu) - Bluetooth: btusb: Add support of IMC Networks PID 0x3568 (Aaron Ma) - dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding (Ahmad Fatoum) - Bluetooth: hci_bcm: Add DT compatible for CYW55572 (Hakan Jansson) - Bluetooth: hci_bcm: Add BCM4349B1 variant (Ahmad Fatoum) - btrfs: zoned: fix critical section of relocation inode writeback (Naohiro Aota) - btrfs: zoned: prevent allocation from previous data relocation BG (Naohiro Aota) - arm64: set UXN on swapper page tables (Peter Collingbourne) - KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (Mingwei Zhang) - selftests: KVM: Handle compiler optimizations in ucall (Raghavendra Rao Ananta) - tools/kvm_stat: fix display of error when multiple processes are found (Dmitry Klochkov) - KVM: selftests: Make hyperv_clock selftest more stable (Vitaly Kuznetsov) - KVM: x86: do not set st->preempted when going back to user space (Paolo Bonzini) - KVM: x86: do not report a vCPU as preempted outside instruction boundaries (Paolo Bonzini) [Orabug: 34571000] {CVE-2022-39189} - crypto: arm64/poly1305 - fix a read out-of-bound (GUO Zihua) - ACPI: APEI: Better fix to avoid spamming the console with old error logs (Tony Luck) - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (Werner Sembach) - ACPI: video: Force backlight native for some TongFang devices (Werner Sembach) - tools/vm/slabinfo: Handle files in debugfs (Stephane Graber) - block: fix default IO priority handling again (Jan Kara) - selftests/bpf: Check dst_port only on the client socket (Jakub Sitnicki) - selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads (Jakub Sitnicki) - x86/speculation: Make all RETbleed mitigations 64-bit only (Ben Hutchings) - LTS version: v5.15.59 (Jack Vogel) - x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (Thadeu Lima de Souza Cascardo) - docs/kernel-parameters: Update descriptions for 'mitigations=' param with retbleed (Eiichi Tsukata) - EDAC/ghes: Set the DIMM label unconditionally (Toshi Kani) - ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow (Florian Fainelli) - page_alloc: fix invalid watermark check on a negative value (Jaewon Kim) - mm/hmm: fault non-owner device private entries (Ralph Campbell) - ARM: crypto: comment out gcc warning that breaks clang builds (Greg Kroah-Hartman) - sctp: leave the err path free in sctp_stream_init to sctp_stream_free (Xin Long) - sfc: disable softirqs for ptp TX (Alejandro Lucero) - perf symbol: Correct address for bss symbols (Leo Yan) - virtio-net: fix the race between refill work and close (Jason Wang) - netfilter: nf_queue: do not allow packet truncation below transport header offset (Florian Westphal) - octeontx2-pf: cn10k: Fix egress ratelimit configuration (Sunil Goutham) - sctp: fix sleep in atomic context bug in timer handlers (Duoming Zhou) - i40e: Fix interface init with MSI interrupts (no MSI-X) (Michal Maloszewski) - ipv4: Fix data-races around sysctl_fib_notify_on_flag_change. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_reflect_tos. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_comp_sack_nr. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_comp_sack_slack_ns. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns. (Kuniyuki Iwashima) - net: Fix data-races around sysctl_[rw]mem(_offset)?. (Kuniyuki Iwashima) - tcp: Fix data-races around sk_pacing_rate. (Kuniyuki Iwashima) - net: mld: fix reference count leak in mld_{query | report}_work() (Taehee Yoo) - net: macsec: fix potential resource leak in macsec_add_rxsa() and macsec_add_txsa() (Jianglei Nie) - macsec: always read MACSEC_SA_ATTR_PN as a u64 (Sabrina Dubroca) - macsec: limit replay window size with XPN (Sabrina Dubroca) - macsec: fix error message in macsec_add_rxsa and _txsa (Sabrina Dubroca) - macsec: fix NULL deref in macsec_add_rxsa (Sabrina Dubroca) - Documentation: fix sctp_wmem in ip-sysctl.rst (Xin Long) - tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_autocorking. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_min_tso_segs. (Kuniyuki Iwashima) - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (Liang He) - net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii (Vladimir Oltean) - igmp: Fix data-races around sysctl_igmp_qrv. (Kuniyuki Iwashima) - net/tls: Remove the context from the list in tls_device_down (Maxim Mikityanskiy) - ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr (Ziyang Xuan) - net: ping6: Fix memleak in ipv6_renew_options(). (Kuniyuki Iwashima) - scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown (David Jeffery) - tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_limit_output_bytes. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_moderate_rcvbuf. (Kuniyuki Iwashima) - octeontx2-pf: Fix UDP/TCP src and dst port tc filters (Subbaraya Sundeep) - Revert 'tcp: change pingpong threshold to 3' (Wei Wang) - scsi: ufs: host: Hold reference returned by of_parse_phandle() (Liang He) - ice: do not setup vlan for loopback VSI (Maciej Fijalkowski) - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (Maciej Fijalkowski) - tcp: Fix data-races around sysctl_tcp_no_ssthresh_metrics_save. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_nometrics_save. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_frto. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_adv_win_scale. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_app_win. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_dsack. (Kuniyuki Iwashima) - watch_queue: Fix missing locking in add_watch_to_object() (Linus Torvalds) - watch_queue: Fix missing rcu annotation (David Howells) - drm/simpledrm: Fix return type of simpledrm_simple_display_pipe_mode_valid() (Nathan Chancellor) - nouveau/svm: Fix to migrate all requested pages (Alistair Popple) - s390/archrandom: prevent CPACF trng invocations in interrupt context (Harald Freudenberger) - asm-generic: remove a broken and needless ifdef conditional (Lukas Bulwahn) - hugetlb: fix memoryleak in hugetlb_mcopy_atomic_pte (Miaohe Lin) - mm: fix page leak with multiple threads mapping the same page (Josef Bacik) - secretmem: fix unhandled fault in truncate (Mike Rapoport) - fs: sendfile handles O_NONBLOCK of out_fd (Andrei Vagin) - ntfs: fix use-after-free in ntfs_ucsncmp() (ChenXiaoSong) - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (Luiz Augusto von Dentz) - LTS version: v5.15.58 (Jack Vogel) - drm/amd/display: Fix wrong format specifier in amdgpu_dm.c (Hayden Goodfellow) - x86/entry_32: Fix segment exceptions (Peter Zijlstra) - drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq() (Dan Carpenter) - x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (Jan Beulich) - KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (Maxim Levitsky) - x86/extable: Prefer local labels in .set directives (Nick Desaulniers) - drm/amd/display: invalid parameter check in dmub_hpd_callback (Jose Exposito) - drm/amd/display: Don't lock connection_mutex for DMUB HPD (Nicholas Kazlauskas) - watch-queue: remove spurious double semicolon (Linus Torvalds) - net: usb: ax88179_178a needs FLAG_SEND_ZLP (Jose Alonso) - tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() (Jiri Slaby) - tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() (Jiri Slaby) - tty: drop tty_schedule_flip() (Jiri Slaby) - tty: the rest, stop using tty_schedule_flip() (Jiri Slaby) - tty: drivers/tty/, stop using tty_schedule_flip() (Jiri Slaby) - watchqueue: make sure to serialize 'wqueue->defunct' properly (Linus Torvalds) - drm/amd/display: Fix surface optimization regression on Carrizo (Nicholas Kazlauskas) - drm/amd/display: Optimize bandwidth on following fast update (Nicholas Kazlauskas) - drm/amd/display: Reset DMCUB before HW init (Nicholas Kazlauskas) - exfat: use updated exfat_chain directly during renaming (Sungjong Seo) - Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (Luiz Augusto von Dentz) - Bluetooth: SCO: Fix sco_send_frame returning skb->len (Luiz Augusto von Dentz) - Bluetooth: Fix passing NULL to PTR_ERR (Luiz Augusto von Dentz) - Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (Luiz Augusto von Dentz) - Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (Luiz Augusto von Dentz) - Bluetooth: Add bt_skb_sendmmsg helper (Luiz Augusto von Dentz) - Bluetooth: Add bt_skb_sendmsg helper (Luiz Augusto von Dentz) - um: virtio_uml: Fix broken device handling in time-travel (Johannes Berg) - um: virtio_uml: Allow probing from devicetree (Vincent Whitchurch) - tracing: Fix return value of trace_pid_write() (Wonhyuk Yang) - tracing: Place trace_pid_list logic into abstract functions (Steven Rostedt (VMware)) - tracing: Have event format check not flag %p* on __get_dynamic_array() (Steven Rostedt (Google)) - exfat: fix referencing wrong parent directory information after renaming (Yuezhang Mo) - crypto: qat - re-enable registration of algorithms (Giovanni Cabiddu) - crypto: qat - add param check for DH (Giovanni Cabiddu) - crypto: qat - add param check for RSA (Giovanni Cabiddu) - crypto: qat - remove dma_free_coherent() for DH (Giovanni Cabiddu) - crypto: qat - remove dma_free_coherent() for RSA (Giovanni Cabiddu) - crypto: qat - fix memory leak in RSA (Giovanni Cabiddu) - crypto: qat - add backlog mechanism (Giovanni Cabiddu) - crypto: qat - refactor submission logic (Giovanni Cabiddu) - crypto: qat - use pre-allocated buffers in datapath (Giovanni Cabiddu) - crypto: qat - set to zero DH parameters before free (Giovanni Cabiddu) - iwlwifi: fw: uefi: add missing include guards (Johannes Berg) - mt76: fix use-after-free by removing a non-RCU wcid pointer (Felix Fietkau) - xhci: Set HCD flag to defer primary roothub registration (Kishon Vijay Abraham I) - xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit (Mathias Nyman) - xhci: dbc: create and remove dbc structure in dbgtty driver. (Mathias Nyman) - xhci: dbc: refactor xhci_dbc_init() (Mathias Nyman) - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (Sean Christopherson) - x86/extable: Extend extable functionality (Peter Zijlstra) - x86/entry_32: Remove .fixup usage (Peter Zijlstra) - bitfield.h: Fix 'type of reg too small for mask' test (Peter Zijlstra) - x86/extable: Provide EX_TYPE_DEFAULT_MCE_SAFE and EX_TYPE_FAULT_MCE_SAFE (Thomas Gleixner) - x86/extable: Rework the exception table mechanics (Thomas Gleixner) - x86/mce: Deduplicate exception handling (Thomas Gleixner) - x86/extable: Get rid of redundant macros (Thomas Gleixner) - x86/extable: Tidy up redundant handler functions (Thomas Gleixner) - x86/uaccess: Implement macros for CMPXCHG on user addresses (Peter Zijlstra) - dlm: fix pending remove if msg allocation fails (Alexander Aring) - sched/deadline: Fix BUG_ON condition for deboosted tasks (Juri Lelli) - bpf: Make sure mac_header was set before using it (Eric Dumazet) - mm/mempolicy: fix uninit-value in mpol_rebind_policy() (Wang Cheng) - KVM: Don't null dereference ops->destroy (Alexey Kardashevskiy) - spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers (Marc Kleine-Budde) - KVM: selftests: Fix target thread to be migrated in rseq_test (Gavin Shan) - gpio: gpio-xilinx: Fix integer overflow (Srinivas Neeli) - tcp: Fix data-races around sysctl_tcp_max_reordering. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_abort_on_overflow. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_rfc1337. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_stdurg. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_retrans_collapse. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_slow_start_after_idle. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_recovery. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_early_retrans. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl knobs related to SYN option. (Kuniyuki Iwashima) - udp: Fix a data-race around sysctl_udp_l3mdev_accept. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_prot_sock. (Kuniyuki Iwashima) - ipv4: Fix data-races around sysctl_fib_multipath_hash_fields. (Kuniyuki Iwashima) - ipv4: Fix data-races around sysctl_fib_multipath_hash_policy. (Kuniyuki Iwashima) - ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh. (Kuniyuki Iwashima) - drm/imx/dcss: Add missing of_node_put() in fail path (Liang He) - net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (Oleksij Rempel) - net: dsa: sja1105: silent spi_device_id warnings (Oleksij Rempel) - be2net: Fix buffer overflow in be_get_module_eeprom (Hristo Venev) - gpio: pca953x: use the correct register address when regcache sync during init (Haibo Chen) - gpio: pca953x: use the correct range when do regmap sync (Haibo Chen) - gpio: pca953x: only use single read/write for No AI mode (Haibo Chen) - net: stmmac: remove redunctant disable xPCS EEE call (Wong Vee Khee) - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (Piotr Skajewski) - i40e: Fix erroneous adapter reinitialization during recovery process (Dawid Lukwinski) - pinctrl: armada-37xx: use raw spinlocks for regmap to avoid invalid wait context (Vladimir Oltean) - pinctrl: armada-37xx: Convert to use dev_err_probe() (Andy Shevchenko) - pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource() (Andy Shevchenko) - pinctrl: armada-37xx: Use temporary variable for struct device (Andy Shevchenko) - iavf: Fix handling of dummy receive descriptors (Przemyslaw Patynowski) - tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_fastopen. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_max_syn_backlog. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_tw_reuse. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_notsent_lowat. (Kuniyuki Iwashima) - tcp: Fix data-races around some timeout sysctl knobs. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_reordering. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_migrate_req. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_syncookies. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_syn(ack)?_retries. (Kuniyuki Iwashima) - tcp: Fix data-races around keepalive sysctl knobs. (Kuniyuki Iwashima) - igmp: Fix data-races around sysctl_igmp_max_msf. (Kuniyuki Iwashima) - igmp: Fix a data-race around sysctl_igmp_max_memberships. (Kuniyuki Iwashima) - igmp: Fix data-races around sysctl_igmp_llm_reports. (Kuniyuki Iwashima) - net/tls: Fix race in TLS device down flow (Tariq Toukan) - net: stmmac: fix dma queue left shift overflow issue (Junxiao Chang) - perf tests: Fix Convert perf time to TSC test for hybrid (Adrian Hunter) - i2c: cadence: Change large transfer count reset logic to be unconditional (Robert Hancock) - i2c: mlxcpld: Fix register setting for 400KHz frequency (Vadim Pasternak) - net: ipv4: use kfree_skb_reason() in ip_rcv_finish_core() (Menglong Dong) - net: ipv4: use kfree_skb_reason() in ip_rcv_core() (Menglong Dong) - net: netfilter: use kfree_drop_reason() for NF_DROP (Menglong Dong) - net: skb_drop_reason: add document for drop reasons (Menglong Dong) - net: socket: rename SKB_DROP_REASON_SOCKET_FILTER (Menglong Dong) - net: skb: use kfree_skb_reason() in __udp4_lib_rcv() (Menglong Dong) - net: skb: use kfree_skb_reason() in tcp_v4_rcv() (Menglong Dong) - net: skb: introduce kfree_skb_reason() (Menglong Dong) - net: dsa: microchip: ksz_common: Fix refcount leak bug (Liang He) - mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times (Sascha Hauer) - mtd: rawnand: gpmi: validate controller clock rate (Dario Binacchi) - net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (Biao Huang) - net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (Biao Huang) - tcp: Fix a data-race around sysctl_tcp_probe_interval. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_probe_threshold. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_min_snd_mss. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_base_mss. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_mtu_probing. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_l3mdev_accept. (Kuniyuki Iwashima) - tcp: sk->sk_bound_dev_if once in inet_request_bound_dev_if() (Eric Dumazet) - tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. (Kuniyuki Iwashima) - ip: Fix a data-race around sysctl_fwmark_reflect. (Kuniyuki Iwashima) - ip: Fix a data-race around sysctl_ip_autobind_reuse. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_nonlocal_bind. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_fwd_update_priority. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_fwd_use_pmtu. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_no_pmtu_disc. (Kuniyuki Iwashima) - igc: Reinstate IGC_REMOVED logic and implement it properly (Lennert Buytenhek) - Revert 'e1000e: Fix possible HW unit hang after an s0ix exit' (Sasha Neftin) - e1000e: Enable GPT clock before sending message to CSME (Sasha Neftin) - nvme: fix block device naming collision (Israel Rukshin) - nvme: check for duplicate identifiers earlier (Christoph Hellwig) - scsi: ufs: core: Drop loglevel of WriteBoost message (Bjorn Andersson) - scsi: megaraid: Clear READ queue map's nr_queues (Ming Lei) - drm/amd/display: Ignore First MST Sideband Message Return Error (Fangzhi Zuo) - drm/amdgpu/display: add quirk handling for stutter mode (Alex Deucher) - drm/amd/display: Fork thread to offload work of hpd_rx_irq (Wayne Lin) - drm/amd/display: Add option to defer works of hpd_rx_irq (Wayne Lin) - drm/amd/display: Support for DMUB HPD interrupt handling (Jude Shih) - tcp: Fix data-races around sysctl_tcp_ecn. (Kuniyuki Iwashima) - sysctl: move some boundary constants from sysctl.c to sysctl_vals (Xiaoming Ni) - mm/pagealloc: sysctl: change watermark_scale_factor max limit to 30% (Suren Baghdasaryan) - net: tun: split run_ebpf_filter() and pskb_trim() into different 'if statement' (Dongli Zhang) - ipv4/tcp: do not use per netns ctl sockets (Eric Dumazet) - perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (Peter Zijlstra) - pinctrl: ralink: Check for null return of devm_kcalloc (William Dean) - pinctrl: ralink: rename pinctrl-rt2880 to pinctrl-ralink (Arinc UNAL) - pinctrl: ralink: rename MT7628(an) functions to MT76X8 (Arinc UNAL) - RDMA/irdma: Fix sleep from invalid context BUG (Mustafa Ismail) - RDMA/irdma: Do not advertise 1GB page size for x722 (Mustafa Ismail) - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (Miaoqian Lin) - xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() (Hangyu Hua) - ip: Fix data-races around sysctl_ip_default_ttl. (Kuniyuki Iwashima) - r8152: fix a WOL issue (Hayes Wang) - xfs: fix perag reference leak on iteration race with growfs (Brian Foster) - xfs: terminate perag iteration reliably on agcount (Brian Foster) - xfs: rename the next_agno perag iteration variable (Brian Foster) - xfs: fold perag loop iteration logic into helper function (Brian Foster) - xfs: fix maxlevels comparisons in the btree staging code (Darrick J. Wong) - mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (Christophe JAILLET) - mt76: mt7921e: fix possible probe failure after reboot (Sean Wang) - mt76: mt7921: use physical addr to unify register access (Sean Wang) - Revert 'mt76: mt7921e: fix possible probe failure after reboot' (Sean Wang) - Revert 'mt76: mt7921: Fix the error handling path of mt7921_pci_probe()' (Sean Wang) - batman-adv: Use netif_rx_any_context() any. (Sebastian Andrzej Siewior) - serial: mvebu-uart: correctly report configured baudrate value (Pali Rohar) - PCI: hv: Fix interrupt mapping for multi-MSI (Jeffrey Hugo) - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (Jeffrey Hugo) - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (Jeffrey Hugo) - PCI: hv: Fix multi-MSI to allow more than one MSI vector (Jeffrey Hugo) - Revert 'selftest/vm: verify mmap addr in mremap_test' (Oleksandr Tymoshenko) - Revert 'selftest/vm: verify remap destination address in mremap_test' (Oleksandr Tymoshenko) - bus: mhi: host: pci_generic: add Telit FN990 (Daniele Palmas) - bus: mhi: host: pci_generic: add Telit FN980 v1 hardware revision (Daniele Palmas) - drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (Christian Konig) - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (Ido Schimmel) - riscv: add as-options for modules with assembly compontents (Ben Dooks) - pinctrl: stm32: fix optional IRQ support to gpios (Fabien Dessenne) - LTS version: v5.15.57 (Jack Vogel) - x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds (Peter Zijlstra) - um: Add missing apply_returns() (Peter Zijlstra) - x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (Jiri Slaby) - x86/xen: Fix initialisation in hypercall_page after rethunk (Ben Hutchings) - x86/static_call: Serialize __static_call_fixup() properly (Thomas Gleixner) - x86/speculation: Disable RRSBA behavior (Pawan Gupta) - x86/kexec: Disable RET on kexec (Konrad Rzeszutek Wilk) - x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) - x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry (Peter Zijlstra) - x86/bugs: Add Cannon lake to RETBleed affected CPU list (Pawan Gupta) - x86/retbleed: Add fine grained Kconfig knobs (Peter Zijlstra) - objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (Josh Poimboeuf) - objtool: Add entry UNRET validation (Peter Zijlstra) - x86/xen: Add UNTRAIN_RET (Peter Zijlstra) - intel_idle: Disable IBRS during long idle (Peter Zijlstra) - x86: Add magic AMD return-thunk (Peter Zijlstra) - x86/entry: Avoid very early RET (Peter Zijlstra) - x86/ftrace: Use alternative RET encoding (Peter Zijlstra) - objtool: skip non-text sections when adding return-thunk sites (Thadeu Lima de Souza Cascardo) - bpf,x86: Respect X86_FEATURE_RETPOLINE* (Peter Zijlstra) - bpf,x86: Simplify computing label offsets (Peter Zijlstra) - x86/alternative: Add debug prints to apply_retpolines() (Peter Zijlstra) - x86/alternative: Try inline spectre_v2=retpoline,amd (Peter Zijlstra) - x86/alternative: Handle Jcc __x86_indirect_thunk_ eg (Peter Zijlstra) - x86/alternative: Implement .retpoline_sites support (Peter Zijlstra) - x86/retpoline: Create a retpoline thunk array (Peter Zijlstra) - x86/retpoline: Move the retpoline thunk declarations to nospec-branch.h (Peter Zijlstra) - x86/asm: Fixup odd GEN-for-each-reg.h usage (Peter Zijlstra) - x86/asm: Fix register order (Peter Zijlstra) - x86/retpoline: Remove unused replacement symbols (Peter Zijlstra) - objtool: Introduce CFI hash (Peter Zijlstra) - objtool,x86: Replace alternatives with .retpoline_sites (Peter Zijlstra) - objtool: Shrink struct instruction (Peter Zijlstra) - objtool: Explicitly avoid self modifying code in .altinstr_replacement (Peter Zijlstra) - objtool: Fix SLS validation for kcov tail-call replacement (Peter Zijlstra) - objtool: Classify symbols (Peter Zijlstra) - x86/entry: Don't call error_entry() for XENPV (Lai Jiangshan) - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (Lai Jiangshan) - x86/entry: Switch the stack after error_entry() returns (Lai Jiangshan) - x86/traps: Use pt_regs directly in fixup_bad_iret() (Lai Jiangshan) - LTS version: v5.15.56 (Jack Vogel) - drm/aperture: Run fbdev removal before internal helpers (Thomas Zimmermann) - x86/pat: Fix x86_has_pat_wp() (Juergen Gross) - serial: 8250: Fix PM usage_count for console handover (Ilpo Jarvinen) - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (Ilpo Jarvinen) - serial: stm32: Clear prev values before setting RTS delays (Ilpo Jarvinen) - serial: 8250: fix return error code in serial8250_request_std_resource() (Yi Yang) - vt: fix memory overlapping when deleting chars in the buffer (Yangxi Xiang) - tty: serial: samsung_tty: set dma burst_size to 1 (Chanho Park) - usb: dwc3: gadget: Fix event pending check (Thinh Nguyen) - usb: typec: add missing uevent when partner support PD (Linyu Yuan) - USB: serial: ftdi_sio: add Belimo device ids (Lucien Buchmann) - signal handling: don't use BUG_ON() for debugging (Linus Torvalds) - nvme-pci: phison e16 has bogus namespace ids (Keith Busch) - ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0) (Egor Vorontsov) - ALSA: usb-audio: Add quirk for Fiero SC-01 (Egor Vorontsov) - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (John Veness) - Revert 'can: xilinx_can: Limit CANFD brp to 2' (Srinivas Neeli) - ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 (Gabriel Fernandez) - soc: ixp4xx/npe: Fix unused match warning (Linus Walleij) - x86: Clear .brk area at early boot (Juergen Gross) - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (Stafford Horne) - ASoC: madera: Fix event generation for rate controls (Charles Keepax) - ASoC: madera: Fix event generation for OUT1 demux (Charles Keepax) - ASoC: cs47l15: Fix event generation for low power mux control (Charles Keepax) - ASoC: dapm: Initialise kcontrol data for mux/demux controls (Charles Keepax) - ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error (Shuming Fan) - ASoC: wm5110: Fix DRE control (Charles Keepax) - ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem (Hans de Goede) - ASoC: wcd938x: Fix event generation for some controls (Mark Brown) - ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow (Peter Ujfalusi) - ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe (Pierre-Louis Bossart) - ASoC: rt7*-sdw: harden jack_detect_handler (Pierre-Louis Bossart) - ASoC: rt711: fix calibrate mutex initialization (Pierre-Louis Bossart) - ASoC: Intel: sof_sdw: handle errors on card registration (Pierre-Louis Bossart) - ASoC: rt711-sdca-sdw: fix calibrate mutex initialization (Pierre-Louis Bossart) - ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove (Pierre-Louis Bossart) - pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux() (Haowen Bai) - ASoC: ops: Fix off by one in range control validation (Mark Brown) - net: sfp: fix memory leak in sfp_probe() (Jianglei Nie) - nvme: fix regression when disconnect a recovering ctrl (Ruozhu Li) - nvme-tcp: always fail a request when sending it failed (Sagi Grimberg) - NFC: nxp-nci: don't print header length mismatch on i2c error (Michael Walle) - net: tipc: fix possible refcount leak in tipc_sk_create() (Hangyu Hua) - fbdev: Disable sysfb device registration when removing conflicting FBs (Javier Martinez Canillas) - firmware: sysfb: Add sysfb_disable() helper function (Javier Martinez Canillas) - firmware: sysfb: Make sysfb_create_simplefb() return a pdev pointer (Javier Martinez Canillas) - platform/x86: hp-wmi: Ignore Sanitization Mode event (Kai-Heng Feng) - cpufreq: pmac32-cpufreq: Fix refcount leak bug (Liang He) - scsi: hisi_sas: Limit max hw sectors for v3 HW (John Garry) - netfilter: br_netfilter: do not skip all hooks with 0 priority (Florian Westphal) - virtio_mmio: Restore guest page size on resume (Stephan Gerhold) - virtio_mmio: Add missing PM calls to freeze/restore (Stephan Gerhold) - vduse: Tie vduse mgmtdev and its device (Parav Pandit) - vdpa/mlx5: Initialize CVQ vringh only once (Eli Cohen) - powerpc/xive/spapr: correct bitmap allocation size (Nathan Lynch) - ksmbd: use SOCK_NONBLOCK type for kernel_accept() (Namjae Jeon) - btrfs: zoned: fix a leaked bioc in read_zone_info (Christoph Hellwig) - btrfs: rename btrfs_bio to btrfs_io_context (Qu Wenruo) - mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE (Muchun Song) - ACPI: video: Fix acpi_video_handles_brightness_key_presses() (Hans de Goede) - net/tls: Check for errors in tls_device_init (Tariq Toukan) - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (Vitaly Kuznetsov) - net: atlantic: remove aq_nic_deinit() when resume (Chia-Lin Kao (AceLan)) - net: atlantic: remove deep parameter on suspend/resume functions (Chia-Lin Kao (AceLan)) - sfc: fix kernel panic when creating VF (Inigo Huguet) - seg6: bpf: fix skb checksum in bpf_push_seg6_encap() (Andrea Mayer) - seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors (Andrea Mayer) - seg6: fix skb checksum evaluation in SRH encapsulation/insertion (Andrea Mayer) - ceph: switch netfs read ops to use rreq->inode instead of rreq->mapping->host (Jeff Layton) - sfc: fix use after free when disabling sriov (Inigo Huguet) - drm/amd/pm: Prevent divide by zero (Yefim Barashkin) - drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines. (Mario Kleiner) - ima: Fix potential memory leak in ima_init_crypto() (Jianglei Nie) - ima: force signature verification when CONFIG_KEXEC_SIG is configured (Coiby Xu) - net: stmmac: fix leaks in probe (Dan Carpenter) - net: ftgmac100: Hold reference returned by of_get_child_by_name() (Liang He) - nexthop: Fix data-races around nexthop_compat_mode. (Kuniyuki Iwashima) - ipv4: Fix data-races around sysctl_ip_dynaddr. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_ecn_fallback. (Kuniyuki Iwashima) - raw: Fix a data-race around sysctl_raw_l3mdev_accept. (Kuniyuki Iwashima) - icmp: Fix a data-race around sysctl_icmp_ratemask. (Kuniyuki Iwashima) - icmp: Fix a data-race around sysctl_icmp_ratelimit. (Kuniyuki Iwashima) - icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr. (Kuniyuki Iwashima) - icmp: Fix a data-race around sysctl_icmp_ignore_bogus_error_responses. (Kuniyuki Iwashima) - icmp: Fix data-races around sysctl_icmp_echo_enable_probe. (Kuniyuki Iwashima) - sysctl: Fix data-races in proc_dointvec_ms_jiffies(). (Kuniyuki Iwashima) - sysctl: Fix data-races in proc_dou8vec_minmax(). (Kuniyuki Iwashima) - bnxt_en: Fix bnxt_refclk_read() (Pavan Chebbi) - bnxt_en: Fix bnxt_reinit_after_abort() code path (Michael Chan) - drm/i915: Require the vm mutex for i915_vma_bind() (Thomas Hellstrom) - drm/i915/uc: correctly track uc_fw init failure (Daniele Ceraolo Spurio) - drm/i915/gt: Serialize TLB invalidates with GT resets (Chris Wilson) - drm/i915/gt: Serialize GRDOM access between multiple engine resets (Chris Wilson) - drm/i915/dg2: Add Wa_22011100796 (Bruce Chang) - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (Dan Carpenter) - tracing: Fix sleeping while atomic in kdb ftdump (Douglas Anderson) - lockd: fix nlm_close_files (Jeff Layton) - lockd: set fl_owner when unlocking files (Jeff Layton) - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (Demi Marie Obenour) - drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist() (Dan Carpenter) - netfilter: nf_tables: replace BUG_ON by element length check (Pablo Neira Ayuso) - netfilter: nf_log: incorrect offset to network header (Pablo Neira Ayuso) - arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot (William Zhang) - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (William Zhang) - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (Michal Suchanek) - ARM: dts: at91: sama5d2: Fix typo in i2s1 node (Ryan Wanner) - ipv4: Fix a data-race around sysctl_fib_sync_mem. (Kuniyuki Iwashima) - icmp: Fix data-races around sysctl. (Kuniyuki Iwashima) - cipso: Fix data-races around sysctl. (Kuniyuki Iwashima) - net: Fix data-races around sysctl_mem. (Kuniyuki Iwashima) - inetpeer: Fix data-races around sysctl. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_max_orphans. (Kuniyuki Iwashima) - sysctl: Fix data races in proc_dointvec_jiffies(). (Kuniyuki Iwashima) - sysctl: Fix data races in proc_doulongvec_minmax(). (Kuniyuki Iwashima) - sysctl: Fix data races in proc_douintvec_minmax(). (Kuniyuki Iwashima) - sysctl: Fix data races in proc_dointvec_minmax(). (Kuniyuki Iwashima) - sysctl: Fix data races in proc_douintvec(). (Kuniyuki Iwashima) - sysctl: Fix data races in proc_dointvec(). (Kuniyuki Iwashima) - net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (Siddharth Vadapalli) - net: stmmac: dwc-qos: Disable split header for Tegra194 (Jon Hunter) - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (Peter Ujfalusi) - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (Peter Ujfalusi) - ASoC: tas2764: Fix amp gain register offset & default (Hector Martin) - ASoC: tas2764: Correct playback volume range (Hector Martin) - ASoC: tas2764: Fix and extend FSYNC polarity handling (Martin Poviser) - ASoC: tas2764: Add post reset delays (Martin Poviser) - ASoC: sgtl5000: Fix noise on shutdown/remove (Francesco Dolcini) - ima: Fix a potential integer overflow in ima_appraise_measurement (Huaxin Lu) - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (Hangyu Hua) - net/mlx5e: Ring the TX doorbell on DMA errors (Maxim Mikityanskiy) - net/mlx5e: Fix capability check for updating vnic env counters (Gal Pressman) - net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (Paul Blakey) - net/mlx5e: kTLS, Fix build time constant test in RX (Tariq Toukan) - net/mlx5e: kTLS, Fix build time constant test in TX (Tariq Toukan) - ARM: 9210/1: Mark the FDT_FIXED sections as shareable (Zhen Lei) - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (Ard Biesheuvel) - spi: amd: Limit max transfer and message size (Cristian Ciocaltea) - ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (Kris Bahnsen) - reset: Fix devm bulk optional exclusive control getter (Serge Semin) - xfs: drop async cache flushes from CIL commits. (Dave Chinner) - xfs: don't include bnobt blocks when reserving free block pool (Darrick J. Wong) - Revert 'evm: Fix memleak in init_desc' (Xiu Jianfeng) - sh: convert nommu io{re,un}map() to static inline functions (Geert Uytterhoeven) - nilfs2: fix incorrect masking of permission flags for symlinks (Ryusuke Konishi) - fs/remap: constrain dedupe of EOF blocks (Dave Chinner) - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (Dmitry Osipenko) - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (Dmitry Osipenko) - btrfs: return -EAGAIN for NOWAIT dio reads/writes on compressed and inline extents (Filipe Manana) - cgroup: Use separate src/dst nodes when preloading css_sets for migration (Tejun Heo) - wifi: mac80211: fix queue selection for mesh/OCB interfaces (Felix Fietkau) - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (Ard Biesheuvel) - ARM: 9213/1: Print message about disabled Spectre workarounds only once (Dmitry Osipenko) - ip: fix dflt addr selection for connected nexthop (Nicolas Dichtel) - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (Steven Rostedt (Google)) - tracing/histograms: Fix memory leak problem (Zheng Yejian) - mm: split huge PUD on wp_huge_pud fallback (Gowans, James) - mm: userfaultfd: fix UFFDIO_CONTINUE on fallocated shmem pages (Axel Rasmussen) - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (Juergen Gross) - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (Meng Tang) - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (Meng Tang) - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (Jeremy Szu) - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (Meng Tang) - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (Meng Tang) - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (Meng Tang) - ALSA: hda - Add fixup for Dell Latitidue E5430 (Meng Tang) - LTS version: v5.15.55 (Jack Vogel) - Revert 'mtd: rawnand: gpmi: Fix setting busy timeout setting' (Greg Kroah-Hartman) - LTS version: v5.15.54 (Jack Vogel) - selftests/net: fix section name when using xdp_dummy.o (Hangbin Liu) - dmaengine: idxd: force wq context cleanup on device disable path (Dave Jiang) - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (Miaoqian Lin) - dmaengine: qcom: bam_dma: fix runtime PM underflow (Caleb Connolly) - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (Miaoqian Lin) - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (Michael Walle) - dmaengine: lgm: Fix an error handling path in intel_ldma_probe() (Christophe JAILLET) - dmaengine: pl330: Fix lockdep warning about non-static key (Dmitry Osipenko) - ida: don't use BUG_ON() for debugging (Linus Torvalds) - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (Samuel Holland) - Revert 'serial: 8250_mtk: Make sure to select the right FEATURE_SEL' (AngeloGioacchino Del Regno) - Revert 'mm/memory-failure.c: fix race with changing page compound again' (Naoya Horiguchi) - misc: rtsx_usb: set return value in rsp_buf alloc err path (Shuah Khan) - misc: rtsx_usb: use separate command and response buffers (Shuah Khan) - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (Shuah Khan) - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (Peter Robinson) - i2c: cadence: Unregister the clk notifier in error path (Satish Nagireddy) - r8169: fix accessing unset transport header (Heiner Kallweit) - selftests: forwarding: fix error message in learning_test (Vladimir Oltean) - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (Vladimir Oltean) - selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (Vladimir Oltean) - ibmvnic: Properly dispose of all skbs during a failover. (Rick Lindsley) - ARM: dts: stm32: add missing usbh clock and fix clk order on stm32mp15 (Fabrice Gasnier) - ARM: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on stm32mp151 (Amelie Delaunay) - i40e: Fix VF's MAC Address change on VM (Norbert Zulinski) - i40e: Fix dropped jumbo frames statistics (Lukasz Cieplicki) - i2c: piix4: Fix a memory leak in the EFCH MMIO support (Jean Delvare) - xsk: Clear page contiguity bit when unmapping pool (Ivan Malov) - ARM: at91: fix soc detection for SAM9X60 SiPs (Mihai Sain) - ARM: dts: at91: sama5d2_icp: fix eeprom compatibles (Eugen Hristev) - ARM: dts: at91: sam9x60ek: fix eeprom compatible and size (Eugen Hristev) - ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt (Claudiu Beznea) - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (Claudiu Beznea) - ARM: at91: pm: use proper compatible for sama5d2's rtc (Claudiu Beznea) - arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo (Stephan Gerhold) - pinctrl: sunxi: sunxi_pconf_set: use correct offset (Andrei Lalaev) - arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc settings (Peng Fan) - arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad settings (Peng Fan) - arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad settings (Peng Fan) - arm64: dts: imx8mp-evk: correct I2C3 pad settings (Peng Fan) - arm64: dts: imx8mp-evk: correct I2C1 pad settings (Peng Fan) - arm64: dts: imx8mp-evk: correct eqos pad settings (Peng Fan) - arm64: dts: imx8mp-evk: correct vbus pad settings (Peng Fan) - arm64: dts: imx8mp-evk: correct gpio-led pad settings (Peng Fan) - arm64: dts: imx8mp-evk: correct the uart2 pinctl value (Sherry Sun) - arm64: dts: imx8mp-evk: correct mmc pad settings (Peng Fan) - ARM: mxs_defconfig: Enable the framebuffer (Fabio Estevam) - arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node (Dmitry Baryshkov) - arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (Konrad Dybcio) - ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect (Pierre-Louis Bossart) - ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver (Charles Keepax) - ASoC: rt711: Add endianness flag in snd_soc_component_driver (Charles Keepax) - pinctrl: sunxi: a83t: Fix NAND function name for some pins (Samuel Holland) - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (Miaoqian Lin) - tty: n_gsm: fix encoding of command/response bit (daniel.starke@siemens.com) - btrfs: fix use of uninitialized variable at rm device ioctl (Tom Rix) - virtio-blk: modify the value type of num in virtio_queue_rq() (Ye Guojin) - btrfs: fix error pointer dereference in btrfs_ioctl_rm_dev_v2() (Dan Carpenter) - Revert 'serial: sc16is7xx: Clear RS485 bits in the shutdown' (Hui Wang) - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (Jimmy Assarsson) - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (Jimmy Assarsson) - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (Jimmy Assarsson) - net: dsa: qca8k: reset cpu port on MTU change (Christian Marangi) - powerpc/powernv: delay rng platform device creation until later in boot (Jason A. Donenfeld) - video: of_display_timing.h: include errno.h (Hsin-Yi Wang) - memregion: Fix memregion_free() fallback definition (Dan Williams) - PM: runtime: Redefine pm_runtime_release_supplier() (Rafael J. Wysocki) - fbcon: Prevent that screen size is smaller than font size (Helge Deller) - fbcon: Disallow setting font bigger than screen size (Helge Deller) - fbmem: Check virtual screen sizes in fb_set_var() (Helge Deller) - fbdev: fbmem: Fix logo center image dx issue (Guiling Deng) - iommu/vt-d: Fix PCI bus rescan device hot add (Yian Chen) - module: fix [e_shstrndx].sh_size=0 OOB access (Alexey Dobriyan) - module: change to print useful messages from elf_validity_check() (Shuah Khan) - dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible (Bryan O'Donoghue) - dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC (Vladimir Lypak) - rxrpc: Fix locking issue (David Howells) - irqchip/gic-v3: Refactor ISB + EOIR at ack time (Mark Rutland) - irqchip/gic-v3: Ensure pseudo-NMIs have an ISB between ack and handling (Mark Rutland) - io_uring: avoid io-wq -EAGAIN looping for !IOPOLL (Pavel Begunkov) - Bluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event (Sean Wang) - Bluetooth: protect le accept and resolv lists with hdev->lock (Niels Dossche) - drm/mediatek: Add vblank register/unregister callback functions (Rex-BC Chen) - drm/mediatek: Add cmdq_handle in mtk_crtc (Chun-Kuang Hu) - drm/mediatek: Detect CMDQ execution timeout (Chun-Kuang Hu) - drm/mediatek: Remove the pointer of struct cmdq_client (Chun-Kuang Hu) - drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb (Chun-Kuang Hu) - drm/i915: Fix a race between vma / object destruction and unbinding (Thomas Hellstrom) - drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems (Richard Gong) - drm/amd: Refactor amdgpu_aspm to be evaluated per device (Mario Limonciello) - tty: n_gsm: fix invalid gsmtty_write_room() result (Daniel Starke) - serial: 8250_mtk: Make sure to select the right FEATURE_SEL (AngeloGioacchino Del Regno) - tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (Daniel Starke) - tty: n_gsm: fix invalid use of MSC in advanced option (Daniel Starke) - mm/hwpoison: fix race between hugetlb free/demotion and memory_failure_hugetlb() (Naoya Horiguchi) - mm/memory-failure.c: fix race with changing page compound again (Miaohe Lin) - mm/hwpoison: avoid the impact of hwpoison_filter() return value on mce handler (luofei) - mm/hwpoison: mf_mutex for soft offline and unpoison (Naoya Horiguchi) - KVM: Initialize debugfs_dentry when a VM is created to avoid NULL deref (Sean Christopherson) - btrfs: zoned: use dedicated lock for data relocation (Naohiro Aota) - btrfs: zoned: encapsulate inode locking for zoned relocation (Johannes Thumshirn) - tty: n_gsm: fix missing update of modem controls after DLCI open (Daniel Starke) - ALSA: usb-audio: add mapping for MSI MAG X570S Torpedo MAX. (Maurizio Avogadro) - ALSA: usb-audio: add mapping for MSI MPG X570S Carbon Max Wifi. (Johannes Schickel) - tty: n_gsm: fix frame reception handling (Daniel Starke) - tty: n_gsm: Save dlci address open status when config requester (Zhenguo Zhao) - tty: n_gsm: Modify CR,PF bit when config requester (Zhenguo Zhao) - KVM: Don't create VM debugfs files outside of the VM directory (Oliver Upton) - drm/amd/vcn: fix an error msg on vcn 3.0 (tiancyin) - ASoC: rt5682: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - ASoC: rt5682: move clk related code to rt5682_i2c_probe (Jack Yu) - uapi/linux/stddef.h: Add include guards (Tadeusz Struk) - stddef: Introduce DECLARE_FLEX_ARRAY() helper (Kees Cook) - bus: mhi: Fix pm_state conversion to string (Paul Davey) - bus: mhi: core: Use correctly sized arguments for bit field (Kees Cook) - serial: sc16is7xx: Clear RS485 bits in the shutdown (Hui Wang) - powerpc/tm: Fix more userspace r13 corruption (Nicholas Piggin) - powerpc: flexible GPR range save/restore macros (Nicholas Piggin) - powerpc/32: Don't use lmw/stmw for saving/restoring non volatile regs (Christophe Leroy) - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (Arun Easi) - KVM: s390x: fix SCK locking (Claudio Imbrenda) - btrfs: don't access possibly stale fs_info data in device_list_add (Dongliang Mu) - KVM: use __vcalloc for very large allocations (Paolo Bonzini) - mm: vmalloc: introduce array allocation functions (Paolo Bonzini) - Compiler Attributes: add __alloc_size() for better bounds checking (Kees Cook) - mtd: spi-nor: Skip erase logic when SPI_NOR_NO_ERASE is set (Tudor Ambarus) - batman-adv: Use netif_rx(). (Sebastian Andrzej Siewior) - iio: accel: mma8452: use the correct logic to get mma8452_data (Haibo Chen) - riscv/mm: Add XIP_FIXUP for riscv_pfn_base (Palmer Dabbelt) - NFSD: COMMIT operations must not return NFS?ERR_INVAL (Chuck Lever) - NFSD: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (Chuck Lever) - drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw (CHANDAN VURDIGERE NATARAJ) - drm/amd/display: Set min dcfclk if pipe count is 0 (Michael Strauss) - drbd: fix an invalid memory access caused by incorrect use of list iterator (Xiaomeng Tong) - drbd: Fix double free problem in drbd_create_device (Wu Bo) - drbd: add error handling support for add_disk() (Luis Chamberlain) - btrfs: remove device item and update super block in the same transaction (Qu Wenruo) - btrfs: use btrfs_get_dev_args_from_path in dev removal ioctls (Josef Bacik) - btrfs: add a btrfs_get_dev_args_from_path helper (Josef Bacik) - btrfs: handle device lookup with btrfs_dev_lookup_args (Josef Bacik) - vdpa/mlx5: Avoid processing works if workqueue was destroyed (Eli Cohen) - gfs2: Fix gfs2_file_buffered_write endless loop workaround (Andreas Gruenbacher) - scsi: qla2xxx: Fix crash during module load unload test (Arun Easi) - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (Quinn Tran) - scsi: qla2xxx: Fix laggy FC remote port session recovery (Quinn Tran) - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (Manish Rangankar) - KVM: x86/mmu: Use common TDP MMU zap helper for MMU notifier unmap hook (Sean Christopherson) - KVM: x86/mmu: Use yield-safe TDP MMU root iter in MMU notifier unmapping (Sean Christopherson) - clk: renesas: r9a07g044: Update multiplier and divider values for PLL2/3 (Lad Prabhakar) - cxl/port: Hold port reference until decoder release (Dan Williams) - mt76: mt7921: do not always disable fw runtime-pm (Lorenzo Bianconi) - mt76: mt76_connac: fix MCU_CE_CMD_SET_ROC definition error (Sean Wang) - media: davinci: vpif: fix use-after-free on driver unbind (Johan Hovold) - media: omap3isp: Use struct_group() for memcpy() region (Kees Cook) - stddef: Introduce struct_group() helper macro (Kees Cook) - block: fix rq-qos breakage from skipping rq_qos_done_bio() (Tejun Heo) - block: only mark bio as tracked if it really is tracked (Jens Axboe) - block: use bdev_get_queue() in bio.c (Pavel Begunkov) - io_uring: ensure that fsnotify is always called (Jens Axboe) - virtio-blk: avoid preallocating big SGL for data (Max Gurtovoy) - ibmvnic: Allow queueing resets during probe (Sukadev Bhattiprolu) - ibmvnic: clear fop when retrying probe (Sukadev Bhattiprolu) - ibmvnic: init init_done_rc earlier (Sukadev Bhattiprolu) - s390/setup: preserve memory at OLDMEM_BASE and OLDMEM_SIZE (Alexander Egorenkov) - s390/setup: use physical pointers for memblock_reserve() (Alexander Gordeev) - s390/boot: allocate amode31 section in decompressor (Alexander Gordeev) - netfilter: nft_payload: don't allow th access for fragments (Florian Westphal) - netfilter: nft_payload: support for inner header matching / mangling (Pablo Neira Ayuso) - netfilter: nf_tables: convert pktinfo->tprot_set to flags field (Pablo Neira Ayuso) - ASoC: rt5682: Fix deadlock on resume (Peter Ujfalusi) - ASoC: rt5682: Re-detect the combo jack after resuming (Derek Fang) - ASoC: rt5682: Avoid the unexpected IRQ event during going to suspend (Derek Fang) - net/mlx5e: TC, Reject rules with forward and drop actions (Roi Dayan) - net/mlx5e: TC, Reject rules with drop and modify hdr action (Roi Dayan) - net/mlx5e: Split actions_match_supported() into a sub function (Roi Dayan) - net/mlx5e: Check action fwd/drop flag exists also for nic flows (Roi Dayan) - RISC-V: defconfigs: Set CONFIG_FB=y, for FB console (Palmer Dabbelt) - riscv: defconfig: enable DRM_NOUVEAU (Heinrich Schuchardt) - bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (Hou Tao) - bpf: Stop caching subprog index in the bpf_pseudo_func insn (Martin KaFai Lau) - mt76: mt7921: fix a possible race enabling/disabling runtime-pm (Lorenzo Bianconi) - mt76: mt7921: introduce mt7921_mcu_set_beacon_filter utility routine (Lorenzo Bianconi) - mt76: mt7921: get rid of mt7921_mac_set_beacon_filter (Lorenzo Bianconi) - platform/x86: wmi: Fix driver->notify() vs ->probe() race (Hans de Goede) - platform/x86: wmi: Replace read_takes_no_args with a flags field (Hans de Goede) - platform/x86: wmi: introduce helper to convert driver to WMI driver (Barnabas Pocze) - qed: Improve the stack space of filter_config() (Shai Malin) - ath11k: add hw_param for wakeup_mhi (Seevalamuthu Mariappan) - memory: renesas-rpc-if: Avoid unaligned bus access for HyperFlash (Andrew Gabbasov) - media: ir_toy: prevent device from hanging during transmit (Sean Young) - PCI: pciehp: Ignore Link Down/Up caused by error-induced Hot Reset (Lukas Wunner) - PCI/portdrv: Rename pm_iter() to pcie_port_device_iter() (Lukas Wunner) - drm/i915: Replace the unconditional clflush with drm_clflush_virt_range() (Ville Syrjala) - drm/i915/gt: Register the migrate contexts with their engines (Thomas Hellstrom) - drm/i915: Disable bonding on gen12+ platforms (Matthew Brost) - btrfs: fix deadlock between chunk allocation and chunk btree modifications (Filipe Manana) - dma-buf/poll: Get a file reference for outstanding fence callbacks (Michel Danzer) - Input: goodix - try not to touch the reset-pin on x86/ACPI devices (Hans de Goede) - Input: goodix - refactor reset handling (Hans de Goede) - Input: goodix - add a goodix.h header file (Hans de Goede) - Input: goodix - change goodix_i2c_write() len parameter type to int (Hans de Goede) - Input: cpcap-pwrbutton - handle errors from platform_get_irq() (Tang Bin) - btrfs: fix warning when freeing leaf after subvolume creation failure (Filipe Manana) - btrfs: fix invalid delayed ref after subvolume creation failure (Filipe Manana) - btrfs: add additional parameters to btrfs_init_tree_ref/btrfs_init_data_ref (Nikolay Borisov) - btrfs: rename btrfs_alloc_chunk to btrfs_create_chunk (Nikolay Borisov) - netfilter: nft_set_pipapo: release elements in clone from abort path (Pablo Neira Ayuso) - net: rose: fix UAF bug caused by rose_t0timer_expiry (Duoming Zhou) - usbnet: fix memory leak in error case (Oliver Neukum) - bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals (Daniel Borkmann) - bpf: Fix incorrect verifier simulation around jmp32's jeq/jne (Daniel Borkmann) - can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on TBC register (Thomas Kopp) - can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for mcp2517fd (Thomas Kopp) - can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits (Marc Kleine-Budde) - can: m_can: m_can_chip_config(): actually enable internal timestamping (Marc Kleine-Budde) - can: gs_usb: gs_usb_open/close(): fix memory leak (Rhett Aultman) - can: grcan: grcan_probe(): remove extra of_node_get() (Liang He) - can: bcm: use call_rcu() instead of costly synchronize_rcu() (Oliver Hartkopp) - ALSA: cs46xx: Fix missing snd_card_free() call at probe error (Takashi Iwai) - ALSA: hda/realtek: Add quirk for Clevo L140PU (Tim Crawford) - ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (Takashi Iwai) - Revert 'selftests/bpf: Add test for bpf_timer overwriting crash' (Po-Hsu Lin) - mm/filemap: fix UAF in find_lock_entries (Liu Shixin) - mm/slub: add missing TID updates on slab deactivation (Jann Horn) - LTS version: v5.15.53 (Jack Vogel) - hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (Yang Yingliang) - hwmon: (occ) Prevent power cap command overwriting poll response (Eddie James) - hwmon: (occ) Remove sequence numbering and checksum calculation (Eddie James) - drm/fourcc: fix integer type usage in uapi header (Carlos Llamas) - platform/x86: panasonic-laptop: filter out duplicate volume up/down/mute keypresses (Hans de Goede) - platform/x86: panasonic-laptop: don't report duplicate brightness key-presses (Hans de Goede) - platform/x86: panasonic-laptop: revert 'Resolve hotkey double trigger bug' (Hans de Goede) - platform/x86: panasonic-laptop: sort includes alphabetically (Hans de Goede) - platform/x86: panasonic-laptop: de-obfuscate button codes (Stefan Seyfried) - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (Liang He) - drm/msm/gem: Fix error return on fence id alloc fail (Rob Clark) - drm/i915/gem: add missing else (katrinzhou) - net: fix IFF_TX_SKB_NO_LINEAR definition (Dan Carpenter) - fsi: occ: Force sequence numbering per OCC (Eddie James) - clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from ixp4xx_timer_setup() (Greg Kroah-Hartman) - net: usb: qmi_wwan: add Telit 0x1070 composition (Daniele Palmas) - xen/arm: Fix race in RB-tree based P2M accounting (Oleksandr Tyshchenko) - xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses() (Jan Beulich) - xen/blkfront: force data bouncing when backend is untrusted (Roger Pau Monne) - xen/netfront: force data bouncing when backend is untrusted (Roger Pau Monne) - xen/netfront: fix leaking data in shared pages (Roger Pau Monne) - xen/blkfront: fix leaking data in shared pages (Roger Pau Monne) - selftests/rseq: Change type of rseq_offset to ptrdiff_t (Mathieu Desnoyers) - selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (Mathieu Desnoyers) - selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (Mathieu Desnoyers) - selftests/rseq: Fix: work-around asm goto compiler bugs (Mathieu Desnoyers) - selftests/rseq: Remove arm/mips asm goto compiler work-around (Mathieu Desnoyers) - selftests/rseq: Fix warnings about #if checks of undefined tokens (Mathieu Desnoyers) - selftests/rseq: Fix ppc32 offsets by using long rather than off_t (Mathieu Desnoyers) - selftests/rseq: Fix ppc32 missing instruction selection 'u' and 'x' for load/store (Mathieu Desnoyers) - selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (Mathieu Desnoyers) - selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (Mathieu Desnoyers) - selftests/rseq: Introduce thread pointer getters (Mathieu Desnoyers) - selftests/rseq: Introduce rseq_get_abi() helper (Mathieu Desnoyers) - selftests/rseq: Remove volatile from __rseq_abi (Mathieu Desnoyers) - selftests/rseq: Remove useless assignment to cpu variable (Mathieu Desnoyers) - selftests/rseq: introduce own copy of rseq uapi header (Mathieu Desnoyers) - selftests/rseq: remove ARRAY_SIZE define from individual tests (Shuah Khan) - selftests/bpf: Add test_verifier support to fixup kfunc call insns (Kumar Kartikeya Dwivedi) - tcp: add a missing nf_reset_ct() in 3WHS handling (Eric Dumazet) - MAINTAINERS: add Leah as xfs maintainer for 5.15.y (Leah Rumancik) - net: tun: avoid disabling NAPI twice (Jakub Kicinski) - mlxsw: spectrum_router: Fix rollback in tunnel next hop init (Petr Machata) - ipv6: fix lockdep splat in in6_dump_addrs() (Eric Dumazet) - ipv6/sit: fix ipip6_tunnel_get_prl return value (katrinzhou) - tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (Eric Dumazet) - ACPI: video: Change how we determine if brightness key-presses are handled (Hans de Goede) - io_uring: ensure that send/sendmsg and recv/recvmsg check sqe->ioprio (Jens Axboe) - epic100: fix use after free on rmmod (Tong Zhang) - tipc: move bc link creation back to tipc_node_create (Xin Long) - NFC: nxp-nci: Don't issue a zero length i2c_master_read() (Michael Walle) - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - powerpc/memhotplug: Add add_pages override for PPC (Aneesh Kumar K.V) - net: bonding: fix use-after-free after 802.3ad slave unbind (Yevhen Orlov) - net: phy: ax88772a: fix lost pause advertisement configuration (Oleksij Rempel) - net: bonding: fix possible NULL deref in rlb code (Eric Dumazet) - net: asix: fix 'can't send until first packet is send' issue (Oleksij Rempel) - net/sched: act_api: Notify user space if any actions were flushed before error (Victor Nogueira) - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (Liang He) - netfilter: nft_dynset: restore set element counter when failing to update (Pablo Neira Ayuso) - s390: remove unneeded 'select BUILD_BIN2C' (Masahiro Yamada) - vdpa/mlx5: Update Control VQ callback information (Eli Cohen) - PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (Miaoqian Lin) - caif_virtio: fix race between virtio_device_ready() and ndo_open() (Jason Wang) - vfs: fix copy_file_range() regression in cross-fs copies (Amir Goldstein) - NFSD: restore EINVAL error translation in nfsd_commit() (Alexey Khoroshilov) - net: ipv6: unexport __init-annotated seg6_hmac_net_init() (YueHaibing) - selftests: mptcp: more stable diag tests (Paolo Abeni) - usbnet: fix memory allocation in helpers (Oliver Neukum) - net: usb: asix: do not force pause frames support (Oleksij Rempel) - linux/dim: Fix divide by 0 in RDMA DIM (Tao Liu) - RDMA/cm: Fix memory leak in ib_cm_insert_listen (Miaoqian Lin) - RDMA/qedr: Fix reporting QP timeout attribute (Kamal Heib) - net: dp83822: disable rx error interrupt (Enguerrand de Ribaucourt) - net: dp83822: disable false carrier interrupt (Enguerrand de Ribaucourt) - net: tun: stop NAPI when detaching queues (Jakub Kicinski) - net: tun: unlink NAPI from device on destruction (Jakub Kicinski) - net: dsa: bcm_sf2: force pause link settings (Doug Berger) - selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (Dimitris Michailidis) - virtio-net: fix race between ndo_open() and virtio_device_ready() (Jason Wang) - net: usb: ax88179_178a: Fix packet receiving (Jose Alonso) - net: rose: fix UAF bugs caused by timer handler (Duoming Zhou) - SUNRPC: Fix READ_PLUS crasher (Chuck Lever) - s390/archrandom: simplify back to earlier design and initialize earlier (Jason A. Donenfeld) - dm raid: fix KASAN warning in raid5_add_disks (Mikulas Patocka) - dm raid: fix accesses beyond end of raid member array (Heinz Mauelshagen) - powerpc/bpf: Fix use of user_pt_regs in uapi (Naveen N. Rao) - powerpc/book3e: Fix PUD allocation size in map_kernel_page() (Christophe Leroy) - powerpc/prom_init: Fix kernel config grep (Liam Howlett) - nvdimm: Fix badblocks clear off-by-one error (Chris Ye) - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1 (Lamarque Vieira Souza) - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP (AKA SPECTRIX S40G) (Pablo Greco) - net: phy: Don't trigger state machine while in suspend (Lukas Wunner) - ipv6: take care of disable_policy when restoring routes (Nicolas Dichtel) - ksmbd: use vfs_llseek instead of dereferencing NULL (Jason A. Donenfeld) - ksmbd: check invalid FileOffset and BeyondFinalZero in FSCTL_ZERO_DATA (Namjae Jeon) - ksmbd: set the range of bytes to zero without extending file size in FSCTL_ZERO_DATA (Namjae Jeon) - drm/amdgpu: To flush tlb for MMHUB of RAVEN series (Ruili Ji) - Revert 'drm/amdgpu/display: set vblank_disable_immediate for DC' (Alex Deucher) - cpufreq:cppc_cpufreq: prevent crash on reading freqdomain_cpus (chris hyser) [Orabug: 34327463] - vmcoreinfo: add kallsyms_num_syms symbol (Stephen Brennan) [Orabug: 34475877] - vmcoreinfo: include kallsyms symbols (Stephen Brennan) [Orabug: 34475877] - kallsyms: move declarations to internal header (Stephen Brennan) [Orabug: 34475877] - Revert 'KVM: x86: Print error code in exception injection tracepoint iff valid' (Sherry Yang) [Orabug: 34539458] - uek-rpm: Enable IMA_APPRAISE_SB_BOOTPARAM (Eric Snowberg) [Orabug: 34549007] - integrity: Allow ima_appraise bootparam to be set when SB is enabled (Eric Snowberg) [Orabug: 34549007] - net/mlx5: E-Switch, change VFs default admin state to auto in switchdev (Maor Dickman) [Orabug: 34533007] - Revert 'net/mlx5: E-Switch, change VFs default admin state to auto in switchdev' (Devesh Sharma) [Orabug: 34532946] - uek-rpm: Install kernel-rpm-macros as build dependency (Somasundaram Krishnasamy) [Orabug: 34529696] [5.15.0-3.52.1] - rds: ib: Fix lfstack to acquire visibility to list head (Hakon Bugge) [Orabug: 34522536] - locking/atomic: Make test_and_*_bit() ordered on failure (Hector Martin) [Orabug: 34520178] - intel_idle: make SPR C1 and C1E be independent (Artem Bityutskiy) [Orabug: 34510397] - intel_idle: Add AlderLake support (Zhang Rui) [Orabug: 34510397] - intel_idle: Fix SPR C6 optimization (Artem Bityutskiy) [Orabug: 34510397] - intel_idle: Fix the 'preferred_cstates' module parameter (Artem Bityutskiy) [Orabug: 34510397] - cpuidle: intel_idle: Drop redundant backslash at line end (Rafael J. Wysocki) [Orabug: 34510397] - mlx4: Subscribe to PXM notifier (Konrad Rzeszutek Wilk) [Orabug: 27206634] [Orabug: 34509446] - xen/pci: Add PXM node notifier for PXM (NUMA) changes. (Konrad Rzeszutek Wilk) [Orabug: 27206634] [Orabug: 34509446] - xen/pcifront: Walk the PCI bus after XenStore notification (Konrad Rzeszutek Wilk) [Orabug: 27206634] [Orabug: 34509446] - xen-pcifront/hvm: Slurp up 'pxm' entry and set NUMA node on PCIe device. (V5) (Konrad Rzeszutek Wilk) [Orabug: 34509446] - scsi: core: Fix warning in scsi_alloc_sgtables() (Jason Yan) [Orabug: 33857787] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3028 cpe:/o:oracle:linux:9:1:baseos_base cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 [5.15.0-3.60.5.1.el8] - fs: remove no_llseek (Jason A. Donenfeld) [Orabug: 34721465] - vfio: do not set FMODE_LSEEK flag (Jason A. Donenfeld) [Orabug: 34721465] - dma-buf: remove useless FMODE_LSEEK flag (Jason A. Donenfeld) [Orabug: 34721465] - fs: do not compare against ->llseek (Jason A. Donenfeld) [Orabug: 34721465] - fs: clear or set FMODE_LSEEK based on llseek function (Jason A. Donenfeld) [Orabug: 34721465] [5.15.0-3.60.5] - hwmon: (opbmc) Add support for AST2600 based Pilot (Jan Zdarek) [Orabug: 34605427] - random: Fix incorrect type for 'rc' variable (Harshit Mogalapalli) [Orabug: 34596909] [5.15.0-3.60.4] - netfilter: ebtables: reject blobs that don't provide all entry points (Florian Westphal) [Orabug: 34513977] - uek-rpm: Disable CONFIG_CRYPTO_STREEBOG (Victor Erminpour) [Orabug: 34538054] - uek-rpm: Disable CONFIG_CRYPTO_SM3 (Victor Erminpour) [Orabug: 34538054] - uek-rpm: Disable CONFIG_CRYPTO_SM4 (Victor Erminpour) [Orabug: 34538054] - af_key: Do not call xfrm_probe_algs in parallel (Herbert Xu) [Orabug: 34566751] {CVE-2022-3028} - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (Tetsuo Handa) [Orabug: 34567776] cpus_read_lock() deadlock (Tejun Heo) [Orabug: 34567776] [5.15.0-3.60.3] - audit: annotate branch direction for audit_in_mask() (Ankur Arora) [Orabug: 34544783] - audit: cache ctx->major in audit_filter_syscall() (Ankur Arora) [Orabug: 34544783] [5.15.0-3.60.2] - LTS version: v5.15.60 (Jack Vogel) - x86/speculation: Add LFENCE to RSB fill sequence (Pawan Gupta) - x86/speculation: Add RSB VM Exit protections (Daniel Sneddon) - macintosh/adb: fix oob read in do_adb_query() function (Ning Qiang) - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586 (Hilda Wu) - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587 (Hilda Wu) - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558 (Hilda Wu) - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675 (Hilda Wu) - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007 (Hilda Wu) - Bluetooth: btusb: Add support of IMC Networks PID 0x3568 (Aaron Ma) - dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding (Ahmad Fatoum) - Bluetooth: hci_bcm: Add DT compatible for CYW55572 (Hakan Jansson) - Bluetooth: hci_bcm: Add BCM4349B1 variant (Ahmad Fatoum) - btrfs: zoned: fix critical section of relocation inode writeback (Naohiro Aota) - btrfs: zoned: prevent allocation from previous data relocation BG (Naohiro Aota) - arm64: set UXN on swapper page tables (Peter Collingbourne) - KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (Mingwei Zhang) - selftests: KVM: Handle compiler optimizations in ucall (Raghavendra Rao Ananta) - tools/kvm_stat: fix display of error when multiple processes are found (Dmitry Klochkov) - KVM: selftests: Make hyperv_clock selftest more stable (Vitaly Kuznetsov) - KVM: x86: do not set st->preempted when going back to user space (Paolo Bonzini) - KVM: x86: do not report a vCPU as preempted outside instruction boundaries (Paolo Bonzini) [Orabug: 34571000] {CVE-2022-39189} - crypto: arm64/poly1305 - fix a read out-of-bound (GUO Zihua) - ACPI: APEI: Better fix to avoid spamming the console with old error logs (Tony Luck) - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (Werner Sembach) - ACPI: video: Force backlight native for some TongFang devices (Werner Sembach) - tools/vm/slabinfo: Handle files in debugfs (Stephane Graber) - block: fix default IO priority handling again (Jan Kara) - selftests/bpf: Check dst_port only on the client socket (Jakub Sitnicki) - selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads (Jakub Sitnicki) - x86/speculation: Make all RETbleed mitigations 64-bit only (Ben Hutchings) - LTS version: v5.15.59 (Jack Vogel) - x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (Thadeu Lima de Souza Cascardo) - docs/kernel-parameters: Update descriptions for 'mitigations=' param with retbleed (Eiichi Tsukata) - EDAC/ghes: Set the DIMM label unconditionally (Toshi Kani) - ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow (Florian Fainelli) - page_alloc: fix invalid watermark check on a negative value (Jaewon Kim) - mm/hmm: fault non-owner device private entries (Ralph Campbell) - ARM: crypto: comment out gcc warning that breaks clang builds (Greg Kroah-Hartman) - sctp: leave the err path free in sctp_stream_init to sctp_stream_free (Xin Long) - sfc: disable softirqs for ptp TX (Alejandro Lucero) - perf symbol: Correct address for bss symbols (Leo Yan) - virtio-net: fix the race between refill work and close (Jason Wang) - netfilter: nf_queue: do not allow packet truncation below transport header offset (Florian Westphal) - octeontx2-pf: cn10k: Fix egress ratelimit configuration (Sunil Goutham) - sctp: fix sleep in atomic context bug in timer handlers (Duoming Zhou) - i40e: Fix interface init with MSI interrupts (no MSI-X) (Michal Maloszewski) - ipv4: Fix data-races around sysctl_fib_notify_on_flag_change. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_reflect_tos. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_comp_sack_nr. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_comp_sack_slack_ns. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns. (Kuniyuki Iwashima) - net: Fix data-races around sysctl_[rw]mem(_offset)?. (Kuniyuki Iwashima) - tcp: Fix data-races around sk_pacing_rate. (Kuniyuki Iwashima) - net: mld: fix reference count leak in mld_{query | report}_work() (Taehee Yoo) - net: macsec: fix potential resource leak in macsec_add_rxsa() and macsec_add_txsa() (Jianglei Nie) - macsec: always read MACSEC_SA_ATTR_PN as a u64 (Sabrina Dubroca) - macsec: limit replay window size with XPN (Sabrina Dubroca) - macsec: fix error message in macsec_add_rxsa and _txsa (Sabrina Dubroca) - macsec: fix NULL deref in macsec_add_rxsa (Sabrina Dubroca) - Documentation: fix sctp_wmem in ip-sysctl.rst (Xin Long) - tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_autocorking. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_min_tso_segs. (Kuniyuki Iwashima) - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (Liang He) - net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii (Vladimir Oltean) - igmp: Fix data-races around sysctl_igmp_qrv. (Kuniyuki Iwashima) - net/tls: Remove the context from the list in tls_device_down (Maxim Mikityanskiy) - ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr (Ziyang Xuan) - net: ping6: Fix memleak in ipv6_renew_options(). (Kuniyuki Iwashima) - scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown (David Jeffery) - tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_limit_output_bytes. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_moderate_rcvbuf. (Kuniyuki Iwashima) - octeontx2-pf: Fix UDP/TCP src and dst port tc filters (Subbaraya Sundeep) - Revert 'tcp: change pingpong threshold to 3' (Wei Wang) - scsi: ufs: host: Hold reference returned by of_parse_phandle() (Liang He) - ice: do not setup vlan for loopback VSI (Maciej Fijalkowski) - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (Maciej Fijalkowski) - tcp: Fix data-races around sysctl_tcp_no_ssthresh_metrics_save. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_nometrics_save. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_frto. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_adv_win_scale. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_app_win. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_dsack. (Kuniyuki Iwashima) - watch_queue: Fix missing locking in add_watch_to_object() (Linus Torvalds) - watch_queue: Fix missing rcu annotation (David Howells) - drm/simpledrm: Fix return type of simpledrm_simple_display_pipe_mode_valid() (Nathan Chancellor) - nouveau/svm: Fix to migrate all requested pages (Alistair Popple) - s390/archrandom: prevent CPACF trng invocations in interrupt context (Harald Freudenberger) - asm-generic: remove a broken and needless ifdef conditional (Lukas Bulwahn) - hugetlb: fix memoryleak in hugetlb_mcopy_atomic_pte (Miaohe Lin) - mm: fix page leak with multiple threads mapping the same page (Josef Bacik) - secretmem: fix unhandled fault in truncate (Mike Rapoport) - fs: sendfile handles O_NONBLOCK of out_fd (Andrei Vagin) - ntfs: fix use-after-free in ntfs_ucsncmp() (ChenXiaoSong) - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (Luiz Augusto von Dentz) - LTS version: v5.15.58 (Jack Vogel) - drm/amd/display: Fix wrong format specifier in amdgpu_dm.c (Hayden Goodfellow) - x86/entry_32: Fix segment exceptions (Peter Zijlstra) - drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq() (Dan Carpenter) - x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (Jan Beulich) - KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (Maxim Levitsky) - x86/extable: Prefer local labels in .set directives (Nick Desaulniers) - drm/amd/display: invalid parameter check in dmub_hpd_callback (Jose Exposito) - drm/amd/display: Don't lock connection_mutex for DMUB HPD (Nicholas Kazlauskas) - watch-queue: remove spurious double semicolon (Linus Torvalds) - net: usb: ax88179_178a needs FLAG_SEND_ZLP (Jose Alonso) - tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() (Jiri Slaby) - tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() (Jiri Slaby) - tty: drop tty_schedule_flip() (Jiri Slaby) - tty: the rest, stop using tty_schedule_flip() (Jiri Slaby) - tty: drivers/tty/, stop using tty_schedule_flip() (Jiri Slaby) - watchqueue: make sure to serialize 'wqueue->defunct' properly (Linus Torvalds) - drm/amd/display: Fix surface optimization regression on Carrizo (Nicholas Kazlauskas) - drm/amd/display: Optimize bandwidth on following fast update (Nicholas Kazlauskas) - drm/amd/display: Reset DMCUB before HW init (Nicholas Kazlauskas) - exfat: use updated exfat_chain directly during renaming (Sungjong Seo) - Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (Luiz Augusto von Dentz) - Bluetooth: SCO: Fix sco_send_frame returning skb->len (Luiz Augusto von Dentz) - Bluetooth: Fix passing NULL to PTR_ERR (Luiz Augusto von Dentz) - Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (Luiz Augusto von Dentz) - Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (Luiz Augusto von Dentz) - Bluetooth: Add bt_skb_sendmmsg helper (Luiz Augusto von Dentz) - Bluetooth: Add bt_skb_sendmsg helper (Luiz Augusto von Dentz) - um: virtio_uml: Fix broken device handling in time-travel (Johannes Berg) - um: virtio_uml: Allow probing from devicetree (Vincent Whitchurch) - tracing: Fix return value of trace_pid_write() (Wonhyuk Yang) - tracing: Place trace_pid_list logic into abstract functions (Steven Rostedt (VMware)) - tracing: Have event format check not flag %p* on __get_dynamic_array() (Steven Rostedt (Google)) - exfat: fix referencing wrong parent directory information after renaming (Yuezhang Mo) - crypto: qat - re-enable registration of algorithms (Giovanni Cabiddu) - crypto: qat - add param check for DH (Giovanni Cabiddu) - crypto: qat - add param check for RSA (Giovanni Cabiddu) - crypto: qat - remove dma_free_coherent() for DH (Giovanni Cabiddu) - crypto: qat - remove dma_free_coherent() for RSA (Giovanni Cabiddu) - crypto: qat - fix memory leak in RSA (Giovanni Cabiddu) - crypto: qat - add backlog mechanism (Giovanni Cabiddu) - crypto: qat - refactor submission logic (Giovanni Cabiddu) - crypto: qat - use pre-allocated buffers in datapath (Giovanni Cabiddu) - crypto: qat - set to zero DH parameters before free (Giovanni Cabiddu) - iwlwifi: fw: uefi: add missing include guards (Johannes Berg) - mt76: fix use-after-free by removing a non-RCU wcid pointer (Felix Fietkau) - xhci: Set HCD flag to defer primary roothub registration (Kishon Vijay Abraham I) - xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit (Mathias Nyman) - xhci: dbc: create and remove dbc structure in dbgtty driver. (Mathias Nyman) - xhci: dbc: refactor xhci_dbc_init() (Mathias Nyman) - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (Sean Christopherson) - x86/extable: Extend extable functionality (Peter Zijlstra) - x86/entry_32: Remove .fixup usage (Peter Zijlstra) - bitfield.h: Fix 'type of reg too small for mask' test (Peter Zijlstra) - x86/extable: Provide EX_TYPE_DEFAULT_MCE_SAFE and EX_TYPE_FAULT_MCE_SAFE (Thomas Gleixner) - x86/extable: Rework the exception table mechanics (Thomas Gleixner) - x86/mce: Deduplicate exception handling (Thomas Gleixner) - x86/extable: Get rid of redundant macros (Thomas Gleixner) - x86/extable: Tidy up redundant handler functions (Thomas Gleixner) - x86/uaccess: Implement macros for CMPXCHG on user addresses (Peter Zijlstra) - dlm: fix pending remove if msg allocation fails (Alexander Aring) - sched/deadline: Fix BUG_ON condition for deboosted tasks (Juri Lelli) - bpf: Make sure mac_header was set before using it (Eric Dumazet) - mm/mempolicy: fix uninit-value in mpol_rebind_policy() (Wang Cheng) - KVM: Don't null dereference ops->destroy (Alexey Kardashevskiy) - spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers (Marc Kleine-Budde) - KVM: selftests: Fix target thread to be migrated in rseq_test (Gavin Shan) - gpio: gpio-xilinx: Fix integer overflow (Srinivas Neeli) - tcp: Fix data-races around sysctl_tcp_max_reordering. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_abort_on_overflow. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_rfc1337. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_stdurg. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_retrans_collapse. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_slow_start_after_idle. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_recovery. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_early_retrans. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl knobs related to SYN option. (Kuniyuki Iwashima) - udp: Fix a data-race around sysctl_udp_l3mdev_accept. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_prot_sock. (Kuniyuki Iwashima) - ipv4: Fix data-races around sysctl_fib_multipath_hash_fields. (Kuniyuki Iwashima) - ipv4: Fix data-races around sysctl_fib_multipath_hash_policy. (Kuniyuki Iwashima) - ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh. (Kuniyuki Iwashima) - drm/imx/dcss: Add missing of_node_put() in fail path (Liang He) - net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (Oleksij Rempel) - net: dsa: sja1105: silent spi_device_id warnings (Oleksij Rempel) - be2net: Fix buffer overflow in be_get_module_eeprom (Hristo Venev) - gpio: pca953x: use the correct register address when regcache sync during init (Haibo Chen) - gpio: pca953x: use the correct range when do regmap sync (Haibo Chen) - gpio: pca953x: only use single read/write for No AI mode (Haibo Chen) - net: stmmac: remove redunctant disable xPCS EEE call (Wong Vee Khee) - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (Piotr Skajewski) - i40e: Fix erroneous adapter reinitialization during recovery process (Dawid Lukwinski) - pinctrl: armada-37xx: use raw spinlocks for regmap to avoid invalid wait context (Vladimir Oltean) - pinctrl: armada-37xx: Convert to use dev_err_probe() (Andy Shevchenko) - pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource() (Andy Shevchenko) - pinctrl: armada-37xx: Use temporary variable for struct device (Andy Shevchenko) - iavf: Fix handling of dummy receive descriptors (Przemyslaw Patynowski) - tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_fastopen. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_max_syn_backlog. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_tw_reuse. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_notsent_lowat. (Kuniyuki Iwashima) - tcp: Fix data-races around some timeout sysctl knobs. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_reordering. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_migrate_req. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_syncookies. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_syn(ack)?_retries. (Kuniyuki Iwashima) - tcp: Fix data-races around keepalive sysctl knobs. (Kuniyuki Iwashima) - igmp: Fix data-races around sysctl_igmp_max_msf. (Kuniyuki Iwashima) - igmp: Fix a data-race around sysctl_igmp_max_memberships. (Kuniyuki Iwashima) - igmp: Fix data-races around sysctl_igmp_llm_reports. (Kuniyuki Iwashima) - net/tls: Fix race in TLS device down flow (Tariq Toukan) - net: stmmac: fix dma queue left shift overflow issue (Junxiao Chang) - perf tests: Fix Convert perf time to TSC test for hybrid (Adrian Hunter) - i2c: cadence: Change large transfer count reset logic to be unconditional (Robert Hancock) - i2c: mlxcpld: Fix register setting for 400KHz frequency (Vadim Pasternak) - net: ipv4: use kfree_skb_reason() in ip_rcv_finish_core() (Menglong Dong) - net: ipv4: use kfree_skb_reason() in ip_rcv_core() (Menglong Dong) - net: netfilter: use kfree_drop_reason() for NF_DROP (Menglong Dong) - net: skb_drop_reason: add document for drop reasons (Menglong Dong) - net: socket: rename SKB_DROP_REASON_SOCKET_FILTER (Menglong Dong) - net: skb: use kfree_skb_reason() in __udp4_lib_rcv() (Menglong Dong) - net: skb: use kfree_skb_reason() in tcp_v4_rcv() (Menglong Dong) - net: skb: introduce kfree_skb_reason() (Menglong Dong) - net: dsa: microchip: ksz_common: Fix refcount leak bug (Liang He) - mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times (Sascha Hauer) - mtd: rawnand: gpmi: validate controller clock rate (Dario Binacchi) - net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (Biao Huang) - net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (Biao Huang) - tcp: Fix a data-race around sysctl_tcp_probe_interval. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_probe_threshold. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_min_snd_mss. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_base_mss. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_mtu_probing. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_l3mdev_accept. (Kuniyuki Iwashima) - tcp: sk->sk_bound_dev_if once in inet_request_bound_dev_if() (Eric Dumazet) - tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. (Kuniyuki Iwashima) - ip: Fix a data-race around sysctl_fwmark_reflect. (Kuniyuki Iwashima) - ip: Fix a data-race around sysctl_ip_autobind_reuse. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_nonlocal_bind. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_fwd_update_priority. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_fwd_use_pmtu. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_no_pmtu_disc. (Kuniyuki Iwashima) - igc: Reinstate IGC_REMOVED logic and implement it properly (Lennert Buytenhek) - Revert 'e1000e: Fix possible HW unit hang after an s0ix exit' (Sasha Neftin) - e1000e: Enable GPT clock before sending message to CSME (Sasha Neftin) - nvme: fix block device naming collision (Israel Rukshin) - nvme: check for duplicate identifiers earlier (Christoph Hellwig) - scsi: ufs: core: Drop loglevel of WriteBoost message (Bjorn Andersson) - scsi: megaraid: Clear READ queue map's nr_queues (Ming Lei) - drm/amd/display: Ignore First MST Sideband Message Return Error (Fangzhi Zuo) - drm/amdgpu/display: add quirk handling for stutter mode (Alex Deucher) - drm/amd/display: Fork thread to offload work of hpd_rx_irq (Wayne Lin) - drm/amd/display: Add option to defer works of hpd_rx_irq (Wayne Lin) - drm/amd/display: Support for DMUB HPD interrupt handling (Jude Shih) - tcp: Fix data-races around sysctl_tcp_ecn. (Kuniyuki Iwashima) - sysctl: move some boundary constants from sysctl.c to sysctl_vals (Xiaoming Ni) - mm/pagealloc: sysctl: change watermark_scale_factor max limit to 30% (Suren Baghdasaryan) - net: tun: split run_ebpf_filter() and pskb_trim() into different 'if statement' (Dongli Zhang) - ipv4/tcp: do not use per netns ctl sockets (Eric Dumazet) - perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (Peter Zijlstra) - pinctrl: ralink: Check for null return of devm_kcalloc (William Dean) - pinctrl: ralink: rename pinctrl-rt2880 to pinctrl-ralink (Arinc UNAL) - pinctrl: ralink: rename MT7628(an) functions to MT76X8 (Arinc UNAL) - RDMA/irdma: Fix sleep from invalid context BUG (Mustafa Ismail) - RDMA/irdma: Do not advertise 1GB page size for x722 (Mustafa Ismail) - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (Miaoqian Lin) - xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() (Hangyu Hua) - ip: Fix data-races around sysctl_ip_default_ttl. (Kuniyuki Iwashima) - r8152: fix a WOL issue (Hayes Wang) - xfs: fix perag reference leak on iteration race with growfs (Brian Foster) - xfs: terminate perag iteration reliably on agcount (Brian Foster) - xfs: rename the next_agno perag iteration variable (Brian Foster) - xfs: fold perag loop iteration logic into helper function (Brian Foster) - xfs: fix maxlevels comparisons in the btree staging code (Darrick J. Wong) - mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (Christophe JAILLET) - mt76: mt7921e: fix possible probe failure after reboot (Sean Wang) - mt76: mt7921: use physical addr to unify register access (Sean Wang) - Revert 'mt76: mt7921e: fix possible probe failure after reboot' (Sean Wang) - Revert 'mt76: mt7921: Fix the error handling path of mt7921_pci_probe()' (Sean Wang) - batman-adv: Use netif_rx_any_context() any. (Sebastian Andrzej Siewior) - serial: mvebu-uart: correctly report configured baudrate value (Pali Rohar) - PCI: hv: Fix interrupt mapping for multi-MSI (Jeffrey Hugo) - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (Jeffrey Hugo) - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (Jeffrey Hugo) - PCI: hv: Fix multi-MSI to allow more than one MSI vector (Jeffrey Hugo) - Revert 'selftest/vm: verify mmap addr in mremap_test' (Oleksandr Tymoshenko) - Revert 'selftest/vm: verify remap destination address in mremap_test' (Oleksandr Tymoshenko) - bus: mhi: host: pci_generic: add Telit FN990 (Daniele Palmas) - bus: mhi: host: pci_generic: add Telit FN980 v1 hardware revision (Daniele Palmas) - drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (Christian Konig) - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (Ido Schimmel) - riscv: add as-options for modules with assembly compontents (Ben Dooks) - pinctrl: stm32: fix optional IRQ support to gpios (Fabien Dessenne) - LTS version: v5.15.57 (Jack Vogel) - x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds (Peter Zijlstra) - um: Add missing apply_returns() (Peter Zijlstra) - x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (Jiri Slaby) - x86/xen: Fix initialisation in hypercall_page after rethunk (Ben Hutchings) - x86/static_call: Serialize __static_call_fixup() properly (Thomas Gleixner) - x86/speculation: Disable RRSBA behavior (Pawan Gupta) - x86/kexec: Disable RET on kexec (Konrad Rzeszutek Wilk) - x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) - x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry (Peter Zijlstra) - x86/bugs: Add Cannon lake to RETBleed affected CPU list (Pawan Gupta) - x86/retbleed: Add fine grained Kconfig knobs (Peter Zijlstra) - objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (Josh Poimboeuf) - objtool: Add entry UNRET validation (Peter Zijlstra) - x86/xen: Add UNTRAIN_RET (Peter Zijlstra) - intel_idle: Disable IBRS during long idle (Peter Zijlstra) - x86: Add magic AMD return-thunk (Peter Zijlstra) - x86/entry: Avoid very early RET (Peter Zijlstra) - x86/ftrace: Use alternative RET encoding (Peter Zijlstra) - objtool: skip non-text sections when adding return-thunk sites (Thadeu Lima de Souza Cascardo) - bpf,x86: Respect X86_FEATURE_RETPOLINE* (Peter Zijlstra) - bpf,x86: Simplify computing label offsets (Peter Zijlstra) - x86/alternative: Add debug prints to apply_retpolines() (Peter Zijlstra) - x86/alternative: Try inline spectre_v2=retpoline,amd (Peter Zijlstra) - x86/alternative: Handle Jcc __x86_indirect_thunk_ eg (Peter Zijlstra) - x86/alternative: Implement .retpoline_sites support (Peter Zijlstra) - x86/retpoline: Create a retpoline thunk array (Peter Zijlstra) - x86/retpoline: Move the retpoline thunk declarations to nospec-branch.h (Peter Zijlstra) - x86/asm: Fixup odd GEN-for-each-reg.h usage (Peter Zijlstra) - x86/asm: Fix register order (Peter Zijlstra) - x86/retpoline: Remove unused replacement symbols (Peter Zijlstra) - objtool: Introduce CFI hash (Peter Zijlstra) - objtool,x86: Replace alternatives with .retpoline_sites (Peter Zijlstra) - objtool: Shrink struct instruction (Peter Zijlstra) - objtool: Explicitly avoid self modifying code in .altinstr_replacement (Peter Zijlstra) - objtool: Fix SLS validation for kcov tail-call replacement (Peter Zijlstra) - objtool: Classify symbols (Peter Zijlstra) - x86/entry: Don't call error_entry() for XENPV (Lai Jiangshan) - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (Lai Jiangshan) - x86/entry: Switch the stack after error_entry() returns (Lai Jiangshan) - x86/traps: Use pt_regs directly in fixup_bad_iret() (Lai Jiangshan) - LTS version: v5.15.56 (Jack Vogel) - drm/aperture: Run fbdev removal before internal helpers (Thomas Zimmermann) - x86/pat: Fix x86_has_pat_wp() (Juergen Gross) - serial: 8250: Fix PM usage_count for console handover (Ilpo Jarvinen) - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (Ilpo Jarvinen) - serial: stm32: Clear prev values before setting RTS delays (Ilpo Jarvinen) - serial: 8250: fix return error code in serial8250_request_std_resource() (Yi Yang) - vt: fix memory overlapping when deleting chars in the buffer (Yangxi Xiang) - tty: serial: samsung_tty: set dma burst_size to 1 (Chanho Park) - usb: dwc3: gadget: Fix event pending check (Thinh Nguyen) - usb: typec: add missing uevent when partner support PD (Linyu Yuan) - USB: serial: ftdi_sio: add Belimo device ids (Lucien Buchmann) - signal handling: don't use BUG_ON() for debugging (Linus Torvalds) - nvme-pci: phison e16 has bogus namespace ids (Keith Busch) - ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0) (Egor Vorontsov) - ALSA: usb-audio: Add quirk for Fiero SC-01 (Egor Vorontsov) - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (John Veness) - Revert 'can: xilinx_can: Limit CANFD brp to 2' (Srinivas Neeli) - ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 (Gabriel Fernandez) - soc: ixp4xx/npe: Fix unused match warning (Linus Walleij) - x86: Clear .brk area at early boot (Juergen Gross) - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (Stafford Horne) - ASoC: madera: Fix event generation for rate controls (Charles Keepax) - ASoC: madera: Fix event generation for OUT1 demux (Charles Keepax) - ASoC: cs47l15: Fix event generation for low power mux control (Charles Keepax) - ASoC: dapm: Initialise kcontrol data for mux/demux controls (Charles Keepax) - ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error (Shuming Fan) - ASoC: wm5110: Fix DRE control (Charles Keepax) - ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem (Hans de Goede) - ASoC: wcd938x: Fix event generation for some controls (Mark Brown) - ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow (Peter Ujfalusi) - ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe (Pierre-Louis Bossart) - ASoC: rt7*-sdw: harden jack_detect_handler (Pierre-Louis Bossart) - ASoC: rt711: fix calibrate mutex initialization (Pierre-Louis Bossart) - ASoC: Intel: sof_sdw: handle errors on card registration (Pierre-Louis Bossart) - ASoC: rt711-sdca-sdw: fix calibrate mutex initialization (Pierre-Louis Bossart) - ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove (Pierre-Louis Bossart) - pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux() (Haowen Bai) - ASoC: ops: Fix off by one in range control validation (Mark Brown) - net: sfp: fix memory leak in sfp_probe() (Jianglei Nie) - nvme: fix regression when disconnect a recovering ctrl (Ruozhu Li) - nvme-tcp: always fail a request when sending it failed (Sagi Grimberg) - NFC: nxp-nci: don't print header length mismatch on i2c error (Michael Walle) - net: tipc: fix possible refcount leak in tipc_sk_create() (Hangyu Hua) - fbdev: Disable sysfb device registration when removing conflicting FBs (Javier Martinez Canillas) - firmware: sysfb: Add sysfb_disable() helper function (Javier Martinez Canillas) - firmware: sysfb: Make sysfb_create_simplefb() return a pdev pointer (Javier Martinez Canillas) - platform/x86: hp-wmi: Ignore Sanitization Mode event (Kai-Heng Feng) - cpufreq: pmac32-cpufreq: Fix refcount leak bug (Liang He) - scsi: hisi_sas: Limit max hw sectors for v3 HW (John Garry) - netfilter: br_netfilter: do not skip all hooks with 0 priority (Florian Westphal) - virtio_mmio: Restore guest page size on resume (Stephan Gerhold) - virtio_mmio: Add missing PM calls to freeze/restore (Stephan Gerhold) - vduse: Tie vduse mgmtdev and its device (Parav Pandit) - vdpa/mlx5: Initialize CVQ vringh only once (Eli Cohen) - powerpc/xive/spapr: correct bitmap allocation size (Nathan Lynch) - ksmbd: use SOCK_NONBLOCK type for kernel_accept() (Namjae Jeon) - btrfs: zoned: fix a leaked bioc in read_zone_info (Christoph Hellwig) - btrfs: rename btrfs_bio to btrfs_io_context (Qu Wenruo) - mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE (Muchun Song) - ACPI: video: Fix acpi_video_handles_brightness_key_presses() (Hans de Goede) - net/tls: Check for errors in tls_device_init (Tariq Toukan) - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (Vitaly Kuznetsov) - net: atlantic: remove aq_nic_deinit() when resume (Chia-Lin Kao (AceLan)) - net: atlantic: remove deep parameter on suspend/resume functions (Chia-Lin Kao (AceLan)) - sfc: fix kernel panic when creating VF (Inigo Huguet) - seg6: bpf: fix skb checksum in bpf_push_seg6_encap() (Andrea Mayer) - seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors (Andrea Mayer) - seg6: fix skb checksum evaluation in SRH encapsulation/insertion (Andrea Mayer) - ceph: switch netfs read ops to use rreq->inode instead of rreq->mapping->host (Jeff Layton) - sfc: fix use after free when disabling sriov (Inigo Huguet) - drm/amd/pm: Prevent divide by zero (Yefim Barashkin) - drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines. (Mario Kleiner) - ima: Fix potential memory leak in ima_init_crypto() (Jianglei Nie) - ima: force signature verification when CONFIG_KEXEC_SIG is configured (Coiby Xu) - net: stmmac: fix leaks in probe (Dan Carpenter) - net: ftgmac100: Hold reference returned by of_get_child_by_name() (Liang He) - nexthop: Fix data-races around nexthop_compat_mode. (Kuniyuki Iwashima) - ipv4: Fix data-races around sysctl_ip_dynaddr. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_ecn_fallback. (Kuniyuki Iwashima) - raw: Fix a data-race around sysctl_raw_l3mdev_accept. (Kuniyuki Iwashima) - icmp: Fix a data-race around sysctl_icmp_ratemask. (Kuniyuki Iwashima) - icmp: Fix a data-race around sysctl_icmp_ratelimit. (Kuniyuki Iwashima) - icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr. (Kuniyuki Iwashima) - icmp: Fix a data-race around sysctl_icmp_ignore_bogus_error_responses. (Kuniyuki Iwashima) - icmp: Fix data-races around sysctl_icmp_echo_enable_probe. (Kuniyuki Iwashima) - sysctl: Fix data-races in proc_dointvec_ms_jiffies(). (Kuniyuki Iwashima) - sysctl: Fix data-races in proc_dou8vec_minmax(). (Kuniyuki Iwashima) - bnxt_en: Fix bnxt_refclk_read() (Pavan Chebbi) - bnxt_en: Fix bnxt_reinit_after_abort() code path (Michael Chan) - drm/i915: Require the vm mutex for i915_vma_bind() (Thomas Hellstrom) - drm/i915/uc: correctly track uc_fw init failure (Daniele Ceraolo Spurio) - drm/i915/gt: Serialize TLB invalidates with GT resets (Chris Wilson) - drm/i915/gt: Serialize GRDOM access between multiple engine resets (Chris Wilson) - drm/i915/dg2: Add Wa_22011100796 (Bruce Chang) - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (Dan Carpenter) - tracing: Fix sleeping while atomic in kdb ftdump (Douglas Anderson) - lockd: fix nlm_close_files (Jeff Layton) - lockd: set fl_owner when unlocking files (Jeff Layton) - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (Demi Marie Obenour) - drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist() (Dan Carpenter) - netfilter: nf_tables: replace BUG_ON by element length check (Pablo Neira Ayuso) - netfilter: nf_log: incorrect offset to network header (Pablo Neira Ayuso) - arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot (William Zhang) - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (William Zhang) - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (Michal Suchanek) - ARM: dts: at91: sama5d2: Fix typo in i2s1 node (Ryan Wanner) - ipv4: Fix a data-race around sysctl_fib_sync_mem. (Kuniyuki Iwashima) - icmp: Fix data-races around sysctl. (Kuniyuki Iwashima) - cipso: Fix data-races around sysctl. (Kuniyuki Iwashima) - net: Fix data-races around sysctl_mem. (Kuniyuki Iwashima) - inetpeer: Fix data-races around sysctl. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_max_orphans. (Kuniyuki Iwashima) - sysctl: Fix data races in proc_dointvec_jiffies(). (Kuniyuki Iwashima) - sysctl: Fix data races in proc_doulongvec_minmax(). (Kuniyuki Iwashima) - sysctl: Fix data races in proc_douintvec_minmax(). (Kuniyuki Iwashima) - sysctl: Fix data races in proc_dointvec_minmax(). (Kuniyuki Iwashima) - sysctl: Fix data races in proc_douintvec(). (Kuniyuki Iwashima) - sysctl: Fix data races in proc_dointvec(). (Kuniyuki Iwashima) - net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (Siddharth Vadapalli) - net: stmmac: dwc-qos: Disable split header for Tegra194 (Jon Hunter) - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (Peter Ujfalusi) - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (Peter Ujfalusi) - ASoC: tas2764: Fix amp gain register offset & default (Hector Martin) - ASoC: tas2764: Correct playback volume range (Hector Martin) - ASoC: tas2764: Fix and extend FSYNC polarity handling (Martin Poviser) - ASoC: tas2764: Add post reset delays (Martin Poviser) - ASoC: sgtl5000: Fix noise on shutdown/remove (Francesco Dolcini) - ima: Fix a potential integer overflow in ima_appraise_measurement (Huaxin Lu) - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (Hangyu Hua) - net/mlx5e: Ring the TX doorbell on DMA errors (Maxim Mikityanskiy) - net/mlx5e: Fix capability check for updating vnic env counters (Gal Pressman) - net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (Paul Blakey) - net/mlx5e: kTLS, Fix build time constant test in RX (Tariq Toukan) - net/mlx5e: kTLS, Fix build time constant test in TX (Tariq Toukan) - ARM: 9210/1: Mark the FDT_FIXED sections as shareable (Zhen Lei) - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (Ard Biesheuvel) - spi: amd: Limit max transfer and message size (Cristian Ciocaltea) - ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (Kris Bahnsen) - reset: Fix devm bulk optional exclusive control getter (Serge Semin) - xfs: drop async cache flushes from CIL commits. (Dave Chinner) - xfs: don't include bnobt blocks when reserving free block pool (Darrick J. Wong) - Revert 'evm: Fix memleak in init_desc' (Xiu Jianfeng) - sh: convert nommu io{re,un}map() to static inline functions (Geert Uytterhoeven) - nilfs2: fix incorrect masking of permission flags for symlinks (Ryusuke Konishi) - fs/remap: constrain dedupe of EOF blocks (Dave Chinner) - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (Dmitry Osipenko) - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (Dmitry Osipenko) - btrfs: return -EAGAIN for NOWAIT dio reads/writes on compressed and inline extents (Filipe Manana) - cgroup: Use separate src/dst nodes when preloading css_sets for migration (Tejun Heo) - wifi: mac80211: fix queue selection for mesh/OCB interfaces (Felix Fietkau) - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (Ard Biesheuvel) - ARM: 9213/1: Print message about disabled Spectre workarounds only once (Dmitry Osipenko) - ip: fix dflt addr selection for connected nexthop (Nicolas Dichtel) - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (Steven Rostedt (Google)) - tracing/histograms: Fix memory leak problem (Zheng Yejian) - mm: split huge PUD on wp_huge_pud fallback (Gowans, James) - mm: userfaultfd: fix UFFDIO_CONTINUE on fallocated shmem pages (Axel Rasmussen) - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (Juergen Gross) - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (Meng Tang) - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (Meng Tang) - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (Jeremy Szu) - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (Meng Tang) - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (Meng Tang) - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (Meng Tang) - ALSA: hda - Add fixup for Dell Latitidue E5430 (Meng Tang) - LTS version: v5.15.55 (Jack Vogel) - Revert 'mtd: rawnand: gpmi: Fix setting busy timeout setting' (Greg Kroah-Hartman) - LTS version: v5.15.54 (Jack Vogel) - selftests/net: fix section name when using xdp_dummy.o (Hangbin Liu) - dmaengine: idxd: force wq context cleanup on device disable path (Dave Jiang) - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (Miaoqian Lin) - dmaengine: qcom: bam_dma: fix runtime PM underflow (Caleb Connolly) - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (Miaoqian Lin) - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (Michael Walle) - dmaengine: lgm: Fix an error handling path in intel_ldma_probe() (Christophe JAILLET) - dmaengine: pl330: Fix lockdep warning about non-static key (Dmitry Osipenko) - ida: don't use BUG_ON() for debugging (Linus Torvalds) - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (Samuel Holland) - Revert 'serial: 8250_mtk: Make sure to select the right FEATURE_SEL' (AngeloGioacchino Del Regno) - Revert 'mm/memory-failure.c: fix race with changing page compound again' (Naoya Horiguchi) - misc: rtsx_usb: set return value in rsp_buf alloc err path (Shuah Khan) - misc: rtsx_usb: use separate command and response buffers (Shuah Khan) - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (Shuah Khan) - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (Peter Robinson) - i2c: cadence: Unregister the clk notifier in error path (Satish Nagireddy) - r8169: fix accessing unset transport header (Heiner Kallweit) - selftests: forwarding: fix error message in learning_test (Vladimir Oltean) - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (Vladimir Oltean) - selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (Vladimir Oltean) - ibmvnic: Properly dispose of all skbs during a failover. (Rick Lindsley) - ARM: dts: stm32: add missing usbh clock and fix clk order on stm32mp15 (Fabrice Gasnier) - ARM: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on stm32mp151 (Amelie Delaunay) - i40e: Fix VF's MAC Address change on VM (Norbert Zulinski) - i40e: Fix dropped jumbo frames statistics (Lukasz Cieplicki) - i2c: piix4: Fix a memory leak in the EFCH MMIO support (Jean Delvare) - xsk: Clear page contiguity bit when unmapping pool (Ivan Malov) - ARM: at91: fix soc detection for SAM9X60 SiPs (Mihai Sain) - ARM: dts: at91: sama5d2_icp: fix eeprom compatibles (Eugen Hristev) - ARM: dts: at91: sam9x60ek: fix eeprom compatible and size (Eugen Hristev) - ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt (Claudiu Beznea) - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (Claudiu Beznea) - ARM: at91: pm: use proper compatible for sama5d2's rtc (Claudiu Beznea) - arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo (Stephan Gerhold) - pinctrl: sunxi: sunxi_pconf_set: use correct offset (Andrei Lalaev) - arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc settings (Peng Fan) - arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad settings (Peng Fan) - arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad settings (Peng Fan) - arm64: dts: imx8mp-evk: correct I2C3 pad settings (Peng Fan) - arm64: dts: imx8mp-evk: correct I2C1 pad settings (Peng Fan) - arm64: dts: imx8mp-evk: correct eqos pad settings (Peng Fan) - arm64: dts: imx8mp-evk: correct vbus pad settings (Peng Fan) - arm64: dts: imx8mp-evk: correct gpio-led pad settings (Peng Fan) - arm64: dts: imx8mp-evk: correct the uart2 pinctl value (Sherry Sun) - arm64: dts: imx8mp-evk: correct mmc pad settings (Peng Fan) - ARM: mxs_defconfig: Enable the framebuffer (Fabio Estevam) - arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node (Dmitry Baryshkov) - arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (Konrad Dybcio) - ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect (Pierre-Louis Bossart) - ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver (Charles Keepax) - ASoC: rt711: Add endianness flag in snd_soc_component_driver (Charles Keepax) - pinctrl: sunxi: a83t: Fix NAND function name for some pins (Samuel Holland) - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (Miaoqian Lin) - tty: n_gsm: fix encoding of command/response bit (daniel.starke@siemens.com) - btrfs: fix use of uninitialized variable at rm device ioctl (Tom Rix) - virtio-blk: modify the value type of num in virtio_queue_rq() (Ye Guojin) - btrfs: fix error pointer dereference in btrfs_ioctl_rm_dev_v2() (Dan Carpenter) - Revert 'serial: sc16is7xx: Clear RS485 bits in the shutdown' (Hui Wang) - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (Jimmy Assarsson) - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (Jimmy Assarsson) - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (Jimmy Assarsson) - net: dsa: qca8k: reset cpu port on MTU change (Christian Marangi) - powerpc/powernv: delay rng platform device creation until later in boot (Jason A. Donenfeld) - video: of_display_timing.h: include errno.h (Hsin-Yi Wang) - memregion: Fix memregion_free() fallback definition (Dan Williams) - PM: runtime: Redefine pm_runtime_release_supplier() (Rafael J. Wysocki) - fbcon: Prevent that screen size is smaller than font size (Helge Deller) - fbcon: Disallow setting font bigger than screen size (Helge Deller) - fbmem: Check virtual screen sizes in fb_set_var() (Helge Deller) - fbdev: fbmem: Fix logo center image dx issue (Guiling Deng) - iommu/vt-d: Fix PCI bus rescan device hot add (Yian Chen) - module: fix [e_shstrndx].sh_size=0 OOB access (Alexey Dobriyan) - module: change to print useful messages from elf_validity_check() (Shuah Khan) - dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible (Bryan O'Donoghue) - dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC (Vladimir Lypak) - rxrpc: Fix locking issue (David Howells) - irqchip/gic-v3: Refactor ISB + EOIR at ack time (Mark Rutland) - irqchip/gic-v3: Ensure pseudo-NMIs have an ISB between ack and handling (Mark Rutland) - io_uring: avoid io-wq -EAGAIN looping for !IOPOLL (Pavel Begunkov) - Bluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event (Sean Wang) - Bluetooth: protect le accept and resolv lists with hdev->lock (Niels Dossche) - drm/mediatek: Add vblank register/unregister callback functions (Rex-BC Chen) - drm/mediatek: Add cmdq_handle in mtk_crtc (Chun-Kuang Hu) - drm/mediatek: Detect CMDQ execution timeout (Chun-Kuang Hu) - drm/mediatek: Remove the pointer of struct cmdq_client (Chun-Kuang Hu) - drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb (Chun-Kuang Hu) - drm/i915: Fix a race between vma / object destruction and unbinding (Thomas Hellstrom) - drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems (Richard Gong) - drm/amd: Refactor amdgpu_aspm to be evaluated per device (Mario Limonciello) - tty: n_gsm: fix invalid gsmtty_write_room() result (Daniel Starke) - serial: 8250_mtk: Make sure to select the right FEATURE_SEL (AngeloGioacchino Del Regno) - tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (Daniel Starke) - tty: n_gsm: fix invalid use of MSC in advanced option (Daniel Starke) - mm/hwpoison: fix race between hugetlb free/demotion and memory_failure_hugetlb() (Naoya Horiguchi) - mm/memory-failure.c: fix race with changing page compound again (Miaohe Lin) - mm/hwpoison: avoid the impact of hwpoison_filter() return value on mce handler (luofei) - mm/hwpoison: mf_mutex for soft offline and unpoison (Naoya Horiguchi) - KVM: Initialize debugfs_dentry when a VM is created to avoid NULL deref (Sean Christopherson) - btrfs: zoned: use dedicated lock for data relocation (Naohiro Aota) - btrfs: zoned: encapsulate inode locking for zoned relocation (Johannes Thumshirn) - tty: n_gsm: fix missing update of modem controls after DLCI open (Daniel Starke) - ALSA: usb-audio: add mapping for MSI MAG X570S Torpedo MAX. (Maurizio Avogadro) - ALSA: usb-audio: add mapping for MSI MPG X570S Carbon Max Wifi. (Johannes Schickel) - tty: n_gsm: fix frame reception handling (Daniel Starke) - tty: n_gsm: Save dlci address open status when config requester (Zhenguo Zhao) - tty: n_gsm: Modify CR,PF bit when config requester (Zhenguo Zhao) - KVM: Don't create VM debugfs files outside of the VM directory (Oliver Upton) - drm/amd/vcn: fix an error msg on vcn 3.0 (tiancyin) - ASoC: rt5682: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - ASoC: rt5682: move clk related code to rt5682_i2c_probe (Jack Yu) - uapi/linux/stddef.h: Add include guards (Tadeusz Struk) - stddef: Introduce DECLARE_FLEX_ARRAY() helper (Kees Cook) - bus: mhi: Fix pm_state conversion to string (Paul Davey) - bus: mhi: core: Use correctly sized arguments for bit field (Kees Cook) - serial: sc16is7xx: Clear RS485 bits in the shutdown (Hui Wang) - powerpc/tm: Fix more userspace r13 corruption (Nicholas Piggin) - powerpc: flexible GPR range save/restore macros (Nicholas Piggin) - powerpc/32: Don't use lmw/stmw for saving/restoring non volatile regs (Christophe Leroy) - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (Arun Easi) - KVM: s390x: fix SCK locking (Claudio Imbrenda) - btrfs: don't access possibly stale fs_info data in device_list_add (Dongliang Mu) - KVM: use __vcalloc for very large allocations (Paolo Bonzini) - mm: vmalloc: introduce array allocation functions (Paolo Bonzini) - Compiler Attributes: add __alloc_size() for better bounds checking (Kees Cook) - mtd: spi-nor: Skip erase logic when SPI_NOR_NO_ERASE is set (Tudor Ambarus) - batman-adv: Use netif_rx(). (Sebastian Andrzej Siewior) - iio: accel: mma8452: use the correct logic to get mma8452_data (Haibo Chen) - riscv/mm: Add XIP_FIXUP for riscv_pfn_base (Palmer Dabbelt) - NFSD: COMMIT operations must not return NFS?ERR_INVAL (Chuck Lever) - NFSD: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (Chuck Lever) - drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw (CHANDAN VURDIGERE NATARAJ) - drm/amd/display: Set min dcfclk if pipe count is 0 (Michael Strauss) - drbd: fix an invalid memory access caused by incorrect use of list iterator (Xiaomeng Tong) - drbd: Fix double free problem in drbd_create_device (Wu Bo) - drbd: add error handling support for add_disk() (Luis Chamberlain) - btrfs: remove device item and update super block in the same transaction (Qu Wenruo) - btrfs: use btrfs_get_dev_args_from_path in dev removal ioctls (Josef Bacik) - btrfs: add a btrfs_get_dev_args_from_path helper (Josef Bacik) - btrfs: handle device lookup with btrfs_dev_lookup_args (Josef Bacik) - vdpa/mlx5: Avoid processing works if workqueue was destroyed (Eli Cohen) - gfs2: Fix gfs2_file_buffered_write endless loop workaround (Andreas Gruenbacher) - scsi: qla2xxx: Fix crash during module load unload test (Arun Easi) - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (Quinn Tran) - scsi: qla2xxx: Fix laggy FC remote port session recovery (Quinn Tran) - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (Manish Rangankar) - KVM: x86/mmu: Use common TDP MMU zap helper for MMU notifier unmap hook (Sean Christopherson) - KVM: x86/mmu: Use yield-safe TDP MMU root iter in MMU notifier unmapping (Sean Christopherson) - clk: renesas: r9a07g044: Update multiplier and divider values for PLL2/3 (Lad Prabhakar) - cxl/port: Hold port reference until decoder release (Dan Williams) - mt76: mt7921: do not always disable fw runtime-pm (Lorenzo Bianconi) - mt76: mt76_connac: fix MCU_CE_CMD_SET_ROC definition error (Sean Wang) - media: davinci: vpif: fix use-after-free on driver unbind (Johan Hovold) - media: omap3isp: Use struct_group() for memcpy() region (Kees Cook) - stddef: Introduce struct_group() helper macro (Kees Cook) - block: fix rq-qos breakage from skipping rq_qos_done_bio() (Tejun Heo) - block: only mark bio as tracked if it really is tracked (Jens Axboe) - block: use bdev_get_queue() in bio.c (Pavel Begunkov) - io_uring: ensure that fsnotify is always called (Jens Axboe) - virtio-blk: avoid preallocating big SGL for data (Max Gurtovoy) - ibmvnic: Allow queueing resets during probe (Sukadev Bhattiprolu) - ibmvnic: clear fop when retrying probe (Sukadev Bhattiprolu) - ibmvnic: init init_done_rc earlier (Sukadev Bhattiprolu) - s390/setup: preserve memory at OLDMEM_BASE and OLDMEM_SIZE (Alexander Egorenkov) - s390/setup: use physical pointers for memblock_reserve() (Alexander Gordeev) - s390/boot: allocate amode31 section in decompressor (Alexander Gordeev) - netfilter: nft_payload: don't allow th access for fragments (Florian Westphal) - netfilter: nft_payload: support for inner header matching / mangling (Pablo Neira Ayuso) - netfilter: nf_tables: convert pktinfo->tprot_set to flags field (Pablo Neira Ayuso) - ASoC: rt5682: Fix deadlock on resume (Peter Ujfalusi) - ASoC: rt5682: Re-detect the combo jack after resuming (Derek Fang) - ASoC: rt5682: Avoid the unexpected IRQ event during going to suspend (Derek Fang) - net/mlx5e: TC, Reject rules with forward and drop actions (Roi Dayan) - net/mlx5e: TC, Reject rules with drop and modify hdr action (Roi Dayan) - net/mlx5e: Split actions_match_supported() into a sub function (Roi Dayan) - net/mlx5e: Check action fwd/drop flag exists also for nic flows (Roi Dayan) - RISC-V: defconfigs: Set CONFIG_FB=y, for FB console (Palmer Dabbelt) - riscv: defconfig: enable DRM_NOUVEAU (Heinrich Schuchardt) - bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (Hou Tao) - bpf: Stop caching subprog index in the bpf_pseudo_func insn (Martin KaFai Lau) - mt76: mt7921: fix a possible race enabling/disabling runtime-pm (Lorenzo Bianconi) - mt76: mt7921: introduce mt7921_mcu_set_beacon_filter utility routine (Lorenzo Bianconi) - mt76: mt7921: get rid of mt7921_mac_set_beacon_filter (Lorenzo Bianconi) - platform/x86: wmi: Fix driver->notify() vs ->probe() race (Hans de Goede) - platform/x86: wmi: Replace read_takes_no_args with a flags field (Hans de Goede) - platform/x86: wmi: introduce helper to convert driver to WMI driver (Barnabas Pocze) - qed: Improve the stack space of filter_config() (Shai Malin) - ath11k: add hw_param for wakeup_mhi (Seevalamuthu Mariappan) - memory: renesas-rpc-if: Avoid unaligned bus access for HyperFlash (Andrew Gabbasov) - media: ir_toy: prevent device from hanging during transmit (Sean Young) - PCI: pciehp: Ignore Link Down/Up caused by error-induced Hot Reset (Lukas Wunner) - PCI/portdrv: Rename pm_iter() to pcie_port_device_iter() (Lukas Wunner) - drm/i915: Replace the unconditional clflush with drm_clflush_virt_range() (Ville Syrjala) - drm/i915/gt: Register the migrate contexts with their engines (Thomas Hellstrom) - drm/i915: Disable bonding on gen12+ platforms (Matthew Brost) - btrfs: fix deadlock between chunk allocation and chunk btree modifications (Filipe Manana) - dma-buf/poll: Get a file reference for outstanding fence callbacks (Michel Danzer) - Input: goodix - try not to touch the reset-pin on x86/ACPI devices (Hans de Goede) - Input: goodix - refactor reset handling (Hans de Goede) - Input: goodix - add a goodix.h header file (Hans de Goede) - Input: goodix - change goodix_i2c_write() len parameter type to int (Hans de Goede) - Input: cpcap-pwrbutton - handle errors from platform_get_irq() (Tang Bin) - btrfs: fix warning when freeing leaf after subvolume creation failure (Filipe Manana) - btrfs: fix invalid delayed ref after subvolume creation failure (Filipe Manana) - btrfs: add additional parameters to btrfs_init_tree_ref/btrfs_init_data_ref (Nikolay Borisov) - btrfs: rename btrfs_alloc_chunk to btrfs_create_chunk (Nikolay Borisov) - netfilter: nft_set_pipapo: release elements in clone from abort path (Pablo Neira Ayuso) - net: rose: fix UAF bug caused by rose_t0timer_expiry (Duoming Zhou) - usbnet: fix memory leak in error case (Oliver Neukum) - bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals (Daniel Borkmann) - bpf: Fix incorrect verifier simulation around jmp32's jeq/jne (Daniel Borkmann) - can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on TBC register (Thomas Kopp) - can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for mcp2517fd (Thomas Kopp) - can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits (Marc Kleine-Budde) - can: m_can: m_can_chip_config(): actually enable internal timestamping (Marc Kleine-Budde) - can: gs_usb: gs_usb_open/close(): fix memory leak (Rhett Aultman) - can: grcan: grcan_probe(): remove extra of_node_get() (Liang He) - can: bcm: use call_rcu() instead of costly synchronize_rcu() (Oliver Hartkopp) - ALSA: cs46xx: Fix missing snd_card_free() call at probe error (Takashi Iwai) - ALSA: hda/realtek: Add quirk for Clevo L140PU (Tim Crawford) - ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (Takashi Iwai) - Revert 'selftests/bpf: Add test for bpf_timer overwriting crash' (Po-Hsu Lin) - mm/filemap: fix UAF in find_lock_entries (Liu Shixin) - mm/slub: add missing TID updates on slab deactivation (Jann Horn) - LTS version: v5.15.53 (Jack Vogel) - hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (Yang Yingliang) - hwmon: (occ) Prevent power cap command overwriting poll response (Eddie James) - hwmon: (occ) Remove sequence numbering and checksum calculation (Eddie James) - drm/fourcc: fix integer type usage in uapi header (Carlos Llamas) - platform/x86: panasonic-laptop: filter out duplicate volume up/down/mute keypresses (Hans de Goede) - platform/x86: panasonic-laptop: don't report duplicate brightness key-presses (Hans de Goede) - platform/x86: panasonic-laptop: revert 'Resolve hotkey double trigger bug' (Hans de Goede) - platform/x86: panasonic-laptop: sort includes alphabetically (Hans de Goede) - platform/x86: panasonic-laptop: de-obfuscate button codes (Stefan Seyfried) - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (Liang He) - drm/msm/gem: Fix error return on fence id alloc fail (Rob Clark) - drm/i915/gem: add missing else (katrinzhou) - net: fix IFF_TX_SKB_NO_LINEAR definition (Dan Carpenter) - fsi: occ: Force sequence numbering per OCC (Eddie James) - clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from ixp4xx_timer_setup() (Greg Kroah-Hartman) - net: usb: qmi_wwan: add Telit 0x1070 composition (Daniele Palmas) - xen/arm: Fix race in RB-tree based P2M accounting (Oleksandr Tyshchenko) - xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses() (Jan Beulich) - xen/blkfront: force data bouncing when backend is untrusted (Roger Pau Monne) - xen/netfront: force data bouncing when backend is untrusted (Roger Pau Monne) - xen/netfront: fix leaking data in shared pages (Roger Pau Monne) - xen/blkfront: fix leaking data in shared pages (Roger Pau Monne) - selftests/rseq: Change type of rseq_offset to ptrdiff_t (Mathieu Desnoyers) - selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (Mathieu Desnoyers) - selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (Mathieu Desnoyers) - selftests/rseq: Fix: work-around asm goto compiler bugs (Mathieu Desnoyers) - selftests/rseq: Remove arm/mips asm goto compiler work-around (Mathieu Desnoyers) - selftests/rseq: Fix warnings about #if checks of undefined tokens (Mathieu Desnoyers) - selftests/rseq: Fix ppc32 offsets by using long rather than off_t (Mathieu Desnoyers) - selftests/rseq: Fix ppc32 missing instruction selection 'u' and 'x' for load/store (Mathieu Desnoyers) - selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (Mathieu Desnoyers) - selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (Mathieu Desnoyers) - selftests/rseq: Introduce thread pointer getters (Mathieu Desnoyers) - selftests/rseq: Introduce rseq_get_abi() helper (Mathieu Desnoyers) - selftests/rseq: Remove volatile from __rseq_abi (Mathieu Desnoyers) - selftests/rseq: Remove useless assignment to cpu variable (Mathieu Desnoyers) - selftests/rseq: introduce own copy of rseq uapi header (Mathieu Desnoyers) - selftests/rseq: remove ARRAY_SIZE define from individual tests (Shuah Khan) - selftests/bpf: Add test_verifier support to fixup kfunc call insns (Kumar Kartikeya Dwivedi) - tcp: add a missing nf_reset_ct() in 3WHS handling (Eric Dumazet) - MAINTAINERS: add Leah as xfs maintainer for 5.15.y (Leah Rumancik) - net: tun: avoid disabling NAPI twice (Jakub Kicinski) - mlxsw: spectrum_router: Fix rollback in tunnel next hop init (Petr Machata) - ipv6: fix lockdep splat in in6_dump_addrs() (Eric Dumazet) - ipv6/sit: fix ipip6_tunnel_get_prl return value (katrinzhou) - tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (Eric Dumazet) - ACPI: video: Change how we determine if brightness key-presses are handled (Hans de Goede) - io_uring: ensure that send/sendmsg and recv/recvmsg check sqe->ioprio (Jens Axboe) - epic100: fix use after free on rmmod (Tong Zhang) - tipc: move bc link creation back to tipc_node_create (Xin Long) - NFC: nxp-nci: Don't issue a zero length i2c_master_read() (Michael Walle) - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - powerpc/memhotplug: Add add_pages override for PPC (Aneesh Kumar K.V) - net: bonding: fix use-after-free after 802.3ad slave unbind (Yevhen Orlov) - net: phy: ax88772a: fix lost pause advertisement configuration (Oleksij Rempel) - net: bonding: fix possible NULL deref in rlb code (Eric Dumazet) - net: asix: fix 'can't send until first packet is send' issue (Oleksij Rempel) - net/sched: act_api: Notify user space if any actions were flushed before error (Victor Nogueira) - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (Liang He) - netfilter: nft_dynset: restore set element counter when failing to update (Pablo Neira Ayuso) - s390: remove unneeded 'select BUILD_BIN2C' (Masahiro Yamada) - vdpa/mlx5: Update Control VQ callback information (Eli Cohen) - PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (Miaoqian Lin) - caif_virtio: fix race between virtio_device_ready() and ndo_open() (Jason Wang) - vfs: fix copy_file_range() regression in cross-fs copies (Amir Goldstein) - NFSD: restore EINVAL error translation in nfsd_commit() (Alexey Khoroshilov) - net: ipv6: unexport __init-annotated seg6_hmac_net_init() (YueHaibing) - selftests: mptcp: more stable diag tests (Paolo Abeni) - usbnet: fix memory allocation in helpers (Oliver Neukum) - net: usb: asix: do not force pause frames support (Oleksij Rempel) - linux/dim: Fix divide by 0 in RDMA DIM (Tao Liu) - RDMA/cm: Fix memory leak in ib_cm_insert_listen (Miaoqian Lin) - RDMA/qedr: Fix reporting QP timeout attribute (Kamal Heib) - net: dp83822: disable rx error interrupt (Enguerrand de Ribaucourt) - net: dp83822: disable false carrier interrupt (Enguerrand de Ribaucourt) - net: tun: stop NAPI when detaching queues (Jakub Kicinski) - net: tun: unlink NAPI from device on destruction (Jakub Kicinski) - net: dsa: bcm_sf2: force pause link settings (Doug Berger) - selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (Dimitris Michailidis) - virtio-net: fix race between ndo_open() and virtio_device_ready() (Jason Wang) - net: usb: ax88179_178a: Fix packet receiving (Jose Alonso) - net: rose: fix UAF bugs caused by timer handler (Duoming Zhou) - SUNRPC: Fix READ_PLUS crasher (Chuck Lever) - s390/archrandom: simplify back to earlier design and initialize earlier (Jason A. Donenfeld) - dm raid: fix KASAN warning in raid5_add_disks (Mikulas Patocka) - dm raid: fix accesses beyond end of raid member array (Heinz Mauelshagen) - powerpc/bpf: Fix use of user_pt_regs in uapi (Naveen N. Rao) - powerpc/book3e: Fix PUD allocation size in map_kernel_page() (Christophe Leroy) - powerpc/prom_init: Fix kernel config grep (Liam Howlett) - nvdimm: Fix badblocks clear off-by-one error (Chris Ye) - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1 (Lamarque Vieira Souza) - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP (AKA SPECTRIX S40G) (Pablo Greco) - net: phy: Don't trigger state machine while in suspend (Lukas Wunner) - ipv6: take care of disable_policy when restoring routes (Nicolas Dichtel) - ksmbd: use vfs_llseek instead of dereferencing NULL (Jason A. Donenfeld) - ksmbd: check invalid FileOffset and BeyondFinalZero in FSCTL_ZERO_DATA (Namjae Jeon) - ksmbd: set the range of bytes to zero without extending file size in FSCTL_ZERO_DATA (Namjae Jeon) - drm/amdgpu: To flush tlb for MMHUB of RAVEN series (Ruili Ji) - Revert 'drm/amdgpu/display: set vblank_disable_immediate for DC' (Alex Deucher) - cpufreq:cppc_cpufreq: prevent crash on reading freqdomain_cpus (chris hyser) [Orabug: 34327463] - vmcoreinfo: add kallsyms_num_syms symbol (Stephen Brennan) [Orabug: 34475877] - vmcoreinfo: include kallsyms symbols (Stephen Brennan) [Orabug: 34475877] - kallsyms: move declarations to internal header (Stephen Brennan) [Orabug: 34475877] - Revert 'KVM: x86: Print error code in exception injection tracepoint iff valid' (Sherry Yang) [Orabug: 34539458] - uek-rpm: Enable IMA_APPRAISE_SB_BOOTPARAM (Eric Snowberg) [Orabug: 34549007] - integrity: Allow ima_appraise bootparam to be set when SB is enabled (Eric Snowberg) [Orabug: 34549007] - net/mlx5: E-Switch, change VFs default admin state to auto in switchdev (Maor Dickman) [Orabug: 34533007] - Revert 'net/mlx5: E-Switch, change VFs default admin state to auto in switchdev' (Devesh Sharma) [Orabug: 34532946] - uek-rpm: Install kernel-rpm-macros as build dependency (Somasundaram Krishnasamy) [Orabug: 34529696] [5.15.0-3.52.1] - rds: ib: Fix lfstack to acquire visibility to list head (Hakon Bugge) [Orabug: 34522536] - locking/atomic: Make test_and_*_bit() ordered on failure (Hector Martin) [Orabug: 34520178] - intel_idle: make SPR C1 and C1E be independent (Artem Bityutskiy) [Orabug: 34510397] - intel_idle: Add AlderLake support (Zhang Rui) [Orabug: 34510397] - intel_idle: Fix SPR C6 optimization (Artem Bityutskiy) [Orabug: 34510397] - intel_idle: Fix the 'preferred_cstates' module parameter (Artem Bityutskiy) [Orabug: 34510397] - cpuidle: intel_idle: Drop redundant backslash at line end (Rafael J. Wysocki) [Orabug: 34510397] - mlx4: Subscribe to PXM notifier (Konrad Rzeszutek Wilk) [Orabug: 27206634] [Orabug: 34509446] - xen/pci: Add PXM node notifier for PXM (NUMA) changes. (Konrad Rzeszutek Wilk) [Orabug: 27206634] [Orabug: 34509446] - xen/pcifront: Walk the PCI bus after XenStore notification (Konrad Rzeszutek Wilk) [Orabug: 27206634] [Orabug: 34509446] - xen-pcifront/hvm: Slurp up 'pxm' entry and set NUMA node on PCIe device. (V5) (Konrad Rzeszutek Wilk) [Orabug: 34509446] - scsi: core: Fix warning in scsi_alloc_sgtables() (Jason Yan) [Orabug: 33857787] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3028 cpe:/a:oracle:linux:8::UEKR7 Oracle Linux 7 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21628 CVE-2022-35255 CVE-2022-21618 CVE-2022-35256 CVE-2022-21624 CVE-2022-32214 CVE-2022-32212 CVE-2022-32215 CVE-2022-21626 CVE-2022-21619 CVE-2022-2097 CVE-2022-39399 CVE-2022-32213 CVE-2022-32222 cpe:/a:oracle:linux:7::graalvm_community Oracle Linux 7 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-32214 CVE-2022-21619 CVE-2022-32213 CVE-2022-32215 CVE-2022-21624 CVE-2022-32212 CVE-2022-21618 CVE-2022-21628 CVE-2022-32222 CVE-2022-35256 CVE-2022-39399 CVE-2022-21626 CVE-2022-2097 CVE-2022-35255 cpe:/a:oracle:linux:7::graalvm_community Oracle Linux 7 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21624 CVE-2022-32214 CVE-2022-32222 CVE-2022-32215 CVE-2022-21618 CVE-2022-32213 CVE-2022-39399 CVE-2022-35256 CVE-2022-21619 CVE-2022-21628 CVE-2022-32212 CVE-2022-35255 CVE-2022-21626 CVE-2022-2097 cpe:/a:oracle:linux:7::graalvm_community Oracle Linux 7 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21618 CVE-2022-35255 CVE-2022-21619 CVE-2022-32215 CVE-2022-21628 CVE-2022-39399 CVE-2022-2097 CVE-2022-32213 CVE-2022-32214 CVE-2022-35256 CVE-2022-21626 CVE-2022-32222 CVE-2022-21624 CVE-2022-32212 cpe:/a:oracle:linux:7::graalvm_community Oracle Linux 8 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2097 CVE-2022-21619 CVE-2022-21624 CVE-2022-35255 CVE-2022-21618 CVE-2022-21626 CVE-2022-32214 CVE-2022-39399 CVE-2022-32212 CVE-2022-32215 CVE-2022-32222 CVE-2022-21628 CVE-2022-35256 CVE-2022-32213 cpe:/a:oracle:linux:8::graalvm_community Oracle Linux 8 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21619 CVE-2022-21618 CVE-2022-32212 CVE-2022-21628 CVE-2022-32214 CVE-2022-32215 CVE-2022-35255 CVE-2022-39399 CVE-2022-21626 CVE-2022-32213 CVE-2022-2097 CVE-2022-32222 CVE-2022-21624 CVE-2022-35256 cpe:/a:oracle:linux:8::graalvm_community Oracle Linux 8 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21628 CVE-2022-21618 CVE-2022-21624 CVE-2022-2097 CVE-2022-32213 CVE-2022-32212 CVE-2022-32215 CVE-2022-35255 CVE-2022-35256 CVE-2022-32222 CVE-2022-21619 CVE-2022-39399 CVE-2022-32214 CVE-2022-21626 cpe:/a:oracle:linux:8::graalvm_community Oracle Linux 8 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21618 CVE-2022-32213 CVE-2022-21624 CVE-2022-21626 CVE-2022-2097 CVE-2022-32215 CVE-2022-32212 CVE-2022-21619 CVE-2022-32214 CVE-2022-32222 CVE-2022-35256 CVE-2022-39399 CVE-2022-35255 CVE-2022-21628 cpe:/a:oracle:linux:8::graalvm_community Oracle Linux 9 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-32215 CVE-2022-21619 CVE-2022-32214 CVE-2022-32212 CVE-2022-21626 CVE-2022-21624 CVE-2022-32213 CVE-2022-35256 CVE-2022-35255 CVE-2022-2097 CVE-2022-21618 CVE-2022-21628 CVE-2022-32222 CVE-2022-39399 cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-32214 CVE-2022-32212 CVE-2022-21618 CVE-2022-2097 CVE-2022-35256 CVE-2022-39399 CVE-2022-21628 CVE-2022-21624 CVE-2022-21626 CVE-2022-32215 CVE-2022-21619 CVE-2022-32222 CVE-2022-32213 CVE-2022-35255 cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-32222 CVE-2022-39399 CVE-2022-2097 CVE-2022-21618 CVE-2022-21619 CVE-2022-21626 CVE-2022-32212 CVE-2022-21624 CVE-2022-35256 CVE-2022-32214 CVE-2022-35255 CVE-2022-21628 CVE-2022-32213 CVE-2022-32215 cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21628 CVE-2022-21624 CVE-2022-35256 CVE-2022-32214 CVE-2022-21626 CVE-2022-21619 CVE-2022-2097 CVE-2022-32215 CVE-2022-32212 CVE-2022-21618 CVE-2022-32213 CVE-2022-39399 CVE-2022-35255 CVE-2022-32222 cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 6 [2.0.1-13.0.2] - Ensure raw tagnames are safe exiting internalEntityParser [CVE-2022-40674][Orabug: 34694174] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40674 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 6 [1.95.8-8.0.1] - Ensure raw tagnames are safe exiting internalEntityParser [CVE-2022-40674][Orabug: 34708578] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40674 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 9 [3.0.1-41.0.3] - Add units tests for CVE-2022-3786, CVE-2022-3602 patches [3.0.1-41.0.2] - Fix CVE-2022-3786, CVE-2022-3602 [3.0.1-41.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-41] - Zeroize public keys as required by FIPS 140-3 Resolves: rhbz#2115861 - Add FIPS indicator for HKDF Resolves: rhbz#2118388 [1:3.0.1-40] - Deal with DH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2115856 - Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2115857 - Use signature for RSA pairwise test according FIPS-140-3 requirements Related: rhbz#2115858 - Reseed all the parent DRBGs in chain on reseeding a DRBG Related: rhbz#2115859 - Zeroization according to FIPS-140-3 requirements Related: rhbz#2115861 [1:3.0.1-39] - Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test - Use Use digest_sign & digest_verify in FIPS signature self test - Use FFDHE2048 in Diffie-Hellman FIPS self-test Resolves: rhbz#2112978 [1:3.0.1-38] - Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously initialized. Resolves: rhbz#2107530 - Improve AES-GCM performance on Power9 and Power10 ppc64le Resolves: rhbz#2103044 - Improve ChaCha20 performance on Power10 ppc64le Resolves: rhbz#2103044 [1:3.0.1-37] - CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 [1:3.0.1-36] - Ciphersuites with RSAPSK KX should be filterd in FIPS mode - Related: rhbz#2091994 - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available if key length is enough - Related: rhbz#2091977 - Improve diagnostics when passing unsupported groups in TLS - Related: rhbz#2086554 - Fix PPC64 Montgomery multiplication bug - Related: rhbz#2101346 - Strict certificates validation shouldn't allow explicit EC parameters - Related: rhbz#2085521 - CVE-2022-2068: the c_rehash script allows command injection - Related: rhbz#2098276 [1:3.0.1-35] - Add explicit indicators for signatures in FIPS mode and mark signature primitives as unapproved. Resolves: rhbz#2087234 [1:3.0.1-34] - Some OpenSSL test certificates are expired, updating - Resolves: rhbz#2095696 [1:3.0.1-33] - CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory - Resolves: rhbz#2089443 - CVE-2022-1343 openssl: Signer certificate verification returned inaccurate response when using OCSP_NOCHECKS - Resolves: rhbz#2089439 - CVE-2022-1292 openssl: c_rehash script allows command injection - Resolves: rhbz#2090361 - Revert 'Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode' Related: rhbz#2087234 - Use KAT for ECDSA signature tests, s390 arch - Resolves: rhbz#2086866 [1:3.0.1-32] - openssl ecparam -list_curves lists only FIPS-approved curves in FIPS mode - Resolves: rhbz#2091929 - Ciphersuites with RSA KX should be filterd in FIPS mode - Related: rhbz#2091994 - In FIPS mode, signature verification works with keys of arbitrary size above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys below 2048 bits - Resolves: rhbz#2091938 [1:3.0.1-31] - Disable SHA-1 signature verification in FIPS mode - Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode Resolves: rhbz#2087234 [1:3.0.1-30] - Use KAT for ECDSA signature tests - Resolves: rhbz#2086866 [1:3.0.1-29] - -config argument of openssl app should work properly in FIPS mode - Resolves: rhbz#2085500 - openssl req defaults on PKCS#8 encryption changed to AES-256-CBC - Resolves: rhbz#2085499 [1:3.0.1-28] - OpenSSL should not accept custom elliptic curve parameters - Resolves rhbz#2085508 - OpenSSL should not accept explicit curve parameters in FIPS mode - Resolves rhbz#2085521 [1:3.0.1-27] - Change FIPS module version to include hash of specfile, patches and sources Resolves: rhbz#2082585 [1:3.0.1-26] - OpenSSL FIPS module should not build in non-approved algorithms Resolves: rhbz#2082584 [1:3.0.1-25] - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available - Resolves: rhbz#2053289 [1:3.0.1-24] - Fix occasional internal error in TLS when DHE is used Resolves: rhbz#2080323 [1:3.0.1-23] - Update missing initialization patch with feedback from upstream Resolves: rhbz#2076654 [1:3.0.1-22] - Invocation of the missing initialization - Resolves: rhbz#2076654 [1:3.0.1-21] - Fix openssl curl error with LANG=tr_TR.utf8 - Resolves: rhbz#2076654 [1:3.0.1-20] - Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when no OpenSSL library context is set - Resolves: rhbz#2063306 [1:3.0.1-19] - Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes - Resolves: rhbz#2063306 [1:3.0.1-18] - CVE-2022-0778 fix - Resolves: rhbz#2062314 [1:3.0.1-15.1] - Fix invocation of EVP_PKEY_CTX_set_rsa_padding(RSA_PKCS1_PSS_PADDING) before setting an allowed digest with EVP_PKEY_CTX_set_signature_md() - Resolves: rhbz#2061607 [1:3.0.1-14.1] - Allow SHA1 in SECLEVEL 2 if rh-allow-sha1-signatures = yes - Resolves: rhbz#2031742 [1:3.0.1-14] - Prevent use of SHA1 with ECDSA - Resolves: rhbz#2031742 [1:3.0.1-13] - OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters - Resolves: rhbz#1977867 [1:3.0.1-12] - Support KBKDF (NIST SP800-108) with an R value of 8bits - Resolves: rhbz#2027261 [1:3.0.1-11] - Allow SHA1 usage in MGF1 for RSASSA-PSS signatures - Resolves: rhbz#2031742 [1:3.0.1-10] - rebuilt [1:3.0.1-9] - Allow SHA1 usage in HMAC in TLS - Resolves: rhbz#2031742 [1:3.0.1-8] - OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters - Resolves: rhbz#1977867 - pkcs12 export broken in FIPS mode - Resolves: rhbz#2049265 [1:3.0.1-8] - Disable SHA1 signature creation and verification by default - Set rh-allow-sha1-signatures = yes to re-enable - Resolves: rhbz#2031742 [1:3.0.1-7] - s_server: correctly handle 2^14 byte long records - Resolves: rhbz#2042011 [1:3.0.1-6] - Adjust FIPS provider version - Related: rhbz#2026445 [1:3.0.1-5] - On the s390x, zeroize all the copies of TLS premaster secret - Related: rhbz#2040448 [1:3.0.1-4] - rebuilt [1:3.0.1-3] - KATS tests should be executed before HMAC verification - Restoring fips=yes for SHA1 - Related: rhbz#2026445, rhbz#2041994 [1:3.0.1-2] - Add enable-buildtest-c++ to the configure options. - Related: rhbz#1990814 [1:3.0.1-1] - Rebase to upstream version 3.0.1 - Fixes CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl - Resolves: rhbz#2038910, rhbz#2035148 [1:3.0.0-7] - Remove algorithms we don't plan to certify from fips module - Remove native fipsmodule.cnf - Related: rhbz#2026445 [1:3.0.0-6] - openssl speed should run in FIPS mode - Related: rhbz#1977318 [1:3.0.0-5] - rebuilt for spec cleanup - Related: rhbz#1985362 [1:3.0.0-4] - Embed FIPS HMAC in fips.so - Enforce loading FIPS provider when FIPS kernel flag is on - Related: rhbz#1985362 [1:3.0.0-3] - Fix memory leak in s_client - Related: rhbz#1996092 [1:3.0.0-2] - Avoid double-free on error seeding the RNG. - KTLS and FIPS may interfere, so tests need to be tuned - Resolves: rhbz#1952844, rhbz#1961643 [1:3.0.0-1] - Rebase to upstream version 3.0.0 - Related: rhbz#1990814 [1:3.0.0-0.beta2.7] - Removes the dual-abi build as it not required anymore. The mass rebuild was completed and all packages are rebuilt against Beta version. - Resolves: rhbz#1984097 [1:3.0.0-0.beta2.6] - Correctly process CMS reading from /dev/stdin - Resolves: rhbz#1986315 [3.0.0-0.beta2.5] - Add instruction for loading legacy provider in openssl.cnf - Resolves: rhbz#1975836 [3.0.0-0.beta2.4] - Adds support for IDEA encryption. - Resolves: rhbz#1990602 [3.0.0-0.beta2.3] - Fixes core dump in openssl req -modulus - Fixes 'openssl req' to not ask for password when non-encrypted private key is used - cms: Do not try to check binary format on stdin and -rctform fix - Resolves: rhbz#1988137, rhbz#1988468, rhbz#1988137 [1:3.0.0-0.beta2.2.1] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [3.0.0-0.beta2.2] - When signature_algorithm extension is omitted, use more relevant alerts - Resolves: rhbz#1965017 [3.0.0-0.beta2.1] - Rebase to upstream version beta2 - Related: rhbz#1903209 [3.0.0-0.beta1.5] - Prevents creation of duplicate cert entries in PKCS #12 files - Resolves: rhbz#1978670 [3.0.0-0.beta1.4] - NVR bump to update to OpenSSL 3.0 Beta1 [3.0.0-0.beta1.3] - Update patch dual-abi.patch to add the #define macros in implementation files instead of public header files [3.0.0-0.beta1.2] - Removes unused patch dual-abi.patch [3.0.0-0.beta1.1] - Update to Beta1 version - Includes a patch to support dual-ABI, as Beta1 brekas ABI with alpha16 [3.0.0-0.alpha16.7] - Fixes override of openssl_conf in openssl.cnf - Use AI_ADDRCONFIG only when explicit host name is given - Temporarily remove fipsmodule.cnf for arch i686 - Fixes segmentation fault in BN_lebin2bn - Resolves: rhbz#1975847, rhbz#1976845, rhbz#1973477, rhbz#1975855 [3.0.0-0.alpha16.6] - Adds FIPS mode compatibility patch (sahana@redhat.com) - Related: rhbz#1977318 [3.0.0-0.alpha16.5] - Fixes system hang issue when booted in FIPS mode (sahana@redhat.com) - Temporarily disable downstream FIPS patches - Related: rhbz#1977318 [3.0.0-0.alpha16.4] - Speeding up building openssl (dbelyavs@redhat.com) Resolves: rhbz#1903209 [3.0.0-0.alpha16.3] - Fix reading SPKAC data from stdin - Fix incorrect OSSL_PKEY_PARAM_MAX_SIZE for ed25519 and ed448 - Return 0 after cleanup in OPENSSL_init_crypto() - Cleanup the peer point formats on regotiation - Fix default digest to SHA256 [3.0.0-0.alpha16.2] - Enable FIPS via config options [3.0.0-0.alpha16.1] - Update to alpha 16 version Resolves: rhbz#1952901 openssl sends alert after orderly connection close [3.0.0-0.alpha15.1] - Update to alpha 15 version Resolves: rhbz#1903209, rhbz#1952598, [1:3.0.0-0.alpha13.1.1] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [3.0.0-0.alpha13.1] - Update to new major release OpenSSL 3.0.0 alpha 13 Resolves: rhbz#1903209 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3786 CVE-2022-3602 cpe:/a:oracle:linux:9::userspace_ksplice Oracle Linux 7 [15:4.2.1-21.el7] - qemu-kvm.spec: Fix the qemu-regdump sos report plugin path (Mark Kanda) [Orabug: 34680062] - qmp-regdump: Require python3 on OL8 (Mark Kanda) [Orabug: 34672256] - iotests: Adjust 186.out to account for 'null' node-name (Mark Kanda) [Orabug: 34447388] - block: Set the name of BlockBackend if possible (Annie Li) [Orabug: 34447388] - acpi: Update _DSM method in expected files (Mark Kanda) [Orabug: 34616322] - acpi/gpex: Fix cca attribute check for pxb device (Xingang Wang) [Orabug: 34616322] - acpi: Enable pxb unit-test for ARM virt machine (Jiahui Cen) [Orabug: 34616322] - Kconfig: Compile PXB for ARM_VIRT (Jiahui Cen) [Orabug: 34616322] - acpi/gpex: Exclude pxb's resources from PCI0 (Jiahui Cen) [Orabug: 34616322] - acpi/gpex: Inform os to keep firmware resource map (Jiahui Cen) [Orabug: 34616322] - acpi: Add addr offset in build_crs (Jiahui Cen) [Orabug: 34616322] - unit-test: Add testcase for pxb (Yubo Miao) [Orabug: 34616322] - acpi: Align the size to 128k (Yubo Miao) [Orabug: 34616322] - acpi/gpex: Build tables for pxb (Yubo Miao) [Orabug: 34616322] - acpi: Extract crs build form acpi_build.c (Yubo Miao) [Orabug: 34616322] - hw/arm/virt: Write extra pci roots into fw_cfg (Jiahui Cen) [Orabug: 34616322] - fw_cfg: Refactor extra pci roots addition (Jiahui Cen) [Orabug: 34616322] - acpi/gpex: Extract two APIs from acpi_dsdt_add_pci (Yubo Miao) [Orabug: 34616322] - arm: use acpi_dsdt_add_gpex (Gerd Hoffmann) [Orabug: 34616322] - acpi: add acpi_dsdt_add_gpex (Gerd Hoffmann) [Orabug: 34616322] - acpi: Allow DSDT acpi table changes (Jiahui Cen) [Orabug: 34616322] - move MemMapEntry (Gerd Hoffmann) [Orabug: 34616322] - scsi/lsi53c895a: really fix use-after-free in lsi_do_msgout (CVE-2022-0216) (Mauro Matteo Cascella) [Orabug: 34353672] {CVE-2022-0216} - scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216) (Mauro Matteo Cascella) [Orabug: 34353672] {CVE-2022-0216} - tests/qtest: Add fuzz-lsi53c895a-test (Philippe Mathieu-Daude) [Orabug: 34353672] {CVE-2022-0216} - hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queued (Philippe Mathieu-Daude) [Orabug: 34353672] {CVE-2022-0216} - vfio: defer to commit kvm irq routing when enable msi/msix (Longpeng (Mike)) [Orabug: 34419422] - vfio: simplify the failure path in vfio_msi_enable (Longpeng (Mike)) [Orabug: 34419422] - vfio: move re-enabling INTX out of the common helper (Longpeng (Mike)) [Orabug: 34419422] - vfio: simplify the conditional statements in vfio_msi_enable (Longpeng (Mike)) [Orabug: 34419422] - kvm/msi: do explicit commit when adding msi routes (Longpeng (Mike)) [Orabug: 34419422] - kvm-irqchip: introduce new API to support route change (Longpeng (Mike)) [Orabug: 34419422] - event_notifier: handle initialization failure better (Maxim Levitsky) [Orabug: 34419422] - qmp-regdump: use QMP command 'query-cpus-fast' (Mark Kanda) [Orabug: 34510460] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0216 cpe:/a:oracle:linux:7::developer_kvm_utils cpe:/a:oracle:linux:7::kvm_utils cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 hivex [1.3.18-21] - Bounds check for block exceeding page length (CVE-2021-3504) resolves: rhbz#1950501 [1.3.18] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [1.3.18] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [1.3.15-7] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [1.3.15-6] - Drop hivex-static subpackage resolves: rhbz#1560207 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0216 cpe:/a:oracle:linux:8::kvm_appstream Oracle Linux 7 [1.2.7-20.0.1] - Resolves: CVE-2022-37434 [Orabug: 34752508] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-37434 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 6 [1.2.3-29.0.3] - Fix for CVE-2022-37474 [Orabug: 34759428] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-37434 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:linux:6:10:ELS cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 Oracle Linux 7 [4.14.35-2047.519.2.1] - xfs: trim IO to found COW extent limit (Eric Sandeen) [Orabug: 34765284] - xfs: don't use delalloc extents for COW on files with extsize hints (Christoph Hellwig) [Orabug: 34765284] [4.14.35-2047.519.2] - Revert 'xfs: don't use delalloc extents for COW on files with extsize hints' (Saeed Mirzamohammadi) [Orabug: 34715947] - uapi: Fix linux/rds.h userspace compilation issues (Ka-Cheong Poon) [Orabug: 32392165] [Orabug: 34710962] - uapi: Fix linux/rds.h userspace compilation errors. (Vinson Lee) [Orabug: 34710962] - uapi: fix linux/rds.h userspace compilation error (Dmitry V. Levin) [Orabug: 34710962] - uapi: fix linux/rds.h userspace compilation errors (Dmitry V. Levin) [Orabug: 34710962] - EDAC: Drop duplicated array of strings for memory type names (Jane Chu) [Orabug: 34645040] - xfs: don't ever put nlink > 0 inodes on the unlinked list (Darrick J. Wong) [Orabug: 34431355] [4.14.35-2047.519.1] - uek: kabi: update kABI files for new symbol (Saeed Mirzamohammadi) [Orabug: 34595585] - EDAC/mce_amd: Do not load edac_mce_amd module on guests (Smita Koralahalli) [Orabug: 34484269] [4.14.35-2047.519.0] - media: em28xx: initialize refcount before kref_get (Dongliang Mu) [Orabug: 34619521] {CVE-2022-3239} - net: vlan: Avoid using BUG() in vlan_proto_idx() (Florian Fainelli) [Orabug: 34625406] - net/rds: Send congestion map updates only via path zero (Anand Khoje) [Orabug: 34578052] - rds: cong: Make rds_cong_wait an array to reduce lock contention (Hakon Bugge) [Orabug: 34574094] - rds: cong: Make rs_cong_notify and rs_cong_mask atomic64_t (Hakon Bugge) [Orabug: 34574094] - scsi: tcmu: track nl commands (Mike Christie) [Orabug: 32011411] - scsi: tcmu: remove useless code and clean up the code style. (Xiubo Li) [Orabug: 32011411] - Linux 4.14.295 (Greg Kroah-Hartman) - ext4: make directory inode spreading reflect flexbg size (Jan Kara) - Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (Vitaly Kuznetsov) - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (Stefan Haberland) - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (Ilpo Jarvinen) - serial: Create uart_xmit_advance() (Ilpo Jarvinen) - net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD (Sean Anderson) - perf kcore_copy: Do not check /proc/modules is unchanged (Adrian Hunter) - can: gs_usb: gs_can_open(): fix race dev->can.state condition (Marc Kleine-Budde) - netfilter: ebtables: fix memory leak when blob is malformed (Florian Westphal) - of: mdio: Add of_node_put() when breaking out of for_each_xx (Liang He) - MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko (Randy Dunlap) - net: team: Unsync device addresses on ndo_stop (Benjamin Poirier) - ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header (Lu Wei) - iavf: Fix cached head and tail value for iavf_get_tx_pending (Brett Creeley) - netfilter: nf_conntrack_irc: Tighten matching on DCC message (David Leadbeater) - netfilter: nf_conntrack_sip: fix ct_sip_walk_headers (Igor Ryzhov) - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (Fabio Estevam) - mm/slub: fix to return errno if kmalloc() fails (Chao Yu) - ALSA: hda: add Intel 5 Series / 3400 PCI DID (Kai Vehmanen) - ALSA: hda/tegra: set depop delay for tegra (Mohan Kumar) - USB: serial: option: add Quectel RM520N (jerry meng) - USB: serial: option: add Quectel BG95 0x0203 composition (Carl Yin()) - USB: core: Fix RST error in hub.c (Alan Stern) - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (Siddh Raman Pant) - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (Takashi Iwai) - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (Hyunwoo Kim) - mksysmap: Fix the mismatch of 'L0' symbols in System.map (Youling Tang) - MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping() (Alexander Sverdlin) - net: usb: qmi_wwan: add Quectel RM520N (jerry.meng) - ALSA: hda/sigmatel: Keep power up while beep is enabled (Takashi Iwai) - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (Xiaolei Wang) - ASoC: nau8824: Fix semaphore unbalance at error paths (Takashi Iwai) - cifs: don't send down the destination address to sendmsg for a SOCK_STREAM (Stefan Metzmacher) - parisc: ccio-dma: Add missing iounmap in error path in ccio_probe() (Yang Yingliang) - drm/meson: Correct OSD1 global alpha value (Stuart Menefy) - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (Pali Rohar) - of: fdt: fix off-by-one error in unflatten_dt_nodes() (Sergey Shtylyov) - Linux 4.14.294 (Greg Kroah-Hartman) - tracefs: Only clobber mode/uid/gid on remount if asked (Brian Norris) - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (Hans de Goede) - ieee802154: cc2520: add rc code in cc2520_tx() (Li Qiong) - tg3: Disable tg3 device on system reboot to avoid triggering AER (Kai-Heng Feng) - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (Jason Wang) - drm/msm/rd: Fix FIFO-full deadlock (Rob Clark) - mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region() (Jann Horn) - Linux 4.14.293 (Greg Kroah-Hartman) - SUNRPC: use _bh spinlocking on ->transport_lock (NeilBrown) - MIPS: loongson32: ls1c: Fix hang during startup (Yang Ling) - USB: serial: ch341: fix disabled rx timer on older devices (Johan Hovold) - USB: serial: ch341: fix lost character on LCR updates (Johan Hovold) - usb: dwc3: fix PHY disable sequence (Johan Hovold) - sch_sfb: Also store skb len before calling child enqueue (Toke Hoiland-Jorgensen) - tcp: fix early ETIMEDOUT after spurious non-SACK RTO (Neal Cardwell) - ipv6: sr: fix out-of-bounds read when setting HMAC data. (David Lebrun) - tipc: fix shift wrapping bug in map_get() (Dan Carpenter) - sch_sfb: Don't assume the skb is still around after enqueueing to child (Toke Hoiland-Jorgensen) - netfilter: nf_conntrack_irc: Fix forged IP logic (David Leadbeater) - netfilter: br_netfilter: Drop dst references before setting. (Harsh Modi) - driver core: Don't probe devices after bus_type.match() probe deferral (Isaac J. Manjarres) - scsi: mpt3sas: Fix use-after-free warning (Sreekanth Reddy) - kprobes: Prohibit probes in gate area (Christian A. Ehrhardt) - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (Dongxiang Ke) - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (Pattara Teerapong) - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (Tasos Sahanidis) - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (Yang Yingliang) - parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines (Helge Deller) - parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources() (Li Qiong) - drm/radeon: add a force flush to delay work when radeon (Zhenneng Li) - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup. (Candice Li) - Revert 'mm: kmemleak: take a full lowmem check in kmemleak_*_phys()' (Yee Lee) - fs: only do a memory barrier for the first set_buffer_uptodate() (Linus Torvalds) - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (Stanislaw Gruszka) - efi: capsule-loader: Fix use-after-free in efi_capsule_write (Hyunwoo Kim) - ALSA: seq: Fix data-race at module auto-loading (Takashi Iwai) - ALSA: seq: oss: Fix data-race for max_midi_devs access (Takashi Iwai) - net: mac802154: Fix a condition in the receive path (Miquel Raynal) - wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected (Siddh Raman Pant) - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (Krishna Kurapati) - USB: core: Prevent nested device-reset calls (Alan Stern) - s390: fix nospec table alignments (Josh Poimboeuf) - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (Gerald Schaefer) - usb-storage: Add ignore-residue quirk for NXP PN7462AU (Witold Lipieta) - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (Thierry GUIBERT) - usb: dwc2: fix wrong order of phy_power_on and phy_init (Heiner Kallweit) - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (Slark Xiao) - USB: serial: option: add Quectel EM060K modem (Yonglin Tan) - USB: serial: option: add support for OPPO R11 diag port (Yan Xinyu) - USB: serial: cp210x: add Decagon UCA device id (Johan Hovold) - xhci: Add grace period after xHC start to prevent premature runtime suspend. (Mathias Nyman) - thunderbolt: Use the actual buffer in tb_async_error() (Mika Westerberg) - hwmon: (gpio-fan) Fix array out of bounds access (Armin Wolf) - Input: rk805-pwrkey - fix module autoloading (Peter Robinson) - drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (Colin Ian King) - binder: fix UAF of ref->proc caused by race condition (Carlos Llamas) - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (Niek Nooijens) - vt: Clear selection before changing the font (Helge Deller) - staging: rtl8712: fix use after free bugs (Dan Carpenter) - serial: fsl_lpuart: RS485 RTS polariy is inverse (Shenwei Wang) - kcm: fix strp_init() order and cleanup (Cong Wang) - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (Duoming Zhou) - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (Dan Carpenter) - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (Andy Shevchenko) - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (Douglas Anderson) - bpf: Fix the off-by-two error in range markings (Maxim Mikityanskiy) - selftests/bpf: Fix test_align verifier log patterns (Stanislav Fomichev) - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (John Fastabend) - Linux 4.14.292 (Greg Kroah-Hartman) - net: neigh: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - kprobes: don't call disarm_kprobe() for disabled kprobes (Kuniyuki Iwashima) - netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y (Geert Uytterhoeven) - s390/hypfs: avoid error message under KVM (Juergen Gross) - neigh: fix possible DoS due to net iface start/stop loop (Denis V. Lunev) - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (Jann Horn) - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (Yang Jihong) - fbdev: fb_pm2fb: Avoid potential divide by zero error (Letu Ren) - HID: hidraw: fix memory leak in hidraw_release() (Karthik Alapati) - media: pvrusb2: fix memory leak in pvr_probe (Dongliang Mu) - Bluetooth: L2CAP: Fix build errors in some archs (Luiz Augusto von Dentz) - kbuild: Fix include path in scripts/Makefile.modpost (Jing Leng) - x86/bugs: Add 'unknown' reporting for MMIO Stale Data (Pawan Gupta) - x86/cpu: Add Tiger Lake to Intel family (Gayatri Kammela) - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (Gerald Schaefer) - arm64: map FDT as RW for early_init_dt_scan() (Hsin-Yi Wang) - mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() (Jann Horn) - md: call __md_stop_writes in md_stop (Guoqing Jiang) - mm/hugetlb: fix hugetlb not supporting softdirty tracking (David Hildenbrand) - asm-generic: sections: refactor memory_intersects (Quanyang Wang) - loop: Check for overflow while configuring loop (Siddh Raman Pant) - btrfs: check if root is readonly while setting security xattr (Goldwyn Rodrigues) - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (Jacob Keller) - net: Fix a data-race around sysctl_somaxconn. (Kuniyuki Iwashima) - net: Fix a data-race around netdev_budget_usecs. (Kuniyuki Iwashima) - net: Fix a data-race around netdev_budget. (Kuniyuki Iwashima) - net: Fix a data-race around sysctl_net_busy_read. (Kuniyuki Iwashima) - net: Fix a data-race around sysctl_net_busy_poll. (Kuniyuki Iwashima) - net: Fix a data-race around sysctl_tstamp_allow_data. (Kuniyuki Iwashima) - ratelimit: Fix data-races in ___ratelimit(). (Kuniyuki Iwashima) - net: Fix data-races around weight_p and dev_weight_[rt]x_bias. (Kuniyuki Iwashima) - netfilter: nft_payload: do not truncate csum_offset and csum_type (Pablo Neira Ayuso) - netfilter: nft_payload: report ERANGE for too long offset and length (Pablo Neira Ayuso) - net: ipvtap - add __init/__exit annotations to module init/exit funcs (Maciej zenczykowski) - bonding: 802.3ad: fix no transmission of LACPDUs (Jonathan Toppins) - rose: check NULL rose_loopback_neigh->loopback (Bernard Pidoux) - xfrm: fix refcount leak in __xfrm_policy_check() (Xin Xiong) - pinctrl: amd: Don't save/restore interrupt status and wake status bits (Basavaraj Natikar) - parisc: Fix exception handler for fldw and fstw instructions (Helge Deller) - audit: fix potential double free on error path from fsnotify_add_inode_mark (Gaosheng Cui) - Linux 4.14.291 (Greg Kroah-Hartman) - MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 (Nathan Chancellor) - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (Zheyu Ma) - powerpc/64: Init jump labels before parse_early_param() (Zhouyi Zhou) - smb3: check xattr value length earlier (Steve French) - ALSA: timer: Use deferred fasync helper (Takashi Iwai) - ALSA: core: Add async signal helpers (Takashi Iwai) - mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start (Liang He) - vfio: Clear the caps->buf to NULL after free (Schspa Shi) - tty: serial: Fix refcount leak bug in ucc_uart.c (Liang He) - ext4: avoid resizing to a partial cluster size (Kiselev, Oleg) - ext4: avoid remove directory when directory is corrupted (Ye Bin) - drivers:md:fix a potential use-after-free bug (Wentao_Liang) - cxl: Fix a memory leak in an error handling path (Christophe JAILLET) - gadgetfs: ep_io - wait until IRQ finishes (Jozef Martiniak) - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (Robert Marko) - usb: host: ohci-ppc-of: Fix refcount leak bug (Liang He) - irqchip/tegra: Fix overflow implicit truncation warnings (Sai Prakash Ranjan) - PCI: Add ACS quirk for Broadcom BCM5750x NICs (Pavan Chebbi) - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (Liang He) - btrfs: raid56: don't trust any cached sector in __raid56_parity_recover() (Qu Wenruo) - btrfs: only write the sectors in the vertical stripe which has data stripes (Qu Wenruo) - kbuild: clear LDFLAGS in the top Makefile (Masahiro Yamada) - igb: Add lock to avoid data race (Lin Ma) - fec: Fix timer capture timing in fec_ptp_enable_pps() (Csokas Bence) - i40e: Fix to stop tx_timeout recovery if GLOBR fails (Alan Brady) - powerpc/pci: Fix get_phb_number() locking (Michael Ellerman) - netfilter: nf_tables: really skip inactive sets when allocating name (Pablo Neira Ayuso) - nios2: add force_successful_syscall_return() (Al Viro) - nios2: restarts apply only to the first sigframe we build... (Al Viro) - nios2: fix syscall restart checks (Al Viro) - nios2: traced syscall does need to check the syscall number (Al Viro) - nios2: don't leave NULLs in sys_call_table[] (Al Viro) - nios2: page fault et.al. are *not* restartable syscalls... (Al Viro) - atm: idt77252: fix use-after-free bugs caused by tst_timer (Duoming Zhou) - xen/xenbus: fix return type in xenbus_file_read() (Dan Carpenter) - tools build: Switch to new openssl API for test-libcrypto (Roberto Sassu) - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (Peilin Ye) - vsock: Fix memory leak in vsock_connect() (Peilin Ye) - geneve: do not use RT_TOS for IPv6 flowlabel (Matthias May) - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (Sakari Ailus) - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (Nikita Travkin) - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (Miaoqian Lin) - SUNRPC: Reinitialise the backchannel request buffers before reuse (Trond Myklebust) - NFSv4.1: RECLAIM_COMPLETE must handle EACCES (Zhang Xianwei) - apparmor: fix reference count leak in aa_pivotroot() (Xin Xiong) - apparmor: fix aa_label_asxprint return check (Tom Rix) - apparmor: Fix failed mount permission check error message (John Johansen) - apparmor: fix quiet_denied for file rules (John Johansen) - can: ems_usb: fix clang's -Wunaligned-access warning (Marc Kleine-Budde) - btrfs: fix lost error handling when looking up extended ref on log replay (Filipe Manana) - ata: libata-eh: Add missing command name (Damien Le Moal) - ALSA: info: Fix llseek return value when using callback (Amadeusz Siawinski) - powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E (Christophe Leroy) - net_sched: cls_route: disallow handle of 0 (Jamal Hadi Salim) - net/9p: Initialize the iounit field during fid creation (Tyler Hicks) - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (Luiz Augusto von Dentz) - Revert 'net: usb: ax88179_178a needs FLAG_SEND_ZLP' (Jose Alonso) - scsi: sg: Allow waiting for commands to complete on removed device (Tony Battersby) - tcp: fix over estimation in sk_forced_mem_schedule() (Eric Dumazet) - btrfs: reject log replay if there is unsupported RO compat flag (Qu Wenruo) - dm raid: fix address sanitizer warning in raid_status (Mikulas Patocka) - dm raid: fix address sanitizer warning in raid_resume (Mikulas Patocka) - intel_th: pci: Add Meteor Lake-P support (Alexander Shishkin) - intel_th: pci: Add Raptor Lake-S PCH support (Alexander Shishkin) - intel_th: pci: Add Raptor Lake-S CPU support (Alexander Shishkin) - ext4: correct the misjudgment in ext4_iget_extra_inode (Baokun Li) - ext4: correct max_inline_xattr_value_size computing (Baokun Li) - ext4: fix extent status tree race in writeback error recovery path (Eric Whitney) - ext4: update s_overhead_clusters in the superblock during an on-line resize (Theodore Ts'o) - ext4: fix use-after-free in ext4_xattr_set_entry (Baokun Li) - ext4: make sure ext4_append() always allocates new block (Lukas Czerner) - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (Baokun Li) - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (David Collins) - x86/olpc: fix 'logical not is only applied to the left hand side' (Alexander Lobakin) - scsi: zfcp: Fix missing auto port scan and thus missing target ports (Steffen Maier) - video: fbdev: s3fb: Check the size of screen before memset_io() (Zheyu Ma) - video: fbdev: arkfb: Check the size of screen before memset_io() (Zheyu Ma) - video: fbdev: vt8623fb: Check the size of screen before memset_io() (Zheyu Ma) - tools/thermal: Fix possible path truncations (Florian Fainelli) - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (Zheyu Ma) - x86/numa: Use cpumask_available instead of hardcoded NULL check (Siddh Raman Pant) - genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO (Arnaldo Carvalho de Melo) - powerpc/pci: Fix PHB numbering when using opal-phbid (Michael Ellerman) - kprobes: Forbid probing on trampoline and BPF code areas (Chen Zhongjin) - powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address (Miaoqian Lin) - powerpc/xive: Fix refcount leak in xive_get_max_prio (Miaoqian Lin) - powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader (Miaoqian Lin) - powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias (Pali Rohar) - video: fbdev: sis: fix typos in SiS_GetModeID() (Rustam Subkhankulov) - video: fbdev: amba-clcd: Fix refcount leak bugs (Liang He) - s390/zcore: fix race when reading from hardware system area (Alexander Gordeev) - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (Liang He) - mfd: t7l66xb: Drop platform disable callback (Uwe Kleine-Konig) - kfifo: fix kfifo_to_user() return type (Dan Carpenter) - iommu/exynos: Handle failed IOMMU device registration properly (Sam Protsenko) - tty: n_gsm: fix DM command (Daniel Starke) - tty: n_gsm: fix wrong T1 retry count handling (Daniel Starke) - vfio/ccw: Do not change FSM state in subchannel event (Eric Farman) - remoteproc: qcom: wcnss: Fix handling of IRQs (Sireesh Kodali) - tty: n_gsm: fix race condition in gsmld_write() (Daniel Starke) - tty: n_gsm: fix packet re-transmission without open control channel (Daniel Starke) - tty: n_gsm: fix non flow control frames during mux flow off (Daniel Starke) - profiling: fix shift too large makes kernel panic (Chen Zhongjin) - ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe (Miaoqian Lin) - ASoC: codecs: da7210: add check for i2c_add_driver (Jiasheng Jiang) - ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe (Miaoqian Lin) - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (Zhihao Cheng) - ext4: recover csum seed of tmp_inode after migrating to extents (Li Lingfeng) - RDMA/rxe: Fix error unwind in rxe_create_qp() (Zhu Yanjun) - mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region (Miaohe Lin) - platform/olpc: Fix uninitialized data in debugfs write (Dan Carpenter) - USB: serial: fix tty-port initialized comments (Johan Hovold) - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (Liang He) - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (Liang He) - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (Liang He) - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (Jianglei Nie) - usb: gadget: udc: amd5536 depends on HAS_DMA (Randy Dunlap) - scsi: smartpqi: Fix DMA direction for RAID requests (Mahesh Rajashekhara) - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (Eugen Hristev) - memstick/ms_block: Fix a memory leak (Christophe JAILLET) - memstick/ms_block: Fix some incorrect memory allocation (Christophe JAILLET) - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (Miaoqian Lin) - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (Christophe JAILLET) - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (Miaoqian Lin) - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (Miaoqian Lin) - fpga: altera-pr-ip: fix unsigned comparison with less than zero (Marco Pagani) - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (Uwe Kleine-Konig) - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (Duoming Zhou) - mtd: maps: Fix refcount leak in ap_flash_init (Miaoqian Lin) - mtd: maps: Fix refcount leak in of_flash_probe_versatile (Miaoqian Lin) - dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock (Hangyu Hua) - net: rose: fix netdev reference changes (Eric Dumazet) - wifi: libertas: Fix possible refcount leak in if_usb_probe() (Hangyu Hua) - wifi: wil6210: debugfs: fix uninitialized variable use in wil_write_file_wmi() (Ammar Faizi) - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (Liang He) - i2c: cadence: Support PEC for SMBus block read (Lars-Peter Clausen) - Bluetooth: hci_intel: Add check for platform_driver_register (Jiasheng Jiang) - can: pch_can: pch_can_error(): initialize errc before using it (Vincent Mailhol) - can: error: specify the values of data[5..7] of CAN error frames (Vincent Mailhol) - can: usb_8dev: do not report txerr and rxerr during bus-off (Vincent Mailhol) - can: sun4i_can: do not report txerr and rxerr during bus-off (Vincent Mailhol) - can: hi311x: do not report txerr and rxerr during bus-off (Vincent Mailhol) - can: sja1000: do not report txerr and rxerr during bus-off (Vincent Mailhol) - can: rcar_can: do not report txerr and rxerr during bus-off (Vincent Mailhol) - can: pch_can: do not report txerr and rxerr during bus-off (Vincent Mailhol) - wifi: p54: add missing parentheses in p54_flush() (Rustam Subkhankulov) - wifi: p54: Fix an error handling path in p54spi_probe() (Christophe JAILLET) - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (Dan Carpenter) - fs: check FMODE_LSEEK to control internal pipe splicing (Jason A. Donenfeld) - selftests: timers: clocksource-switch: fix passing errors from child (Wolfram Sang) - selftests: timers: valid-adjtimex: build fix for newer toolchains (Wolfram Sang) - tcp: make retransmitted SKB fit into the send window (Yonglong Li) - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment (AngeloGioacchino Del Regno) - drm: bridge: sii8620: fix possible off-by-one (Hangyu Hua) - drm/mediatek: dpi: Remove output format of YUV (Bo-Chen Chen) - drm/rockchip: vop: Don't crash for invalid duplicate_state() (Brian Norris) - drm/vc4: dsi: Correct DSI divider calculations (Dave Stevenson) - media: hdpvr: fix error value returns in hdpvr_read (Niels Dossche) - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (Jiasheng Jiang) - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (Alexey Kodanev) - ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (Pavel Skripkin) - i2c: Fix a potential use after free (Xu Wang) - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (Xinlei Lee) - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (Alexey Kodanev) - dm: return early from dm_pr_call() if DM device is suspended (Mike Snitzer) - thermal/tools/tmon: Include pthread and time headers in tmon.h (Markus Mayer) - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (Liang He) - arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node (Sireesh Kodali) - ARM: dts: qcom: pm8841: add required thermal-sensor-cells (Krzysztof Kozlowski) - cpufreq: zynq: Fix refcount leak in zynq_get_revision (Miaoqian Lin) - soc: fsl: guts: machine variable might be unset (Michael Walle) - ARM: dts: ast2500-evb: fix board compatible (Krzysztof Kozlowski) - x86/pmem: Fix platform-device leak in error path (Johan Hovold) - ARM: bcm: Fix refcount leak in bcm_kona_smc_init (Miaoqian Lin) - ARM: findbit: fix overflowing offset (Russell King (Oracle)) - selinux: Add boundary check in put_entry() (Xiu Jianfeng) - PM: hibernate: defer device probing when resuming from hibernation (Tetsuo Handa) - ACPI: LPSS: Fix missing check in register_device_clock() (huhai) - ACPI: PM: save NVS memory for Lenovo G40-45 (Manyi Li) - ARM: OMAP2+: display: Fix refcount leak bug (Liang He) - ARM: dts: imx6ul: fix qspi node compatible (Alexander Stein) - ARM: dts: imx6ul: add missing properties for sram (Alexander Stein) - ext2: Add more validity checks for inode counts (Jan Kara) - arm64: fix oops in concurrently setting insn_emulation sysctls (haibinzhang () - arm64: Do not forget syscall when starting a new thread. (Francis Laniel) - netfilter: nf_tables: fix null deref due to zeroed list head (Florian Westphal) - USB: HCD: Fix URB giveback issue in tasklet function (Weitao Wang) - MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK (Huacai Chen) - powerpc/powernv: Avoid crashing if rng is NULL (Michael Ellerman) - powerpc/fsl-pci: Fix Class Code of PCIe Root Port (Pali Rohar) - PCI: Add defines for normal and subtractive PCI bridges (Pali Rohar) - ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr() (Alexander Lobakin) - md-raid10: fix KASAN warning (Mikulas Patocka) - fuse: limit nsec (Miklos Szeredi) - iio: light: isl29028: Fix the warning in isl29028_remove() (Zheyu Ma) - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (Leo Li) - drm/nouveau: fix another off-by-one in nvbios_addr (Timur Tabi) - parisc: Fix device names in /proc/iomem (Helge Deller) - usbnet: Fix linkwatch use-after-free on disconnect (Lukas Wunner) - fs: Add missing umask strip in vfs_tmpfile (Yang Xu) - vfs: Check the truncate maximum size in inode_newsize_ok() (David Howells) - ALSA: hda/cirrus - support for iMac 12,1 model (Allen Ballway) - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (Meng Tang) - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (Sean Christopherson) - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (Sean Christopherson) - KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 (Maciej S. Szmigiero) - HID: wacom: Don't register pad_input for touch switch (Ping Cheng) - add barriers to buffer_uptodate and set_buffer_uptodate (Mikulas Patocka) - ALSA: bcd2000: Fix a UAF bug on the error path of probing (Zheyu Ma) - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (Nick Desaulniers) - Makefile: link with -z noexecstack --no-warn-rwx-segments (Nick Desaulniers) - macintosh/adb: fix oob read in do_adb_query() function (Ning Qiang) - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (Werner Sembach) - ACPI: video: Force backlight native for some TongFang devices (Werner Sembach) - mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle. (Wei Mingzhi) - ARM: crypto: comment out gcc warning that breaks clang builds (Greg Kroah-Hartman) - netfilter: nf_queue: do not allow packet truncation below transport header offset (Florian Westphal) - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (Liang He) - net: ping6: Fix memleak in ipv6_renew_options(). (Kuniyuki Iwashima) - scsi: ufs: host: Hold reference returned by of_parse_phandle() (Liang He) - s390/archrandom: prevent CPACF trng invocations in interrupt context (Harald Freudenberger) - ntfs: fix use-after-free in ntfs_ucsncmp() (ChenXiaoSong) - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (Luiz Augusto von Dentz) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3239 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [4.14.35-2047.519.2.1.el7] - xfs: trim IO to found COW extent limit (Eric Sandeen) [Orabug: 34765284] - xfs: don't use delalloc extents for COW on files with extsize hints (Christoph Hellwig) [Orabug: 34765284] [4.14.35-2047.519.2] - Revert 'xfs: don't use delalloc extents for COW on files with extsize hints' (Saeed Mirzamohammadi) [Orabug: 34715947] - uapi: Fix linux/rds.h userspace compilation issues (Ka-Cheong Poon) [Orabug: 32392165] [Orabug: 34710962] - uapi: Fix linux/rds.h userspace compilation errors. (Vinson Lee) [Orabug: 34710962] - uapi: fix linux/rds.h userspace compilation error (Dmitry V. Levin) [Orabug: 34710962] - uapi: fix linux/rds.h userspace compilation errors (Dmitry V. Levin) [Orabug: 34710962] - EDAC: Drop duplicated array of strings for memory type names (Jane Chu) [Orabug: 34645040] - xfs: don't ever put nlink > 0 inodes on the unlinked list (Darrick J. Wong) [Orabug: 34431355] [4.14.35-2047.519.1] - uek: kabi: update kABI files for new symbol (Saeed Mirzamohammadi) [Orabug: 34595585] - EDAC/mce_amd: Do not load edac_mce_amd module on guests (Smita Koralahalli) [Orabug: 34484269] [4.14.35-2047.519.0] - media: em28xx: initialize refcount before kref_get (Dongliang Mu) [Orabug: 34619521] {CVE-2022-3239} - net: vlan: Avoid using BUG() in vlan_proto_idx() (Florian Fainelli) [Orabug: 34625406] - net/rds: Send congestion map updates only via path zero (Anand Khoje) [Orabug: 34578052] - rds: cong: Make rds_cong_wait an array to reduce lock contention (Hakon Bugge) [Orabug: 34574094] - rds: cong: Make rs_cong_notify and rs_cong_mask atomic64_t (Hakon Bugge) [Orabug: 34574094] - scsi: tcmu: track nl commands (Mike Christie) [Orabug: 32011411] - scsi: tcmu: remove useless code and clean up the code style. (Xiubo Li) [Orabug: 32011411] - Linux 4.14.295 (Greg Kroah-Hartman) - ext4: make directory inode spreading reflect flexbg size (Jan Kara) - Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (Vitaly Kuznetsov) - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (Stefan Haberland) - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (Ilpo Jarvinen) - serial: Create uart_xmit_advance() (Ilpo Jarvinen) - net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD (Sean Anderson) - perf kcore_copy: Do not check /proc/modules is unchanged (Adrian Hunter) - can: gs_usb: gs_can_open(): fix race dev->can.state condition (Marc Kleine-Budde) - netfilter: ebtables: fix memory leak when blob is malformed (Florian Westphal) - of: mdio: Add of_node_put() when breaking out of for_each_xx (Liang He) - MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko (Randy Dunlap) - net: team: Unsync device addresses on ndo_stop (Benjamin Poirier) - ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header (Lu Wei) - iavf: Fix cached head and tail value for iavf_get_tx_pending (Brett Creeley) - netfilter: nf_conntrack_irc: Tighten matching on DCC message (David Leadbeater) - netfilter: nf_conntrack_sip: fix ct_sip_walk_headers (Igor Ryzhov) - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (Fabio Estevam) - mm/slub: fix to return errno if kmalloc() fails (Chao Yu) - ALSA: hda: add Intel 5 Series / 3400 PCI DID (Kai Vehmanen) - ALSA: hda/tegra: set depop delay for tegra (Mohan Kumar) - USB: serial: option: add Quectel RM520N (jerry meng) - USB: serial: option: add Quectel BG95 0x0203 composition (Carl Yin()) - USB: core: Fix RST error in hub.c (Alan Stern) - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (Siddh Raman Pant) - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (Takashi Iwai) - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (Hyunwoo Kim) - mksysmap: Fix the mismatch of 'L0' symbols in System.map (Youling Tang) - MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping() (Alexander Sverdlin) - net: usb: qmi_wwan: add Quectel RM520N (jerry.meng) - ALSA: hda/sigmatel: Keep power up while beep is enabled (Takashi Iwai) - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (Xiaolei Wang) - ASoC: nau8824: Fix semaphore unbalance at error paths (Takashi Iwai) - cifs: don't send down the destination address to sendmsg for a SOCK_STREAM (Stefan Metzmacher) - parisc: ccio-dma: Add missing iounmap in error path in ccio_probe() (Yang Yingliang) - drm/meson: Correct OSD1 global alpha value (Stuart Menefy) - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (Pali Rohar) - of: fdt: fix off-by-one error in unflatten_dt_nodes() (Sergey Shtylyov) - Linux 4.14.294 (Greg Kroah-Hartman) - tracefs: Only clobber mode/uid/gid on remount if asked (Brian Norris) - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (Hans de Goede) - ieee802154: cc2520: add rc code in cc2520_tx() (Li Qiong) - tg3: Disable tg3 device on system reboot to avoid triggering AER (Kai-Heng Feng) - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (Jason Wang) - drm/msm/rd: Fix FIFO-full deadlock (Rob Clark) - mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region() (Jann Horn) - Linux 4.14.293 (Greg Kroah-Hartman) - SUNRPC: use _bh spinlocking on ->transport_lock (NeilBrown) - MIPS: loongson32: ls1c: Fix hang during startup (Yang Ling) - USB: serial: ch341: fix disabled rx timer on older devices (Johan Hovold) - USB: serial: ch341: fix lost character on LCR updates (Johan Hovold) - usb: dwc3: fix PHY disable sequence (Johan Hovold) - sch_sfb: Also store skb len before calling child enqueue (Toke Hoiland-Jorgensen) - tcp: fix early ETIMEDOUT after spurious non-SACK RTO (Neal Cardwell) - ipv6: sr: fix out-of-bounds read when setting HMAC data. (David Lebrun) - tipc: fix shift wrapping bug in map_get() (Dan Carpenter) - sch_sfb: Don't assume the skb is still around after enqueueing to child (Toke Hoiland-Jorgensen) - netfilter: nf_conntrack_irc: Fix forged IP logic (David Leadbeater) - netfilter: br_netfilter: Drop dst references before setting. (Harsh Modi) - driver core: Don't probe devices after bus_type.match() probe deferral (Isaac J. Manjarres) - scsi: mpt3sas: Fix use-after-free warning (Sreekanth Reddy) - kprobes: Prohibit probes in gate area (Christian A. Ehrhardt) - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (Dongxiang Ke) - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (Pattara Teerapong) - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (Tasos Sahanidis) - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (Yang Yingliang) - parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines (Helge Deller) - parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources() (Li Qiong) - drm/radeon: add a force flush to delay work when radeon (Zhenneng Li) - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup. (Candice Li) - Revert 'mm: kmemleak: take a full lowmem check in kmemleak_*_phys()' (Yee Lee) - fs: only do a memory barrier for the first set_buffer_uptodate() (Linus Torvalds) - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (Stanislaw Gruszka) - efi: capsule-loader: Fix use-after-free in efi_capsule_write (Hyunwoo Kim) - ALSA: seq: Fix data-race at module auto-loading (Takashi Iwai) - ALSA: seq: oss: Fix data-race for max_midi_devs access (Takashi Iwai) - net: mac802154: Fix a condition in the receive path (Miquel Raynal) - wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected (Siddh Raman Pant) - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (Krishna Kurapati) - USB: core: Prevent nested device-reset calls (Alan Stern) - s390: fix nospec table alignments (Josh Poimboeuf) - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (Gerald Schaefer) - usb-storage: Add ignore-residue quirk for NXP PN7462AU (Witold Lipieta) - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (Thierry GUIBERT) - usb: dwc2: fix wrong order of phy_power_on and phy_init (Heiner Kallweit) - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (Slark Xiao) - USB: serial: option: add Quectel EM060K modem (Yonglin Tan) - USB: serial: option: add support for OPPO R11 diag port (Yan Xinyu) - USB: serial: cp210x: add Decagon UCA device id (Johan Hovold) - xhci: Add grace period after xHC start to prevent premature runtime suspend. (Mathias Nyman) - thunderbolt: Use the actual buffer in tb_async_error() (Mika Westerberg) - hwmon: (gpio-fan) Fix array out of bounds access (Armin Wolf) - Input: rk805-pwrkey - fix module autoloading (Peter Robinson) - drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (Colin Ian King) - binder: fix UAF of ref->proc caused by race condition (Carlos Llamas) - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (Niek Nooijens) - vt: Clear selection before changing the font (Helge Deller) - staging: rtl8712: fix use after free bugs (Dan Carpenter) - serial: fsl_lpuart: RS485 RTS polariy is inverse (Shenwei Wang) - kcm: fix strp_init() order and cleanup (Cong Wang) - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (Duoming Zhou) - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (Dan Carpenter) - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (Andy Shevchenko) - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (Douglas Anderson) - bpf: Fix the off-by-two error in range markings (Maxim Mikityanskiy) - selftests/bpf: Fix test_align verifier log patterns (Stanislav Fomichev) - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (John Fastabend) - Linux 4.14.292 (Greg Kroah-Hartman) - net: neigh: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - kprobes: don't call disarm_kprobe() for disabled kprobes (Kuniyuki Iwashima) - netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y (Geert Uytterhoeven) - s390/hypfs: avoid error message under KVM (Juergen Gross) - neigh: fix possible DoS due to net iface start/stop loop (Denis V. Lunev) - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (Jann Horn) - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (Yang Jihong) - fbdev: fb_pm2fb: Avoid potential divide by zero error (Letu Ren) - HID: hidraw: fix memory leak in hidraw_release() (Karthik Alapati) - media: pvrusb2: fix memory leak in pvr_probe (Dongliang Mu) - Bluetooth: L2CAP: Fix build errors in some archs (Luiz Augusto von Dentz) - kbuild: Fix include path in scripts/Makefile.modpost (Jing Leng) - x86/bugs: Add 'unknown' reporting for MMIO Stale Data (Pawan Gupta) - x86/cpu: Add Tiger Lake to Intel family (Gayatri Kammela) - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (Gerald Schaefer) - arm64: map FDT as RW for early_init_dt_scan() (Hsin-Yi Wang) - mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() (Jann Horn) - md: call __md_stop_writes in md_stop (Guoqing Jiang) - mm/hugetlb: fix hugetlb not supporting softdirty tracking (David Hildenbrand) - asm-generic: sections: refactor memory_intersects (Quanyang Wang) - loop: Check for overflow while configuring loop (Siddh Raman Pant) - btrfs: check if root is readonly while setting security xattr (Goldwyn Rodrigues) - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (Jacob Keller) - net: Fix a data-race around sysctl_somaxconn. (Kuniyuki Iwashima) - net: Fix a data-race around netdev_budget_usecs. (Kuniyuki Iwashima) - net: Fix a data-race around netdev_budget. (Kuniyuki Iwashima) - net: Fix a data-race around sysctl_net_busy_read. (Kuniyuki Iwashima) - net: Fix a data-race around sysctl_net_busy_poll. (Kuniyuki Iwashima) - net: Fix a data-race around sysctl_tstamp_allow_data. (Kuniyuki Iwashima) - ratelimit: Fix data-races in ___ratelimit(). (Kuniyuki Iwashima) - net: Fix data-races around weight_p and dev_weight_[rt]x_bias. (Kuniyuki Iwashima) - netfilter: nft_payload: do not truncate csum_offset and csum_type (Pablo Neira Ayuso) - netfilter: nft_payload: report ERANGE for too long offset and length (Pablo Neira Ayuso) - net: ipvtap - add __init/__exit annotations to module init/exit funcs (Maciej zenczykowski) - bonding: 802.3ad: fix no transmission of LACPDUs (Jonathan Toppins) - rose: check NULL rose_loopback_neigh->loopback (Bernard Pidoux) - xfrm: fix refcount leak in __xfrm_policy_check() (Xin Xiong) - pinctrl: amd: Don't save/restore interrupt status and wake status bits (Basavaraj Natikar) - parisc: Fix exception handler for fldw and fstw instructions (Helge Deller) - audit: fix potential double free on error path from fsnotify_add_inode_mark (Gaosheng Cui) - Linux 4.14.291 (Greg Kroah-Hartman) - MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 (Nathan Chancellor) - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (Zheyu Ma) - powerpc/64: Init jump labels before parse_early_param() (Zhouyi Zhou) - smb3: check xattr value length earlier (Steve French) - ALSA: timer: Use deferred fasync helper (Takashi Iwai) - ALSA: core: Add async signal helpers (Takashi Iwai) - mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start (Liang He) - vfio: Clear the caps->buf to NULL after free (Schspa Shi) - tty: serial: Fix refcount leak bug in ucc_uart.c (Liang He) - ext4: avoid resizing to a partial cluster size (Kiselev, Oleg) - ext4: avoid remove directory when directory is corrupted (Ye Bin) - drivers:md:fix a potential use-after-free bug (Wentao_Liang) - cxl: Fix a memory leak in an error handling path (Christophe JAILLET) - gadgetfs: ep_io - wait until IRQ finishes (Jozef Martiniak) - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (Robert Marko) - usb: host: ohci-ppc-of: Fix refcount leak bug (Liang He) - irqchip/tegra: Fix overflow implicit truncation warnings (Sai Prakash Ranjan) - PCI: Add ACS quirk for Broadcom BCM5750x NICs (Pavan Chebbi) - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (Liang He) - btrfs: raid56: don't trust any cached sector in __raid56_parity_recover() (Qu Wenruo) - btrfs: only write the sectors in the vertical stripe which has data stripes (Qu Wenruo) - kbuild: clear LDFLAGS in the top Makefile (Masahiro Yamada) - igb: Add lock to avoid data race (Lin Ma) - fec: Fix timer capture timing in fec_ptp_enable_pps() (Csokas Bence) - i40e: Fix to stop tx_timeout recovery if GLOBR fails (Alan Brady) - powerpc/pci: Fix get_phb_number() locking (Michael Ellerman) - netfilter: nf_tables: really skip inactive sets when allocating name (Pablo Neira Ayuso) - nios2: add force_successful_syscall_return() (Al Viro) - nios2: restarts apply only to the first sigframe we build... (Al Viro) - nios2: fix syscall restart checks (Al Viro) - nios2: traced syscall does need to check the syscall number (Al Viro) - nios2: don't leave NULLs in sys_call_table[] (Al Viro) - nios2: page fault et.al. are *not* restartable syscalls... (Al Viro) - atm: idt77252: fix use-after-free bugs caused by tst_timer (Duoming Zhou) - xen/xenbus: fix return type in xenbus_file_read() (Dan Carpenter) - tools build: Switch to new openssl API for test-libcrypto (Roberto Sassu) - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (Peilin Ye) - vsock: Fix memory leak in vsock_connect() (Peilin Ye) - geneve: do not use RT_TOS for IPv6 flowlabel (Matthias May) - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (Sakari Ailus) - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (Nikita Travkin) - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (Miaoqian Lin) - SUNRPC: Reinitialise the backchannel request buffers before reuse (Trond Myklebust) - NFSv4.1: RECLAIM_COMPLETE must handle EACCES (Zhang Xianwei) - apparmor: fix reference count leak in aa_pivotroot() (Xin Xiong) - apparmor: fix aa_label_asxprint return check (Tom Rix) - apparmor: Fix failed mount permission check error message (John Johansen) - apparmor: fix quiet_denied for file rules (John Johansen) - can: ems_usb: fix clang's -Wunaligned-access warning (Marc Kleine-Budde) - btrfs: fix lost error handling when looking up extended ref on log replay (Filipe Manana) - ata: libata-eh: Add missing command name (Damien Le Moal) - ALSA: info: Fix llseek return value when using callback (Amadeusz Siawinski) - powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E (Christophe Leroy) - net_sched: cls_route: disallow handle of 0 (Jamal Hadi Salim) - net/9p: Initialize the iounit field during fid creation (Tyler Hicks) - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (Luiz Augusto von Dentz) - Revert 'net: usb: ax88179_178a needs FLAG_SEND_ZLP' (Jose Alonso) - scsi: sg: Allow waiting for commands to complete on removed device (Tony Battersby) - tcp: fix over estimation in sk_forced_mem_schedule() (Eric Dumazet) - btrfs: reject log replay if there is unsupported RO compat flag (Qu Wenruo) - dm raid: fix address sanitizer warning in raid_status (Mikulas Patocka) - dm raid: fix address sanitizer warning in raid_resume (Mikulas Patocka) - intel_th: pci: Add Meteor Lake-P support (Alexander Shishkin) - intel_th: pci: Add Raptor Lake-S PCH support (Alexander Shishkin) - intel_th: pci: Add Raptor Lake-S CPU support (Alexander Shishkin) - ext4: correct the misjudgment in ext4_iget_extra_inode (Baokun Li) - ext4: correct max_inline_xattr_value_size computing (Baokun Li) - ext4: fix extent status tree race in writeback error recovery path (Eric Whitney) - ext4: update s_overhead_clusters in the superblock during an on-line resize (Theodore Ts'o) - ext4: fix use-after-free in ext4_xattr_set_entry (Baokun Li) - ext4: make sure ext4_append() always allocates new block (Lukas Czerner) - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (Baokun Li) - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (David Collins) - x86/olpc: fix 'logical not is only applied to the left hand side' (Alexander Lobakin) - scsi: zfcp: Fix missing auto port scan and thus missing target ports (Steffen Maier) - video: fbdev: s3fb: Check the size of screen before memset_io() (Zheyu Ma) - video: fbdev: arkfb: Check the size of screen before memset_io() (Zheyu Ma) - video: fbdev: vt8623fb: Check the size of screen before memset_io() (Zheyu Ma) - tools/thermal: Fix possible path truncations (Florian Fainelli) - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (Zheyu Ma) - x86/numa: Use cpumask_available instead of hardcoded NULL check (Siddh Raman Pant) - genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO (Arnaldo Carvalho de Melo) - powerpc/pci: Fix PHB numbering when using opal-phbid (Michael Ellerman) - kprobes: Forbid probing on trampoline and BPF code areas (Chen Zhongjin) - powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address (Miaoqian Lin) - powerpc/xive: Fix refcount leak in xive_get_max_prio (Miaoqian Lin) - powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader (Miaoqian Lin) - powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias (Pali Rohar) - video: fbdev: sis: fix typos in SiS_GetModeID() (Rustam Subkhankulov) - video: fbdev: amba-clcd: Fix refcount leak bugs (Liang He) - s390/zcore: fix race when reading from hardware system area (Alexander Gordeev) - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (Liang He) - mfd: t7l66xb: Drop platform disable callback (Uwe Kleine-Konig) - kfifo: fix kfifo_to_user() return type (Dan Carpenter) - iommu/exynos: Handle failed IOMMU device registration properly (Sam Protsenko) - tty: n_gsm: fix DM command (Daniel Starke) - tty: n_gsm: fix wrong T1 retry count handling (Daniel Starke) - vfio/ccw: Do not change FSM state in subchannel event (Eric Farman) - remoteproc: qcom: wcnss: Fix handling of IRQs (Sireesh Kodali) - tty: n_gsm: fix race condition in gsmld_write() (Daniel Starke) - tty: n_gsm: fix packet re-transmission without open control channel (Daniel Starke) - tty: n_gsm: fix non flow control frames during mux flow off (Daniel Starke) - profiling: fix shift too large makes kernel panic (Chen Zhongjin) - ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe (Miaoqian Lin) - ASoC: codecs: da7210: add check for i2c_add_driver (Jiasheng Jiang) - ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe (Miaoqian Lin) - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (Zhihao Cheng) - ext4: recover csum seed of tmp_inode after migrating to extents (Li Lingfeng) - RDMA/rxe: Fix error unwind in rxe_create_qp() (Zhu Yanjun) - mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region (Miaohe Lin) - platform/olpc: Fix uninitialized data in debugfs write (Dan Carpenter) - USB: serial: fix tty-port initialized comments (Johan Hovold) - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (Liang He) - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (Liang He) - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (Liang He) - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (Jianglei Nie) - usb: gadget: udc: amd5536 depends on HAS_DMA (Randy Dunlap) - scsi: smartpqi: Fix DMA direction for RAID requests (Mahesh Rajashekhara) - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (Eugen Hristev) - memstick/ms_block: Fix a memory leak (Christophe JAILLET) - memstick/ms_block: Fix some incorrect memory allocation (Christophe JAILLET) - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (Miaoqian Lin) - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (Christophe JAILLET) - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (Miaoqian Lin) - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (Miaoqian Lin) - fpga: altera-pr-ip: fix unsigned comparison with less than zero (Marco Pagani) - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (Uwe Kleine-Konig) - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (Duoming Zhou) - mtd: maps: Fix refcount leak in ap_flash_init (Miaoqian Lin) - mtd: maps: Fix refcount leak in of_flash_probe_versatile (Miaoqian Lin) - dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock (Hangyu Hua) - net: rose: fix netdev reference changes (Eric Dumazet) - wifi: libertas: Fix possible refcount leak in if_usb_probe() (Hangyu Hua) - wifi: wil6210: debugfs: fix uninitialized variable use in wil_write_file_wmi() (Ammar Faizi) - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (Liang He) - i2c: cadence: Support PEC for SMBus block read (Lars-Peter Clausen) - Bluetooth: hci_intel: Add check for platform_driver_register (Jiasheng Jiang) - can: pch_can: pch_can_error(): initialize errc before using it (Vincent Mailhol) - can: error: specify the values of data[5..7] of CAN error frames (Vincent Mailhol) - can: usb_8dev: do not report txerr and rxerr during bus-off (Vincent Mailhol) - can: sun4i_can: do not report txerr and rxerr during bus-off (Vincent Mailhol) - can: hi311x: do not report txerr and rxerr during bus-off (Vincent Mailhol) - can: sja1000: do not report txerr and rxerr during bus-off (Vincent Mailhol) - can: rcar_can: do not report txerr and rxerr during bus-off (Vincent Mailhol) - can: pch_can: do not report txerr and rxerr during bus-off (Vincent Mailhol) - wifi: p54: add missing parentheses in p54_flush() (Rustam Subkhankulov) - wifi: p54: Fix an error handling path in p54spi_probe() (Christophe JAILLET) - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (Dan Carpenter) - fs: check FMODE_LSEEK to control internal pipe splicing (Jason A. Donenfeld) - selftests: timers: clocksource-switch: fix passing errors from child (Wolfram Sang) - selftests: timers: valid-adjtimex: build fix for newer toolchains (Wolfram Sang) - tcp: make retransmitted SKB fit into the send window (Yonglong Li) - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment (AngeloGioacchino Del Regno) - drm: bridge: sii8620: fix possible off-by-one (Hangyu Hua) - drm/mediatek: dpi: Remove output format of YUV (Bo-Chen Chen) - drm/rockchip: vop: Don't crash for invalid duplicate_state() (Brian Norris) - drm/vc4: dsi: Correct DSI divider calculations (Dave Stevenson) - media: hdpvr: fix error value returns in hdpvr_read (Niels Dossche) - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (Jiasheng Jiang) - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (Alexey Kodanev) - ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (Pavel Skripkin) - i2c: Fix a potential use after free (Xu Wang) - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (Xinlei Lee) - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (Alexey Kodanev) - dm: return early from dm_pr_call() if DM device is suspended (Mike Snitzer) - thermal/tools/tmon: Include pthread and time headers in tmon.h (Markus Mayer) - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (Liang He) - arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node (Sireesh Kodali) - ARM: dts: qcom: pm8841: add required thermal-sensor-cells (Krzysztof Kozlowski) - cpufreq: zynq: Fix refcount leak in zynq_get_revision (Miaoqian Lin) - soc: fsl: guts: machine variable might be unset (Michael Walle) - ARM: dts: ast2500-evb: fix board compatible (Krzysztof Kozlowski) - x86/pmem: Fix platform-device leak in error path (Johan Hovold) - ARM: bcm: Fix refcount leak in bcm_kona_smc_init (Miaoqian Lin) - ARM: findbit: fix overflowing offset (Russell King (Oracle)) - selinux: Add boundary check in put_entry() (Xiu Jianfeng) - PM: hibernate: defer device probing when resuming from hibernation (Tetsuo Handa) - ACPI: LPSS: Fix missing check in register_device_clock() (huhai) - ACPI: PM: save NVS memory for Lenovo G40-45 (Manyi Li) - ARM: OMAP2+: display: Fix refcount leak bug (Liang He) - ARM: dts: imx6ul: fix qspi node compatible (Alexander Stein) - ARM: dts: imx6ul: add missing properties for sram (Alexander Stein) - ext2: Add more validity checks for inode counts (Jan Kara) - arm64: fix oops in concurrently setting insn_emulation sysctls (haibinzhang () - arm64: Do not forget syscall when starting a new thread. (Francis Laniel) - netfilter: nf_tables: fix null deref due to zeroed list head (Florian Westphal) - USB: HCD: Fix URB giveback issue in tasklet function (Weitao Wang) - MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK (Huacai Chen) - powerpc/powernv: Avoid crashing if rng is NULL (Michael Ellerman) - powerpc/fsl-pci: Fix Class Code of PCIe Root Port (Pali Rohar) - PCI: Add defines for normal and subtractive PCI bridges (Pali Rohar) - ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr() (Alexander Lobakin) - md-raid10: fix KASAN warning (Mikulas Patocka) - fuse: limit nsec (Miklos Szeredi) - iio: light: isl29028: Fix the warning in isl29028_remove() (Zheyu Ma) - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (Leo Li) - drm/nouveau: fix another off-by-one in nvbios_addr (Timur Tabi) - parisc: Fix device names in /proc/iomem (Helge Deller) - usbnet: Fix linkwatch use-after-free on disconnect (Lukas Wunner) - fs: Add missing umask strip in vfs_tmpfile (Yang Xu) - vfs: Check the truncate maximum size in inode_newsize_ok() (David Howells) - ALSA: hda/cirrus - support for iMac 12,1 model (Allen Ballway) - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (Meng Tang) - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (Sean Christopherson) - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (Sean Christopherson) - KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 (Maciej S. Szmigiero) - HID: wacom: Don't register pad_input for touch switch (Ping Cheng) - add barriers to buffer_uptodate and set_buffer_uptodate (Mikulas Patocka) - ALSA: bcd2000: Fix a UAF bug on the error path of probing (Zheyu Ma) - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (Nick Desaulniers) - Makefile: link with -z noexecstack --no-warn-rwx-segments (Nick Desaulniers) - macintosh/adb: fix oob read in do_adb_query() function (Ning Qiang) - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (Werner Sembach) - ACPI: video: Force backlight native for some TongFang devices (Werner Sembach) - mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle. (Wei Mingzhi) - ARM: crypto: comment out gcc warning that breaks clang builds (Greg Kroah-Hartman) - netfilter: nf_queue: do not allow packet truncation below transport header offset (Florian Westphal) - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (Liang He) - net: ping6: Fix memleak in ipv6_renew_options(). (Kuniyuki Iwashima) - scsi: ufs: host: Hold reference returned by of_parse_phandle() (Liang He) - s390/archrandom: prevent CPACF trng invocations in interrupt context (Harald Freudenberger) - ntfs: fix use-after-free in ntfs_ucsncmp() (ChenXiaoSong) - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (Luiz Augusto von Dentz) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3239 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.313.6] - Uninitialized variable image_ext in fixup_vdso_exception of extable.c (Alok Tiwari) [Orabug: 33000550] - NFSD: fix use-after-free on source server when doing inter-server copy (Dai Ngo) [Orabug: 34475857] - EDAC/mce_amd: Do not load edac_mce_amd module on guests (Smita Koralahalli) [Orabug: 34484268] - uek: kabi: update kABI files for new symbol (Saeed Mirzamohammadi) [Orabug: 34595589] - RDS/IB Fix allocation warning (Hans Westgaard Ry) [Orabug: 34684322] - uek-rpm: Add support for building a kdump kernel on MIPS64 (Dave Kleikamp) [Orabug: 34696261] - hwmon: (opbmc) AST2600 SP reset driver adjustment (Jan Zdarek) [Orabug: 34710682] - hwmon: (opbmc) Driver message prefixes (Jan Zdarek) [Orabug: 34710682] - Revert 'fs: check FMODE_LSEEK to control internal pipe splicing' (Saeed Mirzamohammadi) [Orabug: 34724694] - Revert 'sched/deadline: Fix priority inheritance with multiple scheduling classes' (Sherry Yang) [Orabug: 34700434] [5.4.17-2136.313.5] - IB/mlx5: Move to fully dynamic UAR mode once user space supports it (Yishai Hadas) [Orabug: 34430072] - IB/mlx5: Extend QP creation to get uar page index from user space (Yishai Hadas) [Orabug: 34430072] - IB/mlx5: Extend CQ creation to get uar page index from user space (Yishai Hadas) [Orabug: 34430072] - IB/mlx5: Expose UAR object and its alloc/destroy commands (Yishai Hadas) [Orabug: 34430072] - IB/mlx5: Generally use the WC auto detection test result (Yishai Hadas) [Orabug: 34430072] - RDMA/mlx5: Use offsetofend() instead of duplicated variant (Leon Romanovsky) [Orabug: 34430072] - RDMA/mlx5: Remove duplicate definitions of SW_ICM macros (Erez Shitrit) [Orabug: 34430072] - IB/mlx5: Introduce UAPIs to manage packet pacing (Yishai Hadas) [Orabug: 34430072] - RDMA/mlx5: Prevent overflow in mmap offset calculations (Leon Romanovsky) [Orabug: 34430072] - RDMA/core: Make the entire API tree static (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Ensure that rdma_user_mmap_entry_remove() is a fence (Jason Gunthorpe) [Orabug: 34430072] - RDMA/mlx5: Set relaxed ordering when requested (Michael Guralnik) [Orabug: 34430072] - RDMA/core: Add the core support field to METHOD_GET_CONTEXT (Michael Guralnik) [Orabug: 34430072] - RDMA/uverbs: Add new relaxed ordering memory region access flag (Michael Guralnik) [Orabug: 34430072] - RDMA/core: Add optional access flags range (Michael Guralnik) [Orabug: 34430072] - RDMA/uverbs: Add ioctl command to get a device context (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Remove ucontext_lock from the uverbs_destry_ufile_hw() path (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Add UVERBS_METHOD_ASYNC_EVENT_ALLOC (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Use READ_ONCE for ib_ufile.async_file (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Make ib_uverbs_async_event_file into a uobject (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Remove the ufile arg from rdma_alloc_begin_uobject (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Simplify type usage for ib_uverbs_async_handler() (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Do not erase the type of ib_wq.uobject (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Do not erase the type of ib_qp.uobject (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Do not erase the type of ib_cq.uobject (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Make ib_ucq_object use ib_uevent_object (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Do not allow alloc_commit to fail (Jason Gunthorpe) [Orabug: 34430072] - RDMA/mlx5: Simplify devx async commands (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Simplify destruction of FD uobjects (Jason Gunthorpe) [Orabug: 34430072] - RDMA/mlx5: Use RCU and direct refcounts to keep memory alive (Jason Gunthorpe) [Orabug: 34430072] - IB/mlx5: Add mmap support for VAR (Yishai Hadas) [Orabug: 34430072] - IB/mlx5: Introduce VAR object and its alloc/destroy methods (Yishai Hadas) [Orabug: 34430072] - IB/mlx5: Extend caps stage to handle VAR capabilities (Yishai Hadas) [Orabug: 34430072] - IB/mlx5: Fix device memory flows (Yishai Hadas) [Orabug: 34430072] - IB/core: Introduce rdma_user_mmap_entry_insert_range() API (Yishai Hadas) [Orabug: 34430072] - IB/mlx5: Support flow counters offset for bulk counters (Yevgeny Kliteynik) [Orabug: 34430072] - IB/mlx5: Rename profile and init methods (Michael Guralnik) [Orabug: 34430072] - RDMA: Connect between the mmap entry and the umap_priv structure (Michal Kalderon) [Orabug: 34430072] - RDMA/core: Create mmap database and cookie helper functions (Michal Kalderon) [Orabug: 34430072] - RDMA/core: Move core content from ib_uverbs to ib_core (Michal Kalderon) [Orabug: 34430072] - IB/mlx5: Test write combining support (Michael Guralnik) [Orabug: 34430072] - IB/mlx5: Align usage of QP1 create flags with rest of mlx5 defines (Michael Guralnik) [Orabug: 34430072] - IB/mlx5: Introduce and use mkey context setting helper routine (Parav Pandit) [Orabug: 34430072] - net/rds: Send congestion map updates only via path zero (Anand Khoje) [Orabug: 34578051] - Revert 'RDS/IB: Fix RDS IB SRQ implementation and tune it' (Hans Westgaard Ry) [Orabug: 34662431] - net: vlan: Avoid using BUG() in vlan_proto_idx() (Florian Fainelli) [Orabug: 34672449] - KVM: x86: drop superfluous mmu_check_root() from fast_pgd_switch() (Vitaly Kuznetsov) [Orabug: 34679770] - KVM: SVM: Update cr3_lm_rsvd_bits for AMD SEV guests (Babu Moger) [Orabug: 34679770] - KVM: x86: Invoke vendor's vcpu_after_set_cpuid() after all common updates (Sean Christopherson) [Orabug: 34679770] - KVM: x86: Move kvm_x86_ops.vcpu_after_set_cpuid() into kvm_vcpu_after_set_cpuid() (Xiaoyao Li) [Orabug: 34679770] - KVM: x86: Rename cpuid_update() callback to vcpu_after_set_cpuid() (Xiaoyao Li) [Orabug: 34679770] - RDMA/cma: Use output interface for net_dev check (Hakon Bugge) [Orabug: 34694980] [5.4.17-2136.313.4] - arm64: pensando: Suppress tree-loop-distribute-patterns optimization (Henry Willard) [Orabug: 34634974] - uek-rpm: Disable floppy related configs (Saeed Mirzamohammadi) [Orabug: 34644240] - ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (Dave Hansen) [Orabug: 34671342] [5.4.17-2136.313.3] - Revert 'net: mvpp2: debugfs: fix memory leak when using debugfs_lookup()' (Sasha Levin) - USB: core: Fix RST error in hub.c (Alan Stern) - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (Tetsuo Handa) - parisc: ccio-dma: Add missing iounmap in error path in ccio_probe() (Yang Yingliang) - LTS tag: v5.4.213 (Sherry Yang) - MIPS: loongson32: ls1c: Fix hang during startup (Yang Ling) - x86/nospec: Fix i386 RSB stuffing (Peter Zijlstra) - sch_sfb: Also store skb len before calling child enqueue (Toke Hoiland-Jorgensen) - tcp: fix early ETIMEDOUT after spurious non-SACK RTO (Neal Cardwell) - nvme-tcp: fix UAF when detecting digest errors (Sagi Grimberg) - RDMA/mlx5: Set local port to one when accessing counters (Chris Mi) - ipv6: sr: fix out-of-bounds read when setting HMAC data. (David Lebrun) - RDMA/siw: Pass a pointer to virt_to_page() (Linus Walleij) - i40e: Fix kernel crash during module removal (Ivan Vecera) - tipc: fix shift wrapping bug in map_get() (Dan Carpenter) - sch_sfb: Don't assume the skb is still around after enqueueing to child (Toke Hoiland-Jorgensen) - afs: Use the operation issue time instead of the reply time for callbacks (David Howells) - rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2() (David Howells) - netfilter: nf_conntrack_irc: Fix forged IP logic (David Leadbeater) - netfilter: br_netfilter: Drop dst references before setting. (Harsh Modi) - RDMA/hns: Fix supported page size (Chengchang Tang) - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (Liang He) - RDMA/cma: Fix arguments order in net device validation (Michael Guralnik) - regulator: core: Clean up on enable failure (Andrew Halaney) - ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node (Marco Felsch) - smb3: missing inode locks in punch hole (David Howells) - scsi: lpfc: Add missing destroy_workqueue() in error path (Yang Yingliang) - scsi: mpt3sas: Fix use-after-free warning (Sreekanth Reddy) - nvmet: fix a use-after-free (Bart Van Assche) - debugfs: add debugfs_lookup_and_remove() (Greg Kroah-Hartman) - kprobes: Prohibit probes in gate area (Christian A. Ehrhardt) - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (Dongxiang Ke) - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (Pattara Teerapong) - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (Tasos Sahanidis) - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (Qu Huang) - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (Yang Yingliang) - arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level (Sudeep Holla) - parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines (Helge Deller) - parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources() (Li Qiong) - drm/radeon: add a force flush to delay work when radeon (Zhenneng Li) - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup. (Candice Li) - drm/gem: Fix GEM handle release errors (Jeffy Chen) - scsi: megaraid_sas: Fix double kfree() (Guixin Liu) - USB: serial: ch341: fix disabled rx timer on older devices (Johan Hovold) - USB: serial: ch341: fix lost character on LCR updates (Johan Hovold) - usb: dwc3: disable USB core PHY management (Johan Hovold) - usb: dwc3: fix PHY disable sequence (Johan Hovold) - btrfs: harden identification of a stale device (Anand Jain) - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (Diego Santa Cruz) - ALSA: seq: Fix data-race at module auto-loading (Takashi Iwai) - ALSA: seq: oss: Fix data-race for max_midi_devs access (Takashi Iwai) - net: mac802154: Fix a condition in the receive path (Miquel Raynal) - ip: fix triggering of 'icmp redirect' (Nicolas Dichtel) - wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected (Siddh Raman Pant) - driver core: Don't probe devices after bus_type.match() probe deferral (Isaac J. Manjarres) - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (Krishna Kurapati) - USB: core: Prevent nested device-reset calls (Alan Stern) - s390: fix nospec table alignments (Josh Poimboeuf) - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (Gerald Schaefer) - usb-storage: Add ignore-residue quirk for NXP PN7462AU (Witold Lipieta) - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (Thierry GUIBERT) - usb: dwc2: fix wrong order of phy_power_on and phy_init (Heiner Kallweit) - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (Pablo Sun) - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (Slark Xiao) - USB: serial: option: add Quectel EM060K modem (Yonglin Tan) - USB: serial: option: add support for OPPO R11 diag port (Yan Xinyu) - USB: serial: cp210x: add Decagon UCA device id (Johan Hovold) - xhci: Add grace period after xHC start to prevent premature runtime suspend. (Mathias Nyman) - thunderbolt: Use the actual buffer in tb_async_error() (Mika Westerberg) - gpio: pca953x: Add mutex_lock for regcache sync in PM (Haibo Chen) - hwmon: (gpio-fan) Fix array out of bounds access (Armin Wolf) - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (Stefan Wahren) - Input: rk805-pwrkey - fix module autoloading (Peter Robinson) - clk: core: Fix runtime PM sequence in clk_core_unprepare() (Chen-Yu Tsai) - Revert 'clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops' (Stephen Boyd) - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (Chen-Yu Tsai) - drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (Colin Ian King) - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (Johan Hovold) - binder: fix UAF of ref->proc caused by race condition (Carlos Llamas) - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (Niek Nooijens) - misc: fastrpc: fix memory corruption on open (Johan Hovold) - misc: fastrpc: fix memory corruption on probe (Johan Hovold) - iio: adc: mcp3911: use correct formula for AD conversion (Marcus Folkesson) - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (Tetsuo Handa) - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (Sherry Sun) - vt: Clear selection before changing the font (Helge Deller) - powerpc: align syscall table for ppc32 (Masahiro Yamada) - staging: rtl8712: fix use after free bugs (Dan Carpenter) - serial: fsl_lpuart: RS485 RTS polariy is inverse (Shenwei Wang) - net/smc: Remove redundant refcount increase (Yacan Liu) - Revert 'sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb' (Jakub Kicinski) - tcp: annotate data-race around challenge_timestamp (Eric Dumazet) - sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb (Toke Hoiland-Jorgensen) - kcm: fix strp_init() order and cleanup (Cong Wang) - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (Duoming Zhou) - net: sched: tbf: don't call qdisc_put() while holding tree lock (Zhengchao Shao) - Revert 'xhci: turn off port power in shutdown' (Mathias Nyman) - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (Dan Carpenter) - ieee802154/adf7242: defer destroy_workqueue call (Lin Ma) - iio: adc: mcp3911: make use of the sign bit (Marcus Folkesson) - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (Andy Shevchenko) - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (Douglas Anderson) - drm/msm/dsi: fix the inconsistent indenting (sunliming) - net: dp83822: disable false carrier interrupt (Enguerrand de Ribaucourt) - Revert 'mm: kmemleak: take a full lowmem check in kmemleak_*_phys()' (Yee Lee) - fs: only do a memory barrier for the first set_buffer_uptodate() (Linus Torvalds) - net: mvpp2: debugfs: fix memory leak when using debugfs_lookup() (Greg Kroah-Hartman) - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (Stanislaw Gruszka) - efi: capsule-loader: Fix use-after-free in efi_capsule_write (Hyunwoo Kim) - LTS tag: v5.4.212 (Sherry Yang) - net: neigh: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - net/af_packet: check len when min_header_len equals to 0 (Zhengchao Shao) - kprobes: don't call disarm_kprobe() for disabled kprobes (Kuniyuki Iwashima) - lib/vdso: Mark do_hres() and do_coarse() as __always_inline (Andrei Vagin) - lib/vdso: Let do_coarse() return 0 to simplify the callsite (Christophe Leroy) - btrfs: tree-checker: check for overlapping extent items (Josef Bacik) - netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y (Geert Uytterhoeven) - drm/amd/display: Fix pixel clock programming (Ilya Bakoulin) - s390/hypfs: avoid error message under KVM (Juergen Gross) - neigh: fix possible DoS due to net iface start/stop loop (Denis V. Lunev) - drm/amd/display: clear optc underflow before turn off odm clock (Fudong Wang) - drm/amd/display: Avoid MPC infinite loop (Josip Pavic) - btrfs: unify lookup return value when dir entry is missing (Filipe Manana) - btrfs: do not pin logs too early during renames (Filipe Manana) - btrfs: introduce btrfs_lookup_match_dir (Marcos Paulo de Souza) - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (Jann Horn) - bpf: Don't redirect packets with invalid pkt_len (Zhengchao Shao) - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (Yang Jihong) - fbdev: fb_pm2fb: Avoid potential divide by zero error (Letu Ren) - HID: hidraw: fix memory leak in hidraw_release() (Karthik Alapati) - media: pvrusb2: fix memory leak in pvr_probe (Dongliang Mu) - udmabuf: Set the DMA mask for the udmabuf device (v2) (Vivek Kasireddy) - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (Lee Jones) - Bluetooth: L2CAP: Fix build errors in some archs (Luiz Augusto von Dentz) - kbuild: Fix include path in scripts/Makefile.modpost (Jing Leng) - x86/bugs: Add 'unknown' reporting for MMIO Stale Data (Pawan Gupta) - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (Gerald Schaefer) - mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() (Jann Horn) - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (Saurabh Sengar) - perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (Stephane Eranian) - md: call __md_stop_writes in md_stop (Guoqing Jiang) - mm/hugetlb: fix hugetlb not supporting softdirty tracking (David Hildenbrand) - ACPI: processor: Remove freq Qos request for all CPUs (Riwen Lu) - s390: fix double free of GS and RI CBs on fork() failure (Brian Foster) - asm-generic: sections: refactor memory_intersects (Quanyang Wang) - loop: Check for overflow while configuring loop (Siddh Raman Pant) - x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry (Chen Zhongjin) - btrfs: check if root is readonly while setting security xattr (Goldwyn Rodrigues) - btrfs: add info when mount fails due to stale replace target (Anand Jain) - btrfs: replace: drop assert for suspended replace (Anand Jain) - btrfs: fix silent failure when deleting root reference (Filipe Manana) - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (Jacob Keller) - net: Fix a data-race around sysctl_somaxconn. (Kuniyuki Iwashima) - net: Fix a data-race around netdev_budget_usecs. (Kuniyuki Iwashima) - net: Fix a data-race around netdev_budget. (Kuniyuki Iwashima) - net: Fix a data-race around sysctl_net_busy_read. (Kuniyuki Iwashima) - net: Fix a data-race around sysctl_net_busy_poll. (Kuniyuki Iwashima) - net: Fix a data-race around sysctl_tstamp_allow_data. (Kuniyuki Iwashima) - ratelimit: Fix data-races in ___ratelimit(). (Kuniyuki Iwashima) - net: Fix data-races around netdev_tstamp_prequeue. (Kuniyuki Iwashima) - net: Fix data-races around weight_p and dev_weight_[rt]x_bias. (Kuniyuki Iwashima) - netfilter: nft_tunnel: restrict it to netdev family (Pablo Neira Ayuso) - netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families (Pablo Neira Ayuso) - netfilter: nft_payload: do not truncate csum_offset and csum_type (Pablo Neira Ayuso) - netfilter: nft_payload: report ERANGE for too long offset and length (Pablo Neira Ayuso) - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (Vikas Gupta) - net: ipvtap - add __init/__exit annotations to module init/exit funcs (Maciej zenczykowski) - bonding: 802.3ad: fix no transmission of LACPDUs (Jonathan Toppins) - net: moxa: get rid of asymmetry in DMA mapping/unmapping (Sergei Antonov) - net/mlx5e: Properly disable vlan strip on non-UL reps (Vlad Buslov) - rose: check NULL rose_loopback_neigh->loopback (Bernard Pidoux) - SUNRPC: RPC level errors should set task->tk_rpc_status (Trond Myklebust) - xfrm: fix refcount leak in __xfrm_policy_check() (Xin Xiong) - kernel/sched: Remove dl_boosted flag comment (Hui Su) - sched/deadline: Fix priority inheritance with multiple scheduling classes (Juri Lelli) - sched/deadline: Fix stale throttling on de-/boosted tasks (Lucas Stach) - sched/deadline: Unthrottle PI boosted threads while enqueuing (Daniel Bristot de Oliveira) - pinctrl: amd: Don't save/restore interrupt status and wake status bits (Basavaraj Natikar) - Revert 'selftests/bpf: Fix test_align verifier log patterns' (Jean-Philippe Brucker) - Revert 'selftests/bpf: Fix 'dubious pointer arithmetic' test' (Jean-Philippe Brucker) - usb: cdns3: Fix issue for clear halt endpoint (Pawel Laszczak) - kernel/sys_ni: add compat entry for fadvise64_64 (Randy Dunlap) - parisc: Fix exception handler for fldw and fstw instructions (Helge Deller) - audit: fix potential double free on error path from fsnotify_add_inode_mark (Gaosheng Cui) [5.4.17-2136.313.2] - ice: enable ethtool hooks for E810 firmware update (John Donnelly) [Orabug: 34077831] - ice: add ice_handle_nvm_access() (John Donnelly) [Orabug: 34077831] - rds: cong: Make rds_cong_wait an array to reduce lock contention (Hakon Bugge) [Orabug: 34574093] - rds: cong: Make rs_cong_notify and rs_cong_mask atomic64_t (Hakon Bugge) [Orabug: 34574093] - mm: memcg/slab: disable cache merging for KMALLOC_NORMAL caches (Waiman Long) [Orabug: 34601144] caches (Waiman Long) [Orabug: 34601144] - mm: memcg/slab: properly set up gfp flags for objcg pointer array (Waiman Long) [Orabug: 34601144] - mm, memcg: introduce mem_cgroup_kmem_disabled() (Roman Gushchin) [Orabug: 34601144] - mm, slab: make kmalloc_info[] contain all types of names (Pengfei Li) [Orabug: 34601144] cpus_read_lock() deadlock (Tejun Heo) [Orabug: 34639998] - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree (Tejun Heo) [Orabug: 34639998] - cgroup: Optimize single thread migration (Michal Koutny) [Orabug: 34639998] - Revert 'cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()' (Imran Khan) [Orabug: 34639998] cpus_read_lock() deadlock' (Imran Khan) [Orabug: 34639998] - x86/MCE/AMD, EDAC/mce_amd: Support non-uniform MCA bank type enumeration (Yazen Ghannam) [Orabug: 34639981] - x86/MCE/AMD, EDAC/mce_amd: Add new SMCA bank types (Yazen Ghannam) [Orabug: 34639981] - x86/MCE/AMD, EDAC/mce_amd: Add new SMCA bank types (Muralidhara M K) [Orabug: 34639981] - x86/mce: Increase maximum number of banks to 64 (Akshay Gupta) [Orabug: 34639981] - x86/MCE/AMD, EDAC/amd64: Move address translation to AMD64 EDAC (Yazen Ghannam) [Orabug: 34639981] - x86/MCE/AMD: Export smca_get_bank_type symbol (Mukul Joshi) [Orabug: 34639981] - EDAC/amd64: Add support for AMD Family 19h Models 10h-1Fh and A0h-AFh (Yazen Ghannam) [Orabug: 34639981] - EDAC/amd64: Set proper family type for Family 19h Models 20h-2Fh (Yazen Ghannam) [Orabug: 34639981] - EDAC: Add RDDR5 and LRDDR5 memory types (Yazen Ghannam) [Orabug: 34639981] - hwmon: (k10temp) Support up to 12 CCDs on AMD Family of processors (Babu Moger) [Orabug: 34639981] - hwmon: (k10temp) Add support for AMD Family 19h Models 10h-1Fh and A0h-AFh (Babu Moger) [Orabug: 34639981] - x86/amd_nb: Add AMD Family 19h Models (10h-1Fh) and (A0h-AFh) PCI IDs (Yazen Ghannam) [Orabug: 34639981] - hwmon: (k10temp) Remove unused definitions (Babu Moger) [Orabug: 34639981] - hwmon: (k10temp) Remove residues of current and voltage (suma hegde) [Orabug: 34639981] - hwmon: (k10temp) Add support for yellow carp (Mario Limonciello) [Orabug: 34639981] - hwmon: (k10temp) Rework the temperature offset calculation (Mario Limonciello) [Orabug: 34639981] - hwmon: (k10temp) Don't show Tdie for all Zen/Zen2/Zen3 CPU/APU (Mario Limonciello) [Orabug: 34639981] - hwmon: (k10temp) Add additional missing Zen2 and Zen3 APUs (Mario Limonciello) [Orabug: 34639981] - hwmon: (k10temp) support Zen3 APUs (David Bartley) [Orabug: 34639981] - x86/amd_nb: Add AMD family 19h model 50h PCI ids (David Bartley) [Orabug: 34639981] - hwmon: (k10temp) Zen3 Ryzen Desktop CPUs support (Gabriel Craciunescu) [Orabug: 34639981] - hwmon: (k10temp) Remove support for displaying voltage and current on Zen CPUs (Guenter Roeck) [Orabug: 34639981] - hwmon: (k10temp) Add support for Zen3 CPUs (Wei Huang) [Orabug: 34639981] - hwmon: (k10temp) Take out debugfs code (Guenter Roeck) [Orabug: 34639981] - hwmon: (k10temp) Define SVI telemetry and current factors for Zen2 CPUs (Wei Huang) [Orabug: 34639981] - hwmon: (k10temp) Create common functions and macros for Zen CPU families (Wei Huang) [Orabug: 34639981] - hwmon: (k10temp) make some symbols static (Jason Yan) [Orabug: 34639981] - hwmon: (k10temp) Reorganize and simplify temperature support detection (Guenter Roeck) [Orabug: 34639981] - Revert 'hwmon: (k10temp) Add support for Zen3 CPUs' (Dave Kleikamp) [Orabug: 34639981] - uek-rpm: add missing nft_chain_nat.ko module (Venkat Venkatsubra) [Orabug: 34639977] - random: Fix incorrect type for 'rc' variable (Harshit Mogalapalli) [Orabug: 34639972] - hwmon: (opbmc) Add support for AST2600 based Pilot (Jan Zdarek) [Orabug: 34639967] - KVM: SVM: Clear the CR4 register on reset (Babu Moger) [Orabug: 34639963] - x86,swiotlb: Adjust SWIOTLB bounce buffer size for SEV guests (Ashish Kalra) [Orabug: 34639951] - netfilter: ebtables: reject blobs that don't provide all entry points (Florian Westphal) [Orabug: 34610051] - uek-rpm: Disable CONFIG_CRYPTO_STREEBOG (Victor Erminpour) [Orabug: 34610044] - uek-rpm: Disable CONFIG_CRYPTO_SM3 (Victor Erminpour) [Orabug: 34610044] - uek-rpm: Disable CONFIG_CRYPTO_SM4 (Victor Erminpour) [Orabug: 34610044] - uek-rpm: Add nftables support T93 and Ortano (Henry Willard) [Orabug: 34610035] - af_key: Do not call xfrm_probe_algs in parallel (Herbert Xu) [Orabug: 34610032] {CVE-2022-3028} - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (Tetsuo Handa) [Orabug: 34610025] cpus_read_lock() deadlock (Tejun Heo) [Orabug: 34610025] - audit: use extern storage class for audit_filter_syscall() (Ankur Arora) [Orabug: 34586449] - audit: annotate branch direction for audit_in_mask() (Ankur Arora) [Orabug: 34586449] - audit: cache ctx->major in audit_filter_syscall() (Ankur Arora) [Orabug: 34586449] [5.4.17-2136.313.1] - video: vga16fb: Only probe for EGA and VGA 16 color graphic cards (Javier Martinez Canillas) [Orabug: 32301403] - KVM: arm: vgic: Only use the virtual state when userspace accesses enable bits (Marc Zyngier) [Orabug: 34542967] - uek-rpm: mips: enable CRYTPTO_USER config options (Dave Kleikamp) [Orabug: 34557309] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3028 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:8::developer_UEKR6 cpe:/a:oracle:linux:7::developer_UEKR6 cpe:/o:oracle:linux:8:6:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.313.6] - Uninitialized variable image_ext in fixup_vdso_exception of extable.c (Alok Tiwari) [Orabug: 33000550] - NFSD: fix use-after-free on source server when doing inter-server copy (Dai Ngo) [Orabug: 34475857] - EDAC/mce_amd: Do not load edac_mce_amd module on guests (Smita Koralahalli) [Orabug: 34484268] - uek: kabi: update kABI files for new symbol (Saeed Mirzamohammadi) [Orabug: 34595589] - RDS/IB Fix allocation warning (Hans Westgaard Ry) [Orabug: 34684322] - uek-rpm: Add support for building a kdump kernel on MIPS64 (Dave Kleikamp) [Orabug: 34696261] - hwmon: (opbmc) AST2600 SP reset driver adjustment (Jan Zdarek) [Orabug: 34710682] - hwmon: (opbmc) Driver message prefixes (Jan Zdarek) [Orabug: 34710682] - Revert 'fs: check FMODE_LSEEK to control internal pipe splicing' (Saeed Mirzamohammadi) [Orabug: 34724694] - Revert 'sched/deadline: Fix priority inheritance with multiple scheduling classes' (Sherry Yang) [Orabug: 34700434] [5.4.17-2136.313.5] - IB/mlx5: Move to fully dynamic UAR mode once user space supports it (Yishai Hadas) [Orabug: 34430072] - IB/mlx5: Extend QP creation to get uar page index from user space (Yishai Hadas) [Orabug: 34430072] - IB/mlx5: Extend CQ creation to get uar page index from user space (Yishai Hadas) [Orabug: 34430072] - IB/mlx5: Expose UAR object and its alloc/destroy commands (Yishai Hadas) [Orabug: 34430072] - IB/mlx5: Generally use the WC auto detection test result (Yishai Hadas) [Orabug: 34430072] - RDMA/mlx5: Use offsetofend() instead of duplicated variant (Leon Romanovsky) [Orabug: 34430072] - RDMA/mlx5: Remove duplicate definitions of SW_ICM macros (Erez Shitrit) [Orabug: 34430072] - IB/mlx5: Introduce UAPIs to manage packet pacing (Yishai Hadas) [Orabug: 34430072] - RDMA/mlx5: Prevent overflow in mmap offset calculations (Leon Romanovsky) [Orabug: 34430072] - RDMA/core: Make the entire API tree static (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Ensure that rdma_user_mmap_entry_remove() is a fence (Jason Gunthorpe) [Orabug: 34430072] - RDMA/mlx5: Set relaxed ordering when requested (Michael Guralnik) [Orabug: 34430072] - RDMA/core: Add the core support field to METHOD_GET_CONTEXT (Michael Guralnik) [Orabug: 34430072] - RDMA/uverbs: Add new relaxed ordering memory region access flag (Michael Guralnik) [Orabug: 34430072] - RDMA/core: Add optional access flags range (Michael Guralnik) [Orabug: 34430072] - RDMA/uverbs: Add ioctl command to get a device context (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Remove ucontext_lock from the uverbs_destry_ufile_hw() path (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Add UVERBS_METHOD_ASYNC_EVENT_ALLOC (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Use READ_ONCE for ib_ufile.async_file (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Make ib_uverbs_async_event_file into a uobject (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Remove the ufile arg from rdma_alloc_begin_uobject (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Simplify type usage for ib_uverbs_async_handler() (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Do not erase the type of ib_wq.uobject (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Do not erase the type of ib_qp.uobject (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Do not erase the type of ib_cq.uobject (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Make ib_ucq_object use ib_uevent_object (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Do not allow alloc_commit to fail (Jason Gunthorpe) [Orabug: 34430072] - RDMA/mlx5: Simplify devx async commands (Jason Gunthorpe) [Orabug: 34430072] - RDMA/core: Simplify destruction of FD uobjects (Jason Gunthorpe) [Orabug: 34430072] - RDMA/mlx5: Use RCU and direct refcounts to keep memory alive (Jason Gunthorpe) [Orabug: 34430072] - IB/mlx5: Add mmap support for VAR (Yishai Hadas) [Orabug: 34430072] - IB/mlx5: Introduce VAR object and its alloc/destroy methods (Yishai Hadas) [Orabug: 34430072] - IB/mlx5: Extend caps stage to handle VAR capabilities (Yishai Hadas) [Orabug: 34430072] - IB/mlx5: Fix device memory flows (Yishai Hadas) [Orabug: 34430072] - IB/core: Introduce rdma_user_mmap_entry_insert_range() API (Yishai Hadas) [Orabug: 34430072] - IB/mlx5: Support flow counters offset for bulk counters (Yevgeny Kliteynik) [Orabug: 34430072] - IB/mlx5: Rename profile and init methods (Michael Guralnik) [Orabug: 34430072] - RDMA: Connect between the mmap entry and the umap_priv structure (Michal Kalderon) [Orabug: 34430072] - RDMA/core: Create mmap database and cookie helper functions (Michal Kalderon) [Orabug: 34430072] - RDMA/core: Move core content from ib_uverbs to ib_core (Michal Kalderon) [Orabug: 34430072] - IB/mlx5: Test write combining support (Michael Guralnik) [Orabug: 34430072] - IB/mlx5: Align usage of QP1 create flags with rest of mlx5 defines (Michael Guralnik) [Orabug: 34430072] - IB/mlx5: Introduce and use mkey context setting helper routine (Parav Pandit) [Orabug: 34430072] - net/rds: Send congestion map updates only via path zero (Anand Khoje) [Orabug: 34578051] - Revert 'RDS/IB: Fix RDS IB SRQ implementation and tune it' (Hans Westgaard Ry) [Orabug: 34662431] - net: vlan: Avoid using BUG() in vlan_proto_idx() (Florian Fainelli) [Orabug: 34672449] - KVM: x86: drop superfluous mmu_check_root() from fast_pgd_switch() (Vitaly Kuznetsov) [Orabug: 34679770] - KVM: SVM: Update cr3_lm_rsvd_bits for AMD SEV guests (Babu Moger) [Orabug: 34679770] - KVM: x86: Invoke vendor's vcpu_after_set_cpuid() after all common updates (Sean Christopherson) [Orabug: 34679770] - KVM: x86: Move kvm_x86_ops.vcpu_after_set_cpuid() into kvm_vcpu_after_set_cpuid() (Xiaoyao Li) [Orabug: 34679770] - KVM: x86: Rename cpuid_update() callback to vcpu_after_set_cpuid() (Xiaoyao Li) [Orabug: 34679770] - RDMA/cma: Use output interface for net_dev check (Hakon Bugge) [Orabug: 34694980] [5.4.17-2136.313.4] - arm64: pensando: Suppress tree-loop-distribute-patterns optimization (Henry Willard) [Orabug: 34634974] - uek-rpm: Disable floppy related configs (Saeed Mirzamohammadi) [Orabug: 34644240] - ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (Dave Hansen) [Orabug: 34671342] [5.4.17-2136.313.3] - Revert 'net: mvpp2: debugfs: fix memory leak when using debugfs_lookup()' (Sasha Levin) - USB: core: Fix RST error in hub.c (Alan Stern) - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (Tetsuo Handa) - parisc: ccio-dma: Add missing iounmap in error path in ccio_probe() (Yang Yingliang) - LTS tag: v5.4.213 (Sherry Yang) - MIPS: loongson32: ls1c: Fix hang during startup (Yang Ling) - x86/nospec: Fix i386 RSB stuffing (Peter Zijlstra) - sch_sfb: Also store skb len before calling child enqueue (Toke Hoiland-Jorgensen) - tcp: fix early ETIMEDOUT after spurious non-SACK RTO (Neal Cardwell) - nvme-tcp: fix UAF when detecting digest errors (Sagi Grimberg) - RDMA/mlx5: Set local port to one when accessing counters (Chris Mi) - ipv6: sr: fix out-of-bounds read when setting HMAC data. (David Lebrun) - RDMA/siw: Pass a pointer to virt_to_page() (Linus Walleij) - i40e: Fix kernel crash during module removal (Ivan Vecera) - tipc: fix shift wrapping bug in map_get() (Dan Carpenter) - sch_sfb: Don't assume the skb is still around after enqueueing to child (Toke Hoiland-Jorgensen) - afs: Use the operation issue time instead of the reply time for callbacks (David Howells) - rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2() (David Howells) - netfilter: nf_conntrack_irc: Fix forged IP logic (David Leadbeater) - netfilter: br_netfilter: Drop dst references before setting. (Harsh Modi) - RDMA/hns: Fix supported page size (Chengchang Tang) - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (Liang He) - RDMA/cma: Fix arguments order in net device validation (Michael Guralnik) - regulator: core: Clean up on enable failure (Andrew Halaney) - ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node (Marco Felsch) - smb3: missing inode locks in punch hole (David Howells) - scsi: lpfc: Add missing destroy_workqueue() in error path (Yang Yingliang) - scsi: mpt3sas: Fix use-after-free warning (Sreekanth Reddy) - nvmet: fix a use-after-free (Bart Van Assche) - debugfs: add debugfs_lookup_and_remove() (Greg Kroah-Hartman) - kprobes: Prohibit probes in gate area (Christian A. Ehrhardt) - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (Dongxiang Ke) - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (Pattara Teerapong) - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (Tasos Sahanidis) - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (Qu Huang) - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (Yang Yingliang) - arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level (Sudeep Holla) - parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines (Helge Deller) - parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources() (Li Qiong) - drm/radeon: add a force flush to delay work when radeon (Zhenneng Li) - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup. (Candice Li) - drm/gem: Fix GEM handle release errors (Jeffy Chen) - scsi: megaraid_sas: Fix double kfree() (Guixin Liu) - USB: serial: ch341: fix disabled rx timer on older devices (Johan Hovold) - USB: serial: ch341: fix lost character on LCR updates (Johan Hovold) - usb: dwc3: disable USB core PHY management (Johan Hovold) - usb: dwc3: fix PHY disable sequence (Johan Hovold) - btrfs: harden identification of a stale device (Anand Jain) - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (Diego Santa Cruz) - ALSA: seq: Fix data-race at module auto-loading (Takashi Iwai) - ALSA: seq: oss: Fix data-race for max_midi_devs access (Takashi Iwai) - net: mac802154: Fix a condition in the receive path (Miquel Raynal) - ip: fix triggering of 'icmp redirect' (Nicolas Dichtel) - wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected (Siddh Raman Pant) - driver core: Don't probe devices after bus_type.match() probe deferral (Isaac J. Manjarres) - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (Krishna Kurapati) - USB: core: Prevent nested device-reset calls (Alan Stern) - s390: fix nospec table alignments (Josh Poimboeuf) - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (Gerald Schaefer) - usb-storage: Add ignore-residue quirk for NXP PN7462AU (Witold Lipieta) - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (Thierry GUIBERT) - usb: dwc2: fix wrong order of phy_power_on and phy_init (Heiner Kallweit) - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (Pablo Sun) - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (Slark Xiao) - USB: serial: option: add Quectel EM060K modem (Yonglin Tan) - USB: serial: option: add support for OPPO R11 diag port (Yan Xinyu) - USB: serial: cp210x: add Decagon UCA device id (Johan Hovold) - xhci: Add grace period after xHC start to prevent premature runtime suspend. (Mathias Nyman) - thunderbolt: Use the actual buffer in tb_async_error() (Mika Westerberg) - gpio: pca953x: Add mutex_lock for regcache sync in PM (Haibo Chen) - hwmon: (gpio-fan) Fix array out of bounds access (Armin Wolf) - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (Stefan Wahren) - Input: rk805-pwrkey - fix module autoloading (Peter Robinson) - clk: core: Fix runtime PM sequence in clk_core_unprepare() (Chen-Yu Tsai) - Revert 'clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops' (Stephen Boyd) - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (Chen-Yu Tsai) - drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (Colin Ian King) - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (Johan Hovold) - binder: fix UAF of ref->proc caused by race condition (Carlos Llamas) - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (Niek Nooijens) - misc: fastrpc: fix memory corruption on open (Johan Hovold) - misc: fastrpc: fix memory corruption on probe (Johan Hovold) - iio: adc: mcp3911: use correct formula for AD conversion (Marcus Folkesson) - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (Tetsuo Handa) - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (Sherry Sun) - vt: Clear selection before changing the font (Helge Deller) - powerpc: align syscall table for ppc32 (Masahiro Yamada) - staging: rtl8712: fix use after free bugs (Dan Carpenter) - serial: fsl_lpuart: RS485 RTS polariy is inverse (Shenwei Wang) - net/smc: Remove redundant refcount increase (Yacan Liu) - Revert 'sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb' (Jakub Kicinski) - tcp: annotate data-race around challenge_timestamp (Eric Dumazet) - sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb (Toke Hoiland-Jorgensen) - kcm: fix strp_init() order and cleanup (Cong Wang) - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (Duoming Zhou) - net: sched: tbf: don't call qdisc_put() while holding tree lock (Zhengchao Shao) - Revert 'xhci: turn off port power in shutdown' (Mathias Nyman) - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (Dan Carpenter) - ieee802154/adf7242: defer destroy_workqueue call (Lin Ma) - iio: adc: mcp3911: make use of the sign bit (Marcus Folkesson) - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (Andy Shevchenko) - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (Douglas Anderson) - drm/msm/dsi: fix the inconsistent indenting (sunliming) - net: dp83822: disable false carrier interrupt (Enguerrand de Ribaucourt) - Revert 'mm: kmemleak: take a full lowmem check in kmemleak_*_phys()' (Yee Lee) - fs: only do a memory barrier for the first set_buffer_uptodate() (Linus Torvalds) - net: mvpp2: debugfs: fix memory leak when using debugfs_lookup() (Greg Kroah-Hartman) - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (Stanislaw Gruszka) - efi: capsule-loader: Fix use-after-free in efi_capsule_write (Hyunwoo Kim) - LTS tag: v5.4.212 (Sherry Yang) - net: neigh: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - net/af_packet: check len when min_header_len equals to 0 (Zhengchao Shao) - kprobes: don't call disarm_kprobe() for disabled kprobes (Kuniyuki Iwashima) - lib/vdso: Mark do_hres() and do_coarse() as __always_inline (Andrei Vagin) - lib/vdso: Let do_coarse() return 0 to simplify the callsite (Christophe Leroy) - btrfs: tree-checker: check for overlapping extent items (Josef Bacik) - netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y (Geert Uytterhoeven) - drm/amd/display: Fix pixel clock programming (Ilya Bakoulin) - s390/hypfs: avoid error message under KVM (Juergen Gross) - neigh: fix possible DoS due to net iface start/stop loop (Denis V. Lunev) - drm/amd/display: clear optc underflow before turn off odm clock (Fudong Wang) - drm/amd/display: Avoid MPC infinite loop (Josip Pavic) - btrfs: unify lookup return value when dir entry is missing (Filipe Manana) - btrfs: do not pin logs too early during renames (Filipe Manana) - btrfs: introduce btrfs_lookup_match_dir (Marcos Paulo de Souza) - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (Jann Horn) - bpf: Don't redirect packets with invalid pkt_len (Zhengchao Shao) - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (Yang Jihong) - fbdev: fb_pm2fb: Avoid potential divide by zero error (Letu Ren) - HID: hidraw: fix memory leak in hidraw_release() (Karthik Alapati) - media: pvrusb2: fix memory leak in pvr_probe (Dongliang Mu) - udmabuf: Set the DMA mask for the udmabuf device (v2) (Vivek Kasireddy) - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (Lee Jones) - Bluetooth: L2CAP: Fix build errors in some archs (Luiz Augusto von Dentz) - kbuild: Fix include path in scripts/Makefile.modpost (Jing Leng) - x86/bugs: Add 'unknown' reporting for MMIO Stale Data (Pawan Gupta) - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (Gerald Schaefer) - mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() (Jann Horn) - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (Saurabh Sengar) - perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (Stephane Eranian) - md: call __md_stop_writes in md_stop (Guoqing Jiang) - mm/hugetlb: fix hugetlb not supporting softdirty tracking (David Hildenbrand) - ACPI: processor: Remove freq Qos request for all CPUs (Riwen Lu) - s390: fix double free of GS and RI CBs on fork() failure (Brian Foster) - asm-generic: sections: refactor memory_intersects (Quanyang Wang) - loop: Check for overflow while configuring loop (Siddh Raman Pant) - x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry (Chen Zhongjin) - btrfs: check if root is readonly while setting security xattr (Goldwyn Rodrigues) - btrfs: add info when mount fails due to stale replace target (Anand Jain) - btrfs: replace: drop assert for suspended replace (Anand Jain) - btrfs: fix silent failure when deleting root reference (Filipe Manana) - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (Jacob Keller) - net: Fix a data-race around sysctl_somaxconn. (Kuniyuki Iwashima) - net: Fix a data-race around netdev_budget_usecs. (Kuniyuki Iwashima) - net: Fix a data-race around netdev_budget. (Kuniyuki Iwashima) - net: Fix a data-race around sysctl_net_busy_read. (Kuniyuki Iwashima) - net: Fix a data-race around sysctl_net_busy_poll. (Kuniyuki Iwashima) - net: Fix a data-race around sysctl_tstamp_allow_data. (Kuniyuki Iwashima) - ratelimit: Fix data-races in ___ratelimit(). (Kuniyuki Iwashima) - net: Fix data-races around netdev_tstamp_prequeue. (Kuniyuki Iwashima) - net: Fix data-races around weight_p and dev_weight_[rt]x_bias. (Kuniyuki Iwashima) - netfilter: nft_tunnel: restrict it to netdev family (Pablo Neira Ayuso) - netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families (Pablo Neira Ayuso) - netfilter: nft_payload: do not truncate csum_offset and csum_type (Pablo Neira Ayuso) - netfilter: nft_payload: report ERANGE for too long offset and length (Pablo Neira Ayuso) - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (Vikas Gupta) - net: ipvtap - add __init/__exit annotations to module init/exit funcs (Maciej zenczykowski) - bonding: 802.3ad: fix no transmission of LACPDUs (Jonathan Toppins) - net: moxa: get rid of asymmetry in DMA mapping/unmapping (Sergei Antonov) - net/mlx5e: Properly disable vlan strip on non-UL reps (Vlad Buslov) - rose: check NULL rose_loopback_neigh->loopback (Bernard Pidoux) - SUNRPC: RPC level errors should set task->tk_rpc_status (Trond Myklebust) - xfrm: fix refcount leak in __xfrm_policy_check() (Xin Xiong) - kernel/sched: Remove dl_boosted flag comment (Hui Su) - sched/deadline: Fix priority inheritance with multiple scheduling classes (Juri Lelli) - sched/deadline: Fix stale throttling on de-/boosted tasks (Lucas Stach) - sched/deadline: Unthrottle PI boosted threads while enqueuing (Daniel Bristot de Oliveira) - pinctrl: amd: Don't save/restore interrupt status and wake status bits (Basavaraj Natikar) - Revert 'selftests/bpf: Fix test_align verifier log patterns' (Jean-Philippe Brucker) - Revert 'selftests/bpf: Fix 'dubious pointer arithmetic' test' (Jean-Philippe Brucker) - usb: cdns3: Fix issue for clear halt endpoint (Pawel Laszczak) - kernel/sys_ni: add compat entry for fadvise64_64 (Randy Dunlap) - parisc: Fix exception handler for fldw and fstw instructions (Helge Deller) - audit: fix potential double free on error path from fsnotify_add_inode_mark (Gaosheng Cui) [5.4.17-2136.313.2] - ice: enable ethtool hooks for E810 firmware update (John Donnelly) [Orabug: 34077831] - ice: add ice_handle_nvm_access() (John Donnelly) [Orabug: 34077831] - rds: cong: Make rds_cong_wait an array to reduce lock contention (Hakon Bugge) [Orabug: 34574093] - rds: cong: Make rs_cong_notify and rs_cong_mask atomic64_t (Hakon Bugge) [Orabug: 34574093] - mm: memcg/slab: disable cache merging for KMALLOC_NORMAL caches (Waiman Long) [Orabug: 34601144] caches (Waiman Long) [Orabug: 34601144] - mm: memcg/slab: properly set up gfp flags for objcg pointer array (Waiman Long) [Orabug: 34601144] - mm, memcg: introduce mem_cgroup_kmem_disabled() (Roman Gushchin) [Orabug: 34601144] - mm, slab: make kmalloc_info[] contain all types of names (Pengfei Li) [Orabug: 34601144] cpus_read_lock() deadlock (Tejun Heo) [Orabug: 34639998] - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree (Tejun Heo) [Orabug: 34639998] - cgroup: Optimize single thread migration (Michal Koutny) [Orabug: 34639998] - Revert 'cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()' (Imran Khan) [Orabug: 34639998] cpus_read_lock() deadlock' (Imran Khan) [Orabug: 34639998] - x86/MCE/AMD, EDAC/mce_amd: Support non-uniform MCA bank type enumeration (Yazen Ghannam) [Orabug: 34639981] - x86/MCE/AMD, EDAC/mce_amd: Add new SMCA bank types (Yazen Ghannam) [Orabug: 34639981] - x86/MCE/AMD, EDAC/mce_amd: Add new SMCA bank types (Muralidhara M K) [Orabug: 34639981] - x86/mce: Increase maximum number of banks to 64 (Akshay Gupta) [Orabug: 34639981] - x86/MCE/AMD, EDAC/amd64: Move address translation to AMD64 EDAC (Yazen Ghannam) [Orabug: 34639981] - x86/MCE/AMD: Export smca_get_bank_type symbol (Mukul Joshi) [Orabug: 34639981] - EDAC/amd64: Add support for AMD Family 19h Models 10h-1Fh and A0h-AFh (Yazen Ghannam) [Orabug: 34639981] - EDAC/amd64: Set proper family type for Family 19h Models 20h-2Fh (Yazen Ghannam) [Orabug: 34639981] - EDAC: Add RDDR5 and LRDDR5 memory types (Yazen Ghannam) [Orabug: 34639981] - hwmon: (k10temp) Support up to 12 CCDs on AMD Family of processors (Babu Moger) [Orabug: 34639981] - hwmon: (k10temp) Add support for AMD Family 19h Models 10h-1Fh and A0h-AFh (Babu Moger) [Orabug: 34639981] - x86/amd_nb: Add AMD Family 19h Models (10h-1Fh) and (A0h-AFh) PCI IDs (Yazen Ghannam) [Orabug: 34639981] - hwmon: (k10temp) Remove unused definitions (Babu Moger) [Orabug: 34639981] - hwmon: (k10temp) Remove residues of current and voltage (suma hegde) [Orabug: 34639981] - hwmon: (k10temp) Add support for yellow carp (Mario Limonciello) [Orabug: 34639981] - hwmon: (k10temp) Rework the temperature offset calculation (Mario Limonciello) [Orabug: 34639981] - hwmon: (k10temp) Don't show Tdie for all Zen/Zen2/Zen3 CPU/APU (Mario Limonciello) [Orabug: 34639981] - hwmon: (k10temp) Add additional missing Zen2 and Zen3 APUs (Mario Limonciello) [Orabug: 34639981] - hwmon: (k10temp) support Zen3 APUs (David Bartley) [Orabug: 34639981] - x86/amd_nb: Add AMD family 19h model 50h PCI ids (David Bartley) [Orabug: 34639981] - hwmon: (k10temp) Zen3 Ryzen Desktop CPUs support (Gabriel Craciunescu) [Orabug: 34639981] - hwmon: (k10temp) Remove support for displaying voltage and current on Zen CPUs (Guenter Roeck) [Orabug: 34639981] - hwmon: (k10temp) Add support for Zen3 CPUs (Wei Huang) [Orabug: 34639981] - hwmon: (k10temp) Take out debugfs code (Guenter Roeck) [Orabug: 34639981] - hwmon: (k10temp) Define SVI telemetry and current factors for Zen2 CPUs (Wei Huang) [Orabug: 34639981] - hwmon: (k10temp) Create common functions and macros for Zen CPU families (Wei Huang) [Orabug: 34639981] - hwmon: (k10temp) make some symbols static (Jason Yan) [Orabug: 34639981] - hwmon: (k10temp) Reorganize and simplify temperature support detection (Guenter Roeck) [Orabug: 34639981] - Revert 'hwmon: (k10temp) Add support for Zen3 CPUs' (Dave Kleikamp) [Orabug: 34639981] - uek-rpm: add missing nft_chain_nat.ko module (Venkat Venkatsubra) [Orabug: 34639977] - random: Fix incorrect type for 'rc' variable (Harshit Mogalapalli) [Orabug: 34639972] - hwmon: (opbmc) Add support for AST2600 based Pilot (Jan Zdarek) [Orabug: 34639967] - KVM: SVM: Clear the CR4 register on reset (Babu Moger) [Orabug: 34639963] - x86,swiotlb: Adjust SWIOTLB bounce buffer size for SEV guests (Ashish Kalra) [Orabug: 34639951] - netfilter: ebtables: reject blobs that don't provide all entry points (Florian Westphal) [Orabug: 34610051] - uek-rpm: Disable CONFIG_CRYPTO_STREEBOG (Victor Erminpour) [Orabug: 34610044] - uek-rpm: Disable CONFIG_CRYPTO_SM3 (Victor Erminpour) [Orabug: 34610044] - uek-rpm: Disable CONFIG_CRYPTO_SM4 (Victor Erminpour) [Orabug: 34610044] - uek-rpm: Add nftables support T93 and Ortano (Henry Willard) [Orabug: 34610035] - af_key: Do not call xfrm_probe_algs in parallel (Herbert Xu) [Orabug: 34610032] {CVE-2022-3028} - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (Tetsuo Handa) [Orabug: 34610025] cpus_read_lock() deadlock (Tejun Heo) [Orabug: 34610025] - audit: use extern storage class for audit_filter_syscall() (Ankur Arora) [Orabug: 34586449] - audit: annotate branch direction for audit_in_mask() (Ankur Arora) [Orabug: 34586449] - audit: cache ctx->major in audit_filter_syscall() (Ankur Arora) [Orabug: 34586449] [5.4.17-2136.313.1] - video: vga16fb: Only probe for EGA and VGA 16 color graphic cards (Javier Martinez Canillas) [Orabug: 32301403] - KVM: arm: vgic: Only use the virtual state when userspace accesses enable bits (Marc Zyngier) [Orabug: 34542967] - uek-rpm: mips: enable CRYTPTO_USER config options (Dave Kleikamp) [Orabug: 34557309] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3028 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6